CloudEngine 6800&5800 V100R001C00 Configuration Guide - IP Routing 04.pdf

CloudEngine 6800&5800 Series SwitchesV100R001C00

Configuration Guide - IP Routing

Issue 04

Date 2013-07-10

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2013. All rights reserved.No part of this document may be reproduced or transmitted in any form or by any means without prior writtenconsent of Huawei Technologies Co., Ltd. Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respective holders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei and thecustomer. All or part of the products, services and features described in this document may not be within thepurchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,and recommendations in this document are provided "AS IS" without warranties, guarantees or representationsof any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.Address: Huawei Industrial Base

Bantian, LonggangShenzhen 518129People's Republic of China

Website: http://enterprise.huawei.com

Issue 04 (2013-07-10) Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

i

http://enterprise.huawei.com

About This Document

Intended AudienceThis document provides the basic concepts, configuration procedures, and configurationexamples for different application scenarios of the CE series switches, Topics covered includestatic routes, routing protocols (RIP, BGP,OSPF, and IS-IS), and routing policies.

This document is intended for:

l Data configuration engineersl Commissioning engineersl Network monitoring engineersl System maintenance engineers

Symbol ConventionsThe symbols that may be found in this document are defined as follows.

Symbol Description

DANGERIndicates a hazard with a high level or medium level of riskwhich, if not avoided, could result in death or serious injury.

WARNINGIndicates a hazard with a low level of risk which, if notavoided, could result in minor or moderate injury.

CAUTIONIndicates a potentially hazardous situation that, if notavoided, could result in equipment damage, data loss,performance deterioration, or unanticipated results.

TIP Provides a tip that may help you solve a problem or save time.

NOTE Provides additional information to emphasize or supplementimportant points in the main text.

CloudEngine 6800&5800 Series SwitchesConfiguration Guide - IP Routing About This Document


ii

Command ConventionsThe command conventions that may be found in this document are defined as follows.

Convention Description

Boldface The keywords of a command line are in boldface.

Italic Command arguments are in italics.

[ ] Items (keywords or arguments) in brackets [ ] are optional.

{ x | y | ... } Optional items are grouped in braces and separated byvertical bars. One item is selected.

[ x | y | ... ] Optional items are grouped in brackets and separated byvertical bars. One item is selected or no item is selected.

{ x | y | ... }* Optional items are grouped in braces and separated byvertical bars. A minimum of one item or a maximum of allitems can be selected.

[ x | y | ... ]* Optional items are grouped in brackets and separated byvertical bars. You can select one or several items, or selectno item.

&<1-n> The parameter before the & sign can be repeated 1 to n times.

# A line starting with the # sign is comments.

Interface Numbering ConventionsInterface numbers used in this manual are examples. In device configuration, use the existinginterface numbers on devices.

Change HistoryUpdates between document issues are cumulative. Therefore, the latest document issue containsall updates made in previous issues.

Changes in Issue 04 (2013-07-10)This version has the following updates:

The following information is modified:

l 5.15.4 Example for Configuring IS-IS Auto FRRl 5.15.2 Example for Configuring IS-IS DIS Electionl 4.19.5 Example for Configuring Load Balancing Among OSPF Routesl 6.2 BGP Features Supported by the Device



iii

l 2.9.4 Example for Configuring FRR for IPv4 Static Routes on the Public Networkl 2.8 Associating IPv4 Static Routes with NQAl 5.6.3 Configuring Principles for Using Equal-Cost IS-IS Routesl 4.9.4 Configuring External Route Selection Rules Compatible with RFC 1583



l 8.3.1 Example for Configuring an MCE Devicel 3.14.3 Example for Configuring Dynamic BFD for RIP



l 4.8 Configuring OSPF NSSA Areas

Changes in Issue 01 (2012-12-31)Initial commercial release.



iv

Contents

About This Document.....................................................................................................................ii

1 IP Routing Basic Configuration..................................................................................................11.1 Displaying and Maintaining a Routing Table.................................................................................................................21.2 Configuring IPv4 FRR....................................................................................................................................................21.3 Configuring the ECMP Load Balancing Mode..............................................................................................................31.4 Configuration Examples.................................................................................................................................................41.4.1 Example for Configuring IPv4 FRR on the Public Network.......................................................................................4

2 Static Route Configuration........................................................................................................112.1 Static Route Overview..................................................................................................................................................132.2 Static Route Features Supported by the Device...........................................................................................................132.3 Default Configuration of Static Routes........................................................................................................................142.4 Configuring IPv4 Static Routes....................................................................................................................................142.4.1 Creating IPv4 Static Routes.......................................................................................................................................142.4.2 (Optional) Setting the Default Preference for IPv4 Static Routes.............................................................................152.4.3 (Optional) Configuring Static Route Selection Based on Iteration Depth................................................................162.4.4 Checking the Configuration.......................................................................................................................................172.5 Configuring Dynamic BFD for IPv4 Static Routes......................................................................................................172.6 Configuring Static BFD for IPv4 Static Routes...........................................................................................................182.7 Configuring FRR for IPv4 Static Routes......................................................................................................................192.8 Associating IPv4 Static Routes with NQA...................................................................................................................202.9 Configuration Examples...............................................................................................................................................222.9.1 Example for Configuring IPv4 Static Routes............................................................................................................222.9.2 Example for Configuring Dynamic BFD for IPv4 Static Routes..............................................................................262.9.3 Example for Configuring Static BFD for IPv4 Static Routes...................................................................................292.9.4 Example for Configuring FRR for IPv4 Static Routes on the Public Network.........................................................312.9.5 Example for Configuring NQA for IPv4 Static Routes.............................................................................................36

3 RIP Configuration.......................................................................................................................443.1 RIP Overview...............................................................................................................................................................463.2 RIP Features Supported by the Device.........................................................................................................................463.3 Default Configuration...................................................................................................................................................473.4 Configuring Basic RIP Functions.................................................................................................................................473.4.1 Enabling RIP..............................................................................................................................................................48

CloudEngine 6800&5800 Series SwitchesConfiguration Guide - IP Routing Contents


v

3.4.2 Enabling RIP on the Specified Network Segment.....................................................................................................483.4.3 (Optional) Configuring RIP Neighbors on an NBMA Network...............................................................................493.4.4 (Optional) Specifying the RIP Version.....................................................................................................................503.4.5 Checking the Configuration.......................................................................................................................................513.5 Configuring RIP-2........................................................................................................................................................513.5.1 Configuring RIP-2 Route Summarization.................................................................................................................513.5.2 Configuring RIP-2 Packet Authentication.................................................................................................................523.5.3 Checking the Configuration.......................................................................................................................................533.6 Avoiding Routing Loops..............................................................................................................................................533.6.1 Configuring Split Horizon.........................................................................................................................................543.6.2 Configuring Poison Reverse......................................................................................................................................543.6.3 Checking the Configuration.......................................................................................................................................553.7 Controlling RIP Routing...............................................................................................................................................553.7.1 Configuring RIP Preference......................................................................................................................................553.7.2 Configuring Additional Metrics of an Interface........................................................................................................563.7.3 Setting the Maximum Number of Equal-Cost Routes...............................................................................................573.7.4 Checking the Configuration.......................................................................................................................................573.8 Controlling RIP Route Advertisement.........................................................................................................................583.8.1 Configuring RIP to Advertise Default Routes...........................................................................................................583.8.2 Disabling an Interface from Sending Update Packets...............................................................................................593.8.3 Configuring RIP to Import Routes............................................................................................................................603.8.4 Checking the Configuration.......................................................................................................................................613.9 Controlling Receiving of RIP Routing Information.....................................................................................................613.9.1 Disabling an Interface from Receiving RIP Update Packets.....................................................................................613.9.2 Configuring RIP to Deny Host Routes......................................................................................................................623.9.3 Configuring RIP to Filter Received Routes...............................................................................................................633.9.4 Checking RIP Packets with Metric 0.........................................................................................................................633.9.5 Checking the Configuration.......................................................................................................................................643.10 Improving RIP Network Performance........................................................................................................................643.10.1 Configuring RIP Timers..........................................................................................................................................653.10.2 Setting the Interval for Sending Update Packets and Maximum Number of Sent Packets.....................................663.10.3 Setting the Maximum Length of RIP Packets.........................................................................................................663.10.4 Configuring RIP to Check the Validity of Update Packets.....................................................................................673.10.5 Configuring RIP Triggered Update.........................................................................................................................683.10.6 Setting the Maximum Number of RIP Routes.........................................................................................................693.10.7 Checking the Configuration.....................................................................................................................................693.11 Configuring BFD for RIP...........................................................................................................................................703.11.1 Configuring Dynamic BFD for RIP........................................................................................................................703.11.2 Configuring Static BFD for RIP..............................................................................................................................723.12 Configuring the Network Management Function for RIP..........................................................................................743.13 Maintaining RIP.........................................................................................................................................................743.13.1 Resetting RIP...........................................................................................................................................................75



vi

3.13.2 Clearing RIP Statistics.............................................................................................................................................753.14 Configuration Examples.............................................................................................................................................753.14.1 Example for Configuring Basic RIP Functions.......................................................................................................763.14.2 Example for Importing Routes to RIP.....................................................................................................................793.14.3 Example for Configuring Dynamic BFD for RIP...................................................................................................833.15 Common Configuration Errors...................................................................................................................................883.15.1 Failed to Receive RIP Update Packets from Neighbors..........................................................................................883.15.2 Failed to Send RIP Update Packets to Neighbors...................................................................................................893.15.3 Route Flapping Occurs on a RIP Network..............................................................................................................89

4 OSPF Configuration....................................................................................................................914.1 OSPF Overview............................................................................................................................................................934.2 OSPF Features Supported by the Device.....................................................................................................................964.3 Default Configuration...................................................................................................................................................994.4 Configuring Basic OSPF Functions...........................................................................................................................1004.4.1 Creating an OSPF Process.......................................................................................................................................1004.4.2 Creating an OSPF Area...........................................................................................................................................1014.4.3 Enable OSPF............................................................................................................................................................1024.4.4 Checking the Configuration.....................................................................................................................................1034.5 Setting Parameters for OSPF Neighbor Relationship.................................................................................................1044.5.1 Setting the OSPF Packet Retransmission Limit......................................................................................................1044.5.2 Configuring an Interface to Fill in the DD Packet with the Actual MTU...............................................................1054.5.3 Checking the Configuration.....................................................................................................................................1054.6 Configuring OSPF Attributes in Different Types of Networks..................................................................................1064.6.1 Configuring Network Types of OSPF Interfaces....................................................................................................1074.6.2 (Optional) Setting the DR Priority for the OSPF Interface of the Broadcast or NBMA Network Type.................1084.6.3 (Optional) Disabling the Function of Checking the Network Mask on a P2MP Network......................................1094.6.4 Configuring Neighbors for NBMA Networks.........................................................................................................1094.6.5 (Optional) Configuring the Interval for Sending Poll Packets in NBMA Networks...............................................1104.6.6 Checking the Configuration.....................................................................................................................................1104.7 Configuring OSPF Stub Areas...................................................................................................................................1114.7.1 Defining the Current Area to be a Stub Area..........................................................................................................1114.7.2 (Optional) Configuring Metrics of Default Routes Sent to Stub Areas..................................................................1124.7.3 Checking the Configuration.....................................................................................................................................1134.8 Configuring OSPF NSSA Areas.................................................................................................................................1134.9 Adjusting OSPF Route Selection...............................................................................................................................1164.9.1 Setting the Link Cost for an OSPF Interface...........................................................................................................1164.9.2 Setting the Preference for Equal-cost OSPF Routes...............................................................................................1174.9.3 Setting the Maximum Number of Equal-Cost Routes.............................................................................................1184.9.4 Configuring External Route Selection Rules Compatible with RFC 1583.............................................................1194.9.5 Checking the Configuration.....................................................................................................................................1194.10 Controlling OSPF Routing Information...................................................................................................................1204.10.1 Configuring OSPF to Import External Routes......................................................................................................120



vii

4.10.2 Configuring OSPF to Advertise the Default Route to the OSPF Area..................................................................1224.10.3 Configuring OSPF Route Aggregation..................................................................................................................1234.10.4 Configuring OSPF to Filter the Received Routes.................................................................................................1244.10.5 Configuring OSPF to Filter the Routes to Be Advertised.....................................................................................1254.10.6 Configuring OSPF to Filter ABR Type3 LSA......................................................................................................1254.10.7 Checking the Configuration...................................................................................................................................1264.11 Configuring OSPF IP FRR.......................................................................................................................................1264.11.1 Enabling OSPF IP FRR.........................................................................................................................................1274.11.2 (Optional) Blocking FRR on an OSPF Interface...................................................................................................1284.11.3 Checking the Configuration...................................................................................................................................1284.12 Configuring BFD for OSPF......................................................................................................................................1294.12.1 Configuring Global BFD.......................................................................................................................................1294.12.2 Configuring BFD for OSPF Feature......................................................................................................................1304.12.3 (Optional) Preventing an Interface from Dynamically Setting Up a BFD Session...............................................1314.12.4 (Optional) Configuring BFD on the Specified Interface.......................................................................................1314.12.5 Checking the Configuration...................................................................................................................................1324.13 Configuring OSPF Fast Convergence......................................................................................................................1324.13.1 Setting the Convergence Priority of OSPF Routes................................................................................................1324.13.2 Setting the Interval for Sending Hello Packets......................................................................................................1334.13.3 Setting the Dead Time of the Neighbor Relationship............................................................................................1344.13.4 Configuring Smart-discover..................................................................................................................................1354.13.5 Setting the Interval for Updating LSAs.................................................................................................................1354.13.6 Setting the Interval for Receiving LSAs................................................................................................................1374.13.7 Setting the Interval for the SPF Calculation..........................................................................................................1384.13.8 Checking the Configuration...................................................................................................................................1394.14 Configuring OSPF GR Helper..................................................................................................................................1394.15 Improving the Stability of an OSPF Network..........................................................................................................1404.15.1 Setting the Priority of OSPF..................................................................................................................................1414.15.2 Configuring the Delay for Transmitting LSAs on the Interface............................................................................1414.15.3 Configuring the Interval for Retransmitting LSAs................................................................................................1424.15.4 Configuring Secure Synchronization.....................................................................................................................1424.15.5 Configuring Stub Routers......................................................................................................................................1434.15.6 Suppressing an Interface from Receiving or Sending OSPF Packets...................................................................1444.15.7 Checking the Configuration...................................................................................................................................1444.16 Improving the Security of an OSPF Network..........................................................................................................1454.16.1 Configuring the Area Authentication Mode..........................................................................................................1454.16.2 Configuring the Interface Authentication Mode....................................................................................................1464.16.3 Checking the Configuration...................................................................................................................................1474.17 Configuring the Network Management Function of OSPF......................................................................................1484.18 Maintaining OSPF....................................................................................................................................................1484.18.1 Clearing OSPF.......................................................................................................................................................1494.18.2 Resetting OSPF......................................................................................................................................................149



viii

4.19 Configuring Examples..............................................................................................................................................1504.19.1 Example for Configuring Basic OSPF Functions..................................................................................................1504.19.2 Example for Configuring OSPF Stub Areas..........................................................................................................1554.19.3 Example for Configuring an NSSA Area..............................................................................................................1604.19.4 Example for Configuring DR Election of OSPF...................................................................................................1654.19.5 Example for Configuring Load Balancing Among OSPF Routes.........................................................................1704.19.6 Example for Configuring OSPF IP FRR...............................................................................................................1754.19.7 Example for Configuring BFD for OSPF..............................................................................................................181

5 IPv4 IS-IS Configuration..........................................................................................................1865.1 IS-IS Overview...........................................................................................................................................................1885.2 IS-IS (IPv4) Features Supported by the Device.........................................................................................................1885.3 Default Configuration.................................................................................................................................................1905.4 Configure Basic IS-IS Functions................................................................................................................................1915.4.1 Creating IS-IS Processes.........................................................................................................................................1915.4.2 Configuring a NET..................................................................................................................................................1925.4.3 Configuring the Device Level.................................................................................................................................1925.4.4 Establishing IS-IS Neighbor Relationships.............................................................................................................1935.4.5 Checking the Configuration.....................................................................................................................................1965.5 Improving IS-IS Network Security.............................................................................................................................1965.5.1 Configuring Interface Authentication......................................................................................................................1975.5.2 Configuring Area or Domain Authentication..........................................................................................................1985.5.3 Checking the Configuration.....................................................................................................................................2005.6 Controlling IS-IS Route Selection..............................................................................................................................2005.6.1 Configuring a Preference Value for IS-IS...............................................................................................................2005.6.2 Configuring the Cost of an IS-IS Interface..............................................................................................................2015.6.3 Configuring Principles for Using Equal-Cost IS-IS Routes....................................................................................2045.6.4 Configuring IS-IS Route Leaking............................................................................................................................2055.6.5 Checking the Configuration.....................................................................................................................................2065.7 Controlling IS-IS Route Exchange.............................................................................................................................2065.7.1 Configuring IS-IS to Advertise a Default Route.....................................................................................................2075.7.2 Configuring IS-IS to Import External Routes..........................................................................................................2085.7.3 Configuring IS-IS to Advertise Specified External Routes to an IS-IS Routing Domain.......................................2085.7.4 Adding Specified IS-IS Routes to the IP Routing Table.........................................................................................2095.7.5 Checking the Configuration.....................................................................................................................................2105.8 Configuring IS-IS Route Summarization...................................................................................................................2105.9 Controlling IS-IS Route Convergence........................................................................................................................2115.9.1 Configuring Attributes for Hello Packets................................................................................................................2115.9.2 Configuring Attributes for LSPs..............................................................................................................................2135.9.3 Configuring Attributes for CSNPs..........................................................................................................................2185.9.4 Setting the SPF Calculation Interval.......................................................................................................................2195.9.5 Configuring Convergence Priorities for IS-IS Routes.............................................................................................2205.9.6 Checking the Configuration.....................................................................................................................................221



ix

5.10 Configuring LSP Fragment Extension.....................................................................................................................2215.11 Configuring a Mesh Group on an NBMA Network.................................................................................................2225.12 Configuring IS-IS Reliability...................................................................................................................................2235.12.1 Enabling IS-IS Auto FRR......................................................................................................................................2235.12.2 Configuring Static BFD for IS-IS..........................................................................................................................2255.12.3 Configuring Dynamic BFD for IS-IS....................................................................................................................2265.13 Configuring the Overload Bit for an IS-IS Device...................................................................................................2295.14 Maintaining IS-IS.....................................................................................................................................................2295.14.1 Resetting IS-IS.......................................................................................................................................................2305.14.2 Suppressing IS-IS..................................................................................................................................................2305.14.3 Configuring IS-IS Host Name Mapping................................................................................................................2315.15 Configuration Examples...........................................................................................................................................2325.15.1 Example for Configuring Basic IS-IS Functions...................................................................................................2325.15.2 Example for Configuring IS-IS DIS Election........................................................................................................2375.15.3 Example for Configuring IS-IS to Interact with BGP...........................................................................................2425.15.4 Example for Configuring IS-IS Auto FRR............................................................................................................2475.15.5 Example for Configuring Static BFD for IS-IS.....................................................................................................2555.15.6 Example for Configuring Dynamic BFD for IS-IS...............................................................................................2595.16 Common Configuration Errors.................................................................................................................................2655.16.1 Failed to Establish IS-IS Neighbor Relationships.................................................................................................2665.16.2 A Device Cannot Learn IS-IS Routes from Its Neighbor......................................................................................267

6 BGP Configuration....................................................................................................................2696.1 BGP Overview............................................................................................................................................................2716.2 BGP Features Supported by the Device.....................................................................................................................2716.3 Default Configuration.................................................................................................................................................2756.4 Configuring Basic BGP Functions.............................................................................................................................2756.4.1 Starting a BGP Process............................................................................................................................................2766.4.2 Configuring BGP Peers...........................................................................................................................................2766.4.3 (Optional) Configuring a BGP Peer Group.............................................................................................................2786.4.4 Configuring BGP to Import Routes.........................................................................................................................2796.4.5 Checking the Configuration.....................................................................................................................................2816.5 Configuring BGP Security..........................................................................................................................................2816.5.1 Configuring MD5 Authentication...........................................................................................................................2826.5.2 Configuring Keychain Authentication.....................................................................................................................2826.5.3 Configuring BGP GTSM.........................................................................................................................................2836.5.4 Checking the Configuration.....................................................................................................................................2846.6 Simplifying IBGP Network Connections...................................................................................................................2846.6.1 Configuring a BGP Route Reflector........................................................................................................................2856.6.2 Configuring a BGP Confederation..........................................................................................................................2866.7 Configuring BGP Route Selection and Load Balancing............................................................................................2876.7.1 Configuring the BGP Priority..................................................................................................................................2876.7.2 Configuring the Next_Hop Attribute.......................................................................................................................288



x

6.7.3 Configuring the PrefVal Attribute...........................................................................................................................2896.7.4 Configuring the Default Local_Pref Attribute.........................................................................................................2906.7.5 Configuring the AS_Path Attribute.........................................................................................................................2916.7.6 Configuring the MED Attribute..............................................................................................................................2936.7.7 Configuring the BGP Community Attribute...........................................................................................................2946.7.8 Configuring BGP Load Balancing..........................................................................................................................2966.7.9 Checking the Configuration.....................................................................................................................................2986.8 Controlling the Receiving and Advertisement of BGP Routes..................................................................................2986.8.1 Configuring a Routing Policy..................................................................................................................................2996.8.2 Controlling the Advertisement of BGP Routes.......................................................................................................2996.8.3 Controlling the Receiving of BGP Routes..............................................................................................................3016.8.4 Configuring BGP Soft Reset...................................................................................................................................3036.8.5 Checking the Configuration.....................................................................................................................................3046.9 Adjusting the BGP Network Convergence Speed......................................................................................................3056.9.1 Configuring a BGP ConnectRetry Timer................................................................................................................3056.9.2 Configuring BGP Keepalive and Hold Timers........................................................................................................3066.9.3 Configuring a Update Message Timer.....................................................................................................................3086.9.4 Disabling Rapid EBGP Connection Reset...............................................................................................................3096.9.5 Configuring BGP Route Dampening.......................................................................................................................3096.9.6 Checking the Configuration.....................................................................................................................................3106.10 Configuring BGP Reliability....................................................................................................................................3116.10.1 Configuring Association Between BGP and BFD................................................................................................3116.10.2 Configuring BGP Auto FRR.................................................................................................................................3136.10.3 Configuring the BGP GR Helper Function...........................................................................................................3146.11 Configuring BGP Route Summarization..................................................................................................................3156.12 Configuring On-demand Route Advertisement........................................................................................................3166.13 Configuring BGP to Advertise Default Routes to Peers..........................................................................................3176.14 Configuring MP-BGP...............................................................................................................................................3186.15 Maintaining BGP......................................................................................................................................................3196.15.1 Resetting BGP Connections..................................................................................................................................3196.15.2 Clearing BGP Statistics.........................................................................................................................................3206.16 Configuration Examples...........................................................................................................................................3216.16.1 Example for Configuring Basic BGP Functions...................................................................................................3216.16.2 Example for Configuring Basic MBGP Functions................................................................................................3276.16.3 Example for Configuring BGP Load Balancing and the MED Attribute..............................................................3356.16.4 Example for Configuring a BGP Route Reflector.................................................................................................3396.16.5 Example for Configuring a BGP Confederation...................................................................................................3456.16.6 Example for Configuring the BGP Community Attribute.....................................................................................3536.16.7 Example for Configuring Prefix-based BGP ORF................................................................................................3576.16.8 Example for Configuring BGP Route Dampening................................................................................................3616.16.9 Example for Associating BGP with BFD..............................................................................................................3656.16.10 Example for Configuring BGP Auto FRR..........................................................................................................370



xi

7 Routing Policy Configuration.................................................................................................3767.1 Routing Policy Overview...........................................................................................................................................3777.2 Routing Policy Features Supported by the Device.....................................................................................................3777.3 Filter Configuration....................................................................................................................................................3787.3.1 Configuring an IP Prefix List..................................................................................................................................3797.3.2 Configuring an AS_Path Filter................................................................................................................................3807.3.3 Configuring a Community Filter.............................................................................................................................3807.3.4 Configuring an Extended Community Filter...........................................................................................................3817.3.5 Configuring an RD Filter.........................................................................................................................................3827.4 Configuring a Routing Policy.....................................................................................................................................3827.4.1 Creating a Routing Policy........................................................................................................................................3837.4.2 (Optional) Configuring an if-match Clause.............................................................................................................3837.4.3 (Optional) Configuring an apply Clause.................................................................................................................3857.4.4 Checking the Configuration.....................................................................................................................................3877.5 Maintaining the Routing Policy..................................................................................................................................3877.6 Configuration Examples.............................................................................................................................................3887.6.1 Example for Filtering the Routes to Be Received or Advertised............................................................................3887.6.2 Example for Applying a Routing Policy for Importing Routes...............................................................................393

8 MCE Configuration...................................................................................................................3988.1 MCE Overview...........................................................................................................................................................3998.2 Configuring an MCE Device......................................................................................................................................4028.2.1 Configuring a VPN Instance....................................................................................................................................4038.2.2 Configure Route Exchange Between an MCE Device and VPN Sites...................................................................4058.2.3 Configure Route Exchange Between an MCE Device and a PE Device................................................................4118.2.4 Checking the Configuration.....................................................................................................................................4158.3 Configuration Examples.............................................................................................................................................4168.3.1 Example for Configuring an MCE Device..............................................................................................................416



xii

1 IP Routing Basic Configuration

About This Chapter

You can configure IP routing to learn about basic parameters for IP routing.

1.1 Displaying and Maintaining a Routing TableYou can view routing tables to learn about the network topology and locate routing faults.

1.2 Configuring IPv4 FRRIPv4 FRR applies to the services that are very sensitive to delay and packet loss on IPv4 networks.

1.3 Configuring the ECMP Load Balancing ModeEqual-Cost Multi-Path routing (ECMP) implements load balancing and link backup.

1.4 Configuration ExamplesThis section provides examples for configuring IP routing, including networking requirementsand configuration roadmap.

CloudEngine 6800&5800 Series SwitchesConfiguration Guide - IP Routing 1 IP Routing Basic Configuration


1

1.1 Displaying and Maintaining a Routing TableYou can view routing tables to learn about the network topology and locate routing faults.

ContextYou can view routing table information to locate routing faults. The following describes thecommands used to display and maintain routing table information.

The display commands can be used in all views. The reset commands are used in the user view.

If the switch imports a large number of routes, system performance may be affected whenservices are being processed because the routes consume a lot of system resources. To improvesystem security and reliability, configure a limit on the number of public route prefixes. Whenthe number of public route prefixes exceeds the limit, an alarm is generated, prompting you tocheck whether unnecessary public route prefixes exist.

Procedurel Run the display ip routing-table command to check brief information about the active

routes in the IPv4 routing table.l Run the display ip routing-table verbose command to check detailed information about

the IPv4 routing table.l Run the display ip routing-table ip-address [ mask | mask-length ] [ longer-match ]

[ verbose ] command to check detailed information about the routes with the specifieddestination address in the IPv4 routing table.

l Run the display ip routing-table ip-address1 { mask1 | mask-length1 } ip-address2{ mask2 | mask-length2 } [ verbose ] command to check detailed information about theroutes within the specified destination address range in the IPv4 routing table.

l Run the display ip routing-table ip-prefix ip-prefix-name [ verbose ] command to checkdetailed information about the routes that match the specified IP prefix list in the IPv4routing table.

l Run the display ip routing-table protocol protocol [ inactive | verbose ] command tocheck detailed information about the routes discovered by the specified routing protocol inthe IPv4 routing table.

l Run the display ip routing-table statistics command to check route statistics in the IPv4routing table.

l Run the reset ip routing-table statistics protocol [ vpn-instance vpn-instance-name ]{ all | protocol } command to clear route statistics in the IPv4 routing table.

l Run the ip prefix limit number { alert-percent [ route-unchanged ] | simply-alert }command in the system view to set a limit on the number of IPv4 public route prefixes.

l Run the ipv6 prefix limit number { alert-percent [ route-unchanged ] | simply-alert }command in the system view to set a limit on the number of IPv6 public route prefixes.

----End

1.2 Configuring IPv4 FRRIPv4 FRR applies to the services that are very sensitive to delay and packet loss on IPv4 networks.



2

Applicable EnvironmentIf a link failure occurs after FRR is enabled, the fault detection module reports the failure to theupper-layer routing system. The FRR module immediately uses a backup link to forward packets,minimizing the impact of the link failure on services.

CAUTIONIPv4 FRR implements route backup among routes of different routing protocols and may causerouting loops. Therefore, exercise caution when using IPv4 FRR.

Pre-configuration TasksBefore configuring IPv4 FRR, complete the following task:

l Configuring link layer protocol parameters and assigning IPv4 addresses to interfaces toensure that the link layer protocol of the interfaces is Up

Procedure

Step 1 Run:system-view

The system view is displayed.

Step 2 Run:ip frr

IPv4 FRR is enabled.

NOTE

When FRR is configured in both the system view and the routing protocol view, FRR configured in therouting protocol view is used for route backup.

Step 3 Run:commit

The configuration is committed.

----End

Checking the ConfigurationAfter IPv4 FRR is configured, run the following command to check the configuration.

Run the display ip routing-table verbose command to check detailed information about thebackup outbound interfaces and backup next hops of routes in the routing table.

1.3 Configuring the ECMP Load Balancing ModeEqual-Cost Multi-Path routing (ECMP) implements load balancing and link backup.



3

ContextECMP applies to the network where multiple links to the same destination are available. In thetraditional routing technology, packets are forwarded to the destination through one link only;the other links are in backup or inactive state; switching between these links requires a certainperiod when dynamic routes are used. Different from the traditional routing technology, ECMPcan use multiple links to increase transmission bandwidth and transmit data on a faulty linkwithout any delay or packet loss.

Procedure

1. Run:system-view

The system view is displayed.2. Run:

load-balance ecmp

The ECMP view is displayed.3. Run:

ipv4 { src-ip | dst-ip | vlan | l4-src-port | l4-dst-port | protocol | src-interface } *

The ECMP load balancing mode of IPv4 packets is set.

By default, ECMP load balancing is performed on IPv4 packets based on the sourceIP address, destination IP address, and port number.

4. Run:commit


----End

Checking the ConfigurationRun the display port forwarding-path src-ip src-ip-data dst-ip dst-ip-data command to checkthe outbound interface and statistics about packets that contain specified 5-tuple information.

1.4 Configuration ExamplesThis section provides examples for configuring IP routing, including networking requirementsand configuration roadmap.

1.4.1 Example for Configuring IPv4 FRR on the Public Network

Networking RequirementsAs shown in Figure 1-1, OSPF is configured on SwitchT, SwitchA, and SwitchC, and IS-IS isconfigured on SwitchT, SwitchB, and SwitchC. OSPF routes have a higher priority than IS-ISroutes. Therefore, link B is the backup link of link A. Traffic must be rapidly switched from linkA to link B when a fault occurs on link A.



4

Figure 1-1 Networking diagram of configuring IPv4 FRR on the public network

10GE1/0/1VLANIF20

192.168.10.2/2410GE1/0/2VLANIF20

192.168.10.1/24

10GE1/0/2VLANIF40192.168.11.1/24

10GE1/0/3VLANIF50192.168.21.1/24

10GE1/0/2VLANIF50192.168.21.2/24

10GE1/0/2VLANIF40192.168.11.2/24

10GE1/0/1VLANIF30

192.168.20.2/24

10GE1/0/3VLANIF30

192.168.20.1/24

10GE1/0/1VLANIF60172.17.1.1/24

10GE1/0/1VLANIF10

172.16.1.1/24

SwitchA

SwitchB

SwitchT SwitchC

Link A

Link B

Configuration Roadmap

Enable IPv4 FRR on the public network on SwitchT so that traffic can be rapidly switched tolink B when a fault occurs on link A.

Procedure

Step 1 Create VLANs and add interfaces to the VLANs.<HUAWEI> system-view[~HUAWEI] sysname SwitchT[~HUAWEI] commit[~SwitchT] vlan batch 10 20 30[~SwitchT] interface 10ge 1/0/1[~SwitchT-10GE1/0/1] port link-type trunk [~SwitchT-10GE1/0/1] port trunk allow-pass vlan 10[~SwitchT-10GE1/0/1] quit[~SwitchT] interface 10ge 1/0/2[~SwitchT-10GE1/0/2] port link-type trunk [~SwitchT-10GE1/0/2] port trunk allow-pass vlan 20[~SwitchT-10GE1/0/2] quit[~SwitchT] interface 10ge 1/0/3[~SwitchT-10GE1/0/3] port link-type trunk [~SwitchT-10GE1/0/3] port trunk allow-pass vlan 30[~SwitchT-10GE1/0/3] quit[~SwitchT] commit

The configurations of SwitchA, SwitchB, and SwitchC are similar to the configuration ofSwitchT, and are not mentioned here.

Step 2 Assign IPv4 addresses to VLANIF interfaces.[~SwitchT] interface vlanif 10[~SwitchT-Vlanif10] ip address 172.16.1.1 24[~SwitchT-Vlanif10] quit[~SwitchT] interface vlanif 20[~SwitchT-Vlanif20] ip address 192.168.10.1 24[~SwitchT-Vlanif20] quit[~SwitchT] interface vlanif 30[~SwitchT-Vlanif30] ip address 192.168.20.1 24



5

[~SwitchT-Vlanif30] quit[~SwitchT] commit

The configurations of SwitchA, SwitchB, and SwitchC are similar to the configuration ofSwitchT, and are not mentioned here.

Step 3 Configure OSPF on SwitchT, SwitchA, and SwitchC.

# Configure SwitchT.

[~SwitchT] ospf[~SwitchT-ospf-1] area 0[~SwitchT-ospf-1-area-0.0.0.0] network 172.16.1.0 0.0.0.255[~SwitchT-ospf-1-area-0.0.0.0] network 192.168.10.0 0.0.0.255[~SwitchT-ospf-1-area-0.0.0.0] commit

# Configure SwitchA.

[~SwitchA] ospf[~SwitchA-ospf-1] area 0[~SwitchA-ospf-1-area-0.0.0.0] network 192.168.10.0 0.0.0.255[~SwitchA-ospf-1-area-0.0.0.0] network 192.168.11.0 0.0.0.255[~SwitchA-ospf-1-area-0.0.0.0] commit

# Configure SwitchC.

[~SwitchC] ospf[~SwitchC-ospf-1] area 0[~SwitchC-ospf-1-area-0.0.0.0] network 172.17.1.0 0.0.0.255[~SwitchC-ospf-1-area-0.0.0.0] network 192.168.11.0 0.0.0.255[~SwitchC-ospf-1-area-0.0.0.0] commit

Step 4 Configure IS-IS on SwitchT, SwitchB, and SwitchC.

# Configure SwitchT.

[~SwitchT] isis[~SwitchT-isis-1] network-entity 10.0000.0000.0001.00[~SwitchT-isis-1] quit[~SwitchT] interface vlanif 10[~SwitchT-Vlanif10] isis enable 1[~SwitchT-Vlanif10] quit[~SwitchT] interface vlanif 30[~SwitchT-Vlanif30] isis enable 1[~SwitchT-Vlanif30] commit[~SwitchT-Vlanif30] quit

# Configure SwitchB.

[~SwitchB] isis[~SwitchB-isis-1] network-entity 10.0000.0000.0002.00[~SwitchB-isis-1] quit[~SwitchB] interface vlanif 30[~SwitchB-Vlanif30] isis enable 1[~SwitchB-Vlanif30] quit[~SwitchB] interface vlanif 50[~SwitchB-Vlanif50] isis enable 1[~SwitchB-Vlanif50] commit[~SwitchB-Vlanif50] quit


[~SwitchC] isis[~SwitchC-isis-1] network-entity 10.0000.0000.0003.00[~SwitchC-isis-1] quit[~SwitchC] interface vlanif 50[~SwitchC-Vlanif50] isis enable 1[~SwitchC-Vlanif50] quit[~SwitchC] interface vlanif 60



6

[~SwitchC-Vlanif60] isis enable 1[~SwitchC-Vlanif60] commit[~SwitchC-Vlanif60] quit

Step 5 Check routing information.

# Check the routes to destination 172.17.1.0 on SwitchT.

<SwitchT> display ip routing-table 172.17.1.0 verboseRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Table : _public_Summary Count : 2

Destination: 172.17.1.0/24 Protocol: OSPF Process ID: 1 Preference: 10 Cost: 3 NextHop: 192.168.10.2 Neighbour: 0.0.0.0 State: Active Adv Age: 00h00m07s Tag: 0 Priority: low Label: NULL QoSInfo: 0xa98ac7 IndirectID: 0x40000041 RelayNextHop: 0.0.0.0 Interface: Vlanif20 TunnelID: 0x0 Flags: D

Destination: 172.17.1.0/24 Protocol: ISIS-L1 Process ID: 1 Preference: 15 Cost: 30 NextHop: 192.168.20.2 Neighbour: 0.0.0.0 State: Inactive Adv Age: 00h01m26s Tag: 0 Priority: high Label: NULL QoSInfo: 0xa98ac7 IndirectID: 0x80000081 RelayNextHop: 0.0.0.0 Interface: Vlanif30 TunnelID: 0x0 Flags: 0

The routing table contains two routes to 172.17.1.0/24. OSPF routes have a higher priority thanIS-IS routes. Therefore, the route with next hop 192.168.10.2 is the optimal route.

Step 6 Enable IPv4 FRR on the public network.

# Enable IPv4 FRR on the public network on SwitchT.

<SwitchT> system-view[~SwitchT] ip frr[~SwitchT] commit

# Check information about the backup outbound interface and backup next hop on SwitchT.


Destination: 172.17.1.0/24 Protocol: OSPF Process ID: 1 Preference: 10 Cost: 3 NextHop: 192.168.10.2 Neighbour: 0.0.0.0 State: Active Adv Age: 00h01m36s Tag: 0 Priority: low Label: NULL QoSInfo: 0xa98ac7 IndirectID: 0x40000041 RelayNextHop: 0.0.0.0 Interface: Vlanif20 TunnelID: 0x0 Flags: D BkNextHop: 192.168.20.2 BkInterface: Vlanif30 BkLabel: NULL SecTunnelID: 0x0 BkPETunnelID: 0x0 BkPESecTunnelID: 0x0 BkIndirectID: 0x80000081



7

Destination: 172.17.1.0/24 Protocol: ISIS-L1 Process ID: 1 Preference: 15 Cost: 30 NextHop: 192.168.20.2 Neighbour: 0.0.0.0 State: Inactive Adv Age: 00h02m55s Tag: 0 Priority: high Label: NULL QoSInfo: 0xa98ac7 IndirectID: 0x80000081 RelayNextHop: 0.0.0.0 Interface: Vlanif30 TunnelID: 0x0 Flags: 0

The routing table contains the backup outbound interface and backup next hop of the route to172.17.1.0/24. The IS-IS route becomes the backup route.

----End

Configuration Filesl Configuration file of SwitchT

#sysname SwitchT#ip frr#isis 1 network-entity 10.0000.0000.0001.00#interface Vlanif10 ip address 172.16.1.1 255.255.255.0 isis enable 1#interface Vlanif20 ip address 192.168.10.1 255.255.255.0#interface Vlanif30 ip address 192.168.20.1 255.255.255.0 isis enable 1#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20#interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 30#ospf 1 area 0.0.0.0 network 172.16.1.0 0.0.0.255 network 192.168.10.0 0.0.0.255#return

l Configuration file of SwitchA#sysname SwitchA#interface Vlanif20 ip address 192.168.10.2 255.255.255.0#interface Vlanif40 ip address 192.168.11.2 255.255.255.0#



8

interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 20#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 40#ospf 1 area 0.0.0.0 network 192.168.10.0 0.0.0.255 network 192.168.11.0 0.0.0.255#return

l Configuration file of SwitchB#sysname SwitchB#isis 1 network-entity 10.0000.0000.0002.00 #interface Vlanif30 ip address 192.168.20.2 255.255.255.0 isis enable 1#interface Vlanif50 ip address 192.168.21.2 255.255.255.0 isis enable 1#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 30#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 50#return

l Configuration file of SwitchC#sysname SwitchC#isis 1 network-entity 10.0000.0000.0003.00 #interface Vlanif40 ip address 192.168.11.1 255.255.255.0#interface Vlanif50 ip address 192.168.21.1 255.255.255.0 isis enable 1#interface Vlanif60 ip address 172.17.1.1 255.255.255.0 isis enable 1#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 60#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 40#interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 50#



9

ospf 1 area 0.0.0.0 network 172.17.1.0 0.0.0.255 network 192.168.11.0 0.0.0.255#return



10

2 Static Route Configuration

About This Chapter

Static routes apply to simple networks. Proper static routes can improve network performanceand ensure bandwidth for important applications.

2.1 Static Route OverviewOn a simple network, you only need to configure static routes to ensure that the network worksproperly. On a complex large-scale network, static routes ensure bandwidth for importantapplications because they remain unchanged even when the topology changes.

2.2 Static Route Features Supported by the DeviceThe Switch supports the following static route features: IPv4 static routes, static default routes,bidirectional forwarding detection (BFD) for IPv4 static routes, NQA for IPv4 static routes, fastreroute (FRR) for IPv4 static routes, and static routes in VPN instances.

2.3 Default Configuration of Static RoutesThis section describes the default configuration of static routes, which can be changed accordingto network requirements.

2.4 Configuring IPv4 Static RoutesOn a network, you can accurately control route selection by configuring IPv4 static routes.

2.5 Configuring Dynamic BFD for IPv4 Static RoutesBy configuring dynamic BFD to detect IPv4 static routes, you can enable devices to fast detectlink changes, improving network reliability.

2.6 Configuring Static BFD for IPv4 Static RoutesStatic BFD for IPv4 static routes enables a device to rapidly detect changes of a link to adestination address of a stack route, improving network reliability.

2.7 Configuring FRR for IPv4 Static RoutesFRR applies to IP services that are sensitive to packet delay and packet loss. FRR can beconfigured for IPv4 static routes to implement traffic protection by use of a backup link.

2.8 Associating IPv4 Static Routes with NQAIf devices do not support BFD, associate IPv4 static routes with NAQ so that NQA test instancescan monitor the link status to improve network reliability.

2.9 Configuration Examples

CloudEngine 6800&5800 Series SwitchesConfiguration Guide - IP Routing 2 Static Route Configuration


11

This section provides configuration examples of static routes. Configuration examples explainnetworking requirements, networking diagram, configuration notes, configuration roadmap, andconfiguration procedure.



12

2.1 Static Route OverviewOn a simple network, you only need to configure static routes to ensure that the network worksproperly. On a complex large-scale network, static routes ensure bandwidth for importantapplications because they remain unchanged even when the topology changes.

2.2 Static Route Features Supported by the DeviceThe Switch supports the following static route features: IPv4 static routes, static default routes,bidirectional forwarding detection (BFD) for IPv4 static routes, NQA for IPv4 static routes, fastreroute (FRR) for IPv4 static routes, and static routes in VPN instances.

IPv4 Static RoutesIPv4 static routes are manually configured by the administrator. These routes ensure normalrunning of simple networks and ensure bandwidth for important applications.

Static Default RoutesIf the destination IP address of a packet does not match any entry in the routing table, the packetis forwarded using the default route. If no default route exists and the destination IP address ofthe packet does not match any entry in the routing table, the packet is discarded.

BFD for IPv4 Static RoutesUnlike dynamic routing protocols, static routes do not have a detection mechanism. When a faultoccurs on a network, the administrator needs to rectify the fault. BFD for static routes enablesa BFD session to monitor the status of the link of the static route on the public IPv4 network,implementing fault detection at the millisecond level.

NQA for IPv4 Static RoutesIn real-world situations, the link status is monitored in real time for network stability. If an activelink fails, traffic switches to a standby link to ensure non-stop traffic forwarding. The AddressResolution Protocol (ARP) probe function and BFD are usually used to detect link faults. Inaddition, Interior Gateway Protocol (IGP) convergence helps reveal link faults. However, thesemethods are not applicable in certain situations, for example:

l If only one link on the network needs to be monitored, ARP detection is not applicable.l If any device on the network does not support BFD, BFD is not applicable.l If either end of a link is a Layer 2 device, dynamic routing protocols cannot be deployed.

As a result, IGP convergence is not applicable.

In these situations, NQA for IPv4 static routes can be configured to detect link faults. It candetect faults on links where Layer 2 devices reside and take effect even if only one of the twocommunicating devices supports NQA.

If a fault occurs, an NQA test instance can immediately detect the fault and instruct the systemto delete the associated static route from the IP routing table. Traffic is then forwarded alonganother path.



13

FRR for IPv4 Static RoutesOn traditional IP networks, it takes the routing system several seconds to complete routeconvergence after a fault is detected. For services that require a low delay and low packet lossratio, the convergence time of several seconds is intolerant because it may lead to serviceinterruption. For example, voice over IP (VoIP) services are tolerant of interruption at themillisecond level. When a fault is detected at the physical layer or link layer, FRR for staticroutes implements convergence at the millisecond level, reducing the impact on services.

Static Routes in VPN InstancesThe device supports static routes associated with VPN instances. The static routes associatedwith VPN instances are used to manage VPN routes.

2.3 Default Configuration of Static RoutesThis section describes the default configuration of static routes, which can be changed accordingto network requirements.

Table 2-1 describes the default configuration of static routes.

Table 2-1 Default configuration of static routes

Parameter Default Setting

Preference of static routes 60

2.4 Configuring IPv4 Static RoutesOn a network, you can accurately control route selection by configuring IPv4 static routes.

Pre-configuration TasksBefore configuring IPv4 static routes, complete the following task:

l Configuring link layer parameters and IP addresses for interfaces to ensure network-layercommunication between neighbor nodes

Configuration ProceduresYou can perform the following configuration tasks (excluding the task of Checking theConfiguration) in any sequence as required.

2.4.1 Creating IPv4 Static Routes

ContextWhen creating static routes, you can specify both the outbound interface and next hop.Alternatively, you can specify only the outbound interface or next hop based on the outboundinterface type.



14

l Specify the outbound interface for P2P interfaces.l Specify the next hop for non broadcast multiple access (NBMA) interfaces.l Specify the next hop for broadcast interfaces (for example, Ethernet interfaces).

If you specify the same preference for static routes to the same destination, you can implementload balancing among these routes. If you specify different preferences for static routes, you canimplement route backup among the routes.

If the destination IP address and mask are set to all 0s, an IPv4 static default route is configured.By default, no IPv4 static default route is configured.

Procedure



Step 2 Configure IPv4 static routes.l Run:

ip route-static ip-address { mask | mask-length } { nexthop-address | interface-type interface-number [ nexthop-address ] | vpn-instance vpn-instance-name nexthop-address } [ preference preference | tag tag ] * [ description text ]

l Run:ip route-static vpn-instance vpn-source-name destination-address { mask | mask-length } { nexthop-address [ public ] | interface-type interface-number [ nexthop-address ] | vpn-instance vpn-instance-name nexthop-address } [ preference preference | tag tag ] * [ description text ]

NOTE

To implement load balancing among an Ethernet interface's static route and other static routes, configurethe outbound interface and next hop.

Step 3 Run:commit


----End

2.4.2 (Optional) Setting the Default Preference for IPv4 StaticRoutes

ContextThe default preference of IPv4 static routes affects route selection. When an IPv4 static route isconfigured, the default preference is used if no preference is specified for the static route.

Procedure





15

Step 2 Run:ip route-static default-preference preference

The default preference of static routes is set.

By default, the preference of static routes is 60.

NOTE

After the default preference is reconfigured, the new default preference is valid only for new IPv4 staticroutes.

Step 3 Run:commit


----End

2.4.3 (Optional) Configuring Static Route Selection Based onIteration Depth

Context

Route iteration refers to the process of finding the directly-connected outbound interface basedon the next hop of a route. The iteration depth indicates the number of times the system searchesfor routes. A smaller number of route iterations indicates a smaller iteration depth.

When there are multiple static routes with the same prefix but different iteration depths, thesystem selects the static route with the smallest iteration depth as the active route and deliversit to the FIB table after static route selection based on iteration depth is configured. The otherstatic routes then become inactive. A smaller iteration depth indicates a more stable route.

Procedure



Step 2 Run:ip route-static selection-rule relay-depth

Static route selection based on iteration depth is configured.

By default, static routes are not selected based on iteration depth.

Step 3 Run:commit


----End



16

2.4.4 Checking the Configuration

Procedurel Run the display static routing-table command to check information about static routes.l Run the display ip routing-table command to check brief information about the IPv4

routing table.l Run the display ip routing-table verbose command to check detailed information about

the IPv4 routing table.

----End

2.5 Configuring Dynamic BFD for IPv4 Static RoutesBy configuring dynamic BFD to detect IPv4 static routes, you can enable devices to fast detectlink changes, improving network reliability.

Pre-configuration TasksBefore configuring dynamic BFD for IPv4 static routes, complete the following task:

l Configuring link layer parameters and IP addresses for interfaces to ensure that the linklayer protocol on the interfaces is Up

Procedure



Step 2 Run:bfd

BFD is enabled globally.

Step 3 Run:quit

Return to the system view.

Step 4 (Optional) Run:ip route-static default-bfd [ min-rx-interval min-rx-interval ] [ min-tx-interval min-tx-interval ] [ detect-multiplier multiplier ]

Global BFD parameters are configured for static routes.

By default, the values of min-rx-interval, min-tx-interval, and detect-multiplier are 1000 ms,1000 ms, and 3 respectively.

Step 5 Run:ip route-static bfd interface-type interface-number nexthop-address [ local-address address ] [ min-rx-interval min-rx-interval | min-tx-interval min-tx-interval | detect-multiplier multiplier ] *

BFD parameters are configured for an IPv4 static route.



17

NOTE

If interface-type interface-number is not specified, local-address address must be specified.

If none of min-rx-interval, min-tx-interval, and detect-multiplier is specified, the global default valuesof BFD parameters are used.

Step 6 Run:ip route-static ip-address { mask | mask-length } { nexthop-address | interface-type interface-number [ nexthop-address ] } [ preference preference | tag tag ] * bfd enable [ description text ]

A public network static IPv4 route is bound to a BFD session.

Step 7 Run:commit


----End

Checking the Configuration

Run the following command to check the configuration.

l Run the display bfd session { all | discriminator discr-value } [ verbose ] command tocheck information about the BFD session.

2.6 Configuring Static BFD for IPv4 Static RoutesStatic BFD for IPv4 static routes enables a device to rapidly detect changes of a link to adestination address of a stack route, improving network reliability.

Pre-configuration Tasks

Before configuring static BFD for IPv4 static routes, complete the following tasks:

l Configuring link layer parameters and IP addresses for interfaces to ensure network-layercommunication between neighbor nodes

l Configuring BFD sessionsFor details, see "BFD Configuration" in the CloudEngine 6800&5800 Series Switches -Configuration Guide - Reliability.

Procedure



Step 2 Run:ip route-static ip-address { mask | mask-length } { nexthop-address | interface-type interface-number [ nexthop-address ] } [ preference preference | tag tag ] * track bfd-session cfg-name [ description text ]

A public network static IPv4 route is bound to a BFD session.



18

NOTE

Before binding a static route to a BFD session, ensure that the BFD session and the static route reside onthe same link.

Step 3 Run:commit


----End

Checking the ConfigurationRun the following commands to check the previous configuration.

l Run the display bfd session all [ verbose ] command to check information about the BFDsession.

2.7 Configuring FRR for IPv4 Static RoutesFRR applies to IP services that are sensitive to packet delay and packet loss. FRR can beconfigured for IPv4 static routes to implement traffic protection by use of a backup link.

Pre-configuration TasksBefore configuring FRR for IPv4 static routes, complete the following task:

l Configuring link layer parameters and IP addresses for interfaces to ensure that the linklayer protocol on the interfaces is Up

Procedure



Step 2 Run:ip route-static frr

FRR is enabled for public network IPv4 static routes.

NOTE

FRR is implemented only on the static routes that are manually configured. That is, FRR cannot beimplemented on iterated next hops.To implement route backup by configuring FRR for static routes, specify different preferences for thesestatic routes.To enable FRR for an Ethernet interface's static route and other static routes, configure the outboundinterface and next hop.

Step 3 Run:commit


----End



19


l Run the display ip routing-table verbose command to check detailed information aboutthe backup outbound interfaces and backup next hops of routes in the routing table.

l Run the display ip routing-table ip-address [ mask | mask-length ] [ longer-match ]verbose command to check detailed information about the backup outbound interfaces andbackup next hops of the routes with specified destination address and mask in the routingtable.

l Run the display ip routing-table ip-address1 { mask1 | mask-length1 } ip-address2{ mask2 | mask-length2 } verbose command to check detailed information about the backupoutbound interfaces and backup next hops of routes with specified IP address range in therouting table.

2.8 Associating IPv4 Static Routes with NQAIf devices do not support BFD, associate IPv4 static routes with NAQ so that NQA test instancescan monitor the link status to improve network reliability.

Pre-configuration TasksBefore associating IPv4 static routes with NQA, complete the following task:

l Configuring link layer parameters for interfaces to ensure that the link layer protocol onthe interfaces is Up

Procedure

Step 1 Configure an NQA ICMP test instance.1. Run:

system-view


nqa test-instance admin-name test-name

An NQA test instance is created, and the view of the test instance is displayed.3. Run:

test-type icmp

The test type is set to ICMP.

NOTE

When a static route is associated with an NQA test instance, only ICMP test instances are used totest whether there are reachable routes between the source and destination.

4. Run:destination-address ipv4 ip-address

The destination address is set.

In an NQA test instance, you can specify an NQA server by running the destination-address command to configure a destination address for the NQA test instance.



20

5. (Optional) Run:frequency interval

The interval for automatically performing an NQA test is set.

By default, no interval is set, that is, only one test is performed.6. (Optional) Run:

probe-count number

The number of probes to be sent each time is set for the NQA test instance.

By default, the number of probes is 3.

By sending probes multiple times in an NQA test instance, you can accurately estimatenetwork quality based on the collected statistics.

7. Run:start

The NQA test instance is started.

The start command can configure an NQA test instance to be started immediately, at aspecified time, after a specified delay, or every day. You can perform one of the followingoperations as required:l Run:

start now [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]The NQA test instance is started immediately.

l Run:start at [ yyyy/mm/dd ] hh:mm:ss [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]The NQA test instance is started at a specified time.

l Run:start delay { seconds second | hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]The NQA test instance is started after a specified delay.

l Run:start daily hh:mm:ss to hh:mm:ss [ begin yyyy/mm/dd ] [ end yyyy/mm/dd ]The NQA test instance is started every day.

8. Run:commit

The configuration is committed.9. Run:

quit


Step 2 Associate static routes with an NQA test instance.1. Run:

ip route-static ip-address { mask | mask-length } { nexthop-address | interface-type interface-number [ nexthop-address ] } [ preference preference | tag tag ] * track nqa admin-name test-name [ description text ]



21

IPv4 static routes are associated with an NQA test instance.

NOTE

The destination address of an NQA test instance cannot be the destination address of an associatedstatic route.

If the static route associated with an NQA test instance is associated with another NQA test instance,the static route is disassociated from the first NQA test instance.

2. Run:commit


----End

Checking the ConfigurationAfter IPv4 static routes are associated with NAQ, run the following commands to check theconfiguration.

l Run the display current-configuration | include nqa command to check the configurationof association between static routes and NQA.

l Run the display nqa results [ collection ] [ test-instance admin-name test-name ]command to check the NQA test result.The NQA test result cannot be displayed automatically. You must run the display nqaresults command to view the NQA test result. By default, the command output shows theresults of the latest five NQA tests.

2.9 Configuration ExamplesThis section provides configuration examples of static routes. Configuration examples explainnetworking requirements, networking diagram, configuration notes, configuration roadmap, andconfiguration procedure.

2.9.1 Example for Configuring IPv4 Static Routes

Networking RequirementsServers on different network segments are connected using several Switchs. Each two serverson different network segments can communicate with each other without using dynamic routingprotocols.



22

Figure 2-1 Networking diagram of configuring IPv4 static routes

10GE1/0/2VLANIF301.1.1.1/24

SwitchA10GE1/0/1VLANI101.1.4.1/30

10GE1/0/1VLANIF101.1.4.2/30

10GE1/0/2VLANIF201.1.4.5/30

10GE1/0/1VLANIF201.1.4.6/30

10GE1/0/2VLANIF501.1.3.1/24

10GE1/0/3VLANIF401.1.2.1/24

1.1.2.2/24

1.1.1.2/24 1.1.3.2/24

SwitchCSwitchB

Server3Server1

Server2

Configuration RoadmapThe configuration roadmap is as follows:

1. Create VLANs, add interfaces to the VLANs, and assign IPv4 addresses to VLANIFinterfaces so that directly-connected interfaces can communicate with each other.

2. Configure the default gateway on each server, and configure IPv4 static routes and defaultroutes on each Switch so that servers on different network segments can communicate witheach other.

Procedure

Step 1 Create VLANs and add interfaces to the VLANs.<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~HUAWEI] commit[~SwitchA] vlan 10[~SwitchA-vlan10] quit[~SwitchA] vlan 30[~SwitchA-vlan30] quit[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] port link-type trunk[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10[~SwitchA-10GE1/0/1] quit[~SwitchA] interface 10ge 1/0/2[~SwitchA-10GE1/0/2] port default vlan 30[~SwitchA-10GE1/0/2] quit[~SwitchA] commit

The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, andare not mentioned here.

Step 2 Assign IPv4 addresses to the VLANIF interfaces.[~SwitchA] interface vlanif 10[~SwitchA-Vlanif10] ip address 1.1.4.1 30[~SwitchA-Vlanif10] quit



23

[~SwitchA] interface vlanif 30[~SwitchA-Vlanif30] ip address 1.1.1.1 24[~SwitchA-Vlanif30] quit[~SwitchA] commit


Step 3 Configure servers.

Set the Server1 default gateway to 1.1.1.1, the Server2 default gateway to 1.1.2.1, and the Server3default gateway to 1.1.3.1.

Step 4 Configure static routes.

# Configure an IPv4 default route on SwitchA.

<SwitchA> system-view[~SwitchA] ip route-static 0.0.0.0 0.0.0.0 1.1.4.2[~SwitchA] commit

# Configure two IPv4 static routes on SwitchB.

<SwitchB> system-view[~SwitchB] ip route-static 1.1.1.0 255.255.255.0 1.1.4.1[~SwitchB] ip route-static 1.1.3.0 255.255.255.0 1.1.4.6[~SwitchB] commit

# Configure an IPv4 default route on SwitchC.

<SwitchC> system-view[~SwitchC] ip route-static 0.0.0.0 0.0.0.0 1.1.4.5[~SwitchC] commit

Step 5 Verify the configuration.

# Check the routing table on SwitchA.

<SwitchA> display ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Tables: _public_ Destinations : 10 Routes : 10 Destination/Mask Proto Pre Cost Flags NextHop Interface 0.0.0.0/0 Static 60 0 RD 1.1.4.2 Vlanif10 1.1.1.0/24 Direct 0 0 D 1.1.1.1 Vlanif30 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 1.1.4.0/30 Direct 0 0 D 1.1.4.1 Vlanif10 1.1.4.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 1.1.4.2/32 Direct 0 0 D 1.1.4.2 Vlanif10 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0

# Run the ping command to verify the connectivity.

[~SwitchA] ping 1.1.3.1 PING 1.1.3.1: 56 data bytes, press CTRL_C to break Reply from 1.1.3.1: bytes=56 Sequence=1 ttl=254 time=62 ms Reply from 1.1.3.1: bytes=56 Sequence=2 ttl=254 time=63 ms Reply from 1.1.3.1: bytes=56 Sequence=3 ttl=254 time=63 ms Reply from 1.1.3.1: bytes=56 Sequence=4 ttl=254 time=62 ms Reply from 1.1.3.1: bytes=56 Sequence=5 ttl=254 time=62 ms --- 1.1.3.1 ping statistics --- 5 packet(s) transmitted



24

5 packet(s) received 0.00% packet loss round-trip min/avg/max = 62/62/63 ms

# Run the tracert command to verify the connectivity.

[~SwitchA] tracert 1.1.3.1 traceroute to 1.1.3.1(1.1.3.1), max hops: 30 ,packet length: 40 1 1.1.4.2 31 ms 32 ms 31 ms 2 1.1.4.6 62 ms 63 ms 62 ms

----End

Configuration Filesl Configuration file of SwitchA

#sysname SwitchA#vlan batch 10 30#interface Vlanif10 ip address 1.1.4.1 255.255.255.252#interface Vlanif30 ip address 1.1.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2 port default vlan 30#ip route-static 0.0.0.0 0.0.0.0 1.1.4.2#return

l Configuration file of SwitchB#sysname SwitchB#vlan batch 10 20 40#interface Vlanif10 ip address 1.1.4.2 255.255.255.252#interface Vlanif20 ip address 1.1.4.5 255.255.255.252#interface Vlanif40 ip address 1.1.2.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20#interface 10GE1/0/3 port default vlan 40#ip route-static 1.1.1.0 255.255.255.0 1.1.4.1ip route-static 1.1.3.0 255.255.255.0 1.1.4.6#return



25

l Configuration file of SwitchC#sysname SwitchC#vlan batch 20 50#interface Vlanif20 ip address 1.1.4.6 255.255.255.252#interface Vlanif50 ip address 1.1.3.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 20#interface 10GE1/0/2 port default vlan 50#ip route-static 0.0.0.0 0.0.0.0 1.1.4.5#return

2.9.2 Example for Configuring Dynamic BFD for IPv4 Static Routes

Networking RequirementsAs shown in Figure 2-2, a static route with destination address 8.1.1.0/24 is configured onSwitchA, and static routes with destination address 7.1.1.0/24 are configured on SwitchA andSwitchB. To improve convergence speed, users require link faults between SwitchA andSwitchB to be detected at the millisecond level.

Figure 2-2 Networking diagram of configuring dynamic BFD for IPv4 static routes

10GE1/0/1VLANIF10200.1.1.1/24

10GE1/0/1VLANIF10

200.1.1.2/24

10GE1/0/2VLANIF308.1.1.1/24

SwitchA SwitchB

10GE1/0/2VLANIF207.1.1.1/24


1. Configure dynamic BFD for IPv4 static routes to implement link fault detection at themillisecond level between SwitchA and SwitchB. This configuration can improveconvergence speed of static routes.

Procedure

Step 1 Add interfaces to VLANs.<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~HUAWEI] commit[~SwitchA] vlan 10[~SwitchA-vlan10] quit



26

[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] port link-type trunk[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10[~SwitchA-10GE1/0/1] quit[~SwitchA] vlan 20[~SwitchA-vlan20] quit[~SwitchA] interface 10ge 1/0/2[~SwitchA-10GE1/0/2] port link-type trunk[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 20[~SwitchA-10GE1/0/2] quit[~SwitchA] commit

The configuration of SwitchB is similar to the configuration of SwitchA, and is not mentionedhere.

Step 2 Assign IP addresses to the VLANIF interfaces.[~SwitchA] interface vlanif 10[~SwitchA-Vlanif10] ip address 200.1.1.1 24[~SwitchA-Vlanif10] quit[~SwitchA] interface vlanif 20[~SwitchA-Vlanif10] ip address 7.1.1.1 24[~SwitchA-Vlanif10] quit[~SwitchA] commit

The configuration of SwitchB is similar to the configuration of SwitchA, and is not mentionedhere.


# Configure a static route to 8.1.1.1/24 on SwitchA.

[~SwitchA] ip route-static 8.1.1.1 24 200.1.1.2[~SwitchA] commit

# Configure a static route to 7.1.1.1/24 on SwitchB.

[~SwitchB] ip route-static 7.1.1.1 24 200.1.1.1[~SwitchB] commit

Step 4 Configure dynamic BFD for static routes.

# Bind a static route to a BFD session on SwitchA.

[~SwitchA] bfd[~SwitchA-bfd] quit[~SwitchA] ip route-static bfd 200.1.1.2 local-address 200.1.1.1[~SwitchA] ip route-static 8.1.1.1 24.1.1.2 bfd enable[~SwitchA] commit

# Bind a static route to a BFD session on SwitchB.

[~SwitchB] bfd[~SwitchB-bfd] quit[~SwitchB] ip route-static bfd 200.1.1.1 local-address 200.1.1.2[~SwitchB] ip route-static 7.1.1.1 24 200.1.1.1 bfd enable[~SwitchB] commit


# When the configuration is complete, run the display bfd session all verbose command onSwitchA and SwitchB. The command output shows that the BFD session is established, the BFDsession status is Up, and static routes are bound to BFD sessions.

Take the display on SwitchA as an example.

[~SwitchA] display bfd session all verbose------------------------------------------------------------------------------ (Multi Hop) State : Up Name : dyn_8193



27

------------------------------------------------------------------------------ Local Discriminator : 8193 Remote Discriminator : 8193 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Peer IP Address Bind Session Type : Dynamic Bind Peer IP Address : 200.1.1.2 Bind Interface : - Bind Source IP Address : 200.1.1.1 FSM Board Id : 0 TOS-EXP : 6 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : - Destination Port : 4784 TTL : 253 Proc Interface Status : Disable Process PST : Disable WTR Interval (ms) : 0 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : STATICRT Session TX TmrID : 0 Session Detect TmrID : 0 Session Init TmrID : - Session WTR TmrID : - Session Echo Tx TmrID : - Session Description : -------------------------------------------------------------------------------

Total UP/DOWN Session Number : 1/0

----End


#sysname SwitchA#bfd#interface Vlanif10 ip address 200.1.1.1 255.255.255.0#interface Vlanif20 ip address 7.1.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20#ip route-static bfd 200.1.1.2 local-address 200.1.1.1ip route-static 8.1.1.1 24 200.1.1.2 bfd enable#return

l Configuration file of SwitchB#sysname SwitchB#bfd#interface Vlanif10 ip address 200.1.1.2 255.255.255.0#interface Vlanif20 ip address 8.1.1.1 255.255.255.0#



28

interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20#ip route-static bfd 200.1.1.1 local-address 200.1.1.2ip route-static 7.1.1.1 24 200.1.1.1 bfd enable#return

2.9.3 Example for Configuring Static BFD for IPv4 Static Routes

Networking RequirementsAs shown in Figure 2-3, you can configure the default static route on SwitchA so thatSwitchA can connect to the external network. Link fault detection between SwitchA andSwitchB must be at the millisecond level to improve convergence speed.

Figure 2-3 Networking diagram of configuring static BFD for static routes

10GE1/0/1VLANIF101.1.1.1/24

10GE1/0/1VLANIF101.1.1.2/24

SwitchA SwitchB

10GE1/0/2VLANIF202.2.2.2/24


1. Configure a BFD session between SwitchA and SwitchB.2. Configure a default route from SwitchA to other devices and bind a BFD session to the

default route. This configuration can implement link fault detection at the millisecond leveland improve convergence speed of static routes.

Procedure

Step 1 Create VLANs, add interfaces to the VLANs, and assign IP addresses to the VLANIF interfaces.(Details are not mentioned here.)

Step 2 Configure device names. (Details are not mentioned here.)

Step 3 Configure a BFD session between SwitchA and SwitchB.

# Create a BFD session on SwitchA.

<SwitchA> system-view[~SwitchA] bfd[~SwitchA-bfd] quit[~SwitchA] bfd aa bind peer-ip 1.1.1.2[~SwitchA-bfd-session-aa] discriminator local 10[~SwitchA-bfd-session-aa] discriminator remote 20[~SwitchA-bfd-session-aa] commit[~SwitchA-bfd-session-aa] quit



29

# Create a BFD session on SwitchB.

<SwitchB> system-view[~SwitchB] bfd[~SwitchB-bfd] quit[~SwitchB] bfd bb bind peer-ip 1.1.1.1[~SwitchB-bfd-session-bb] discriminator local 20[~SwitchB-bfd-session-bb] discriminator remote 10[~SwitchB-bfd-session-bb] commit[~SwitchB-bfd-session-bb] quit

Step 4 Configure a default static route and bind a BFD session to the default static route.

# Configure a default static route to the external network on SwitchA and bind the default staticroute to the BFD session named aa.

[~SwitchA] ip route-static 0.0.0.0 0 1.1.1.2 track bfd-session aa[~SwitchA] commit


# After the configuration is complete, run the display bfd session all command on SwitchA andSwitchB. The command output shows that the BFD session is established and its status is Up.Run the display current-configuration | include bfd command. The command output showsthat the BFD session is bound to the static route.

Take the display on SwitchA as an example.

[~SwitchA] display bfd session all--------------------------------------------------------------------------------Local Remote PeerIpAddr State Type InterfaceName--------------------------------------------------------------------------------10 20 1.1.1.2 Up S_IP_PEER --------------------------------------------------------------------------------- Total UP/DOWN Session Number : 1/0[~SwitchA] display current-configuration | include bfd bfdbfd aa bind peer-ip 1.1.1.2 ip route-static 0.0.0.0 0.0.0.0 1.1.1.2 track bfd-session aa

# Check the IP routing table on SwitchA, and you can find that the static route exists in therouting table.

[~SwitchA] display ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Tables: Public Destinations : 3 Routes : 3Destination/Mask Proto Pre Cost Flags NextHop Interface 0.0.0.0/0 Static 60 0 RD 1.1.1.2 Vlanif10 1.1.1.0/24 Direct 0 0 D 1.1.1.1 Vlanif10 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Run the shutdown command on GE1/0/1 of SwitchB to simulate a link fault.

[~SwitchB] interface 10GE 1/0/1[~SwitchB-10GE1/0/1] shutdown[~SwitchB-10GE1/0/1] commit

# Check the routing table on SwitchA, and you can find that the default static route 0.0.0.0/0does not exist. This is because when the default static route is bound to a BFD session, BFDrapidly notifies that the bound static route is unavailable after BFD detects a link fault.

[~SwitchA] display ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Tables: Public



30

Destinations : 2 Routes : 2Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.0/24 Direct 0 0 D 1.1.1.1 Vlanif10 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

----End


#sysname SwitchA#bfd#interface Vlanif10 ip address 1.1.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10# ip route-static 0.0.0.0 0.0.0.0 1.1.1.2 track bfd-session aa#bfd aa bind peer-ip 1.1.1.2 discriminator local 10 discriminator remote 20#return

l Configuration file of SwitchB#sysname SwitchB#bfd#interface Vlanif10 ip address 1.1.1.2 255.255.255.0#interface Vlanif20 ip address 2.2.2.2 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20#bfd bb bind peer-ip 1.1.1.1 discriminator local 20 discriminator remote 10#return

2.9.4 Example for Configuring FRR for IPv4 Static Routes on thePublic Network

Networking RequirementsAs shown in Figure 2-4, two static routes with next hops being SwitchA and SwitchBrespectively are configured on SwitchT. Link B functions as the backup of link A. If link A isfaulty, traffic can be switched to link B in a timely manner.



31

Figure 2-4 Networking diagram of configuring FRR for IPv4 static routes on the public network

10GE1/0/1VLANIF20

192.168.10.2/2410GE1/0/2VLANIF20

192.168.10.1/24

10GE1/0/2VLANIF40192.168.11.1/24

10GE1/0/3VLANIF50192.168.21.1/24

10GE1/0/2VLANIF50192.168.21.2/24

10GE1/0/2VLANIF40192.168.11.2/24

10GE1/0/1VLANIF30

192.168.20.2/24

10GE1/0/3VLANIF30

192.168.20.1/24

10GE1/0/1VLANIF60172.17.1.1/24

10GE1/0/1VLANIF10

172.16.1.1/24

SwitchA

SwitchB

SwitchT SwitchC

Link A

Link B


1. Configure two static routes with next hops being SwitchA and SwitchB respectively onSwitchT so that the devices can communicate with each other.

2. Set a higher preference for link A on SwitchT to ensure that link A functions as the primarylink and link B functions as the backup of link A.

3. Enable FRR for static routes on SwitchT so that traffic can be fast switched to link B if linkA is faulty.

ProcedureStep 1 Create VLANs, add interfaces to the VLANs, and assign IP addresses to the VLANIF interfaces.

(Details are not mentioned here.)

Step 2 Configure device names. (Details are not mentioned here.)


# Configure static routes on SwitchA.

[~SwitchA] ip route-static 172.16.1.0 24 10GE1/0/1 192.168.10.1[~SwitchA] ip route-static 172.17.1.0 24 10GE1/0/2 192.168.11.1[~SwitchA] commit

# Configure static routes on SwitchB.

[~SwitchB] ip route-static 172.16.1.0 24 10GE1/0/1 192.168.20.1[~SwitchB] ip route-static 172.17.1.0 24 10GE1/0/2 192.168.10.1[~SwitchB] commit

Configure a static route on Switch C.

[~SwitchC] ip route-static 172.16.1.0 24 10GE1/0/2 192.168.11.2[~SwitchC] ip route-static 172.16.1.0 24 10GE1/0/3 192.168.21.2[~SwitchC] commit

# Configure static routes on SwitchT.



32

[~SwitchT] ip route-static 172.17.1.1 24 10GE1/0/2 192.168.10.2[~SwitchT] ip route-static 172.17.1.1 24 10GE1/0/3 192.168.20.2[~SwitchT] commit

# Check the routing table on SwitchT. You can view that the two static routes are in loadbalancing mode.[~SwitchT] display ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Table : _public_ Destinations : 10 Routes : 11

Destination/Mask Proto Pre Cost Flags NextHop Interface

1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.17.1.0/24 Static 60 0 D 192.168.10.2 Vlanif20 Static 60 0 D 192.168.20.2 Vlanif30 192.168.10.0/24 Direct 0 0 D 192.168.10.1 Vlanif20 192.168.10.1/32 Direct 0 0 D 127.0.0.1 Vlanif20 192.168.10.255/32 Direct 0 0 D 127.0.0.1 Vlanif20 192.168.20.0/24 Direct 0 0 D 192.168.20.1 Vlanif30 192.168.20.1/32 Direct 0 0 D 127.0.0.1 Vlanif30 192.168.20.255/32 Direct 0 0 D 127.0.0.1 Vlanif30

Step 4 Change the preferences of IPv4 static routes.

# Change the preferences of static routes on SwitchT.[~SwitchT] ip route-static 172.17.1.1 24 10GE1/0/2 192.168.10.2 preference 40[~SwitchT] commit

# Check the IP routing table on SwitchT, and you can view that the preferences of static routesare changed.[~SwitchT] display ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Table : _public_ Destinations : 10 Routes : 10


1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.17.1.0/24 Static 40 0 D 192.168.10.2 Vlanif20 192.168.10.0/24 Direct 0 0 D 192.168.10.1 Vlanif20 192.168.10.1/32 Direct 0 0 D 127.0.0.1 Vlanif20 192.168.10.255/32 Direct 0 0 D 127.0.0.1 Vlanif20 192.168.20.0/24 Direct 0 0 D 192.168.20.1 Vlanif30 192.168.20.1/32 Direct 0 0 D 127.0.0.1 Vlanif30 192.168.20.255/32 Direct 0 0 D 127.0.0.1 Vlanif30

Step 5 Enable FRR for IPv4 static routes.

# Enable FRR for static routes on SwitchT.[~SwitchT] ip route-static frr[~SwitchT] commit

# Check information about the backup outbound interface and backup next hop on SwitchT.<SwitchT> display ip routing-table 172.17.1.0 verboseRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------



33

Routing Table : _public_Summary Count : 1

Destination: 172.17.1.0/24 Protocol: Static Process ID: 0 Preference: 40 Cost: 0 NextHop: 192.168.10.2 Neighbour: 0.0.0.0 State: Active Adv Age: 00h00m03s Tag: 0 Priority: medium Label: NULL QoSInfo: 0x0 IndirectID: 0x31000032 RelayNextHop: 0.0.0.0 Interface: Vlanif20 TunnelID: 0x0 Flags: D BkNextHop: 192.168.20.2 BkInterface: Vlanif30 BkLabel: NULL SecTunnelID: 0x0 BkPETunnelID: 0x0 BkPESecTunnelID: 0x0 BkIndirectID: 0x32000033

Step 6 If link A is faulty, traffic can be fast switched to link B.[~SwitchT] interface 10GE 1/0/2[~SwitchT-10GE1/0/2] shutdown[~SwitchT-10GE1/0/2] commit[~SwitchT-10GE1/0/2] quit

# Check information about the route to 172.17.1.0/24 on SwitchT.


Destination: 172.17.1.0/24 Protocol: Static Process ID: 0 Preference: 60 Cost: 0 NextHop: 192.168.20.2 Neighbour: 0.0.0.0 State: Active Adv Age: 00h00m07s Tag: 0 Priority: medium Label: NULL QoSInfo: 0x0 IndirectID: 0x32000033 RelayNextHop: 0.0.0.0 Interface: Vlanif30 TunnelID: 0x0 Flags: D

----End


#sysname SwitchA#interface Vlanif20 ip address 192.168.10.2 255.255.255.0interface Vlanif40 ip address 192.168.11.2 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 20#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 40#ip route-static 172.16.1.0 24 10GE1/0/1 192.168.10.1ip route-static 172.17.1.0 24 10GE1/0/2 192.168.11.1#



34

returnl Configuration file of SwitchB

#sysname SwitchB#interface Vlanif30 ip address 192.168.20.2 255.255.255.0#interface Vlanif50 ip address 192.168.21.2 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 30#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 50#ip route-static 172.16.1.0 24 10GE1/0/1 192.168.20.1ip route-static 172.17.1.0 24 10GE1/0/2 192.168.10.1#return

l Configuration file of SwitchC#sysname SwitchC#interface Vlanif40 ip address 172.168.11.1 255.255.255.0interface Vlanif50 ip address 192.168.21.1 255.255.255.0interface Vlanif60 ip address 192.17.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 60#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 40#interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 50#ip route-static 172.16.1.0 24 10GE1/0/2 192.168.11.2ip route-static 172.16.1.0 24 10GE1/0/3 192.168.21.2#return

l Configuration file of SwitchT#sysname SwitchT#interface Vlanif10 ip address 172.16.1.1 255.255.255.0interface Vlanif20 ip address 192.168.10.1 255.255.255.0interface Vlanif30 ip address 192.168.20.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2 port link-type trunk



35

port trunk allow-pass vlan 20#interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 30#ip route-static frrip route-static 172.17.1.0 24 10GE1/0/2 192.168.10.2 preference 40ip route-static 172.17.1.0 24 10GE1/0/3 192.168.20.2#return

2.9.5 Example for Configuring NQA for IPv4 Static Routes

Networking Requirements

As shown in Figure 2-5, static routes to clients are configured on SwitchB and SwitchC. SwitchBis the master switch and SwitchC is the backup switch. Normally, traffic must be forwardedalong the primary link SwitchB→SwitchD. When the primary link fails, traffic is switched tothe backup link SwitchC→SwitchD.

Figure 2-5 Networking diagram of configuring NQA for static IPv4 routes

SwitchC

SwitchA

IP Network

SwitchB

VLANIF80172.16.8.1/24SwitchD SwitchE

VLANIF20172.16.2.2/24

10GE1/0/3VLANIF50

172.16.5.1/24

GE1/0/2VLANIF40

172.16.4.2/24

10GE1/0/2VLANIF40172.16.4.1/24

10GE1/0/1VLANIF30

172.16.3.1/24

VLANIF10172.16.1.2/24

10GE1/0/2VLANIF10

172.16.1.1/24

10GE1/0/1VLANIF30

172.16.3.2/24

...... ......

Client1 Client10 Client91 Client100

VALNIF70172.16.7.1/24

VLANIF50172.16.5.2/24

10GE1/0/3

VLANIF60

172.16.6.1/24

VLANIF60

172.16.6.2/24

10GE1/0/1VLANIF20

172.16.2.1/24


The configuration roadmap is as follows:



36

1. Configure IP addresses and OSPF on each switch, and configure the cost of each link sothat SwitchB functions as the master switch and SwitchC functions as the backup switch.

2. Create an NQA ICMP test instance to monitor the link between SwitchB and SwitchD, andconfigure static routes from SwitchB and SwitchC to users. Associate the static route withthe NQA test instance to implement fast link fault detection and service switchover.

NOTE

When a static route is associated with an NQA test instance, only ICMP test instances are used to testwhether there are reachable routes between the source and destination.

Procedure

Step 1 Create VLANs and add interfaces to the VLANs.<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~HUAWEI] commit[~SwitchA] vlan 30[~SwitchA-vlan30] quit[~SwitchA] vlan 40[~SwitchA-vlan40] quit[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] port link-type trunk [~SwitchA-10GE1/0/1] port trunk allow-pass vlan 30[~SwitchA-10GE1/0/1] quit[~SwitchA] interface 10ge 1/0/2[~SwitchA-10GE1/0/2] port default vlan 40[~SwitchA-10GE1/0/2] quit[~SwitchA] commit


Step 2 Assign IPv4 addresses to the VLANIF interfaces.[~SwitchA] interface vlanif 30[~SwitchA-Vlanif30] ip address 172.16.3.1 24[~SwitchA-Vlanif30] quit[~SwitchA] interface vlanif 40[~SwitchA-Vlanif40] ip address 172.16.4.1 24[~SwitchA-Vlanif40] quit[~SwitchA] commit


Step 3 Create an NQA test instance on SwitchB to test the link between SwitchB and SwitchD.<SwitchB> system-view[~SwitchB] nqa test-instance user test[~SwitchB-nqa-user-test] test-type icmp[~SwitchB-nqa-user-test] destination-address ipv4 172.16.1.2[~SwitchB-nqa-user-test] frequency 10[~SwitchB-nqa-user-test] probe-count 2[~SwitchB-nqa-user-test] interval seconds 5[~SwitchB-nqa-user-test] timeout 4[~SwitchB-nqa-user-test] start now[~SwitchB-nqa-user-test] commit[~SwitchB-nqa-user-test] quit

Step 4 Configure IPv4 static routes.

# Configure an IPv4 static route on SwitchB and associate it with the NQA test instance.

[~SwitchB] ip route-static 172.16.7.0 255.255.255.0 vlanif 10 172.16.1.2 track nqa user test



37

[~SwitchB] commit

# Configure an IPv4 static route on SwitchC.

[~SwitchC] ip route-static 172.16.7.0 255.255.255.0 vlanif 60 172.16.6.2[~SwitchC] commit

Step 5 Configure a dynamic routing protocol on SwitchA, SwitchB, and SwitchC. OSPF is used in thisexample.

# Configure OSPF on SwitchA.

[~SwitchA] ospf 1[~SwitchA-ospf-1] area 0.0.0.0[~SwitchA-ospf-1-area-0.0.0.0] network 172.16.3.0 0.0.0.255[~SwitchA-ospf-1-area-0.0.0.0] network 172.16.4.0 0.0.0.255[~SwitchA-ospf-1-area-0.0.0.0] quit[~SwitchA-ospf-1] quit[~SwitchA] commit

# Configure OSPF on SwitchB.

[~SwitchB] ospf 1[~SwitchB-ospf-1] area 0.0.0.0[~SwitchB-ospf-1-area-0.0.0.0] network 172.16.3.0 0.0.0.255[~SwitchB-ospf-1-area-0.0.0.0] quit[~SwitchB-ospf-1] quit[~SwitchB] commit

# Configure OSPF on SwitchC.

[~SwitchC] ospf 1[~SwitchC-ospf-1] area 0.0.0.0[~SwitchC-ospf-1-area-0.0.0.0] network 172.16.4.0 0.0.0.255[~SwitchC-ospf-1-area-0.0.0.0] quit[~SwitchC-ospf-1] quit[~SwitchC] commit

Step 6 Configure OSPF on SwitchB and SwitchC to import static routes.

# Configure OSPF on SwitchB to import a static route, and set the cost to 10 for the static route.

[~SwitchB] ospf 1[~SwitchB-ospf-1] import-route static cost 10[~SwitchB-ospf-1] commit[~SwitchB-ospf-1] quit

# Configure OSPF on SwitchC to import a static route, and set the cost to 20 for the static route.

[~SwitchC] ospf 1[~SwitchC-ospf-1] import-route static cost 20[~SwitchC-ospf-1] commit[~SwitchC-ospf-1] quit


After the configuration is complete, run the display current-configuration | include nqacommand in the system view on SwitchB. The command output shows that the IPv4 static routehas been associated with the NQA test instance. Run the display nqa results command. Thecommand output shows that an NQA test instance has been created.

# Display configurations of NQA for IPv4 static routes.

[~SwitchB] display current-configuration | include nqa ip route-static 172.16.7.0 255.255.255.0 Vlanif 10 172.16.1.2 track nqa user test nqa test-instance user test

# Display the NQA test results.



38

[~SwitchB] display nqa results test-instance user test

NQA entry(user, test) : testflag is active ,testtype is icmp 1 . Test 6645 result The test is finished Send operation times: 2 Receive response times: 2 Completion:success RTD OverThresholds number:0 Attempts number:1 Drop operation number:0 Disconnect operation number:0 Operation timeout number:0 System busy operation number:0 Connection fail number:0 Operation sequence errors number:0 RTT Stats errors number:0 Destination ip address:172.16.1.2 Min/Max/Average Completion Time: 1/1/1 Sum/Square-Sum Completion Time: 2/2 Last Good Probe Time: 2012-11-14 04:20:36.9 Lost packet ratio: 0 %

The command output shows "Lost packet ratio 0 %," indicating that the link is running properly.

# Check the routing table on SwitchB.

[~SwitchB] display ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Table : _public_ Destinations : 15 Routes : 15


127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.16.1.0/24 Direct 0 0 D 172.16.1.1 Vlanif10 172.16.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif10 172.16.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif10 172.16.3.0/24 Direct 0 0 D 172.16.3.2 Vlanif30 172.16.3.2/32 Direct 0 0 D 127.0.0.1 Vlanif30 172.16.3.255/32 Direct 0 0 D 127.0.0.1 Vlanif30 172.16.4.0/24 OSPF 10 2 D 172.16.3.1 Vlanif30 172.16.5.0/24 Direct 0 0 D 172.16.5.1 Vlanif50 172.16.5.1/32 Direct 0 0 D 127.0.0.1 Vlanif50 172.16.5.255/32 Direct 0 0 D 127.0.0.1 Vlanif50 172.16.7.0/24 Static 60 0 D 172.16.1.2 Vlanif10255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0

The command output shows that the static route exists in the routing table.

# Check the routing table on SwitchA.

[~SwitchA] display ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Table : _public_ Destinations : 11 Routes : 11


127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.16.3.0/24 Direct 0 0 D 172.16.3.1 Vlanif30 172.16.3.1/32 Direct 0 0 D 127.0.0.1 Vlanif30 172.16.3.255/32 Direct 0 0 D 127.0.0.1 Vlanif30 172.16.4.0/24 Direct 0 0 D 172.16.4.1 Vlanif40 172.16.4.1/32 Direct 0 0 D 127.0.0.1 Vlanif40 172.16.4.255/32 Direct 0 0 D 127.0.0.1 Vlanif40 172.16.7.0/24 O_ASE 150 10 D 172.16.3.2 Vlanif30255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0



39

The command output shows that a route to 172.16.7.0/24 exists in the routing table. The route'snext hop address is 172.16.3.2 and cost is 10. Traffic is preferentially transmitted along the linkSwitchB->SwitchD.

# Shut down 10GE1/0/2 on SwitchB to simulate a link fault.[~SwitchB] interface 10ge 1/0/2[~SwitchB-10GE1/0/2] shutdown[~SwitchB-10GE1/0/2] commit[~SwitchB] quit

# Check the NQA test results.[~SwitchB] display nqa results test-instance user test

NQA entry(user, test) : testflag is active ,testtype is icmp 1 . Test 7160 result The test is finished Send operation times: 2 Receive response times: 0 Completion:failed RTD OverThresholds number:0 Attempts number:1 Drop operation number:0 Disconnect operation number:0 Operation timeout number:2 System busy operation number:0 Connection fail number:0 Operation sequence errors number:0 RTT Stats errors number:0 Destination ip address:172.16.1.2 Min/Max/Average Completion Time: 0/0/0 Sum/Square-Sum Completion Time: 0/0 Last Good Probe Time: 0000-00-00 00:00:00.0 Lost packet ratio: 100 %

The command output shows "Completion:failed" and "Lost packet ratio is 100 %," indicatingthat the link is faulty.

# Check the routing table on SwitchB.[~SwitchB] display ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Table : _public_ Destinations : 12 Routes : 12


127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.16.3.0/24 Direct 0 0 D 172.16.3.2 Vlanif30 172.16.3.2/32 Direct 0 0 D 127.0.0.1 Vlanif30 172.16.3.255/32 Direct 0 0 D 127.0.0.1 Vlanif30 172.16.4.0/24 OSPF 10 2 D 172.16.3.1 Vlanif30 172.16.5.0/24 Direct 0 0 D 172.16.5.1 Vlanif50 172.16.5.1/32 Direct 0 0 D 127.0.0.1 Vlanif50 172.16.5.255/32 Direct 0 0 D 127.0.0.1 Vlanif50 172.16.7.0/24 O_ASE 150 20 D 172.16.3.1 Vlanif30255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0

The command output shows that the static route has been deleted.

# Check the routing table on SwitchA.[~SwitchA] display ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Table : _public_ Destinations : 11 Routes : 11


127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0



40

127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.16.3.0/24 Direct 0 0 D 172.16.3.1 Vlanif30 172.16.3.1/32 Direct 0 0 D 127.0.0.1 Vlanif30 172.16.3.255/32 Direct 0 0 D 127.0.0.1 Vlanif30 172.16.4.0/24 Direct 0 0 D 172.16.4.1 Vlanif40 172.16.4.1/32 Direct 0 0 D 127.0.0.1 Vlanif40 172.16.4.255/32 Direct 0 0 D 127.0.0.1 Vlanif40 172.16.7.0/24 O_ASE 150 20 D 172.16.4.2 Vlanif40255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0

On SwitchB, the NQA test instance is associated with a static route. When NQA detects a linkfailure, it immediately notifies SwitchB that the static route bound to the link is unreachable.SwitchA cannot learn the route to 172.16.7.0/24 from SwitchB, but it can learn the route to172.16.7.0/24 from SwitchC. Therefore, you can view that the route to 172.16.7.0/24 has a nexthop 172.16.4.2 and cost 20. Service traffic is then switched to the link SwitchC->SwitchD.

The static route is associated with the NQA test instance on SwitchB. When NQA detects a linkfault, it rapidly notifies SwitchB that the associated static route is unavailable. SwitchA cannotlearn the route to 172.16.7.0/24 from SwitchB. However, SwitchA can learn the route to172.16.7.0/24 from SwitchC. The route's next hop address is 172.16.4.2 and cost is 20. Trafficswitches to the link SwitchC->SwitchD.

----End


#sysname SwitchA#router id 1.1.1.1#vlan batch 30 40#interface Vlanif30 ip address 172.16.3.1 255.255.255.0 #interface Vlanif40 ip address 172.16.4.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 30 #interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 40 #ospf 1 area 0.0.0.0 network 172.16.3.0 0.0.0.255 network 172.16.4.0 0.0.0.255#return

l Configuration file of SwitchB#sysname SwitchB#router id 2.2.2.2#vlan batch 10 30 50#



41

interface Vlanif10 ip address 172.16.1.1 255.255.255.0 #interface Vlanif30 ip address 172.16.3.2 255.255.255.0 #interface Vlanif50 ip address 172.16.5.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 30 #interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 10 #interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 50 #ospf 1 import-route static cost 10 area 0.0.0.0 network 172.16.3.0 0.0.0.255#ip route-static 172.16.7.0 255.255.255.0 Vlanif 10 172.16.1.2 track nqa user test#nqa test-instance user test test-type icmp destination-address ipv4 172.16.1.2 interval seconds 5 timeout 4 probe-count 2 frequency 10 start now#return

l Configuration file of Switch C#sysname SwitchC#router id 3.3.3.3#vlan batch 20 40 60#interface Vlanif20 ip address 172.16.2.1 255.255.255.0 #interface Vlanif40 ip address 172.16.4.2 255.255.255.0 #interface Vlanif60 ip address 172.16.6.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 20 #interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 40 #



42

interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 60 #ospf 1 import-route static cost 20 area 0.0.0.0 network 172.16.4.0 0.0.0.255#ip route-static 172.16.7.0 255.255.255.0 Vlanif 60 172.16.6.2#return



43

3 RIP Configuration

About This Chapter

RIP is widely used on small-sized networks to discover routes and generate routing information.

3.1 RIP OverviewRIP is a simple Interior Gateway Protocol (IGP) used in small-scale networks, such as campusnetworks and regional networks with simple structure. The implementation of RIP is simple,and RIP is much easier to configure and maintain than Open Shortest Path First (OSPF) andIntermediate System-to-Intermediate System (IS-IS) protocols.

3.2 RIP Features Supported by the DeviceRIP features supported by the Switch includes basic RIP functions, RIP-2 enhanced features,split horizon, poison reverse, controlling RIP routing, controlling advertisement and receivingof RIP routes, RIP and BFD association, RIP NSR, and improving RIP performance.

3.3 Default ConfigurationThis section describes the default configuration of RIP, which can be changed according tonetwork requirements.

3.4 Configuring Basic RIP FunctionsConfiguring basic RIP functions includes enabling RIP, specifying network segment, and settingRIP neighbors and RIP version on a Non-Broadcast Multiple Access (NBMA) network.

3.5 Configuring RIP-2Different from RIP-1, RIP-2 supports Variable Length Subnet Mask (VLSM), Classless Inter-Domain Routing (CIDR), and authentication to ensure higher security.

3.6 Avoiding Routing LoopsYou can configure split horizon and poison reverse to prevent routing loops.

3.7 Controlling RIP RoutingYou can control RIP routing in a network with a complicated environment.

3.8 Controlling RIP Route AdvertisementOn a complex network, RIP route advertisement must be accurate.

3.9 Controlling Receiving of RIP Routing InformationTo meet the requirements of complex networks, receiving of RIP routing information needs tobe accurately controlled.

CloudEngine 6800&5800 Series SwitchesConfiguration Guide - IP Routing 3 RIP Configuration


44

3.10 Improving RIP Network PerformanceYou can adjust and optimize the RIP network performance by configuring RIP functions inspecial network environments, such as configuring RIP timers, setting the interval for sendingpackets, and setting the maximum number of packets to be sent.

3.11 Configuring BFD for RIPOn a network that runs high-rate data services, BFD for RIP can be configured to quickly detectand respond to network faults.

3.12 Configuring the Network Management Function for RIPBy binding RIP to the MIB, you can view RIP information and configure RIP through the NMS.

3.13 Maintaining RIPRIP maintenance includes resetting RIP connections and clearing RIP statistics.

3.14 Configuration ExamplesThis section provides configuration examples of RIP, including networking requirements,configuration notes, and configuration roadmap.

3.15 Common Configuration ErrorsThis section describes common faults caused by incorrect RIP configurations and provides thetroubleshooting procedure.



45

3.1 RIP OverviewRIP is a simple Interior Gateway Protocol (IGP) used in small-scale networks, such as campusnetworks and regional networks with simple structure. The implementation of RIP is simple,and RIP is much easier to configure and maintain than Open Shortest Path First (OSPF) andIntermediate System-to-Intermediate System (IS-IS) protocols.

3.2 RIP Features Supported by the DeviceRIP features supported by the Switch includes basic RIP functions, RIP-2 enhanced features,split horizon, poison reverse, controlling RIP routing, controlling advertisement and receivingof RIP routes, RIP and BFD association, RIP NSR, and improving RIP performance.

Basic RIP FunctionsBasic RIP functions include enabling RIP, specifying the network segment where RIP runs, andspecifying RIP version. The basic RIP functions must be configured before you use the RIPfeatures.

RIP-2RIP-2 is a classless routing protocol. The RIP-2 packets contain subnet masks. Deploying aRIP-2 network reduces occupied IP addresses. On a network where the device IP addresses arediscontiguous, only RIP-2 can be used, and RIP-1 is not allowed.

RIP-2 supports authentication for protocol packets and provides two authentication modes,simple authentication and Message Digest 5 (MD5) authentication, to enhance security.

Avoiding Routing LoopsRIP is a routing protocol based on the Distance-Vector (DV) algorithm. RIP devices advertisetheir routing tables to neighbors, so routing loops may occur.

RIP uses split horizon and poison reverse to avoid routing loops:l Split horizon: prevents a device from advertising a route to the interface from which the

route is learned. It reduces bandwidth consumption and avoids routing loops.l Poison reverse: sets the cost of a route learned from an interface to 16 (an unreachable

route), and then sends the route to neighbors through this interface. With this feature, RIPcan delete useless routes from the routing table of the neighbor.

Controlling RIP RoutingThe RIP parameters are configurable to meet network requirements.

Controlling Advertising and Receiving of RIP RoutesRIP parameters are configurable to accurately control advertising and receiving of RIP routes.

Improving RIP Network PerformanceRIP network performance optimization includes:



46

l Set the RIP timer to speed up RIP network convergence.l Set the number of Update packets and Update interval to reduce a waste of resources and

bandwidth.l Increase the maximum length of RIP packets to add more routes to the packets. This

increases bandwidth use efficiency.l Enable the Replay-protect function to ensure communication between neighboring devices

after a RIP process restarts.l Check packet validity to ensure network security.

Associating RIP with BFDRIP maintains neighbor relationships by periodically sending and receiving Update packets. Ifa device does not receive the Update packet from a neighbor within the timeout interval, itconsiders the neighbor Down. The default timeout interval is 180 seconds, so RIP can detect afault only after the fault lasts for 180 seconds. If high-speed service is deployed on the network,a lot of packets are discarded.

BFD is a millisecond-level fault detection mechanism. It can detect faults on the protected linkor node immediately, and report the faults to RIP. RIP then quickly triggers networkconvergence.

RIP NSRThe device with a distributed architecture supports RIP Non-stop Routing (NSR). RIP backs upall route data from the Active Main Board (AMB) to the Standby Main Board (SMB). Wheneverthe AMB fails, the SMB becomes active and takes over the AMB. RIP, therefore, can keep thenormal operation of services. RIP NSR ensures that real-time data is highly synchronizedbetween the AMB and SMB. Therefore, during the AMB/SMB switchover, the neighbor willnot detect the fault on the local device.

3.3 Default ConfigurationThis section describes the default configuration of RIP, which can be changed according tonetwork requirements.

Table 3-1 describes the default configuration of RIP.

Table 3-1 Default configuration of RIP


Maximum number of equal-cost routes 64

RIP function Disabled

Split horizon Enabled

3.4 Configuring Basic RIP FunctionsConfiguring basic RIP functions includes enabling RIP, specifying network segment, and settingRIP neighbors and RIP version on a Non-Broadcast Multiple Access (NBMA) network.



47

Pre-configuration TasksBefore configuring basic RIP functions, complete the following task:

l Configuring IP addresses for interfaces to ensure network-layer communication betweenneighbor nodes

Configuration ProcessEnabling RIP is the prerequisite for setting RIP neighbors and RIP version on an NBMA network.

3.4.1 Enabling RIP

ContextEnabling RIP is the prerequisite for all RIP-related configurations. If you run the RIP commandsin the interface view before enabling RIP, the configurations take effect only after RIP is enabled.

Procedure



Step 2 Run:rip [ process-id ] [ vpn-instance vpn-instance-name ]

RIP is enabled and the RIP view is displayed.

If a VPN instance is specified, the RIP process belongs to this VPN instance. If no VPN instanceis specified, the RIP process belongs to a public network instance.

Step 3 (Optional) Run:description text

Descriptions for RIP processes are configured.

Step 4 Run:commit


----End

3.4.2 Enabling RIP on the Specified Network Segment

ContextAfter enabling RIP, you need to specify the network segment in which RIP runs. RIP runs onlyon the interfaces on the specified network segment. RIP does not receive, send, or forward routeson the interfaces that do not reside on the specified network segment.

Procedurel Enable RIP to send and receive routes on the specified network segment.



48

1. Run the system-view command to enter the system view.2. Run the rip [ process-id ] command to enter the RIP view.3. (Optional) Run the undo verify-source command to disable source check for RIP

packets.If the IP addresses on two ends of a P2P link belong to different network segments,the devices on the two ends cannot set up neighbor relationship unless source checkis disabled.

4. Run the network network-address command to enable RIP on the specified networksegment.

NOTE

l network-address specifies the address of a natural network segment.

l An interface can be associated with only one RIP process.

5. Run:commit

The configuration is committed.l Enable RIP to send and receive routes on all network segments connected to the specified

interface.1. Run the system-view command to enter the system view.2. Run the interface interface-type interface-number command to enter the interface

view.3. Run the rip enable process-id command to enable RIP on all network segments

connected to the interface.4. Run:

commit


----End

3.4.3 (Optional) Configuring RIP Neighbors on an NBMA Network

ContextGenerally, RIP uses a broadcast or multicast address to send packets. If the link running RIPdoes not support broadcast or multicast packets, specify the RIP neighbors on the two ends ofthe link so that packets can be sent between the two ends in unicast mode.

Procedure



Step 2 Run:rip [ process-id ]

The RIP view is displayed.

Step 3 Run:



49

peer ip-address

The RIP neighbor is configured.

Step 4 Run:commit


----End

3.4.4 (Optional) Specifying the RIP Version

Context

RIP versions include RIP-1 and RIP-2. The two versions have different functions. The RIPversion must be set on the device running RIP. You only need to set the global RIP versionunless you want to specify a different RIP version on an interface.

Procedurel Configure the global RIP version.

1. Run the system-view command to enter the system view.

2. Run the rip [ process-id ] command to enter the RIP view.

3. Run the version { 1 | 2 } command to set the global RIP version.

NOTE

By default, an interface sends only RIP-1 packets and receives both RIP-1 and RIP-2 packets.

4. Run:commit


l Configure the RIP version for an interface.


2. Run the interface interface-type interface-number command to enter the interfaceview.

3. Run the rip version { 1 | 2 [ broadcast | multicast ] } command specify the RIPversion on the specified interface.

NOTE

l By default, an interface sends only RIP-1 packets and receives both RIP-1 and RIP-2packets.

l If no RIP version number is configured in the interface view, the global RIP version is used.The RIP version set on an interface takes precedence over the global RIP version.

4. Run:commit


----End



50


Procedurel Run the display rip [ process-id | vpn-instance vpn-instance-name ] command to view the

running status and configurations of RIP.l Run the display rip process-id route command to view all RIP routes learned from other

devices.l Run the display default-parameter rip command to view default RIP configuration.l Run the display rip process-id statistics interface { all | interface-type interface-

number [ verbose | neighbor neighbor-ip-address ] } command to view statistics on theRIP interface.

----End

3.5 Configuring RIP-2Different from RIP-1, RIP-2 supports Variable Length Subnet Mask (VLSM), Classless Inter-Domain Routing (CIDR), and authentication to ensure higher security.

Pre-configuration TasksBefore configuring RIP-2, complete the following task:

l Configuring Basic RIP Functions

Configuration ProcessYou can perform the following configuration tasks (excluding the task of Checking theConfiguration) in any sequence as required.

3.5.1 Configuring RIP-2 Route Summarization

ContextA large RIP network must maintain large RIP routing tables, which occupy a lot of memory ondevices. Transmitting and processing the routing information requires many network resources.Route summarization can reduce the routing table size and minimize impact of route flappingon network.

RIP supports automatic summarization and manual summarization. Manual summarizationtakes precedence over automatic summarization. To advertise all subnet routes, disableautomatic route summarization of RIP-2.

NOTE

By default, if split horizon or poison reverse has been configured, classful route summarization is invalid.When summarized routes are sent to the natural network border, split horizon or poison reverse must bedisabled.

Procedurel Configure automatic route summarization of RIP-2.



51


2. Run the rip [ process-id ] command to enter the RIP view.

3. Run the version 2 command to set the RIP version to RIP-2.

4. Run the summary command to enable automatic route summarization.

5. (Optional) Run the summary always command to enable automatic routesummarization. This command can enable automatic summarization of RIP-2 nomatter whether split horizon and poison reverse are enabled.

NOTE

The summary command is used in the RIP view to enable classful network-based routesummarization of RIP-2.

6. Run:commit


l Configure manual route summarization of RIP-2.


2. Run the interface interface-type interface-number command to enter the interfaceview.

3. Run the rip summary-address ip-address mask [ avoid-feedback ] command toconfigure RIP-2 to advertise the local summarization IP address.

NOTE

The rip summary-address ip-address mask [ avoid-feedback ] command is run in theinterface view to enable classless network-based route summarization of RIP-2.

4. Run:commit


----End

3.5.2 Configuring RIP-2 Packet Authentication

Context

On the RIP network requiring high security, configure RIP-2 packet authentication.

RIP-2 can perform simple authentication or MD5 authentication on protocol packets. Simpleauthentication uses the authentication key in plain text, so its security is lower than that of MD5.

CAUTIONIf plain is selected during the configuration of the RIP-2 packet authentication mode, thepassword is saved in the configuration file in plain text. This brings security risks. It isrecommended that you select cipher to save the password in cipher text.



52

Procedure



Step 2 Run:interface interface-type interface-number

The interface view is displayed.

Step 3 Configure RIP-2 packet authentication.l Run the rip authentication-mode simple { plain plain-text | [ cipher ] password-key }

command to set RIP-2 authentication to simple authentication.l Run the following commands to set RIP-2 authentication to MD5 authentication.

– rip authentication-mode md5 usual { plain plain-text | [ cipher ] password-key }– rip authentication-mode md5 nonstandard { keychain keychain-name | { plain plain-

text | [ cipher ] password-key } key-id }

NOTE

If the MD5 authentication is used, you must set the packet format for MD5 authentication. If theusual keyword is specified, the MD5 cipher text authentication packets use the universal format (privatestandard). If the nonstandard keyword is specified, the MD5 cipher text authentication packets usethe non-standard format (IETF standard).

l Run the rip authentication-mode hmac-sha256 { plain plain-text | [ cipher ] password-key } key-id command to set RIP-2 authentication to HMAC-SHA256 authentication.

Step 4 Run:commit


----End



running status and configurations of RIP.l Run the display rip process-id database [ verbose ] command to view all the active routes

in the RIP database.l Run the display rip process-id route command to view all RIP routes learned from other

devices.l Run the display rip process-id interface [ interface-type interface-number ] [ verbose ]

command to view information about the RIP interface.

----End

3.6 Avoiding Routing LoopsYou can configure split horizon and poison reverse to prevent routing loops.



53

Pre-configuration TasksBefore configuring split horizon and poison reverse, complete the following task:



3.6.1 Configuring Split Horizon

ContextSplit horizon can prevent routing loops.

Procedure





Step 3 Run:rip split-horizon

Split horizon is configured.

NOTE

l By default, split horizon is disabled for an NBMA network.

l If both split horizon and poison reverse are configured, only poison reverse takes effect.

Step 4 Run:commit


----End

3.6.2 Configuring Poison Reverse

ContextPoison reverse can prevent routing loops.

Procedure




54




Step 3 Run:rip poison-reverse

Poison reverse is enabled.

NOTE

If both split horizon and poison reverse are configured, only poison reverse takes effect.

Step 4 Run:commit


----End


Procedurel Run the display rip process-id interface [ interface-type interface-number ] [ verbose ]

command to view information about the RIP interface.

----End

3.7 Controlling RIP RoutingYou can control RIP routing in a network with a complicated environment.


Before configuring RIP route attributes, complete the following task:


Configuration Process

You can perform the following configuration tasks (excluding the task of Checking theConfiguration) in any sequence as required.

3.7.1 Configuring RIP Preference

Context

When different routing protocols discover the routes to the same destination, set the RIPpreference to select the required route.



55

Procedure





Step 3 Run:preference { preference | route-policy route-policy-name } *

The RIP preference is set.

By default, the RIP preference is 100.

Step 4 Run:commit


----End

3.7.2 Configuring Additional Metrics of an Interface

Context

Configuring the additional metrics on a RIP interface can change the route selection sequence.

The additional metric is the metric (hop count) to be added to the original metric of a RIP route.You can specify commands to set additional metrics for incoming and outgoing RIP routes.

Procedure





Step 3 Run the following commands as required:

l Run the rip metricin value command to set the additional metric for receiving routes.

l Run the rip metricout { value | { acl-number | acl-name acl-name | ip-prefix ip-prefix-name } value1 } command to set the additional metric for advertising routes.



56

NOTE

l The rip metricin command is used to add an additional metric to an incoming route. After this routeis added to the routing table, its metric in the routing table changes. Running this command affectsroute selection on the local device and other devices on the network.

l The rip metricout command is used to add an additional metric to an outgoing route. When this routeis advertised, an additional metric is added to this route, but the metric of the route in the routing tabledoes not change. Running this command does not affect route selection on the local device or otherdevices on the network.

Step 4 Run:commit


----End

3.7.3 Setting the Maximum Number of Equal-Cost Routes

Context

By setting the maximum number of equal-cost RIP routes, you can change the number of routesfor load balancing.

Procedure





Step 3 Run:maximum load-balancing number

The maximum number of equal-cost routes is set. The default value is 64.

Step 4 Run:commit


----End




in the RIP database.



57

l Run the display rip process-id route command to view all RIP routes learned from otherdevices.

----End

3.8 Controlling RIP Route AdvertisementOn a complex network, RIP route advertisement must be accurate.


Before controlling RIP route advertisement, complete the following task:




3.8.1 Configuring RIP to Advertise Default Routes

Context

In a routing table, a default route is the route to the network segment 0.0.0.0 (with the maskbeing 0.0.0.0). If the destination address of a packet does not match any entry in the routingtable, the packet is sent along the default route.

Procedure





Step 3 Run:default-route originate [ cost cost | tag tag ] *

The device is configured to generate a default route or advertise the default route in the routingtable to RIP neighbors, and the route metric is set.

Step 4 Run:commit


----End



58

3.8.2 Disabling an Interface from Sending Update Packets

ContextRouting loops can be avoided by disabling interfaces from sending Update packets.

There are two ways to prevent interfaces from sending Update packets:l Suppress an interface in the RIP process view.l Disable an interface from sending RIP packets in the interface view.

The configuration in the RIP process view has a higher priority than the configuration in theinterface view.

Procedurel Configuration in a RIP process view

1. Run:system-view


rip [ process-id ]

The RIP view is displayed.3. Run one of the following commands depending on the site requirements:

To disable all interfaces from sending Update packets, run thesilent-interface allcommand.

To disable an interface from sending Update packets, run thesilent-interface interface-type interface-numbercommand.

You can set an interface to silent so that it only receives Update packets to update itsrouting table. The silent-interface command takes precedence over the undo ripoutput command in the interface view.

By default, an interface can receive and send Update packets.4. Run:

commit

The configuration is committed.l Configuration in the interface view

1. Run:system-view


interface interface-type interface-number

The interface view is displayed.3. Run:

undo rip output



59

The interface is disabled from sending RIP Update packets.

By running this command, you can specify whether to send RIP Update packets onan interface. The silent-interface command takes precedence over the undo ripoutput command. By default, an interface is allowed to send RIP Update packets.

4. Run:commit


----End

3.8.3 Configuring RIP to Import Routes

ContextA RIP process can import the routes learned by other RIP processes or routing protocols.

Procedure





Step 3 (Optional) Run:default-cost cost

The default metric for imported routes is set.

If the metric of imported routes is not specified in step 4, the default metric is used.

Step 4 Run:import-route bgp [ permit-ibgp ] [ cost { cost | transparent } | route-policy route-policy-name ] *

Or

import-route { { static | direct } | { { rip | ospf | isis } [ process-id ] } } [ cost cost | route-policy route-policy-name ] *

External routes are imported to RIP.

NOTE

When RIP imports IBGP routes, routing loops may occur. Configure this function with caution.

Step 5 (Optional) Run:filter-policy { acl-number | acl-name acl-name | ip-prefix ip-prefix-name } export [ protocol [ process-id ] | interface-type interface-number ]

The imported routes are filtered before being advertised.

The routing information advertised by RIP may contain the routing information imported fromother protocols. You can use the protocol parameter to filter the routing information imported



60

from a specified routing protocol. If the protocol parameter is not used, all the routes advertisedby RIP are filtered, including the imported routes and the local routes (direct routes).

NOTE

RIP-2 defines a 16-bit tag, while other routing protocols define 32-bit tags. If the routes of other protocolsare imported to RIP and the tag is used in the routing policy, the tag value cannot exceed 65535. If the tagvalue exceeds 65535, the routing policy becomes invalid or the matching result is incorrect.

Step 6 Run:commit


----End




in the RIP database.l Run the display rip process-id route command to view all RIP routes learned from other

devices.

----End

3.9 Controlling Receiving of RIP Routing InformationTo meet the requirements of complex networks, receiving of RIP routing information needs tobe accurately controlled.

Pre-configuration TasksBefore controlling receiving of RIP routing information, complete the following task:



3.9.1 Disabling an Interface from Receiving RIP Update Packets

ContextRouting loops can be avoided by disabling interfaces from receiving Update packets.

Procedure

Step 1 Run:



61

system-view




Step 3 Run:undo rip input

The interface is disabled from receiving RIP Update packets.

By default, an interface is allowed to receive RIP update packets.

Step 4 Run:commit


----End

3.9.2 Configuring RIP to Deny Host Routes

ContextIn certain cases, the switch receives a large number of host routes with 32 bits from the samenetwork segment. These host routes are unnecessary for routing, and they waste networkresources. You can configure the switch to reject all the host routes it receives.

Procedure





Step 3 Run:undo host-route

Host routes are not added to the RIP routing table.

By default, host routes can be added to the routing table on the switch.

NOTE

The undo host-route command is invalid for RIP-2.

Step 4 Run:commit


----End



62

3.9.3 Configuring RIP to Filter Received Routes

Context

The filtering policy can be configured on the inbound interface by configuring the ACL and IPprefix list to filter received routes. Only the routes not filtered out by the filtering policy areadded to the local routing table.

Procedure





Step 3 Depending on type of desired filtering, run one of following commands to configure RIP to filterthe received routes:

l Run:filter-policy { acl-number | acl-name acl-name } import [ interface-type interface-number ]

The learned routing information is filtered based on an ACL.

l Run:filter-policy gateway ip-prefix-name import

The routing information advertised by neighbors is filtered based on the IP prefix list.

l Run:filter-policy ip-prefix ip-prefix-name [ gateway ip-prefix-name ] import [ interface-type interface-number ]

The routes learned by the specified interface are filtered based on the IP prefix list andneighbors.

Step 4 Run:commit


----End

3.9.4 Checking RIP Packets with Metric 0

Context

By default, the device does not accept the RIP packets with metric 0. Therefore, the RIP interfacediscards all the RIP packets with metric 0. Some third-party devices on the network accept theRIP packets with metric 0. To ensure that the Huawei devices can work with the third-partydevices, run the undo zero-metric-check command.



63

Procedure




A RIP process is created and the RIP view is displayed.

Step 3 Run:undo zero-metric-check

Interfaces are allowed to accept the RIP packets with metric 0.

Step 4 Run:commit


----End


Procedurel Run the display rip [ process-id | vpn-instance vpn-instance-name ] command to check

the running status and configuration of RIP.

l Run the display rip process-id database [ verbose ] command to check all activated RIProutes in the database.

l Run the display rip process-id interface [ interface-type interface-number ] [ verbose ]command to check information about the RIP interface.

l Run the display rip process-id neighbor [ neighbor-address neighbor-address ] [verbose ] command to check information about RIP neighbors.

l Run the display rip process-id route command to check all the RIP routes that are learnedfrom other switchs.

----End

3.10 Improving RIP Network PerformanceYou can adjust and optimize the RIP network performance by configuring RIP functions inspecial network environments, such as configuring RIP timers, setting the interval for sendingpackets, and setting the maximum number of packets to be sent.


Before improving RIP network performance, complete the following task:




64


3.10.1 Configuring RIP Timers

ContextRIP uses 4 timers: Update, Age, Suppress, and Garbage-collect. Changing the timer valuesaffects the convergence speed of RIP routes.

Procedure





Step 3 Run:timers rip update age suppress garbage-collect

RIP timers are configured.

NOTE

l RIP timers take effect immediately after being changed.

l Route flapping occurs if the values of the four times are set improperly. The relationship between thevalues is as follows: update must be smaller than age and suppress must be smaller than garbage-collect. For example, if the update time is longer than the aging time, and a RIP route changes withinthe update time, the switch cannot inform its neighbors of the change on time.

l You must configure RIP timers based on the network performance and uniformly on all the devicesrunning RIP. This avoids unnecessary network traffic or route flapping.

By default, the Update timer is 30s; the Age timer is 180s; the Suppress timer is 0s; the Garbage-collect timer is four times the Update timer, namely, 120s.

In practice, the Garbage-collect timer is not fixed. If the Update timer is set to 30s, the Garbage-collect timer may range from 90s to 120s.

Before permanently deleting an unreachable route from the routing table, RIP advertises thisroute (with the metric being set to 16) by periodically sending Update packets four times.Subsequently, all the neighbors know that this route is unreachable. Because a route may notalways become unreachable at the beginning of an Update period, the Garbage-collect timer isactually three or four times the Update timer.

Step 4 Run:commit


----End



65

3.10.2 Setting the Interval for Sending Update Packets andMaximum Number of Sent Packets

Context

To limit memory resources occupied by RIP Update packets, set the interval for sending RIPUpdate packets and the maximum number of Update packets to be sent at a time to appropriatevalues.

Procedure





Step 3 Run:rip pkt-transmit { interval interval | number pkt-count | bandwidth bandwidth-value } *

The interval for sending RIP Update packets and the maximum number of Update packets to besent at a time are set.

Step 4 Run:commit


----End

3.10.3 Setting the Maximum Length of RIP Packets

Context

By default, a RIP packet contains 25 routes. Increasing the maximum length of RIP packets canadd more routes to the packets. Large RIP packets improve bandwidth use efficiency.

CAUTIONBefore using the rip max-packet-length command to increase packet length, ensure that thepeer interface accepts the RIP packets longer than 512 bytes.

After the packet length is increased, Huawei devices may fail to communicate with non-Huaweidevices. Therefore, use this command with caution.



66

Procedure





Step 3 Run:rip max-packet-length { value | mtu }

The maximum length of RIP packets is set.

mtu indicates the maximum RIP packet length.

By default, the maximum length of RIP packets is 512 bytes.

Step 4 Run:commit


----End

3.10.4 Configuring RIP to Check the Validity of Update Packets

ContextChecking RIP Update packet validity improves network security. Validity check includes zerofield check for RIP-1 packets and source address check for RIP Update packets.

l In a RIP-1 packet, the values of some fields must be zero. These fields are zero fields. Afterzero field check is enabled, the device checks the zero fields in the RIP-1 packets anddiscards the packets in which the zero field values are not 0.

l This command verifies the source IP address of the received RIP packet. Specifically, thecommand checks whether the IP address of the interface that sends the packet is in the samenetwork segment as the IP address of the interface that receives the packet. If the addressesare not in the same network segment, the RIP packet will not be processed.

Procedurel Configure the zero field check for RIPv1 packets.

1. Run:system-view


rip [ process-id ]

The RIP view is displayed.3. Run:

checkzero



67

The zero field check is configured for RIP-1 packets.

Configuring the zero field check is invalid in RIP-2.4. Run:

commit

The configuration is committed.l Configure the source address check for RIP Update packets.

1. Run:system-view


rip [ process-id ]


verify-source

The source IP address check is configured for RIP Update packets.4. Run:

commit


----End

3.10.5 Configuring RIP Triggered Update

Context

You can speed up network convergence by changing the values of triggered update timers.

Procedure




The RIP process is created and the RIP view is displayed.

Step 3 Run:timers rip triggered { minimum-interval minimum-interval | incremental-interval incremental-interval | maximum-interval maximum-interval } *

RIP triggered update timers are configured.

Step 4 Run:commit



68


----End

3.10.6 Setting the Maximum Number of RIP Routes

Context

You can set the maximum number of RIP routes to make full use of network resources andimprove network performance.

Procedure




The RIP process is created and the RIP view is displayed.

Step 3 Run:maximum-routes max-number [ threshold threshold-value ]

The maximum number of routes is set.

Step 4 Run:commit


----End



running status and configurations of RIP.

l Run the display rip process-id database [ verbose ] command to view all the active routesin the RIP database.

l Run the display rip process-id interface [ interface-type interface-number ] [ verbose ]command to view information about the RIP interface.

l Run the display rip process-id neighbor [ verbose ] command to view the RIP neighborconfiguration.

l Run the display rip process-id route command to view all RIP routes learned from otherdevices.

----End



69

3.11 Configuring BFD for RIPOn a network that runs high-rate data services, BFD for RIP can be configured to quickly detectand respond to network faults.

Pre-configuration TasksBefore improving RIP network performance, complete the following task:


Configuration ProcessYou can perform the following configuration tasks in any sequence as required.

3.11.1 Configuring Dynamic BFD for RIP

Applicable EnvironmentGenerally, RIP uses timers to receive and send Update messages to maintain neighborrelationships. If a RIP device does not receive an Update message from a neighbor after the Agetimer expires, the RIP device will announce that this neighbor goes Down. The default value ofthe Age timer is 180s. If a link fault occurs, RIP can detect this fault after 180s. If high-rate dataservices are deployed on a network, a great deal of data will be lost during the aging time.

BFD provides millisecond-level fault detection. It can rapidly detect faults in protected links ornodes and report them to RIP. This speeds up RIP processes's response to network topologychanges and achieves rapid RIP route convergence.

Either of the following methods can be used to configure BFD for RIP:l Enable BFD in a RIP process: This method is recommended when BFD for RIP needs to

be enabled on most RIP interfaces.l Enable BFD on RIP interfaces: This method is recommended when BFD for RIP needs to

be enabled on a small number of RIP interfaces.

Procedurel Enable BFD in a RIP process.

1. Run:system-view


bfd

BFD is enabled globally.3. Run:

quit




70

4. Run:rip process-id


bfd all-interfaces enable

BFD is enabled in the RIP process to establish a BFD session.

If BFD is enabled globally, RIP will use default BFD parameters to establish BFDsessions on all the interfaces where RIP neighbor relationships are in the Up state.

6. (Optional) Run:bfd all-interfaces { min-rx-interval min-receive-value | min-tx-interval min-transmit-value | detect-multiplier detect-multiplier-value } *

The values of BFD parameters used to establish the BFD session are set.

BFD parameter values are determined by the actual network situation and networkreliability requirement.– If links have a high reliability requirement, reduce the interval at which BFD

packets are sent.– If links have a low reliability requirement, increase the interval at which BFD

packets are sent.

Running the bfd all-interfaces command changes BFD session parameters on all RIPinterfaces. The default detection multiplier and interval at which BFD packets are sentare recommended.

7. (Optional) Perform the following operations to prevent an interface in the RIP processfrom establishing a BFD session:– Run the quit command to return to the system view.– Run the interface interface-type interface-number command to enter the view of

a specified interface.– Run the rip bfd block command to prevent the interface from establishing a BFD

session.8. Run:

commit

The configuration is committed.l Enable BFD on RIP interfaces.

1. Run:system-view


bfd


quit

Return to the system view.4. Run:




71

The view of the specified interface is displayed.5. Run:

rip bfd enable

BFD is enabled on the interface to establish a BFD session.6. (Optional) Run:

rip bfd { min-rx-interval min-receive-value | min-tx-interval min-transmit-value | detect-multiplier detect-multiplier-value } *

The values of BFD parameters used to establish the BFD session are set.7. Run:

commit


----End

Checking the ConfigurationAfter enabling BFD for RIP at both ends of a link,l Run the display rip process-id bfd session { interface interface-type interface-number |

neighbor-id | all } command. You can see that the BFDState field value on the localswitch is displayed Up.

3.11.2 Configuring Static BFD for RIP

ContextBFD provides link failure detection featuring light load and high speed. Static BFD for RIP isa mode to implement the BFD function.

Establishing BFD sessions between RIP neighbors can rapidly detect faults on links and speedup response of RIP to network topology changes.

Static BFD must be enabled using a command.

Procedure

Step 1 Enable BFD globally.1. Run:

system-view


bfd


quit


Step 2 Configure Static BFD.



72

1. Run:bfd session-name bind peer-ip ip-address [ interface interface-type interface-number ] [ source-ip ip-address ]

BFD binding is created.

If a peer IP address and a local interface are specified, BFD detects only a single-hop link,that is, a route with the interface specified in the bfd command as the outbound interfaceand with the peer IP address specified in the peer-ip command as the next-hop address.

2. Set discriminators.l Run:

discriminator local discr-value

The local discriminator is set.l Run:

discriminator remote discr-value

The remote discriminator is set.

The local discriminator must be the remote discriminator of the device on the other end;otherwise, a BFD session cannot be established. The local and remote discriminators cannotbe modified after being configured.

NOTE

local discr-value set on the local device is the same as that of remote discr-value set on the remotedevice.remote discr-value set on the local device is the same as that of local discr-value set on theremote device.

3. Run:quit


Step 3 Enable static BFD on an interface.1. Run:


The view of the specified interface is displayed.2. Run:

rip bfd static

Static BFD is enabled on the interface.3. Run:

quit


Step 4 Run:commit


----End

Checking the ConfigurationAfter configuring static BFD for RIP,



73

l Run the display rip process-id interface [ interface-type interface-number ] verbosecommand to check BFD for RIP configurations on the specified interface.

3.12 Configuring the Network Management Function forRIP

By binding RIP to the MIB, you can view RIP information and configure RIP through the NMS.

Pre-configuration TasksBefore configuring the network management function for RIP, complete the following task:l Configuring Basic RIP Functions

Procedure



Step 2 Run:rip mib-binding process-id

RIP is bound to the MIB.

This command is used to bind a RIP process ID to MIBs and specify the ID of the RIP processthat accepts Simple Network Management Protocol (SNMP) requests.

Step 3 Run:commit


----End

Checking the Configurationl Run the display current-configuration command to view the binding relationships of RIP.

3.13 Maintaining RIPRIP maintenance includes resetting RIP connections and clearing RIP statistics.



74

3.13.1 Resetting RIP

Context

CAUTIONThe RIP neighbor relationship is deleted after you reset RIP connections with the reset ripcommand. Exercise caution when running this command.

To reset RIP connections, run the following reset commands in the user view.

Procedurel Run the reset rip { process-id | all } configuration command to reset the system parameters

of a RIP process. When a RIP process restarts, all the parameters of the process retain thedefault values.

----End

3.13.2 Clearing RIP Statistics

Context

CAUTIONRIP information cannot be restored after it is cleared. Exercise caution when running thecommands.

To clear RIP statistics, run the following reset commands in the user view.

Procedurel Run the reset rip { process-id | all } imported-routes command to clear the routes imported

from other routing protocols, including dynamic routes and direct routes, and import theroutes to RIP again.

l Run the reset rip { process-id | all } statistics [ interface { all | interface-type interface-number } ] command to clear the counters of a certain RIP process. This command is usedto recount statistics during debugging.

----End

3.14 Configuration ExamplesThis section provides configuration examples of RIP, including networking requirements,configuration notes, and configuration roadmap.



75

3.14.1 Example for Configuring Basic RIP Functions

Networking RequirementsAs shown in Figure 3-1, SwitchA, SwitchB, SwitchC, and SwitchD are located on a small-sizednetwork, and they need to communicate with each other.

Figure 3-1 Network diagram of basic RIP functions

10GE1/0/3VLANIF20

10.1.1.2/24

10GE1/0/2VLANIF20172.16.1.1/24

10GE1/0/2VLANIF20

172.16.1.2/24

10GE1/0/3VLANIF3010.1.1.1/24

SwitchA SwitchD

SwitchC

10GE1/0/1VLANIF10192.168.1.1/24

10GE1/0/1VLANIF10

192.168.1.2/24 SwitchB

Configuration RoadmapThe network size is small, so RIP-2 is recommended. The configuration roadmap is as follows:

1. Configure a VLAN and an IP address for each interface to ensure network reachability.2. Enable RIP on each switch to implement network connections between processes.3. Configure RIP-2 on each switch to improve RIP performance.

Procedure

Step 1 Name the device.The configuration procedure is not provided here.

Step 2 Configure a VLAN and an IP address for each interface. The configuration procedure is notprovided here.

Step 3 Specify the network segment where RIP needs to be enabled.


[~SwitchA] rip[~SwitchA-rip-1] network 192.168.1.0[~SwitchA-rip-1] commit[~SwitchA-rip-1] quit


[~SwitchB] rip[~SwitchB-rip-1] network 192.168.1.0[~SwitchB-rip-1] network 172.16.0.0[~SwitchB-rip-1] network 10.0.0.0[~SwitchB-rip-1] commit[~SwitchB-rip-1] quit



76


[~SwitchC] rip[~SwitchC-rip-1] network 172.16.0.0[~SwitchC-rip-1] commit[~SwitchC-rip-1] quit

# Configure SwitchD.

[~SwitchD] rip[~SwitchD-rip-1] network 10.0.0.0[~SwitchD-rip-1] commit[~SwitchD-rip-1] quit

# Display the RIP routing table of SwitchA.

[~SwitchA] display rip 1 route Route Flags: R - RIP, T - TRIP P - Permanent, A - Aging, S - Suppressed, G - Garbage-collect------------------------------------------------------------------------- Peer 192.168.1.2 on Vlanif10 Destination/Mask Nexthop Cost Tag Flags Sec 10.0.0.0/8 192.168.1.2 1 0 RA 14 172.16.0.0/16 192.168.1.2 1 0 RA 14 192.168.1.0/24 192.168.1.2 1 0 RA 14

From the routing table, you can find that the routes advertised by RIP-1 use natural masks.

Step 4 Specify the RIP version.

# Configure RIP-2 on SwitchA.

[~SwitchA] rip[~SwitchA-rip-1] version 2[~SwitchA-rip-1] commit[~SwitchA-rip-1] quit

# Configure RIP-2 on SwitchB.

[~SwitchB] rip[~SwitchB-rip-1] version 2[~SwitchB-rip-1] commit[~SwitchB-rip-1] quit

# Configure RIP-2 on SwitchC.

[~SwitchC] rip[~SwitchC-rip-1] version 2[~SwitchC-rip-1] commit[~SwitchC-rip-1] quit

# Configure RIP-2 on SwitchD.

[~SwitchD] rip[~SwitchD-rip-1] version 2[~SwitchD-rip-1] commit[~SwitchD-rip-1] quit


# Display the RIP routing table of SwitchA.

[~SwitchA] display rip 1 routeRoute Flags: R - RIP A - Aging, S - Suppressed, G - Garbage-collect ------------------------------------------------------------------------- Peer 192.168.1.2 on Vlanif10 Destination/Mask Nexthop Cost Tag Flags Sec 10.1.1.0/24 192.168.1.2 1 0 RA 32 172.16.1.0/24 192.168.1.2 1 0 RA 32



77

192.168.1.0/24 192.168.1.2 1 0 RA 14

The RIP routing table shows that the routes advertised by RIP-2 contain accurate subnet masks.

----End

Configuration Filesl # Configuration file of SwitchA

#sysname SwitchA#interface Vlanif 10 ip address 192.168.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#rip 1 version 2 network 192.168.1.0#return

l # Configuration file of SwitchB#sysname SwitchB#interface Vlanif 10 ip address 192.168.1.2 255.255.255.0#interface Vlanif 10 ip address 172.16.1.1 255.255.255.0#interface Vlanif 10 ip address 10.1.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20#interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 30#rip 1 version 2 network 10.0.0.0 network 172.16.0.0 network 192.168.1.0#return

l # Configuration file of SwitchC#sysname SwitchC#interface Vlanif 20 ip address 172.16.1.2 255.255.255.0#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20



78

#rip 1 version 2 network 172.16.0.0#return

l # Configuration file of SwitchD#sysname SwitchD#interface Vlanif 30 ip address 10.1.1.2 255.255.255.0#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 30#rip 1 version 2 network 10.0.0.0#return

3.14.2 Example for Importing Routes to RIP


As shown in Figure 3-2, two RIP processes, RIP100 and RIP200, run on SwitchB. SwitchAneeds to communicate with network segment 192.168.3.0/24.

Figure 3-2 Network diagram of importing routes to RIP

10GE1/0/1VLANIF50192.168.0.1/24

10GE1/0/2VLANIF10192.168.1.1/24

10GE1/0/1VLANIF20192.168.2.1/24

10GE1/0/3VLANIF40192.168.4.1/24

10GE1/0/2VLANIF30192.168.3.1/24

SwitchB

SwitchA

10GE1/0/1VLANIF20

192.168.2.2/24 SwitchC

10GE1/0/2VLANIF10

192.168.1.2/24

RIP 100RIP 200



1. Enable RIP on each switch to implement network connections between processes.

2. On SwitchB, import routes between RIP100 and RIP200 and set the default metric of routesimported from RIP200 to 3.

3. Configure an ACL on SwitchB to filter route 192.168.4.0/24 imported from RIP200.



79

Procedure

Step 1 Name the device.The configuration procedure is not provided here.

Step 2 Configure a VLAN and an IP address for each interface. The configuration procedure is notprovided here.

Step 3 Configure basic RIP functions.

# Enable RIP100 on SwitchA.

[~SwitchA] rip 100[~SwitchA-rip-100] network 192.168.0.0[~SwitchA-rip-100] network 192.168.1.0[~SwitchA-rip-100] commit[~SwitchA-rip-100] quit

# Enable RIP100 and RIP200 on SwitchB.

[~SwitchB] rip 100[~SwitchB-rip-100] network 192.168.1.0[~SwitchB-rip-100] commit[~SwitchB-rip-100] quit[~SwitchB] rip 200[~SwitchB-rip-200] network 192.168.2.0[~SwitchB-rip-200] commit[~SwitchB-rip-200] quit

# Enable RIP200 on SwitchC.

[~SwitchC] rip 200[~SwitchC-rip-200] network 192.168.2.0[~SwitchC-rip-200] network 192.168.3.0[~SwitchC-rip-200] network 192.168.4.0[~SwitchC-rip-200] commit[~SwitchC-rip-200] quit

# Display the routing table of SwitchA.

[~SwitchA] display ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Tables: _public_ Destinations : 10 Routes : 10Destination/Mask Proto Pre Cost Flags NextHop Interface 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.0.0/24 Direct 0 0 D 192.168.0.1 Vlanif50 192.168.0.1/32 Direct 0 0 D 127.0.0.1 Vlanif50 192.168.0.255/32 Direct 0 0 D 127.0.0.1 Vlanif50 192.168.1.0/24 Direct 0 0 D 192.168.1.1 Vlanif10 192.168.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif10 192.168.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif10255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0

The routing table of SwitchA does not contain the routes imported from other processes.

Step 4 Configure RIP to import external routes.

# On SwitchB, set the default metric of imported routes to 3 and configure the RIP processes toimport routes into each other's routing table.

[~SwitchB] rip 100[~SwitchB-rip-100] default-cost 3[~SwitchB-rip-100] import-route rip 200[~SwitchB-rip-100] quit[~SwitchB] rip 200



80

[~SwitchB-rip-200] import-route rip 100[~SwitchB-rip-200] quit[~SwitchB] commit

# Display the routing table of SwitchA after the routes are imported.

[~SwitchA] display ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Tables: _public_ Destinations : 13 Routes : 13Destination/Mask Proto Pre Cost Flags NextHop Interface 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.0.0/24 Direct 0 0 D 192.168.0.1 Vlanif50 192.168.0.1/32 Direct 0 0 D 127.0.0.1 Vlanif50 192.168.0.255/32 Direct 0 0 D 127.0.0.1 Vlanif50 192.168.1.0/24 Direct 0 0 D 192.168.1.1 Vlanif10 192.168.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif10 192.168.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif10255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.2.0/24 RIP 100 4 D 192.168.1.2 Vlanif10 192.168.3.0/24 RIP 100 4 D 192.168.1.2 Vlanif10 192.168.4.0/24 RIP 100 4 D 192.168.1.2 Vlanif10

The RIP routing table of SwitchA contains routes 192.168.2.0/24, 192.168.3.0/24, and192.168.4.0/24, which are learned by RIP200 on SwitchB.

Step 5 Configure RIP to filter imported routes.

# Configure an ACL on SwitchB and add a rule to the ACL. The rule denies the packets sentfrom 192.168.4.0/24.

[~SwitchB] acl 2000[~SwitchB-acl-basic-2000] rule deny source 192.168.4.0 0.0.0.255[~SwitchB-acl-basic-2000] rule permit[~SwitchB-acl-basic-2000] quit

# Configure SwitchB to filter route 192.168.4.0/24 imported from RIP200.

[~SwitchB] rip 100[~SwitchB-rip-100] filter-policy 2000 export[~SwitchB-rip-100] quit[~SwitchB] commit


# Display the RIP routing table of SwitchA after the routes are filtered.

[~SwitchA] display ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Tables: _public_ Destinations : 12 Routes : 12Destination/Mask Proto Pre Cost Flags NextHop Interface 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.0.0/24 Direct 0 0 D 192.168.0.1 Vlanif50 192.168.0.1/32 Direct 0 0 D 127.0.0.1 Vlanif50 192.168.0.255/32 Direct 0 0 D 127.0.0.1 Vlanif50 192.168.1.0/24 Direct 0 0 D 192.168.1.1 Vlanif10 192.168.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif10 192.168.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif10255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.2.0/24 RIP 100 4 D 192.168.1.2 Vlanif10 192.168.3.0/24 RIP 100 4 D 192.168.1.2 Vlanif10



81

The RIP routing table of SwitchA does not contain the route originating from 192.168.4.0/24.

----End

Configuration Filesl # Configuration file of SwitchA

#sysname SwitchA#Vlanif10 ip address 192.168.1.1 255.255.255.0#Vlanif50 ip address 192.168.0.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 50#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 10#rip 100 network 192.168.0.0 network 192.168.1.0#return

l # Configuration file of SwitchB#sysname SwitchB#acl number 2000 rule 5 deny source 192.168.4.0 0.0.0.255 rule 10 permit#Vlanif10 ip address 192.168.1.2 255.255.255.0#Vlanif20 ip address 192.168.2.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 20#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 10#rip 100 default-cost 3 network 192.168.1.0 filter-policy 2000 export import-route rip 200#rip 200 network 192.168.2.0 import-route rip 100#return

l # Configuration file of SwitchC# sysname SwitchC#



82

Vlanif20 ip address 192.168.2.2 255.255.255.0#Vlanif30 ip address 192.168.3.1 255.255.255.0#Vlanif40 ip address 192.168.4.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 20#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 30#interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 40#rip 200 network 192.168.2.0 network 192.168.3.0 network 192.168.4.0#return

3.14.3 Example for Configuring Dynamic BFD for RIP


As shown in Figure 3-3, there are four switches that communicate using RIP on a small-sizednetwork. Services are transmitted through the primary link Switch A→Switch B→Switch D.Reliability must be improved for data transmitted from Switch A to Switch B so that servicescan be rapidly switched to another path for transmission when the primary link fails.

Figure 3-3 Networking diagram for configuring BFD for RIP

SwitchA SwitchB SwitchD

SwitchC

10GE1/0/1VLANIF102.2.2.1/24

10GE1/0/1VLANIF102.2.2.2/24

10GE1/0/2VLANIF304.4.4.1/24

10GE1/0/3VLANIF40172.16.1.1/24

10GE1/0/1VLANIF40

172.16.1.2/24

10GE1/0/1VLANIF304.4.4.2/24

10GE1/0/2VLANIF203.3.3.2/24

10GE1/0/2VLANIF203.3.3.1/24



1. Configure a VLAN and an IP address for each interface to ensure network reachability.2. Enable RIP on each switch to implement network connections between processes.



83

3. Configure BFD for RIP on interfaces at both ends of the link between Switch A andSwitch B. BFD can rapidly detect the link status and help RIP speed up route convergenceto implement fast link switching.

Procedure

Step 1 Configure a VLAN for each interface.<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~HUAWEI] commit[~SwitchA] vlan batch 10 20[~SwitchA] interface 10GE 1/0/1[~SwitchA-GigabitEthernet1/0/1] port link-type trunk[~SwitchA-GigabitEthernet1/0/1] port trunk allow-pass vlan 10[~SwitchA-GigabitEthernet1/0/1] quit[~SwitchA] interface 10GE 1/0/2[~SwitchA-GigabitEthernet1/0/2] port link-type trunk[~SwitchA-GigabitEthernet1/0/2] port trunk allow-pass vlan 20[~SwitchA-GigabitEthernet1/0/2] quit[~SwitchA] commit

The configurations of Switch B, Switch C and Switch D are similar to the configuration ofSwitch A, and are not mentioned here.

Step 2 Configure IP address for each vlanif interface.[~SwitchA] interface vlanif 10[~SwitchA-Vlanif10] ip address 2.2.2.1 24[~SwitchA-Vlanif10] quit[~SwitchA] interface vlanif 20[~SwitchA-Vlanif20] ip address 3.3.3.1 24[~SwitchA-Vlanif20] quit[~SwitchA] commit

The configurations of Switch B, Switch C and Switch D are similar to the configuration ofSwitch A, and are not mentioned here.

Step 3 Configure basic RIP functions.

# Configure Switch A.

<SwitchA> system-view[~SwitchA] rip 1[~SwitchA-rip-1] version 2[~SwitchA-rip-1] network 2.0.0.0[~SwitchA-rip-1] network 3.0.0.0[~SwitchA-rip-1] quit[~SwitchA] commit

# Configure Switch B.

<SwitchB> system-view[~SwitchB] rip 1[~SwitchB-rip-1] version 2[~SwitchB-rip-1] network 2.0.0.0[~SwitchB-rip-1] network 4.0.0.0[~SwitchB-rip-1] network 172.16.0.0[~SwitchB-rip-1] quit[~SwitchB] commit

# Configure Switch C.

<SwitchC> system-view[~SwitchC] rip 1[~SwitchC-rip-1] version 2[~SwitchC-rip-1] network 3.0.0.0[~SwitchC-rip-1] network 4.0.0.0



84

[~SwitchC-rip-1] quit[~SwitchC] commit

# Configure Switch D.

<SwitchD> system-view[~SwitchD] rip 1[~SwitchD-rip-1] version 2[~SwitchD-rip-1] network 172.16.0.0[~SwitchD-rip-1] quit[~SwitchD] commit

# After completing the preceding operations, run the display rip neighbor command. Thecommand output shows that Switch A, Switch B, and Switch C have established neighborrelationships with each other. In the following example, the display on Switch A is used.

[~SwitchA] display rip 1 neighbor--------------------------------------------------------------------- IP Address Interface Type Last-Heard-Time --------------------------------------------------------------------- 2.2.2.2 Vlanif10 RIP 0:0:14 Number of RIP routes : 2 3.3.3.2 Vlanif20 RIP 0:0:19 Number of RIP routes : 1

# Run the display ip routing-table command. The command output shows that the switcheshave imported routes from each other. In the following example, the display on Switch A isused.

[~SwitchA] display ip routing-tableRoute Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 12 Routes : 13 Destination/Mask Proto Pre Cost Flags NextHop Interface 2.2.2.0/24 Direct 0 0 D 2.2.2.1 Vlanif10 2.2.2.1/32 Direct 0 0 D 127.0.0.1 Vlanif10 2.2.2.255/32 Direct 0 0 D 127.0.0.1 Vlanif10 3.3.3.0/24 Direct 0 0 D 3.3.3.1 Vlanif20 3.3.3.1/32 Direct 0 0 D 127.0.0.1 Vlanif20 3.3.3.255/32 Direct 0 0 D 127.0.0.1 Vlanif20 4.4.4.0/24 RIP 100 1 D 3.3.3.2 Vlanif20 RIP 100 1 D 2.2.2.2 Vlanif10 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.16.1.0/24 RIP 100 1 D 2.2.2.2 Vlanif10 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0

The preceding command output shows that the next-hop address and outbound interface of theroute to destination 172.16.1.0/16 are 2.2.2.2 and Vlanif10 respectively, and traffic is transmittedover the active link Switch A->Switch B.

Step 4 Configure BFD in RIP processes.

# Configure BFD on all interfaces of Switch A.

[~SwitchA] bfd[~SwitchA-bfd] quit[~SwitchA] rip 1[~SwitchA-rip-1] bfd all-interfaces enable[~SwitchA-rip-1] bfd all-interfaces min-rx-interval 100 min-tx-interval 100 detect-multiplier 10[~SwitchA-rip-1] quit[~SwitchA] commit



85

The configuration of Switch B is similar to that of Switch A, and is not provided here.

# After completing the preceding operations, run the display rip bfd session command onSwitch A. The command output shows that Switch A and Switch B have established a BFDsession and the BFDState field value is displayed as Up. In the following example, the displayon Switch A is used.

[~SwitchA] display rip 1 bfd session all LocalIp :2.2.2.1 RemoteIp :2.2.2.2 BFDState :Up TX :100 RX :100 Multiplier:3 BFD Local Dis :8194 Interface :Vlanif10 Diagnostic Info:No diagnostic information LocalIp :3.3.3.1 RemoteIp :3.3.3.2 BFDState :Down TX :2800 RX :2800 Multiplier:0 BFD Local Dis :8192 Interface :Vlanif20 Diagnostic Info:No diagnostic information


# Run the shutdown command on 10GE 1/0/0 of Switch B to simulate a fault in the active link.

NOTE

The link fault is simulated to verify the configuration. In actual situations, the operation is not required.[~SwitchB] interface 10GE 1/0/1[~SwitchB-10GE1/0/1] shutdown[~SwitchB-10GE1/0/1] commit

# Check the routing table of Switch A.

[~SwitchA] display ip routing-tableRoute Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 12 Routes : 13 Destination/Mask Proto Pre Cost Flags NextHop Interface 3.3.3.0/24 Direct 0 0 D 3.3.3.1 Vlanif20 3.3.3.1/32 Direct 0 0 D 127.0.0.1 Vlanif20 3.3.3.255/32 Direct 0 0 D 127.0.0.1 Vlanif20 4.4.4.0/24 RIP 100 1 D 3.3.3.2 Vlanif20 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.16.1.0/24 RIP 100 2 D 3.3.3.2 Vlanif20 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0

The preceding command output shows that the standby link Switch A->Switch C->Switch B isused after the active link fails, and the next-hop address and outbound interface of the route todestination 172.16.1.0/16 are 3.3.3.2 and Vlanif20 respectively.

----End

Configuration Filesl Configuration file of Switch A

#sysname SwitchA#vlan batch 10 20#bfd#interface Vlanif10



86

ip address 2.2.2.1 255.255.255.0#interface Vlanif20 ip address 3.3.3.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20#rip 1 version 2 network 2.0.0.0 network 3.0.0.0 bfd all-interfaces enable bfd all-interfaces min-tx 100 min-rx-interval 100 detect-multiplier 10#return

l Configuration file of Switch B#sysname SwitchB#vlan batch 10 30 40#bfd#interface Vlanif10 ip address 2.2.2.2 255.255.255.0#interface Vlanif30 ip address 4.4.4.1 255.255.255.0#interface Vlanif40 ip address 172.16.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 30#interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 40#rip 1 version 2 network 2.0.0.0 network 4.0.0.0 network 172.16.0.0 bfd all-interfaces enable bfd all-interfaces min-tx-interval 100 min-rx-interval 100 detect-multiplier 10#return

l Configuration file of Switch C#sysname SwitchC#vlan batch 20 30#interface Vlanif20 ip address 3.3.3.2 255.255.255.0



87

#interface Vlanif30 ip address 4.4.4.2 255.255.255.0#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 30#rip 1 version 2 network 3.0.0.0 network 4.0.0.0#return

l Configuration file of Switch D#sysname SwitchD#vlan 40#interface Vlanif40 ip address 172.16.1.2 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 40#rip 1 version 2 network 172.16.0.0#return

3.15 Common Configuration ErrorsThis section describes common faults caused by incorrect RIP configurations and provides thetroubleshooting procedure.

3.15.1 Failed to Receive RIP Update Packets from Neighbors

Fault DescriptionA device cannot receive RIP Update packets from neighbors when the link runs properly.

ProcedureStep 1 Run the display current-configuration configuration rip command to check RIP

configurations.l Check whether RIP has been enabled on the interface. Only the RIP-enabled interface can

receive RIP packets.l Check whether the RIP versions on neighbors and local interface are the same. If the RIP

versions are different, the interface cannot receive RIP packets from neighbors.

Step 2 Run the display current-configuration interface interface-type interface-number command toview the interface configuration.



88

l Check whether the undo rip input command has been executed on the interface. If thecommand has been executed, the interface does not receive RIP packets.

l Check whether the authentication modes on the two ends of the link are the same. If theauthentication modes are different, the interface cannot receive RIP packets from the peer.

----End

3.15.2 Failed to Send RIP Update Packets to Neighbors

Fault Description

A device cannot send RIP Update packets to neighbors when the link runs properly.

Procedure

Step 1 Run the display current-configuration configuration rip command to check RIPconfigurations.l Check whether RIP has been enabled on the interface. Only the RIP-enabled interface can

send RIP packets.l Check whether the silent-interface command has been executed on the interface. If the

command has been executed, the interface does not send RIP packets.

Step 2 Run the display current-configuration interface interface-type interface-number command toview the interface configuration.l Check whether the undo rip output command has been executed on the interface. If the

command has been executed, the interface does not send RIP packets.l Check whether the authentication modes on the two ends of the link are the same. If the

authentication modes are different, the interface cannot send RIP packets to the peer.l Check whether split horizon has been enabled on the interface. If split horizon has been

enabled, the interface cannot send the route learned by itself to neighbors.

NOTE

Split horizon is enabled on all interfaces by default, but the display current-configuration commandoutput does not show the split horizon option. If the command output for an interface connected to anNBMA network does not contain the split horizon option, split horizon is disabled on the interface.

----End

3.15.3 Route Flapping Occurs on a RIP Network

Fault Description

Route flapping occurs on a RIP network when the link runs properly. Some routes intermittentlydisappear in the routing table.

Procedure

Step 1 Run the display rip command to check the configuration of RIP timers.The RIP timers on the entire network must be consistent; otherwise, route flapping occurs. Therelationships between the timer values are update < age, update < garbage-collect.



89

Step 2 Run the timers rip update age suppress garbage-collect command to set the RIP timers.

----End



90

4 OSPF Configuration

About This Chapter

By building OSPF networks, you can enable OSPF to discover and calculate routes in ASs.OSPF is applicable to a large-scale network that consists of hundreds of devices.

4.1 OSPF OverviewOSPF, which is developed by the IETF, is a link-state IGP. OSPF is widely used in accessnetworks and MANs.

4.2 OSPF Features Supported by the DeviceThe supported Open Shortest Path First (OSPF) features include the OSPF multi-process,authentication, non-stop routing (NSR), stub area, not so stubby area (NSSA), OSPF IP FRR,bidirectional forwarding detection (BFD), smart-discover, Interior Gateway Protocol (IGP)shortcut, forwarding adjacency, OSPF VPN Multi-instance, Synchronization Between OSPFand LDP, generalized TTL security mechanism (GTSM), host routes advertisement, and fastconvergence.

4.3 Default ConfigurationThis section describes the default configuration of OSPF, which can be changed according tonetwork requirements.

4.4 Configuring Basic OSPF FunctionsBefore building OSPF networks, you need to configure basic OSPF functions.

4.5 Setting Parameters for OSPF Neighbor RelationshipOn an OSPF network, all routing information is transmitted and exchanged between neighboringor adjacent devices. By maintaining neighbor relationships or adjacencies, you can stabilize theentire network.

4.6 Configuring OSPF Attributes in Different Types of NetworksBy setting network types for OSPF interfaces and adjusting OSPF attributes, you can build OSPFnetworks flexibly.

4.7 Configuring OSPF Stub AreasBy configuring non-backbone areas at the edge of ASs as stub areas, you can reduce the size ofthe routing table and reduce the number of LSAs to be transmitted.

4.8 Configuring OSPF NSSA AreasConfiguring a non-backbone area on the border of an autonomous system (AS) as a not-so-stubby area (NSSA) can reduce entries in the routing table and the amount of routing information

CloudEngine 6800&5800 Series SwitchesConfiguration Guide - IP Routing 4 OSPF Configuration


91

to be transmitted. This section describes how to set the cost of the default route to an NSSA andadjust the selection of the default route.

4.9 Adjusting OSPF Route SelectionBy adjusting OSPF route selection, you can enable OSPF to meet the requirements of complexnetworks.

4.10 Controlling OSPF Routing InformationThis section describes how to control OSPF routing information. Detailed operations includeimporting external routes, and filtering the received routes and LSAs.

4.11 Configuring OSPF IP FRRIn the case of a link fault, a device enabled with OSPF IP FRR can fast switch traffic to thebackup link. This protects traffic and greatly improves the reliability of OSPF networks.

4.12 Configuring BFD for OSPFIf there are high requirements for data transmission, and OSPF convergence needs to be speededup when the link status changes, you can configure BFD on OSPF links. After detecting a linkfailure, BFD notifies the routing protocol of the failure, which triggers fast convergence. Whenthe neighbor relationship is Down, the BFD session is deleted dynamically.

4.13 Configuring OSPF Fast ConvergenceBy adjusting OSPF timers, you can implement OSPF fast network convergence.

4.14 Configuring OSPF GR HelperTo avoid traffic interruption and route flapping caused by the active/standby switchover, youcan enable OSPF GR.

4.15 Improving the Stability of an OSPF NetworkA stable OSPF network features less route flapping, normal device performance, and goodnetwork performance.

4.16 Improving the Security of an OSPF NetworkOn a network demanding high security, you can configure OSPF authentication and theGTSM to improve the security of the OSPF network.

4.17 Configuring the Network Management Function of OSPFOSPF supports the network management function. You can bind the OSPF MIB to a certainOSPF process.

4.18 Maintaining OSPFMaintaining OSPF involves resetting OSPF, and clearing OSPF statistics.

4.19 Configuring ExamplesThis section provides several configuration examples of OSPF together with the configurationflowchart. The configuration examples explain networking requirements, and configurationroadmap.



92

4.1 OSPF OverviewOSPF, which is developed by the IETF, is a link-state IGP. OSPF is widely used in accessnetworks and MANs.

Before the emergence of OSPF, the Routing Information Protocol (RIP) is widely used onnetworks as an Interior Gateway Protocol (IGP).

RIP is a routing protocol based on the distance vector algorithm. Due to its slow convergence,routing loops, and poor scalability, RIP is gradually replaced by OSPF.

As a link-state protocol, OSPF can solve many problems encountered by RIP. Additionally,OSPF has the following advantages:

l Supports area partition. An Autonomous System (AS) can be partitioned into areas tosimplify management. The Link State Database (LSDB) of a device in an area needs to beconsistent with only the LSDBs of other devices in this area. The decrease in the size ofthe LSDB greatly reduces the memory consumption and CPU usage of the device. Inaddition, less network bandwidth is consumed because of the decrease in routinginformation to be transmitted between areas.

l Receives or sends packets in multicast mode to reduce load on the switch that does not runOSPF.

l Supports Classless Interdomain Routing (CIDR).l Supports load balancing among equal-cost routes.l Supports packet authentication.

With the preceding advantages, OSPF is widely accepted and used as an IGP.

NOTE

In this chapter, OSPF refers to OSPF Version 2 (OSPFv2), unless otherwise specified.

Typical Networking of OSPF

As shown in Figure 4-1, there are two most important concepts in an OSPF network, namely,areas and different types of device.

The number of devices increases with the increasing expansion of the network scale. This leadsto a large LSDB on each device, which imposes a heavy burden on the device. OSPF solves thisproblem by partitioning an AS into different areas. An area is regarded as a logical group, whichis identified by an area ID. At the border of an area resides a device rather than a link. A networksegment (or a link) belongs to only one area. That is, the area to which each OSPF interfacebelongs needs to be specified.

After area partition, route aggregation can be performed on the Area Border Router (ABR) toreduce the number of Link State Advertisements (LSAs) to be advertised to other areas. Routeaggregation also minimizes the impacts caused by changes in the topology.

Based on their locations in an AS, the devices that run OSPF are classified into the followingtypes:

l Internal routersl ABRs



93

l Backbone routersl AS Boundary Routers (ASBRs)

Figure 4-1 Typical networking diagram of OSPF

Area3

Area0

Area1

Area2

Area4

Internal Router

ABR

Backbone Router

ASBRIS-IS

In an AS, inter-area routes and intra-area routes describe the network structure of the AS. ASexternal routes describe how to select a route to a destination outside an AS. OSPF classifies theimported AS external routes into Type 1 and Type 2 external routes.

Table 4-1 lists route types in descending order of priority.

Table 4-1 OSPF route type

Route Description

Intra area Indicates intra-area routes.

Inter area Indicates inter-area routes.

Type1 external Indicates Type 1 external routes. The cost of a Type 1external route equals the cost for the OSPF device to reachan ASBR plus the cost of the route from the ASBR to thedestination.When the cost of an external route approximately equals thecost of an AS internal route, this external route is consideredhighly reliable and can be configured as a Type 1 externalroute.



94

Route Description

Type2 external Indicates Type 2 external routes. The cost of a Type 2external route equals the cost of the route from an ASBR tothe destination.Therefore, during route calculation, OSPF considers onlythe cost of the route from an ASBR to the destination outsidean AS, namely, the cost of a Type 2 external route.When the cost of the route from an ASBR to the destinationoutside an AS is much greater than the cost of the internalroute to the ASBR, this external route has a low reliabilityand can be configured as a Type 2 external route.

OSPF Network Type

OSPF classifies networks into the following types according to the types of link layer protocol:

l Broadcast networks

If the link layer protocol is Ethernet or Fiber Distributed Data Interface (FDDI), OSPFdefaults the network type to broadcast.

– Hello packets and packets from the Designated Router (DR) are sent in multicast modeby using address 224.0.0.5, which indicates the reserved IP multicast address for OSPFdevices.

– Link State Update (LSU) packets are sent to the DR in multicast mode by using address224.0.0.6, which indicates the reserved IP multicast address for the OSPF DR. Then,the DR forwards the LSU packets to destination 224.0.0.5.

– Database Description (DD) packets, Link State Request (LSR) packets, and allretransmission packets are sent in unicast mode.

– Link State Acknowledgment (LSAck) packets are usually sent in multicast mode byusing address (224.0.0.5). When a device receives repeated LSAs, or the LSAs aredeleted due to the timeout of the maximum lifetime, LSAck packets are sent in unicastmode.

l Non-Broadcast Multiple Access (NBMA) networks

If the link layer protocol is frame relay (FR), X.25, OSPF defaults the network type toNBMA. In this type of network, protocol packets, such as Hello packets, DD packets, LSRpackets, LSU packets, and LSAck packets, are sent in unicast mode.

l Point-to-Multipoint (P2MP) networks

There is no concept of P2MP in link layer protocols. Therefore, a P2MP network must beforcibly changed from other network types. In this type of network, Hello packets are sentin multicast mode by using address 224.0.0.5; DD packets, LSR packets, LSU packets. andLSAck packets are sent in unicast mode.

l Point-to-point (P2P) networks

If the link layer protocol is PPP, High-Level Data Link Control (HDLC), or Link AccessProcedure Balanced (LAPB), OSPF defaults the network type to P2P. In this type ofnetwork, protocol packets, such as Hello packets, DD packets, LSR packets, LSU packets,and LSAck packets, are sent in multicast mode by using address 224.0.0.5.



95

4.2 OSPF Features Supported by the DeviceThe supported Open Shortest Path First (OSPF) features include the OSPF multi-process,authentication, non-stop routing (NSR), stub area, not so stubby area (NSSA), OSPF IP FRR,bidirectional forwarding detection (BFD), smart-discover, Interior Gateway Protocol (IGP)shortcut, forwarding adjacency, OSPF VPN Multi-instance, Synchronization Between OSPFand LDP, generalized TTL security mechanism (GTSM), host routes advertisement, and fastconvergence.

Multi-process

OSPF supports multi-process. Multiple different OSPF processes can run on the same switch,and are independent of each other. Route interaction between different OSPF processes is similarto route interaction between different routing protocols.

An interface of the switch belongs to only a certain OSPF process.

Authentication

OSPF supports packet authentication. Only the OSPF packets that pass the authentication canbe received. If packets fail to pass the authentication, the neighbor relationship cannot beestablished. The switch supports the following authentication modes:

l Area authenticationl Interface authentication

When both area authentication and interface authentication are available, interfaceauthentication is preferred.

OSPF NSR

Non-Stop Routing (NSR) is a routing technique that prevents a neighbor from sensing the faulton the control plane of a device that provides a slave control plane. With NSR, when the controlplane of the device becomes faulty, the neighbor relationship set up through specific routingprotocols, MPLS, and other protocols that carry services are not interrupted.

As networks develop fast, operators pose high requirements for reliability on IP networks. NSR,as a high availability (HA) solution, is thus introduced to ensure that services transmitted by adevice are not affected when a hardware or software failure occurs on the device.

OSPF Stub Area

In a stub area, the area border router (ABR) does not transmit learned autonomous system (AS)external routes. This implementation reduces entries in the routing tables on ABRs in stub areasand the amount of routing information to be transmitted.

To ensure the reachability of AS external routes, the ABR in the stub area generates a defaultroute and advertises the route to non-ABRs in the stub area.

Note the following points when configuring a stub area:

l The backbone area cannot be configured as a stub area.



96

l If an area needs to be configured as a stub area, stub attributes must be configured on allthe switchs in this area using the stub command.

l An autonomous system boundary router (ASBR) cannot exist in a stub area. AS externalroutes are not transmitted in the stub area.

l Virtual links cannot exist in the stub area.

OSPF NSSA

An NSSA is a new type of OSPF area. Neither the NSSA nor the stub area transmits routeslearned from other areas in the AS where it resides. Different from the stub area, the NSSAallows AS external routes to be imported and forwarded in the entire AS.

To ensure the reachability of AS external routes, the ABR in the NSSA generates a default routeand advertises this route to the other switchs in the NSSA.

Note the following points when configuring an NSSA:

l The backbone area cannot be configured as an NSSA.

l If an area needs to be configured as an NSSA, NSSA attributes must be configured on allthe switchs in this area.

l Virtual links cannot exist in the NSSA.

OSPF IP FRR

OSPF IP FRR pre-computes a backup link by using the Loop-Free Alternate (LFA) algorithm,and then adds the backup link and the primary link to the forwarding table. In the case of failures,OSPF IP FRR can fast switch traffic to the backup link before routes on the control planeconverge. This prevents traffic interruption and thus protects traffic and improves reliability ofan OSPF network.

OSPF IP FRR complies with RFC 5286, that is, Basic Specification for IP Fast Reroute Loop-Free Alternates, which protects traffic when links or nodes become faulty.

BFD for OSPF

By default, on broadcast networks, the interval for OSPF to send Hello packets is 10 seconds;on NBMA networks, the interval for sending Hello packets is 30 seconds. The interval fordeclaring a neighbor Down, that is, the dead time after which the neighbor relationship becomesinvalid, is four times the interval for sending Hello packets. If the switch does not receive a Hellopacket from its neighbor within the dead time, the switch deletes the neighbor. That is, theswitch detects the neighbor faults in seconds. This causes a large number of packets to be loston a high-speed network.

Bidirectional Forwarding Detection (BFD) is introduced to solve the preceding problem in theexisting detection mechanism. BFD ensures the detection interval in milliseconds. Instead ofreplacing the Hello mechanism of OSPF, BFD works with OSPF to fast detect the adjacencyfault. In addition, BFD instructs OSPF to recalculate corresponding routes for correct packetforwarding.

OSPF supports the dynamic establishment or deletion of BFD sessions on broadcast, P2P, P2MP,or NBMA links.



97

Smart-discoverGenerally, the switch periodically sends Hello packets through OSPF interfaces. By exchangingHello packets, the switchs establish and maintain the neighbor relationship, and elect the DRand the Backup Designated Router (BDR) on the multi-access network (broadcast or NBMAnetwork). During the establishment of the neighbor relationship or the election of the DR andthe BDR on the multi-access network, interfaces send Hello packets only when the Hello timerexpires. This affects the speed of establishing the neighbor relationship or electing the DR andthe BDR.

NOTE

l The interval for an interface to send Hello packets depends on the configured interval for sending Hellopackets on the interface.

l The default value of the interval for sending Hello packets varies with the network type.

Configuring Smart-discover can solve the preceding problem.

l On a broadcast or NBMA network, the neighbor relationship can be established rapidly,and a DR and a BDR on the network can be elected rapidly.– When the neighbor status becomes 2-way for the first time or returns to Init from the

2-way or higher state shown in Figure 4-2, the interface enabled with Smart-discoversends Hello packets to a neighbor without waiting for the timeout of the Hello timerwhen detecting that the neighbor status changes.

Figure 4-2 Changes of the neighbor state machine

– When the interface status of the DR or the BDR on the multi-access network changes,

the interface enabled with Smart-discover sends Hello packets to the network segmentand then participates in the DR or BDR election.

l On a P2P or P2MP network, the adjacency can be established rapidly. The principle ofestablishing adjacencies on a P2P and P2MP network is the same as that on a broadcast orNBMA network.

OSPF VPN Multi-instanceOSPF supports multi-instance, which can run between Provider Edges (PEs) and CustomerEdges (CEs) on VPNs.

On a VPN, many sites of one VPN can use OSPF as the internal routing protocol. The sites,however, are handled as being from different ASs. In this manner, the OSPF routes learned onone site are transmitted as external routes to another site. This results in heavy OSPF traffic andsome originally avoidable problems of network management.

In the implementation of the switch, you can configure domain IDs on PEs to differentiate theVPNs where different sites reside. Different sites in one VPN consider that they are connected



98

directly. In this case, PEs exchange OSPF routing information as if they were directly connectedthrough a leased line. This improves network management and effectively uses OSPF.

NOTE

For detailed configuration of OSPF VPN multi-instance, refer to the CloudEngine 6800&5800 SeriesSwitches Configuration Guide - VPN.

Synchronization Between OSPF and LDP

On a network with primary and backup links, when the primary link becomes faulty, traffic isswitched from the primary link to the backup link. In this process, traffic is interrupted in a shorttime. After the primary link recovers, traffic is switched back from the backup link to the primarylink. In this process, traffic is interrupted in a comparatively long time.

Configuring synchronization between OSPF and LDP can ensure millisecond-level trafficinterruption when traffic is switched back from the backup link to the primary link.

The principle of synchronization between OSPF and LDP is to delay route switchback bysuppressing the establishment of the OSPF neighbor relationship until LDP convergence iscomplete. That is, before an LSP is established on the primary link, the backup link continuesforwarding traffic. The backup link is deleted after the LSP is established on the primary link.

GTSM

The Generalized TTL Security Mechanism (GTSM) protects services above the IP layer againstattacks by checking whether the Time-to-Live (TTL) value in the IP header is within a specifiedrange. In applications, the GTSM is mainly used to protect the TCP/IP-based control plane,including routing protocols, against attacks of the CPU-utilization type, such as CPU overload.

NOTE

For detailed configuration of OSPF GTSM, refer to the CloudEngine 6800&5800 Series SwitchesConfiguration Guide - Security.

OSPF Fast Convergence

OSPF fast convergence is an extended feature of OSPF implemented to speed up routeconvergence, which has the following functions:

l Supports OSPF Smart-discover.

l Supports partial route calculation (PRC).

l Controls the generation and receiving of LSAs through the intelligent timer.

l Controls route calculation through the intelligent timer.

l Fast convergence by priority of routes.

4.3 Default ConfigurationThis section describes the default configuration of OSPF, which can be changed according tonetwork requirements.

Table 4-2 describes the default configuration of OSPF.



99

Table 4-2 Default configuration of OSPF


OSPF Disabled

The interval of sending Hellopackets

By default, for the interface of P2P and Broadcast type,the interval for sending Hello packets is 10 seconds; forthe interface of NBMA type, it is 30 seconds.

The dead interval of the OSPFneighbor

By default, for the interface of P2P and Broadcast, thedead interval for the OSPF neighbors is 40 seconds; forthat of NBMA, it is 120 seconds.

The period during which adevice keeps acting as a stubrouter.

500 seconds.

The bandwidth reference valueused to calculate the link cost.

100 Mbit/s

4.4 Configuring Basic OSPF FunctionsBefore building OSPF networks, you need to configure basic OSPF functions.

Pre-configuration TasksBefore configuring basic OSPF functions, complete the following tasks:

l Configuring IP addresses for interfaces to ensure that neighboring nodes are reachable atthe network layer

Configuration Procedures

Figure 4-3 Flowchart of configuring basic OSPF functions

Create an OSPF area

Enable OSPF

Mandatory procedureOptional

procedure

Create an OSPF process

4.4.1 Creating an OSPF Process



100

ContextTo run OSPF, the switch needs to have a router ID. A router ID of the switch is a 32-bit unsignedinteger, which uniquely identifies the switch in an AS. To ensure the stability of OSPF, you needto manually configure a router ID for each device during network planning.

Procedure



Step 2 Run:ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] *

An OSPF process is created, and the OSPF view is displayed.

l The parameter process-id specifies the ID of an OSPF process. The default value is 1.The switch supports OSPF multi-process. You can create different processes for differenttypes of service. The OSPF process ID is valid in the local area, without affecting packetexchange with other switchs. Therefore, different switchs can also exchange packets eventhough they have different process IDs.

l The parameter router-id router-id specifies the router ID of the switch.By default, the system automatically selects the largest IP address of the interface as therouter ID. When manually setting a router ID, ensure that the router ID of each device in anAS is unique. Generally, you can set the router ID to be the same as the IP address of a certaininterface on the device.

NOTEThe router ID of each OSPF process must be unique on the OSPF network; otherwise, the OSPFneighbor relationship cannot be set up and routing information is incorrect. Configuring a unique routerID for each OSPF process on each OSPF device is recommended.

l The parameter vpn-instance vpn-instance-name specifies the name of a VPN instance.If a VPN instance is specified, the OSPF process belongs to the specified VPN instance.Otherwise, the OSPF process belongs to the public network instances.

Step 3 Run:commit


----End

4.4.2 Creating an OSPF Area

ContextMore and more devices are deployed with the increasing expansion of the network scale. As aresult, each device has to maintain a large LSDB, which becomes a heavy burden. OSPF solvesthis problem by dividing an AS into areas. An area is regarded as a logical device group. Eachgroup is identified by an area ID. The borders of an area are devices, rather than links. A networksegment (or a link) belongs to only one area. That is, each OSPF interface must belong to anarea.



101

Procedure



Step 2 Run:ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] *

The OSPF process is enabled, and the OSPF view is displayed.

Step 3 Run:area area-id

The OSPF area view is displayed.

Areas are not equally important. The area with the area ID being 0 is called the backbone area.The backbone area is responsible for forwarding inter-area routing information. In addition,routing information between non-backbone areas must be forwarded through the backbone area.

Step 4 Run:commit


----End

4.4.3 Enable OSPF

ContextAfter creating an OSPF process, you need to configure the network segments included in anarea. A network segment belongs to only one area. That is, you need to specify an area for eachinterface that runs OSPF. In this document, the network segment refers to the network segmentto which the IP address of the OSPF interface belongs.

OSPF checks the network mask carried in a received Hello packets. If the network mask carriedin a received Hello packet is different from the network mask of the local device, the Hellopacket is discarded. Then no OSPF neighbor relationship can be established.

Procedure



Step 2 Run:ospf [ process-id ]

The OSPF process view is displayed.





102

OSPF can be enabled in an OSPF area or on a specific interface.

l Enable OSPF in an OSPF area.1. Run:

network ip-address wildcard-mask

Network segments belonging to an area are configured.

OSPF can properly run on an interface only when the following conditions are met:

l The IP address mask length of the interface is equal to or greater than the mask lengthspecified in the network command.

l The primary IP address of the interface must be within the network segment specifiedby the network command.

By default, OSPF advertises the IP address of the loopback interface as a 32-bit host route,which is irrelevant to the mask length configured on the loopback interface. To advertiseroutes to the network segment of the loopback interface, configure the network type asNBMA or broadcast in the interface view. For details, see Configuring Network Typesof OSPF Interfaces.

l Enable OSPF on an interface.1. Run the following command in the system view:



ospf enable process-id area area-id

OSPF is enabled on the interface.

Step 4 Run:commit


----End


PrerequisitesAll configurations of basic OSPF functions are complete.

Procedurel Run the display ospf [ process-id ] peer command in any view to check information about

OSPF neighbors.l Run the display ospf [ process-id ] interface command in any view to check information

about OSPF interfaces.l Run the display ospf [ process-id ] routing command in any view to check information

about the OSPF routing table.

----End



103

4.5 Setting Parameters for OSPF Neighbor RelationshipOn an OSPF network, all routing information is transmitted and exchanged between neighboringor adjacent devices. By maintaining neighbor relationships or adjacencies, you can stabilize theentire network.

Pre-configuration TasksBefore configuring session parameters for the OSPF neighbor or adjacency relationship,complete the following tasks:

l Configuring a link layer protocoll Configuring IP addresses for interfaces to ensure that neighboring nodes are reachable at

the network layerl 4.4 Configuring Basic OSPF Functions

Configuration ProceduresYou can choose one or several configuration tasks (excluding "Checking the Configuration") asrequired.

4.5.1 Setting the OSPF Packet Retransmission Limit

ContextAfter an OSPF switch sends one of the following packets, if it does not receive the LSAck packetwithin a specified time, it retransmits the packet. After the number of packet retransmissionsreaches the set limit, the OSPF switch tears down the adjacency relationship with its neighbor.l DD packetsl LSU packetsl LSR packets

Procedure




The OSPF view is displayed.

Step 3 Run:retransmission-limit [ max-number ]

The OSPF packet retransmission limit is set.

By default, the OSPF packet retransmission limit is not set. The default maximum number ofpacket retransmissions is 30.



104

Step 4 Run:commit


----End

4.5.2 Configuring an Interface to Fill in the DD Packet with theActual MTU

Procedure




The OSPF interface view is displayed.

Step 3 Run:ospf mtu-enable

The interface is configured to fill in the DD packet with the actual MTU and check whether theMTU in the DD packet from the neighbor exceeds the MTU of the local end.

By default, the MTU in the DD packet sent by an interface is 0.

CAUTIONSetting the MTU in a DD packet will lead to the reestablishment of the neighbor relationship.

Step 4 Run:commit


----End


PrerequisitesAll configurations of session parameters of the OSPF neighbor or adjacency relationship arecomplete.

Procedurel Run the display ospf [ process-id ] peer command to check information about OSPF

neighbors.



105

l Run the display ospf [ process-id ] brief command to check brief information about thespecified OSPF process.

l Run the display ospf [ process-id ] retrans-queue [ interface-type interface-number ][ neighbor-id] command to check the OSPF retransmission list.

----End

4.6 Configuring OSPF Attributes in Different Types ofNetworks

By setting network types for OSPF interfaces and adjusting OSPF attributes, you can build OSPFnetworks flexibly.

Applicable EnvironmentAccording to the types of link layer protocols, OSPF classifies networks into the following types:l P2MP: There is no concept of P2MP in link layer protocols. Therefore, a P2MP network

must be forcibly changed from other network types.l NBMA: If the link layer protocol is FR, X.25, OSPF defaults the network type to NBMA.l Broadcast: If the link layer protocol is Ethernet or FDDI, OSPF defaults the network type

to broadcast.l P2P: If the link layer protocol is PPP, HDLC, or LAPB, OSPF defaults the network type

to P2P.

When link layer protocols remain unchanged, you can change network types and configure OSPFfeatures to flexibly build networks.

Pre-configuration TasksBefore configuring OSPF attributes in different types of networks, complete the following tasks:


l 4.4 Configuring Basic OSPF Functions



106


Figure 4-4 Flowchart of configuring OSPF attributes in different types of networksFor an NBMA networkFor a P2MP network

Set the network type of the OSPF interface

to P2MP

Set the interval for sending poll packets

Configure neighborsDisable OSPF from

checking the network mask


to NBMA

For a broadcast network


to broadcast

Set the DR Priority for the OSPF interface

Set the DR priority for the OSPF interface

For a P2P network


to P2P


procedure

4.6.1 Configuring Network Types of OSPF Interfaces

ContextYou can configure one of the following network types for an interface as required:l P2MP: There is no concept of P2MP in link layer protocols. Therefore, a P2MP network

must be forcibly changed from other network types.l NBMA: An NBMA network must be fully meshed. That is, any two switches on the NBMA

network must be directly reachable. In most cases, however, this requirement cannot bemet. In this case, you need to forcibly change the network type through commands.

l Broadcast: To speed up the establishment of the neighbor relationship, you can change thenetwork type of broadcast to P2P network.

Procedure





Step 3 Run:ospf network-type { broadcast | nbma | p2mp | p2p }

The network type of the OSPF interface is configured.



107

By default, the network type of an interface depends on the physical interface. The network typeof an Ethernet interface is broadcast.

Configuring the new network type for an interface will cause the OSPF session on the interfaceto be reestablished.

NOTE

Generally, the network types of OSPF interfaces on both ends of a link must be the same. Otherwise, routescannot be correctly calculated.

Step 4 Run:commit


----End

4.6.2 (Optional) Setting the DR Priority for the OSPF Interface ofthe Broadcast or NBMA Network Type

ProcedureStep 1 Run:

system-view




Step 3 Run:ospf dr-priority priority

The DR priority of the OSPF interface is set. The greater the value, the higher the priority.

By default, the DR priority of an interface is 1.

Step 4 Run:commit


----End

Follow-up Procedure

CAUTIONRestarting or shutting down the current interface will interrupt the OSPF adjacency relationshipbetween devices. Therefore, perform the operation with caution.

Reconfiguring the DR priority for a device does not change the DR or BDR on a network. Youcan reelect a DR or BDR by using the following methods. This, however, will result in the



108

interruption of the OSPF adjacency relationship between devices. Therefore, the followingmethods are used only when necessary.

l Restart the OSPF processes on all the switchs.l Run the shutdown and then undo shutdown commands on the interfaces where the OSPF

adjacency relationship is established.

4.6.3 (Optional) Disabling the Function of Checking the NetworkMask on a P2MP Network

ContextOSPF needs to check the network mask in the received Hello packet. When receiving a Hellopacket that carries a different network mask from that of the local device, OSPF discards theHello packet. To establish the OSPF neighbor relationship on a P2MP network, you need todisable OSPF from checking the network mask.

Procedure





Step 3 Run:ospf network-type p2mp

The network type of the OSPF interface is configured as P2MP.

Step 4 Run:ospf p2mp-mask-ignore

OSPF is disabled from checking the network mask on the P2MP network.

Step 5 Run:commit


----End

4.6.4 Configuring Neighbors for NBMA Networks

Procedure





109



Step 3 Run:peer ip-address [ dr-priority priority ]

Neighbors are configured on an NBMA network.

l The parameter ip-address specifies the IP address of a neighbor.l The parameter dr-priority priority specifies the DR priority of the neighbor. The greater the

value, the higher the priority.

Step 4 Run:commit


----End

4.6.5 (Optional) Configuring the Interval for Sending Poll Packetsin NBMA Networks

ContextOn an NBMA network, devices establish neighbor relationships with adjacencies by sendingHello packets.

Procedure





Step 3 Run:ospf timer poll interval

The interval for sending Poll packets on the NBMA interface is set.

The parameter interval specifies the polling interval for sending Hello packets.

Step 4 Run:commit


----End




110

PrerequisitesAll configurations of OSPF attributes in different types of network are complete.

Procedurel Run the display ospf [ process-id ] interface command to check information about OSPF

interfaces.

l Run the display ospf [ process-id ] peer command to check information about OSPFneighbors.

l Run the display ospf brief command to check the interval for sending Hello packets on anNBMA network.

----End

4.7 Configuring OSPF Stub AreasBy configuring non-backbone areas at the edge of ASs as stub areas, you can reduce the size ofthe routing table and reduce the number of LSAs to be transmitted.

Applicable Environment

Dividing an AS into different areas can reduce the number of LSAs to be transmitted on thenetwork and enhance OSPF extensibility. For some non-backbone areas at the edge of ASs, youcan configure these areas as stub areas to further reduce the size of the routing table and thenumber of transmitted LSAs.


Before configuring OSPF stub areas, complete the following tasks:




Figure 4-5 Flowchart of configuring OSPF stub areas

Configure OSPF stub areas

Configure metrics of default routes sent to stub areas


procedure

4.7.1 Defining the Current Area to be a Stub Area



111

Procedure







Step 4 Run:stub [ no-summary ]

The current area is configured as a stub area.

If the parameter no-summary is specified, it indicates that an ABR is disabled from sendingsummary LSAs to a stub area. To disable an ABR from sending summary LSAs to a stub area,you can specify the parameter no-summary in the stub only when the stub command isconfigured on the ABR.

To configure an area as a stub area, you need to run the stub command on all the switchs in thisarea.

AS external routes in Type 5 LSAs cannot be advertised in a stub area. Therefore, the switchsin the stub area learn AS external routes from an ABR. The ABR automatically generates a Type3 summary LSA with the link state ID being 0.0.0.0 and the network mask being 0.0.0.0 andthen advertises the LSA in the entire stub area.

Step 5 Run:commit


----End

4.7.2 (Optional) Configuring Metrics of Default Routes Sent to StubAreas

Procedure







112



Step 4 Run:stub [ no-summary ]

The current area is configured as a stub area.

Step 5 Run:default-cost cost

The cost of the default route to the stub area is set.

The parameter cost specifies the cost of the Type 3 default route to a stub area. The default valueis 1.

This command applies to only the ABR that is connected to a stub area.

Step 6 Run:commit


----End


PrerequisitesAll configurations of OSPF stub areas are complete.

Procedurel Run the display ospf [ process-id ] peer command to check information about OSPF

neighbors.l Run the display ospf [ process-id ] routing command to check information about the OSPF

routing table.

----End

4.8 Configuring OSPF NSSA AreasConfiguring a non-backbone area on the border of an autonomous system (AS) as a not-so-stubby area (NSSA) can reduce entries in the routing table and the amount of routing informationto be transmitted. This section describes how to set the cost of the default route to an NSSA andadjust the selection of the default route.

Applicable EnvironmentAn excessive number of entries in a routing table wastes network resources and causes highcentral processing unit (CPU) usage. To reduce entries in a routing table, configure a non-backbone area on the border of an AS as a stub area or an NSSA to reduce the amount of routinginformation to be transmitted. For details on how to configure an OSPF stub area, see 4.7Configuring OSPF Stub Areas.



113

An NSSA is a new type of Open Shortest Path First area. Neither the NSSA nor the stub areatransmits routes learned from other areas in the AS where it resides. Different from the stub area,the NSSA allows AS external routes to be imported and forwarded in the entire AS.

An OSPF stub area can save system resources, but cannot import external routes. An NSSA canbe applied to a scenario in which AS external routes are to be imported but not forwarded tosave system resources.

Type 7 link state advertisements (LSAs) are used to carry imported AS external routinginformation in the NSSA. Type 7 LSAs are generated by autonomous system border routers(ASBRs) of NSSAs and flooded only in the NSSAs where ASBRs reside. The area border router(ABR) in an NSSA selects Type 7 LSAs from the received LSAs and translates them into Type5 LSAs to advertise AS external routes to the other areas over the OSPF network.

NOTE

l A Type 7 LSA is a new type of LSA that has been introduced to support NSSAs and describe importedexternal routes.

l Type 7 LSAs can be used to carry default route information to guide traffic to other ASs.

If an area needs to be configured as an NSSA, NSSA attributes must be configured on all theswitchs in this area.


Before configuring an NSSA, complete the following tasks:

l Configuring IP addresses for interfaces to ensure that neighboring switchs are reachable atthe network layer


Procedure







Step 4 Run:nssa [ default-route-advertise | no-import-route | no-summary | set-n-bit | suppress-forwarding-address | translator-always | translator-interval interval-value | zero-address-forwarding ] *

The specified area is configured as an NSSA.



114

NOTE

l NSSA attributes must be configured on all switchs in the NSSA using the nssa command.l Configuring or deleting NSSA attributes may trigger routing update in the area and disconnection from

neighbors. A second configuration of NSSA attributes can be implemented or canceled only after arouting update is complete.

The nssa command is applicable to the following scenarios:

l The default-route-advertise parameter is configured to advertise Type 7 LSAs carrying thedefault route on the ASBR to the NSSA.Regardless of whether the default route 0.0.0.0/0 exists in the routing table on the ABR, Type7 LSAs carrying the default route will be generated. However, Type 7 LSAs carrying thedefault route will be generated only when the default route 0.0.0.0/0 exists in the routingtable on the ASBR.

l If an ASBR also functions as an ABR, the no-import-route parameter is configured toprevent external routes imported using the import-route command from being advertisedto the NSSA.

l The no-summary parameter is configured on an ABR to reduce the number of LSAs thatare transmitted to the NSSA. This implementation prevents the ABR from transmitting Type3 LSAs to the NSSA.

l After the set-n-bit parameter is configured, the N-bit is set in the database description (DD)packets during the synchronization between the switch and neighboring switchs.

l The suppress-forwarding-address parameter sets the forwarding address (FA) of the Type5 LSAs translated from Type 7 LSAs by the NSSA ABR to 0.0.0.0.

l If multiple ABRs are deployed in the NSSA, the system automatically selects an ABR(generally the switch with the largest router ID) as a translator to convert Type 7 LSAs intoType 5 LSAs. You can configure the translator-always parameter on an ABR to specify theABR as an all-the-time translator. To specify two ABRs for load balancing, configure thetranslator-always parameter on the chosen ABRs to specify the ABRs as all-the-timetranslators. You can use this command to pre-configure a fixed translator to prevent LSAflooding caused by translator role changes.

l The translator-interval parameter is used to ensure uninterrupted services when translatorroles change. The value of interval-value must be greater than the flooding period.

l The zero-address-forwarding parameter is used to set the FA of the generated NSSA LSAsto 0.0.0.0 when external routes are imported to the ABR in an NSSA.

Step 5 (Optional) Run:default-cost cost

The cost of the default route on which Type 3 LSAs are transmitted to the NSSA by the ABRis set.

To ensure the reachability of AS external routes, the ABR in the NSSA generates a default routeand advertises this route to the other switchs in the NSSA. The cost of the default route to anNSSA is set and the selection of the default route is adjusted.

By default, the cost of the default route to the NSSA by the ABR is 1.

Step 6 Run:commit


----End



115


Run either of the following commands to check LSDB information:

l display ospf [ process-id ] lsdb [ brief ]l display ospf [ process-id ] lsdb [ router | network | summary | asbr | ase | nssa | opaque-

link | opaque-area ] [ link-state-id ] hostname hostname [ age { min-value min-age-value | max-value max-age-value } * ]

l display ospf [ process-id ] lsdb [ router | network | summary | asbr | ase | nssa | opaque-link | opaque-area ] [ link-state-id ] [ originate-router [ advertising-router-id ] | self-originate ] [ age { min-value min-age-value | max-value max-age-value } * ] [ resolve-hostname ]

Run either of the following commands to check routing table information:

l display ospf [ process-id ] routing [ ip-address [ mask | mask-length ] ] [ interfaceinterface-type interface-number ] [ nexthop nexthop-address ]

l display ospf [ process-id ] routing router-id [ router-id ]

Run the display ospf [ process-id ] interface [ all | interface-type interface-number ][ verbose ] command to check OSPF interface information.

4.9 Adjusting OSPF Route SelectionBy adjusting OSPF route selection, you can enable OSPF to meet the requirements of complexnetworks.

Applicable EnvironmentOn complex networks, you can adjust OSPF parameters to flexibly adjust the networking andoptimize load balancing.

Pre-configuration TasksBefore adjusting OSPF route selection, complete the following tasks:




4.9.1 Setting the Link Cost for an OSPF Interface

ContextOSPF can automatically calculate the link cost for an interface according to the interfacebandwidth. You can also set the link cost for the interface through commands.



116

If you do not set the cost of an OSPF interface by using the ospf cost cost command, OSPFautomatically calculates the cost of the interface according to the interface bandwidth. Thecalculation formula is as follows: Cost of the interface = Bandwidth reference value/Interfacebandwidth. The integer of the calculated result is the cost of the interface. If the calculated resultis smaller than 1, the cost value is 1. Changing the bandwidth reference value can change thecost of an interface.

Procedurel Setting the link cost for an OSPF interface

1. Run:system-view



The OSPF interface view is displayed.3. Run:

ospf cost cost

The cost of the OSPF interface is set.4. Run:

commit

The configuration is committed.l Setting the bandwidth reference value

1. Run:system-view


ospf [ process-id ]

The OSPF process view is displayed.3. Run:

bandwidth-reference value

The bandwidth reference value is set.

The parameter value specifies the bandwidth reference value used to calculate the linkcost, in Mbit/s.

4. Run:commit


----End

4.9.2 Setting the Preference for Equal-cost OSPF Routes

ContextAfter OSPF calculates equal-cost routes, you can run the nexthop command to select the routewith the highest priority from the equal-cost routes as the next hop. The smaller the weight, the



117

higher the priority of the route. The default weight is 255. OSPF discovers equal-cost routes andthe number of equal-cost routes is smaller than that specified in the maximum load-balancing number command. In this case, OSPF traffic will be balanced among these equal-cost routes.

Procedure





Step 3 Run:nexthop ip-address weight value

The preference is set for equal-cost routes.

l The parameter ip-address specifies the next-hop address of the equal-cost route.l The parameter value specifies the weight of the next hop. The default value is 255. The

smaller the weight, the higher the priority of the route.

Step 4 Run:commit


----End

4.9.3 Setting the Maximum Number of Equal-Cost Routes

ContextThe CE series switches support load balancing among equal-cost routes. That is, you canconfigure multiple routes, which have the same destination and preference.

Procedure





Step 3 Run:maximum load-balancing number

The maximum number of equal-cost routes is set.



118

NOTE

When the number of equal-cost routes is greater than number specified in the maximum load-balancing command, valid routes are selected for load balancing based on the following criteria:1. Route preference: Routes with higher preferences are selected for load balancing.2. Interface index: If routes have the same priorities, routes with higher interface index values are selected

for load balancing.3. Next hop IP address: If routes have the same priorities and interface index values, routes with larger

IP address are selected for load balancing.

Step 4 Run:commit


----End

4.9.4 Configuring External Route Selection Rules Compatible withRFC 1583

ContextAll devices in an OSPF routing domain must be configured with the same route selection rule.At present, most OSPF routing domains adopt the route selection rules defined in RFC 2328.

Procedure





Step 3 (Optional)Run:rfc1583 compatible

The external route selection rules, which are compatible with RFC 1583, are configured.

By default, the routing rule of compatible 1583 is enabled.

NOTE

On a network, if OSPF switchs have different configurations of the external route selection rules compatiblewith RFC 1583, external loops may occur.

Step 4 Run:commit


----End




119

PrerequisitesAll configurations of adjusting OSPF route selection are complete.

Procedurel Run the display ospf [ process-id ] interface command to check information about OSPF

interfaces.l Run the display ospf [ process-id ] routing command to check information about the OSPF

routing table.

----End

4.10 Controlling OSPF Routing InformationThis section describes how to control OSPF routing information. Detailed operations includeimporting external routes, and filtering the received routes and LSAs.

Pre-configuration TasksBefore controlling OSPF routing information, complete the following tasks:




4.10.1 Configuring OSPF to Import External Routes

ContextOSPF can ensure loop-free intra-area routes and inter-area routes; however, OSPF cannot protectexternal routes against loops. Therefore, when configuring OSPF to import external routes, avoidthe loops caused by manual configurations.

Do as follows on the switch that functions as the ASBR running OSPF:

Procedurel Configuring OSPF to import the routes discovered by other protocols

1. Run:system-view


ospf [ process-id ]




120

3. Run:import-route { protocol [ process-id ] [ cost cost | route-policy route-policy-name | tag tag | type type ] *}

The routes discovered by other protocols are imported.

– The parameter protocol specifies the routing protocol whose routes are imported.It can be direct, static, rip, ospf, isis, or bgp.

– The parameter process-id specifies the process ID of the protocol whose routes areimported. The default value is 1.

– The parameter cost cost specifies the cost of a route.– The parameter type type specifies the type of the metric. It can be 1 or 2.– The parameter tag tag specifies the tag in the external LSA.– The parameter route-policy route-policy-name indicates that the matching rules

of the specified routing policy are applied.4. Run:

commit

The configuration is committed.l Setting parameters for OSPF to import routes

1. Run:system-view


ospf [ process-id ]


default { cost { cost-value | inherit-metric } | tag tag | type type } *

The default values of parameters (the metric of routes, tag, and type) are set forimporting routes.

– The parameter cost cost-value specifies the default metric of the external routeimported by OSPF.

– The parameter inherit-metric indicates that the cost of the imported route is thecost carried in the route. If the cost is not specified, the default cost set through thedefault command is used as the cost of the imported route.

When OSPF imports external routes, you can set default values for some additionalparameters, such as the metric of routes to be imported, route tag, and route type. Theroute tag is used to identify the protocol-related information. For example, it can beused to differentiate AS numbers when OSPF receives BGP routes.

By default, the default metric of the external routes imported by OSPF is 1; the typeof the imported external routes is Type 2; the default tag value is 1.



121

NOTE

You can run one of the following commands to set the cost of the imported route. The followingcommands are listed in descending order of priority:l Run the apply cost command in a route-policy to set the cost of the imported route.l Run the import-route command for OSPF to set the cost of the imported route.l Run the default command to set the default cost of the imported route.

4. Run:commit


----End

4.10.2 Configuring OSPF to Advertise the Default Route to theOSPF Area

ContextIn a routing table, a default route is the route to the network 0.0.0.0 (with the mask being 0.0.0.0).You can check whether the default route is configured by using the display ip routing-tablecommand. If the destination address of a packet does not match any entry in the routing table,the packet is sent through a default route. If no default route exists and the destination addressof the packet does not match any entry in the routing table, the packet is discarded. An InternetControl Message Protocol (ICMP) packet is then sent, informing the originating host that thedestination host or network is unreachable.

Procedurel Configuring OSPF to Advertise the Default Route to the OSPF Area

1. Run:system-view


ospf [ process-id ]

The OSPF process view is displayed.3. Run the following commands as required:

– Run:default-route-advertise [ [ always | permit-calculate-other ] | cost cost | type type | route-policy route-policy-name | distribute-delay delay-time ] *

OSPF is configured to advertise the default route to the OSPF area.– always indicates that an LSA describing the default route is generated and then

advertised regardless of whether there are the active default routes of otherOSPF processes in the routing table of the local device.

– permit-calculate-other indicates that the local router is still allowed tocalculate the default routes advertised by other switchs after adverting itsdefault route.

– route-policy route-policy-name indicates that the local device advertisesdefault routes according to the parameters of the configured routing policy



122

when there are matched default routing entries generated by other OSPFprocesses.

– Run:default-route-advertise summary cost costThe default cost of a Type 3 summary LSA is set.Before selecting the preceding parameters, you need to configure VPN. Otherwise,this command cannot be run.

NOTE

l An ASE LSA that describes the default route is generated and then advertised only whenthere are active default routes of other OSPF processes in the routing table of the localdevice.

l Before advertising a default route, OSPF compares the preferences of default routes.Therefore, if a static default route is configured on an OSPF switch, to add the default routeadvertised by OSPF to the current routing table, ensure that the preference of the configuredstatic default route is lower than that of the default route advertised by OSPF.

4. Run:commit


----End

4.10.3 Configuring OSPF Route Aggregation

ContextDo as follows on the OSPF router.

Procedurel Configuring ABR Route Aggregation

Do as follows on the OSPF ABR:

1. Run:system-view


ospf [ process-id ]


area area-id

The OSPF area view is displayed.4. Run:

abr-summary ip-address mask [ [ advertise | not-advertise ] | cost cost ] *

ABR route aggregation of OSPF is configured.5. Run:

commit



123

The configuration is committed.l Configuring ASBR Route Aggregation

Do as follows on the OSPF ASBR:

1. Run:system-view


ospf [ process-id ]


asbr-summary ip-address mask [ not-advertise | tag tag | cost cost | distribute-delay interval ] *

ASBR route aggregation of OSPF is configured.4. Run:

commit


----End

4.10.4 Configuring OSPF to Filter the Received Routes

Procedure





Step 3 Run:filter-policy { acl-number | acl-name acl-name | ip-prefix ip-prefix-name | route-policy route-policy-name [ secondary ] } import

OSPF is configured to filter the received routes.

l The parameter acl-number specifies the number of a basic ACL.l The parameter acl-name acl-name specifies the name of an ACL.l The parameter ip-prefix ip-prefix-name specifies the name of an IP prefix list.

OSPF is a link-state dynamic routing protocol, with routing information carried in the LSA.Therefore, the filter-policy import command cannot be used to filter the advertised or receivedLSAs.

The filter-policy import command is used to filter the routes calculated by OSPF. Only theroutes that pass the filtering are added to the routing table. Routes that do not pass the filtering



124

can not added to the OSPF routing table, but can be advertised. Therefore, the LSDB is notaffected regardless of whether the received routes pass the filtering.

Step 4 Run:commit


----End

4.10.5 Configuring OSPF to Filter the Routes to Be Advertised

Procedure





Step 3 Run:filter-policy { acl-number | acl-name acl-name | ip-prefix ip-prefix-name } export [ protocol [ process-id ] ]

OSPF is configured to filter the routes imported through the import-route command. Only theroutes that pass the filtering are advertised.

l The parameter acl-number specifies the number of a basic ACL.

l The parameter acl-name acl-name specifies the name of an ACL.

l The parameter ip-prefix ip-prefix-name specifies the name of an IP prefix list.

You can specify the parameter protocol [ process-id ] to filter the routes of a certain routingprotocol or a certain OSPF process. If protocol [ process-id ] is not specified, OSPF filters allthe imported routes.

NOTE

l The import-route command cannot be used to import external default routes.

l OSPF filters the imported routes, and generates Type 5 LSAs to advertise only external routes thatpassing the filtering.

Step 4 Run:commit


----End

4.10.6 Configuring OSPF to Filter ABR Type3 LSA



125

Procedure







Step 4 Depending on type of desired filtering, run one of following commands to configure OSPF tofilter the Type 3 LSAs generated by ABRs.:

OSPF is configured to filter the Type 3 LSAs generated by ABRs.

l Run:filter { acl-number | acl-name acl-name | ip-prefix ip-prefix-name | route-policy route-policy-name } export

The outgoing summary LSAs in the local area will be filtered.l Run:

filter { acl-number | acl-name acl-name | ip-prefix ip-prefix-name | route-policy route-policy-name } import

The incoming summary LSAs in the local area are to be filtered.

Step 5 Run:commit


----End


PrerequisitesAll configurations of controlling OSPF routing information are complete.

Procedurel Run the display ospf [ process-id ] lsdb command to check information about the OSPF

LSDB.

----End

4.11 Configuring OSPF IP FRRIn the case of a link fault, a device enabled with OSPF IP FRR can fast switch traffic to thebackup link. This protects traffic and greatly improves the reliability of OSPF networks.



126

Pre-configuration TasksBefore configuring OSPF IP FRR, complete the following tasks:




Figure 4-6 Flowchart for configuring OSPF IP FRR

Enable OSPF IP FRR

Block FRR on a specified OSPF interface


procedure

4.11.1 Enabling OSPF IP FRR

ContextFRR calculation consumes a large number of CPU resources. When there are import featuressuch as routing protocol, you need to delay FRR calculation.

After FRR calculation is delayed, devices process important services such as route calculationfirst.

Do as follows on the switch that needs to protect traffic to be forwarded:

Procedure



Step 2 Run:ospf [ process-id ] [ router-id router-id | vpn-instance vpn-instance-name ] *

An OSPF process is started and the OSPF view is displayed.

Step 3 Run:frr

The OSPF IP FRR view is displayed.



127

Step 4 Run:loop-free-alternate

OSPF IP FRR is enabled to generate a loop-free backup link.

NOTE

OSPF can generate a loop-free backup link only when the OSPF IP FRR traffic protection inequality ismet.

Step 5 Run:commit


----End

4.11.2 (Optional) Blocking FRR on an OSPF Interface

Procedure




The view of an OSPF interface enabled with FRR is displayed.

Step 3 Run:ospf frr block

FRR is blocked on the OSPF interface.

Step 4 Run:commit


----End


Prerequisites

All OSPF IP FRR configurations are complete.

Procedurel Run the display ospf [ process-id ] routing command to check the information about the

primary link and backup link of a route after configuring OSPF IP FRR.

----End



128

4.12 Configuring BFD for OSPFIf there are high requirements for data transmission, and OSPF convergence needs to be speededup when the link status changes, you can configure BFD on OSPF links. After detecting a linkfailure, BFD notifies the routing protocol of the failure, which triggers fast convergence. Whenthe neighbor relationship is Down, the BFD session is deleted dynamically.

Applicable EnvironmentThe link fault or the topology change may cause devices to recalculate routes. Therefore, theconvergence of routing protocols must be speed up to improve the network performance.

Link faults are inevitable. Therefore, a feasible solution is required to fast detect faults and notifyrouting protocols of the faults immediately. If BFD is associated with routing protocols, once alink fault occurs, BFD can speed up the convergence of routing protocols.

Pre-configuration TasksBefore configuring BFD for OSPF, complete the following tasks:




Figure 4-7 Flowchart of configuring BFD for OSPF

Configure BFD on the specified interface

Configure global BFD

Configure BFD for OSPF

Prevent an interface from dynamically setting up a BFD session


procedure

4.12.1 Configuring Global BFD

Procedure




129


Step 2 Run:bfd

BFD is configured globally, and the global BFD view is displayed.

Step 3 Run:commit


----End

4.12.2 Configuring BFD for OSPF Feature

Procedure





Step 3 Run:bfd all-interfaces enable

BFD for OSPF is enabled to establish the BFD session.

If all the interfaces in a certain process are configured with BFD and their neighbor relationshipsare in the Exstart state, OSPF establishes BFD sessions on all the interfaces in the process.

Run the bfd all-interfaces { min-rx-interval receive-interval | min-tx-interval transmit-interval | detect-multiplier multiplier-value } * command to set parameters for BFD sessions.l The parameter min-rx-interval receive-interval specifies the expected minimum interval for

receiving BFD packets from the neighbor.l The parameter min-tx-interval transmit-interval specifies the minimum interval for sending

BFD packets to the neighbor.l The parameter detect-multiplier multiplier-value specifies the local detection multiplier.

NOTE

If only the bfd all-interfaces { min-rx-interval receive-interval | min-tx-interval transmit-interval |detect-multiplier multiplier-value } * command is run to set BFD parameters, and the bfd all-interfacesenable command is not run, BFD cannot be enabled.

Step 4 Run:commit


----End



130

4.12.3 (Optional) Preventing an Interface from Dynamically SettingUp a BFD Session

ContextAfter the bfd all-interfaces enable command is run in an OSPF process, BFD sessions can beestablished on all the OSPF interfaces whose neighbor relationships are Full.

Procedure




The view of the interface enabled with BFD for OSPF is displayed.

Step 3 Run:ospf bfd block

The interface is prevented from dynamically establishing a BFD session.

Step 4 Run:commit


----End

4.12.4 (Optional) Configuring BFD on the Specified Interface

Procedure




The view of the interface enabled with BFD for OSPF is displayed.

Step 3 Run:ospf bfd enable

BFD is enabled on the interface to establish the BFD session.

If all the interfaces in a certain process are configured with BFD and their neighbor relationshipsare in the Exstart state, OSPF establishes BFD sessions on all the interfaces in the process byusing default BFD parameters.



131

Run the ospf bfd { min-rx-interval receive-interval | min-tx-interval transmit- interval |detect-multiplier multiplier-value } * command to set parameters for BFD sessions.

NOTE

l The BFD priority configured on an interface is higher than the BFD priority configured in a process.That is, if BFD is enabled on an interface, BFD parameters on the interface are used to establish BFDsessions.

l If only the ospf bfd { min-rx-interval receive-interval | min-tx-interval transmit- interval | detect-multiplier multiplier-value } * command is run to set BFD parameters, and the ospf bfd enablecommand is not run, BFD cannot be enabled on the interface.

Step 4 Run:commit


----End


PrerequisitesAll configurations of BFD for OSPF are complete.

Procedurel Run one of the following commands to check the BFD session:

– display ospf [process-id ] bfd session interface-type interface-number [ router-id ]– display ospf [process-id ] bfd session { router-id | all }

----End

4.13 Configuring OSPF Fast ConvergenceBy adjusting OSPF timers, you can implement OSPF fast network convergence.

Pre-configuration TasksBefore configuring OSPF fast convergence, complete the following tasks:




4.13.1 Setting the Convergence Priority of OSPF Routes



132

ContextWith the integration of network services, different services such as data, voice, and video runon the same network infrastructure, and have different requirements for the network. For Videoon Demand (VoD) services, the route convergence speed of the multicast source server is themost critical factor that affects multicast services. It is required that the routes to the multicastsource should converge rapidly when network faults occur. On the BGP or MPLS VPN bearernetwork where OSPF is used to implement the IP connectivity of the backbone network, end-to-end routes between PEs need to be converged rapidly.

You can set priorities for specific routes by setting the convergence priority of OSPF routes sothat these routes converge preferentially. This shortens the interruption of key services andimproves the reliability of the entire network.

Procedure





Step 3 Run:prefix-priority { critical | high | medium } ip-prefix ip-prefix-name

The convergence priority of OSPF routes is set.

After the convergence priority of OSPF routes is set, OSPF can calculate and flood LSAs, andsynchronize LSDBs according to priorities. This speeds up route convergence. When an LSAmeets multiple priorities, the highest priority takes effect. OSPF calculates LSAs in the sequenceof intra-area routes, inter-area routes, and AS external routes. This command makes OSPFcalculate route priorities. Convergence priorities are critical, high, medium, and low. To speedup the processing of LSAs with the higher priority, during LSA flooding, the LSAs need to beplaced into the corresponding critical, high, medium, and low queues according to priorities.

NOTE

This command takes effect only on the public network.

Step 4 Run:commit


----End

4.13.2 Setting the Interval for Sending Hello Packets

ContextHello packets are commonly used packets, which are periodically sent on OSPF interfaces toestablish and maintain neighbor relationships. The intervals set on the interfaces connecting two



133

OSPF neighbors need to be the same. Otherwise, the OSPF neighbor relationship cannot beestablished.

Procedure





Step 3 Run:ospf timer hello interval

The interval for sending Hello packets is set on the OSPF interface.

By default, the interval for sending Hello packets on a P2P or broadcast interface is 10s; theinterval for sending Hello packets on a P2MP or NBMA interface is 30s; the dead time for theOSPF neighbors on the same interface is four times the interval for sending Hello packets.

Step 4 Run:commit


----End

4.13.3 Setting the Dead Time of the Neighbor Relationship

Procedure





Step 3 Run:ospf timer dead interval

The dead time after which the neighbor relationship between two switchs is set.

By default, the dead time of the neighbor relationship on a P2P or broadcast interface is 40s; thedead time of the neighbor relationship on a P2MP or NBMA interface is 120s; the dead time ofthe neighbor relationship on the same interface is four times the interval for sending Hellopackets.



134

NOTE

Setting the dead interval of an OSPF neighbor to be longer than 20s is recommended. If the dead intervalof an OSPF neighbor is shorter than 20s, the session may be closed.

Both the Hello timer and the Dead timer are restored to the default values after the network type is changed.

Step 4 Run:commit


----End

4.13.4 Configuring Smart-discover

Context

Before Smart-discover is configured, when the neighbor status of the switch changes or the DR/BDR on the multi-access network (broadcast or NBMA network) changes, the switch does notsend Hello packets to its neighbor until the Hello timer expires. This slows down theestablishment of neighbor relationships between devices. After Smart-discover is configured,when the neighbor relationship status of the switch changes or the DR/BDR on the multi-accessnetwork (broadcast or NBMA network) changes, the switch can send Hello packets to itsneighbor immediately without waiting for the expiration of the Hello timer. This speeds up theestablishment of neighbor relationships and thus implements fast convergence of OSPFnetworks.

Procedure





Step 3 Run:ospf smart-discover

Smart-discover is configured on the interface.

Step 4 Run:commit


----End

4.13.5 Setting the Interval for Updating LSAs



135

ContextIn OSPF, the interval for updating LSAs is defined as 1s. This aims to prevent networkconnections or frequent route flapping from consuming excessive network bandwidth or deviceresources.

On a stable network where routes need to be fast converged, you can cancel the interval forupdating LSAs by setting the interval to 0 seconds. In this manner, the changes of the topologyor the routes can be immediately advertised on the network through LSAs. Route convergenceon the network is thus sped up.

Procedure





Step 3 Run:lsa-originate-interval { 0 | { intelligent-timer max-interval start-interval hold-interval | other-type interval } * }

The interval for updating LSAs is set.

l The parameter intelligent-timer indicates that the interval for updating router LSAs andnetwork LSAs is set through an intelligent timer.

l The parameter max-interval specifies the maximum interval for updating LSAs, inmilliseconds.

l The parameter start-interval specifies the initial interval for updating LSAs, in milliseconds.l The parameter hold-interval specifies the hold interval for updating LSAs, in milliseconds.l The parameter other-type interval indicates that the interval for updating LSAs excluding

Router LSAs and Network LSAs is set.

By default, no intelligent timer is enabled. After an intelligent timer is enabled, the defaultmaximum interval for updating LSAs is 5000 ms, the default initial interval is 500 ms, and thedefault hold interval is 1000 ms (the interval is expressed in milliseconds). Details about theinterval for updating LSAs are as follows:

1. The initial interval for updating LSAs is specified by start-interval.

2. The interval for updating LSAs for the nth (n ≥ 2) time is equal to hold-interval x 2(n-2).

3. When the interval specified by hold-interval x 2(n-2) reaches the maximum interval specifiedby max-interval, OSPF updates LSAs at the maximum interval for three consecutive times.Then, OSPF goes back to Step 3.1 and updates LSAs at the initial interval specified bystart-interval.

Step 4 Run:commit


----End



136

4.13.6 Setting the Interval for Receiving LSAs

ContextIn OSPF, the interval for receiving LSAs is 1s. This aims to prevent network connections orfrequent route flapping from consuming excessive network bandwidth or device resources.

On a stable network where routes need to be fast converged, you can cancel the interval forreceiving LSAs by setting the interval to 0 seconds. In this manner, the changes of the topologyor the routes can be immediately advertised to the network through LSAs. Route convergenceon the network is thus sped up.

Procedure





Step 3 Run:lsa-arrival-interval { interval | intelligent-timer max-interval start-interval hold-interval }

The interval for receiving LSAs is set.

l The parameter interval specifies the interval for receiving LSAs, in milliseconds.l The parameter intelligent-timer indicates that the interval for receiving router LSAs or

network LSAs is set through an intelligent timer.l The parameter max-interval specifies the maximum interval for receiving LSAs, in

milliseconds.l The parameter start-interval specifies the initial interval for receiving LSAs, in milliseconds.l The parameter hold-interval specifies the hold interval for receiving LSAs, in milliseconds.

On a stable network where routes need to be fast converged, you can set the interval for receivingLSAs to 0 seconds so that the changes of the topology or the routes can be detected immediately.

By default, no intelligent timer is enabled. After an intelligent timer is enabled, the defaultmaximum interval for receiving LSAs is 1000 ms, the default initial interval is 500 ms, and thedefault hold interval is 500 ms. Details about the interval for receiving LSAs are as follows:

1. The initial interval for receiving LSAs is specified by the parameter start-interval.

2. The interval for receiving LSAs for the nth (n ≥ 2) time is equal to hold-interval x 2(n-2).

3. When the interval specified by hold-interval x 2(n-2) reaches the maximum interval specifiedby max-interval, OSPF receives LSAs at the maximum interval for three consecutive times.Then, OSPF goes back to Step 3.1 and receives LSAs at the initial interval specified bystart-interval.

Step 4 Run:commit



137


----End

4.13.7 Setting the Interval for the SPF Calculation

ContextWhen the OSPF LSDB changes, the shortest path needs to be recalculated. If a network changesfrequently and the shortest path is calculated continually, many system resources are consumedand thus system performance is degraded. By configuring an intelligent timer and properlysetting the interval for the SPF calculation, you can prevent excessive system memory andbandwidth resources from being occupied.

Procedure





Step 3 Run:spf-schedule-interval { interval1 | intelligent-timer max-interval start-interval hold-interval | millisecond interval2 }

The interval for the SPF calculation is set.

l The parameter interval1 specifies the interval for the SPF calculation, in milliseconds.l The parameter intelligent-timer indicates that the interval for the SPF calculation is set

through an intelligent timer.l The parameter max-interval specifies the maximum interval for the SPF calculation, in

milliseconds.l The parameter start-interval specifies the initial interval for the SPF calculation, in

milliseconds.l The parameter hold-interval specifies the hold interval for the SPF calculation, in

milliseconds.l The parameter millisecond interval2 specifies the interval for the SPF calculation, in

milliseconds.

By default, an intelligent timer is enabled; the maximum interval for the SPF calculation is 10000ms, the initial interval is 500 ms, and the hold interval is 1000 ms (the interval is expressed inmilliseconds).

After an intelligent timer is enabled, the interval for the SPF calculation is as follows:

1. The initial interval for the SPF calculation is specified by the parameter start-interval.2. The interval for the SPF calculation for the nth (n ≥ 2) time is equal to hold-interval x 2

(n-2).



138

3. When the interval specified by hold-interval x 2(n-2) reaches the maximum interval specifiedby max-interval, OSPF performs the SPF calculation at the maximum interval for threeconsecutive times. Then, OSPF goes back to 3.1 and performs the SPF calculation at theinitial interval specified by start-interval.

Step 4 Run:commit


----End


PrerequisitesAll configurations of OSPF fast convergence are complete.

Procedurel Run the display ospf [ process-id ] brief command to check brief information about the

specified OSPF process.

----End

4.14 Configuring OSPF GR HelperTo avoid traffic interruption and route flapping caused by the active/standby switchover, youcan enable OSPF GR.

Applicable Environment

Graceful Restart (GR) is a technology used to ensure normal traffic forwarding and non-stopforwarding of key services during the restart of routing protocols. GR is one of high availability(HA) technologies. HA technologies comprise a set of comprehensive techniques, such as fault-tolerant redundancy, link protection, faulty node recovery, and traffic engineering. As a fault-tolerant redundancy technology, GR is widely used to ensure non-stop forwarding of keyservices during master/slave switchover and system upgrade.

NOTE

The CE series switches support only the GR Helper.


Before configuring OSPF GR, complete the following tasks:





139

Procedure





Step 3 Run:opaque-capability enable

The opaque-LSA capability is enabled.

The opaque-LSA capability of OSPF needs to be enabled first because OSPF supports GRthrough Type 9 LSAs.

Step 4 Run:graceful-restart helper-role { [ { ip-prefix ip-prefix-name | acl-number acl-number | acl-name acl-name } | ignore-external-lsa | planned-only ] * | never }

The GR session parameters is set.

l Set ACL parameters, the local switch can enter the Helper mode only after neighbors passthe filtering policies of ip-prefix or acl.

l Set ignore-external-lsa, the Helper does not check the LSAs outside the AS (AS-externalLSA). By default, the Helper checks the LSAs outside the AS.

l Set planned-only, the Helper supports only the planned-GR. By default, the Helper supportsboth the planned-GR and unplanned-GR.

l Set never, the switch does not support the Helper mode.

----End

Checking the ConfigurationRun the display ospf [ process-id ] graceful-restart [ verbose ] command to check the restartstatus of OSPF GR.

4.15 Improving the Stability of an OSPF NetworkA stable OSPF network features less route flapping, normal device performance, and goodnetwork performance.

Applicable EnvironmentBy setting timers, you can reduce the number of unnecessary packets on networks and reducethe load on the device. Network performance is thus improved.

Pre-configuration TasksBefore improving the security of an OSPF network, complete the following tasks:



140




4.15.1 Setting the Priority of OSPF

Procedure





Step 3 Run:preference [ ase ] { preference | route-policy route-policy-name } *

The priority of OSPF is set.

l If the parameter ase is specified, it indicates that the preference of AS external routes is set.l The parameter preference specifies the preference of OSPF routes. The smaller the value,

the higher the preference.l If the parameter route-policy route-policy-name is specified, it indicates that the preference

is set for specified routes according to the routing policy.

By default, the preference of OSPF routes is 10. When the parameter ase is specified, the defaultpreference of AS external routes is 150.

Step 4 Run:commit


----End

4.15.2 Configuring the Delay for Transmitting LSAs on theInterface

Procedure




141




Step 3 Run:ospf trans-delay interval

The delay in transmitting LSAs is set on the interface.

By default, the delay in transmitting LSAs is 1s.

Step 4 Run:commit


----End

4.15.3 Configuring the Interval for Retransmitting LSAs

Procedure





Step 3 Run:ospf timer retransmit interval

The interval for retransmitting LSAs between adjacent switchs is set.

By default, the interval for retransmitting LSAs is 5 seconds.

NOTE

The interval for retransmitting LSAs between adjacent switchs cannot be set too small. Otherwise, certainLSAs are retransmitted unnecessarily. Generally, the interval needs to be greater than the round trip timeof a packet transmitted between two switchs.

Step 4 Run:commit


----End

4.15.4 Configuring Secure Synchronization



142

ContextWhen the switchs in an area just finish synchronizing the LSDBs, the LSDBs of these switchsare different from each other. As a result, route flapping occurs. You can configure securesynchronization to solve this problem. This, however, may delay the establishment of the OSPFadjacency relationship.

Procedure



Step 2 Run:ospf [process-id ]


Step 3 Run:safe-sync enable

Secure synchronization is configured.

Step 4 Run:commit


----End

4.15.5 Configuring Stub Routers

ContextA stub switch is used to control traffic and instruct other OSPF switchs not to use it to forwarddata. Other OSPF switchs can have a route to the stub switch.

The metric of links in the Router LSAs generated by the stub switch is set to the maximum value(65535).

Procedure





Step 3 Run:stub-router [ on-startup [ interval ] ]

A stub switch is configured.



143

The parameter on-startup [ interval ] specifies the interval during which the switch remains tobe a stub switch. By default, the interval is 500 seconds.

NOTE

There is no relation between the stub switch configured through this command and the switch in a stubarea.

Step 4 Run:commit


----End

4.15.6 Suppressing an Interface from Receiving or Sending OSPFPackets

Context

After an OSPF interface is set to be in the silent state, the interface can still advertise its directroutes. Hello packets on the interface, however, cannot be forwarded. Therefore, no neighborrelationship can be established on the interface. This can enhance the networking adaptabilityof OSPF and reduce the consumption of system resources.

Procedure





Step 3 Run:silent-interface { all | interface-type interface-number }

The interface is suppressed from receiving or sending OSPF packets.

Step 4 Run:commit


----End


PrerequisitesAll configurations of improving the stability of an OSPF network are complete.



144

Procedurel Run the display ospf [ process-id ] brief command to check brief information about the

specified OSPF process.l Run the display ip routing-table command to check information about the IP routing table.

----End

4.16 Improving the Security of an OSPF NetworkOn a network demanding high security, you can configure OSPF authentication and theGTSM to improve the security of the OSPF network.

Applicable EnvironmentWith the increase in attacks on TCP/IP networks and the defects in the TCP/IP protocol suite,network attacks have a greater impact on the network security. Especially attacks on networkdevices will cause the crash of the network. By configuring the GTSM and authentication, youcan improve the security of an OSPF network.

The CE series switches support the following authentication modes:l Simple authenticationl MD5 authenticationl HMAC-MD5 authenticationl Keychain authentication

NOTE

The CE series switches supports OSPF GTSM. For detailed configuration of OSPF GTSM, refer to theCloudEngine 6800&5800 Series Switches Configuration Guide - Security

NOTE

Pre-configuration TasksBefore improving the security of an OSPF network, complete the following tasks:




4.16.1 Configuring the Area Authentication Mode

Procedure




145






Step 4 Run any of the following command to configure the authentication mode of the OSPF area asrequired:l Run:

authentication-mode simple [ plain plain-text | [ cipher ] cipher-text ]Simple authentication is configured for the OSPF area.– plain indicates the plain text password.– cipher indicates the cipher text password. For Message Digest 5 (MD5) or Hashed

Message Authentication Code-MD5 (HMAC-MD5) authentication, the authenticationmode is in cipher text by default.

l Run:authentication-mode { md5 | hmac-md5 } [ key-id { plain plain-text | [ cipher ] cipher-text } ]Authentication mode is configured for the OSPF area.– md5 indicates the MD5 cipher text authentication mode.– hmac-md5 indicates the HMAC-MD5 cipher text authentication mode.– key-id specifies the ID of the authentication key.

l Run:authentication-mode keychain keychain-nameThe Keychain authentication is configured for the OSPF area.

NOTE

Before using the Keychain authentication, you need to configure Keychain information in the systemview. To establish the OSPF neighbor relationship, you need to ensure that the key-id, algorithm, andkey-string of the local ActiveSendKey are the same as those of the remote ActiveRecvKey.

Step 5 Run:commit


----End

4.16.2 Configuring the Interface Authentication Mode

Procedure





146



Step 3 Run any of the following commands to configure the interface authentication mode as required:l Run:

ospf authentication-mode simple [ plain plain-text | [ cipher ] cipher-text ]Simple authentication is configured for the OSPF interface.– simple indicates simple authentication.– plain indicates the plain text password. For simple authentication, the authentication

mode is in plain text by default.– cipher indicates the cipher text password. For MD5 or HMAC-MD5 authentication, the

authentication mode is in cipher text by default.l Run:

ospf authentication-mode { md5 | hmac-md5 } [ key-id { plain plain-text | [ cipher ] cipher-text } ]Authentication mode is configured for the OSPF interface.– md5 indicates the MD5 cipher text authentication mode.– hmac-md5 indicates the HMAC-MD5 cipher text authentication mode.

l Run:ospf authentication-mode nullThe OSPF interface is not authenticated.

l Run:ospf authentication-mode keychain keychain-nameThe Keychain authentication is configured for the OSPF area.

NOTE

Before using the Keychain authentication, you need to configure Keychain information in the systemview. To establish the OSPF neighbor relationship, you need to ensure that the key-id, algorithm, andkey-string of the local ActiveSendKey are the same as those of the remote ActiveRecvKey.

Step 4 Run:commit


----End


PrerequisitesAll configurations of improving the security of an OSPF network are complete.

Procedurel Run the display ospf [ process-id] brief command to view the configurations of the system

in the current view.

----End



147

4.17 Configuring the Network Management Function ofOSPF

OSPF supports the network management function. You can bind the OSPF MIB to a certainOSPF process.

Applicable EnvironmentThrough the Simple Network Management Protocol (SNMP), the OSPF ManagementInformation Base (MIB) manages multicast information exchanged between the NMS andagents.

Pre-configuration TasksBefore configuring the network management function of OSPF, complete the following tasks:



Procedure



Step 2 Run:ospf mib-binding process-id

The OSPF process is bound to the MIB.

Step 3 Run:commit


----End


l Run the display ospf [ process-id ] brief command to check brief information about thebinding between the OSPF process and the MIB.

4.18 Maintaining OSPFMaintaining OSPF involves resetting OSPF, and clearing OSPF statistics.



148

4.18.1 Clearing OSPF

Context

CAUTIONOSPF information cannot be restored after you clear it. So, confirm the action before you usethe command.

To clear OSPF information, run the following reset commands in the user view.

Procedurel Run the reset ospf [ process-id ] counters [ neighbor [ interface-type interface-number ]

[ router-id ] ] command to reset OSPF counters.– counters indicates OSPF counters.– neighbor indicates neighbor information on the specified interface.

l Run the reset ospf [ process-id ] redistribution command in the user view to re-importroutes by OSPF.

l Run the reset gtsm statistics all command in the user view to clear the GTSM statisticson the device.

l Run the reset ospf [ process-id ] frr command in the user view to perform OSPF IP FRRcalculation again.

l Run the reset ospf [ process-id ] peer [ interface-type interface-number ] router-idcommand to restart OSPF peers.

----End

4.18.2 Resetting OSPF

Context

CAUTIONThe OSPF adjacency relationship between the switchs will be torn down after you run the resetospf command to reset OSPF connections. So, confirm the action before you use the command.

To reset OSPF connections, run the following reset commands in the user view.

Procedurel Run the reset ospf [ process-id ] process command in the user view to restart the OSPF

process.

----End



149

4.19 Configuring ExamplesThis section provides several configuration examples of OSPF together with the configurationflowchart. The configuration examples explain networking requirements, and configurationroadmap.

4.19.1 Example for Configuring Basic OSPF Functions

Networking RequirementsAs shown in Figure 4-8, all switchs run OSPF, and the entire AS is partitioned into three areas.Switch A and Switch B function as ABRs to forward the routes between areas.

After the configuration is complete, each switch should learn the routes to all network segmentsin the AS.

Figure 4-8 Networking diagram of configuring basic OSPF functions

SwitchA SwitchB

SwitchD

10GE1/0/1VLANIF10192.168.0.1/24

10GE1/0/1VLANIF10

192.168.0.2/24

10GE1/0/2VLANIF30192.168.2.1/2410GE1/0/1VLANIF30192.168.2.2/24

Area0

10GE1/0/2VLANIF20

192.168.1.1/24

10GE1/0/2VLANIF50172.17.1.1/24

SwitchC

10GE1/0/1VLANIF20

192.168.1.2/24

Area1

10GE1/0/2VLANIF40

172.16.1.1/24

Area2

10GE1/0/1VLANIF40

172.16.1.2/24

10GE1/0/1VLANIF50172.17.1.2/24

SwitchE SwitchF


1. Enable OSPF on each switch.2. Specify network segments in different areas.



150

Procedure

Step 1 Assign an IP address to each interface. The detailed configuration is not mentioned here.

Step 2 Configure basic OSPF functions.


[~SwitchA] router id 1.1.1.1[~SwitchA] ospf 1[~SwitchA-ospf-1] area 0[~SwitchA-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.0.255[~SwitchA-ospf-1-area-0.0.0.0] quit[~SwitchA-ospf-1] area 1[~SwitchA-ospf-1-area-0.0.0.1] network 192.168.1.0 0.0.0.255[~SwitchA-ospf-1-area-0.0.0.1] quit[~SwitchA-ospf-1] commit


[~SwitchB] router id 2.2.2.2[~SwitchB] ospf 1[~SwitchB-ospf-1] area 0[~SwitchB-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.0.255[~SwitchB-ospf-1-area-0.0.0.0] quit[~SwitchB-ospf-1] area 2[~SwitchB-ospf-1-area-0.0.0.2] network 192.168.2.0 0.0.0.255[~SwitchB-ospf-1-area-0.0.0.2] quit[~SwitchB-ospf-1] commit


[~SwitchC] router id 3.3.3.3[~SwitchC] ospf 1[~SwitchC-ospf-1] area 1[~SwitchC-ospf-1-area-0.0.0.1] network 192.168.1.0 0.0.0.255[~SwitchC-ospf-1-area-0.0.0.1] network 172.16.1.0 0.0.0.255[~SwitchC-ospf-1-area-0.0.0.1] commit[~SwitchC-ospf-1-area-0.0.0.1] quit


[~SwitchD] router id 4.4.4.4[~SwitchD] ospf 1[~SwitchD-ospf-1] area 2[~SwitchD-ospf-1-area-0.0.0.2] network 192.168.2.0 0.0.0.255[~SwitchD-ospf-1-area-0.0.0.2] network 172.17.1.0 0.0.0.255[~SwitchD-ospf-1-area-0.0.0.2] commit[~SwitchD-ospf-1-area-0.0.0.2] quit

# Configure Switch E.

[~SwitchE] router id 5.5.5.5[~SwitchE] ospf 1[~SwitchE-ospf-1] area 1[~SwitchE-ospf-1-area-0.0.0.1] network 172.16.1.0 0.0.0.255[~SwitchE-ospf-1-area-0.0.0.1] commit[~SwitchE-ospf-1-area-0.0.0.1] quit

# Configure Switch F.

[~SwitchF] router id 6.6.6.6[~SwitchF] ospf 1[~SwitchF-ospf-1] area 2[~SwitchF-ospf-1-area-0.0.0.2] network 172.17.1.0 0.0.0.255[~SwitchF-ospf-1-area-0.0.0.2] commit[~SwitchF-ospf-1-area-0.0.0.2] quit



151


# Display the OSPF neighbors of Switch A.

[~SwitchA] display ospf peer OSPF Process 1 with Router ID 1.1.1.1 Neighbors Area 0.0.0.0 interface 192.168.0.1(10GE1/0/1)'s neighborsRouter ID: 2.2.2.2 Address: 192.168.0.2State: Full Mode:Nbr is Master Priority: 1 DR: 192.168.0.2 BDR: 192.168.0.1 MTU: 0 Dead timer due in 36 sec Retrans timer interval: 5 Neighbor is up for 00:15:04 Authentication Sequence: [~ 0 ] Area 0.0.0.1 interface 192.168.1.1(10GE1/0/2)'s neighborsRouter ID: 3.3.3.3 Address: 192.168.1.2State: Full Mode:Nbr is Master Priority: 1 DR: 192.168.1.2 BDR: 192.168.1.1 MTU: 0 Dead timer due in 39 sec Retrans timer interval: 5 Neighbor is up for 00:07:32 Authentication Sequence: [~ 0 ]

# Display the OSPF routes of Switch A.

[~SwitchA] display ospf routing

OSPF Process 1 with Router ID 1.1.1.1 Routing Tables

Routing for Network Destination Cost Type NextHop AdvRouter Area

172.16.1.0/24 2 Transit 192.168.1.2 3.3.3.3 0.0.0.1 172.17.1.0/24 3 Inter-area 192.168.0.2 2.2.2.2 0.0.0.0 192.168.2.0/24 2 Inter-area 192.168.0.2 2.2.2.2 0.0.0.0

Total Nets: 3 Intra Area: 1 Inter Area: 2 ASE: 0 NSSA: 0

# Display the LSDB of Switch A.

[~SwitchA] display ospf lsdb

OSPF Process 1 with Router ID 1.1.1.1 Link State Database

Area: 0.0.0.0 Type LinkState ID AdvRouter Age Len Sequence Metric Router 1.1.1.1 1.1.1.1 93 48 80000004 1 Router 2.2.2.2 2.2.2.2 92 48 80000004 1 Sum-Net 172.16.1.0 1.1.1.1 1287 28 80000002 2 Sum-Net 192.168.1.0 1.1.1.1 1716 28 80000001 1 Sum-Net 172.17.1.0 2.2.2.2 1336 28 80000001 2 Sum-Net 192.168.2.0 2.2.2.2 87 28 80000002 1

Area: 0.0.0.1 Type LinkState ID AdvRouter Age Len Sequence Metric Router 1.1.1.1 1.1.1.1 1420 48 80000002 1 Router 3.3.3.3 3.3.3.3 1294 60 80000003 1 Router 5.5.5.5 5.5.5.5 1296 36 80000002 1 Network 172.16.1.1 3.3.3.3 1294 32 80000001 0 Sum-Net 172.17.1.0 1.1.1.1 1325 28 80000001 3 Sum-Net 192.168.0.0 1.1.1.1 1717 28 80000001 1 Sum-Net 192.168.2.0 1.1.1.1 1717 28 80000001 2

# Display the routing table on Switch D and perform the ping operation to test the connectivity.

[~SwitchD] display ospf routing



152



172.16.1.0/24 4 Inter-area 192.168.2.1 2.2.2.2 0.0.0.2

192.168.0.0/24 2 Inter-area 192.168.2.1 2.2.2.2 0.0.0.2

192.168.1.0/24 3 Inter-area 192.168.2.1 2.2.2.2 0.0.0.2

Total Nets: 3 Intra Area: 0 Inter Area: 3 ASE: 0 NSSA: 0[~SwitchD] ping 172.16.1.1 PING 172.16.1.1: 56 data bytes, press CTRL_C to break Reply from 172.16.1.1: bytes=56 Sequence=1 ttl=253 time=62 ms Reply from 172.16.1.1: bytes=56 Sequence=2 ttl=253 time=16 ms Reply from 172.16.1.1: bytes=56 Sequence=3 ttl=253 time=62 ms Reply from 172.16.1.1: bytes=56 Sequence=4 ttl=253 time=94 ms Reply from 172.16.1.1: bytes=56 Sequence=5 ttl=253 time=63 ms --- 172.16.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 16/59/94 ms

----End


# sysname SwitchA# router id 1.1.1.1# vlan batch 10 20#interface Vlanif10 ip address 192.168.0.1 255.255.255.0 #interface Vlanif20 ip address 192.168.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20 #ospf 1 area 0.0.0.0 network 192.168.0.0 0.0.0.255 area 0.0.0.1 network 192.168.1.0 0.0.0.255#return

l Configuration file of Switch B# sysname SwitchB# router id 2.2.2.2#



153

vlan batch 10 30#interface Vlanif10 ip address 192.168.0.2 255.255.255.0#interface Vlanif30 ip address 192.168.2.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10 #interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 30 #ospf 1 area 0.0.0.0 network 192.168.0.0 0.0.0.255 area 0.0.0.2 network 192.168.2.0 0.0.0.255#return

l Configuration file of Switch C# sysname SwitchC# router id 3.3.3.3# vlan batch 20 40#interface Vlanif20 ip address 192.168.1.2 255.255.255.0#interface Vlanif40 ip address 172.16.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 20 #interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 40 #ospf 1 area 0.0.0.1 network 192.168.1.0 0.0.0.255 network 172.16.1.0 0.0.0.255#return

l Configuration file of Switch D# sysname SwitchD# router id 4.4.4.4# vlan batch 30 50#interface Vlanif30 ip address 192.168.2.2 255.255.255.0#interface Vlanif50 ip address 172.17.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 30



154

#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 50 #ospf 1 area 0.0.0.2 network 192.168.2.0 0.0.0.255 network 172.17.1.0 0.0.0.255#return

l Configuration file of Switch E# sysname SwitchE#router id 5.5.5.5# vlan batch 40#interface Vlanif40 ip address 172.16.1.2 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 40 #ospf 1 area 0.0.0.1 network 172.16.1.0 0.0.0.255#return

l Configuration file of Switch F# sysname SwitchF# router id 6.6.6.6# vlan batch 50#interface Vlanif50 ip address 172.17.1.2 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 50#ospf 1 area 0.0.0.2 network 172.17.1.0 0.0.0.255#return

4.19.2 Example for Configuring OSPF Stub Areas


As shown in Figure 4-9, all switchs run OSPF, and the entire AS is partitioned into three areas.Switch A and Switch B function as ABRs to advertise routes between areas; Switch D functionsas the ASBR to import external routes, that is, static routes.

It is required to configure Area 1 as a stub area to reduce the LSAs advertised to this area withoutaffecting the route reachability.



155

Figure 4-9 Networking diagram of configuring an OSPF stub area

SwitchA SwitchB

SwitchD

10GE1/0/1VLANIF10192.168.0.1/24

10GE1/0/1VLANIF10

192.168.0.2/24


Area0

10GE1/0/2VLANIF20

192.168.1.1/24

10GE1/0/2VLANIF50172.17.1.1/24

SwitchC

10GE1/0/1VLANIF20

192.168.1.2/24

Area1

10GE1/0/2VLANIF40

172.16.1.1/24

Area2

10GE1/0/1VLANIF40

172.16.1.2/24

10GE1/0/1VLANIF50172.17.1.2/24

SwitchE SwitchF

StubASBR


1. Configure basic OSPF functions on each switch to realize interconnection.2. Configure static routes on Switch D and import it into OSPF.3. Configure Area 1 as a stub area by running the stub command on all switchs in Area 1 and

check the OSPF routing information on Switch C.4. Prevent Switch A from advertising Type 3 LSAs to the stub area, and check the OSPF

routing information on Switch C.

ProcedureStep 1 Assign an IP address to each interface. The detailed configuration is not mentioned here.

Step 2 Configure basic OSPF functions. For details, see 4.19.1 Example for Configuring Basic OSPFFunctions.

Step 3 Configure Switch D to import static routes.[~SwitchD] ip route-static 200.0.0.0 8 null 0[~SwitchD] ospf 1[~SwitchD-ospf-1] import-route static type 1[~SwitchD-ospf-1] commit[~SwitchD-ospf-1] quit

# Display ABR and ASBR information on Switch C.[~SwitchC] display ospf abr-asbr



156

OSPF Process 1 with Router ID 3.3.3.3 Routing Table to ABR and ASBR Type Destination Area Cost NextHop RtType Intra-area 1.1.1.1 0.0.0.1 1 192.168.1.1 ABR Inter-area 4.4.4.4 0.0.0.1 3 192.168.1.1 ASBR

# Display the OSPF routing table on Switch C.

NOTE

If the area where Switch C resides is a common area, external routes exist in the routing table.[~SwitchC] display ospf routing



172.17.1.0/24 4 Inter-area 192.168.1.1 1.1.1.1 0.0.0.1 192.168.0.0/24 2 Inter-area 192.168.1.1 1.1.1.1 0.0.0.1 192.168.2.0/24 3 Inter-area 192.168.1.1 1.1.1.1 0.0.0.1

Routing for ASEs Destination Cost Type Tag NextHop AdvRouter

200.0.0.0/8 4 Type1 1 192.168.1.1 4.4.4.4


Step 4 Configure Area 1 as a stub area.


[~SwitchA] ospf 1[~SwitchA-ospf-1] area 1[~SwitchA-ospf-1-area-0.0.0.1] stub[~SwitchA-ospf-1-area-0.0.0.1] commit[~SwitchA-ospf-1-area-0.0.0.1] quit


[~SwitchC] ospf 1[~SwitchC-ospf-1] area 1[~SwitchC-ospf-1-area-0.0.0.1] stub[~SwitchC-ospf-1-area-0.0.0.1] commit[~SwitchC-ospf-1-area-0.0.0.1] quit


[~SwitchE] ospf 1[~SwitchE-ospf-1] area 1[~SwitchE-ospf-1-area-0.0.0.1] stub[~SwitchE-ospf-1-area-0.0.0.1] commit[~SwitchE-ospf-1-area-0.0.0.1] quit

# Display the routing table on Switch C.

NOTE

After the area where Switch C resides is configured as a stub area, a default route rather than AS externalroutes exists in the routing table.

[~SwitchC] display ospf routing




157

Routing for Network Destination Cost Type NextHop AdvRouter Area 0.0.0.0/0 2 Inter-area 192.168.1.1 1.1.1.1 0.0.0.1 172.17.1.0/24 4 Inter-area 192.168.1.1 1.1.1.1 0.0.0.1 192.168.0.0/24 2 Inter-area 192.168.1.1 1.1.1.1 0.0.0.1 192.168.2.0/24 3 Inter-area 192.168.1.1 1.1.1.1 0.0.0.1


Step 5 # Prevent Switch A from advertising Type 3 LSAs to the stub area.[~SwitchA] ospf[~SwitchA-ospf-1] area 1[~SwitchA-ospf-1-area-0.0.0.1] stub no-summary[~SwitchA-ospf-1-area-0.0.0.1] commit[~SwitchA-ospf-1-area-0.0.0.1] quit


# Display the OSPF routing table on Switch C.

[~SwitchC] display ospf routing


Routing for Network Destination Cost Type NextHop AdvRouter Area 0.0.0.0/0 2 Inter-area 192.168.1.1 1.1.1.1 0.0.0.1


NOTE

After the advertisement of summary LSAs to the stub area is disabled, the routing entries on the switch inthe stub area are further reduced, and only the default route to a destination outside the stub area is reserved.

----End


# sysname SwitchA# router id 1.1.1.1# vlan batch 10 20#interface Vlanif10 ip address 192.168.0.1 255.255.255.0#interface Vlanif20 ip address 192.168.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20#ospf 1 area 0.0.0.0 network 192.168.0.0 0.0.0.255 area 0.0.0.1



158

network 192.168.1.0 0.0.0.255 stub no-summary#return

NOTE

Configuration files of Switch B and Switch F are similar to the configuration file of Switch A, andare not mentioned here.

l Configuration file of Switch C# sysname SwitchC# router id 3.3.3.3# vlan batch 20 40#interface Vlanif20 ip address 192.168.1.2 255.255.255.0#interface Vlanif40 ip address 172.16.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 20#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 40#ospf 1area 0.0.0.1 network 192.168.1.0 0.0.0.255 network 172.16.1.0 0.0.0.255 stub#return

l Configuration file of Switch D# sysname SwitchD# vlan batch 30 50# router id 4.4.4.4#interface Vlanif30 ip address 192.168.2.2 255.255.255.0#interface Vlanif50 ip address 172.17.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 30#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 50#ospf 1 import-route static type 1 area 0.0.0.2 network 192.168.2.0 0.0.0.255 network 172.17.1.0 0.0.0.255# ip route-static 200.0.0.0 255.0.0.0 NULL0



159

#return

l Configuration file of Switch E# sysname SwitchE# router id 5.5.5.5# vlan batch 40#interface Vlanif40 ip address 172.16.1.2 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 40#ospf 1 area 0.0.0.1 network 172.16.1.0 0.0.0.255 stub#return

4.19.3 Example for Configuring an NSSA Area

Networking RequirementsAs shown in Figure 4-10, OSPF is enabled on all Switches and the AS is divided into threeareas. Switch A and Switch B function as ABRs to forward routes between areas; Switch Dfunctions as the ASBR to import external routes, that is, static routes.

You need to configure Area 1 as an NSSA area and configure SwitchC as an ASBR to importexternal routes (static routes). The routing information can be transmitted correctly in the AS.



160

Figure 4-10 Networking diagram for configuring an NSSA area

SwitchA SwitchB

SwitchD

10GE1/0/1VLANIF10192.168.0.1/24

10GE1/0/1VLANIF10

192.168.0.2/24


Area0

10GE1/0/2VLANIF20

192.168.1.1/24

10GE1/0/2VLANIF50172.17.1.1/24

SwitchC

10GE1/0/1VLANIF20

192.168.1.2/24

Area1

10GE1/0/2VLANIF40

172.16.1.1/24

Area2

10GE1/0/1VLANIF40

172.16.1.2/24

10GE1/0/1VLANIF50172.17.1.2/24

SwitchE SwitchF

NSSAASBRASBR



1. Enable OSPF on each Switch and configure the basic OSPF functions.2. Configure static routes on Switch D and import them into OSPF.3. Configure Area 1 as an NSSA area and check the OSPF routing information of Switch C.

You must run the nssa command on all the devices in Area 1.4. Configure static routes on Switch C, import them into OSPF, and check the OSPF routing

information of Switch D.

Procedure

Step 1 Configure the VLAN that each interface belongs to.<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~HUAWEI] commit[~SwitchA] vlan batch 10 20[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] port link-type trunk[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10[~SwitchA-10GE1/0/1] quit[~SwitchA] interface 10ge 1/0/2[~SwitchA-10GE1/0/2] port link-type trunk[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 20[~SwitchA-10GE1/0/2] quit[~SwitchA-10GE1/0/2] commit



161

The configurations of Switch B, Switch C, Switch D, Switch E, and Switch F are similar to theconfiguration of Switch A, and are not mentioned here.

Step 2 Assign an IP address to each VLANIF interface.[~SwitchA] interface vlanif 10[~SwitchA-Vlanif10] ip address 192.168.0.1 24[~SwitchA-Vlanif10] quit[~SwitchA] interface vlanif 20[~SwitchA-Vlanif20] ip address 192.168.1.1 24[~SwitchA-Vlanif20] quit[~SwitchA-Vlanif20] commit

The configurations of Switch B, Switch C, Switch D, Switch E, and Switch F are similar to theconfiguration of Switch A, and are not mentioned here.

Step 3 Configure the basic OSPF functions. See 4.19.1 Example for Configuring Basic OSPFFunctions.

Step 4 Configure Switch D to import static routes. See 4.19.2 Example for Configuring OSPF StubAreas.

Step 5 Configure Area 1 as an NSSA area.


[~SwitchA] ospf[~SwitchA-ospf-1] area 1[~SwitchA-ospf-1-area-0.0.0.1] nssa default-route-advertise no-summary[~SwitchA-ospf-1-area-0.0.0.1] quit[~SwitchA-ospf-1] quit[~SwitchA-ospf-1] commit


[~SwitchC] ospf[~SwitchC-ospf-1] area 1[~SwitchC-ospf-1-area-0.0.0.1] nssa[~SwitchC-ospf-1-area-0.0.0.1] quit[~SwitchC-ospf-1] quit[~SwitchC-ospf-1] commit


[~SwitchE] ospf[~SwitchE-ospf-1] area 1[~SwitchE-ospf-1-area-0.0.0.1] nssa[~SwitchE-ospf-1-area-0.0.0.1] quit[~SwitchE-ospf-1] quit[~SwitchE-ospf-1] commit

NOTE

The default-route-advertise and no-summary keywords are recommend on the ABR (Switch A). In thismanner, the size of the routing table of devices in an NSSA area can be reduced. For the other devices inthe NSSA area, you need to run only the nssa command.

# View the OSPF routing table of Switch C.

[~SwitchC] display ospf routing OSPF Process 1 with Router ID 3.3.3.3 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 0.0.0.0/0 2 Inter-area 192.168.1.1 1.1.1.1 0.0.0.1 172.16.1.0/24 1 Transit 172.16.1.1 3.3.3.3 0.0.0.1 192.168.1.0/24 1 Transit 192.168.1.2 3.3.3.3 0.0.0.1



162


Step 6 Configure Switch C to import static routes.

# Import static routes on Switch C.

[~SwitchC] ip route-static 100.0.0.0 8 null 0[~SwitchC] ospf[~SwitchC-ospf-1] import-route static[~SwitchC-ospf-1] quit[~SwitchC-ospf-1] commit


# View the OSPF routing table of Switch D.

[~SwitchD] display ospf routing OSPF Process 1 with Router ID 4.4.4.4 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 172.16.1.0/24 4 Inter-area 192.168.2.1 2.2.2.2 0.0.0.2 172.17.1.0/24 1 Transit 172.17.1.1 4.4.4.4 0.0.0.2 192.168.0.0/24 2 Inter-area 192.168.2.1 2.2.2.2 0.0.0.2 192.168.1.0/24 3 Inter-area 192.168.2.1 2.2.2.2 0.0.0.2 192.168.2.0/24 1 Transit 192.168.2.2 4.4.4.4 0.0.0.2 Routing for ASEs Destination Cost Type Tag NextHop AdvRouter 100.0.0.0/8 1 Type2 1 192.168.2.1 1.1.1.1 Total Nets: 6 Intra Area: 2 Inter Area: 3 ASE: 1 NSSA: 0

From the routing table of Switch D, you can find that an AS external route is imported to theNSSA area.

----End


# sysname SwitchA# router id 1.1.1.1# vlan batch 10 20#interface Vlanif10 ip address 192.168.0.1 255.255.255.0#interface Vlanif20 ip address 192.168.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20#ospf 1 area 0.0.0.0



163

network 192.168.0.0 0.0.0.255 area 0.0.0.1 network 192.168.1.0 0.0.0.255 nssa default-route-advertise no-summary#return

NOTE

Configuration files of Switch B, Switch D, and Switch F are similar to the configuration file of SwitchA, and are not mentioned here.

l Configuration file of Switch C# sysname SwitchC# router id 3.3.3.3# vlan batch 20 40#interface Vlanif20 ip address 192.168.1.2 255.255.255.0#interface Vlanif40 ip address 172.16.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 20#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 40#ospf 1 import-route static area 0.0.0.1 network 192.168.1.0 0.0.0.255 network 172.16.1.0 0.0.0.255 nssa# ip route-static 100.0.0.0 255.0.0.0 NULL0#return

l Configuration file of Switch E# sysname SwitchE# router id 5.5.5.5# vlan batch 40#interface Vlanif40 ip address 172.16.1.2 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 40#ospf 1 area 0.0.0.1 network 172.16.1.0 0.0.0.255 nssa#return



164

4.19.4 Example for Configuring DR Election of OSPF


As shown in Figure 4-11, Switch A has the highest priority of 100 on the network and is electedas the DR; Switch C has the second highest priority and is elected as the BDR; The priority ofSwitch B is 0 and therefore cannot be elected as a DR or a BDR; the priority of Switch D is notset, so Switch D uses the default value 1.

Figure 4-11 Networking diagram for configuring DR election of an OSPF process

SwitchBSwitchA

SwitchD

10GE1/0/1VLANIF10192.168.1.2/24

10GE1/0/1VLANIF10

192.168.1.1/2410GE1/0/1VLANIF10

192.168.1.4/24

SwitchC

10GE1/0/1VLANIF10192.168.1.3/24



1. Configure the ID of the VLAN that each interface belongs to.

2. Assign an IP address to each VLANIF interface.

3. Configure the router ID, enable OSPF, and specify network segments on each Switch.

4. Check whether an Switch is the DR or BDR with its default DR priority.

5. Set the DR priority of the interface on each Switch and check whether the Switch becomesthe DR or BDR.

Procedure

Step 1 Configure the VLAN that each interface belongs to.<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~HUAWEI] commit[~SwitchA] vlan 10[~SwitchA-vlan10] quit[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] port link-type trunk[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10[~SwitchA-10GE1/0/1] quit[~SwitchA] commit



165

The configurations of Switch B, Switch C, and Switch D are similar to the configuration ofSwitch A, and are not mentioned here.

Step 2 Assign an IP address to each VLANIF interface.[~SwitchA] interface vlanif 10[~SwitchA-Vlanif10] ip address 192.168.1.1 24[~SwitchA-Vlanif10] commit


Step 3 Configure the basic OSPF functions.


[~SwitchA] router id 1.1.1.1[~SwitchA] ospf[~SwitchA-ospf-1] area 0[~SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255[~SwitchA-ospf-1-area-0.0.0.0] quit[~SwitchA-ospf-1] quit[~SwitchA] commit


[~SwitchB] router id 2.2.2.2[~SwitchB] ospf[~SwitchB-ospf-1] area 0[~SwitchB-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [~SwitchB-ospf-1-area-0.0.0.0] quit[~SwitchB-ospf-1] quit[~SwitchB] commit


[~SwitchC] router id 3.3.3.3[~SwitchC] ospf[~SwitchC-ospf-1] area 0[~SwitchC-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [~SwitchC-ospf-1-area-0.0.0.0] quit[~SwitchC-ospf-1] quit[~SwitchC] commit


[~SwitchD] router id 4.4.4.4[~SwitchD] ospf[~SwitchD-ospf-1] area 0[~SwitchD-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [~SwitchD-ospf-1-area-0.0.0.0] quit[~SwitchD-ospf-1] quit[~SwitchD] commit

# Check information about neighbors of Switch A to find the DR and BDR.

[~SwitchA] display ospf peer OSPF Process 1 with Router ID 1.1.1.1 Neighbors Area 0.0.0.0 interface 192.168.1.1(Vlanif10)'s neighbors Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal State: Full Mode:Nbr is Master Priority: 1 DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0 Dead timer due in 32 sec Neighbor is up for 00:00:00 Authentication Sequence: [~ 0 ]



166

Router ID: 3.3.3.3 Address: 192.168.1.3 GR State: Normal State: Full Mode:Nbr is Master Priority: 1 DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0 Dead timer due in 37 sec Neighbor is up for 00:04:06 Authentication Sequence: [~ 0 ] Router ID: 4.4.4.4 Address: 192.168.1.4 GR State: Normal State: Full Mode:Nbr is Master Priority: 1 DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0 Dead timer due in 37 sec Neighbor is up for 00:03:53 Authentication Sequence: [~ 0 ]

Check the neighbors of Switch A. You can view the DR priority and the neighbor status. Bydefault, the DR priority is 1. Now Switch D functions as the DR and Switch C functions as theBDR.

NOTE

When the priority is the same, the switch with a higher router ID is elected as the DR. If a new switch isadded after the DR/BDR election is complete, the new switch cannot become the DR even if it has thehighest priority.

Step 4 Set the DR priority on each VLANIF interface.


[~SwitchA] interface vlanif 10[~SwitchA-Vlanif10] ospf dr-priority 100[~SwitchA-Vlanif10] quit[~SwitchA] commit

Configure SwitchB.

[~SwitchB] interface vlanif 10[~SwitchB-Vlanif10] ospf dr-priority 0[~SwitchB-Vlanif10] quit[~SwitchB] commit


[~SwitchC] interface vlanif 10[~SwitchC-Vlanif10] ospf dr-priority 2[~SwitchC-Vlanif10] quit[~SwitchC] commit

# Check the status of the DR or BDR.

[~SwitchD] display ospf peer OSPF Process 1 with Router ID 4.4.4.4 Neighbors Area 0.0.0.0 interface 192.168.1.4(Vlanif10)'s neighbors Router ID: 1.1.1.1 Address: 192.168.1.1 GR State: Normal State: Full Mode:Nbr is Slave Priority: 100 DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0 Dead timer due in 31 sec Neighbor is up for 00:11:17 Authentication Sequence: [~ 0 ] Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal State: Full Mode:Nbr is Slave Priority: 0 DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0 Dead timer due in 35 sec Neighbor is up for 00:11:19 Authentication Sequence: [~ 0 ] Router ID: 3.3.3.3 Address: 192.168.1.3 GR State: Normal



167

State: Full Mode:Nbr is Slave Priority: 2 DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0 Dead timer due in 33 sec Neighbor is up for 00:11:15 Authentication Sequence: [~ 0 ]

NOTE

The DR priorities configured on the interfaces do not take effect immediately.

Step 5 Restart the OSPF process.

In the user view of each Switch, run the reset ospf 1 process command to restart the OSPFprocess.


# Check the status of OSPF neighbors.[~SwitchD] display ospf peer OSPF Process 1 with Router ID 4.4.4.4 Neighbors Area 0.0.0.0 interface 192.168.1.4(Vlanif10)'s neighbors Router ID: 1.1.1.1 Address: 192.168.1.1 GR State: Normal State: Full Mode:Nbr is Slave Priority: 100 DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0 Dead timer due in 35 sec Neighbor is up for 00:07:19 Authentication Sequence: [~ 0 ] Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal State: Full Mode:Nbr is Master Priority: 0 DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0 Dead timer due in 35 sec Neighbor is up for 00:00:00 Authentication Sequence: [~ 0 ] Router ID: 3.3.3.3 Address: 192.168.1.3 GR State: Normal State: Full Mode:Nbr is Slave Priority: 2 DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0 Dead timer due in 37 sec Neighbor is up for 00:07:17 Authentication Sequence: [~ 0 ]

# Check the status of OSPF interfaces.[~SwitchA] display ospf interface OSPF Process 1 with Router ID 1.1.1.1 Interfaces Area: 0.0.0.0 (MPLS TE not enabled) IP Address Type State Cost Pri DR BDR 192.168.1.1 Broadcast DR 1 100 192.168.1.1 192.168.1.3 [~SwitchB] display ospf interface OSPF Process 1 with Router ID 2.2.2.2 Interfaces Area: 0.0.0.0 (MPLS TE not enabled) IP Address Type State Cost Pri DR BDR 192.168.1.2 Broadcast DROther 1 0 192.168.1.1 192.168.1.3

If all neighbors are in Full state, it indicates that the local device establishes adjacencies with allits neighbors. If a neighbor stays in 2-Way state, it indicates the local Switch and the neighborare not the DR or BDR. Therefore, they do not need to exchange LSAs.



168

If the status of an OSPF interface is DROther, it indicates that the router is neither the DR northe BDR.

----End


# sysname SwitchA# router id 1.1.1.1# vlan batch 10#interface Vlanif10 ip address 192.168.1.1 255.255.255.0 ospf dr-priority 100#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10 #ospf 1 area 0.0.0.0 network 192.168.1.0 0.0.0.255#return

l Configuration file of Switch B# sysname SwitchB# router id 2.2.2.2# vlan batch 10#interface Vlanif10 ip address 192.168.1.2 255.255.255.0 ospf dr-priority 0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10 #ospf 1 area 0.0.0.0 network 192.168.1.0 0.0.0.255#return

l Configuration file of Switch C# sysname SwitchC# router id 3.3.3.3# vlan batch 10#interface Vlanif10 ip address 192.168.1.3 255.255.255.0 ospf dr-priority 2#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10 #



169

ospf 1 area 0.0.0.0 network 192.168.1.0 0.0.0.255#return

l Configuration file of Switch D# sysname SwitchD# router id 4.4.4.4# vlan batch 10#interface Vlanif10 ip address 192.168.1.4 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10 #ospf 1 area 0.0.0.0 network 192.168.1.0 0.0.0.255#return

4.19.5 Example for Configuring Load Balancing Among OSPFRoutes

Networking RequirementsAs shown in Figure 4-12, the networking requirements are as follows:

l Switch A, Switch B, Switch C, and Switch D connect to each other through OSPF.l Switch A, Switch B, Switch C, and Switch D belong to Area 0.l Load balancing needs is configured so that the traffic of Switch A can be sent to Switch D

through Switch B and Switch C.

Figure 4-12 Networking diagram for configuring load balancing among OSPF routes

SwitchC

SwitchB

SwitchA SwitchD

10GE1/0/1VLANIF1010.1.1.2/24

10GE1/0/1VLANIF1010.1.1.1/24

10GE1/0/1VLANIF30

192.168.0.1/24

10GE1/0/2VLANIF40

192.168.1.2/2410GE1/0/2VLANIF40

192.168.1.1/24

10GE1/0/2VLANIF30

192.168.0.1/24

10GE1/0/1VLANIF2010.1.2.2/24

10GE1/0/2VLANIF2010.1.2.1/24

10GE1/0/3VLANIF60172.17.1.1/24

10GE1/0/3VLANIF50172.16.1.1/24



170


1. Configure the basic OSPF functions on each Switch to implement interconnection.2. Disable load balancing on Switch A and check the routing table of Switch A.3. (Optional) Set the weight of equal-cost routes on Switch A.

Procedure

Step 1 Configure VLANs that the related interfaces belong to.<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~HUAWEI] commit[~SwitchA] vlan batch 10 20 50[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] port link-type trunk[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10[~SwitchA-10GE1/0/1] quit[~SwitchA] interface 10ge 1/0/2[~SwitchA-10GE1/0/2] port link-type trunk[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 20[~SwitchA-10GE1/0/2] quit[~SwitchA] interface 10ge 1/0/3[~SwitchA-10GE1/0/3] port link-type trunk[~SwitchA-10GE1/0/3] port trunk allow-pass vlan 50[~SwitchA-10GE1/0/3] quit[~SwitchA-10GE1/0/3] commit


Step 2 Assign an IP address to each VLANIF interface.[~SwitchA] interface vlanif 10[~SwitchA-Vlanif10] ip address 10.1.1.1 24[~SwitchA-Vlanif10] quit[~SwitchA] interface vlanif 20[~SwitchA-Vlanif20] ip address 10.1.2.1 24[~SwitchA-Vlanif20] quit[~SwitchA] interface vlanif 50[~SwitchA-Vlanif50] ip address 172.16.1.1 24[~SwitchA-Vlanif50] quit[~SwitchA-Vlanif50] commit



Step 4 Disable load balancing on Switch A.[~SwitchA] ospf[~SwitchA-ospf-1] maximum load-balancing 1[~SwitchA-ospf-1] quit[~SwitchA-ospf-1] commit

# View the routing table of Switch A.

[~SwitchA] display ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------



171

Routing Tables: _public_ Destinations : 15 Routes : 15 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif10 10.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif10 10.1.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif10 10.1.2.0/24 Direct 0 0 D 10.1.2.1 Vlanif20 10.1.2.1/32 Direct 0 0 D 127.0.0.1 Vlanif20 10.1.2.255/32 Direct 0 0 D 127.0.0.1 Vlanif20 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.16.1.0/24 Direct 0 0 D 172.16.1.1 Vlanif50 172.16.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif50 172.16.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif50 172.17.1.0/24 OSPF 10 3 D 10.1.1.2 Vlanif10 192.168.0.0/24 OSPF 10 2 D 10.1.1.2 Vlanif10 192.168.1.0/24 OSPF 10 2 D 10.1.2.2 Vlanif20255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0

As shown in the routing table, when the maximum number of equal-cost routes for load balancingis set to 1, OSPF selects 10.1.1.2 as the next hop to the destination network 172.17.1.0.

NOTE

In the preceding example, 10.1.1.2 is selected as the optimal next hop. This is because OSPF selects thenext hop randomly among equal-cost routes.

Step 5 Restore the default number of equal-cost routes for load balancing on Switch A.[~SwitchA] ospf[~SwitchA-ospf-1] undo maximum load-balancing[~SwitchA-ospf-1] quit[~SwitchA-ospf-1] commit

# View the routing table of SwitchA.

[~SwitchA] display ip routing-tableRoute Flags: R - relay, D - download to fib----------------------------------------------------------------------------Routing Tables: _public_ Destinations : 15 Routes : 16 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif10 10.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif10 10.1.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif10 10.1.2.0/24 Direct 0 0 D 10.1.2.1 Vlanif20 10.1.2.1/32 Direct 0 0 D 127.0.0.1 Vlanif20 10.1.2.255/32 Direct 0 0 D 127.0.0.1 Vlanif20 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.16.1.0/24 Direct 0 0 D 172.16.1.1 Vlanif50 172.16.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif50 172.16.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif50 172.17.1.0/24 OSPF 10 3 D 10.1.1.2 Vlanif10 OSPF 10 3 D 10.1.2.2 Vlanif20 192.168.0.0/24 OSPF 10 2 D 10.1.1.2 Vlanif10 192.168.1.0/24 OSPF 10 2 D 10.1.2.2 Vlanif20255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0

As shown in the routing table, when the default setting of load balancing is restored, the nexthops of Switch A, that is, 10.1.1.2 (Switch B) and 10.1.2.2 (Switch C), become valid routes.This is because the default number of equal-cost routes is 16.



172

Step 6 (Optional) Set the weight of equal-cost routes on Switch A.

If you do not want to implement load balancing between Switch B and Switch C, set the weightof equal-cost routes to specify the next hop.

[~SwitchA] ospf[~SwitchA-ospf-1] nexthop 10.1.2.2 weight 1[~SwitchA-ospf-1] quit[~SwitchA-ospf-1] commit


[~SwitchA] display ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Tables: _public_ Destinations : 15 Routes : 15 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif10 10.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif10 10.1.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif10 10.1.2.0/24 Direct 0 0 D 10.1.2.1 Vlanif20 10.1.2.1/32 Direct 0 0 D 127.0.0.1 Vlanif20 10.1.2.255/32 Direct 0 0 D 127.0.0.1 Vlanif20 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.16.1.0/24 Direct 0 0 D 172.16.1.1 Vlanif50 172.16.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif50 172.16.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif50 172.17.1.0/24 OSPF 10 3 D 10.1.2.2 Vlanif20 192.168.0.0/24 OSPF 10 2 D 10.1.1.2 Vlanif10 192.168.1.0/24 OSPF 10 2 D 10.1.2.2 Vlanif20255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0

As shown in the routing table, the priority of the next hop 10.1.2.2 (Switch C) with the weightas 1 is higher than that of 10.1.1.2 (Switch B), after the weight is set for equal-cost routes. Thus,OSPF selects the route with the next hop 10.1.2.2 as the optimal route.

----End


# sysname SwitchA# vlan batch 10 20 50#interface Vlanif10 ip address 10.1.1.1 255.255.255.0#interface Vlanif20 ip address 10.1.2.1 255.255.255.0#interface Vlanif50 ip address 172.16.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10 #interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20 #



173

interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 50 #ospf 1 router-id 1.1.1.1 nexthop 10.1.2.2 weight 1 area 0.0.0.0 network 10.1.1.0 0.0.0.255 network 10.1.2.0 0.0.0.255 network 172.16.1.0 0.0.0.255#return

l Configuration file of Switch Bsysname SwitchB# vlan batch 10 30#interface Vlanif10 ip address 10.1.1.2 255.255.255.0#interface Vlanif30 ip address 192.168.0.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10 #interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 30 #ospf 1 router-id 2.2.2.2 area 0.0.0.0 network 10.1.1.0 0.0.0.255 network 192.168.0.0 0.0.0.255#return

l Configuration file of Switch C# sysname SwitchC# vlan batch 20 40#interface Vlanif20 ip address 10.1.2.2 255.255.255.0#interface Vlanif40 ip address 192.168.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 20 #interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 40 #ospf 1 router-id 3.3.3.3 area 0.0.0.0 network 10.1.2.0 0.0.0.255 network 192.168.1.0 0.0.0.255#return

l Configuration file of Switch D# sysname SwitchD#



174

vlan batch 30 40 60#interface Vlanif30 ip address 192.168.0.2 255.255.255.0#interface Vlanif40 ip address 192.168.1.2 255.255.255.0#interface Vlanif60 ip address 172.17.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 30 #interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 40#interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 60 #ospf 1 router-id 4.4.4.4 area 0.0.0.0 network 192.168.0.0 0.0.0.255 network 192.168.1.0 0.0.0.255 network 172.17.1.0 0.0.0.255#return

4.19.6 Example for Configuring OSPF IP FRR

Networking RequirementsWhen a fault occurs on the primary link T, traffic is switched to a backup link. In such a scenario,two problems arise:l It takes hundreds of milliseconds for the traffic to be switched to a backup link during OSPF

fault restoration. During this period, services are interrupted.l Traffic will pass Switch A after link switching. Switch A is an ASBR and is not expected

to function as a backup device.

When a fault occurs on the network, OSPF IP FRR can fast switch traffic to the backup linkwithout waiting for route convergence. This ensures uninterrupted traffic transmission. Inaddition, you can also configure Switch A to detour around the backup link.

As shown in Figure 4-13:l All switches run OSPF.l The link cost meets the OSPF IP FRR traffic protection inequality.l When the primary link T fails, Switch S immediately switches traffic to the backup link.

Thus, the traffic is forwarded through Switch N.l Based on the network planning, the link where Switch A resides does not function as an

FRR backup link.



175

Figure 4-13 Networking diagram for configuring OSPF IP FRR

cost=10cost=10

SwitchN

SwitchE SwitchDSwitchS cost = 15

cost = 5

cost=15cost=10SwitchAASBR10GE1/0/1

10GE1/0/210GE1/0/3

10GE1/0/110GE1/0/2

10GE1/0/3

10GE1/0/1 10GE1/0/2

10GE1/0/1 10GE1/0/2

10GE1/0/4

Area0

IS-IS Network

Area1

LinkT

OSPF Network

OSPF Network

Switch Router ID Interface VLANIF interface IP address

SwitchS 1.1.1.1 10GE1/0/1 VLANIF 10 10.1.1.1/24

10GE1/0/2 VLANIF 20 10.1.2.1/24

10GE1/0/3 VLANIF 30 10.1.3.1/24

SwitchA 2.2.2.2 10GE1/0/1 VLANIF 10 10.1.1.2/24

10GE1/0/2 VLANIF 40 20.1.1.2/24

SwitchN 3.3.3.3 10GE1/0/1 VLANIF 50 10.1.3.2/24

10GE1/0/2 VLANIF 60 20.1.3.2/24

SwitchE 4.4.4.4 10GE1/0/1 VLANIF 40 20.1.1.1/24

10GE1/0/2 VLANIF 20 20.1.2.1/24

10GE1/0/3 VLANIF 30 20.1.3.1/24

10GE1/0/4 VLANIF 70 172.17.1.1/24

Configuration NotesWhen configuring OSPF IP FRR, note the following points:

Before configuring OSPF IP FRR, you need to block FRR on the interface that is not expectedto be an interface of a backup link. After that, the link where the interface resides is not calculatedas a backup link during FRR calculation.

During the configuration of OSPF IP FRR, the lower layer needs to fast respond to a link changeso that traffic can be rapidly switched to the backup link. After the bfd all-interfaces frr-binding command is run, the BFD session status is associated with the link status of an interface(when the BFD session goes Down, the link status of the interface becomes Down) so that linkfaults can be rapidly detected.



176


1. Configure basic OSPF functions on each switch.2. Configure BFD for OSPF on all the devices in Area 0.3. Set the costs of links to ensure that link T is preferred to transmit traffic.4. Block FRR on a specified interface of Switch S.5. Enable OSPF IP FRR on Switch S to protect the traffic forwarded by Switch S.

Procedure

Step 1 Assign an IP address to each interface. The configuration details are not mentioned here.

Step 2 Configure basic OSPF functions. For details, see 4.19.1 Example for Configuring Basic OSPFFunctions.

Step 3 Configure BFD for OSPF on all the devices in Area 0. For details, see 4.19.7 Example forConfiguring BFD for OSPF.

Step 4 Set the costs of links to ensure that link T is preferred to transmit traffic.

# Configure Switch S.

[~SwitchS] interface vlanif 10[~SwitchS-Vlanif10] ospf cost 10[~SwitchS-Vlanif10] quit[~SwitchS] interface vlanif 20[~SwitchS-Vlanif20] ospf cost 15[~SwitchS-Vlanif20] quit[~SwitchS] interface vlanif 30[~SwitchS-Vlanif30] ospf cost 10[~SwitchS-Vlanif30] quit[~SwitchS] commit


[~SwitchA] interface vlanif 40[~SwitchA-Vlanif40] ospf cost 15[~SwitchA-Vlanif40] quit[~SwitchA] interface vlanif 10[~SwitchA-Vlanif10] ospf cost 10[~SwitchA-Vlanif10] quit[~SwitchA] commit

# Configure Switch N.

[~SwitchN] interface vlanif 50[~SwitchN-Vlanif50] ospf cost 10[~SwitchN-Vlanif50] quit[~SwitchN] interface vlanif 60[~SwitchN-Vlanif60] ospf cost 10[~SwitchN-Vlanif60] quit[~SwitchN] commit


[~SwitchN] interface vlanif 20[~SwitchN-Vlanif20] ospf cost 15[~SwitchN-Vlanif20] quit[~SwitchN] interface vlanif 30[~SwitchN-Vlanif30] ospf cost 10[~SwitchN-Vlanif30] quit[~SwitchN] interface vlanif 40



177

[~SwitchN-Vlanif40] ospf cost 15[~SwitchN-Vlanif40] quit[~SwitchN] interface vlanif 70[~SwitchN-Vlanif70] ospf cost 5[~SwitchN-Vlanif70] quit[~SwitchN] commit

Step 5 Block FRR on a specified interface of Switch S.[~SwitchS] interface vlanif 10[~SwitchS-Vlanif10] ospf frr block[~SwitchS-Vlanif10] quit[~SwitchS] commit

Step 6 Enable OSPF IP FRR on Switch S.[~SwitchS] ospf[~SwitchS-ospf-1] frr[~SwitchS-ospf-1-frr] loop-free-alternate[~SwitchS-ospf] commit


# Run the display ospf routing router-id command on Switch S to view routing information.

[~SwitchS-ospf-1-frr] display ospf routing router-id 4.4.4.4

OSPF Process 1 with Router ID 1.1.1.1

Destination : 4.4.4.4 Route Type : Intra-area Area : 0.0.0.1 AdvRouter : 4.4.4.4 Type : ASBR URT Cost : 59 NextHop : 20.1.2.1. Interface : Vlanif20 Backup Nexthop : 10.1.3.2 Backup Interface : Vlanif30 Backup Type : LFA LINK

The preceding display shows that a backup route is generated on Switch S.

----End

Configuration Filesl Configuration file of Switch S

# sysname SwitchS# bfd#vlan batch 10 20 30#interface Vlanif10 ip address 10.1.1.1 255.255.255.0 ospf cost 10#interface Vlanif20 ip address 10.1.2.1 255.255.255.0 ospf cost 15#interface Vlanif30 ip address 10.1.3.1 255.255.255.0 ospf frr block ospf cost 10#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2



178

port link-type trunk port trunk allow-pass vlan 20#interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 30#interface LoopBack0 ip address 1.1.1.1 255.255.255.255#ospf 1 router-id 1.1.1.1 bfd all-interfaces enable bfd all-interfaces frr-binding frr loop-free-alternate area 0.0.0.1 network 10.1.1.0 0.0.0.255 network 10.1.2.0 0.0.0.255 network 10.1.3.0 0.0.0.255#return

l Configuration file of Switch A# sysname SwitchA# bfd#vlan batch 10 40#interface Vlanif10 ip address 10.1.1.2 255.255.255.0 ospf cost 10#interface Vlanif40 ip address 20.1.1.2 255.255.255.0 ospf cost 15#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 40#interface LoopBack0 ip address 2.2.2.2 255.255.255.255#ospf 1 router-id 2.2.2.2 bfd all-interfaces enable bfd all-interfaces frr-binding frr loop-free-alternate area 0.0.0.1 network 10.1.1.0 0.0.0.255 network 20.1.2.0 0.0.0.255#return

l Configuration file of Switch N# sysname SwitchN# bfd#vlan batch 50 60#interface Vlanif50 ip address 10.1.3.2 255.255.255.0



179

ospf cost 10#interface Vlanif60 ip address 20.1.3.2 255.255.255.0 ospf cost 10#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 50#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 60#interface LoopBack0 ip address 3.3.3.3 255.255.255.255#ospf 1 router-id 3.3.3.3 bfd all-interfaces enable bfd all-interfaces frr-binding frr area 0.0.0.1 network 10.1.3.0 0.0.0.255 network 20.1.3.0 0.0.0.255#return

l Configuration file of Switch E# sysname SwitchE# bfd#vlan batch 20 30 40 70#interface Vlanif20 ip address 20.1.2.1 255.255.255.0 ospf cost 15 #interface Vlanif30 ip address 20.1.3.1 255.255.255.0 ospf cost 10#interface Vlanif40 ip address 20.1.1.1 255.255.255.0 ospf cost 15#interface Vlanif70 ip address 172.17.1.1 255.255.255.0 ospf cost 5#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 40#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20#interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 30#interface 10GE1/0/4 port link-type trunk port trunk allow-pass vlan 70#interface LoopBack0 ip address 4.4.4.4 255.255.255.255#



180

ospf 1 router-id 4.4.4.4 bfd all-interfaces enable bfd all-interfaces frr-binding area 0.0.0.1 network 10.1.1.0 0.0.0.255 network 10.1.2.0 0.0.0.255 network 10.1.3.0 0.0.0.255 network 172.17.1.0 0.0.0.255#return

4.19.7 Example for Configuring BFD for OSPF

Networking RequirementsAs shown in Figure 4-14, the networking requirements are as follows:

l Switch A, Switch B, and Switch C run OSPF.l BFD for OSPF is enabled on Switch A, Switch B, and Switch C.l Service traffic is transmitted on the main link Switch A→Switch B. Link Switch A→Switch

C→Switch B is a backup link.l BFD is configured on the interfaces between Switch A and Switch B. When a fault occurs

on the link between the Switch s, BFD can quickly detect the fault and notify OSPF of thefault. Then, the service flow is transmitted on the backup link.

Figure 4-14 Networking diagram for configuring BFD for OSPF

SwitchA SwitchB

10GE1/0/1VLANIF101.1.1.1/24

SwitchC

10GE1/0/2VLANIF302.2.2.1/24

Area010GE1/0/1VLANIF101.1.1.2/24

10GE1/0/1VLANIF302.2.2.2/24

10GE1/0/2VLANIF203.3.3.1/24

10GE1/0/2VLANIF203.3.3.2/24

10GE1/0/3VLANIF40172.16.1.1/24


1. Configure the basic OSPF functions on the switches.2. Enable the BFD feature globally.3. Enable BFD for OSPF on Switch A and Switch B.



181

Procedure

Step 1 Create VLANs and add corresponding interfaces to the VLANs.<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~HUAWEI] commit[~SwitchA] vlan 10[~SwitchA-vlan10] quit[~SwitchA] vlan 20[~SwitchA-vlan20] quit[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] port link-type trunk[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10[~SwitchA-10GE1/0/1] quit[~SwitchA] interface 10ge 1/0/2[~SwitchA-10GE1/0/2] port link-type trunk[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 20[~SwitchA-10GE1/0/2] quit[~SwitchA-10GE1/0/2] commit

The configurations of Switch B and Switch C are similar to the configuration of Switch A, andare not mentioned here.

Step 2 Assign an IP address to each VLANIF interface.[~SwitchA] interface vlanif 10[~SwitchA-Vlanif10] ip address 1.1.1.1 24[~SwitchA-Vlanif10] quit[~SwitchA] interface vlanif 20[~SwitchA-Vlanif20] ip address 3.3.3.1 24[~SwitchA-Vlanif20] quit[~SwitchA-Vlanif20] commit

The configurations of Switch B and Switch C are similar to the configuration of Switch A, andare not mentioned here.


Step 4 Configure BFD for OSPF.

# Enable BFD globally on Switch A.

[~SwitchA] bfd[~SwitchA-bfd] quit[~SwitchA] ospf[~SwitchA-ospf-1] bfd all-interfaces enable[~SwitchA-ospf-1] quit[~SwitchA-ospf-1] commit

# Enable BFD globally on Switch B.

[~SwitchB] bfd[~SwitchB-bfd] quit[~SwitchB] ospf[~SwitchB-ospf-1] bfd all-interfaces enable[~SwitchB-ospf-1] quit[~SwitchB-ospf-1] commit

# Run the display ospf bfd session all command on Switch A or Switch B. You can see that theBFD state is Up.

Take Switch A for example. The display is as follows:

[~SwitchA] display ospf bfd session all OSPF Process 1 with Router ID 1.1.1.1 Area 0.0.0.0 interface 3.3.3.1(Vlanif20)'s BFD Sessions



182

NeighborId:2.2.2.2 AreaId:0.0.0.0 Interface:Vlanif20 BFDState:up rx :1000 tx :1000 Multiplier:3 BFD Local Dis:8195 LocalIpAdd:3.3.3.1 RemoteIpAdd:3.3.3.2 Diagnostic Info:No diagnostic information

Area 0.0.0.0 interface 1.1.1.1(Vlanif10)'s BFD Sessions

NeighborId:3.3.3.3 AreaId:0.0.0.0 Interface:Vlanif10 BFDState:up rx :1000 tx :1000 Multiplier:3 BFD Local Dis:8194 LocalIpAdd1:1.1.1.1 RemoteIpAdd:1.1.1.2 Diagnostic Info:No diagnostic information

Step 5 Configure the BFD feature of interfaces.

# Configure BFD on VLANIF 20 of Switch A, set the minimum interval for sending the packetsand the minimum interval for receiving the packets to 100 ms, and set the local detection timemultiplier to 4.

[~SwitchA] interface vlanif 20[~SwitchA-Vlanif20] ospf bfd enable[~SwitchA-Vlanif20] ospf bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier 4[~SwitchA-Vlanif20] quit[~SwitchA-Vlanif20] commit

# Configure BFD on VLANIF20 of Switch B and set the minimum interval for sending thepackets and the minimum interval for receiving the packets to 100 ms and the local detectiontime multiplier to 4.

[~SwitchB] bfd[~SwitchB-bfd] quit[~SwitchB] interface vlanif 20[~SwitchB-Vlanif20] ospf bfd enable[~SwitchB-Vlanif20] ospf bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier 4[~SwitchB-Vlanif20] quit[~SwitchB-Vlanif20] commit

# Run the display ospf bfd session all command on Switch A or Switch B. You can see that theBFD state is Up.

Take Switch B for example. The display is as follows:

[~SwitchB] display ospf bfd session all

OSPF Process 1 with Router ID 2.2.2.2 Area 0.0.0.0 interface 3.3.3.2(Vlanif20)'s BFD Sessions

NeighborId:1.1.1.1 AreaId:0.0.0.0 Interface: Vlanif20 BFDState:up rx :100 tx :100 Multiplier:4 BFD Local Dis:8198 LocalIpAdd:3.3.3.2 RemoteIpAdd:3.3.3.1 Diagnostic Info:No diagnostic information

Area 0.0.0.0 interface 2.2.2.2(Vlanif30)'s BFD Sessions

NeighborId:3.3.3.3 AreaId:0.0.0.0 Interface: Vlanif30 BFDState:up rx :1000 tx :1000 Multiplier:3 BFD Local Dis:8199 LocalIpAdd:2.2.2.2 RemoteIpAdd:2.2.2.1 Diagnostic Info:No diagnostic information


# Run the shutdown command on VLANIF 20 of Switch B to simulate a link fault.

[~SwitchB] interface vlanif 20[~SwitchB-Vlanif20] shutdown[~SwitchB-Vlanif20] commit



183


<SwitchA> display ospf routing


Routing for Network Destination Cost Type NextHop AdvRouter Area 172.16.1.0/24 3 Stub 1.1.1.2 2.2.2.2 0.0.0.0 3.3.3.0/24 1 Stub 3.3.3.1 1.1.1.1 0.0.0.0 2.2.2.0/24 2 Transit 1.1.1.2 3.3.3.3 0.0.0.0 1.1.1.0/24 1 Transit 1.1.1.1 1.1.1.1 0.0.0.0


As shown in the OSPF routing table, the backup link Switch A→Switch C→Switch B takeseffect after the main link fails. The next hop address of the route to 172.16.1.0/24 becomes1.1.1.2.

----End


# sysname SwitchA# router id 1.1.1.1# vlan batch 10 20# bfd#interface Vlanif10 ip address 1.1.1.1 255.255.255.0#interface Vlanif20 ip address 3.3.3.1 255.255.255.0 ospf bfd enable ospf bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier 4#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20#ospf 1 bfd all-interface enable area 0.0.0.0 network 3.3.3.0 0.0.0.255 network 1.1.1.0 0.0.0.255#return

l Configuration file of Switch B# sysname SwitchB# router id 2.2.2.2#vlan batch 20 30 40# bfd#



184

interface Vlanif20 ip address 3.3.3.2 255.255.255.0 ospf bfd enable ospf bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier 4#interface Vlanif30 ip address 2.2.2.2 255.255.255.0#interface Vlanif40 ip address 172.16.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 30#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20#interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 40#ospf 1 bfd all-interface enable area 0.0.0.0 network 3.3.3.0 0.0.0.255 network 2.2.2.0 0.0.0.255 network 172.16.1.0 0.0.0.255#return

l Configuration file of Switch C# sysname SwitchC# router id 3.3.3.3# vlan batch 10 30# bfd#interface Vlanif10 ip address 1.1.1.2 255.255.255.0#interface Vlanif30 ip address 2.2.2.1 255.255.255.0 #interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 30#ospf 1 bfd all-interface enable area 0.0.0.0 network 1.1.1.0 0.0.0.255 network 2.2.2.0 0.0.0.255#return



185

5 IPv4 IS-IS Configuration

About This Chapter

You can build an IPv4 IS-IS network to allow IS-IS to discover and calculate routes in anautonomous system (AS).

5.1 IS-IS OverviewIntermediate System-to-Intermediate System (IS-IS) is an Interior Gateway Protocol (IGP) thatruns within an autonomous system (AS). IS-IS is also a link-state routing protocol, using theshortest path first (SPF) algorithm to calculate routes.

5.2 IS-IS (IPv4) Features Supported by the DeviceThe device supports the following IS-IS IPv4 features: basic IS-IS functions, IS-IS networksecurity, IS-IS route selection, IS-IS route exchange, IS-IS route summarization, IS-IS routeconvergence, LSP fragment extension, mesh group, IS-IS NSR, IS-IS reliability, IS-IS Overload,and IS-IS maintenance.

5.3 Default ConfigurationThis section describes the default configuration of IPv4 IS-IS, which can be changed accordingto network requirements.

5.4 Configure Basic IS-IS FunctionsAn IS-IS network can be set up only after basic IS-IS functions are configured.

5.5 Improving IS-IS Network SecurityOn an IS-IS network that requires high security, configure IS-IS authentication to improve IS-IS network security.

5.6 Controlling IS-IS Route SelectionYou can adjust IS-IS route selection to precisely control route selection.

5.7 Controlling IS-IS Route ExchangeIf other routing protocols are configured on an IS-IS network, you need to configure IS-IS tointeract with these protocols to ensure successful communication between them.

5.8 Configuring IS-IS Route SummarizationA large IS-IS network has a large number of routing entries. This will slow down routing tablelookup and increase management complexity. You can configure route summarization to reducethe size of routing tables.

CloudEngine 6800&5800 Series SwitchesConfiguration Guide - IP Routing 5 IPv4 IS-IS Configuration


186

5.9 Controlling IS-IS Route ConvergenceAccelerating IS-IS route convergence can improve the fault location efficiency and improvenetwork reliability.

5.10 Configuring LSP Fragment ExtensionLSP fragment extension allows an IS-IS device to generate more LSP fragments to transmitmore IS-IS information.

5.11 Configuring a Mesh Group on an NBMA NetworkYou can configure a mesh group on an NBMA network to prevent repeated LSP flooding fromcausing bandwidth waste.

5.12 Configuring IS-IS ReliabilityYou can configure IS-IS Auto FRR, BFD for IS-IS, and IS-IS GR to improve IS-IS reliability.

5.13 Configuring the Overload Bit for an IS-IS DeviceIf an IS-IS device needs to be temporarily isolated, configure the IS-IS device to enter theoverload state to prevent other devices from forwarding traffic to this IS-IS device and preventrouting black hole.

5.14 Maintaining IS-ISMaintaining IS-IS includes resetting IS-IS, configuring IS-IS host name mapping, andconfiguring the Output of IS-IS Adjacency Status

5.15 Configuration ExamplesThis section describes IS-IS configuration examples, including networking requirements,configuration roadmap, and configuration procedure.

5.16 Common Configuration ErrorsThis section describes common faults caused by incorrect IS-IS configurations and provides thetroubleshooting procedure.



187

5.1 IS-IS OverviewIntermediate System-to-Intermediate System (IS-IS) is an Interior Gateway Protocol (IGP) thatruns within an autonomous system (AS). IS-IS is also a link-state routing protocol, using theshortest path first (SPF) algorithm to calculate routes.

IS-IS is a dynamic routing protocol initially designed by the International Organization forStandardization (ISO) for its Connectionless Network Protocol (CLNP). To support IP routing,the Internet Engineering Task Force (IETF) extended and modified IS-IS in RFC 1195. Thismodification enables IS-IS to apply to TCP/IP and OSI environments. This type of IS-IS is calledIntegrated IS-IS or Dual IS-IS.

NOTEIS-IS stated in this document refers to Integrated IS-IS, unless otherwise stated.

5.2 IS-IS (IPv4) Features Supported by the DeviceThe device supports the following IS-IS IPv4 features: basic IS-IS functions, IS-IS networksecurity, IS-IS route selection, IS-IS route exchange, IS-IS route summarization, IS-IS routeconvergence, LSP fragment extension, mesh group, IS-IS NSR, IS-IS reliability, IS-IS Overload,and IS-IS maintenance.

Basic IS-IS FunctionsBefore deploying IS-IS on an IPv4 network, configure basic IS-IS functions to enable networkdevices to communicate. Other IS-IS features can be configured only when basic IS-IS functionsare configured.

IS-IS Network SecurityOn an IS-IS network, unauthorized users may modify data packets or forge packets of authorizedusers to attack the IS-IS network. To ensure service security on the IS-IS network, configurearea authentication, domain authentication, or interface authentication.

IS-IS Route SelectionIf multiple routes are available on an IS-IS network, a route discovered by IS-IS may not be theoptimal route. This does not meet network planning requirements nor facilitates trafficmanagement. Therefore, configure IPv4 IS-IS route selection to implement refined control overroute selection.

IS-IS Route ExchangeIn practice, you can control advertising and receiving of IS-IS routes to meet networkrequirements.

IS-IS Route SummarizationRoute summarization is the process of consolidating multiple routes with the same IP prefix intoone route.



188

Route summarization on a large-scale IS-IS network efficiently reduces routing entries. Thisminimizes system resource consumption and facilitates route management. In addition, if aspecific link frequently alternates between Up and Down, the links not involved in routesummarization will not be affected. This prevents route flapping and improves network stability.

IS-IS Route ConvergenceTo enable IS-IS to fast detect network changes, speed up IS-IS network convergence. To reducethe impact of route flapping on networks and lessen the device burden, slow down IS-IS networkconvergence.

The procedure for implementing IS-IS is as follows:

l Establishment of neighboring relationships: establishes neighboring relationships byexchanging Hello packets between two devices.

l LSP flooding: implements link state database (LSDB) synchronization between devices inthe same area.

l SPF calculation: uses the SPF algorithm to calculate IS-IS routes according to the LSDB,and delivers the IS-IS routes to the routing table.

To accelerate the IS-IS route convergence speed, configure the following parameters:

l Set the number of invalid Hello packets and the interval for sending Hello packets to controlthe holding time of the neighbor relationship between two neighbors.

l Set the interval for sending CSNPs, LSP size, minimum interval for sending LSPs,maximum lifetime of LSPs, interval for updating LSPs, interval for retransmitting LSPs,intelligent timer for generating LSPs, and LSP fast flooding to speed up LSP flooding.

l Set the SPF calculation interval to improve the fault location efficiency on an IS-IS networkand prevent SPF calculation from consuming excessive system resources.

If some IS-IS routes need to be converged by preference to minimize adverse impacts on services,configure the highest convergence priority for these routes.

LSP Fragment ExtensionWhen an IS-IS router needs to advertise the LSPs that contain much information, the IS-IS routergenerates multiple LSP fragments to carry more IS-IS information.

Mesh GroupOn the Non Broadcast Multiple Access (NBMA) network, after receiving an LSP, the interfaceof a switch floods the LSP to the other interfaces. In a network with higher connectivity andmultiple P2P links, however, the flooding method causes repeated LSP flooding and wastesbandwidth.

To avoid the preceding problem, you can configure several interfaces to form a mesh group. Theswitch in the mesh group does not flood the LSP received from an interface of the group to theother interfaces of the group, but floods it to interfaces of other groups or interfaces that do notbelong to any group.

IS-IS ReliabilityTo ensure that faults are fast rectified on an IS-IS network, speed up fault detection and linkswitchover. However, the IS-IS fault detection mechanism and link switchover require a long



189

period, which cannot meet requirements of services that are very sensitive to packet loss anddelay.

To meet requirements of these services, use BFD for IS-IS to implement fast fault detection anduse IS-IS Auto FRR and IS-IS GR helper to implement fast switchover. This improves IS-ISreliability.

IS-IS NSRWith Routing Information Protocol next generation (IS-IS) NSR, IS-IS real-time data issynchronized between the AMB and SMB. After an AMB/SMB switchover is performed on adevice, the SMB takes over services from the AMB, and neighbors are unaware of the localfault. After the switchover, the new AMB recovers IS-IS immediately based on the synchronizedIS-IS real-time data. Therefore, neighbors are unaware of the switchover as well.

IS-IS OverloadIf the system cannot store new LSPs and so fails to synchronize the LSDB, the routes calculatedby this system are incorrect. In this situation, the device enters the overload state and the routespassing through this device are not calculated. However, the direct routes of the device are stillvalid.

When an IS-IS device on the network needs to be upgraded or maintained, isolate this devicefrom the network temporarily. Set the overload bit on the device to prevent other devices fromforwarding traffic through this device.

IS-IS MaintenanceAfter configuring IS-IS features, you need to maintain IS-IS.

l After IS-IS is reset, all the structure information and neighbor relationships arereestablished.

l After IS-IS host name mapping is configured, the configured host name rather than thesystem ID is displayed in IS-IS information. This improves IS-IS network maintainability.

l After neighbor relationship debugging is enabled, changes of IS-IS neighbor relationshipsare displayed on terminals. When faults occur, you can view logs to locate the faults.

5.3 Default ConfigurationThis section describes the default configuration of IPv4 IS-IS, which can be changed accordingto network requirements.

Table 5-1 describes the default configuration of IPv4 IS-IS.

Table 5-1 Default configuration of IPv4 IS-IS

Parameter Default Configuration

IS-IS Disabled

DIS priority 64

Device level Level-1-2



190

Parameter Default Configuration

Interval for sending Hello packets 10s

Minimum interval for sending LSPs 50 ms

Maximum number of LSPs to be sent 10

Interval for updating LSPs 900s

Maximum lifetime of LSPs 1200s

Bandwidth reference value 100 Mbit/s

5.4 Configure Basic IS-IS FunctionsAn IS-IS network can be set up only after basic IS-IS functions are configured.

Pre-configuration TasksBefore configuring basic IS-IS functions, complete the following task:


Configuration FlowchartCreating an IS-IS process is the prerequisite for configuring a network entity title (NET),configuring the device level, and establishing an IS-IS neighbor relationship.

5.4.1 Creating IS-IS Processes

ContextCreating IS-IS processes is the prerequisite for performing IS-IS configurations.

Procedure



Step 2 Run:isis [ process-id ] [ vpn-instance vpn-instance-name ]

An IS-IS process is created, and the IS-IS process view is displayed.

The process-id parameter specifies the ID of an IS-IS process. If the process-id is not specified,by default, The value of process-id is 1. To associate the IS-IS process with a VPN instance,specify the VPN instance name.

Step 3 (Optional) Run:description



191

Description for the IS-IS process is configured.

Step 4 Run:commit


----End

5.4.2 Configuring a NET

ContextNET is the special form of the network service access point (NSAP). After the IS-IS view isdisplayed, IS-IS can start only when a NET is configured for an IS-IS process.

Generally, you only need to configure one NET for an IS-IS process. When an area needs to beredefined, for example, the area needs to be merged with other areas or divided into sub-areas,configure multiple NETs to ensure route correctness. A maximum of three area addresses canbe configured for an IS-IS process. Therefore, a maximum of three NETs can be configured foran IS-IS process. When configuring multiple NETs, ensure that their system IDs are the same.


system-view


Step 2 Run:isis [ process-id ]

The IS-IS process view is displayed.

Step 3 Run:network-entity net

A NET is configured.

NOTE

Configuring loopback interface addresses based on NETs is recommended to ensures that a NET is uniqueon the network. If NETs are not unique, route flapping will easily occur.An area ID uniquely identifies an area in the same IS-IS domain. All routers in the same Level-1 area mustshare the same area ID, while routers in the same Level-2 area can have different area IDs.

Step 4 Run:commit


----End

5.4.3 Configuring the Device Level

ContextConfigure the device level according to network planning requirements:



192

l When the level of a device is Level-1, the device establishes neighbor relationships withonly Level-1 and Level-1-2 routers in the same area and maintains only Level-1 LSDBs.

l When the level of a device is Level-2, the device can establish neighbor relationship withLevel-2 routers in the same area or different areas and with Level-1-2 routers in differentareas and maintain only Level-2 LSDB.

l When the level of a device is Level-1-2, the device can establish neighbor relationshipswith Level-1 and Level-2 routers and maintain Level-1 and Level-2 LSDBs.

CAUTIONIf the levels of IS-IS devices are changed during network operation, the IS-IS process will berestarted and IS-IS neighbor relationships will be disconnected. Setting the levels of deviceswhen configuring IS-IS is recommended.

Procedure





Step 3 Run:is-level { level-1 | level-1-2 | level-2 }

The level of the switch is configured.

By default, the level of the switch is Level-1-2.

Step 4 Run:commit


----End

5.4.4 Establishing IS-IS Neighbor Relationships

ContextThe methods to establish IS-IS neighbor relationships on a broadcast network and a P2P networkare different. Therefore, you need to set different IS-IS attributes for interfaces of different types:l On a broadcast network, IS-IS needs to select the designated intermediate system (DIS).

You can set the DIS priority for IS-IS interfaces to enable the device with the highest DISpriority to be elected as the DIS.

l On a P2P network, IS-IS does not need to select the DIS. Therefore, the DIS priority doesnot need to be configured for interfaces. To ensure P2P link reliability, configure IS-IS toestablish a neighbor relationship on two P2P interfaces in 3-way mode for unidirectionallink fault detection.



193

Generally, IS-IS checks the IP addresses of received Hello packets. A neighbor relationshipcan be established only when the source IP address carried in a received Hello packet andthe address of the interface that receives the Hello packet are on the same network segment.If the IP addresses of the two P2P interfaces are on different network segments, and theisis peer-ip-ignore command is run on the two interfaces, IS-IS does not check the peerIP address. The neighbor relationship can be correctly established on the two P2P interfaces.

Procedurel Establish an IS-IS neighbor relationship on a broadcast link.

1. Run:system-view




isis enable [ process-id ]

IS-IS is enabled on the interface.

After this command is run, IS-IS establishes neighbor relationships and floods LSPsthrough this interface.

NOTE

Loopback interfaces are not used to establish neighbor relationships. If IS-IS is enabled on aloopback interface, IS-IS advertises the routes of the network segment where the interfaceresides through other IS-IS interfaces.

4. Run:isis circuit-level [ level-1 | level-1-2 | level-2 ]

The level of the interface is configured.

By default, the level of an interface is level-1-2.

When two Level-1-2 devices establish IS-IS neighbor relationship, they establish bothLevel-1 and Level-2 neighbor relationships. To allow the two Level-1-2 devices toestablish only Level-1 or Level-2 neighbor relationship, change the level of interfaces.

NOTE

Changing the level of an IS-IS interface is valid only when the level of the IS-IS device isLevel-1-2. If the level of the device is not Level-1-2, the level of the device determines thelevel of the established neighbor relationship.

5. (Optional) Run:isis dis-priority priority [ level-1 | level-2 ]

The DIS priority is set for the interface. A larger value indicates a higher priority.

By default, the DIS priority of Level-1 and Level-2 broadcast interfaces is 64.6. (Optional) Run:

isis silent

The interface is suppressed.

By default, an IS-IS interface is not suppressed.



194

When an IS-IS interface is suppressed, the interface no longer sends or receives IS-IS packets. The routes of the network segment where the interface resides, however,can still be advertised to other IS-IS devices within the same AS.

7. Run:commit

The configuration is committed.l Establish an IS-IS neighbor relationship on a P2P link.

1. Run:system-view




isis enable [ process-id ]

IS-IS is enabled on the interface.4. Run:

isis circuit-level [ level-1 | level-1-2 | level-2 ]

The level of the interface is configured.

By default, the level of an interface is level-1-2.5. Run:

isis circuit-type p2p

The network type of the interface is set to P2P.

By default, the network type of an interface is determined by the physical type of theinterface.

When the network type of an IS-IS interface changes, the interface configurationchanges accordingly:– After a broadcast interface is simulated as a P2P interface using the isis circuit-

type p2p command, the interval for sending Hello packets, number of Hellopackets that IS-IS does not receive from a neighbor before the neighbor is declaredDown, interval for retransmitting LSPs on a P2P link, and various IS-ISauthentication modes are restored to the default settings; other configurations suchas the DIS priority, DIS name, and interval for sending CSNPs on a broadcastnetwork become invalid.

– After the undo isis circuit-type command is run to restore the default networktype of an IS-IS interface, the interval for sending Hello packets, number of Hellopackets that IS-IS does not receive from a neighbor before the neighbor is declaredDown, interval for retransmitting LSPs on a P2P link, various IS-IS authenticationmodes, DIS priority, and interval for sending CSNPs on a broadcast network arerestored to the default settings.

6. Run:isis ppp-negotiation { 2-way | 3-way [ only ] }

The negotiation mode is specified for the interface.



195

By default, the negotiation mode is 3-way.7. Run:

isis peer-ip-ignore

IS-IS is configured not to check the IP addresses of received Hello packets.

By default, IS-IS checks the IP addresses of received Hello packets.8. Run:

isis ppp-osicp-check

OSICP negotiation status check is configured on the interface.

By default, the OSICP negotiation status of a PPP interface does not affect the statusof an IS-IS interface.

NOTE

This command applies only to PPP interfaces and is invalid for other P2P interfaces.

After this command is run, the OSICP negotiation status of a PPP interface affects the statusof an IS-IS interface. When PPP detects that the OSI network fails, the link status of the IS-ISinterface goes Down and the routes of the network segment where the interface resides are notadvertised through LSPs.

9. Run:commit


----End


Procedurel Run the display isis peer [ verbose ] [ process-id | vpn-instance vpn-instance-name ]

command to check information about IS-IS neighbors.l Run the display isis interface [ verbose ] [ process-id | vpn-instance vpn-instance-

name ] command to check information about IS-IS interfaces.l Run the display isis route [ process-id | vpn-instance vpn-instance-name ] [ ipv4 ]

[ verbose | [ level-1 | level-2 ] | ip-address [ mask | mask-length ] ] * command to checkinformation about IS-IS routes.

----End

5.5 Improving IS-IS Network SecurityOn an IS-IS network that requires high security, configure IS-IS authentication to improve IS-IS network security.


Before improving IS-IS network security, complete the following task:

l 5.4 Configure Basic IS-IS Functions



196

Configuration FlowchartYou can perform the following configuration tasks (excluding the task of Checking theConfiguration) in any sequence as required.

5.5.1 Configuring Interface Authentication

ContextGenerally, the IS-IS packets to be sent are not encapsulated with authentication information, andthe received packets are not authenticated. If a user sends malicious packets to attack a network,information on the entire network may be stolen. Therefore, you can configure IS-ISauthentication to improve the network security.

After the IS-IS interface authentication is configured, authentication information can beencapsulated into the Hello packet to confirm the validity and correctness of neighbor.

CAUTIONIf plain is selected during the configuration of the authentication mode for the IS-IS interface,the password is saved in the configuration file in plain text. This brings security risks. It isrecommended that you select cipher to save the password in cipher text.

Procedure





Step 3 Run any of the following command to configure the authentication mode of the IS-IS interfaceas required:l Run:

isis authentication-mode simple { plain plain-text | [ cipher ] plain-cipher-text } [ level-1 | level-2 ] [ ip | osi ] [ send-only ]Simple authentication is configured for the IS-IS interface.

l Run:isis authentication-mode md5 { plain plain-text | [ cipher ] plain-cipher-text } [ level-1 | level-2 ] [ ip | osi ] [ send-only ]MD5 authentication is configured for the IS-IS interface.

l Run:isis authentication-mode hmac-sha256 key-id key-id { plain plain-text | [ cipher ] plain-cipher-text } [ level-1 | level-2 ] [ send-only ]HMAC-SHA256 authentication is configured for the IS-IS interface.

l Run:



197

isis authentication-mode keychain keychain-name [ level-1 | level-2 ] [ send-only ]

The Keychain authentication is configured for the IS-IS interface.

By default, an IS-IS interface does not authenticate received Hello packets and no authenticationpassword is configured on the interface.

NOTE

Use the send-only parameter according to network requirements:

l If the send-only parameter is specified, the device only encapsulates the Hello packets to be sent withauthentication information rather than checks whether the received Hello packets pass theauthentication. When the Hello packets do not need to be authenticated on the local device and passthe authentication on the remote device, the two devices can establish the neighbor relationship.

l If the send-only parameter is not specified, ensure that passwords of all interfaces with the same levelon the same network are the same.

Parameters level-1 and level-2 apply only to the VLANIF interfaces on which IS-IS is enabled using theisis enable command.

Step 4 Run:commit


----End

5.5.2 Configuring Area or Domain Authentication

Context

Generally, the IS-IS packets to be sent are not encapsulated with authentication information, andthe received packets are not authenticated. If a user sends malicious packets to attack a network,information on the entire network may be stolen. Therefore, you can configure IS-ISauthentication to improve the network security.

The area authentication password is encapsulated into Level-1 IS-IS packets. Only the packetsthat pass the area authentication can be accepted. Therefore, you must configure IS-IS areaauthentication on all the IS-IS devices in the specified Level-1 area to authenticate the Level-1area.

The domain authentication password is encapsulated into Level-2 IS-IS packets. Only thepackets that pass the domain authentication can be accepted. Therefore, you must configure IS-IS domain authentication on all the IS-IS devices in the Level-2 area to authenticate Level-2area.

CAUTIONIf plain is selected during the configuration of the area authentication mode or domainauthentication mode, the password is saved in the configuration file in plain text. This bringssecurity risks. It is recommended that you select cipher to save the password in cipher text.



198

NOTE

When configuring IS-IS authentication, the area or domain authentication modes and passwords of therouters in the same area must be consistent so that IS-IS packets can be flooded normally.Whether IS-IS packets can pass area or domain authentication does not affect the establishment of Level-1or Level-2 neighbor relationships.


system-view




Step 3 Perform the following operations at any sequence as required.l Run:

area-authentication-mode { { simple | md5 } { plain plain-text | [ cipher ] plain-cipher-text } [ ip | osi ] | keychain keychain-name } [ snp-packet { authentication-avoid | send-only } | all-send-only ]The area authentication mode is configured.By default, the system neither encapsulates generated Level-1 packets with authenticationinformation nor authenticates received Level-1 packets.

l Run:domain-authentication-mode { { simple | md5 } { plain plain-text | [ cipher ] plain-cipher-text } [ ip | osi ] | keychain keychain-name } [ snp-packet { authentication-avoid | send-only } | all-send-only ]The domain authentication mode is configured.By default, the system neither encapsulates generated Level-2 packets with authenticationinformation nor authenticates received Level-2 packets.NOTE

The authentication involves the following situations:l The device encapsulates the authentication mode into LSPs and SNPs to be sent and checks whether

the received packets pass authentication. Then, the device discards the packets that do not pass theauthentication. In this case, the parameter snp-packet or all-send-only is not specified.

l The device encapsulates authentication information into LSPs to be sent and checks whether thereceived LSPs pass the authentication; the device neither encapsulates the SNPs to be sent withauthentication information nor checks whether the received SNPs pass the authentication. In this case,the parameter snp-packet authentication-avoid needs to be specified.

l The device encapsulates the LSPs and SNPs to be sent with authentication information; the device,however, checks the authentication mode of only the received LSPs rather than the received SNPs. Inthis case, the parameter snp-packet send-only needs to be specified.

l The device encapsulates the LSPs and SNPs to be sent with authentication information, but does notcheck whether the received LSPs or SNPs pass the authentication. In this case, the parameter all-send-only needs to be specified.

Step 4 Run:commit


----End



199


Procedurel Run the display isis lsdb verbose command to check the detailed information in the IS-IS

LSDB.

----End

5.6 Controlling IS-IS Route SelectionYou can adjust IS-IS route selection to precisely control route selection.

Pre-configuration TasksBefore configuring IS-IS route selection, complete the following task:



5.6.1 Configuring a Preference Value for IS-IS

ContextIf multiple routes to the same destination are discovered by different routing protocols runningon the same device, the route discovered by the protocol with the highest preference is selected.

To prefer a route discovered by IS-IS, configure a higher preference value for IS-IS. In addition,a routing policy can be configured to increase the preferences of specified IS-IS routes, withoutaffecting route selection.

Procedure




The IS-IS view is displayed.

Step 3 Run:preference { preference | route-policy route-policy-name } *

The IS-IS preference value is configured.

The default IS-IS preference value is 15. A smaller preference value indicates a higherpreference.



200

Step 4 Run:commit


----End

5.6.2 Configuring the Cost of an IS-IS Interface

ContextThe costs of IS-IS interfaces can be determined in the following modes in descending order bypriority:l Interface cost: is configured for a specified interface.l Global cost: is configured for all interfaces.l Automatically calculated cost: is automatically calculated based on the interface

bandwidth.

If no cost is configured for an IS-IS interface, the IS-IS interface uses the default cost 10 andcost style narrow.

CAUTIONIf you want to change the cost style of IS-IS devices, running the command while configuringbasic IS-IS functions is recommended. If the cost style of IS-IS devices is changed duringnetwork operation, the IS-IS process is restarted and neighbors are disconnected.

Procedure

Step 1 Configure the IS-IS cost style.1. Run:

system-view


isis [ process-id ]

The IS-IS view is displayed.3. Run:

cost-style { narrow | wide | wide-compatible | { { narrow-compatible | compatible } [ relax-spf-limit ] } }

The IS-IS cost style is configured.

By default, the cost style of routes received and sent by an IS-IS device is narrow.4. Run:

commit


The cost range of an interface and a route received by the interface vary with the cost type.



201

l If the cost style is narrow, the cost of an interface ranges from 1 to 63. The maximum costof a route received by the interface is 1023.

l If the cost style is narrow-compatible or compatible, the cost of an interface ranges from 1to 63. The cost of a received route is related to relax-spf-limit.

l If the cost style is wide-compatible or wide, the cost of the interface ranges from 1 to16777215. When the cost is 16777215, the neighbor TLV generated on the link cannot beused for route calculation but for the transmission of TE information. The maximum cost ofa received route is 0xFFFFFFFF.

Step 2 Configure the cost of an IS-IS interface.

Perform any of the following operations to configure the cost of an IS-IS interface.

Configure the cost of a specified IS-IS interface.1. Run:

system-view




isis cost cost [ level-1 | level-2 ]

The cost of the IS-IS interface is configured.

By default, the link cost of an IS-IS interface is 10.

NOTE

To change the cost of a loopback interface, run the isis cost command only in the loopback interfaceview.

4. Run:commit

The configuration is committed.Configure the global IS-IS cost.1. Run:

system-view


isis [ process-id ]


circuit-cost cost [ level-1 | level-2 ]

The global IS-IS cost is configured.

By default, no global cost is configured.4. Run:

commit



202


Enable IS-IS to automatically calculate the interface cost.

1. Run:system-view


2. Run:isis [ process-id ]


3. Run:bandwidth-reference value

The reference value of the bandwidth is configured. By default, the bandwidth referencevalue is 100 Mbit/s.

4. Run:auto-cost enable

The interface is configured to automatically calculate its cost.

5. Run:commit


The bandwidth reference value set using the bandwidth-reference command takes effect onlywhen the cost style is wide or wide-compatible. In this case, the interface cost is calculated usingthe following formula:

Cost of each interface = (Bandwidth-reference/Interface bandwidth) × 10

If the cost-style is narrow, narrow-compatible, or compatible, the cost of each interface is basedon costs listed in Table 5-2.

Table 5-2 Mapping between IS-IS interface costs and interface bandwidth

Cost Bandwidth Range

60 Interface bandwidth ≤ 10 Mbit/s

50 10 Mbit/s < interface bandwidth ≤ 100 Mbit/s



20 622 Mbit/s < Interface bandwidth ≤ 2.5 Gbit/s

10 2.5 Gbit/s < Interface bandwidth

----End



203

5.6.3 Configuring Principles for Using Equal-Cost IS-IS Routes

ContextIf there are redundant IS-IS links, multiple routes may have an equal cost. Choose either of thefollowing methods to use these equal-cost IS-IS routes:l Configure load balancing for equal-cost IS-IS routes so that traffic will be evenly balanced

among these links.This mechanism increases the link bandwidth usage and prevents network congestioncaused by link overload. However, this mechanism may make traffic management moredifficult because traffic will be randomly forwarded.

l Configure preference values for equal-cost IS-IS routes so that only the route with thehighest preference will be used and the others function as backups.This configuration facilitates traffic management and improves the network reliability,without the need to change original configurations.

Procedurel Configure equal-cost IS-IS routes to work in load-balancing mode.

1. Run:system-view


isis [ process-id ]


maximum load-balancing number

The maximum number of load-balancing equal-cost IS-IS routes is set.

By default, load balancing is supported and a maximum of 16 equal-cost routes canparticipate in load balancing.

NOTE

When the number of equal-cost routes is greater than number specified in the maximum load-balancing command, valid routes are selected for load balancing based on the followingcriteria:

1. Route preference: Routes with higher preferences are selected for load balancing.

2. Interface index: If routes have the same priorities, routes with higher interface index valuesare selected for load balancing.

3. Next hop IP address: If routes have the same priorities and interface index values, routeswith larger IP address are selected for load balancing.

4. Run:commit

The configuration is committed.l Configure preference values for equal-cost IS-IS routes.

1. Run:system-view



204


isis [ process-id ]


nexthop ip-address weight value

A preference value is configured for an equal-cost IS-IS route.

By default, the preference value configured for equal-cost IS-IS routes is 255. Asmaller value indicates a higher priority.

4. Run:commit


----End

5.6.4 Configuring IS-IS Route Leaking

ContextIf multiple Level-1-2 devices in a Level-1 area are connected to devices in the Level-2 area, aLevel-1 LSP sent by each Level-1-2 device carries an ATT flag bit of 1. This Level-1 area willhave multiple routes to the Level-2 area and to other Level-1 areas.

By default, routes in a Level-1 area can be leaked into the Level-2 area so that Level-1-2 andLevel-2 devices can learn about the topology of the entire network. Devices in a Level-1 areaare unaware of the entire network topology because they only maintain LSDBs in the localLevel-1 area. Therefore, a device in a Level-1 area can forward traffic to a Level-2 device onlythrough the nearest Level-1-2 device. The route used may not be the optimal route to thedestination.

To enable a device in a Level-1 area to select the optimal route, configure IPv4 IS-IS routeleaking so that specified routes in the Level-2 area can be leaked into the local Level-1 area.

Routes of services deployed only in the local Level-1 area do not need to be leaked into theLevel-2 area. A policy can be configured to leak only desired routes into the Level-2 area.

Procedurel Specify routes in the Level-2 area and other Level-1 areas that can be leaked into the local

Level-1 area.1. Run:

system-view


isis [ process-id ]


import-route isis level-2 into level-1 [ tag tag | filter-policy { acl-number | acl-name acl-name | ip-prefix ip-prefix-name | route-policy route-policy-name } ] *



205

Routes that meet the specified conditions in the Level-2 areas are leaked into the localLevel-1 area.

By default, routes in the Level-2 area are not leaked into Level-1 areas.

NOTE

The command is run on the Level-1-2 device that is connected to an external area.

4. Run:commit

The configuration is committed.l Configure routes in Level-1 areas to leak into the Level-2 area.

1. Run:system-view


isis [ process-id ]


import-route isis level-1 into level-2 [ tag tag | filter-policy { acl-number | acl-name acl-name | ip-prefix ip-prefix-name | route-policy route-policy-name } ] *

Routes that meet the specifies conditions in Level-1 areas are leaked into the Level-2area.

By default, all routes in a Level-1 area are leaked into the Level-2 area.

NOTE

The command is run on the Level-1-2 device that is connected to an external area.

----End


Procedurel Run the display isis route [ process-id | vpn-instance vpn-instance-name ] [ ipv4 ]

[ verbose | [ level-1 | level-2 ] | ip-address [ mask | mask-length ] ] * command to check IS-IS routing information.

l Run the display isis lsdb [ { level-1 | level-2 } | verbose | { local | lsp-id | is-name symbolic-name } ] * [ process-id | vpn-instance vpn-instance-name ] command to check informationin the IS-IS LSDB.

----End

5.7 Controlling IS-IS Route ExchangeIf other routing protocols are configured on an IS-IS network, you need to configure IS-IS tointeract with these protocols to ensure successful communication between them.



206


Before controlling IS-IS route exchange, complete the following task:


Configuration Flowchart


5.7.1 Configuring IS-IS to Advertise a Default Route

Context

If IS-IS is configured to advertise a default route on a border device that has external routes, thedevice advertises a default route 0.0.0.0/0 in the IS-IS routing domain. All traffic destined forother routing domains is first forwarded to the border device.

NOTE

Configuring a static default route can also allow all the traffic to be first forwarded to a border device,which then forwards the traffic outside an IS-IS routing domain. However, this method leads to heavyworkload in configuration and management when a large number of devices are deployed on the network.

In addition, advertising default routes using IS-IS is flexible. If multiple border devices are deployed, arouting policy can be configured to allow only the border device that meets the specified conditions toadvertise a default route, preventing routing blackholes.

Procedure





Step 3 Run:default-route-advertise [ always | match default | route-policy route-policy-name ] [ cost cost | tag tag | [ level-1 | level-1-2 | level-2 ] ] * [ avoid-learning ]

IS-IS is configured to advertise a default route.

By default, IS-IS does not advertise a default route.

Step 4 Run:commit


----End



207

5.7.2 Configuring IS-IS to Import External Routes

ContextAfter IS-IS is configured to advertise a default route on a border device in an IS-IS routingdomain, all the traffic destined outside the IS-IS routing domain is forwarded through the borderdevice. This burdens the border device because other devices in the IS-IS routing domain do nothave the routes destined outside the domain. If multiple border devices are deployed in the IS-IS routing domain, optimal routes to other routing domains need to be selected.

To ensure optimal routes are selected, all the other devices in the IS-IS routing domain mustlearn all or some external routes.

Procedure





Step 3 Configure IS-IS to import external routes.l When you need to set the cost of imported routes, run the import-route { direct | static |

{ ospf | rip | isis } [ process-id ] | bgp } [ cost-type { external | internal } | cost cost | tagtag | route-policy route-policy | [ level-1 | level-2 | level-1-2 ] ] * command to configure IS-IS to import external routes.

l When you need to retain the original cost of imported routes, run the import-route{ { ospf | rip | isis } [ process-id ] | bgp | direct } inherit-cost [ { level-1 | level-2 |level-1-2 } | tag tag | route-policy route-policy ] * command to configure IS-IS to importexternal routes. In this case, the source routing protocol of imported routes cannot be static.

NOTE

IS-IS will advertise all imported external routes to the IS-IS routing domain by default.

Step 4 Run:commit


----End

5.7.3 Configuring IS-IS to Advertise Specified External Routes toan IS-IS Routing Domain

ContextWhen the local IS-IS device advertises imported external routes to other IS-IS devices, routingpolicies can be configured to advertise only the external routes that meet specified conditions ifthese devices do not require all the imported external routes.



208

Procedure





Step 3 Run:filter-policy { acl-number | acl-name acl-name | ip-prefix ip-prefix-name | route-policy route-policy-name } export [ protocol [ process-id ] ]

IS-IS is configured to advertise the external routes that meet specified conditions to the IS-ISrouting domain.

Step 4 Run:commit


----End

5.7.4 Adding Specified IS-IS Routes to the IP Routing Table

ContextOnly routes in an IP routing table can be used to forward IP packets. An IS-IS route can takeeffect only after this IS-IS route has been successfully added to an IP routing table.

If an IS-IS route does not need to be added to a routing table, specify conditions, such as a basicACL, IP prefix, and routing policy, to filter routes so that only IS-IS routes that meet the specifiedconditions can added to an IP routing table. IS-IS routes that do not meet the specified conditionscannot be added to the IP routing table and cannot be selected to forward IP packets.

Procedure





Step 3 Run:filter-policy { acl-number | acl-name acl-name | ip-prefix ip-prefix-name | route-policy route-policy-name } import

Conditions for filtering IS-IS routes are configured.

Step 4 Run:commit



209


----End


Procedurel Run the display isis lsdb [ { level-1 | level-2 } | verbose | { local | lsp-id | is-name symbolic-

name } ] * [ process-id | vpn-instance vpn-instance-name ] command to check IS-IS LSDBinformation.

l Run the display isis route [ process-id | vpn-instance vpn-instance-name ] [ ipv4 ][ verbose | [ level-1 | level-2 ] | ip-address [ mask | mask-length ] ] * command to check IS-IS routing information.

l Run the display ip routing-table [ verbose ] command to check the IP routing table.

----End

5.8 Configuring IS-IS Route SummarizationA large IS-IS network has a large number of routing entries. This will slow down routing tablelookup and increase management complexity. You can configure route summarization to reducethe size of routing tables.

Pre-configuration TasksBefore configuring IS-IS route summarization, complete the following task:


Procedure





Step 3 Run:summary ip-address mask [ avoid-feedback | generate_null0_route | tag tag | [ level-1 | level-1-2 | level-2 ] ] *

The specified IS-IS routes are summarized into one IS-IS route.

NOTE

After route summarization is configured on a device, the local routing table still contains all specific routesbefore the summarization. The routing tables on other devices contain only the summary route, and thesummary route is deleted only after all its specific routes are deleted.

Step 4 Run:commit



210


----End

Checking the Configurationl Run the display isis route command to check summary routes in the IS-IS routing table.

l Run the display ip routing-table [ verbose ] command to check summary routes in the IProuting table.

5.9 Controlling IS-IS Route ConvergenceAccelerating IS-IS route convergence can improve the fault location efficiency and improvenetwork reliability.


Before configuring IS-IS route convergence, complete the following task:




5.9.1 Configuring Attributes for Hello Packets

Context

IS-IS maintains neighbor relationships between neighbors by sending and receiving Hellopackets. If the local device does not receive Hello packets from its neighbor within a specifiedperiod, the device considers the neighbor Down.

In IS-IS, you can set the interval for sending Hello packets and the holding multiplier ofneighboring devices to control the holdtime of neighbor relationships between the local deviceand neighbors.

l If the interval for sending Hello packets is too short, more system resources are consumedto send Hello packets, causing a heavy CPU load.

l If the holdtime of neighboring devices is too long, the local device needs to spend muchtime detecting the failure of neighbors, slowing down IS-IS route convergence. If theholdtime of neighboring devices is too short, some Hello packets may be lost or becomeincorrect because of network transmission delay and errors. This will cause neighborrelationships to frequently alternate between Up and Down and lead to route flapping onthe IS-IS network.

NOTE

You are advised to set the same interval for sending Hello packets and same holding multiplier ofneighboring devices on all the devices on the IS-IS network. This method prevents IS-IS routeconvergence from being slowed down when some devices detect link failures at a lower speed thanother devices.



211

Procedurel Configure the interval for sending Hello packets.

1. Run:system-view




isis timer hello hello-interval [ level-1 | level-2 ]

The interval for sending Hello packets is set on an interface.

By default, the interval for sending Hello packets 10 seconds.

NOTE

Parameters level-1 and level-2 are configured only on a broadcast interface.

On a broadcast link, there are Level-1 and Level-2 Hello packets. For different types of packets,you can set different intervals. If no level is specified, both the Level-1 timer and Level-2 timerare configured. On a P2P link, there are only one type of Hello packets. Therefore, neitherlevel-1 nor level-2 is required.

4. Run:commit

The configuration is committed.l Set the holding multiplier for neighboring devices.

1. Run:system-view




isis timer holding-multiplier number [ level-1 | level-2 ]

The holding multiplier of neighboring devices is set.

The default holding multiplier is 3. The holdtime of neighbor relationships is threetimes the interval for sending Hello packets.

NOTE

Parameters level-1 and level-2 are configured only on a broadcast interface.

4. Run:commit


----End



212

5.9.2 Configuring Attributes for LSPs

ContextLSPs are used to exchange link state information. You can configure attributes for LSPs tocontrol the length and maximum lifetime of LSPs. To accelerate network convergence, you canenable LSP fast flooding or reduce the minimum interval for sending LSPs and the interval forupdating LSPs to speed up LSP flooding. However, CPU resources will be consumed too muchif the network topology changes frequently. In this situation, configure the intelligent timer forgenerating LSPs. This timer can fast respond to emergencies, speed up network convergence,and improve CPU resource efficiency because its interval becomes longer when the networkchanges frequently.

ConfiguredParameters

Function Usage Scenario

Set themaximumlength for LSPs

Set the sizefor LSPs tobegeneratedand LSPs tobe received.

When the volume of link status information increases, thelength of LSPs to be generated can be increased to carrymore information in each LSP.

Set themaximumlifetime forLSPs

Set themaximumlifetime forLSPs toensure thevalidity ofan LSPbefore itsupdatedLSP isreceived.

When a switch generates the system LSP, it fills in themaximum lifetime for this LSP. After this LSP is receivedby other switchs, the lifetime of the LSP is reducedgradually. If the switch does not receive any more updateLSPs and the lifetime of the LSP is reduced to 0, the LSPwill be deleted from the LSDB 60s later if no more updatedLSPs are received.

Set the refreshinterval forLSPs

Set therefreshinterval forLSPs tosynchronizeLSDBs.

On an IS-IS network, LSDB synchronization isimplemented through LSP flooding. During LSP flooding,a switch sends an LSP to its neighbors and then the neighborssend the received LSP to their respective neighbors exceptthe switch that first sends the LSP. In this manner, the LSPis flooded among the switchs of the same level. LSP floodingallows each switch of the same level to have the same LSPinformation and synchronize its LSDB with each other.

Set theminimuminterval atwhich LSPs aresent

Set theinterval forsending anLSP duringLSP update.

Reducing the minimum interval for sending LSPs speeds upLSP flooding.



213

ConfiguredParameters

Function Usage Scenario

Configure theintelligenttimer used togenerate LSPs

Control theinterval forgeneratingLSPsintelligentlyto speed uprouteconvergence and reducesystemload.

On an IS-IS network, if the local routing informationchanges, a switch needs to generate a new LSP to notify thischange. If the local routing information changes frequently,a large number of new LSPs are generated, which occupiesa lot of system resources and decreases system performance.To speed up network convergence and prevent systemperformance from being affected, configure an intelligenttimer for generating LSPs. This timer can adjust the delayin generating LSPs based on the routing information changefrequency.

Enable LSPfast flooding

Control thenumber ofLSPsfloodedeach timeon aninterface tospeed up IS-IS networkconvergence.

When an IS-IS switch receives new LSPs from otherswitchs, it switch updates the LSPs in the local LSDB andperiodically floods out the updated LSPs according to atimer . LSP fast flooding updates the preceding method.When a device configured with LSP fast flooding receivesone or more new LSPs. it floods out the LSPs with a numbersmaller than the specified number before calculating routes.This speeds up LSDB synchronization.

Set an intervalat which LSPsareretransmittedover a P2P link

Control theinterval forretransmitting LSPs toensureLSDBsynchronization on aP2Pnetwork.

On a point-to-point network, devices at both ends of a linksynchronize LSDBs with each other by flooding LSPs. Thedevice at one end of the link sends an LSP. If the device atthe other end receives this LSP, it replies with a PSNP. If thedevice that has sent an LSP does not receive a PSNP fromthe other end in a period of time, the device will retransmitthe LSP.

Procedurel Set the maximum length for LSPs.

1. Run:system-view


isis [ process-id ]

The IS-IS view is displayed.3. Set the maximum length for LSPs.

– Run:lsp-length originate max-size



214

The maximum length is set for each generated LSP.– Run:

lsp-length receive max-size

The maximum length is set for each received LSP.

By default, the IS-IS system generates and receives 1497-byte LSPs.

NOTE

Ensure that the value of max-size for LSPs to be generated must be smaller than or equal to thevalue of max-size for LSPs to be received.

The value of max-size set through the lsp-length command must meet the followingrequirements; otherwise, the MTU status on the interface is considered Down.

l The MTU of an Ethernet interface must be greater than or equal to the sum of the value ofmax-size and 3.

l The MTU of a P2P interface must be greater than or equal to the value of max-size.

4. Run:commit

The configuration is committed.l Set the maximum lifetime for LSPs.

1. Run:system-view


isis [ process-id ]


timer lsp-max-age age-time

The maximum lifetime is set for LSPs.

By default, the maximum lifetime of LSPs is 1200 seconds.4. Run:

commit

The configuration is committed.l Set the refresh interval for LSPs.

1. Run:system-view


isis [ process-id ]


timer lsp-refresh refresh-time

A refresh interval is set for LSPs.

y default, the LSP refresh interval is 900s.



215

NOTE

Ensure that the LSP refresh interval is more than 300s shorter than the maximum LSP lifetime.This allows new LSPs to reach all devices in an area before existing LSPs expire.

The larger a network, the greater the deviation between the LSP refresh interval and themaximum LSP lifetime.

4. Run:commit

The configuration is committed.l Set the minimum interval at which LSPs are sent.

1. Run:system-view




isis timer lsp-throttle throttle-interval [ count count ]

The minimum interval for sending LSPs on an IS-IS interface and the maximumnumber of LSPs sent within the interval are set.

By default, the minimum interval for sending LSPs is 50 ms, and the maximum numberof LSPs sent each time is 10.

4. Run:commit

The configuration is committed.l Configure the intelligent timer used to generate LSPs.

1. Run:system-view


isis [ process-id ]


timer lsp-generation max-interval [ init-interval [ incr-interval ] ] [ level-1 | level-2 ]

The intelligent timer used to generate LSPs is set.

If no level is configured, both Level-1 and Level-2 are configured.

The initial delay for generating the same LSPs (or LSP fragments) is init-interval. Thedelay for generating the same LSPs (or LSP fragments) secondly is incr-interval.When the routes change each time, the delay for generating the same LSPs (or LSPfragments) is twice as the previous value until the delay is up to max-interval. Afterthe delay reaches max-interval for three times or reset the IS-IS process, the intervalis reduced to init-interval.



216

When incr-interval is not used and generating the same LSPs (or LSP fragments) forthe first time, init-interval is used as the initial delay. Then, the delay for generatingthe same LSPs (or LSP fragments) is max-interval. After the delay reaches max-interval for three times or the IS-IS process is reset, the interval is reduced to init-interval.

When only max-interval is used, the intelligent timer changes into a normal one-shorttimer.

4. Run:commit

The configuration is committed.l Enable LSP fast flooding.

1. Run:system-view


isis [ process-id ]


flash-flood [ lsp-count ] [ max-timer-interval interval ] [ level-1 | level-2 ]

The LSP fast flooding is enabled.

The lsp-count parameter specifies the number of LSPs flooded each time, which isapplicable to all interfaces. If the number of LSPs to be sent is greater than the valueof lsp-count, lsp-count takes effect. If the number of LSPs to be sent is smaller thanthe value of lsp-count, LSPs of the actual number are sent. If a timer is configured andthe configured timer does not expire before the route calculation, the LSPs are floodedimmediately when being received; otherwise, the LSPs are sent when the timerexpires.

When LSP fast flooding is enabled, Level-1 LSPs and Level-2 LSPs are fast floodedby default if no level is specified.

4. Run:commit

The configuration is committed.l Set an interval at which LSPs are retransmitted over a P2P link.

1. Run:system-view



The interface view is displayed.3. (Optional) Run:

isis circuit-type p2p

A broadcast interface is simulated as a P2P interface.



217

NOTE

If the interface type is P2P, step 3 is not required.

4. Run:isis timer lsp-retransmit retransmit-interval

The interval at which LSPs are retransmitted over a P2P link is set.

By default, the interval for retransmitting LSPs over a P2P link is 5 seconds.5. Run:

commit


----End

5.9.3 Configuring Attributes for CSNPs

ContextComplete sequence number PDUs (CSNPs) contains the summary of all the LSPs in an LSDBto ensure LSDB synchronization between neighbors. CSNPs are processed differently onbroadcast and P2P links.l On a broadcast link, CSNPs are periodically sent by a DIS device. If a device detects that

its LSDB is not synchronized with that on its neighboring device, the device will sendPSNPs to apply for missing LSPs.

l On a P2P link, CSNPs are sent only during initial establishment of neighboringrelationships.

Procedure





Step 3 Run:isis timer csnp csnp-interval [ level-1 | level-2 ]

The interval at which CSNPs are sent is set on the specified interface.

By default, the interval at which CSNPs are sent on a broadcast network is 10 seconds.

NOTE

Configure Level-1 and Level-2 only when a broadcast interface is specified.

Step 4 Run:commit


----End



218

5.9.4 Setting the SPF Calculation Interval

Context

A network change always triggers IS-IS to perform SPF calculation. Frequent SPF calculationwill consume excessive CPU resources, affecting services.

To solve this problem, configure an intelligent timer to control the interval for SPF calculation.For example, to speed up IS-IS route convergence, set the interval for SPF calculation to a smallvalue and set the interval to a large value after the IS-IS network becomes stable.

Procedure





Step 3 Run:timer spf max-interval [ init-interval [ incr-interval ] ]

The SPF intelligent timer is configured.

By default, no SPF intelligent timer is configured and the maximum delay in SPF calculation is5 seconds.

The intelligent timer changes as follows:

l The delay in the first SPF calculation is determined by init-interval; the delay in the secondSPF calculation is determined by incr-interval. From the third time on, the delay in SPFcalculation increases twice every time until the delay reaches the value specified by max-interval. After the delay remains at the value specified by max-interval for three times or theIS-IS process is restarted, the delay decreases to the value specified by init-interval.

l If incr-interval is not specified, the delay in SPF calculation for the first time is determinedby init-interval. From the second time on, the delay in SPF calculation is determined by max-interval. After the delay remains at the value specified by max-interval for three times or theIS-IS process is restarted, the delay decreases to the value specified by init-interval.

l When only max-interval is specified, the intelligent timer functions as an ordinary one-timetriggering timer.

Step 4 Run:commit


----End



219

5.9.5 Configuring Convergence Priorities for IS-IS Routes

Context

Devices allow you to configure the highest convergence priority for specific IS-IS routes so thatthese IS-IS routes will be converged first when a network topology changes.

The application rules of the convergence priorities for IS-IS routes are as follows:

l Existing IS-IS routes are converged based on the priorities configured in the prefix-priority command.

l New IS-IS routes are converged based on the priorities configured in the prefix-prioritycommand.

l If an IS-IS route conforms to the matching rules of multiple convergence priorities, thehighest convergence priority is used.

l The convergence priority of a Level-1 IS-IS route is higher than that of a Level-2 IS-ISroute.

Procedure





Step 3 Run:prefix-priority [ level-1 | level-2 ] { critical | high | medium } { ip-prefix prefix-name | tag tag-value }

Convergence priorities are set for IS-IS routes.

By default, the convergence priority of 32-bit host routes is medium, and the convergencepriority of the other IS-IS routes is low.

NOTE

The prefix-priority command is only applicable to the public network.

After the prefix-priority command is run, the convergence priority of 32-bit host routes is low, and theconvergence priorities of the other routes are determined as specified in the prefix-priority command.

Step 4 Run:commit


----End



220


Procedurel Run the display isis interface [ verbose ] [ | vpn-instance vpn-instance-name ] command

to check IS-IS packet information.l Run the display isis route [ process-id | vpn-instance vpn-instance-name ] [ ipv4 ]

[ verbose | [ level-1 | level-2 ] | ip-address [ mask | mask-length ] ] * [ | count ] commandto check the informations of IS-IS routes.

----End

5.10 Configuring LSP Fragment ExtensionLSP fragment extension allows an IS-IS device to generate more LSP fragments to transmitmore IS-IS information.

Pre-configuration TasksBefore configuring LSP fragment extension, complete the following task:

l 5.4.1 Creating IS-IS ProcessesNOTE

When a new device connects to an IS-IS network, you are advertised to configure LSP fragment extensionand virtual systems before establishing IS-IS neighbors or importing routes. If you establish IS-IS neighborsor import routes, which causes IS-IS to carry much information that cannot be loaded through 256fragments, you must configure LSP fragment extension and virtual systems. The configurations, however,take effect only after you restart the IS-IS process.

Procedure





Step 3 Run:lsp-fragments-extend [ [ level-1 | level-2 | level-1-2 ] | [ mode-1 | mode-2 ] ] *

LSP fragment extension is enabled in an IS-IS process.

By default, LSP fragment extension is disabled in an IS-IS process.

If the mode or level is not specified during the configuration of LSP fragment extension, mode-1and level-1-2 are used by default.

NOTE

If there are devices of other manufacturers on the network, LSP fragment extension must be set to mode-1.Otherwise, devices of other manufacturers cannot identify LSPs.



221

Step 4 Run:virtual-system virtual-system-id

A virtual system is configured.

By default, no virtual system is configured.

To configure a switch to generate extended LSP fragments, you must configure at least onevirtual system. The ID of the virtual system must be unique in the domain.

An IS-IS process can be configured with up to 50 virtual system IDs.

Step 5 Run:commit


----End


Run the following commands to check IS-IS process statistics.

l display isis statistics [ updated-lsp [ history ] ] [ level-1 | level-2 | level-1-2 ] [ process-id | vpn-instance vpn-instance-name ]

l display isis process-id statistics [ [ [ updated-lsp [ history ] ] [ level-1 | level-2 |level-1-2 ] ] | [ packet ] ]

5.11 Configuring a Mesh Group on an NBMA NetworkYou can configure a mesh group on an NBMA network to prevent repeated LSP flooding fromcausing bandwidth waste.


Before configuring a mesh group, complete the following task:


Procedure





Step 3 Run:isis mesh-group { mesh-group-number | mesh-blocked }

The interface is added to a mesh group.



222

When mesh-blocked is configured on an interface, the interface is blocked and cannot floodLSPs outside. All the interfaces added to a mesh group implement global LSDB synchronizationthrough CSNP and PSNP mechanisms.

Step 4 Run:commit


----End

Checking the ConfigurationRun the following commands to check IS-IS process statistics.

l display isis statistics [ updated-lsp [ history ] ] [ level-1 | level-2 | level-1-2 ] [ process-id | vpn-instance vpn-instance-name ]

l display isis process-id statistics [ [ [ updated-lsp [ history ] ] [ level-1 | level-2 |level-1-2 ] ] | [ packet ] ]

5.12 Configuring IS-IS ReliabilityYou can configure IS-IS Auto FRR, BFD for IS-IS, and IS-IS GR to improve IS-IS reliability.

Pre-configuration TasksBefore configuring IS-IS reliability, complete the following task:



5.12.1 Enabling IS-IS Auto FRR

ContextAt present, the VoIP and on-line video services require high-quality real-time transmission.Nevertheless, if an IS-IS fault occurs, multiple processes, including fault detection, LSP update,LSP flooding, route calculation, and FIB entry delivery, must be performed to switch the trafficto a new link. As a result, it takes much more than 50 ms to recover the link from the fault, whichcannot meet the requirement for real-time services on the network.

After the BFD session status is bound to IS-IS Auto FRR, traffic can be fast switched from thefaulty link to the backup link. This ensures that the traffic interruption time is within 50 ms,which protects traffic and improves IS-IS network reliability.

Procedure




223



The IS-IS process is enabled and the IS-IS view is displayed.

Step 3 Run:frr

The IS-IS FRR view is displayed.

Step 4 (Optional) Run:frr-policy route route-policy route-policy-name

Backup routes are filtered using a filtering policy. Only backup routes that have passed thefiltering policy are added to the routing table.

Step 5 Run:loop-free-alternate [ level-1 | level-2 | level-1-2 ]

IS-IS Auto FRR is enabled and the loop-free backup route is created.

By default, IS-IS Auto FRR is disabled from calculating loop-free backup routes using the loop-free alternate (LFA) algorithm.

If the IS-IS level is not specified, IS-IS Auto FRR is enabled on Level-1 and Level-2 to createthe backup route.

Step 6 (Optional) Run the following command in the interface view:isis lfa-backup [ level-1 | level-2 | level-1-2 ] disable

The interface is disabled from participating in LFA calculation.

By default, an IS-IS interface can participate in LFA calculation.

During network deployment, to facilitate traffic management and fast determine the trafficforwarding path when the primary link fails, disable some interfaces from participating in LFAcalculation.

Step 7 Run:commit


----End

Checking the Configurationl Run the display isis route [ process-id | vpn-instance vpn-instance-name ] [ ipv4 ]

[ verbose | [ level-1 | level-2 ] | ip-address [ mask | mask-length ] ] * command to checkinformation about the primary link and backup link generated by IS-IS Auto FRR.

l Run the display isis spf-tree verbose command to check the traffic protection type of IS-IS Auto FRR.



224

5.12.2 Configuring Static BFD for IS-IS

ContextOn an IS-IS network, a device periodically sends Hello packets to detect the neighbor statuschange. By default, the device considers a neighbor Down when it does not receive a Hellopacket from the neighbor after sending three Hello packets (30 seconds). This IS-IS faultdetection mechanism, however, cannot provide high reliability for the network that requires fastnetwork convergence and no packet loss. BFD for IS-IS can solve this problem. BFD is amillisecond-level fault detection mechanism. It can detect faults on the link between IS-ISneighbors within 50 ms. Therefore, BFD can speed up IS-IS route convergence, ensures fast linkswitchover, and reduces traffic loss.

Compared to dynamic BFD, static BFD has the following characteristics:l Static BFD can be manually controlled and is easy to deploy. To save memory and ensure

reliability of key links, BFD can be deployed on specified links.l Establishing and deleting BFD sessions need to be manually triggered and lack flexibility.

Configuration errors may occur. For example, if an incorrect local or remote discriminatoris configured, a BFD session cannot work properly.

NOTE

A BFD session currently does not detect route switching. If the change of bound peer IP address causes aroute to switch to another link, the BFD session is negotiated again only when the original link fails.

Procedure



Step 2 Run:bfd

BFD is enabled globally.

Step 3 Run:quit


Step 4 Run:bfd cfg-name bind peer-ip ip-address [ interface interface-type interface-number ]

BFD is enabled between the specified interface and peer router.

If a peer IP address and a local interface are specified in the bfd command, BFD monitors onlya single-hop link with the interface specified in the bfd command as the outbound interface andwith the peer IP address specified in the peer-ip command as the next-hop address.

Step 5 Set discriminators.l Run:

discriminator local discr-value

A local discriminator is set.



225

l Run:discriminator remote discr-valueA remote discriminator is set.

The local discriminator of a device must be the remote discriminator of the device on the otherend; otherwise, a BFD session cannot be established. In addition, the local and remotediscriminators cannot be modified after being configured.

NOTE

The local discriminator of the local device must be the same as the remote discriminator of the remotedevice, and the remote discriminator of the local device must be the same as the local discriminator of theremote device.

Step 6 Run:quit



The view of the specified interface is displayed.

Step 8 Run:isis bfd static

Static IPv4 BFD is enabled on the specified interface.

Step 9 Run:commit


----End

Checking the ConfigurationYou can check information about a BFD session only after parameters of the BFD session areconfigured and the BFD session is established.

l Run the display isis [ process-id | vpn-instance vpn-instance-name ] bfd session { peerip-address | all } command to check information about the BFD session.

l Run the display isis interface verbose command. The command output shows that thestatus of static BFD for IS-IS process is Yes.

5.12.3 Configuring Dynamic BFD for IS-IS

ContextOn an IS-IS network, a device periodically sends Hello packets to detect the neighbor statuschange. By default, the device considers a neighbor Down when it does not receive a Hellopacket from the neighbor after sending three Hello packets (30 seconds). This IS-IS faultdetection mechanism, however, cannot provide high reliability for the network that requires fastnetwork convergence and no packet loss. BFD for IS-IS can solve this problem. BFD is amillisecond-level fault detection mechanism. It can detect faults on the link between IS-ISneighbors within 50 ms. Therefore, BFD can speed up IS-IS route convergence, ensures fast linkswitchover, and reduces traffic loss.



226

Dynamic BFD for IS-IS implements dynamic setup of BFD sessions. When a new IS-IS neighborrelationship is set up, BFD is notified of the neighbor parameters and the detection parameters(including source and destination IP addresses). Then a BFD session will be established basedon the received neighbor parameters.

Dynamic BFD is more flexible than static BFD. In dynamic BFD, routing protocols trigger thesetup of BFD sessions, preventing the configuration errors caused by manual configuration.Dynamic BFD is easy to configure and applies to the scenarios where BFD needs to be configuredon the entire network. Dynamic BFD for IS-IS can fast detect neighbor status changes andimplement fast network convergence.

NOTE

A BFD session currently does not detect route switching. If the change of bound peer IP address causes aroute to switch to another link, the BFD session is negotiated again only when the original link fails.The priority of BFD configured on an interface is higher than that of BFD configured for a process. If BFDsession parameters are configured for both a process and an interface, the parameters on the interface willbe used to establish a dynamic BFD session.

Procedurel Configure dynamic BFD for IS-IS in a specified IS-IS process.

1. Run:system-view


bfd


quit


isis process-id


bfd all-interfaces enable

BFD for IS-IS is enabled to establish a BFD session.

This command enables an IS-IS process to use default BFD parameters to create BFDsessions on all the interfaces in the IS-IS process.

6. (Optional) Run:bfd all-interfaces { min-rx-interval receive-interval | min-tx-interval transmit-interval | detect-multiplier multiplier-value | frr-binding } *

The parameters for establishing BFD sessions are set for all interfaces.

The command execution result is applicable to BFD session parameters on all IS-ISinterfaces.

7. (Optional) Run the following command in the interface view:isis bfd block

The interface is prohibited from dynamically establishing a BFD session.



227

By default, an interface can dynamically establish BFD sessions.8. Run:

commit


l Configure dynamic BFD for IS-IS on a specified interface.1. Run:

system-view


bfd


quit




isis bfd enable

BFD is enabled on the interface to establish a BFD session.

After BFD is configured globally and the neighbor status is Up (on a broadcastnetwork, DIS is in the Up state), default BFD parameters will be used to establishBFD sessions on the specified interface.

6. (Optional) Run:isis bfd { min-rx-interval receive-interval | min-tx-interval transmit-interval | detect-multiplier multiplier-value | frr-binding } *

Run this command when BFD session parameters need to be configured for a specifiedinterface.

7. (Optional) Run:isis bfd block

The interface is prohibited from dynamically establishing a BFD session.8. Run:

commit


----End


After BFD is enabled on both ends of a link, run the display isis [ process-id | vpn-instancevpn-instance-name ] bfd session { all | peer ip-address } command. The command output showsthat BFD status is up.



228

5.13 Configuring the Overload Bit for an IS-IS DeviceIf an IS-IS device needs to be temporarily isolated, configure the IS-IS device to enter theoverload state to prevent other devices from forwarding traffic to this IS-IS device and preventrouting black hole.


Before configuring the overload bit for an IS-IS device, complete the following task:


Procedure





Step 3 Run:set-overload [ on-startup [ timeout1 | start-from-nbr system-id [ timeout1 [ timeout2 ] ] | wait-for-bgp [ timeout1 ] ] ] [ allow { interlevel | external } * ]

The overload bit for non-pseudonode LSPs is configured.

Step 4 Run:commit


----End

Checking the Configurationl Run the display isis lsdb [ { level-1 | level-2 } | verbose | { local | lsp-id | is-name symbolic-

name } ] * [ process-id | vpn-instance vpn-instance-name ] command to check informationin the IS-IS LSDB.

5.14 Maintaining IS-ISMaintaining IS-IS includes resetting IS-IS, configuring IS-IS host name mapping, andconfiguring the Output of IS-IS Adjacency Status



229

5.14.1 Resetting IS-IS

ContextTo reset IS-IS, reset IS-IS data structure and neighbor relationship.

CAUTIONThe IS-IS data structure cannot be restored after you reset it. All the previous structureinformation and the neighbor relationship are reset. Exercise caution when running thiscommand.The specified IS-IS neighbor relationship is deleted after you reset a specified IS-IS neighbor.Exercise caution when running this command.

Procedurel Reset IS-IS data structure.

Run the reset isis all[ process-id | vpn-instance vpn-instance-name ] command to reset IS-IS data structure.

l Reset IS-IS neighbor relationship.

Run the reset isis peer system-id [ process-id | vpn-instance vpn-instance-name ] commandto reset a specific IS-IS neighbor.

After the IS-IS routing policy or the protocol changes, you can reset a specific IS-ISneighbor to validate the new configuration.

----End

5.14.2 Suppressing IS-IS

ContextBy suppressing IS-IS, you can disable an IS-IS process temporarily without affecting the IS-ISconfiguration.

Procedure




An IS-IS process is created, and the IS-IS view is displayed.

Step 3 Run:shutdown



230

The IS-IS process is disabled temporarily.

After the IS-IS process is disabled temporarily, you can still perform the IS-IS configuration butthe configuration does not take effect. You can run the undo shutdown command to cancel thesuppression.

Step 4 Run:commit


----End

5.14.3 Configuring IS-IS Host Name Mapping

ContextAfter IS-IS host name mapping is configured, the configured host name rather than the systemID is displayed in IS-IS information. This improves IS-IS network maintainability.


system-view



An IS-IS process is created and the IS-IS view is displayed.

Step 3 Configure IS-IS host name mapping.l Run:

is-name symbolic-nameIS-IS dynamic host name mapping is configured and a host name is configured for the localdevice.This configuration is dynamic configuration. Therefore, the configured host name symbolic-name is advertised through an LSP to other IS-IS devices in the same area. When you useIS-IS display commands to view IS-IS information on other IS-IS devices, the system ID ofthe local device is replaced by the configured host name.

l Run:is-name map system-id symbolic-nameIS-IS static host name mapping is configured and a host name is configured for the remotedevice.This configuration is static configuration and takes effect only on the local device. Therefore,the configured host name symbolic-name is not advertised through an LSP. If dynamic hostname mapping is configured on an IS-IS device, dynamic host name mapping takesprecedence over static host name mapping.

Step 4 Run:commit


----End



231

5.15 Configuration ExamplesThis section describes IS-IS configuration examples, including networking requirements,configuration roadmap, and configuration procedure.

5.15.1 Example for Configuring Basic IS-IS Functions

Networking RequirementsAs shown in Figure 5-1, there are four devices (SwitchA, SwitchB, SwitchC, and SwitchD) onthe network. The four devices need to communicate with each other. SwitchA and SwitchB canonly process a small amount of data because they have lower performance than the other twodevices.

Figure 5-1 Networking diagram of configuring basic IS-IS functions

10GE1/0/2VLANIF40

172.16.1.1/1610GE1/0/3VLAN30192.168.0.1/24

10GE1/0/1VLANIF30

192.168.0.2/24

SwitchDL2

IS-ISArea20

10GE1/0/1VLANIF1010.1.1.2/24

SwitchCL1/2

SwitchBL1

SwitchAL1

IS-ISArea10

10GE1/0/1VLANIF10

10.1.1.1/24

10GE1/0/2VLANIF20

10.1.2.1/24 10GE1/0/1VLANIF20

10.1.2.2/24


1. Enable IS-IS on each device so that the devices can be interconnected. Configure SwitchAand SwitchB as Level-1 devices to enable them to maintain less data.

Procedure

Step 1 Configure VLANs that each interface belongs to.<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~HUAWEI] commit[~SwitchA] vlan 10[~SwitchA-vlan10] quit



232

[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] port link-type trunk[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10[~SwitchA-10GE1/0/1] commit[~SwitchA-10GE1/0/1] quit

The configurations of SwitchB, SwitchC, and SwitchD are similar to the configuration ofSwitchA, and are not mentioned here.

Step 2 Assign the IP addresses for VLANIF interfaces.[~SwitchA] interface vlanif 10[~SwitchA-Vlanif10] ip address 10.1.1.2 24[~SwitchA-Vlanif10] commit[~SwitchA-Vlanif10] quit


Step 3 Configure basic IS-IS functions.


[~SwitchA] isis 1[~SwitchA-isis-1] is-level level-1[~SwitchA-isis-1] network-entity 10.0000.0000.0001.00[~SwitchA-isis-1] quit[~SwitchA] interface vlanif 10[~SwitchA-Vlanif10] isis enable 1[~SwitchA-Vlanif10] commit[~SwitchA-Vlanif10] quit


[~SwitchB] isis 1[~SwitchB-isis-1] is-level level-1[~SwitchB-isis-1] network-entity 10.0000.0000.0002.00[~SwitchB-isis-1] quit[~SwitchB] interface vlanif 10[~SwitchB-Vlanif10] isis enable 1[~SwitchA-Vlanif10] commit[~SwitchB-Vlanif10] quit


[~SwitchC] isis 1[~SwitchC-isis-1] network-entity 10.0000.0000.0003.00[~SwitchC-isis-1] quit[~SwitchC] interface vlanif 10[~SwitchC-Vlanif10] isis enable 1[~SwitchC-Vlanif10] quit[~SwitchC] interface vlanif 20[~SwitchC-Vlanif20] isis enable 1[~SwitchC-Vlanif20] quit[~SwitchC] interface vlanif 30[~SwitchC-Vlanif30] isis enable 1[~SwitchC-Vlanif30] commit[~SwitchC-Vlanif30] quit


[~SwitchD] isis 1[~SwitchD-isis-1] is-level level-2[~SwitchD-isis-1] network-entity 20.0000.0000.0004.00[~SwitchD-isis-1] quit[~SwitchD] interface vlanif 20[~SwitchD-Vlanif20] isis enable 1[~SwitchD-Vlanif20] quit[~SwitchD] interface vlanif 10[~SwitchD-Vlanif10] isis enable 1



233

[~SwitchD-Vlanif10] commit[~SwitchD-Vlanif10] quit

Step 4 Configure the authentication mode and password for SwitchA and SwitchC to authenticate Hellopackets.


[~SwitchA] interface vlanif 10[~SwitchA-Vlanif10] isis authentication-mode md5 huawei[~SwitchA-Vlanif10] commit[~SwitchA-Vlanif10] quit


[~SwitchC] interface vlanif 10[~SwitchC-Vlanif10] isis authentication-mode md5 huawei[~SwitchC-Vlanif10] commit[~SwitchC-Vlanif10] quit


# View the IS-IS LSDB information of each switch.

[~SwitchA] display isis lsdb Database information for ISIS(1) -------------------------------- Level-1 Link State DatabaseLSPID Seq Num Checksum Holdtime Length ATT/P/OL-------------------------------------------------------------------------------0000.0000.0001.00-00* 0x00000006 0xbf7d 649 68 0/0/00000.0000.0002.00-00 0x00000003 0xef4d 545 68 0/0/00000.0000.0003.00-00 0x00000008 0x3340 582 111 1/0/0Total LSP(s): 3 *(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload [~SwitchB] display isis lsdb Database information for ISIS(1) -------------------------------- Level-1 Link State DatabaseLSPID Seq Num Checksum Holdtime Length ATT/P/OL-------------------------------------------------------------------------------0000.0000.0001.00-00 0x00000006 0xbf7d 642 68 0/0/00000.0000.0002.00-00* 0x00000003 0xef4d 538 68 0/0/00000.0000.0003.00-00 0x00000008 0x3340 574 111 1/0/0Total LSP(s): 3 *(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload[~SwitchC] display isis lsdb Database information for ISIS(1) -------------------------------- Level-1 Link State DatabaseLSPID Seq Num Checksum Holdtime Length ATT/P/OL-------------------------------------------------------------------------------0000.0000.0001.00-00 0x00000006 0xbf7d 638 68 0/0/00000.0000.0002.00-00 0x00000003 0xef4d 533 68 0/0/00000.0000.0003.00-00* 0x00000008 0x3340 569 111 1/0/0Total LSP(s): 3 *(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload Level-2 Link State DatabaseLSPID Seq Num Checksum Holdtime Length ATT/P/OL-------------------------------------------------------------------------------0000.0000.0003.00-00* 0x00000008 0x55bb 650 100 0/0/00000.0000.0004.00-00 0x00000005 0x651 629 84 0/0/0Total LSP(s): 2 *(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload [~SwitchD] display isis lsdb



234

Database information for ISIS(1) -------------------------------- Level-2 Link State DatabaseLSPID Seq Num Checksum Holdtime Length ATT/P/OL-------------------------------------------------------------------------------0000.0000.0003.00-00 0x00000008 0x55bb 644 100 0/0/00000.0000.0004.00-00* 0x00000005 0x651 624 84 0/0/0Total LSP(s): 2 *(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload

# View the IS-IS routing information of each switch. The routing table of a Level-1 devicecontains a default route with the next hop as a Level-1-2 device. The routing table of a Level-2device contains all Level-1 and Level-2 routes.

[~SwitchA] display isis route Route information for ISIS(1) ----------------------------- ISIS(1) Level-1 Forwarding Table -------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags------------------------------------------------------------------------- 10.1.1.0/24 10 NULL Vlanif10 Direct D/-/L/-/- 10.1.2.0/24 20 NULL Vlanif10 10.1.1.1 A/-/-/-/- 192.168.0.0/24 20 NULL Vlanif10 10.1.1.1 A/-/-/-/- 0.0.0.0/0 10 NULL Vlanif10 10.1.1.1 A/-/-/-/- Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut, U-Up/Down Bit Set[~SwitchC] display isis route Route information for ISIS(1) ----------------------------- ISIS(1) Level-1 Forwarding Table -------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags------------------------------------------------------------------------- 10.1.1.0/24 10 NULL Vlanif10 Direct D/-/L/-/- 10.1.2.0/24 10 NULL Vlanif10 Direct D/-/L/-/- 192.168.0.0/24 10 NULL Vlanif10 Direct D/-/L/-/- Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut, U-Up/Down Bit Set ISIS(1) Level-2 Forwarding Table -------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags------------------------------------------------------------------------- 10.1.1.0/24 10 NULL - Direct D/-/L/-/- 10.1.2.0/24 10 NULL - Direct D/-/L/-/- 192.168.0.0/24 10 NULL - Direct D/-/L/-/- 172.16.0.0/16 20 NULL Vlanif30 192.168.0.2 A/-/-/-/- Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut, U-Up/Down Bit Set[~SwitchD] display isis route Route information for ISIS(1) ----------------------------- ISIS(1) Level-2 Forwarding Table -------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags-------------------------------------------------------------------------- 192.168.0.0/24 10 NULL Vlanif30 Direct D/-/L/-/- 10.1.1.0/24 20 NULL Vlanif30 192.168.0.1 A/-/-/-/- 10.1.2.0/24 20 NULL Vlanif30 192.168.0.1 A/-/-/-/- 172.16.0.0/16 10 NULL Vlanif20 Direct D/-/L/-/- Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut, U-Up/Down Bit Set

----End



235


# sysname SwitchA# vlan batch 10#isis 1 is-level level-1 network-entity 10.0000.0000.0001.00#interface Vlanif10 ip address 10.1.1.2 255.255.255.0 isis enable 1 isis authentication-mode md5 cipher %$%$mCq>5gS+rI*Hnl"\N"n3,sja%$%$#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#return

l Configuration file of SwitchB# sysname SwitchB# vlan batch 20#isis 1 is-level level-1 network-entity 10.0000.0000.0002.00#interface Vlanif20 ip address 10.1.2.2 255.255.255.0 isis enable 1#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 20#return

l Configuration file of SwitchC# sysname SwitchC# vlan batch 10 20 30#isis 1 network-entity 10.0000.0000.0003.00#interface Vlanif10 ip address 10.1.1.1 255.255.255.0 isis enable 1 isis authentication-mode md5 cipher %$%$xcT`05J];Ja`JG1aI~v&,(|s%$%$ #interface Vlanif20 ip address 10.1.2.1 255.255.255.0 isis enable 1#interface Vlanif30 ip address 192.168.0.1 255.255.255.0 isis enable 1#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2



236

port link-type trunk port trunk allow-pass vlan 20#interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 30#return

l Configuration file of SwitchD# sysname SwitchD# vlan batch 30 40#isis 1 is-level level-2 network-entity 20.0000.0000.0004.00#interface Vlanif30 ip address 192.168.0.2 255.255.255.0 isis enable 1#interface Vlanif40 ip address 172.16.1.1 255.255.255.0 isis enable 1#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 30#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 40#Return

5.15.2 Example for Configuring IS-IS DIS Election

Networking RequirementsIn Figure 5-2, four switches on the broadcast network communicate using IS-IS. SwitchA andSwitchB are Level-1-2 devices, SwitchC is a Level-1 device, and SwitchD is a Level-2 device.SwitchA with high performance needs to be configured as a Level-2 DIS.



237

Figure 5-2 Networking diagram of configuring IS-IS DIS election

SwitchAL1/L2

SwitchBL1/L2

SwitchCL1

SwitchDL2

10GE1/0/1VLANIF1010.1.1.1/24

10GE1/0/1VLANIF1010.1.1.2/24

10GE1/0/1VLANIF1010.1.1.3/24

10GE1/0/1VLANIF1010.1.1.4/24


1. Configure IS-IS to enable network interconnectivity.2. Set the DIS priority of SwitchA to 100 so that SwitchA can be elected as a Level-2 DIS.

Procedure

Step 1 Configure an IPv4 address for each interface. The configuration details are not described here.

Step 2 View the MAC address of the VLANIF interface on each switch. When each VLANIF interfacehas the same DIS priority, the switch with a larger interface MAC address is elected as the DIS.

# View the MAC address of VLANIF10 on SwitchA.

[~SwitchA] display arp interface vlanif 10IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN PVC-------------------------------------------------------------------------10.1.1.1 00e0-fc10-afec I Vlanif10-------------------------------------------------------------------------Total:1 Dynamic:0 Static:0 Interface:1

# View the MAC address of VLANIF10 on SwitchB.

[~SwitchB] display arp interface vlanif 10IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN PVC-------------------------------------------------------------------------10.1.1.2 00e0-fccd-acdf I Vlanif10-------------------------------------------------------------------------Total:1 Dynamic:0 Static:0 Interface:1

# View the MAC address of VLANIF10 on SwitchC.

[~SwitchC] display arp interface vlanif 10IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE



238

VLAN/CEVLAN PVC-------------------------------------------------------------------------10.1.1.3 00e0-fc50-25fe I Vlanif10-------------------------------------------------------------------------Total:1 Dynamic:0 Static:0 Interface:1

# View the MAC address of VLANIF10 on SwitchD.

[~SwitchD] display arp interface vlanif 10IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN PVC-------------------------------------------------------------------------10.1.1.4 00e0-fcfd-305c I Vlanif10-------------------------------------------------------------------------Total:1 Dynamic:0 Static:0 Interface:1

Step 3 Configure IS-IS protocol.


[~SwitchA] isis 1[~SwitchA-isis-1] network-entity 10.0000.0000.0001.00[~SwitchA-isis-1] quit[~SwitchA] interface vlanif 10[~SwitchA-Vlanif10] isis enable 1[~SwitchA-Vlanif10] commit[~SwitchA-Vlanif10] quit


[~SwitchB] isis 1[~SwitchB-isis-1] network-entity 10.0000.0000.0002.00[~SwitchB-isis-1] quit[~SwitchB] interface vlanif 10[~SwitchB-Vlanif10] isis enable 1[~SwitchB-Vlanif10] commit[~SwitchB-Vlanif10] quit


[~SwitchC] isis 1[~SwitchC-isis-1] network-entity 10.0000.0000.0003.00[~SwitchC-isis-1] is-level level-1[~SwitchC-isis-1] quit[~SwitchC] interface vlanif 10[~SwitchC-Vlanif10] isis enable 1[~SwitchC-Vlanif10] commit[~SwitchC-Vlanif10] quit


[~SwitchD] isis 1[~SwitchD-isis-1] network-entity 10.0000.0000.0004.00[~SwitchD-isis-1] is-level level-2[~SwitchD-isis-1] quit[~SwitchD] interface vlanif 10[~SwitchD-Vlanif10] isis enable 1[~SwitchD-Vlanif10] commit[~SwitchD-Vlanif10] quit

# Check IS-IS neighbor information on SwitchA.

[~SwitchA] display isis peer Peer information for ISIS(1) System Id Interface Circuit Id State HoldTime Type PRI-------------------------------------------------------------------------------0000.0000.0002 Vlanif10 0000.0000.0002.01 Up 9s L1(L1L2) 640000.0000.0003 Vlanif10 0000.0000.0002.01 Up 27s L1 640000.0000.0002 Vlanif10 0000.0000.0004.01 Up 28s L2(L1L2) 64



239

0000.0000.0004 Vlanif10 0000.0000.0004.01 Up 8s L2 64Total Peer(s): 4

# View IS-IS interface information on SwitchA.

[~SwitchA] display isis interface 1 Interface information for ISIS(1) --------------------------------- Interface Id IPV4.State IPV6.State MTU Type DIS Vlanif10 001 Up Mtu:Up/Lnk:Dn/IP:Dn 1497 L1/L2 No/No

# View IS-IS interface information on SwitchB.

[~SwitchB] display isis interface 1 Interface information for ISIS(1) --------------------------------- Interface Id IPV4.State IPV6.State MTU Type DIS Vlanif10 001 Up Mtu:Up/Lnk:Dn/IP:Dn 1497 L1/L2 Yes/No

# View IS-IS interface information on SwitchD.

[~SwitchD] display isis interface 1 Interface information for ISIS(1) --------------------------------- Interface Id IPV4.State IPV6.State MTU Type DIS Vlanif10 001 Up Mtu:Up/Lnk:Dn/IP:Dn 1497 L1/L2 No/Yes

As shown in the preceding interface information, when the default DIS priority is used, the IS-IS interface on SwitchB has the largest MAC address among all the interfaces on the Level-1Switchs. Therefore, SwitchB is elected as a Level-1 DIS. The IS-IS interface on SwitchD hasthe largest MAC address among all the interfaces on the Level-2 Switchs. Therefore, SwitchDis elected as a Level-2 DIS. Level-1 and Level-2 pseudonodes are 0000.0000.0002.01 and0000.0000.0004.01 respectively.

Step 4 Configure the DIS priority of SwitchA.[~SwitchA] interface vlanif 10[~SwitchA-Vlanif10] isis dis-priority 100[~SwitchA-Vlanif10] commit

# View IS-IS neighbor information on SwitchA.

[~SwitchA] display isis peer Peer information for ISIS(1) System Id Interface Circuit Id State HoldTime Type PRI -----------------------------------------------------------------------------0000.0000.0002 Vlanif10 0000.0000.0001.01 Up 21s L1(L1L2) 640000.0000.0003 Vlanif10 0000.0000.0001.01 Up 27s L1 640000.0000.0002 Vlanif10 0000.0000.0001.01 Up 28s L2(L1L2) 640000.0000.0004 Vlanif10 0000.0000.0001.01 Up 30s L2 64Total Peer(s): 4


# View IS-IS interface information on SwitchA.

[~SwitchA] display isis interface 1 Interface information for ISIS(1) --------------------------------- Interface Id IPV4.State IPV6.State MTU Type DIS Vlanif10 001 Up Mtu:Up/Lnk:Dn/IP:Dn 1497 L1/L2 Yes/Yes

As shown in the preceding information, after the DIS priority of the IS-IS interface on Switchis changed, SwitchA becomes a Level-1-2 DIS (DR) immediately and its pseudonode is0000.0000.0001.01.

# View IS-IS neighbor and interface information on SwitchB.



240

[~SwitchB] display isis peer Peer information for ISIS(1) System Id Interface Circuit Id State HoldTime Type PRI--------------------------------------------------------------------------------0000.0000.0001 Vlanif10 0000.0000.0001.01 Up 7s L1(L1L2) 1000000.0000.0003 Vlanif10 0000.0000.0001.01 Up 25s L1 640000.0000.0001 Vlanif10 0000.0000.0001.01 Up 7s L2(L1L2) 1000000.0000.0004 Vlanif10 0000.0000.0001.01 Up 25s L2 64Total Peer(s): 4 [~SwitchB] display isis interface 1 Interface information for ISIS(1) --------------------------------- Interface Id IPV4.State IPV6.State MTU Type DIS Vlanif10 1 Up Mtu:Up/Lnk:Dn/IP:Dn 1497 L1/L2 No/No

# View IS-IS neighbor and interface information on SwitchD.

[~SwitchD] display isis peer Peer information for ISIS(1) System Id Interface Circuit Id State HoldTime Type PRI-------------------------------------------------------------------------------0000.0000.0001 Vlanif10 0000.0000.0001.01 Up 9s L2 1000000.0000.0002 Vlanif10 0000.0000.0001.01 Up 28s L2 64Total Peer(s): 2[~SwitchD] display isis interface 1 Interface information for ISIS(1) --------------------------------- Interface Id IPV4.State IPV6.State MTU Type DIS Vlanif10 1 Up Mtu:Up/Lnk:Dn/IP:Dn 1497 L1/L2 No/No

----End


# sysname SwitchA# vlan batch 10#isis 1 network-entity 10.0000.0000.0001.00#interface Vlanif10 ip address 10.1.1.1 255.255.255.0 isis enable 1 isis dis-priority 100#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#return

l Configuration file of SwitchB# # sysname SwitchB# vlan batch 10#isis 1 network-entity 10.0000.0000.0002.00#interface Vlanif10 ip address 10.1.1.2 255.255.255.0 isis enable 1



241

#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#return

l Configuration file of SwitchC

# sysname SwitchC# vlan batch 10#isis 1 is-level level-1 network-entity 10.0000.0000.0003.00#interface Vlanif10 ip address 10.1.1.3 255.255.255.0 isis enable 1#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#return

l Configuration file of SwitchD# sysname SwitchD# vlan batch 10#isis 1 is-level level-2 network-entity 10.0000.0000.0004.00#interface Vlanif10 ip address 10.1.1.4 255.255.255.0 isis enable 1#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#return

5.15.3 Example for Configuring IS-IS to Interact with BGP

Networking RequirementsAs shown in Figure 5-3, Switch A and Switch B belong to the same AS, and the IS-IS neighborrelationship is established between Switch A and Switch B. An EBGP connection is establishedbetween Switch B and Switch C. Switch A, Switch B, and Switch C need to communicate witheach other. Besides, the metric of routes need to be changed when AS 65009 sends the routesto AS 65008.



242

Figure 5-3 Networking diagram of configuring IS-IS to interact with BGP

SwitchA SwitchB SwitchC

AS65008 AS65009

Loopback01.1.1.1/32

Loopback02.2.2.2/32

10GE1/0/1VLANIF1010.1.1.1/24

10GE1/0/1VLANIF1010.1.1.2/24

10GE1/0/2VLANIF2010.2.1.1/24

10GE1/0/1VLANIF2010.2.1.2/24


1. Configure IP addresses for interfaces, and enable IS-IS and BGP to ensure that there arereachable routes inside each AS.

2. Configure IS-IS and BGP to import routes from each other on Switch B to ensure that thereare routes on each network segment. Configure a route-policy to change the metric ofimported routes when IS-IS imports BGP routes.

Procedure

Step 1 Configure VLANs that each interface belongs to.<HUAWEI> system-view[~HUAWEI] sysname SwitchB[~HUAWEI] commit[~SwitchB] vlan batch 10 20[~SwitchB] interface 10ge 1/0/1[~SwitchB-10GE1/0/1] port link-type trunk[~SwitchB-10GE1/0/1] port trunk allow-pass vlan 10[~SwitchB-10GE1/0/1] quit[~SwitchB] interface 10ge 1/0/2[~SwitchB-10GE1/0/2] port link-type trunk[~SwitchB-10GE1/0/2] port trunk allow-pass vlan 20[~SwitchB-10GE1/0/2] quit[~SwitchB] commit

The configurations of SwitchA and SwitchC are similar to the configuration of SwitchA, andare not mentioned here.

Step 2 Assign the IP addresses for VLANIF interfaces.[~SwitchB] interface vlanif 10[~SwitchB-Vlanif10] ip address 10.1.1.2/24[~SwitchB-Vlanif10] quit[~SwitchB] interface vlanif 20[~SwitchB-Vlanif20] ip address 10.2.1.1/24[~SwitchB-Vlanif20] quit[~SwitchB] commit

The configurations of SwitchA and SwitchC are similar to the configuration of SwitchA, andare not mentioned here.



243



[~SwitchA] isis 1[~SwitchA-isis-1] network-entity 10.0000.0000.0001.00[~SwitchA-isis-1] quit[~SwitchA] interface vlanif 10[~SwitchA-Vlanif10] isis enable 1[~SwitchA-Vlanif10] quit[~SwitchA] commit


[~SwitchB] isis 1[~SwitchB-isis-1] network-entity 10.0000.0000.0002.00[~SwitchB-isis-1] quit[~SwitchB] interface vlanif 20[~SwitchB-Vlanif20] isis enable 1[~SwitchB-Vlanif20] quit[~SwitchB] commit

Step 4 Establish an EBGP connection.


[~SwitchB] bgp 65008[~SwitchB-bgp] router-id 1.1.1.1[~SwitchB-bgp] peer 10.2.1.2 as-number 65009[~SwitchB-bgp] ipv4-family unicast[~SwitchB-bgp-af-ipv4] network 10.2.1.0 255.255.255.0[~SwitchB-bgp-af-ipv4] commit

Configure SwitchC.

[~SwitchC] bgp 65009[~SwitchC-bgp] router-id 2.2.2.2[~SwitchC-bgp] peer 10.2.1.1 as-number 65008[~SwitchC-bgp] ipv4-family unicast[~SwitchC-bgp-af-ipv4] network 10.2.1.0 255.255.255.0[~Switchc-bgp-af-ipv4] commit

Step 5 Configure IS-IS to import BGP routes.

# Configure a static route on SwitchC.

[~SwitchC] ip route-static 200.1.1.1 32 NULL 0[~SwitchC] commit

# On SwitchC, configure BGP to import the static route.

[~SwitchC] bgp 65009[~SwitchC-bgp] import-route static[~SwitchC-bgp] quit[~SwitchC] commit

# On SwitchB, configure IS-IS to import the BGP route.

[~SwitchB] isis 1[~SwitchB-isis-1] import-route bgp[~SwitchB-isis-1] quit[~SwitchB] commit

# View the routing table of SwitchA, and you can see that IS-IS successfully imports BGP route200.1.1.1/32.

[~SwitchA] display ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------



244

Routing Tables: Public Destinations : 6 Routes : 6


10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif10 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.2/32 Direct 0 0 D 10.1.1.2 Vlanif10 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 200.1.1.1/32 ISIS-L2 15 74 D 10.1.1.2 Vlanif10

# On Switch B, configure the AS_Path filter, and apply the filter in route-policy RTC.

[~SwitchB] ip as-path-filter 1 permit 65009[~SwitchB] route-policy RTC permit node 0[~SwitchB-route-policy] if-match as-path-filter 1[~SwitchB-route-policy] apply cost 20[~SwitchB-route-policy] quit[~SwitchB] commit

# On SwitchB, configure IS-IS to import the BGP route.

[~SwitchB] isis 1[~SwitchB-isis-1] import-route bgp route-policy RTC[~SwitchB-isis-1] quit[~SwitchB] commit

# View the routing table of SwitchA, and you can see that the AS_Path filter is successfullyapplied and the cost of imported route 200.1.1.1/32 changes from 74 to 94.

[~SwitchA] display ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Tables: Public Destinations : 6 Routes : 6


10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif10 10.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif10 10.1.1.2/32 Direct 0 0 D 10.1.1.2 Vlanif10 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 200.1.1.1/32 ISIS-L2 15 94 D 10.1.1.2 Vlanif10

Step 6 Configure BGP to import IS-IS routes.[~SwitchB] bgp 65008[~SwitchB-bgp] import-route isis 1[~SwitchB-bgp] quit[~SwitchB] commit

# View the routing table of SwitchC, and you can see that BGP successfully imports IS-IS route10.1.1.0/24.

[~SwitchC] display ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7


10.1.1.0/24 EBGP 255 0 D 10.2.1.1 Vlanif20 10.2.1.0/24 Direct 0 0 D 10.2.1.2 Vlanif10 10.2.1.1/32 Direct 0 0 D 10.2.1.1 Vlanif20 10.2.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0



245

127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 200.1.1.1/32 Static 60 0 D 0.0.0.0 NULL0

----End


# sysname SwitchA#vlan batch 10#isis 1network-entity 10.0000.0000.0001.00#interface Vlanif10 ip address 10.1.1.1 255.255.255.0 isis enable 1#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10 #return

l Configuration file of SwitchB# sysname SwitchB#vlan batch 10 20#isis 1network-entity 10.0000.0000.0002.00 import-route bgp route-policy RTC#interface Vlanif10 ip address 10.1.1.2 255.255.255.0 isis enable 1#interface Vlanif20 ip address 10.2.1.1 255.255.255.0 isis enable 1#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10 #interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20 #interface LoopBack0 ip address 1.1.1.1 255.255.255.255#bgp 65008 router-id 1.1.1.1 peer 10.2.1.2 as-number 65009 # ipv4-family unicast undo synchronization network 10.2.1.0 255.255.255.0 import-route static import-route isis 1 peer 10.2.1.2 enable#route-policy RTC permit node 0 if-match as-path-filter 1



246

apply cost 20# ip as-path-filter 1 index 10 permit 65009#return

l Configuration file of SwitchC# sysname SwitchC# vlan batch 20#interface Vlanif20 ip address 10.2.1.2 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 20 #interface LoopBack0 ip address 2.2.2.2 255.255.255.255#bgp 65009 router-id 2.2.2.2 peer 10.2.1.1 as-number 65008 # ipv4-family unicast undo synchronization network 10.2.1.0 255.255.255.0 import-route static peer 10.2.1.1 enable# ip route-static 200.1.1.1 255.255.255.255 NULL0#return

5.15.4 Example for Configuring IS-IS Auto FRR

Networking RequirementsAs shown in Figure 5-4, four devices (Switch A, Switch B, Switch C, and Switch D)communicate using IS-IS. The reliability of data forwarding from Switch A to Switch D needsto be improved. When the primary link fails, traffic is transmitted to the backup link inmilliseconds.



247

Figure 5-4 Networking diagram of configuring IS-IS Auto FRR

SwitchCL1/2

SwitchBL1/2

SwitchAL1/2

SwitchDL1/2

cost

= 10

cost

= 10

cost = 30

10GE1/0/1VLANIF101.0.0.2/24

10GE1/0/1VLANIF101.0.0.1/24

10GE1/0/1VLANFI504.0.0.2/24

10GE1/0/2VLANIF303.0.0.2/24

10GE1/0/2VLANIF303.0.0.1/24

10GE1/0/2VLANIF504.0.0.1/24

10GE1/0/1VLANIF202.0.0.2/24

10GE1/0/2VLANIF202.0.0.1/24

cost = 10

10GE1/0/3VLANIF40100.1.1.1/24

cost = 10Link T


1. Set a larger link cost on GigabitEthernet1/0/2 of Switch A, and ensure that Link T ispreferentially selected for data forwarding from Switch A to Switch D.

2. Configure IS-IS Auto FRR on Switch A to allow traffic to be fast switched to the backuplink without waiting for route convergence when a fault occurs on Link T. This improvesthe reliability of data forwarding.

ProcedureStep 1 Configure VLANs that each interface belongs to.

<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~HUAWEI] commit[~SwitchA] vlan batch 10 20[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] port link-type trunk[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10[~SwitchA-10GE1/0/1] quit[~SwitchA] interface 10ge 1/0/2[~SwitchA-10GE1/0/2] port link-type trunk[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 20[~SwitchA-10GE1/0/2] quit[~SwitchA] commit


Step 2 Configure the IP addresses of each VLANIF interface.[~SwitchA] interface vlanif 10[~SwitchA-Vlanif10] ip address 10.0.0.1 24



248

[~SwitchA-Vlanif10] quit[~SwitchA] interface vlanif 20[~SwitchA-Vlanif20] ip address 2.0.0.1 24[~SwitchA-Vlanif20] quit[~SwitchA] commit




[~SwitchA] isis 1[~SwitchA-isis-1] is-level level-1-2[~SwitchA-isis-1] network-entity 10.0000.0000.0001.00[~SwitchA-isis-1] quit[~SwitchA] interface vlanif 10[~SwitchA-Vlanif10] isis enable 1[~SwitchA-Vlanif10] quit[~SwitchA] interface vlanif 20[~SwitchA-Vlanif20] isis enable 1[~SwitchA-Vlanif20] quit[~SwitchA] commit


[~SwitchB] isis 1[~SwitchB-isis-1] is-level level-1-2[~SwitchB-isis-1] network-entity 10.0000.0000.0002.00[~SwitchB-isis-1] quit[~SwitchB] interface vlanif 20[~SwitchB-Vlanif20] isis enable 1[~SwitchB-Vlanif20] quit[~SwitchB] interface vlanif 30[~SwitchB-Vlanif30] isis enable 1[~SwitchB-Vlanif30] quit[~SwitchB] commit


[~SwitchC] isis 1[~SwitchC-isis-1] is-level level-1-2[~SwitchC-isis-1] network-entity 10.0000.0000.0003.00[~SwitchC-isis-1] quit[~SwitchC] interface vlanif 10[~SwitchC-Vlanif10] isis enable 1[~SwitchC-Vlanif10] quit[~SwitchC] interface vlanif 50[~SwitchC-Vlanif50] isis enable 1[~SwitchC-Vlanif50] quit[~SwitchC] commit


[~SwitchD] isis 1[~SwitchD-isis-1] is-level level-1-2[~SwitchD-isis-1] network-entity 10.0000.0000.0004.00[~SwitchD-isis-1] quit[~SwitchD] interface vlanif 50[~SwitchD-Vlanif50] isis enable 1[~SwitchD-Vlanif50] quit[~SwitchD] interface vlanif 30[~SwitchD-Vlanif30] isis enable 1[~SwitchD-Vlanif30] quit[~SwitchD] interface vlanif 40[~SwitchD-Vlanif40] isis enable 1[~SwitchD-Vlanif40] quit[~SwitchD] commit



249

Step 4 Set the interface cost of VLANIF 20 on SwitchA to 30, and then check the routing information.

# Set the interface cost of VLANIF 20 on SwitchA to 30.

[~SwitchA] interface vlanif 20[~SwitchA-Vlanif20] isis cost 30[~SwitchA-Vlanif20] quit[~SwitchA] commit

# Check information about the link from SwitchA to SwitchD. Link T has a lower cost, and soIS-IS optimally selects Link T to send traffic that is forwarded by SwitchA.

<SwitchA> display isis route 100.1.1.1 verbose Route information for ISIS(1) ----------------------------- ISIS(1) Level-1 Forwarding Table -------------------------------- IPV4 Dest : 100.1.1.0/24 Int. Cost : 30 Ext. Cost : NULL Admin Tag : - Src Count : 1 Flags : A/-/L/- Priority : Low NextHop : Interface : ExitIndex : 1.0.0.2 Vlanif10 0x00000003 Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut, U-Up/Down Bit Set ISIS(1) Level-2 Forwarding Table -------------------------------- IPV4 Dest : 100.1.1.0/24 Int. Cost : 30 Ext. Cost : NULL Admin Tag : - Src Count : 3 Flags : -/-/-/- Priority : Low Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut, U-Up/Down Bit Set

# Run the display fib 100.1.1.1 verbose command on SwitchA to check the forwarding entryof traffic from SwitchA to SwitchD.

<SwitchA> display fib 100.1.1.1 verbose

Route Entry Count: 1 Destination: 100.1.1.0 Mask : 255.255.255.0 Nexthop : 1.0.0.2 OutIf : Vlanif10 LocalAddr : 1.0.0.1 LocalMask: 0.0.0.0 Flags : DGU Age : 26sec ATIndex : 0 Slot : 0 LspFwdFlag : 0 LspToken : 0x0 InLabel : NULL OriginAs : 0 BGPNextHop : 0.0.0.0 PeerAs : 0 QosInfo : 0x0 OriginQos: 0x0 NexthopBak : 0.0.0.0 OutIfBak : [~No Intf] LspTokenBak: 0x0 InLabelBak : NULL LspToken_ForInLabelBak : 0x0 EntryRefCount : 0 VlanId : 0x0 BgpKey : 0 BgpKeyBak : 0 LspType : 0 Label_ForLspTokenBak : 0 MplsMtu : 0 Gateway_ForLspTokenBak : 0.0.0.0 NextToken : 0x0 IfIndex_ForLspTokenBak : 0 Label_NextToken : 0 Label : 0 LspBfdState : 0



250

As shown in the command output, traffic from SwitchA to SwitchD is only forwarded throughLink T.

Step 5 Enable IS-IS Auto FRR on SwitchA, and then check the routing information.

# Enable IS-IS Auto FRR on SwitchA.

<SwitchA> isis[~SwitchA-isis-1] frr[~SwitchA-isis-1-frr] loop-free-alternate[~SwitchA-isis-1-frr] commit

# Check the routing information from SwitchA to SwitchD. You can find that IS-IS creates abackup link because IS-IS Auto FRR is enabled.

<SwitchA> display isis route 100.1.1.1 verbose Route information for ISIS(1) ----------------------------- ISIS(1) Level-1 Forwarding Table -------------------------------- IPV4 Dest : 100.1.1.0/24 Int. Cost : 30 Ext. Cost : NULL Admin Tag : - Src Count : 1 Flags : A/-/L/- Priority : Low NextHop : Interface : ExitIndex : 1.0.0.2 Vlanif10 0x00000003 (B)2.0.0.2 Vlanif20 0x00000004 Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut, U-Up/Down Bit Set ISIS(1) Level-2 Forwarding Table -------------------------------- IPV4 Dest : 100.1.1.0/24 Int. Cost : 30 Ext. Cost : NULL Admin Tag : - Src Count : 3 Flags : -/-/-/- Priority : Low Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut, U-Up/Down Bit Set

# Check the protection type for the traffic from SwitchA to SwitchD.

<SwitchA> display isis spf-tree systemid 0000.0000.0004 verbose Shortest Path Tree for ISIS(1) ------------------------------ ISIS(1) Level-1 Shortest Path Tree ---------------------------------- 0000.0000.0004.00 Distance : 20 Distance-URT : 20 Flags : SPT IPv4 Nexthops-URT : 1 (1) 1.0.0.2 IF:Vlanif10 NBR:0000.0000.0003.00 (B) 2.0.0.2 IF:Vlanif20 NBR:0000.0000.0002.00 TYPE:LOOP-FREE PROTECT:LINK-NODE IPv4 Nexthops-MIGP : 0 Neighbors: 2 (Children:1 Parents:1 Others:0) (1) 0000.0000.0003.02 Cost : 10 Flags : Parent (2) 0000.0000.0004.03



251

Cost : 10 Flags : Child ISIS(1) Level-2 Shortest Path Tree ---------------------------------- 0000.0000.0004.00 Distance : 20 Distance-URT : 20 Flags : SPT IPv4 Nexthops-URT : 1 (1) 1.0.0.2 IF:Vlanif10 NBR:0000.0000.0003.00 (B) 2.0.0.2 IF:Vlanif20 NBR:0000.0000.0002.00 TYPE:LOOP-FREE PROTECT:LINK-NODE IPv4 Nexthops-MIGP : 0 Neighbors: 2 (Children:1 Parents:1 Others:0) (1) 0000.0000.0003.02 Cost : 10 Flags : Parent (2) 0000.0000.0004.03 Cost : 10 Flags : Child

As shown in the preceding command output, link-node dual protection is performed on the trafficfrom SwitchA to SwitchD.

# Run the display fib 100.1.1.1 verbose command on SwitchA to check the forwarding entryof traffic from SwitchA to SwitchD.<SwitchA> display fib 100.1.1.1 verbose Route Entry Count: 1 Destination: 100.1.1.0 Mask : 255.255.255.0 Nexthop : 1.0.0.2 OutIf : Vlanif10 LocalAddr : 1.0.0.1 LocalMask: 0.0.0.0 Flags : DGU Age : 6sec ATIndex : 0 Slot : 0 LspFwdFlag : 0 LspToken : 0x0 InLabel : NULL OriginAs : 0 BGPNextHop : 0.0.0.0 PeerAs : 0 QosInfo : 0x0 OriginQos: 0x0 NexthopBak : 2.0.0.2 OutIfBak : Vlanif20 LspTokenBak: 0x0 InLabelBak : NULL LspToken_ForInLabelBak : 0x0 EntryRefCount : 0 VlanId : 0x0 BgpKey : 0 BgpKeyBak : 0 LspType : 0 Label_ForLspTokenBak : 0 MplsMtu : 0 Gateway_ForLspTokenBak : 0.0.0.0 NextToken : 0x0 IfIndex_ForLspTokenBak : 0 Label_NextToken : 0 Label : 0 LspBfdState : 0

As shown in the command output, the outbound interface of the primary link from SwitchA toSwitchD is Vlanif10. The backup link follows the route with Vlanif20 as the outbound interfaceand 2.0.0.2 as the next hop.


# Run the shutdown command on Vlanif50 of SwitchC to shut down the link.[~SwitchC] interface vlanif 50[~SwitchC-Vlanif50] shutdown[~SwitchC-Vlanif50] commit

# Run the display fib 100.1.1.1 verbose command on SwitchA to check information about theroute from SwitchA to SwitchD.



252

<SwitchA> display fib 100.1.1.1 verbose Route Entry Count: 1 Destination: 100.1.1.0 Mask : 255.255.255.0 Nexthop : 2.0.0.2 OutIf : Vlanif20 LocalAddr : 2.0.0.1 LocalMask: 0.0.0.0 Flags : DGU Age : 124sec ATIndex : 0 Slot : 0 LspFwdFlag : 0 LspToken : 0x0 InLabel : NULL OriginAs : 0 BGPNextHop : 0.0.0.0 PeerAs : 0 QosInfo : 0x0 OriginQos: 0x0 NexthopBak : 0.0.0.0 OutIfBak : [~No Intf] LspTokenBak: 0x0 InLabelBak : NULL LspToken_ForInLabelBak : 0x0 EntryRefCount : 0 VlanId : 0x0 BgpKey : 0 BgpKeyBak : 0 LspType : 0 Label_ForLspTokenBak : 0 MplsMtu : 0 Gateway_ForLspTokenBak : 0.0.0.0 NextToken : 0x0 IfIndex_ForLspTokenBak : 0 Label_NextToken : 0 Label : 0 LspBfdState : 0

As shown in the command output, the traffic forwarded by the SwitchA is switched to the backuplink with outbound interface Vlanif20 and next hop 2.0.0.2.

----End


# sysname SwitchA#vlan batch 10 20#isis 1 frr loop-free-alternate level-1 loop-free-alternate level-2 network-entity 10.0000.0000.0001.00#interface Vlanif10 ip address 1.0.0.1 255.255.255.0 isis enable 1#interface Vlanif20 ip address 2.0.0.1 255.255.255.0 isis enable 1 isis cost 30#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10 #interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20 #return

l Configuration file of SwitchB# sysname SwitchB#vlan batch 20 30



253

#isis 1 network-entity 10.0000.0000.0002.00#interface Vlanif20 ip address 2.0.0.2 255.255.255.0 isis enable 1#interface Vlanif30 ip address 3.0.0.1 255.255.255.0 isis enable 1#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 20 #interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 30 #return

l Configuration file of SwitchC# sysname SwitchC#vlan batch 10 50#isis 1 network-entity 10.0000.0000.0003.00#interface Vlanif10 ip address 1.0.0.2 255.255.255.0 isis enable 1#interface Vlanif50 shutdown ip address 4.0.0.1 255.255.255.0 isis enable 1#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10 #interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 50 #return

l Configuration file of SwitchD# sysname SwitchD#vlan batch 30 40 50#isis 1 network-entity 10.0000.0000.0004.00#interface Vlanif50 ip address 4.0.0.2 255.255.255.0 isis enable 1#interface Vlanif30 ip address 3.0.0.2 255.255.255.0 isis enable 1#interface Vlanif40 ip address 100.1.1.1 255.255.255.0



254

isis enable 1#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 50 #interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 30 #interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 40 #return

5.15.5 Example for Configuring Static BFD for IS-IS

Networking RequirementsAs shown in Figure 5-5, three routers are interconnected using IS-IS, and RouterA and RouterBcommunicate with each other through a Layer 2 switch. When a link between RouterA andRouterB fails, the two routers can respond to the fault rapidly.

Figure 5-5 Networking diagram of configuring static BFD for IS-IS

SwitchA SwitchB SwitchC

10GE1/0/1VLANIF10100.1.1.1/24

10GE1/0/1VLANIF10

100.1.1.2/24

10GE1/0/2VLANIF20100.2.1.1/24

10GE1/0/1VLANIF20

100.2.1.2/24

NOTE

BFD for IS-IS cannot be used to detect the multi-hop link between RouterA and RouterC, because the IS-IS neighbor relationship cannot be established between RouterA and RouterC.


1. Configure IP addresses for interfaces and enable IS-IS on each router to ensure reachableroutes between the routers.

2. Enable static BFD for IS-IS on RouterA and RouterB so that routers can rapidly detect linkfaults.

Procedure

Step 1 Configure VLANs that each interface belongs to.<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~HUAWEI] commit[~SwitchA] vlan batch 10[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] port link-type trunk



255

[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10[~SwitchA-10GE1/0/1] quit[~SwitchA] commit


Step 2 Assign the IP addresses for VLANIF interfaces.[~SwitchA] interface vlanif 10[~SwitchA-Vlanif10] ip address 100.1.1.1 24[~SwitchA-Vlanif10] quit[~SwitchA] commit




[~SwitchA] isis 1[~SwitchA-isis-1] is-level level-2[~SwitchA-isis-1] network-entity aa.1111.1111.1111.00[~SwitchA-isis-1] quit[~SwitchA] interface vlanif 10[~SwitchA-Vlanif10] isis enable 1[~SwitchA-Vlanif10] quit[~SwitchA] commit


[~SwitchB] isis 1[~SwitchB-isis-1] is-level level-2[~SwitchB-isis-1] network-entity aa.2222.2222.2222.00[~SwitchB-isis-1] quit[~SwitchB] interface vlanif 10[~SwitchB-Vlanif10] isis enable 1[~SwitchB-Vlanif10] quit[~SwitchB] interface vlanif 20[~SwitchB-Vlanif20] isis enable 1[~SwitchB-Vlanif20] quit[~SwitchB] commit


[~SwitchC] isis 1[~SwitchC-isis-1] is-level level-2[~SwitchC-isis-1] network-entity aa.3333.3333.3333.00[~SwitchC-isis-1] quit[~SwitchC] interface vlanif 20[~SwitchC-Vlanif20] isis enable 1[~SwitchC-Vlanif20] quit[~SwitchC] commit

# After the preceding configurations, you can see that the neighbor relationship is establishedbetween SwitchA and SwitchB.

[~SwitchA] display isis peer Peer information for ISIS(1) ---------------------------- System Id Interface Circuit Id State HoldTime Type PRI2222.2222.2222 Vlanif10 0000000001 Up 23s L2 64

The IS-IS routing table of SwitchA contains the routes to SwitchB and SwitchC.

[~SwitchA] display isis route Route information for ISIS(1) -----------------------------



256

ISIS(1) Level-2 Forwarding Table -------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags------------------------------------------------------------------------- 100.1.1.0/24 10 NULL Vlanif10 Direct D/-/L/- 100.2.1.0/24 20 NULL Vlanif10 100.1.1.2 A/-/L/- Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut, U-Up/Down Bit Set

Step 4 Configure BFD.

# Enable BFD on SwitchA and configure a BFD session.[~SwitchA] bfd[~SwitchA-bfd] quit[~SwitchA] bfd atob bind peer-ip 100.1.1.2 interface vlanif 10[~SwitchA-bfd-session-atob] discriminator local 1[~SwitchA-bfd-session-atob] discriminator remote 2[~SwitchA-bfd-session-atob] commit[~SwitchA-bfd-session-atob] quit[~SwitchA] commit

# Enable BFD on SwitchA and configure a BFD session.[~SwitchB] bfd[~SwitchB-bfd] quit[~SwitchB] bfd btoa bind peer-ip 100.1.1.1 interface vlanif 10[~SwitchB-bfd-session-btoa] discriminator local 2[~SwitchB-bfd-session-btoa] discriminator remote 1[~SwitchB-bfd-session-btoa] quit[~SwitchB] commit

After the preceding configurations, run the display bfd session command on SwitchA orSwitchB, and you can see that the status of the BFD session is Up.

The following uses the display on SwitchA as an example.[~SwitchA] display bfd session all------------------------------------------------------------------------Local Remote PeerIpAddr State Type InterfaceName------------------------------------------------------------------------1 2 100.1.1.2 Up S_IP_IF Vlanif10 ------------------------------------------------------------------------ Total UP/DOWN Session Number : 1/0

Step 5 Enable IS-IS fast detect.

# Configure SwitchA.[~SwitchA] interface vlanif 10[~SwitchA-Vlanif10] isis bfd static[~SwitchA-Vlanif10] quit[~SwitchA] commit

# Configure SwitchB.[~SwitchB] interface Vlanif 10[~SwitchB-Vlanif10] isis bfd static[~SwitchB-Vlanif10] quit[~SwitchB] commit


# Enable debugging on SwitchA.<SwitchA> debugging isis adjacency<SwitchA> debugging isis circuit-information<SwitchA> terminal debugging

# Run the shutdown command on 10GE1/0/1 of SwitchB to simulate a link fault.



257

[~~SwitchB-10GE1/0/1] shutdown[~~SwitchB-10GE1/0/1] commit

# On SwitchA, you can view the following log information, which indicates that IS-IS deletesthe neighbor relationship with SwitchB after being notified by BFD of the fault.

#80/active/IsisAdjacencyChange/Major/occurredTime:2011-03-09 04:17:07/-/-/alarmID:0x08960007/VS=0:ISIS adjacency state change. (SysInstance=1, SysLevel=1, CircIndex=2, CircIfIndex=20, LspId=2222.2222.2222.00.00, AdjState=1, IfIndex=20, IfName=GE1/0/1, Reason=BFD detected that the neighbor went Down, SubReason=14)

----End


# sysname SwitchA# vlan batch 10# info-center source BFD channel 1 log level debugging#bfd#isis 1 is-level level-2 network-entity aa.1111.1111.1111.00#interface Vlanif10 ip address 100.1.1.1 255.255.255.0 isis enable 1 isis bfd static#bfd atob bind peer-ip 100.1.1.2 interface Vlanif10 discriminator local 1 discriminator remote 2#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10 #return

l Configuration file of SwitchB# sysname SwitchB# vlan batch 10 20#bfd#isis 1 is-level level-2 network-entity aa.2222.2222.2222.00#interface Vlanif10 ip address 100.1.1.2 255.255.255.0 isis enable 1 isis bfd static shutdown#interface Vlanif20 ip address 100.2.1.1 255.255.255.0 isis enable 1#bfd btoa bind peer-ip 100.1.1.1 interface Vlanif10 discriminator local 2



258

discriminator remote 1#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10 #interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20 #return

l Configuration file of SwitchC# sysname SwitchC# vlan batch 20#isis 1 is-level level-2 network-entity aa.3333.3333.3333.00#interface Vlanif20 ip address 100.2.1.2 255.255.255.0 isis enable 1#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 20#return

5.15.6 Example for Configuring Dynamic BFD for IS-IS

Networking RequirementsAs shown in Figure 5-6, three devices are interconnected using IS-IS, and Switch A and SwitchB communicate with each other through a Layer 2 switch. When the link that passes through theswitch between Switch A and Switch B fails, the two devices need to rapidly respond to thefault, and traffic can be switched to the link that passes through Switch C for forwarding.

Figure 5-6 Networking diagram of configuring dynamic BFD for IS-IS

SwitchA SwitchB

SwitchC

10GE1/0/2VLANIF203.3.3.1/24

10GE1/0/2VLANIF203.3.3.2/24

10GE1/0/3VLANIF40

172.16.1.1/24

10GE1/0/1VLANIF101.1.1.1/24

10GE1/0/1VLANIF101.1.1.2/24

10GE1/0/1VLANIF302.2.2.2/24

10GE1/0/2VLANIF302.2.2.1/24



259


1. Configure IP addresses for interfaces and enable IS-IS on each device to ensure reachableroutes between the devices.

2. Set the IS-IS interface cost to control route selection of the devices to make the link thatpasses through the switch from Switch A to Switch B as the primary link and the link thatpasses through Switch C as the backup link.

3. Configure dynamic BFD for IS-IS on Switch A, Switch B, and Switch C so that link faultscan be detected rapidly and traffic can be switched to the backup link for forwarding.

Procedure

Step 1 Configure VLANs that each interface belongs to.<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~HUAWEI] commit[~SwitchA] vlan batch 10 20[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] port link-type trunk[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10[~SwitchA-10GE1/0/1] quit[~SwitchA] interface 10ge 1/0/2[~SwitchA-10GE1/0/2] port link-type trunk[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 20[~SwitchA-10GE1/0/2] quit[~SwitchA-10GE1/0/2] commit


Step 2 Assign the IP addresses for VLANIF interfaces.[~SwitchA] interface vlanif 10[~SwitchA-Vlanif10] ip address 1.1.1.1 24[~SwitchA-Vlanif10] quit[~SwitchA] interface vlanif 20[~SwitchA-Vlanif20] ip address 3.3.3.1 24[~SwitchA-Vlanif20] quit[~SwitchA-Vlanif20] commit




[~SwitchA] isis[~SwitchA-isis-1] is-level level-2[~SwitchA-isis-1] network-entity 10.0000.0000.0001.00[~SwitchA-isis-1] quit[~SwitchA] interface vlanif 10[~SwitchA-Vlanif10] isis enable 1[~SwitchA-Vlanif10] quit[~SwitchA] interface vlanif 20[~SwitchA-Vlanif20] isis enable 1[~SwitchA-Vlanif20] commit[~SwitchA-Vlanif20] quit


[~SwitchB] isis



260

[~SwitchB-isis-1] is-level level-2[~SwitchB-isis-1] network-entity 10.0000.0000.0002.00[~SwitchB-isis-1] quit[~SwitchB] interface vlanif 30[~SwitchB-Vlanif30] isis enable 1[~SwitchB-Vlanif30] quit[~SwitchB] interface vlanif 20[~SwitchB-Vlanif20] isis enable 1[~SwitchB-Vlanif20] quit[~SwitchB] interface vlanif 40[~SwitchB-Vlanif40] isis enable 1[~SwitchB-Vlanif40] commit[~SwitchB-Vlanif40] quit


[~SwitchC] isis[~SwitchC-isis-1] is-level level-2[~SwitchC-isis-1] network-entity 10.0000.0000.0003.00[~SwitchC-isis-1] quit[~SwitchC] interface vlanif 10[~SwitchC-Vlanif10] isis enable 1[~SwitchC-Vlanif10] quit[~SwitchC] interface vlanif 30[~SwitchC-Vlanif30] isis enable 1[~SwitchC-Vlanif30] commit[~SwitchC-10GE1/0/2] quit

# After the preceding configurations, run the display isis peer command. You can see that theneighbor relationships are established between SwitchA and SwitchB, and between SwitchAand SwitchC. The following uses the configuration of SwitchA as an example.

[~SwitchA] display isis peer Peer information for ISIS(1) System Id Interface Circuit Id State HoldTime Type PRI-------------------------------------------------------------------------------0000.0000.0002 Vlanif20 0000.0000.0002.01 Up 9s L2 640000.0000.0003 Vlanif10 0000.0000.0001.02 Up 21s L2 64Total Peer(s): 2

# switchs learn routes from each other. The following uses the routing table of SwitchA as anexample.

[~SwitchA] display ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Tables: _public_ Destinations : 8 Routes : 9Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.0/24 Direct 0 0 D 1.1.1.1 Vlanif10 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.0/24 ISIS 15 20 D 1.1.1.2 Vlanif10 3.3.3.0/24 Direct 0 0 D 3.3.3.1 Vlanif10 3.3.3.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.16.1.0/24 ISIS 15 20 D 3.3.3.2 Vlanif20

As shown in the routing table, the next-hop address of the route to 172.16.1.0/24 is 3.3.3.2, andtraffic is transmitted on the primary link SwitchA→SwitchB.

Step 4 Set the interface cost.


[~SwitchA] interface vlanif 20[~SwitchA-Vlanif20] isis cost 5[~SwitchA-Vlanif20] commit



261

[~SwitchA-Vlanif20] quit


[~SwitchB] interface vlanif 20[~SwitchB-Vlanif20] isis cost 5[~SwitchB-Vlanif20] commit[~SwitchB-Vlanif20] quit

Step 5 Configure BFD for IS-IS processes.

# Enable BFD for IS-IS on SwitchA.

[~SwitchA] bfd[~SwitchA-bfd] quit[~SwitchA] isis[~SwitchA-isis-1] bfd all-interfaces enable[~SwitchA-isis-1] commit[~SwitchA-isis-1] quit

# Enable BFD for IS-IS on SwitchB.

[~SwitchB] bfd[~SwitchB-bfd] quit[~SwitchB] isis[~SwitchB-isis-1] bfd all-interfaces enable[~SwitchB-isis-1] commit[~SwitchB-isis-1] quit

# Enable BFD for IS-IS on SwitchC.

[~SwitchC] bfd[~SwitchC-bfd] quit[~SwitchC] isis[~SwitchC-isis-1] bfd all-interfaces enable[~SwitchC-isis-1] commit[~SwitchC-isis-1] quit

# After the preceding configurations, run the display isis bfd session all command on SwitchA,SwitchB, and SwitchC. You can see that the BFD session status is Up.

The following uses the display on SwitchA as an example.

[~SwitchA] display isis bfd session all BFD session information for ISIS(1) -----------------------------------Peer System ID : 0000.0000.0002 Interface : Vlanif20TX : 10 BFD State : up Peer IP Address : 3.3.3.2RX : 10 LocDis : 16385 Local IP Address: 3.3.3.1Multiplier : 3 RemDis : 16388 Type : L2Diag : No diagnostic information

Peer System ID : 0000.0000.0003 Interface : Vlanif10TX : 10 BFD State : up Peer IP Address : 1.1.1.2RX : 10 LocDis : 16386 Local IP Address: 1.1.1.1Multiplier : 3 RemDis : 16387 Type : L2Diag : No diagnostic information

Total BFD session(s): 2

As shown in the preceding display, the status of the BFD session between SwitchA andSwitchB and that between SwitchA and SwitchC is Up.

Step 6 Configure BFD for IS-IS interfaces.

# Configure BFD on VLANIF 20 of SwitchA, set the minimum interval for sending packets to100 ms, the minimum interval for receiving packets to 100 ms, and the local detection multiplierto 4.



262

[~SwitchA] interface vlanif 20[~SwitchA-Vlanif20] isis bfd enable[~SwitchA-Vlanif20] isis bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier 4[~SwitchA-Vlanif20] commit[~SwitchA-Vlanif20] quit

# Configure BFD on VLANIF 20 of SwitchB, set the minimum interval for sending packets to100 ms, the minimum interval for receiving packets to 100 ms, and the local detection multiplierto 4.

[~SwitchB] interface vlanif 20[~SwitchB-Vlanif20] isis bfd enable[~SwitchB-Vlanif20] isis bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier 4[~SwitchB-Vlanif20] commit[~SwitchB-Vlanif20] quit

# After the preceding configurations, run the display isis bfd session all command on SwitchAor SwitchB. You can see that the BFD parameters have taken effect. The following uses thedisplay on SwitchB as an example.

[~SwitchB] display isis bfd session all BFD session information for ISIS(1) -----------------------------------Peer System ID : 0000.0000.0001 Interface : Vlanif20TX : 100 BFD State : up Peer IP Address : 3.3.3.1RX : 100 LocDis : 16385 Local IP Address: 3.3.3.2Multiplier : 4 RemDis : 16385 Type : L2Diag : No diagnostic information

Peer System ID : 0000.0000.0003 Interface : Vlanif30TX : 10 BFD State : up Peer IP Address : 2.2.2.1RX : 10 LocDis : 16385 Local IP Address: 2.2.2.2Multiplier : 4 RemDis : 16385 Type : L2Diag : No diagnostic information


Step 7 # Run the shutdown command on GigabitEthernet1/0/2 of SwitchB to simulate a primary linkfailure.[~SwitchB] interface 10ge 1/0/2[~SwitchB-10GE1/0/2] shutdown[~SwitchB-10GE1/0/2] commit


# View the routing table of SwitchA.

[~SwitchA] display ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Table : _public_ Destinations : 9 Routes : 9


1.1.1.0/24 Direct 0 0 D 1.1.1.1 Vlanif10 1.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif10 1.1.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif10 2.2.2.0/24 ISIS 15 20 D 1.1.1.2 Vlanif10 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.16.1.0/24 ISIS 15 30 D 1.1.1.2 Vlanif10255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0



263

As shown in the routing table, the backup link SwitchA→SwitchC→SwitchB takes effect afterthe primary link fails, and the next-hop address of the route to 172.16.1.0/24 becomes 1.1.1.2.

# Run the display isis bfd session all command SwitchA. You can see that the status of the BFDsession between SwitchA and SwitchC is Up.

[~SwitchA] display isis bfd session all BFD session information for ISIS(1) -----------------------------------Peer System ID : 0000.0000.0003 Interface : Vlanif10TX : 10 BFD State : up Peer IP Address : 1.1.1.2RX : 10 LocDis : 16385 Local IP Address: 1.1.1.1Multiplier : 3 RemDis : 16388 Type : L2Diag : No diagnostic information


----End


# sysname SwitchA# vlan batch 10 20# bfd#isis 1 is-level level-2 bfd all-interfaces enable network-entity 10.0000.0000.0001.00#interface Vlanif10 ip address 1.1.1.1 255.255.255.0 isis enable 1#interface Vlanif20 ip address 3.3.3.1 255.255.255.0 isis enable 1 isis cost 5 isis bfd enable isis bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier 4#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10 #interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20 #return

l Configuration file of SwitchB# sysname SwitchB# vlan batch 20 30 40# bfd#isis 1 is-level level-2 bfd all-interfaces enable network-entity 10.0000.0000.0002.00



264

#interface Vlanif20 ip address 3.3.3.2 255.255.255.0 isis enable 1 isis cost 5 isis bfd enable isis bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier 4#interface Vlanif30 ip address 2.2.2.2 255.255.255.0 isis enable 1#interface Vlanif40 ip address 172.16.1.1 255.255.255.0 isis enable 1#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 30 #interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20 #interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 40 #return

l Configuration file of SwitchC# sysname SwitchC# vlan batch 10 30# bfd#isis 1 is-level level-2 bfd all-interfaces enable network-entity 10.0000.0000.0003.00#interface Vlanif10 ip address 1.1.1.2 255.255.255.0 isis enable 1#interface Vlanif30 ip address 2.2.2.1 255.255.255.0 isis enable 1#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10 #interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 30 #return

5.16 Common Configuration ErrorsThis section describes common faults caused by incorrect IS-IS configurations and provides thetroubleshooting procedure.



265

5.16.1 Failed to Establish IS-IS Neighbor Relationships

Fault Symptom

IS-IS neighbor relationship fails to be established when the link is working properly.

Procedure

Step 1 Check whether devices on both ends of the link have the matching IS-IS levels.l Run the display current-configuration configuration isis | include is-level command to

check the level configurations of IS-IS processes on both ends.l Run the display current-configuration interface interface-type interface-number | include

isis circuit-level command to check the IS-IS level configuration of the specified interface.

IS-IS neighbor relationship can be established when IS-IS interfaces on both ends of the linkhave the matching IS-IS levels.

NOTE

If you cannot view the IS-IS level of an interface using the display current-configuration interfaceinterface-type interface-number | include isis circuit-level command, the interface uses the default IS-ISlevel. To view the default IS-IS level, run the display default-parameter isis command to check theCircuit-Level field.

Requirements on the IS-IS levels of interfaces on both ends of a link are as follows:

l If the IS-IS level of the local interface is Level-1, the IS-IS level of the remote interface must beLevel-1 or Level-1-2.

l If the IS-IS level of the local interface is Level-2, the IS-IS level of the remote interface must beLevel-2 or Level-1-2.

l If the IS-IS level of the local interface is Level-1-2, the IS-IS level of the remote interface can beLevel-1, Level-2, or Level-1-2.

If the IS-IS levels of interfaces on both ends of a link do not match, perform either of the followingoperations to change the IS-IS level:l Run the is-level command in the IS-IS view to change the global IS-IS level.l Run the isis circuit-level command in the interface view to change the interface IS-IS level.

Step 2 Check whether devices on both ends of the link have the matching area addresses.

Run the display current-configuration configuration isis command to check area addressinformation.

NOTE

If IS-IS Level-1 neighbor relationship needs to be established between devices on both ends, ensure thatthe two devices reside in the same area.

A maximum of three area addresses can be configured for an IS-IS process. Devices on both ends canestablish IS-IS Level-1 neighbor relationship when the two devices have a same area address.

When IS-IS Level-2 neighbor relationship needs to established between the two devices, the two devicescan have the same or different area addresses.

If the area addresses of the two devices are different, run the network-entity command in theIS-IS view to set the same area address for the two devices.

Step 3 Check whether devices on both ends of the link have the authentication mode.



266

Run the display current-configuration interface interface-type interface-number | include isisauthentication-mode command to check the IS-IS authentication modes of the interfaces onboth ends of the link.

If the two interfaces use different authentication modes, run the isis authentication-modecommand in the view of one interface to ensure that this interface has the same authenticationmode and password as the other interface.

Step 4 Run:commit


----End

5.16.2 A Device Cannot Learn IS-IS Routes from Its Neighbor

Fault SymptomA device cannot learn IS-IS routes from its neighbor when its link is working properly.

Procedure

Step 1 Check whether IS-IS neighbor relationship has been established between the device and itsneighbor.Run the display isis peer command on each device on the link to check whether IS-IS neighborrelationship has been established.

If IS-IS neighbor relationship is not established, rectify the fault according to 5.16.1 Failed toEstablish IS-IS Neighbor Relationships.

Step 2 Check whether the IS-IS routing table of the device is correct.

Run the display isis route command on the device to check the IS-IS routing table.

1. If the IS-IS routing table contains specified routes, run the display ip routing-table ip-address [ mask | mask-length ] verbose command to check whether the IP routing tablecontains routes with higher protocol preference than IS-IS routes.

NOTE

If the State field of a route displays Active Adv, the route is active. If there are routes that have thesame prefix but are discovered by different routing protocols, routes with higher protocol preferenceare preferred as active routes.

2. If the IP routing table contains routes with higher protocol preference than IS-IS routes,modify the configuration based on network planning.

Step 3 Check whether the device and its neighbor have the matching IS-IS cost style.Run the display current-configuration configuration isis command on the device and itsneighbor to check the IS-IS cost style.



267

NOTE

The device can learn IS-IS routes from its neighbor when it has the same IS-IS cost style as its neighbor.

The IS-IS cost style of a device can be set as follows:

l narrow: indicates that the device can receive and send packets with cost style narrow.

l narrow-compatible: indicates that the device can receive packets with cost style narrow or wide butsends only packets with cost style narrow.

l compatible: indicates that the device can receive and send packets with cost style narrow or wide.

l wide-compatible: indicates that the device can receive packets with cost style narrow or wide but sendsonly packets with cost style wide.

l wide: indicates that the device can receive and send packets with cost style wide.

If the IS-IS cost styles of both ends are set to narrow and wide (or wide-compatible) respectively, the twoends cannot communicate.

If the IS-IS cost styles of both ends are set to narrow-compatible and wide respectively, the two ends cannotcommunicate either.

If the device and its neighbor have mismatching IS-IS cost styles, run the cost-style commandon the device to modify the configuration.

Step 4 Run:commit


----End



268

6 BGP Configuration

About This Chapter

The Border Gateway Protocol (BGP) is used between Autonomous Systems (ASs) to transmitrouting information. BGP applies to large and complex networks.

6.1 BGP OverviewThe Border Gateway Protocol (BGP) is a path vector protocol that allows devices betweenAutonomous Systems (ASs) to communicate and selects optimal routes. BGP-1 (defined in RFC1105), BGP-2 (defined in RFC 1163), and BGP-3 (defined in RFC 1267) are three earlierversions of BGP. BGP-4 (defined in RFC 1771) has been used since 1994. Since 2006, unicastIPv4 networks have been using BGP-4 defined in RFC 4271, and other networks have beenusing MP-BGP defined in RFC 4760.

6.2 BGP Features Supported by the DeviceThis section describes the BGP features supported by the Switch. The information will help youcomplete configuration tasks quickly and accurately.

6.3 Default ConfigurationThis section describes the default configuration of BGP, which can be changed according tonetwork requirements.

6.4 Configuring Basic BGP FunctionsBefore building a BGP network, you need to configure basic BGP functions.

6.5 Configuring BGP SecurityConfiguring connection authentication and BGP GTSM for BGP peers can improve BGPnetwork security.

6.6 Simplifying IBGP Network ConnectionsConfiguring a route reflector and a confederation on an IBGP network can simplify IBGPnetwork connections.

6.7 Configuring BGP Route Selection and Load BalancingBGP has many route attributes. You can configure these attributes to change the route selectionresult.

6.8 Controlling the Receiving and Advertisement of BGP RoutesControlling the receiving and advertisement of BGP routes can reduce the routing table size andimprove network security.

CloudEngine 6800&5800 Series SwitchesConfiguration Guide - IP Routing 6 BGP Configuration


269

6.9 Adjusting the BGP Network Convergence SpeedYou can configure BGP timers, disable rapid EBGP connection reset, and configure BGP routedampening to speed up BGP network convergence and improve BGP security.

6.10 Configuring BGP ReliabilityYou can configure association between BGP and BFD, BGP Auto FRR, and BGP GR helper tospeed up BGP network convergence and improve BGP reliability.

6.11 Configuring BGP Route SummarizationOn IPv4 networks, BGP supports automatic route summarization and manual routesummarization. Manual route summarization takes precedence over automatic routesummarization.

6.12 Configuring On-demand Route AdvertisementIf a BGP device only wants to received required routes but its peer cannot maintain differentexport policies for connected devices, you can configure prefix-based BGP outbound routefiltering (ORF) to meet this requirement.

6.13 Configuring BGP to Advertise Default Routes to PeersIf a BGP device needs to send multiple routes to its peer, the BGP device can be configured tosend only a default route with the local address as the next-hop address to its peer, regardless ofwhether there are default routes in the local routing table. This function reduces the number ofnetwork routes and saves memory and network resources.

6.14 Configuring MP-BGPMultiprotocol BGP (MP-BGP) enables BGP to support IPv4 unicast networks and IPv4multicast networks.

6.15 Maintaining BGPMaintaining BGP includes resetting BGP connections and clearing BGP statistics.

6.16 Configuration ExamplesThe section provides BGP configuration examples, including networking requirements,networking diagram, configuration roadmap, and configuration procedure.



270

6.1 BGP OverviewThe Border Gateway Protocol (BGP) is a path vector protocol that allows devices betweenAutonomous Systems (ASs) to communicate and selects optimal routes. BGP-1 (defined in RFC1105), BGP-2 (defined in RFC 1163), and BGP-3 (defined in RFC 1267) are three earlierversions of BGP. BGP-4 (defined in RFC 1771) has been used since 1994. Since 2006, unicastIPv4 networks have been using BGP-4 defined in RFC 4271, and other networks have beenusing MP-BGP defined in RFC 4760.

A network is divided into different ASs to facilitate the management over the network. In 1982,the Exterior Gateway Protocol (EGP) was used to dynamically exchange routing informationbetween ASs. EGP advertises only reachable routes but not select optimal routes or preventrouting loops. Therefore, EGP cannot meet network management requirements.

BGP was designed to replace EGP. Different from EGP, BGP can select optimal routes, preventrouting loops, transmit routing information efficiently, and maintain a large number of routes.

6.2 BGP Features Supported by the DeviceThis section describes the BGP features supported by the Switch. The information will help youcomplete configuration tasks quickly and accurately.

CAUTIONl The CloudEngine 6800&5800 Series switch supports BGP4 and MBGP. The configurations

performed in the BGP view take effect in BGP4 and MBGP. For example, after 6.5.1Configuring MD5 Authentication is performed in the BGP view, the configuration takeseffect in BGP4 and MBGP.

l By default, the commands configured in the BGP-IPv4 unicast address family view can alsobe configured in the BGP view but take effect only in BGP4. For example, after 6.4.4Configuring BGP to Import Routes is performed in the BGP view, the configuration takeseffect only in BGP4 but not MBGP.

BGP configurations are performed logically in the following sequence:

1. Configure basic BGP functions to allow devices on BGP networks to communicate. Youcan also import Interior Gateway Protocol (IGP) routes to BGP to help BGP select routesand avoid routing blackholes.

2. Configure the following features in sequence to provide extended functions in BGP4 andMBGP:l In BGP4: BGP security, simplifying IBGP network connections, BGP route selection

and load balancing, controlling the receiving and advertisement of BGP routes,adjusting the BGP network convergence speed, BGP reliability, BGP NSR, BGP routesummarization, on-demand route advertisement, and advertising default routes to peers

l In MBGP: BGP security, simplifying IBGP network connections, BGP route selectionand load balancing, controlling the receiving and advertisement of BGP routes,adjusting the BGP network convergence speed, BGP reliability, BGP NSR, BGP routesummarization, and advertising default routes to peers



271

BGP SecurityOn a BGP network, unauthorized users may modify data packets or forge packets of authorizedusers to attack the BGP network. To ensure service security on the BGP network, configure BGPMessage Digest 5 (MD5) authenticationor BGP keychain authentication.

Simplifying IBGP Network ConnectionsWithin an AS, routes received from an IBGP peer are not advertised to the other IBGP peers.To ensure the connectivity between IBGP peers in an AS, full-mesh connections must beestablished between IBGP peers on a BGP network. When there are a large number of IBGPpeers on the network, the peer configuration is complex, and many network resources and CPUresources need to be consumed. To reduce the number of IBGP connections on the BGP network,configure a route reflector and confederation.

BGP Route Selection and Load BalancingWhen there are multiple routes with the same destination address but of different routing protocoltypes, BGP selects the optimal route based on the routing protocol priority. To change BGProute selection sequence in an IP routing table, set the BGP priority.

There may be multiple routes to the same destination in a BGP routing table. To guide routeselection, BGP defines the next-hop selection policy and route selection rules. The next-hoppolicy takes precedence over route selection rules. After performing the next-hop policy, BGPselects the optimal route based on the following rules:

NOTEYou can specify whether the Switch compares the AS_Path length, next-hop IGP metric, and router ID.

1. Prefers the route with the largest PrefVal value.2. Prefers the route with the highest Local_Pref.3. Prefers the manually summarized route, automatically summarized route, route imported

using the network command, route imported using the import-route command, and routelearned from peers. These routes are in descending order of priority.

4. Prefers the route with the shortest AS_Path.5. Prefers the route with the lowest origin type. IGP is lower than EGP, and EGP is lower than

Incomplete.6. Prefers the route with the lowest MED if routes are received from the same AS.7. Prefers EBGP routes, IBGP routes, LocalCross routes, and RemoteCross routes, which are

listed in descending order of priority.8. Prefers the route with the lowest IGP metric to the BGP next hop.9. Prefers the route with the shortest Cluster_List.10. Prefers the route advertised by the switch with the smallest router ID.

NOTE

If a route carries the Originator_ID attribute, BGP prefers the route with the smallest Originator_IDwithout comparing the router ID.

11. Prefers the route learned from the peer with the lowest IP address.

On networks, there may be multiple valid routes to the same destination. BGP, however,advertises only the optimal route to its peers. This may result in unbalanced traffic on differentroutes. Configuring BGP load balancing better utilizes network resources and reduces networkcongestion.



272

Controlling the Receiving and Advertisement of BGP RoutesAs the network size increases, the routing table size rapidly increases. This burdens the networkand leads to more security problems. To avoid security problems, configure routing policies tofilter routes so that only the required BGP routes are advertised and received. Multiple routesto the same destination may exist and traverse different ASs. Routes to be advertised need to befiltered in order to direct routes to specific ASs.

Adjusting the BGP Network Convergence SpeedTo enable BGP to fast detect network changes, speed up BGP network convergence. To reducethe impact of route flapping on networks and lessen the device burden, slow down BGP networkconvergence.

BGP ReliabilityTo prevent services from being interrupted for a long period because of network faults, you canuse the backup link. However, it takes more than 1 second for the BGP fault detection mechanismto detect a fault and an active/standby switchover. To ensure the quality of delay-sensitiveservices such as voice and video services, use BGP tracking and association between BGP andBFD to fast detect faults, and then use BGP Auto Fast Reroute (FRR) , BGP nonstop routing(NSR), and BGP graceful restart (GR) helper functions to perform fast active/standbyswichovers.

During an active/standby switchover, BGP NSR ensures continuous forwarding andadvertisement of BGP routes. The active/standby switchover in NSR does not need to beconfigured and does not affect the neighbor relationship, and so neighbors are unaware of theswitchover.

NOTE

Only CE6800 series switches in a stack support the NSR function.

BGP NSRNSR is a reliability technique that prevents neighbors from detecting the control planeswitchover. It applies to the devices that have the active and standby MPUs configured.Compared to GR, NSR does not require the help of neighbors and does not need to deal withinteroperability issues.

Route SummarizationA medium or large BGP network must maintain large BGP routing tables, which occupy a lotof memory on devices. Transmitting and processing the routing information requires manynetwork resources. Route summarization can reduce the routing table size and minimize impactof route flapping on the network. BGP automatic route summarization is easy to configure butonly summarizes routes into a route with the natural mask. BGP manual route summarizationcan work with flexible routing policies to allow BGP to efficiently transmit and control routinginformation.

On-demand BGP Route Advertisement (BGP ORF)BGP outbound route filtering (ORF) can implement on-demand BGP route advertisement.

When BGP peers of a BGP device have different routing requirements, different export policiesneed to be configured on the BGP device. This, however, increases the configuration workload



273

and maintenance cost of the BGP device. To solve this problem, configure BGP ORF on thepeers to allow the peers to maintain required routing policies and send the policies as exportpolicies to the BGP device.

Advertising Default Routes to PeersA medium or large BGP network must maintain large BGP routing tables, which occupy a lotof memory on devices. Transmitting and processing the routing information requires manynetwork resources. If a BGP device needs to send multiple routes to its peer, the BGP devicecan be configured to send only a default route with the local address as the next-hop address toits peer, regardless of whether there are default routes in the local routing table. This functionreduces the number of network routes and saves memory and network resources.

Figure 6-1 Advertising default routes to peers

SwitchBSwitchA192.168.2.1/24

192.168.2.2/24

20.1.1.0/24

20.3.1.0/24

20.2.1.0/24

As shown in Figure 6-1, SwitchA and SwitchB establish a BGP peer relationship. Generally,SwitchB imports routes destined for three network segments 20.1.1.0/24, 20.2.1.0/24, and20.3.1.0/24 to the BGP routing table and then advertises the three imported routes to SwitchA,which then adds the three routes to the local BGP routing table. To save storage resources ofSwitchA and bandwidth resources used for route advertisement, configure SwitchB to advertisea default route to its peer SwitchA, and configure a traffic policy to prohibit the routes destinedfor 20.1.1.0/24, 20.2.1.0/24, and 20.3.1.0/24 from being advertised to SwitchA. When thisoccurs, SwitchA has only one default route, and traffic can still reach the three network segments.

MP-BGPTradition BGP-4 manages only routing information of IPv4 unicast networks but cannot supportinter-AS route transmission on multicast networks. To support multiple types of network layerprotocols, the Internet Engineering Task Force (IETF) extends BGP-4 to MultiprotocolExtensions for BGP-4 (MP-BGP) defined in RFC 4760. MP-BGP is called multicast BGP(MBGP) on multicast networks.

MP-BGP uses address families to differentiate network layer protocols. Basic BGP functionsare configured in the BGP view, and extended BGP functions are configured in their respectiveaddress family views. Currently, the Switch supports the following address family views:l BGP viewl BGP-IPv4 unicast address family viewl BGP-VPN instance IPv4 address family view



274

l BGP-IPv4 multicast address family view

6.3 Default ConfigurationThis section describes the default configuration of BGP, which can be changed according tonetwork requirements.

Table 6-1 describes the default configuration of BGP.

Table 6-1 Default configuration of BGP


BGP Disabled

Keepalive message interval 60s

Hold time 180s

6.4 Configuring Basic BGP FunctionsBefore building a BGP network, you need to configure basic BGP functions.


Before configuring basic BGP functions, complete the following task:

l Configuring IP addresses for interfaces to ensure network-layer communication betweenneighbor nodes


Perform the following operations in sequence and as required.Select tasks from Table 6-2 asrequired.

Table 6-2 Configuring basic BGP functions

Task Configuring aSingle Peer

Configuring anIBGP Peer Group

Configuring anEBGP Peer Group

Start a BGP process Y Y Y

Configure BGP peers Y N Y

Configure a BGPpeer group

N Y Y

Configure BGP toimport routes

Y Y Y



275

6.4.1 Starting a BGP Process

Procedure



Step 2 Run:bgp as-number

BGP is started, the local AS number is specified, and the BGP view is displayed.

CAUTIONAfter BGP peers are configured, changing the router ID of a BGP peer resets BGP peerrelationships.

Step 3 Run:router-id ipv4-address

A router ID of a BGP device is set.

By default, BGP prefers the router ID configured in the system view, highest loopback interfaceaddress, highest interface address, and then IP address 0.0.0.0.

TIP

To improve network stability, configure the IP address of a loopback interface as the router ID isrecommended.

Step 4 Run:commit


----End

6.4.2 Configuring BGP Peers

ContextDuring the configuration of BGP peers, if the AS number of the specified peer is the same asthe local AS number, an IBGP peer is configured. If the AS number of the specified peer isdifferent from the local AS number, an EBGP peer is configured. To enhance the stability ofBGP connections, you are advised to use the reachable loopback interface addresses to establishBGP connections.

When loopback interface addresses are used to establish a BGP connection, run the peerconnect-interface command on the both ends of the BGP connection to ensure the correctnessof interfaces and addresses on the TCP connection. If the command is run on only one end, theBGP connection may fail to be established.



276

When loopback interface addresses are used to establish an EBGP connection, the peer ebgp-max-hop command with hop-count greater than or equal to 2 must be run. Otherwise, the EBGPconnection cannot be established.

To perform the same configuration on a large number of peers, configure a BGP peer groupaccording to 6.4.3 (Optional) Configuring a BGP Peer Group to reduce the configurationworkload.

Procedure




The BGP view is displayed.

Step 3 Run:peer ipv4-address as-number as-number

The BGP peer is created.

By default, BGP does not create BGP peers.

Step 4 (Optional) Run:peer ipv4-address connect-interface { interface-type interface-number [ ipv4-source-address ] | ipv4-source-address }

A source interface and a source IP address are specified for the peer to establish a TCPconnection.

By default, BGP uses the interface that is directly connected to the peer to establish a TCPconnection.

Step 5 (Optional) Run:peer ipv4-address ebgp-max-hop [ hop-count ]

The maximum number of hops allowed for the establishment of an EBGP connection is set.

By default, the maximum number of hops allowed for an EBGP connection is 1. That is, anEBGP connection must be established on a directly connected physical link.

Step 6 (Optional) Run:peer ipv4-address description description-text

The description of the peer is configured.

NOTE

If a BGP peer group is configured on an IPv4 unicast network, steps 7 and 8 are not required. If a BGPpeer group is configured on an IPv4 unicast network, steps 7 and 8 are required.

Step 7 (Optional) Run:ipv4-family multicast

The BGP-IPv4 multicast address family view is displayed.

Step 8 (Optional) Run:



277

peer ipv4-address enable

MP-BGP is enabled on the BGP peers to configure them as MP-BGP peers.

Step 9 Run:commit


----End

6.4.3 (Optional) Configuring a BGP Peer Group

ContextA large BGP network has a large number of peers. It is difficult to configure and maintain thesepeers. You can add the BGP peers with the same configurations to a BGP peer group and thenconfigure the BGP peers in batches. This simplifies peer management and improves routeadvertisement efficiency.

NOTE

l If a function is configured on a peer and its peer group, the function configured on the peer takes precedenceover that configured on the peer group.

l You can repeat step 5 to add multiple peers to a peer group. To add an EBGP peer to a peer group, configurethe EBGP peer according to 6.4.2 Configuring BGP Peers and then perform step 5. To add an IBGP peerto a peer group, perform step 5. The system creates an IBGP peer in the BGP view and sets its AS numberas the AS number of the peer group.

l When loopback interface addresses are used to establish a BGP connection, you are advertised to performstep 6 on the both ends of the BGP connection simultaneously to ensure the correct establishment of theconnection. If step 6 is performed on only one end, the BGP connection may fail to be established.

l When loopback interface are used to establish an EBGP connection, step 7 is required and hop-count in thepeer ebgp-max-hop command must be greater than or equal to 2. Otherwise, the EBGP connection cannotbe established.

Procedure





Step 3 Run:group group-name [ external | internal ]

A BGP peer group is created.

NOTE

The AS number of an IBGP peer group is the local AS number. Therefore, step 4 is not required.

Step 4 Run:peer group-name as-number as-number



278

An AS number is configured for the EBGP peer group.

Step 5 Run:peer ipv4-address group group-name

A peer is added to the peer group.

Step 6 (Optional) Run:peer group-name connect-interface interface-type interface-number [ ipv4-source-address ]

A source interface and a source IP address are specified for the peer to establish a TCPconnection.

By default, BGP uses the interface that is directly connected to the peer to establish a TCPconnection.

Step 7 (Optional) Run:peer group-name ebgp-max-hop [ hop-count ]

The maximum number of hops allowed for the establishment of an EBGP connection is set.

By default, the maximum number of hops allowed for an EBGP connection is 1. That is, anEBGP connection must be established on a directly connected physical link.

Step 8 (Optional) Run:peer group-name description description-text

The description is configured for the peer group.

NOTE

If a BGP peer group is configured on an IPv4 unicast network, steps 9 and 10 are not required. If a BGPpeer group is configured on an IPv4 unicast network, steps 9 and 10 are required.

Step 9 Run:ipv4-family multicast

The BGP-IPv4 multicast address family view is displayed.

Step 10 Run:peer group-name enable

MP-BGP is enabled on the BGP peers to configure them as MP-BGP peers.

Step 11 Run:commit


----End

6.4.4 Configuring BGP to Import Routes

ContextBGP cannot discover routes and needs to import routes such as IGP routes into BGP routingtables so that the imported routes can be transmitted within an AS or between ASs. BGP importsroutes in either import or network mode:



279

l In import mode, BGP imports IGP routes, including RIP, OSPF, and IS-IS routes, into BGProuting tables based on protocol type. To ensure the validity of imported IGP routes, BGPcan also import static routes and direct routes in import mode.

l In network mode, BGP imports the routes in the IP routing table one by one to BGP routingtables. The network mode is more accurate than the import mode.

Procedurel In import mode

1. Run:system-view


bgp as-number

The BGP view is displayed.3. Enter the corresponding address family view based on network type to configure BGP

devices on networks.– Run:

ipv4-family { unicast | multicast }

The IPv4 address family view is displayed.4. Run:

import-route protocol [ process-id ] [ med med | route-policy route-policy-name ] *

BGP is configured to import routes of other routing protocols.5. (Optional) Run:

default-route imported

BGP is allowed to import default routes from the local IP routing table.

By default, BGP does not add default routes to BGP routing tables.6. Run:

commit

The configuration is committed.l In network mode

1. Run:system-view


bgp as-number




The IPv4 address family view is displayed.



280

4. Run:network ipv4-address [ mask | mask-length ] [ route-policy route-policy-name ]

BGP is configured to import routes from the IP routing table one by one.5. Run:

commit


----End


Procedurel Run the display bgp peer [ verbose ] command to check information about all BGP peers.

l Run the display bgp peer ipv4-address { log-info | verbose } command to checkinformation about the specified BGP peer.

l Run the display bgp routing-table [ ipv4-address [ mask | mask-length ] ] command tocheck BGP routing information.

l Run the display bgp group [ group-name ] command to check information about thespecified BGP peer group.

l Run the display bgp multicast peer [ [ peer-address ] verbose ] command to checkinformation about the specified MBGP peer.

l Run the display bgp multicast group [ group-name ] command to displays the informationabout an MBGP peer group.

l Run the display bgp multicast network command to check the routing information thatMBGP advertises.

l Run the display bgp multicast routing-table [ ip-address [ mask-length [ longer-prefixes ] | mask [ longer-prefixes ] ] ] command to check the MBGP routing table.

----End

6.5 Configuring BGP SecurityConfiguring connection authentication and BGP GTSM for BGP peers can improve BGPnetwork security.


Before configuring BGP security, complete the following task:

l Configuring Basic BGP Functions


You can perform the following configuration tasks as required. The following configurationtasks (excluding the task of checking the configuration) can be performed at any sequence.



281

6.5.1 Configuring MD5 Authentication

Context

BGP uses TCP as the transmission protocol, and considers a packet valid as long as the sourceaddress, destination address, source port, destination port, and TCP sequence number of thepacket are correct. However, most parameters in a packet may be easily obtained by attackers.To protect BGP from attacks, MD5 authentication or keychain authentication can be usedbetween BGP peers to reduce the possibility of attacks. The MD5 algorithm is easy to configure,generates a single password that needs to be manually changed, and applies to the networkrequiring short-period encryption.

CAUTIONIf simple is selected during the configuration of the MD5 authentication password, the passwordis saved in the configuration file in plain text. This brings security risks. It is recommended thatyou select cipher to save the password in cipher text.

Procedure





Step 3 Run:peer { ipv4-address | group-name } password { cipher cipher-password | simple simple-password }

The MD5 authentication password is set.

NOTE

l To prevent the MD5 password set on BGP peers from being decrypted, update the MD5 passwordperiodically.

l BGP MD5 authentication and BGP keychain authentication are mutually exclusive, and only one ofthem can be configured for a BGP peer.

Step 4 Run:commit


----End

6.5.2 Configuring Keychain Authentication



282

ContextBGP uses TCP as the transmission protocol, and considers a packet valid as long as the sourceaddress, destination address, source port, destination port, and TCP sequence number of thepacket are correct. However, most parameters in a packet may be easily obtained by attackers.To protect BGP from attacks, use MD5 authentication or keychain authentication between BGPpeers to reduce the possibility of attacks. The keychain algorithm is complex to configure andgenerates a set of passwords. Keychain authentication allows automatically changing a passwordbased on the configuration. Therefore, keychain authentication applies to networks requiringhigh security.

NOTE

Before configuring BGP keychain authentication, configure a keychain corresponding to keychain-name.Otherwise, the TCP connection cannot be established. For details about configuring a keychain, see"Keychain Configuration" in the CloudEngine 6800&5800 Series Configuration Guide - Security.

Procedure





Step 3 Run:peer { ipv4-address | group-name } keychain keychain-name

Keychain authentication is configured,

NOTE

l You must configure keychain authentication on both BGP peers. Encryption algorithms and passwordsconfigured on both peers must be the same; otherwise, the TCP connection cannot be establishedbetween BGP peers and BGP messages cannot be transmitted.

l BGP MD5 authentication and BGP keychain authentication are mutually exclusive, and only one ofthem can be configured for a BGP peer.

Step 4 Run:commit


----End

6.5.3 Configuring BGP GTSM

ContextTo protect a device against the attacks of forged BGP packets, you can configure GTSM to checkwhether the TTL value in the IP packet header is within the specified range. If the TTL valueof a packet is within the specified range, the packet is allowed to pass through. Otherwise, thepacket is discarded to protect the device.



283

Procedure





NOTE

The configurations of GTSM and peer ebgp-max-hop affect the TTL values of BGP packets, which maycause a conflict between TTL values. Therefore, you can configure only one of the two functions for a peeror peer group.

Step 3 Run:peer { group-name | ipv4-address } valid-ttl-hops [ hops ]

BGP GTSM is configured.

By default, GTSM is not configured on any BGP peer or peer group.

Step 4 Run:commit


----End


Procedurel Run the display bgp peer [ ipv4-address ] verbose command to check authentication

detailed information about the specified BGP peer.

----End

6.6 Simplifying IBGP Network ConnectionsConfiguring a route reflector and a confederation on an IBGP network can simplify IBGPnetwork connections.


Before simplifying IBGP network connections, complete the following configuration task:



Perform the following configuration tasks as required.



284

6.6.1 Configuring a BGP Route Reflector

ContextTo ensure the connectivity between IBGP peers within an AS, you need to establish full-meshconnections between the IBGP peers. When there are many IBGP peers, it is costly to establisha fully-meshed network. A route reflector (RR) can solve this problem.

A cluster ID can help prevent routing loops between multiple RRs within a cluster and betweenclusters. When a cluster has multiple RRs, the same cluster ID must be configured for all theRRs within the cluster.

If full-mesh IBGP connections are established between clients of multiple RRs, route reflectionbetween clients is not required and wastes bandwidth resources. In this case, prohibit routereflection between clients to reduce the network burden.

Within an AS, an RR transmits routing information and forwards traffic. When an RR connectsto a large number of clients and non-clients, many CPU resources are consumed if the RRtransmits routing information and forwards traffic simultaneously. This also reduces routetransmission efficiency. To improve route transmission efficiency, prohibit BGP from addingpreferred routes to IP routing tables on the RR to enable the RR only to transmit routinginformation.

Procedure





Step 3 Enter the corresponding address family view based on network type to configure BGP deviceson networks.l Run:

ipv4-family { unicast | multicast }The IPv4 address family view is displayed.

Step 4 Run:peer { ipv4-address | group-name } reflect-client

An RR and its client are configured.

Step 5 (Optional) Run:reflector cluster-id cluster-id

A cluster ID is configured for the RR.

By default, each RR uses its router ID as the cluster ID.

Step 6 (Optional) Run:undo reflect between-clients

Route reflection is prohibited between clients.



285

By default, route reflection is allowed between clients.

Step 7 (Optional) Run:bgp-rib-only [ route-policy route-policy-name ]

BGP is prohibited from adding preferred routes to IP routing tables.

By default, BGP adds preferred routes to IP routing tables.

Step 8 Run:commit


----End



l Run the display bgp routing-table [ network [ { mask | mask-length } [ longer-prefixes ] ] ] command to check routing information in a BGP routing table.


6.6.2 Configuring a BGP Confederation

Context

A confederation divides an AS into sub-ASs. Within each sub-AS, IBGP peers establish full-mesh connections or have an RR configured. Sub-ASs establish EBGP connections. On a largeBGP network, configuring a confederation can reduce the number of IBGP connections, simplifyrouting policy management, and improve route advertisement efficiency.

Other devices may implement the confederation not in accordance with RFC 3065. You canconfigure confederation compatibility to make standard devices compatible with nonstandarddevices.

Procedure





Step 3 Run:confederation id as-number

A confederation ID is configured.



286

CAUTIONAn old speaker that has a 2-byte AS number cannot be in the same confederation with a newspeaker that has a 4-byte AS number. Otherwise, a routing loop may occur. This is because theAS4_Path attribute does not support confederations.

Step 4 Run:confederation peer-as as-number &<1-32>

A sub-AS number is configured for a confederation.

Step 5 (Optional) Run:confederation nonstandard

Confederation compatibility is configured.

By default, confederations comply with RFC 3065.

Step 6 Run:commit


----End


l Run the display bgp peer [ ipv4-address ] verbose command to check detailed informationabout BGP peers.

l Run the display bgp routing-table [ network ] [ { mask | mask-length } [ longer-prefixes ] ] command to check routing information in a BGP routing table.

6.7 Configuring BGP Route Selection and Load BalancingBGP has many route attributes. You can configure these attributes to change the route selectionresult.


Before configuring BGP route attributes, complete the following task:



You can perform the following configuration tasks as required. The following configurationtasks (excluding the task of checking the configuration) can be performed at any sequence. Fordetailed route selection rules, see 6.2 BGP Features Supported by the Device.

6.7.1 Configuring the BGP Priority



287

ContextThe routing protocols may share and select routing information because switches may runmultiple dynamic routing protocols at the same time. The system sets a default priority for eachrouting protocol. When multiple routing protocols are used to select routes, the route selectedby the routing protocol with a higher priority takes effect.

Procedure







Step 4 Run:preference { external internal local | route-policy route-policy-name }

The BGP priority is set.

The default BGP priority is 255.

NOTE

You cannot use the peer route-policy command on BGP peers to apply routing policies to set the BGPpriority.

Step 5 Run:commit


----End

6.7.2 Configuring the Next_Hop Attribute

ContextWhen an Autonomous System Boundary Router (ASBR) forwards the route learned from anEBGP peer to an IBGP peer, the ASBR does not change the next hop of the route by default.When the IBGP peer receives this route, it finds the next hop unreachable, sets the route toinactive, and does not use this route to guide traffic forwarding. To enable the IBGP peer to usethis route to guide traffic forwarding, configure the ASBR to set its IP address as the next hopof the route when the ASBR forwards this route to the IBGP peer. After the IBGP peer receivesthe route from the ASBR, it finds the next hop of the route reachable, sets the route to active,and uses this route to guide traffic forwarding.



288

When a BGP route changes, BGP needs to iterate the indirect next hop of the route again. If norestriction is imposed on the iterated route, BGP may iterate the next hop to an incorrectforwarding path, causing traffic loss. To prevent traffic loss, configure routing policy-basedroute iteration to prevent traffic loss.

Procedure







Step 4 Perform either of the following operations as required:l Run:

peer { ipv4-address | group-name } next-hop-localA BGP device is configured to set its IP address as the next hop when the device advertisesroutes to an IBGP peer or an IBGP peer group.By default, a BGP device does not modify the next-hop address when advertising routesto its IBGP peers.

l Run:nexthop recursive-lookup route-policy route-policy-nameRouting-policy-based next hop iteration is configured.By default, routing-policy-based next hop iteration is not configured.

NOTE

The nexthop recursive-lookup route-policy route-policy-name command does not take effect for theroutes received from direct connected EBGP peers.

Step 5 Run:commit


----End

6.7.3 Configuring the PrefVal Attribute

ContextThe PrefVal attribute is a Huawei proprietary attribute and is valid only on the device where itis configured. When a BGP routing table contains multiple routes to the same destination, BGPprefers the route with the highest PrefVal.



289

Procedure







Step 4 Run:peer { group-name | ipv4-address } preferred-value value

The PrefVal attribute is configured for all the routes learned from a specified peer.

By default, the PrefVal of a route learned from a peer is 0.

Step 5 Run:commit


----End

6.7.4 Configuring the Default Local_Pref Attribute

ContextThe Local_Pref attribute is used to determine the optimal route for outgoing traffic of an AS.When a BGP device obtains multiple routes to the same destination address but with differentnext hops from different IBGP peers, the BGP device prefers the route with the highestLocal_Pref.

Procedure








290



Step 4 Run:default local-preference local-preference

The default Local_Pref attribute is configured.

By default, the Local_Pref attribute is 100.

Step 5 Run:commit


----End

6.7.5 Configuring the AS_Path Attribute

ContextThe AS_Path attribute records all the ASs that a route passes through from the source to thedestination in the vector order. You can configure the AS_Path attribute to implement flexibleroute selection.

l Generally, BGP compares the AS_Path lists of routes and prefers the route with the shortestAS_Path list. When the AS_Path attribute is not required in route selection, configure BGPnot to compare the AS_Path lists of routes during route selection.

l In most cases, BGP detects routing loops based on AS number. However, to ensure correctroute transmission on a hub-and-spoke network, you need to configure all the BGP peersthat VPN routes advertised from a hub CE to a spoke CE pass through to accept the routeswith a repeated AS number.

l Public AS numbers can be used on the Internet, but private AS numbers cannot becausethey may cause routing loops. To prevent routing loops, configure the AS_Path attributeto carry only public AS numbers in EBGP Update messages.

l When the AS_Path attribute is reconstructed or summarized routes are generated, you canset the maximum number of AS numbers in the AS_Path attribute. Then a BGP devicechecks whether the number of AS numbers in the AS_Path attribute of a route exceeds themaximum value. If so, the BGP device discards the route.

l A device usually supports only one BGP process. This indicates that a device supports onlyone AS number. In some cases, for example, when network migration changes an ASnumber, you can set a fake AS number to ensure successful network migration.

l BGP checks the first AS number in the AS_Path list that is carried in the Update messagesent by an EBGP peer. If the first AS number specifies the AS where the EBGP peer resides,BGP accepts the Update message. Otherwise, BGP rejects the Update message andinterrupts the EBGP connection. If you do not want BGP to check the first AS number,disable BGP from checking the first AS number.

Procedure




291


Step 2 Run:route-policy route-policy-name { deny | permit } node node

A node is configured for a route-policy, and the view of the route-policy is displayed.

Step 3 (Optional) Configure matching rules for the route-policy to change only the communityattributes of the routes meet matching rules.

By default, all routes meet matching rules. For details, see 7.4.2 (Optional) Configuring an if-match Clause.

Step 4 Run:apply as-path { as-number | 4as-number } &<1-10> { additive | overwrite }

The AS_Path attribute is set for BGP routes.

Step 5 Run:quit






Step 8 Add the AS_Path attribute to routes.l Run:

peer { ipv4-address | group-name } route-policy route-policy-name exportThe AS_Path attribute is added to the routes advertised to BGP peers or peer groups.

l Run:peer { ipv4-address | group-name } route-policy route-policy-name importThe AS_Path attribute is added to the routes received from BGP peers or peer groups.

l Run:import-route protocol [ process-id ] route-policy route-policy-nameThe AS_Path attribute is added to the routes imported by BGP in import mode.

l Run:network ipv4-address [ mask | mask-length ] route-policy route-policy-nameThe AS_Path attribute is added to the routes imported by BGP in network mode.

Step 9 (Optional) Run one of the following commands to configure the AS_Path attribute as required.l Run:

bestroute as-path-ignoreBGP is configured not to compare the AS_Path attributes of routes during route selection.By default, BGP compares the AS_Path attributes of routes during route selection.

l Run:peer { ipv4-address | group-name } allow-as-loop [ number ]



292

Repeated local AS numbers are allowed in routes.By default, repeated local AS number is not allowed.

l Run:peer { ipv4-address | group-name } public-as-only

BGP is configured to carry only public AS numbers in the AS_Path attribute in an EBGPUpdate message.By default, the AS_Path attribute can carry both public and private AS numbers in an EBGPUpdate message.

l Return to the BGP view to configure the AS_Path attribute.

1. Run:quit

Return to the BGP view.2. (Optional) Run one of the following commands to configure the AS_Path attribute as

required.– Run:

as-path-limit as-path-limit-num

The maximum number of AS numbers in the AS_Path attribute is set.By default, the maximum number of AS numbers in the AS_Path attribute is 255.

– Run:peer { ipv4-address | group-name } fake-as as-number

A fake AS number is configured for an EBGP peer group.By default, EBGP peers establish a connection using a real AS number.

CAUTIONRunning the undo check-first-as command increases the probability of routingloops. Therefore, exercise caution when using this command.

– Run:undo check-first-as

BGP is configured not to check the first AS number in the AS_Path list that is carriedin the Update message sent by an EBGP peer.By default, BGP checks the first AS number in the AS_Path list that is carried in theUpdate message sent by an EBGP peer.

NOTE

When BGP is disabled from checking the first AS number, run the refresh bgp command inthe user view if you want BGP to check the first AS number of received routes.

Step 10 Run:commit


----End

6.7.6 Configuring the MED Attribute



293

Context

The multi-exit discriminator (MED) helps determine the optimal route for incoming traffic ofan AS. It is similar to the metric used in IGP. When a BGP device obtains multiple routes to thesame destination address but with different next hops from EBGP peers, the BGP device selectsthe route with the smallest MED value as the optimal route.

Procedure








Step 4 Perform one of the following operations as required:l Run:

default med med

The default MED value is set.By default, the MED is 0.

l Run:bestroute med-none-as-maximum

BGP defines the MED value as the maximum value is a route does not have the MEDattribute.By default, BGP uses the default MED value when a route does not have the MED attribute.

l Run:compare-different-as-med

BGP is allowed to compare the MED values of routes received from EBGP peers in anyAS.By default, BGP compares only the MEDs of the routes received from EBGP peers withinthe same AS.

Step 5 Run:commit


----End

6.7.7 Configuring the BGP Community Attribute



294

ContextThe Community attribute is a private BGP route attribute. It is transmitted between BGP peersand is not restricted within an AS. The Community attribute allows a group of BGP devices inmultiple ASs to share the same routing policies, which simplifies routing policy applicationsand facilitates routing policy management and maintenance. A BGP device can add or changethe community attributes of routes to be advertised.

Extended community attributes are extensions to community attributes in services. Currently,only the route-target attribute is supported in VPN.

Procedure



Step 2 Run:route-policy route-policy-name { deny | permit } node node

A node is configured for a route-policy, and the view of the route-policy is displayed.

Step 3 (Optional) Configure matching rules for the route-policy to change only the communityattributes of the routes meet matching rules.

By default, all routes meet matching rules. For details, see 7.4.2 (Optional) Configuring an if-match Clause.

Step 4 Run either of the following commands to configure the Community attribute.l Run:

apply community { community-number | aa:nn | internet | no-advertise | no-export | no-export-subconfed } &<1-32> [ additive ]

Common community attributes are configured for BGP routes.

NOTEThis command allows you to configure a maximum of 32 community attributes.

l Run:apply extcommunity { rt { as-number:nn | ipv4-address:nn } } &<1-16> [ additive ]

An extended community attribute (route-target) is configured.

Step 5 Run:quit








295


Step 8 Add the Community attribute to routes.l Run:

peer { ipv4-address | group-name } route-policy route-policy-name exportThe Community attribute is added to the routes advertised to BGP peers or peer groups.

l Run:peer { ipv4-address | group-name } route-policy route-policy-name importThe Community attribute is added to the routes received from BGP peers or peer groups.

l Run:import-route protocol [ process-id ] route-policy route-policy-nameThe Community attribute is added to the routes imported by BGP in import mode.

l Run:network ipv4-address [ mask | mask-length ] route-policy route-policy-nameThe Community attribute is added to the routes imported by BGP in network mode.

NOTE

Step 9 is required only when the Community attribute needs to be added to the routes advertised to BGPpeers or peer groups.

Step 9 (Optional) Allow BGP to advertise community attributes when BGP adds community attributesto the routes advertised to BGP peers or peer groups.l Run:

peer { ipv4-address | group-name } advertise-communityBGP is allowed to advertise community attributes to BGP peers or peer groups.By default, BGP does not advertise community attributes to any peer or peer group.

l Run:peer { ipv4-address | group-name } advertise-ext-communityBGP is allowed to advertise extended community attributes to BGP peers or peer groups.By default, BGP does not advertise extended community attributes to any peer or peer group.

Step 10 Run:commit


----End

6.7.8 Configuring BGP Load Balancing

ContextOn large networks, there may be multiple valid routes to the same destination. BGP, however,advertises only the optimal route to its peers. This may result in unbalanced traffic on differentroutes. Configuring BGP load balancing better utilizes network resources and reduces networkcongestion.

Equal-cost BGP routes can be generated for traffic load balancing only when the first eight routeattributes described in "BGP Route Selection Policies" are the same, and the AS_Path attributesare also the same. You can change load balancing rules by performing some configurations, forexample, ignoring the comparison of the AS_Path attribute or IGP metric. When performingthese configurations, ensure that these configurations do not result in routing loops.



296

NOTE

If BGP load balancing is configured, the local device changes the next-hop address of routes to its addresswhen advertising routes to IBGP peer groups, regardless of whether the peer next-hop-local command isused.

Procedure







Step 4 Run:maximum load-balancing [ ebgp | ibgp ] number [ ecmp-nexthop-changed ]

The maximum number of BGP routes to be used for load balancing is set.

By default, the maximum number of BGP routes to be used for load balancing is 1, indicatingthat load balancing is not performed.

NOTE

l On a public network, if the routes to the same destination implement load balancing, the system willdetermine the type of the optimal route. If the optimal routes are IBGP routes, only IBGP routes carryout load balancing. If the optimal routes are EBGP routes, only EBGP routes carry out load balancing.This means that load balancing cannot be implemented among IBGP and EBGP routes with the samedestination address.

l On an IPv4 multicast network, BGP compares the AS_Path attributes of the routes to be used for loadbalancing. In this case, step 5 is not supported.

CAUTIONConfiguring BGP not to compare the AS_Path attributes of the routes to be used for loadbalancing may cause routing loops.

Step 5 (Optional) Run:load-balancing as-path-ignore

BGP is configured not to compare the AS_Path attributes of the routes to be used for loadbalancing.

By default, BGP compares the AS_Path attributes of the routes to be used for load balancing.

Step 6 Run:



297

commit


----End


Procedurel Run the display bgp paths [ as-regular-expression ] command to check information about

BGP AS_Path.l Run the display bgp routing-table different-origin-as command to check the routes with

the same destination address but different origin ASs.l Run the display bgp routing-table regular-expression as-regular-expression command

to check information about routes that match the AS regular expression.l Run the display bgp routing-table [ network [ { mask | mask-length } [ longer-

prefixes ] ] ] command to check routing information in a BGP routing table.l Run the display bgp routing-table community [ community-number | aa:nn ] &<1-33>

[ internet | no-advertise | no-export | no-export-subconfed ] * [ whole-match ] commandto check routing information with the specified BGP community.

l Run the display bgp routing-table community-filter { { community-filter-name | basic-community-filter-number } [ whole-match ] | advanced-community-filter-number }command to check information about routes matching a specified BGP community filter.


l Run the display bgp multicast routing-table statistics command to check statistics aboutthe MBGP routing table.

----End

6.8 Controlling the Receiving and Advertisement of BGPRoutes

Controlling the receiving and advertisement of BGP routes can reduce the routing table size andimprove network security.

Pre-configuration TasksBefore controlling the receiving and advertisement of BGP routes, complete the following task:




298


Figure 6-2 Flowchart of controlling the receiving and advertisement of BGP routes

Controlling the Advertisement of BGP

Routes

Configuring BGP Soft Reset

Required steps

Configuring a Routing Policy

Controlling the Receiving of BGP Routes

6.8.1 Configuring a Routing Policy

Context

Before controlling the receiving and advertisement of BGP routes, configure routing policies orfilters of routing policies for route selection. For details, see "Routing Policy Configuration" inthe CloudEngine 6800&5800 Series Switches Configuration Guide - IP Routing.

6.8.2 Controlling the Advertisement of BGP Routes

Context

There are usually a large number of routes in a BGP routing table. Transmitting a great deal ofrouting information brings a heavy load to devices. Routes to be advertised need to be controlledto address this problem. You can configure devices to advertise only routes that these deviceswant to advertise or routes that their peers require. Multiple routes to the same destination mayexist and traverse different ASs. Routes to be advertised need to be filtered in order to directroutes to specific ASs.

Procedurel Configure a BGP device to advertise routes to all peers or peer groups.

You can configure a BGP device to filter routes to be advertised.

1. Run:system-view


bgp as-number



299


3. Enter the corresponding address family view based on network type to configure BGPdevices on networks.

– Run:ipv4-family { unicast | multicast }


4. Perform either of the following operations to configure the BGP device to advertiseroutes to all peers or peer groups:

– To filter routes based on an ACL, run the filter-policy { acl-number | acl-nameacl-name } export [ protocol [ process-id ] ] command.

– To filter routes based on an IP prefix list, run the filter-policy ip-prefix ip-prefix-name export [ protocol [ process-id ] ] command.

NOTE

If an ACL has been referenced in the filter-policy command but no VPN instance is specifiedin the ACL rule, BGP will filter routes including public and private network routes in all addressfamilies. If a VPN instance is specified in the ACL rule, only the data traffic from the VPNinstance will be filtered, and no route of this VPN instance will be filtered.

5. Run:commit


l Configure a BGP device to advertise routes to a specific peer or peer group.

1. Run:system-view


2. Run:bgp as-number





4. Perform any of the following operations to configure the BGP device to advertiseroutes to a specific peer or peer group:

– To filter routes based on an ACL, run the peer { group-name | ipv4-address }filter-policy { acl-number | acl-name acl-name } export command.

– To filter routes based on an IP prefix list, run the peer { ipv4-address | group-name } ip-prefix ip-prefix-name export command.

– To filter routes based on an AS_Path filter, run the peer { ipv4-address | group-name } as-path-filter as-path-filter-number export command.

– To filter routes based on a route-policy, run the peer { ipv4-address | group-name } route-policy route-policy-name export command.



300

NOTE

The routing policy applied in the peer route-policy export command does not support aspecific interface as one matching rule. That is, the routing policy does not support the if-matchinterface command.

5. Run:commit


----End

6.8.3 Controlling the Receiving of BGP Routes

ContextWhen a BGP device is attacked or network configuration errors occur, the BGP device willreceive a large number of routes from its neighbor. As a result, many device resources areconsumed. Therefore, the administrator must limit the resources used by the device based onnetwork planning and device capacity. BGP provides peer-based route control to limit thenumber of routes to be sent by a neighbor. This addresses the preceding problem.

Procedurel Configure a BGP device to receive routes from all its peers or peer groups.

1. Run:system-view


bgp as-number




4. Perform either of the following operations to configure the BGP device to filter theroutes received from all its peers or peer groups:– To filter routes based on an ACL, run the filter-policy { acl-number | acl-name

acl-name } import command.– To filter routes based on an IP prefix list, run the filter-policy ip-prefix ip-prefix-

name import command.

NOTE

If an ACL has been referenced in the filter-policy command but no VPN instance is specifiedin the ACL rule, BGP will filter routes including public and private network routes in all addressfamilies. If a VPN instance is specified in the ACL rule, only the data traffic from the VPNinstance will be filtered, and no route of this VPN instance will be filtered.

5. Run:commit



301

The configuration is committed.l Configure a BGP device to receive routes from a specific peer or peer group.

1. Run:system-view


bgp as-number




The IPv4 address family view is displayed.4. Perform any of the following operations to configure the BGP device to filter the

routes received from a specific peer or peer group:– To filter routes based on an ACL, run the peer { group-name | ipv4-address }

filter-policy { acl-number | acl-name acl-name } import command.– To filter routes based on an IP prefix list, run the peer { ipv4-address | group-

name } ip-prefix ip-prefix-name import command.– To filter routes based on an AS_Path filter, run the peer { ipv4-address | group-

name } as-path-filter as-path-filter-number import command.– To filter routes based on a route-policy, run the peer { ipv4-address | group-

name } route-policy route-policy-name import command.

NOTE

The routing policy applied in the peer route-policy import command does not support aspecific interface as one matching rule. That is, the routing policy does not support the if-matchinterface command.

CAUTIONIf the number of routes received by the local device exceeds the upper limit and thepeer route-limit command is used for the first time, the local device and its peerreestablish the peer relationship, regardless of whether alert-only is set.

5. (Optional) Run:peer { group-name | ipv4-address } route-limit limit [ percentage ] [ alert-only | idle-forever | idle-timeout times ]

The maximum number of routes that can be received from the peer or peer group isset.

6. Run:commit


----End



302

6.8.4 Configuring BGP Soft Reset

Context

After changing a BGP import policy, you must reset BGP connections for the new import policyto take effect. This, however, interrupts these BGP connections temporarily. BGP route-refreshallows the system to softly reset BGP connections to refresh a BGP routing table without tearingdown any BGP connection. If a device's peer does not support route-refresh, configure the deviceto remain all routing updates received from the peer so that the device can refresh its routingtable without tearing down the BGP connection with the peer.

Procedurel If a device's peer supports route-refresh, configure the device to softly reset the BGP

connection with the peer and update the BGP routing table.

1. Run:system-view


bgp as-number

The BGP view is displayed.3. (Optional) Run:

peer { ipv4-address | group-name } capability-advertise route-refresh

Route-refresh is enabled.By default, route-refresh is enabled.

4. Run:commit

The configuration is committed.5. Run:

quit

Return to the system view.6. Run:

quit

Return to the user view.7. Run:

refresh bgp [ vpn-instance vpn-instance-name ipv4-family ] { all | ipv4-address | group group-name | external | internal } { export | import }

or run :BGP soft reset is configured.

l If a device's peer does not support route-refresh, configure the device to remain all routingupdates received from the peer so that the device can refresh its routing table without tearingdown the BGP connection with the peer.

1. Run:system-view


bgp as-number



303





CAUTIONIf the peer keep-all-routes command is used on the device for the first time, thesessions between the device and its peers are reestablished.The refresh bgp command takes effect when the peer keep-all-routes command isused on the device supporting route-refresh.

4. Run:peer { ipv4-address | group-name } keep-all-routes

The device is configured to store all the routing updates received from its peers orpeer groups.By default, the device stores only the routing updates that are received from peers orpeer groups and match a configured import policy.

5. Run:commit


----End


Procedurel Run the display ip as-path-filter [ as-path-filter-number | as-path-filter-name ] command

to check information about a configured AS_Path filter.l Run the display ip community-filter [ basic-comm-filter-num | adv-comm-filter-num |

comm-filter-name ] command to check information about a configured community filter.l Run the display ip extcommunity-filter [ extcomm-filter-number ] command to check

information about a configured extcommunity filter.l Run the display bgp routing-table as-path-filter as-path-filter as-path-filter-number

command to check information about routes matching a specified AS_Path filter.l Run the display bgp routing-table community-filter { { community-filter-name | basic-

community-filter-number } [ whole-match ] | advanced-community-filter-number }command to check information about routes matching a specified BGP community filter.

l Run the display bgp routing-table peer ipv4-address received-routes [ active ][ statistics ] command to check information about routes received by a BGP device fromits peers.

l Run the display bgp multicast routing-table different-origin-as command to checkinformation about MBGP routes with different origin ASs.



304

l Run the display bgp multicast routing-table regular-expression as-regular-expressionto check information about MBGP routes matching the AS regular expression.

l Run the display bgp multicast paths as-regular-expression command to checkinformation about AS paths.

l Run the display bgp multicast routing-table as-path-filter as-path-filter-numbercommand to check information about MBGP routes matching the AS_Path filter.

l Run the display bgp multicast routing-table community-filter { { community-filter-name | basic-community-filter-number } [ whole-match ] | advanced-community-filter-number } command to check information about routes matching a specified MBGPcommunity filter.

l Run the display bgp multicast routing-table peer peer-address { advertised-routes |received-routes [ active ] } [ statistics ] command to check information about routes thatare sent by and received from the specified MBGP peer.

l Run the display bgp multicast network command to check the routing information thatMBGP advertises.

----End

6.9 Adjusting the BGP Network Convergence SpeedYou can configure BGP timers, disable rapid EBGP connection reset, and configure BGP routedampening to speed up BGP network convergence and improve BGP security.

Pre-configuration TasksBefore configuring adjusting the BGP network convergence speed, complete the following task:


Configuration FlowchartYou can perform the following configuration tasks as required. The following configurationtasks (excluding the task of checking the configuration) can be performed at any sequence.

6.9.1 Configuring a BGP ConnectRetry Timer

ContextAfter BGP initiates a TCP connection, the ConnectRetry timer will be stopped if the TCPconnection is established successfully. If the first attempt to establish a TCP connection fails,BGP tries again to establish the TCP connection after the ConnectRetry timer expires.l Setting a short ConnectRetry interval reduces the period BGP waits between attempts to

establish a TCP connection. This speeds up the establishment of the TCP connection.l Setting a long connectRetry interval suppresses routing flapping caused by peer relationship

flapping.

A ConnectRetry timer can be configured either for all peers or peer groups, or for a specific peeror peer group. A ConnectRetry timer configured for a specific peer takes precedence over thatconfigured for the peer group of this peer. In addition, a ConnectRetry timer configured for aspecific peer or peer group takes precedence over that configured for all peers or peer groups.



305

Procedurel Configure a BGP ConnectRetry timer for all peers or peer groups.

1. Run:system-view


bgp as-number

The BGP view is displayed.3. Run:

timer connect-retry connect-retry-time

A BGP ConnectRetry timer is configured for all peers or peer groups.

By default, the ConnectRetry timer value is 32s.4. Run:

commit

The configuration is committed.l Configure a ConnectRetry timer for a specific peer or peer group.

1. Run:system-view


bgp as-number


peer { group-name | ipv4-address } timer connect-retry connect-retry-time

A ConnectRetry timer is configured for a specific peer or peer group.

By default, the ConnectRetry timer value is 32s.4. Run:

commit


----End

6.9.2 Configuring BGP Keepalive and Hold Timers

ContextKeepalive messages are used by BGP to maintain peer relationships.

l If short Keepalive time and holdtime are set, BGP can detect a link fault quickly. Thisspeeds up BGP network convergence, but increases the number of Keepalive messages onthe network and loads of devices, and consumes more network bandwidth resources.

l If long Keepalive time and holdtime are set, the number of Keepalive messages on thenetwork is reduced, loads of devices are reduced, and fewer network bandwidth are



306

consumed. If the Keepalive time is too long, BGP is unable to detect link status changes ina timely manner. This is unhelpful for implementing rapid BGP network convergence andmay cause many packets to be lost.

Keepalive and hold timers can be configured either for all peers or peer groups, or for a specificpeer or peer group. Keepalive and hold timers configured for a specific peer take precedenceover those configured for the peer group of this peer. In addition, Keepalive and hold timersconfigured for a specific peer or peer group take precedence over those configured for all peersor peer groups.

CAUTIONChanging timer values using the timer command or the peer timer command interrupts BGPpeer relationships between switchs.Setting the Keepalive time to 20s is recommended. If the Keepalive time is smaller than 20s,sessions between peers may be closed.

Procedurel Configure BGP timers for all peers or peer groups.

1. Run:system-view


bgp as-number


timer keepalive keepalive-time hold hold-time

BGP timers are configured.

The proper maximum interval at which Keepalive messages are sent is one third theholdtime. By default, the Keepalive time is 60s and the holdtime is 180s.

4. Run:commit

The configuration is committed.l Configure BGP timers for a specific peer or peer group.

1. Run:system-view


bgp as-number


peer { ipv4-address | group-name } timer keepalive keepalive-time hold hold-time



307

The Keepalive and hold timers are configured for a specific peer or peer group.

The proper maximum interval at which Keepalive messages are sent is one third theholdtime. By default, the Keepalive time is 60s and the holdtime is 180s.

4. Run:commit


----End

6.9.3 Configuring a Update Message Timer

ContextBGP does not periodically update a routing table. When BGP routes change, BGP updates thechanged BGP routes in the BGP routing table by sending Update messages.

l If a short Update message interval is set, BGP can fast detect route changes. This speedsup BGP network convergence, but increases the number of Update messages on the networkand loads of devices, and consumes more network bandwidth resources.

l If a long Update message interval is set, the number of Update messages on the network isreduced, loads of devices are reduced, and fewer network bandwidth are consumed. Thisavoids network flapping. If the Update message interval is too long, BGP is unable to detectroute changes in a timely manner. This is unhelpful for implementing rapid BGP networkconvergence and may cause many packets to be lost.

Procedure







Step 4 Run:peer { ipv4-address | group-name } route-update-interval interval

An Update message timer is configured.

By default, the interval at which Update messages are sent to IBGP peers is 15s, and the intervalat which Update messages are sent to EBGP peers is 30s.

Step 5 Run:commit



308


----End

6.9.4 Disabling Rapid EBGP Connection Reset

Context

Rapid EBGP connection reset is enabled by default. This allows BGP to immediately respondto a fault on an interface and delete the direct EBGP sessions on the interface without waitingfor the hold timer to expire and implements rapid BGP network convergence.

If the status of an interface used to establish an EBGP connection changes frequently, the EBGPsession will be deleted and reestablished repeatedly, causing network flapping. Rapid EBGPconnection reset can be disabled in such a situation. BGP will delete direct EBGP sessions onthe interface until the hold timer expires. This suppresses BGP network flapping, helpsimplement rapid BGP network convergence, and reduces network bandwidth consumption.

Procedure





Step 3 Run:undo ebgp-interface-sensitive

Rapid EBGP connection reset is disabled.

By default, rapid EBGP connection reset is enabled.

NOTE

Rapid EBGP connection reset enables BGP to quickly respond to interface faults but does not enable BGPto quickly respond to interface recovery. After the interface recovers, BGP uses its state machine to restorerelevant sessions.

Rapid EBGP connection reset is disabled in a situation where the status of an interface used to establishan EBGP connection changes frequently. If the status of the interface becomes stable, run the ebgp-interface-sensitive command to enable rapid EBGP connection reset to implement rapid BGP networkconvergence.

Step 4 Run:commit


----End

6.9.5 Configuring BGP Route Dampening



309

Context

A route is considered to be flapping when it repeatedly appears and then disappears in the routingtable. BGP generally applies to complex networks where routes change frequently. Frequentroute flapping consumes lots of bandwidths and CPU resources and even affects normal networkoperation. BGP route dampening prevents frequent route flapping.

BGP can differentiate routes based on policies and use different route dampening parameters tosuppress different routes. For example, on a network, you can set a long suppression time forroutes with a long mask and set a short suppression time for routes with a short mask (such as8-bit mask).

Procedure








Step 4 Run:dampening [ half-life-reach reuse suppress ceiling | route-policy route-policy-name ] *

BGP route dampening parameters are configured.

Step 5 Run:commit


----End


Procedurel Run the display bgp peer [ verbose ] command to check information about all BGP peers.l Run the display bgp group [ group-name ] command to check information about the

specified BGP peer group.l Run the display bgp routing-table dampened command to check dampened BGP routes.l Run the display bgp routing-table dampening parameter command to check configured

BGP route dampening parameters.



310

l Run the display bgp routing-table flap-info [ regular-expression as-regular-expression | as-path-filter as-path-filter-number | network-address [ { mask | mask-length } [ longer-match ] ] ] command to check route flapping statistics.

l Run the display bgp multicast routing-table dampened command to check dampenedMBGP routes.

l Run the display bgp multicast routing-table dampening parameter command to checkMBGP route dampening parameters.

l Run the following commands to check statistics about flapping MBGP routes.– display bgp multicast routing-table flap-info [ ip-address [ mask [ longer-match ] |

mask-length [ longer-match ] ] | as-path-filter as-path-filter-number | regular-expression as-regular-expression ]

– display bgp multicast routing-table flap-info as-regular-expression

----End

6.10 Configuring BGP ReliabilityYou can configure association between BGP and BFD, BGP Auto FRR, and BGP GR helper tospeed up BGP network convergence and improve BGP reliability.

Pre-configuration TasksBefore configuring BGP reliability, complete the following task:


Configuration FlowchartYou can perform the following configuration tasks as required. The following configurationtasks can be performed at any sequence.

6.10.1 Configuring Association Between BGP and BFD

ContextBGP periodically sends Keepalive messages to its peers to detect the status of its peers. It takesmore than 1 minute for this detection mechanism to detect a fault. When data is transmitted atgigabit rates, long-time fault detection will cause packet loss. This cannot meet high reliabilityrequirements of carrier-class networks. Association between BGP and BFD can solve thisproblem. BFD is a millisecond-level fault detection mechanism. It can detect faults on the linkbetween BGP peers within 50 ms. Therefore, BFD can speed up BGP route convergence, ensuresfast link switching, and reduces traffic loss.

When a peer joins a peer group on which BFD is enabled, BFD also takes effect on the peer anda BFD session is created on the peer. To prevent BFD from taking effect on the peer, run thepeer bfd block command.

By default, Huawei devices establish multi-hop IBGP sessions with each other. When a Huaweidevice communicates with a non-Huawei device that establishes a single-hop IBGP session bydefault, you are advised to configure only association between IGP and BFD or associationbetween IBGP and BFD.



311

Procedure



Step 2 Run:bfd

Global BFD is enabled on the local device.

Step 3 Run:quit




Step 5 Run:peer { group-name | ipv4-address } bfd enable

BFD is configured for the peer or peer group, and default BFD parameters are used to establishBFD sessions.

If BFD is configured for a peer group, BFD sessions are created for the peers on which the peerbfd block command is not used.

Step 6 Run:peer { group-name | ipv4-address } bfd { min-tx-interval min-tx-interval | min-rx-interval min-rx-interval | detect-multiplier multiplier } *

BFD session parameters are configured.

Step 7 (Optional) Run:peer ipv4-address bfd block

The peer is disabled from inheriting the BFD function of the peer group to which the peer belongs.

NOTE

l BFD sessions are established when they are in Established state.

l If BFD parameters are configured on a peer, BFD sessions are established using these parameters.

l The peer ipv4-address bfd block and peer ipv4-address bfd enable commands are mutually exclusive.The two commands can be configured on a peer simultaneously.

Step 8 Run:commit


----End



312

Checking the Configurationl Run the display bgp bfd session { [ vpnv4 vpn-instance vpn-instance-name ] peer ipv4-

address | all } command to check information about the BFD sessions established betweenBGP peers.

l Run the display bgp [ vpnv4 vpn-instance vpn-instance-name ] peer [ [ ipv4-address ]verbose ] command to check information about BGP peers.


l Run the display bgp vpnv4 { all | vpn-instance vpn-instance-name } group [ group-name ] command to check information about the BGP VPNv4 peer group.

6.10.2 Configuring BGP Auto FRR

ContextOn a traditional IP network, it often takes the routing system several seconds to complete routeconvergence after a link fault is detected. This convergence speed cannot meet requirements ofthe services that require a low delay and low packet loss ratio because it may lead to serviceinterruption. For example, Voice over Internet Protocol (VoIP) services are only tolerant ofmillisecond-level interruption. BGP Auto Fast Reroute (FRR) implements route convergence atthe millisecond level after a fault is detected at the physical layer or link layer. BGP Auto FRRreduces the impact of link faults on services.


system-view





ipv4-family unicastThe IPv4 address family view is displayed.

Step 4 Run:auto-frr

BGP Auto FRR is enabled for unicast routes.

By default, BGP Auto FRR is not enabled for unicast routes.

Step 5 Run:commit


----End



313

Checking the Configurationl Run the display ip routing-table [ vpn-instance vpn-instance-name ] [ ipv4-address

[ mask | mask-length ] [ longer-match ] ] verbose command to check backup forwardinginformation about routes in the IP routing table.

6.10.3 Configuring the BGP GR Helper Function

Context

BGP restart causes peer relationships reestablishment and traffic interruption. Graceful restart(GR) ensures uninterrupted traffic interruption in the case of BGP restart.

NOTE

Currently, devices support only the GR helper function, and the GR restarter function is implemented usingnon-stop routing (NSR). NSR does not need to be configured.

Procedure





Step 3 Run:graceful-restart

BGP GR is enabled.

By default, BGP GR is disabled.

Step 4 (Optional) Run:graceful-restart timer wait-for-rib timer

The time during which the restarting speaker and receiving speaker wait for End-of-RIBmessages is set.

By default, the time for waiting for End-of-RIB messages is 600 seconds.

Step 5 Run:commit


----End

Checking the Configurationl Run the display bgp peer verbose command to check detailed information about BGP

peers.



314

6.11 Configuring BGP Route SummarizationOn IPv4 networks, BGP supports automatic route summarization and manual routesummarization. Manual route summarization takes precedence over automatic routesummarization.

Pre-configuration TasksBefore configuring BGP route summarization, complete the following task:


Procedurel Configure automatic route summarization.

1. Run:system-view


bgp as-number




The IPv4 address family view is displayed.4. Run:

summary automatic

BGP summarizes subnet routes based on natural mask.

NOTE

The command summarizes the routes imported by BGP. These routes can be direct routes, staticroutes, RIP routes, OSPF routes, or IS-IS routes. The command, however, is invalid for the routesimported using the network command.

5. Run:commit

The configuration is committed.l Configure manual route summarization.

1. Run:system-view


bgp as-number




315



The IPv4 address family view is displayed.4. Perform any of the following operations to configure manual route summarization.

– To advertise the summarized routes and specific routes, run the aggregate ipv4-address { mask | mask-length } command.

– To advertise only the summarized routes, run the aggregate ipv4-address{ mask | mask-length } detail-suppressed command.

– To advertise the summarized routes and specific routes that meet the specifiedroute-policy, run the aggregate ipv4-address { mask | mask-length } suppress-policy route-policy-name command.

– To advertise the summarized routes of which the AS_Set attribute helps detectrouting loops, run the aggregate ipv4-address { mask | mask-length } as-setcommand.

– To set attributes for the summarized routes, run the aggregate ipv4-address{ mask | mask-length } attribute-policy route-policy-name command.

– To summarize the specific routes that meet the specified route-policy, run theaggregate ipv4-address { mask | mask-length } origin-policy route-policy-namecommand.

NOTE

Manual route summarization is valid for the routes in the local BGP routing table. For example, ifthe local BGP routing table does not contain routes with mask longer than 16 bits, such as 10.1.1.1/24,BGP will not generate an aggregated route for it even if the aggregate 10.1.1.1 16 command is used.

5. Run:commit


----End

Checking the Configurationl Run the display bgp routing-table [ network [ { mask | mask-length } [ longer-

prefixes ] ] ] command to check information about summarized routes.l Run the display bgp multicast routing-table [ ip-address [ mask-length [ longer-

prefixes ] | mask [ longer-prefixes ] ] ] command to check the MBGP routing table.

6.12 Configuring On-demand Route AdvertisementIf a BGP device only wants to received required routes but its peer cannot maintain differentexport policies for connected devices, you can configure prefix-based BGP outbound routefiltering (ORF) to meet this requirement.


Before configuring prefix-based BGP ORF, complete the following tasks:



316

l Configuring Basic BGP Functionsl Configuring an IP Prefix List

Procedure





Step 3 Run:ipv4-family unicast

The IPv4 unicast address family view is displayed.

Step 4 Run:peer { group-name | ipv4-address } ip-prefix ip-prefix-name import

A prefix-based import policy is configured for a peer or peer group.

Step 5 Run:peer { group-name | ipv4-address } capability-advertise orf [ non-standard-compatible ] ip-prefix { both | receive | send }

Prefix-based ORF is enabled for a peer or peer group.

By default, prefix-based ORF is disabled for a peer or peer group.

Step 6 Run:commit


----End

Checking the Configurationl Run the display bgp peer [ ipv4-address ] verbose command to check detailed information

about BGP peers.l Run the display bgp peer ipv4-address orf ip-prefix command to check prefix-based BGP

ORF information received from a specified peer.

6.13 Configuring BGP to Advertise Default Routes to PeersIf a BGP device needs to send multiple routes to its peer, the BGP device can be configured tosend only a default route with the local address as the next-hop address to its peer, regardless ofwhether there are default routes in the local routing table. This function reduces the number ofnetwork routes and saves memory and network resources.

Pre-configuration TasksBefore configuring BGP to send default routes to peers, complete the following task:



317


Procedure








Step 4 Run:peer { group-name | ipv4-address } default-route-advertise [ route-policy route-policy-name ] [ conditional-route-match-all { ipv4-address1 { mask1 | mask-length1 } } &<1-4> | conditional-route-match-any { ipv4-address2 { mask2 | mask-length2 } } &<1-4> ]

A BGP device is configured to send default routes to a peer or peer group.

NOTE

The conditional-route-match-all and conditional-route-match-any keywords are not supported in the IPv4multicast address family view and the IPv6 address family view.

Step 5 Run:commit


----End

Checking the Configurationl Run the display bgp routing-table [ ipv4-address [ mask | mask-length ] ] command to

check received BGP default routes.l Run the display bgp multicast routing-table [ ip-address [ mask-length [ longer-

prefixes ] | mask [ longer-prefixes ] ] ] command to check received MBGP default routes.

6.14 Configuring MP-BGPMultiprotocol BGP (MP-BGP) enables BGP to support IPv4 unicast networks and IPv4multicast networks.


Before configuring MP-BGP, complete the following task:



318

l 6.4.1 Starting a BGP Process

Procedure




BGP is started, the local AS number is specified, and the BGP view is displayed.


ipv4-family unicastThe BGP-IPv4 unicast address family view is displayed.

l Run:ipv4-family vpnv4The BGP-VPNv4 address family view is displayed.

l Run:ipv4-family vpn-instance vpn-instance-nameThe BGP-VPN instance IPv4 address family view is displayed.

l Run:ipv4-family multicastThe BGP-IPv4 multicast address family view is displayed.

NOTE

l Different extended BGP functions must be configured in their respective address family views, whilecommon BGP functions are configured in the BGP view.

l The Switch supports the following MBGP features: basic BGP functions, BGP security (MD5authentication and keychain authentication), simplifying IBGP network connections (route reflectorand confederation), BGP route selection and load balancing, controlling the receiving andadvertisement of BGP routes, adjusting the BGP network convergence speed, BGP reliability, BGProute summarization, and advertising default routs to peers.

----End

6.15 Maintaining BGPMaintaining BGP includes resetting BGP connections and clearing BGP statistics.

6.15.1 Resetting BGP Connections



319

Context

CAUTIONRunning the reset bgp command to reset BGP connections will interrupt BGP peer relationshipsbetween BGP devices. Exercise caution when you use this command.

When the BGP routing policy changes, for example, the switch does not support the route-refreshcapability, reset BGP connections to make the modification take effect.

Procedurel To reset all BGP connections, run the reset bgp all command in the user view.

l To reset the BGP connection with a specified AS, run the reset bgp as-number commandin the user view.

l To reset the BGP connection with a specified peer, run the reset bgp ipv4-addresscommand in the user view.

l To reset all EBGP connections, run the reset bgp external command in the user view.

l To reset the BGP connection with a specified peer group, run the reset bgp group group-name command in the user view.

l To reset all IBGP connections, run the reset bgp internal command in the user view.

l To reset the MBGP connection with a specified peer, run the reset bgp multicast peer-address command in the user view.

l To reset all MBGP connections, run the reset bgp multicast all command in the user view.

l To reset the MBGP connection with all the peers in a specified peer group, run the resetbgp multicast group group-name command in the user view.

l To reset all external connections, run the reset bgp multicast external command in theuser view.

l To reset all internal connections, run the reset bgp multicast internal command in theuser view.

----End

6.15.2 Clearing BGP Statistics

Context

CAUTIONBGP statistics cannot be restored after being cleared. Exercise caution when you reset BGPstatistics.



320

Procedurel To clear route flapping statistics, run the reset bgp flap-info [ regexp as-path-regexp | as-

path-filter as-path-filter-number | ipv4-address [ mask | mask-length ] ] command in theuser view.

l To clear route flapping statistics on a specified peer, run the reset bgp ipv4-address flap-info command in the user view.

l To clear route dampening statistics and release suppressed routes, run the reset bgpdampening [ ipv4-address [ mask | mask-length ] ] command in the user view.

l To clear MBGP route dampening statistics, run the reset bgp multicast dampening [ ip-address [ mask | mask-length ] ] command in the user view.

l To clear MBGP route flapping statistics, run the reset bgp multicast flap-info [ ip-address [ mask | mask-length ] | as-path-filter as-path-list-number | regrexp regrexp ]command in the user view.

----End

6.16 Configuration ExamplesThe section provides BGP configuration examples, including networking requirements,networking diagram, configuration roadmap, and configuration procedure.

6.16.1 Example for Configuring Basic BGP Functions

Networking RequirementsAs shown in Figure 6-3, BGP runs between Switches; an EBGP connection is establishedbetween SwitchA and SwitchB; IBGP full-mesh connections are established between SwitchB,SwitchC, and SwitchD.

Figure 6-3 Networking diagram of configuring basic BGP functions

10GE1/0/1VLANIF10200.1.1.2/24

10GE1/0/1VLANIF309.1.1.2/24

10GE1/0/1VLANIF209.1.3.2/2410GE1/0/1

VLANIF10200.1.1.1/24

10GE1/0/2VLANIF409.1.2.1/24

10GE1/0/2VLANIF409.1.2.2/24

10GE1/0/2VLANIF209.1.3.1/24

10GE1/0/3VLANIF309.1.1.1/24

10GE1/0/2VLANIF508.1.1.1/8

SwitchASwitchB

SwitchD

SwitchC

AS65008 AS65009




321

1. Configure IBGP connections between SwitchB, SwitchC, and SwitchD.2. Configure an EBGP connection between SwitchA and SwitchB.

Procedure

Step 1 Configure the VLAN that each interface belongs to.<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~HUAWEI] commit[~SwitchA] vlan batch 10 50[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] port link-type trunk[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10[~SwitchA-10GE1/0/1] quit[~SwitchA] interface 10ge 1/0/2[~SwitchA-10GE1/0/2] port link-type trunk[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 50[~SwitchA-10GE1/0/2] quit[~SwitchA] commit


Step 2 Configure VLANIF interfaces and assign IP addresses to the VLANIF interfaces.[~SwitchA] interface vlanif 10[~SwitchA-Vlanif10] ip address 200.1.1.2 24[~SwitchA-Vlanif10] quit[~SwitchA] interface vlanif 50[~SwitchA-Vlanif50] ip address 8.1.1.1 8[~SwitchA-Vlanif50] quit[~SwitchA] commit


Step 3 Configure IBGP connections.


[~SwitchB] bgp 65009[~SwitchB-bgp] router-id 2.2.2.2[~SwitchB-bgp] peer 9.1.1.2 as-number 65009[~SwitchB-bgp] peer 9.1.3.2 as-number 65009[~SwitchB-bgp] quit[~SwitchB] commit


[~SwitchC] bgp 65009[~SwitchC-bgp] router-id 3.3.3.3[~SwitchC-bgp] peer 9.1.3.1 as-number 65009[~SwitchC-bgp] peer 9.1.2.2 as-number 65009[~SwitchC-bgp] quit[~SwitchC] commit


[~SwitchD] bgp 65009[~SwitchD-bgp] router-id 4.4.4.4[~SwitchD-bgp] peer 9.1.1.1 as-number 65009[~SwitchD-bgp] peer 9.1.2.1 as-number 65009[~SwitchD-bgp] quit[~SwitchD] commit

Step 4 Configure an EBGP connection.



322

# Configure SwitchA.[~SwitchA] bgp 65008[~SwitchA-bgp] router-id 1.1.1.1[~SwitchA-bgp] peer 200.1.1.1 as-number 65009[~SwitchA-bgp] quit[~SwitchA] commit

# Configure SwitchB.[~SwitchB] bgp 65009[~SwitchB-bgp] peer 200.1.1.2 as-number 65008[~SwitchB-bgp] quit[~SwitchB] commit

# View the status of BGP peers.[~SwitchB] display bgp peer BGP local router ID : 2.2.2.2 Local AS number : 65009 Total number of peers : 3 Peers in established state : 3 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 9.1.1.2 4 65009 49 62 0 00:44:58 Established 0 9.1.3.2 4 65009 56 56 0 00:40:54 Established 0 200.1.1.2 4 65008 49 65 0 00:44:03 Established 1

The preceding command output shows that BGP connections have been established betweenSwitchB and Switches.

Step 5 Configure SwitchA to advertise route 8.0.0.0/8.

# Configure SwitchA to advertise route 8.0.0.0.[~SwitchA] bgp 65008[~SwitchA-bgp] ipv4-family unicast[~SwitchA-bgp-af-ipv4] network 8.0.0.0 255.0.0.0[~SwitchA-bgp-af-ipv4] quit[~SwitchA-bgp] quit[~SwitchA] commit

# View the BGP routing table of SwitchA.[~SwitchA] display bgp routing-table BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 1 Network NextHop MED LocPrf PrefVal Path/Ogn *> 8.0.0.0 0.0.0.0 0 0 i

# View the BGP routing table of SwitchB.[~SwitchB] display bgp routing-table BGP Local router ID is 2.2.2.2 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 1 Network NextHop MED LocPrf PrefVal Path/Ogn *> 8.0.0.0 200.1.1.2 0 0 65008i

# View the BGP routing table of SwitchC.



323

[~SwitchC] display bgp routing-table BGP Local router ID is 3.3.3.3 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 1 Network NextHop MED LocPrf PrefVal Path/Ogn *> 8.0.0.0 200.1.1.2 0 100 0 65008i

The preceding command output shows that SwitchC has learned the route to destination 8.0.0.0in AS 65008. The route, however, is invalid because the next hop 200.1.1.2 of this route isunreachable.

Step 6 Configure BGP to import direct routes.


[~SwitchB] bgp 65009[~SwitchB-bgp] ipv4-family unicast[~SwitchB-bgp-af-ipv4] import-route direct[~SwitchB-bgp-af-ipv4] quit[~SwitchB-bgp] quit[~SwitchB] commit

# View the BGP routing table of SwitchA.

[~SwitchA] display bgp routing-table BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 4 Network NextHop MED LocPrf PrefVal Path/Ogn *> 8.0.0.0 0.0.0.0 0 0 i *> 9.1.1.0/24 200.1.1.1 0 0 65009? *> 9.1.3.0/24 200.1.1.1 0 0 65009? * 200.1.1.0/24 200.1.1.1 0 0 65009?


[~SwitchC] display bgp routing-table BGP Local router ID is 3.3.3.3 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 4 Network NextHop MED LocPrf PrefVal Path/Ogn * i 8.0.0.0 200.1.1.2 0 100 0 65008i *>i 9.1.1.0/24 9.1.3.1 0 100 0 ? i 9.1.3.0/24 9.1.3.1 0 100 0 ? *>i 200.1.1.0/24 9.1.3.1 0 100 0 ?

The preceding command output shows that the route to destination 8.0.0.0 becomes validbecause the next-hop address of this route is the address of SwitchA.

# Run the ping 8.1.1.1 command on SwitchC.

[~SwitchC] ping 8.1.1.1 PING 8.1.1.1: 56 data bytes, press CTRL_C to break Reply from 8.1.1.1: bytes=56 Sequence=1 ttl=254 time=31 ms Reply from 8.1.1.1: bytes=56 Sequence=2 ttl=254 time=47 ms Reply from 8.1.1.1: bytes=56 Sequence=3 ttl=254 time=31 ms Reply from 8.1.1.1: bytes=56 Sequence=4 ttl=254 time=16 ms



324

Reply from 8.1.1.1: bytes=56 Sequence=5 ttl=254 time=31 ms --- 8.1.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 16/31/47 ms

----End


# sysname SwitchA# vlan batch 10 50#interface Vlanif10 ip address 200.1.1.2 255.255.255.0#interface Vlanif50 ip address 8.1.1.1 255.0.0.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10 #interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 50 #bgp 65008 router-id 1.1.1.1 peer 200.1.1.1 as-number 65009 # ipv4-family unicast undo synchronization network 8.0.0.0 peer 200.1.1.1 enable#return

l Configuration file of SwitchB# sysname SwitchB# vlan batch 10 20 30#interface Vlanif10 ip address 200.1.1.1 255.255.255.0#interface Vlanif20 ip address 9.1.3.1 255.255.255.0#interface Vlanif30 ip address 9.1.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20#interface 10GE1/0/3 port link-type trunk



325

port trunk allow-pass vlan 30#bgp 65009 router-id 2.2.2.2 peer 9.1.1.2 as-number 65009 peer 9.1.3.2 as-number 65009 peer 200.1.1.2 as-number 65008# ipv4-family unicast undo synchronization import-route direct peer 9.1.1.2 enable peer 9.1.3.2 enable peer 200.1.1.2 enable#return

l Configuration file of SwitchC# sysname SwitchC# vlan batch 20 40#interface Vlanif20 ip address 9.1.3.2 255.255.255.0#interface Vlanif40 ip address 9.1.2.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 20#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 40#bgp 65009 router-id 3.3.3.3 peer 9.1.2.2 as-number 65009 peer 9.1.3.1 as-number 65009 # ipv4-family unicast undo synchronization peer 9.1.2.2 enable peer 9.1.3.1 enable#return

l Configuration file of SwitchD# sysname SwitchD# vlan batch 30 40#interface Vlanif30 ip address 9.1.1.2 255.255.255.0#interface Vlanif40 ip address 9.1.2.2 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 30#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 40#bgp 65009



326

router-id 4.4.4.4 peer 9.1.1.1 as-number 65009 peer 9.1.2.1 as-number 65009 # ipv4-family unicast undo synchronization peer 9.1.1.1 enable peer 9.1.2.1 enable#return

6.16.2 Example for Configuring Basic MBGP Functions


As shown in Figure 6-4, the receiver receives VoD information in multicast mode. The receiverand the source reside in different ASs. Multicast routing information needs to be transmittedbetween ASs.

Figure 6-4 Networking diagram of configuring MBGP

MBGP peers

SwitchA

AS100

SwitchB

SwitchD

SwitchC

AS200

Source

Receiver

Loopback0

Loopback0

Loopback0

Loopback0

10GE1/0/110GE1/0/1

10GE1/0/1

10GE1/0/1

10GE1/0/2

10GE1/0/2

10GE1/0/2

10GE1/0/3

10GE1/0/2

10GE1/0/3

Switch Interface VLANIF Interface IP AddressSwitchA 10GE1/0/1 VLANIF 100 192.1.1.1/24

10GE1/0/2 VLANIF 101 10.10.10.1/24Loopback0 1.1.1.1/32

SwitchB 10GE1/0/1 VLANIF 100 192.1.1.2/2410GE1/0/2 VLANIF 200 194.1.1.2/2410GE1/0/3 VLANIF 300 193.1.1.2/24Loopback0 2.2.2.2/32



327

SwitchC 10GE1/0/1 VLANIF 400 195.1.1.1/2410GE1/0/2 VLANIF 102 22.22.22.1/2410GE1/0/3 VLANIF 300 193.1.1.1/24Loopback0 3.3.3.3/32

SwitchD 10GE1/0/1 VLANIF 400 195.1.1.2/2410GE1/0/2 VLANIF 200 194.1.1.1/24Loopback0 4.4.4.4/32


1. Configure MBGP peers for inter-AS multicast transmission.2. Configure the routes advertised by MBGP.3. Enable the multicast function on each Switch .4. Configure basic PIM-SM functions on each Switch in ASs and enable IGMP on receiver-

side interfaces.5. Configure a BSR boundary on the interfaces that connect to two ASs.6. Configure MSDP peers to transmit inter-domain multicast source information.

Procedure

Step 1 Assign IP addresses to the interfaces on each Switch and configure OSPF in ASs.

# Configure IP addresses and masks for the interfaces on each Switch according to Figure6-4 and configure OSPF on the Switch es in ASs. Ensure that Switch B, Switch C, Switch D cancommunicate with the receiver at the network layer, learn routes to the loopback interfaces ofeach other, and dynamically update routes using a unicast routing protocol. Configure OSPFprocess 1. The configuration procedure is not mentioned here.

Step 2 Configure BGP, enable the MBGP protocol, and configure MBGP peers.

# Configure BGP and the MBGP peer on SwitchA.

[~SwitchA] bgp 100[~SwitchA-bgp] peer 192.1.1.2 as-number 200[~SwitchA-bgp] ipv4-family multicast[~SwitchA-bgp-af-multicast] peer 192.1.1.2 enable[~SwitchA-bgp-af-multicast] quit[~SwitchA-bgp] quit[~SwitchA] commit

# Configure BGP and the MBGP peer on SwitchB.

[~SwitchB] bgp 200[~SwitchB-bgp] peer 192.1.1.1 as-number 100[~SwitchB-bgp] peer 193.1.1.1 as-number 200[~SwitchB-bgp] peer 194.1.1.1 as-number 200[~SwitchB-bgp] ipv4-family multicast[~SwitchB-bgp-af-multicast] peer 192.1.1.1 enable[~SwitchB-bgp-af-multicast] peer 193.1.1.1 enable[~SwitchB-bgp-af-multicast] peer 194.1.1.1 enable[~SwitchB-bgp-af-multicast] quit[~SwitchB-bgp] quit[~SwitchB] commit



328

# Configure BGP and the MBGP peer on SwitchC..

[~SwitchC] bgp 200[~SwitchC-bgp] peer 193.1.1.2 as-number 200[~SwitchC-bgp] peer 195.1.1.2 as-number 200[~SwitchC-bgp] ipv4-family multicast[~SwitchC-bgp-af-multicast] peer 193.1.1.2 enable[~SwitchC-bgp-af-multicast] peer 195.1.1.2 enable[~SwitchC-bgp-af-multicast] quit[~SwitchC-bgp] quit[~SwitchC] commit

# Configure BGP and the MBGP peer on SwitchD.

[~SwitchD] bgp 200[~SwitchD-bgp] peer 194.1.1.2 as-number 200[~SwitchD-bgp] peer 195.1.1.1 as-number 200[~SwitchD-bgp] ipv4-family multicast[~SwitchD-bgp-af-multicast] peer 194.1.1.2 enable[~SwitchD-bgp-af-multicast] peer 195.1.1.1 enable[~SwitchD-bgp-af-multicast] quit[~SwitchD-bgp] quit[~SwitchD] commit

Step 3 Configure the routes to be advertised.

# Configure the routes to be advertised on SwitchA.

[~SwitchA] bgp 100[~SwitchA-bgp] import-route direct [~SwitchA-bgp] ipv4-family multicast[~SwitchA-bgp-af-multicast] import-route direct[~SwitchA-bgp-af-multicast] quit[~SwitchA-bgp] quit[~SwitchA] commit

# Configure the routes to be advertised on SwitchB.

[~SwitchB] bgp 200[~SwitchB-bgp] import-route direct [~SwitchB-bgp] import-route ospf 1[~SwitchB-bgp] ipv4-family multicast[~SwitchB-bgp-af-multicast] import-route direct[~SwitchB-bgp-af-multicast] import-route ospf 1[~SwitchB-bgp-af-multicast] quit[~SwitchB-bgp] quit[~SwitchB] commit

# Configure the routes to be advertised on SwitchC. The configuration of SwitchD is similar tothe configuration of SwitchC, and is not mentioned here.

[~SwitchC] bgp 200[~SwitchC-bgp] import-route direct [~SwitchC-bgp] ipv4-family multicast[~SwitchC-bgp-af-multicast] import-route direct[~SwitchC-bgp-af-multicast] import-route ospf 1[~SwitchC-bgp-af-multicast] quit[~SwitchC-bgp] quit[~SwitchC] commit

Step 4 Enable the multicast function on each Switch and interfaces on the Switches.


[~SwitchA] multicast routing-enable[~SwitchA] interface vlanif 100[~SwitchA-Vlanif100] pim sm[~SwitchA-Vlanif100] quit[~SwitchA] interface vlanif 101



329

[~SwitchA-Vlanif101] pim sm[~SwitchA-Vlanif101] quit[~SwitchA] commit


[~SwitchB] multicast routing-enable[~SwitchB] interface vlanif 100[~SwitchB-Vlanif100] pim sm[~SwitchB-Vlanif100] quit[~SwitchB] interface vlanif 200[~SwitchB-Vlanif200] pim sm[~SwitchB-Vlanif200] quit[~SwitchB] interface vlanif 300[~SwitchB-Vlanif300] pim sm[~SwitchB-Vlanif300] quit[~SwitchB] commit


[~SwitchC] multicast routing-enable[~SwitchC] interface vlanif 400[~SwitchC-Vlanif400] pim sm[~SwitchC-Vlanif400] quit[~SwitchC] interface vlanif 102[~SwitchC-Vlanif102] pim sm[~SwitchC-Vlanif102] igmp enable[~SwitchC-Vlanif102] quit[~SwitchC] interface vlanif 300[~SwitchC-Vlanif300] pim sm[~SwitchC-Vlanif300] quit[~SwitchC] commit


[~SwitchD] multicast routing-enable[~SwitchD] interface vlanif 400[~SwitchD-Vlanif400] pim sm[~SwitchD-Vlanif400] quit[~SwitchD] interface vlanif 200[~SwitchD-Vlanif200] pim sm[~SwitchD-Vlanif200] quit[~SwitchD] commit

Step 5 Configure the BSR and RP within each AS.


[~SwitchA] interface loopback 0[~SwitchA-LoopBack0] ip address 1.1.1.1 255.255.255.255[~SwitchA-LoopBack0] pim sm[~SwitchA-LoopBack0] quit[~SwitchA] pim[~SwitchA-pim] c-bsr loopback 0[~SwitchA-pim] c-rp loopback 0[~SwitchA-pim] quit[~SwitchA] commit


[~SwitchB] interface loopback 0[~SwitchB-LoopBack0] ip address 2.2.2.2 255.255.255.255[~SwitchB-LoopBack0] pim sm[~SwitchB-LoopBack0] quit[~SwitchB] pim[~SwitchB-pim] c-bsr loopback 0[~SwitchB-pim] c-rp loopback 0[~SwitchB] quit[~SwitchB] commit



330

Step 6 Configure a BSR boundary on the interfaces that connect to two ASs.


[~SwitchA] interface vlanif 100[~SwitchA-Vlanif100] pim bsr-boundary[~SwitchA-Vlanif100] quit[~SwitchA] commit


[SwitchB] interface vlanif 100[~SwitchB-Vlanif100] pim bsr-boundary[~SwitchB-Vlanif100] quit[~SwitchB] commit

Step 7 Configure MSDP peers.


[~SwitchA] msdp[~SwitchA-msdp] peer 192.1.1.2 connect-interface vlanif100[~SwitchA-msdp] quit[~SwitchA] commit


[~SwitchB] msdp[~SwitchB-msdp] peer 192.1.1.1 connect-interface vlanif100[~SwitchB-msdp] quit[~SwitchB] commit


# Run the display bgp multicast peer command to view the MBGP peer relationship betweenSwitches. For example, information about the MBGP peer relationship on SwitchA is as follows:

[~SwitchA] display bgp multicast peerBGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 192.1.1.2 4 200 82 75 0 00:30:29 Established 17

# Run the display msdp brief command to view information about the MSDP peer relationshipbetween Switches. For example, brief information about the MSDP peer relationship onSwitchB is as follows:

[~SwitchB] display msdp briefMSDP Peer Brief Information Configured Up Listen Connect Shutdown Down 1 1 0 0 0 0 Peer's Address State Up/Down time AS SA Count Reset Count 192.1.1.1 Up 00:07:17 100 1 0

----End


#sysname SwitchA# vlan batch 100 to 101# multicast routing-enable



331

#interface Vlanif100 ip address 192.1.1.1 255.255.255.0 pim bsr-boundary pim sm#interface Vlanif101 ip address 10.10.10.1 255.255.255.0 pim sm#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 100#interface 10GE1/0/2 port default vlan 101#interface LoopBack0 ip address 1.1.1.1 255.255.255.255 pim sm#pim c-bsr loopback 0 c-rp loopback 0#bgp 100 peer 192.1.1.2 as-number 200# ipv4-family unicast undo synchronization peer 192.1.1.2 enable# ipv4-family multicast undo synchronization import-route direct peer 192.1.1.2 enable#msdp peer 192.1.1.2 connect-interface Vlanif100#return

l Configuration file of SwitchB# sysname SwitchB# vlan batch 100 200 300# multicast routing-enable#interface Vlanif100 ip address 192.1.1.2 255.255.255.0 pim bsr-boundary pim sm#interface Vlanif200 ip address 194.1.1.2 255.255.255.0 pim sm#interface Vlanif300 ip address 193.1.1.2 255.255.255.0 pim sm#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 100#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 200



332

#interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 300#interface LoopBack0 ip address 2.2.2.2 255.255.255.255 pim sm#ospf 1 area 0.0.0.0 network 193.1.1.0 0.0.0.255 network 194.1.1.0 0.0.0.255 network 2.2.2.2 0.0.0.0#bgp 200 peer 192.1.1.1 as-number 100 peer 193.1.1.1 as-number 200 peer 194.1.1.1 as-number 200# ipv4-family unicast undo synchronization peer 192.1.1.1 enable peer 193.1.1.1 enable peer 194.1.1.1 enable# ipv4-family multicast undo synchronization import-route direct import-route ospf 1 peer 192.1.1.1 enable peer 193.1.1.1 enable peer 194.1.1.1 enable#msdp peer 192.1.1.1 connect-interface Vlanif100#return

l Configuration file of SwitchC# sysname SwitchC# vlan batch 102 300 400# multicast routing-enable#interface Vlanif102 ip address 22.22.22.1 255.255.255.0 pim sm igmp enable#interface Vlanif300 ip address 193.1.1.1 255.255.255.0 pim sm#interface Vlanif400 ip address 195.1.1.1 255.255.255.0 pim sm#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 400#interface 10GE1/0/2 port default vlan 102#interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 300



333

#interface LoopBack0 ip address 3.3.3.3 255.255.255.255 #ospf 1 area 0.0.0.0 network 193.1.1.0 0.0.0.255 network 195.1.1.0 0.0.0.255 network 3.3.3.3 0.0.0.0#bgp 200 peer 193.1.1.2 as-number 200 peer 195.1.1.2 as-number 200# ipv4-family unicast undo synchronization peer 193.1.1.2 enable peer 195.1.1.2 enable# ipv4-family multicast undo synchronization import-route direct import-route ospf 1 peer 193.1.1.2 enable peer 195.1.1.2 enable#return

l Configuration file of SwitchD# sysname SwitchD# vlan batch 200 400# multicast routing-enable#interface Vlanif200 ip address 194.1.1.1 255.255.255.0 pim sm#interface Vlanif400 ip address 195.1.1.2 255.255.255.0 pim sm#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 400#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 200#interface LoopBack0 ip address 4.4.4.4 255.255.255.255 pim sm#ospf 1 area 0.0.0.0 network 194.1.1.0 0.0.0.255 network 195.1.1.0 0.0.0.255 network 4.4.4.4 0.0.0.0#bgp 200 peer 194.1.1.2 as-number 200 peer 195.1.1.1 as-number 200# ipv4-family unicast undo synchronization peer 194.1.1.2 enable peer 195.1.1.1 enable



334

# ipv4-family multicast undo synchronization import-route direct import-route ospf 1 peer 194.1.1.2 enable peer 195.1.1.1 enable#return

6.16.3 Example for Configuring BGP Load Balancing and the MEDAttribute


As shown in Figure 6-5, BGP is configured on all switches; SwitchA resides in AS 65008;SwitchB and SwitchC reside in AS 65009. EBGP connections are established betweenSwitchA and SwitchB, and between SwitchA and SwitchC. An IBGP connection is establishedbetween SwitchB and SwitchC. Load balancing needs to be implemented between AS 65008and AS 65009. After a period, traffic from AS 65008 to AS 65009 needs to first pass throughSwitchC.

Figure 6-5 Networking diagram of BGP route selection

10GE1/0/1VLANIF10

200.1.1.2/24

10GE1/0/2VLANIF20

200.1.2.2/24

10GE1/0/1VLANIF10

200.1.1.1/24

10GE1/0/2VLANIF309.1.1.1/24

AS 65009

10GE1/0/2VLANIF309.1.1.2/24

10GE1/0/1VLANIF20

200.1.2.1/24

SwitchA

AS 65008

EBGP

EBGP

IBGP

SwitchC

SwitchB



1. Configure load balancing on SwitchA.

2. Set the MED value on SwitchA to enable traffic from AS 65008 to AS 65009 to first passthrough SwitchC.



335

ProcedureStep 1 Configure the VLAN that each interface belongs to.

<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~HUAWEI] commit[~SwitchA] vlan batch 10 20[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] port link-type trunk[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10[~SwitchA-10GE1/0/1] quit[~SwitchA] interface 10ge 1/0/2[~SwitchA-10GE1/0/2] port link-type trunk[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 20[~SwitchA-10GE1/0/2] quit[~SwitchA] commit




Step 3 Configure BGP connections.

# Configure SwitchA.[~SwitchA] bgp 65008[~SwitchA-bgp] router-id 1.1.1.1[~SwitchA-bgp] peer 200.1.1.1 as-number 65009[~SwitchA-bgp] peer 200.1.2.1 as-number 65009[~SwitchA-bgp] quit[~SwitchA] commit

# Configure SwitchB.[~SwitchB] bgp 65009[~SwitchB-bgp] router-id 2.2.2.2[~SwitchB-bgp] peer 200.1.1.2 as-number 65008[~SwitchB-bgp] peer 9.1.1.2 as-number 65009[~SwitchB-bgp] ipv4-family unicast [~SwitchB-bgp-af-ipv4] network 9.1.1.0 255.255.255.0[~SwitchB-bgp-af-ipv4] quit[~SwitchB-bgp] quit[~SwitchB] commit

# Configure SwitchC.[~SwitchC] bgp 65009[~SwitchC-bgp] router-id 3.3.3.3[~SwitchC-bgp] peer 200.1.2.2 as-number 65008[~SwitchC-bgp] peer 9.1.1.1 as-number 65009[~SwitchC-bgp] ipv4-family unicast[~SwitchC-bgp-af-ipv4] network 9.1.1.0 255.255.255.0[~SwitchC-bgp-af-ipv4] quit[~SwitchC-bgp] quit[~SwitchC] commit




336

[~SwitchA] display bgp routing-table BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 2 Network NextHop MED LocPrf PrefVal Path/Ogn *> 9.1.1.0/24 200.1.1.1 0 0 65009i * 200.1.2.1 0 0 65009i

In the BGP routing table, there are two valid routes to destination 9.1.1.0/24. The route withnext-hop address 200.1.1.1 is the optimal route because the router ID of SwitchB is the smallest.

Step 4 Configure load balancing.


[~SwitchA] bgp 65008[~SwitchA-bgp] ipv4-family unicast [~SwitchA-bgp-af-ipv4] maximum load-balancing 2[~SwitchA-bgp-af-ipv4] quit[~SwitchA-bgp] quit[~SwitchA] commit


[~SwitchA] display bgp routing-table BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete

Total Number of Routes: 2 Network NextHop MED LocPrf PrefVal Path/Ogn *> 9.1.1.0/24 200.1.1.1 0 0 65009i *> 200.1.2.1 0 0 65009i

In the BGP routing table, BGP route 9.1.1.0/24 has two next hops: 200.1.1.1 and 200.1.2.1. Bothof them are optimal routes.

Step 5 Configure the MED attribute.

# Set the MED value for the route sent from SwitchB to SwitchA using a route-policy.

[~SwitchB] route-policy 10 permit node 10[~SwitchB-route-policy] apply cost 100[~SwitchB-route-policy] quit[~SwitchB] bgp 65009[~SwitchB-bgp] peer 200.1.1.2 route-policy 10 export[~SwitchB-bgp] quit[~SwitchB] commit


[~SwitchA] display bgp routing-table BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 2 Network NextHop MED LocPrf PrefVal Path/Ogn



337

*> 9.1.1.0/24 200.1.2.1 0 0 65009i * 200.1.1.1 100 0 65009i

In the BGP routing table, the MED value of the route with next hop 200.1.1.1 (SwitchB) is 100,and the MED value of the route with next hop 200.1.2.1 is 0. Therefore, the route with the smallerMED value is preferred.

----End


# sysname SwitchA# vlan batch 10 20#interface Vlanif10 ip address 200.1.1.2 255.255.255.0#interface Vlanif20 ip address 200.1.2.2 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20#bgp 65008 router-id 1.1.1.1 peer 200.1.1.1 as-number 65009 peer 200.1.2.1 as-number 65009 # ipv4-famlily unicast undo synchronization maximum load-balancing 2 peer 200.1.1.1 enable peer 200.1.2.1 enable#return

l Configuration file of SwitchB# sysname SwitchB# vlan batch 10 30#interface Vlanif10 ip address 200.1.1.1 255.255.255.0#interface Vlanif30 ip address 9.1.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2 pport link-type trunk port trunk allow-pass vlan 30#bgp 65009 router-id 2.2.2.2 peer 9.1.1.2 as-number 65009



338

peer 200.1.1.2 as-number 65008 # ipv4-family unicast undo synchronization default med 100 network 9.1.1.0 255.255.255.0 peer 9.1.1.2 enable peer 200.1.1.2 enable peer 200.1.1.2 route-policy 10 export#route-policy 10 permit node 10 apply cost 100#return

l Configuration file of SwitchC# sysname SwitchC# vlan batch 20 30#interface Vlanif10 ip address 200.1.2.1 255.255.255.0#interface Vlanif30 ip address 9.1.1.2 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 20#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 30#bgp 65009 router-id 3.3.3.3 peer 9.1.1.1 as-number 65009 peer 200.1.2.2 as-number 65008 # ipv4-family unicast undo synchronization network 9.1.1.0 255.255.255.0 peer 9.1.1.1 enable peer 200.1.2.2 enable#return

6.16.4 Example for Configuring a BGP Route Reflector

Networking RequirementsAs shown in Figure 6-6, eight Switches need to form an IBGP network. Full-mesh BGPconnections have been established between SwitchB, SwitchD, and SwitchE. Users require thatthe IBGP network be formed without interrupting full-mesh BGP connections betweenSwitchB, SwitchD, and SwitchE and require simplified device configuration and management.



339

Figure 6-6 Networking diagram of configuring a BGP route reflector

SwitchA

SwitchB

SwitchD SwitchE SwitchF SwitchG

SwitchH SwitchC Cluster1

Cluster2

10GE1/0/1

10GE1/0/3

10GE1/0/2

10GE1/0/2

10GE1/0/410GE1/0/4

10GE1/0/1

10GE1/0/210GE1/0/1

10GE1/0/2

10GE1/0/510GE1/0/1 10GE1/0/1

10GE1/0/3

10GE1/0/3

10GE1/0/2 10GE1/0/1

10GE1/0/110GE1/0/1

AS 65010

Switch Interface VLANIF Interface IP Address

SwitchA 10GE 1/0/1 VLANIF 10 10.1.1.2/24



SwitchB 10GE 1/0/1 VLANIF 10 10.1.1.1/24




SwitchC 10GE 1/0/1 VLANIF 30 10.1.3.1/24





SwitchD 10GE 1/0/1 VLANIF 40 10.1.4.2/24


SwitchE 10GE 1/0/1 VLANIF 50 10.1.5.2/24


SwitchF 10GE 1/0/1 VLANIF 70 10.1.7.2/24

SwitchG 10GE 1/0/1 VLANIF 80 10.1.8.2/24

SwitchH 10GE 1/0/1 VLANIF 90 10.1.9.2/24



340


1. Configure SwitchB as the route reflector of Cluster1 and SwitchD and SwitchE as the clientsof SwitchB. Prohibit communication between the clients to form an IBGP network withoutinterrupting full-mesh BGP connections between SwitchB, SwitchD, and SwitchE.

2. Configure SwitchC as the route reflector of Cluster2 and SwitchF, SwitchG, and SwitchHas the clients of SwitchC to simplify device configuration and management.

Procedure

Step 1 Configure the VLAN that each interface belongs to.<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~HUAWEI] commit[~SwitchA] vlan batch 10 30 100[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] port link-type trunk[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10[~SwitchA-10GE1/0/1] quit[~SwitchA] interface 10ge 1/0/2[~SwitchA-10GE1/0/2] port link-type trunk[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 30[~SwitchA-10GE1/0/2] quit[~SwitchA] interface 10ge 1/0/3[~SwitchA-10GE1/0/3] port link-type trunk[~SwitchA-10GE1/0/3] port trunk allow-pass vlan 100[~SwitchA-10GE1/0/3] quit[~SwitchA] commit

The configurations of SwitchB, SwitchC, SwitchD, SwitchE, SwitchF, SwitchG, and SwitchHare similar to the configuration of SwitchA, and are not mentioned here.

Step 2 Configure VLANIF interfaces and assign IP addresses to the VLANIF interfaces.[~SwitchA] interface vlanif 10[~SwitchA-Vlanif10] ip address 10.1.1.2 24[~SwitchA-Vlanif10] quit[~SwitchA] interface vlanif 30[~SwitchA-Vlanif30] ip address 10.1.3.2 24[~SwitchA-Vlanif30] quit[~SwitchA] interface vlanif 100[~SwitchA-Vlanif100] ip address 9.1.1.1 24[~SwitchA-Vlanif100] quit[~SwitchA] commit

The configurations of SwitchB, SwitchC, SwitchD, SwitchE, SwitchF, SwitchG, and SwitchHare similar to the configuration of SwitchA, and are not mentioned here.

Step 3 Configure IBGP connections between clients, non-clients, and route reflectors.

# Configure SwitchF.

[~SwitchF] bgp 65010[~SwitchF-bgp] router-id 6.6.6.6[~SwitchF-bgp] peer 10.1.7.1 as-number 65010[~SwitchF-bgp] quit[~SwitchF] commit

The configurations of SwitchA, SwitchB, SwitchC, SwitchD, SwitchE, SwitchG, and SwitchHare similar to the configuration of SwitchF, and are not mentioned here.

Step 4 Configure a route reflector on SwitchB and SwitchC.



341


[~SwitchB] bgp 65010[~SwitchB–bgp] router-id 2.2.2.2[~SwitchB–bgp] group in_rr internal[~SwitchB–bgp] peer 10.1.4.2 group in_rr[~SwitchB–bgp] peer 10.1.5.2 group in_rr[~SwitchB–bgp] ipv4-family unicast[~SwitchB–bgp-af-ipv4] peer in_rr reflect-client[~SwitchB–bgp-af-ipv4] undo reflect between-clients[~SwitchB–bgp-af-ipv4] reflector cluster-id 1[~SwitchB–bgp-af-ipv4] commit[~SwitchB–bgp-af-ipv4] quit


[~SwitchC] bgp 65010[~SwitchC-bgp] router-id 3.3.3.3[~SwitchC-bgp] group in_rr internal[~SwitchC-bgp] peer 10.1.7.2 group in_rr [~SwitchC-bgp] peer 10.1.8.2 group in_rr[~SwitchC-bgp] peer 10.1.9.2 group in_rr[~SwitchC-bgp] ipv4-family unicast[~SwitchC-bgp-af-ipv4] peer in_rr reflect-client[~SwitchC-bgp-af-ipv4] reflector cluster-id 2[~SwitchC-bgp-af-ipv4] commit[~SwitchC-bgp-af-ipv4] quit

# View the BGP routing table of SwitchD.

[~SwitchD] display bgp routing-table 9.1.1.0BGP local router ID : 4.4.4.4 Local AS number : 65010 Paths: 1 available, 0 best, 0 select BGP routing table entry information of 9.1.1.0/24: From: 10.1.4.1 (2.2.2.2) Route Duration: 00h00m14s Relay IP Nexthop: 0.0.0.0 Relay IP Out-Interface: Original nexthop: 10.1.1.2 Qos information : 0x0 AS-path Nil, origin igp, MED 0, localpref 100, pref-val 0, internal, pre 255 Originator: 1.1.1.1 Cluster list: 0.0.0.1 Not advertised to any peer yet

In the BGP routing table, you can see that SwitchD has learned from SwitchB the route advertisedfrom SwitchA, and see the Originator_ID and Cluster_List attributes of the route.

----End


#sysname SwitchA#vlan batch 10 30 100#interface Vlanif10 ip address 10.1.1.2 255.255.255.0#interface Vlanif30 ip address 10.1.3.2 255.255.255.0#interface Vlanif100 ip address 9.1.1.1 255.255.255.0#



342

interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 30#interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 100#bgp 65010 router-id 1.1.1.1 peer 10.1.1.1 as-number 65010 peer 10.1.3.1 as-number 65010 # ipv4-family unicast undo synchronization network 9.1.1.0 255.255.255.0 peer 10.1.1.1 enable peer 10.1.3.1 enable#return

l Configuration file of SwitchB#sysname SwitchB#vlan batch 10 20 40 50#interface Vlanif10 ip address 10.1.1.1 255.255.255.0#interface Vlanif20 ip address 10.1.2.1 255.255.255.0#interface Vlanif40 ip address 10.1.4.1 255.255.255.0#interface Vlanif50 ip address 10.1.5.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20#interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 40#interface 10GE1/0/4 port link-type trunk port trunk allow-pass vlan 50#bgp 65010 router-id 2.2.2.2 peer 10.1.1.2 as-number 65010 peer 10.1.2.2 as-number 65010 group in_rr internal peer 10.1.4.2 as-number 65010 peer 10.1.4.2 group in_rr peer 10.1.5.2 as-number 65010 peer 10.1.5.2 group in_rr # ipv4-family unicast



343

undo synchronization undo reflect between-clients reflector cluster-id 1 peer 10.1.1.2 enable peer 10.1.2.2 enable peer in_rr enable peer in_rr reflect-client peer 10.1.4.2 enable peer 10.1.4.2 group in_rr peer 10.1.5.2 enable peer 10.1.5.2 group in_rr #return

l Configuration file of SwitchC#sysname SwitchC#vlan batch 20 30 70 80 90#interface Vlanif20 ip address 10.1.2.2 255.255.255.0#interface Vlanif30 ip address 10.1.3.1 255.255.255.0#interface Vlanif70 ip address 10.1.7.1 255.255.255.0#interface Vlanif80 ip address 10.1.8.1 255.255.255.0#interface Vlanif90 ip address 10.1.9.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 30#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20#interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 70#interface 10GE1/0/4 port link-type trunk port trunk allow-pass vlan 80#interface 10GE1/0/5 port link-type trunk port trunk allow-pass vlan 90#bgp 65010 router-id 3.3.3.3 peer 10.1.2.1 as-number 65010 peer 10.1.3.2 as-number 65010 group in_rr internal peer 10.1.7.2 as-number 65010 peer 10.1.7.2 group in_rr peer 10.1.8.2 as-number 65010 peer 10.1.8.2 group in_rr peer 10.1.9.2 as-number 65010 peer 10.1.9.2 group in_rr # ipv4-family unicast undo synchronization reflector cluster-id 2



344

peer 10.1.2.1 enable peer 10.1.3.2 enable peer in_rr enable peer in_rr reflect-client peer 10.1.7.2 enable peer 10.1.7.2 group in_rr peer 10.1.8.2 enable peer 10.1.8.2 group in_rr peer 10.1.9.2 enable peer 10.1.9.2 group in_rr#return

l Configuration file of SwitchD#sysname SwitchD#vlan batch 40 60#interface Vlanif40 ip address 10.1.4.2 255.255.255.0#interface Vlanif60 ip address 10.1.6.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 40#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 60#bgp 65010 router-id 4.4.4.4 peer 10.1.4.1 as-number 65010 peer 10.1.6.2 as-number 65010 # ipv4-family unicast undo synchronization peer 10.1.4.1 enable peer 10.1.6.2 enable#return

NOTE

The configuration files of the other switches are similar to the configuration file of SwitchD, and are notmentioned here.

6.16.5 Example for Configuring a BGP Confederation

Networking RequirementsAs shown in Figure 6-7, there are multiple BGP switches in AS 200. It is required that thenumber of IBGP connections be reduced.



345

Figure 6-7 Network diagram of configuring a BGP confederation

SwitchA

SwitchB

SwitchD

SwitchE

SwitchF

SwitchC

10GE1/0/2

10GE1/0/4

10GE1/0/1

10GE1/0/2

10GE1/0/1

10GE1/0/5

10GE1/0/1

10GE1/0/310GE1/0/1

10GE1/0/1

10GE1/0/1

AS 100

10GE1/0/2

AS 200

AS 65001

AS 65002 AS 65003

10GE1/0/2

Switch Interface VLANIFInterface

IP Address













346





1. Configure a BGP confederation on each switch in AS 200 to divide AS 200 into three sub-ASs: AS 65001, AS 65002, and AS 65003. Three switches in AS 65001 establish full-meshIBGP connections to reduce the number of IBGP connections.

ProcedureStep 1 Configure the VLAN that each interface belongs to.

<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~HUAWEI] commit[~SwitchA] vlan batch 10 20 30 40 60[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] port link-type trunk[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10[~SwitchA-10GE1/0/1] quit[~SwitchA] interface 10ge 1/0/2[~SwitchA-10GE1/0/2] port link-type trunk[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 20[~SwitchA-10GE1/0/2] quit[~SwitchA] interface 10ge 1/0/3[~SwitchA-10GE1/0/3] port link-type trunk[~SwitchA-10GE1/0/3] port trunk allow-pass vlan 30[~SwitchA-10GE1/0/3] quit[~SwitchA] interface 10ge 1/0/4[~SwitchA-10GE1/0/4] port link-type trunk[~SwitchA-10GE1/0/4] port trunk allow-pass vlan 40[~SwitchA-10GE1/0/4] quit[~SwitchA] interface 10ge 1/0/5[~SwitchA-10GE1/0/5] port link-type trunk[~SwitchA-10GE1/0/5] port trunk allow-pass vlan 60[~SwitchA-10GE1/0/5] quit[~SwitchA] commit

The configurations of SwitchB, SwitchC, SwitchD, SwitchE, and SwitchF are similar to theconfiguration of SwitchA, and are not mentioned here.

Step 2 Configure VLANIF interfaces and assign IP addresses to the VLANIF interfaces.[~SwitchA] interface vlanif 10[~SwitchA-Vlanif10] ip address 10.1.1.1 24[~SwitchA-Vlanif10] quit[~SwitchA] interface vlanif 20[~SwitchA-Vlanif20] ip address 10.1.2.1 24[~SwitchA-Vlanif20] quit[~SwitchA] interface vlanif 30[~SwitchA-Vlanif30] ip address 10.1.3.1 24[~SwitchA-Vlanif30] quit[~SwitchA] interface vlanif 40[~SwitchA-Vlanif40] ip address 10.1.4.1 24[~SwitchA-Vlanif40] quit[~SwitchA] interface vlanif 60[~SwitchA-Vlanif60] ip address 200.1.1.1 24



347

[~SwitchA-Vlanif60] quit[~SwitchA] commit

The configurations of SwitchB, SwitchC, SwitchD, SwitchE, and SwitchF are similar to theconfiguration of SwitchA, and are not mentioned here.

Step 3 Configure a BGP confederation.


[~SwitchA] bgp 65001[~SwitchA-bgp] router-id 1.1.1.1[~SwitchA-bgp] confederation id 200[~SwitchA-bgp] confederation peer-as 65002 65003[~SwitchA-bgp] peer 10.1.1.2 as-number 65002 [~SwitchA-bgp] peer 10.1.2.2 as-number 65003[~SwitchA-bgp] ipv4-family unicast[~SwitchA-bgp-af-ipv4] peer 10.1.1.2 next-hop-local[~SwitchA-bgp-af-ipv4] peer 10.1.2.2 next-hop-local[~SwitchA-bgp-af-ipv4] commit[~SwitchA-bgp-af-ipv4] quit[~SwitchA-bgp] quit


[~SwitchB] bgp 65002[~SwitchB-bgp] router-id 2.2.2.2[~SwitchB-bgp] confederation id 200[~SwitchB-bgp] confederation peer-as 65001[~SwitchB-bgp] peer 10.1.1.1 as-number 65001[~SwitchB-bgp] commit[~SwitchB-bgp] quit


[~SwitchC] bgp 65003[~SwitchC-bgp] router-id 3.3.3.3[~SwitchC-bgp] confederation id 200[~SwitchC-bgp] confederation peer-as 65001[~SwitchC-bgp] peer 10.1.2.1 as-number 65001[~SwitchC-bgp] commit[~SwitchC-bgp] quit

Step 4 Configure IBGP connections within AS 65001.


[~SwitchA] bgp 65001[~SwitchA-bgp] peer 10.1.3.2 as-number 65001[~SwitchA-bgp] peer 10.1.4.2 as-number 65001[~SwitchA-bgp] ipv4-family unicast[~SwitchA-bgp-af-ipv4] peer 10.1.3.2 next-hop-local[~SwitchA-bgp-af-ipv4] peer 10.1.4.2 next-hop-local[~SwitchA-bgp-af-ipv4] commit[~SwitchA-bgp-af-ipv4] quit [~SwitchA-bgp] quit


[~SwitchD] bgp 65001[~SwitchD-bgp] router-id 4.4.4.4[~SwitchD-bgp] confederation id 200[~SwitchD-bgp] peer 10.1.3.1 as-number 65001[~SwitchD-bgp] peer 10.1.5.2 as-number 65001[~SwitchD-bgp] commit[~SwitchD-bgp] quit

# Configure SwitchE.

[~SwitchE] bgp 65001



348

[~SwitchE-bgp] router-id 5.5.5.5[~SwitchE-bgp] confederation id 200[~SwitchE-bgp] peer 10.1.4.1 as-number 65001[~SwitchE-bgp] peer 10.1.5.1 as-number 65001[~SwitchE-bgp] commit[~SwitchE-bgp] quit

Step 5 Configure EBGP connections between AS 100 and AS200.


[~SwitchA] bgp 65001[~SwitchA-bgp] peer 200.1.1.2 as-number 100 [~SwitchA-bgp] commit[~SwitchA-bgp] quit

# Configure SwitchF.

[~SwitchF] bgp 100[~SwitchF-bgp] router-id 6.6.6.6[~SwitchF-bgp] peer 200.1.1.1 as-number 200 [~SwitchF-bgp] ipv4-family unicast[~SwitchF-bgp-af-ipv4] network 9.1.1.0 255.255.255.0[~SwitchF-bgp-af-ipv4] commit[~SwitchF-bgp-af-ipv4] quit[~SwitchF-bgp] quit


# View the BGP routing table of SwitchB.

[~SwitchB] display bgp routing-table BGP Local router ID is 2.2.2.2 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 1 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 9.1.1.0/24 10.1.1.1 0 100 0 (65001) 100i[~SwitchB] display bgp routing-table 9.1.1.0BGP local router ID : 2.2.2.2 Local AS number : 65002 Paths: 1 available, 1 best, 1 select BGP routing table entry information of 9.1.1.0/24: From: 10.1.1.1 (1.1.1.1) Route Duration: 00h12m29s Relay IP Nexthop: 0.0.0.0 Relay IP Out-Interface: Pos1/0/1 Original nexthop: 10.1.1.1 Qos information : 0x0 AS-path (65001) 100, origin igp, MED 0, localpref 100, pref-val 0, valid, external-confed, best, select, active, pre 255 Not advertised to any peer yet

# View the BGP routing table of SwitchD.

[~SwitchD] display bgp routing-table BGP Local router ID is 4.4.4.4 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 1 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 9.1.1.0/24 10.1.3.1 0 100 0 100i[~SwitchD] display bgp routing-table 9.1.1.0BGP local router ID : 4.4.4.4 Local AS number : 65001 Paths: 1 available, 1 best, 1 select BGP routing table entry information of 9.1.1.0/24: From: 10.1.3.1 (1.1.1.1)



349

Route Duration: 00h23m57s Relay IP Nexthop: 0.0.0.0 Relay IP Out-Interface: Pos1/0/1 Original nexthop: 10.1.3.1 Qos information : 0x0 AS-path 100, origin igp, MED 0, localpref 100, pref-val 0, valid, internal-confed, best, select, active, pre 255 Not advertised to any peer yet

----End


# sysname SwitchA# vlan batch 10 20 30 40 60#interface Vlanif10 ip address 10.1.1.1 255.255.255.0#interface Vlanif20 ip address 10.1.2.1 255.255.255.0#interface Vlanif30 ip address 10.1.3.1 255.255.255.0#interface Vlanif40 ip address 10.1.4.1 255.255.255.0#interface Vlanif60 ip address 200.1.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20#interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 30#interface 10GE1/0/4 port link-type trunk port trunk allow-pass vlan 40#interface 10GE1/0/5 port link-type trunk port trunk allow-pass vlan 60#bgp 65001 router-id 1.1.1.1 confederation id 200 confederation peer-as 65002 65003 peer 10.1.1.2 as-number 65002 peer 10.1.2.2 as-number 65003 peer 10.1.3.2 as-number 65001 peer 10.1.4.2 as-number 65001 peer 200.1.1.2 as-number 100 # ipv4-family unicast undo synchronization peer 10.1.1.2 enable peer 10.1.1.2 next-hop-local



350

peer 10.1.2.2 enable peer 10.1.2.2 next-hop-local peer 10.1.3.2 enable peer 10.1.3.2 next-hop-local peer 10.1.4.2 enable peer 10.1.4.2 next-hop-local peer 200.1.1.2 enable#return

l Configuration file of SwitchB# sysname SwitchB# vlan batch 10#interface Vlanif10 ip address 10.1.1.2 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#bgp 65002 router-id 2.2.2.2 confederation id 200 confederation peer-as 65001 65003 peer 10.1.1.1 as-number 65001 # ipv4-family unicast undo synchronization peer 10.1.1.1 enable#return

l Configuration file of SwitchC# sysname SwitchC# vlan batch 20#interface Vlanif20 ip address 10.1.2.2 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 20#bgp 65003 router-id 3.3.3.3 confederation id 200 confederation peer-as 65001 65002 peer 10.1.2.1 as-number 65001 # ipv4-family unicast undo synchronization peer 10.1.2.1 enable#return

l Configuration file of SwitchD# sysname SwitchD# vlan batch 30 50#interface Vlanif30 ip address 10.1.3.2 255.255.255.0#interface Vlanif50



351

ip address 10.1.5.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 30#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 50#bgp 65001 router-id 4.4.4.4 peer 10.1.3.1 as-number 65001 peer 10.1.5.2 as-number 65001# ipv4-family unicast undo synchronization peer 10.1.3.1 enable peer 10.1.5.2 enable#return

l Configuration file of SwitchE# sysname SwitchE# vlan batch 40 50#interface Vlanif40 ip address 10.1.4.2 255.255.255.0#interface Vlanif50 ip address 10.1.5.2 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 40#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 50#bgp 65001 router-id 5.5.5.5 peer 10.1.4.1 as-number 65001 peer 10.1.5.1 as-number 65001 # ipv4-family unicast undo synchronization peer 10.1.4.1 enable peer 10.1.5.1 enable #return

l Configuration file of SwitchF# sysname SwitchF# vlan batch 60 70#interface Vlanif60 ip address 200.1.1.2 255.255.255.0#interface Vlanif70 ip address 9.1.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 60#



352

interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 70#bgp 100 router-id 6.6.6.6 peer 200.1.1.1 as-number 200#ipv4-family unicast undo synchronization network 9.1.1.0 255.255.255.0 peer 200.1.1.1 enable# return

6.16.6 Example for Configuring the BGP Community Attribute

Networking RequirementsAs shown in Figure 6-8, EBGP connections are established between SwitchB and SwitchA, andbetween SwitchB and SwitchC. It is required that AS 20 not advertise the routes advertised byAS 10 to AS 30.

Figure 6-8 Networking diagram of configuring the BGP Community attribute

SwitchAAS 10

10GE1/0/3VLANIF30

200.1.3.2/24

SwitchCAS 20

SwitchBAS 30

10GE1/0/2VLANIF20

200.1.2.2/24

10GE1/0/2VLANIF20

200.1.2.1/24

10GE1/0/3VLANIF30

200.1.3.1/24

10GE1/0/1VLANIF109.1.1.1/24


1. Configure a route-policy on SwitchA to advertise the No_Export attribute so that AS 20does not advertise the routes advertised by AS 10 to AS 30.

Procedure

Step 1 Configure the VLANs to which interfaces belong and assign IP addresses to VLANIF interfaces.


<HUAWEI> system-view



353

[~HUAWEI] sysname SwitchC[~HUAWEI] commit[~SwitchC] vlan 30[~SwitchC-vlan30] quit[~SwitchC] interface 10ge 1/0/3[~SwitchC-10GE1/0/3] port link-type trunk[~SwitchC-10GE1/0/3] port trunk allow-pass vlan 30[~SwitchC-10GE1/0/3] quit[~SwitchC] interface vlanif 30[~SwitchC-Vlanif30] ip address 200.1.3.2 255.255.255.0[~SwitchC-Vlanif30] quit[~SwitchC] commit

The configurations of SwitchA and SwitchB are similar to the configuration of SwitchC, andare not mentioned here.

Step 2 Configure EBGP connections.


[~SwitchA] bgp 10[~SwitchA-bgp] router-id 1.1.1.1[~SwitchA-bgp] peer 200.1.2.2 as-number 20[~SwitchA-bgp] ipv4-family unicast[~SwitchA-bgp-af-ipv4] network 9.1.1.0 255.255.255.0[~SwitchA-bgp-af-ipv4] commit[~SwitchA-bgp-af-ipv4] quit


[~SwitchB] bgp 20[~SwitchB-bgp] router-id 2.2.2.2[~SwitchB-bgp] peer 200.1.2.1 as-number 10[~SwitchB-bgp] peer 200.1.3.2 as-number 30[~SwitchB-bgp] commit[~SwitchB-bgp] quit


[~SwitchC] bgp 30[~SwitchC-bgp] router-id 3.3.3.3 [~SwitchC-bgp] peer 200.1.3.1 as-number 20[~SwitchC-bgp] commit[~SwitchC-bgp] quit

# View the BGP routing table of SwitchB.

[~SwitchB] display bgp routing-table 9.1.1.0BGP local router ID : 2.2.2.2 Local AS number : 20 Paths: 1 available, 1 best, 1 select BGP routing table entry information of 9.1.1.0/24: From: 200.1.2.1 (1.1.1.1) Route Duration: 0d00h00m37s Direct Out-interface: Vlanif20 Original nexthop: 200.1.2.1 Qos information : 0x0 AS-path 10, origin igp, MED 0, pref-val 0, valid, external, best, select, pre 255 Advertised to such 2 peers: 200.1.2.1 200.1.3.2

The preceding command output shows that SwitchB has advertised received route to SwitchCin AS 30.


[~SwitchC] display bgp routing-table BGP Local router ID is 3.3.3.3



354

Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 1 Network NextHop MED LocPrf PrefVal Path/Ogn *> 9.1.1.0/24 200.1.3.1 0 20 10i

The preceding command output shows that SwitchC has learned route to 9.1.1.0/24 fromSwitchB.

Step 3 Configure the BGP Community attribute.

# Configure a route-policy on SwitchA to prevent SwitchB from advertising the routes advertisedby SwitchA to AS 30.[~SwitchA] route-policy comm_policy permit node 10[~SwitchA-route-policy] apply community no-export[~SwitchA-route-policy] commit[~SwitchA-route-policy] quit

# Apply the route-policy.[~SwitchA] bgp 10[~SwitchA-bgp] ipv4-family unicast[~SwitchA-bgp-af-ipv4] peer 200.1.2.2 route-policy comm_policy export[~SwitchA-bgp-af-ipv4] peer 200.1.2.2 advertise-community[~SwitchA-bgp-af-ipv4] commit

# View the BGP routing table of SwitchB.[~SwitchB] display bgp routing-table 9.1.1.0BGP local router ID : 2.2.2.2 Local AS number : 20 Paths: 1 available, 1 best, 1 select BGP routing table entry information of 9.1.1.0/24: From: 200.1.2.1 (1.1.1.1) Route Duration: 0d00h00m12s Direct Out-interface: Vlanif20 Original nexthop: 200.1.2.1 Qos information : 0x0 Community:no-export AS-path 10, origin igp, MED 0, pref-val 0, valid, external, best, select, pre 255 Not advertised to any peers yet

In the BGP routing table of SwitchB, you can view the configured Community attribute. Thereis no route to 9.1.1.0/24 in the BGP routing table of SwitchC.

----End


# sysname SwitchA#interface Vlanif10 ip address 9.1.1.1 255.255.255.0#interface Vlanif20 ip address 200.1.2.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10 #interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20



355

#bgp 10 router-id 1.1.1.1 peer 200.1.2.2 as-number 20 # ipv4-family unicast undo synchronization network 9.1.1.0 255.255.255.0 peer 200.1.2.2 enable peer 200.1.2.2 route-policy comm_policy export peer 200.1.2.2 advertise-community#route-policy comm_policy permit node 10 apply community no-export#return

l Configuration file of SwitchB# sysname SwitchB#interface Vlanif20 ip address 200.1.2.2 255.255.255.0#interface Vlanif30 ip address 200.1.3.1 255.255.255.0#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20 #interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 30 #bgp 20 router-id 2.2.2.2 peer 200.1.2.1 as-number 10 peer 200.1.3.2 as-number 30 # ipv4-family unicast undo synchronization peer 200.1.2.1 enable peer 200.1.3.2 enable#return

l Configuration file of SwitchC# sysname SwitchC#interface Vlanif30 ip address 200.1.3.2 255.255.255.0#interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 30 #bgp 30 router-id 3.3.3.3 peer 200.1.3.1 as-number 20# ipv4-family unicast undo synchronization peer 200.1.3.1 enable#return



356

6.16.7 Example for Configuring Prefix-based BGP ORF

Networking RequirementsAs shown in Figure 6-9, PE1 and PE2 belong to AS 100. PE2 needs to advertise only the routesthat match the import policy of PE1 without having to maintain export policies.

Figure 6-9 Networking diagram of configuring prefix-based BGP ORF

AS 100 10GE1/0/1VLANIF10

111.1.1.1/24

SwitchA SwitchB10GE1/0/1VLANIF10

111.1.1.2/24


1. Configure prefix-based BGP ORF so that PE2 can advertise only the routes that match theimport policy of PE1 without having to maintain export policies.

Procedure

Step 1 Configure the VLANs to which interfaces belong and assign IP addresses to VLANIF interfaces.

# Configure PE1.

<HUAWEI> system-view[~HUAWEI] sysname PE1[~HUAWEI] commit[~PE1] vlan 10[~PE1-vlan10] quit[~PE1] interface 10ge 1/0/1[~PE1-10GE1/0/1] port link-type trunk[~PE1-10GE1/0/1] port trunk allow-pass vlan 10[~PE1-10GE1/0/1] quit[~PE1] interface vlanif 10[~PE1-Vlanif10] ip address 111.1.1.1 255.255.255.0[~PE1-Vlanif10] quit[~PE1] commit

The configuration of PE2 is similar to that of PE1 and is not mentioned here.

Step 2 Configure IPv4 unicast neighbors.

# Configure PE1.

[~PE1] bgp 100[~PE1-bgp] peer 111.1.1.2 as-number 100[~PE1-bgp] commit[~PE1-bgp] quit

The configuration of PE2 is similar to that of PE1 and is not mentioned here.



357

Step 3 Apply the prefix-based import policy on PE1.

# Configure PE1.

[~PE1] ip ip-prefix 1 permit 4.4.4.0 24 greater-equal 32[~PE1] bgp 100[~PE1-bgp] peer 111.1.1.2 ip-prefix 1 import[~PE1-bgp] commit[~PE1-bgp] quit

# Configure PE2.

[~PE2] ip route-static 3.3.3.3 255.255.255.255 NULL0[~PE2] ip route-static 4.4.4.4 255.255.255.255 NULL0[~PE2] ip route-static 5.5.5.5 255.255.255.255 NULL0[~PE2] bgp 100[~PE2-bgp] import-route static[~PE2-bgp] commit[~PE2-bgp] quit

# View the routes sent by PE2.

[~PE2] display bgp routing-table peer 111.1.1.1 advertised-routes

BGP Local router ID is 111.1.1.2 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete

Total Number of Routes: 3 Network NextHop MED LocPrf PrefVal Path/Ogn

*> 3.3.3.3/32 0.0.0.0 0 0 ? *> 4.4.4.4/32 0.0.0.0 0 0 ? *> 5.5.5.5/32 0.0.0.0 0 0 ?

# View the routes received on PE1.

[~PE1] display bgp routing-table peer 111.1.1.2 received-routes



*>i 4.4.4.4/32 111.1.1.2 0 100 0 ?

When prefix-based BGP ORF is not enabled, PE2 sends three routes 3.3.3.3, 4.4.4.4, and 5.5.5.5,but PE1 accepts only one route 4.4.4.4 because PE1 applies the prefix-based import policy tothe three routes.

Step 4 Enable prefix-based BGP ORF.

# Configure PE1.

[~PE1] bgp 100[~PE1-bgp] peer 111.1.1.2 capability-advertise orf ip-prefix both[~PE1-bgp] commit[~PE1-bgp] quit

# Configure PE2.

[~PE2] bgp 100[~PE2-bgp] peer 111.1.1.1 capability-advertise orf ip-prefix both[~PE2-bgp] commit



358

[~PE2-bgp] quit


# View prefix-based BGP ORF negotiation information.

<PE1> display bgp peer 111.1.1.2 verbose

BGP Peer is 111.1.1.2, remote AS 100 Type: IBGP link BGP version 4, Remote router ID 111.1.1.2 Update-group ID: 2 BGP current state: Established, Up for 00h01m22s BGP current event: KATimerExpired BGP last state: OpenConfirm BGP Peer Up count: 8 Received total routes: 1 Received active routes total: 1 Advertised total routes: 0 Port: Local - 54845 Remote - 179 Configured: Active Hold Time: 180 sec Keepalive Time:60 sec Received : Active Hold Time: 180 sec Negotiated: Active Hold Time: 180 sec Keepalive Time:60 sec Peer optional capabilities: Peer supports bgp multi-protocol extension Peer supports bgp route refresh capability Peer supports bgp outbound route filter capability Support Address-Prefix: IPv4-UNC address-family, rfc-compatible, both Peer supports bgp 4-byte-as capability Address family IPv4 Unicast: advertised and received Received: Total 5 messages Update messages 1 Open messages 1 KeepAlive messages 2 Notification messages 0 Refresh messages 1 Sent: Total 4 messages Update messages 0 Open messages 1 KeepAlive messages 2 Notification messages 0 Refresh messages 1 Authentication type configured: None Last keepalive received: 2010/03/30 13:37:25 UTC-08:00 Minimum route advertisement interval is 15 seconds Optional capabilities: Route refresh capability has been enabled Outbound route filter capability has been enabled Enable Address-Prefix: IPv4-UNC address-family, rfc-compatible, both 4-byte-as capability has been enabled Peer Preferred Value: 0 Routing policy configured: No import update filter list No export update filter list Import prefix list is: 1 No export prefix list No import route policy No export route policy No import distribute policy No export distribute policy

# View the routes sent by PE2.

<PE2> display bgp routing-table peer 111.1.1.1 advertised-routes




359


*> 4.4.4.4/32 0.0.0.0 0 0 ?

# # View the routes accepted by PE1.

<PE1> display bgp routing-table peer 111.1.1.2 received-routes



*>i 4.4.4.4/32 111.1.1.2 0 100 0 ?

After prefix-based BGP ORF is enabled, PE2 sends only one route 4.4.4.4 based on the prefix-based import policy provided by PE1.

----End

Configuration Filesl Configuration file of PE1

#sysname PE1#interface Vlanif10 ip address 111.1.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10 #bgp 100 peer 111.1.1.2 as-number 100 # ipv4-family unicast undo synchronization peer 111.1.1.2 enable peer 111.1.1.2 ip-prefix 1 import peer 111.1.1.2 capability-advertise orf ip-prefix both#ip ip-prefix 1 index 10 permit 4.4.4.0 24 greater-equal 32 less-equal 32#return

l Configuration file of PE2#sysname PE2#interface Vlanif10 ip address 111.1.1.2 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10 #bgp 100 peer 111.1.1.1 as-number 100 # ipv4-family unicast undo synchronization import-route static peer 111.1.1.1 enable



360

peer 111.1.1.1 capability-advertise orf ip-prefix both#ip route-static 3.3.3.3 255.255.255.255 NULL0ip route-static 4.4.4.4 255.255.255.255 NULL0ip route-static 5.5.5.5 255.255.255.255 NULL0#return

6.16.8 Example for Configuring BGP Route Dampening

Networking RequirementsAs shown in Figure 6-10, BGP is configured on all Switches. SwitchA resides in AS 100,SwitchB resides in AS 200. SwitchC resides in AS 300, and SwitchD resides in AS 400. EBGPruns between SwitchC and SwitchA, between SwitchC and SwitchB, and between SwitchC andSwitchD. SwitchC must apply different route dampening policies to routes of different EBGPpeers to suppress unstable routes and improve network stability.

Figure 6-10 Networking diagram of configuring BGP route dampening

SwitchBAS 200

10GE1/0/1VLANIF10

200.1.1.1/24

SwitchA

AS 300

SwitchCAS 100

10GE1/0/2VLANIF20

200.1.2.2/24

10GE1/0/2VLANIF20

200.1.2.1/24

10GE1/0/1VLANIF10

200.1.1.2/24

10GE1/0/1VLANIF409.1.1.1/24

10GE1/0/2VLANIF30

8.1.1.1/8


1. Configure a route dampening policy on SwitchC.2. Apply the route dampening policy to flapping routes on SwitchC to suppress unstable routes

and improve network stability.

Procedure

Step 1 Configure the VLAN that each interface belongs to.<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~HUAWEI] commit[~SwitchA] vlan batch 10 30[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] port link-type trunk[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10



361

[~SwitchA-10GE1/0/1] quit[~SwitchA] interface 10ge 1/0/2[~SwitchA-10GE1/0/2] port link-type trunk[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 30[~SwitchA-10GE1/0/2] quit[~SwitchA] commit




Step 3 Configure BGP connections.


[~SwitchA] bgp 100[~SwitchA-bgp] router-id 1.1.1.1[~SwitchA-bgp] peer 200.1.1.2 as-number 300[~SwitchA-bgp] ipv4-family unicast[~SwitchA-bgp-af-ipv4] network 8.0.0.0 255.0.0.0[~SwitchA-bgp-af-ipv4] commit[~SwitchA-bgp-af-ipv4] quit[~SwitchA-bgp] quit


[~SwitchB] bgp 200[~SwitchB-bgp] router-id 2.2.2.2[~SwitchB-bgp] peer 200.1.2.2 as-number 300[~SwitchB-bgp] ipv4-family unicast[~SwitchB-bgp-af-ipv4] network 9.1.1.0 255.255.255.0[~SwitchB-bgp-af-ipv4] commit[~SwitchB-bgp-af-ipv4] quit[~SwitchB-bgp] quit


[~SwitchC] bgp 300[~SwitchC-bgp] router-id 3.3.3.3[~SwitchC-bgp] peer 200.1.1.1 as-number 100[~SwitchC-bgp] peer 200.1.2.1 as-number 200[~SwitchC-bgp] commit[~SwitchC-bgp] quit

# View the BGP peers of SwitchC.

The preceding command output shows that the status of BGP connections of SwitchC isEstablished.

Step 4 Configure a BGP route dampening policy.

# Configure an IP prefix list prefix-a on SwitchC to allow routes with prefix 8.0.0.0/8 to passthrough.

[~SwitchC] ip ip-prefix prefix-a index 10 permit 8.0.0.0 8[~SwitchC] commit



362

# Configure an IP prefix list prefix-b on SwitchC to allow routes with prefix 9.1.1.0/24 to passthrough.

[~SwitchC] ip ip-prefix prefix-b index 20 permit 9.1.1.0 24[~SwitchC] commit

# Configure a route-policy dampen-policy on SwitchC to apply different route dampeningpolicies to routes with different prefixes.

[~SwitchC] route-policy dampen-policy permit node 10[~SwitchC-route-policy] if-match ip-prefix prefix-a[~SwitchC-route-policy] apply dampening 10 1000 2000 5000[~SwitchC-route-policy] commit[~SwitchC-route-policy] quit[~SwitchC] route-policy dampen-policy permit node 20[~SwitchC-route-policy] if-match ip-prefix prefix-b[~SwitchC-route-policy] apply dampening 10 800 3000 10000[~SwitchC-route-policy] commit[~SwitchC-route-policy] quit

# Apply the route dampening policy to flapping routes.

[~SwitchC] bgp 300[~SwitchC-bgp] ipv4-family unicast[~SwitchC-bgp-af-ipv4] dampening route-policy dampen-policy[~SwitchC-bgp-af-ipv4] commit[~SwitchC-bgp] quit

# View the configured BGP route dampening parameters on SwitchC.

[~SwitchC] display bgp routing-table dampening parameter

Maximum Suppress Time(in second) : 3973 Ceiling Value : 16000 Reuse Value : 750 HalfLife Time(in second) : 900 Suppress-Limit : 2000 Route-policy : dampen-policy

----End


#sysname SwitchA# vlan batch 10 30#interface Vlanif10 ip address 200.1.1.1 255.255.255.0#interface Vlanif30 ip address 8.1.1.1 255.0.0.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 30 #interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 30 #bgp 100 router-id 1.1.1.1 peer 200.1.1.2 as-number 300 # ipv4-family unicast



363

undo synchronization network 8.0.0.0 255.0.0.0 peer 200.1.1.2 enable#return

l Configuration file of SwitchB#sysname SwitchB# vlan batch 20 40#interface Vlanif20 ip address 200.1.2.1 255.255.255.0#interface Vlanif40 ip address 9.1.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 20 #interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 40#bgp 200 router-id 2.2.2.2 peer 200.1.2.2 as-number 300 # ipv4-family unicast undo synchronization network 9.1.1.0 255.255.255.0 peer 200.1.2.2 enable#return

l Configuration file of SwitchC#sysname SwitchC# vlan batch 10 20#interface Vlanif10 ip address 200.1.1.2 255.255.255.0#interface Vlanif20 ip address 200.1.2.2 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20#bgp 300 router-id 3.3.3.3 peer 200.1.1.1 as-number 100 peer 200.1.2.1 as-number 200 # ipv4-family unicast undo synchronization dampening route-policy dampen-policy peer 200.1.1.1 enable peer 200.1.2.1 enable#route-policy dampen-policy permit node 10 if-match ip-prefix prefix-a



364

apply dampening 10 1000 2000 5000#route-policy dampen-policy permit node 20 if-match ip-prefix prefix-b apply dampening 10 800 3000 10000#ip ip-prefix prefix-a index 10 permit 8.0.0.0 8#ip ip-prefix prefix-b index 20 permit 9.1.1.0 24#return

6.16.9 Example for Associating BGP with BFD

Networking RequirementsAs shown in Figure 6-11, SwitchA belongs to AS 100, SwitchB and SwitchC belong to AS 200.EBGP connections are established between SwitchA and SwitchB, and between SwitchA andSwitchC.

Service traffic is transmitted along the primary link SwitchA→SwitchB. The link SwitchA→SwitchC→SwitchB functions as the backup link.

Use BFD to monitor the BGP peer relationship between SwitchA and SwitchB. When a faultoccurs on the link between SwitchA and SwitchB, BFD can rapidly detect the fault and notifyBGP. Then traffic is transmitted on the standby link.

Figure 6-11 Networking diagram of associating BGP with BFD

10GE1/0/1VLANIF10

200.1.2.1/24

10GE1/0/2VLANIF20

200.1.1.1/24

10GE1/0/1VLANIF10

200.1.2.2/24

10GE1/0/1VLANIF309.1.1.1/24

AS 200

10GE1/0/2VLANIF309.1.1.2/24

10GE1/0/2VLANIF20

200.1.1.2/24

SwitchA

AS 100

EBGP

EBGP

IBGP

SwitchC

SwitchB10GE1/0/3VLANIF40

172.16.1.1/24


1. Configure basic BGP functions on each switch.



365

2. Configure the MED attribute to control route selection.3. Enable BFD on SwitchA and Switch.

Procedure

Step 1 Configure the VLAN to which each interface belongs.<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~HUAWEI] commit[~SwitchA] vlan batch 10 20[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] port link-type trunk[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10[~SwitchA-10GE1/0/1] quit[~SwitchA] interface 10ge 1/0/2[~SwitchA-10GE1/0/2] port link-type trunk[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 20[~SwitchA-10GE1/0/2] quit[~SwitchA] commit




Step 3 Configure basic BGP functions, establish EBGP connections between SwitchA and SwitchB,and between SwitchA and SwitchC, and establish an IBGP connection between SwitchB andSwitchC.


[~SwitchA] bgp 100[~SwitchA-bgp] router-id 1.1.1.1[~SwitchA-bgp] peer 200.1.1.2 as-number 200[~SwitchA-bgp] peer 200.1.2.2 as-number 200[~SwitchA-bgp] commit[~SwitchA-bgp] quit


[~SwitchB] bgp 200[~SwitchB-bgp] router-id 2.2.2.2[~SwitchB-bgp] peer 200.1.1.1 as-number 100[~SwitchB-bgp] peer 9.1.1.2 as-number 200[~SwitchB-bgp] network 172.16.1.0 255.255.255.0[~SwitchB-bgp] commit[~SwitchB-bgp] quit


[~Switchc] bgp 200[~Switchc-bgp] router-id 3.3.3.3[~Switchc-bgp] peer 200.1.2.1 as-number 100[~Switchc-bgp] peer 9.1.1.1 as-number 200[~Switchc-bgp] commit



366

[~Switchc-bgp] quit

# View the BGP peer status on SwitchA, finding that BGP peers have been established.

<SwitchA> display bgp peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 200.1.1.2 4 200 2 5 0 00:01:25 Established 0 200.1.2.2 4 200 2 4 0 00:00:55 Established 0

Step 4 Configure the MED attribute.

# Set the MED values for the routes sent from SwitchB and SwitchC to SwitchA using a route-policy.


[~SwitchB] route-policy 10 permit node 10[~SwitchB-route-policy] apply cost 100[~SwitchB-route-policy] commit[~SwitchB-route-policy] quit[~SwitchB] bgp 200[~SwitchB-bgp] peer 200.1.1.1 route-policy 10 export[~SwitchB-bgp] commit


[~SwitchC] route-policy 10 permit node 10[~SwitchC-route-policy] apply cost 150[~SwitchC-route-policy] commit[~SwitchC-route-policy] quit[~SwitchC] bgp 200[~SwitchC-bgp] peer 200.1.2.1 route-policy 10 export[~SwitchC-bgp] commit

# View all BGP routing information on SwitchA.

<SwitchA> display bgp routing-table BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 2 Network NextHop MED LocPrf PrefVal Path/Ogn *> 172.16.1.0/24 200.1.1.2 100 0 200i * 200.1.2.2 150 0 200i

In the BGP routing table, you can view that the next-hop address of the route to 172.16.1.0/24is 200.1.1.2, and traffic is transmitted on the primary link SwitchA→SwitchB.

Step 5 Configure BFD, and set the interval for sending BFD packets, the interval for receiving BFDpackets, and the local detection multiplier.

# Enable BFD on SwitchA, and set the minimum intervals for sending and receiving BFD packetsto 100 ms and the local detection multiplier to 4.

[~SwitchA] bfd[~SwitchA-bfd] quit[~SwitchA] bgp 100[~SwitchA-bgp] peer 200.1.1.2 bfd enable[~SwitchA-bgp] peer 200.1.1.2 bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier 4[~SwitchA-bgp] commit

# Enable BFD on SwitchB, and set the minimum intervals for sending and receiving BFD packetsto 100 ms and the local detection multiplier to 4.



367

[~SwitchB] bfd[~SwitchB-bfd] quit[~SwitchB] bgp 200[~SwitchB-bgp] peer 200.1.1.1 bfd enable[~SwitchB-bgp] peer 200.1.1.1 bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier 4[~SwitchB-bgp] commit

# View all the BFD sessions set up by BGP on SwitchA.

<SwitchA> display bgp bfd session all-------------------------------------------------------------------------------- Local_Address Peer_Address Interface 200.1.1.1 200.1.1.2 Vlanif20 Tx-interval(ms) Rx-interval(ms) Multiplier Session-State 100 100 4 Up--------------------------------------------------------------------------------


# Run the shutdown command on GE1/0/2 of SwitchB to simulate a primary link fault.

[~SwitchB] interface 10ge 1/0/2[~SwitchB-10GE1/0/2] shutdown[~SwitchB-10GE1/0/2] commit


<SwitchA> display bgp routing-table BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 1 Network NextHop MED LocPrf PrefVal Path/Ogn *> 172.16.1.0/24 200.1.2.2 150 0 200i

In the BGP routing table, you can view that the backup link SwitchA→SwitchC→SwitchB takeseffect after the primary link fails, and the next-hop address of the route to 172.16.1.0/24 becomes200.1.2.2.

----End


# sysname SwitchA# router id 1.1.1.1# vlan batch 10 20# bfd#interface Vlanif10 ip address 200.1.2.1 255.255.255.0#interface Vlanif20 ip address 200.1.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20



368

#bgp 100 router-id 1.1.1.1 peer 200.1.1.2 as-number 200 peer 200.1.1.2 bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier 4 peer 200.1.1.2 bfd enable peer 200.1.2.2 as-number 200 # ipv4-family unicast undo synchronization peer 200.1.1.2 enable peer 200.1.2.2 enable#return

l Configuration file of SwitchB# sysname SwitchB# router id 2.2.2.2# vlan batch 20 30 40# bfd#interface Vlanif30 ip address 9.1.1.1 255.255.255.0#interface Vlanif20 ip address 200.1.1.2 255.255.255.0#interface Vlanif40 ip address 172.16.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 30#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20#interface 10GE1/0/3 port hybrid pvid vlan 40 port trunk allow-pass vlan 40#bgp 200 router-id 2.2.2.2 peer 9.1.1.2 as-number 200 peer 200.1.1.1 as-number 100 peer 200.1.1.1 bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier 4 peer 200.1.1.1 bfd enable # ipv4-family unicast undo synchronization network 172.16.1.0 255.255.255.0 peer 9.1.1.2 enable peer 200.1.1.1 enable peer 200.1.1.1 route-policy 10 export#route-policy 10 permit node 10 apply cost 100#return

l Configuration file of SwitchC# sysname SwitchC



369

# router id 3.3.3.3# vlan batch 10 30# bfd#interface Vlanif10 ip address 200.1.2.2 255.255.255.0#interface Vlanif30 ip address 9.1.1.2 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 30#bgp 200 router-id 3.3.3.3 peer 9.1.1.1 as-number 200 peer 200.1.2.1 as-number 100 # ipv4-family unicast undo synchronization network 9.1.1.0 255.255.255.0 peer 9.1.1.1 enable peer 200.1.2.1 enable peer 200.1.2.1 route-policy 10 export#route-policy 10 permit node 10 apply cost 150#return

6.16.10 Example for Configuring BGP Auto FRR

Networking RequirementsAs shown in Figure 6-12, SwitchA belongs to AS 100, SwitchB, SwitchC, and SwitchD belongto AS 200 and establish IBGP connections. Routes from SwitchA to SwitchD must have backupforwarding information so that traffic can be fast switched to the backup link after a fault isdetected. This improves network reliability.



370

Figure 6-12 Networking diagram of configuring BGP Auto FRR

10GE1/0/1VLANIF10

10.1.1.1/24

10GE1/0/2VLANIF20

10.2.1.1/24

10GE1/0/1VLANIF10

10.1.1.2/24

10GE1/0/2VLANIF4010.4.1.2/24

AS 200

10GE1/0/2VLANIF4010.4.1.1/24

10GE1/0/1VLANIF20

10.2.1.2/24

SwitchA

AS 100

SwitchC

SwitchB

SwitchD

10GE1/0/2VLANIF3010.3.1.1/24

10GE1/0/1VLANIF3010.3.1.2/24


1. Configure a route-policy on SwitchB and SwitchC to change the MED values of routes toSwitchD to facilitate route selection.

2. Configure BGP Auto FRR on SwitchA so that traffic can be fast switched to the backuplink when a fault is detected.

Procedure

Step 1 Configure the VLAN to which each interface belongs.<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~HUAWEI] commit[SwitchA] vlan batch 10 20[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] port link-type trunk[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10[~SwitchA-10GE1/0/1] quit[~SwitchA] interface 10ge 1/0/2[~SwitchA-10GE1/0/2] port link-type trunk[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 20[~SwitchA-10GE1/0/2] quit[~SwitchA] commit


Step 2 Configure VLANIF interfaces and assign IP addresses to the VLANIF interfaces.[~SwitchA] interface vlanif 10[~SwitchA-Vlanif10] ip address 10.1.1.1 24[~SwitchA-Vlanif10] quit[~SwitchA] interface vlanif 20[~SwitchA-Vlanif20] ip address 10.2.1.1 24



371

[~SwitchA-Vlanif20] quit[~SwitchA] commit


Step 3 Establish EBGP connections between SwitchA and SwitchB, and between SwitchA andSwitchC, and establish IBGP connections between SwitchD and SwitchB, and betweenSwitchD and SwitchC.


<SwitchA> system-view[~SwitchA] bgp 100[~SwitchA-bgp] router-id 1.1.1.1[~SwitchA-bgp] peer 10.1.1.2 as-number 200[~SwitchA-bgp] peer 10.2.1.2 as-number 200[~SwitchA-bgp] commit

NOTEThe configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and are notmentioned here.


<SwitchD> system-view[~SwitchD] bgp 200[~SwitchD-bgp] router-id 4.4.4.4[~SwitchD-bgp] peer 10.3.1.1 as-number 200[~SwitchD-bgp] peer 10.4.1.1 as-number 200[~SwitchD-bgp] commit

NOTEThe configurations of SwitchB and SwitchC are similar to the configuration of SwitchD, and are notmentioned here.

Step 4 Configure a route-policy on SwitchB and SwitchC so that routes to SwitchD have different MEDvalues.

# Configure a route-policy on SwitchB.

<SwitchB> system-view[~SwitchB] route-policy rtb permit node 10[~SwitchB-route-policy] apply cost 80[~SwitchB-route-policy] quit[~SwitchB] bgp 200[~SwitchB-bgp] ipv4-family unicast[~SwitchB-bgp-af-ipv4] peer 10.1.1.1 route-policy rtb export[~SwitchB-bgp-af-ipv4] commit[~SwitchB-bgp-af-ipv4] quit

# Configure a route-policy on SwitchC.

<SwitchC> system-view[~SwitchC] route-policy rtc permit node 10[~SwitchC-route-policy] apply cost 120[~SwitchC-route-policy] quit[~SwitchC] bgp 200[~SwitchC-bgp] ipv4-family unicast[~SwitchC-bgp-af-ipv4] peer 10.2.1.1 route-policy rtc export[~SwitchC-bgp-af-ipv4] commit[~SwitchC-bgp-af-ipv4] quit

# Advertise a route to 4.4.4.4/32 on SwitchD.

[~SwitchD] bgp 200[~SwitchD-bgp] ipv4-family unicast[~SwitchD-bgp] network 4.4.4.4 32



372

[~SwitchD-bgp] commit

# Run the display ip routing-table verbose command on SwitchA to check detailed informationabout the route to 4.4.4.4/32.

<SwitchA> display ip routing-table 4.4.4.4 32 verboseRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Table : _public_Summary Count : 1

Destination: 4.4.4.4/32 Protocol: BGP Process ID: 0 Preference: 255 Cost: 80 NextHop: 10.1.1.2 Neighbour: 10.1.1.2 State: Active Adv Age: 00h00m12s Tag: 0 Priority: low Label: NULL QoSInfo: 0x0 IndirectID: 0x4 RelayNextHop: 0.0.0.0 Interface: Vlanif10 TunnelID: 0x0 Flags: D

The MED value of the route learned from SwitchB is smaller. Therefore, SwitchA selects thepath SwitchA→SwitchB→SwitchD as the route to 4.4.4.4/32. Because FRR is not configured,no backup forwarding information is available.

Step 5 Enable BGP Auto FRR on SwitchA, and check the routing information.

# Enable BGP Auto FRR on SwitchA.

<SwitchA> system-view[~SwitchA] bgp 100[~SwitchA-bgp] ipv4-family unicast[~SwitchA-bgp-af-ipv4] auto-frr[~SwitchA-bgp-af-ipv4] commit[~SwitchA-bgp-af-ipv4] quit

# After the configuration, run the display ip routing-table verbose command on SwitchA tocheck the routing information.

<SwitchA> display ip routing-table 4.4.4.4 32 verboseRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Table : _public_Summary Count : 1

Destination: 4.4.4.4/32 Protocol: BGP Process ID: 0 Preference: 255 Cost: 80 NextHop: 10.1.1.2 Neighbour: 10.1.1.2 State: Active Adv Age: 00h52m45s Tag: 0 Priority: low Label: NULL QoSInfo: 0x0 IndirectID: 0x4 RelayNextHop: 0.0.0.0 Interface: Vlanif10 TunnelID: 0x0 Flags: D BkNextHop: 10.2.1.2 BkInterface: Vlanif20 BkLabel: NULL SecTunnelID: 0x0 BkPETunnelID: 0x0 BkPESecTunnelID: 0x0 BkIndirectID: 0x2

The preceding command output shows that SwitchA has a backup next hop and a backupoutbound interface for the route to 4.4.4.4/32.

----End



373


# sysname SwitchA#interface Vlanif10 ip address 10.1.1.1 255.255.255.0#interface Vlanif20 ip address 10.2.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10 #interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20#bgp 100 router-id 1.1.1.1 peer 10.1.1.2 as-number 200 peer 10.2.1.2 as-number 200# ipv4-family unicast peer 10.1.1.2 enable peer 10.2.1.2 enable auto-frr#return

l Configuration file of SwitchB

# sysname SwitchB#interface Vlanif10 ip address 10.1.1.2 255.255.255.0#interface Vlanif40 ip address 10.3.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10 #interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 40#bgp 200 router-id 2.2.2.2 peer 10.1.1.1 as-number 100 peer 10.3.1.2 as-number 200# ipv4-family unicast peer 10.1.1.1 enable peer 10.3.1.2 enable peer 10.1.1.1 route-policy rtb export#route-policy rtb permit node 10 apply cost 80#return

l Configuration file of SwitchC

#



374

sysname SwitchC#interface Vlanif20 ip address 10.2.1.2 255.255.255.0#interface Vlanif30 ip address 10.4.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 20 #interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 30#bgp 200 router-id 3.3.3.3 peer 10.2.1.1 as-number 100 peer 10.4.1.2 as-number 200 # ipv4-family unicast peer 10.2.1.1 enable peer 10.4.1.2 enable peer 10.2.1.1 route-policy rtc export#route-policy rtc permit node 10 apply cost 120#return

l Configuration file of SwitchD

# sysname SwitchD#interface Vlanif40 ip address 10.3.1.2 255.255.255.0#interface Vlanif30 ip address 10.4.1.2 255.255.255.0#interface LoopBack1 ip address 4.4.4.4 255.255.255.255#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 40 #interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 30#bgp 200 router-id 4.4.4.4 peer 10.3.1.1 as-number 200 peer 10.4.1.1 as-number 200 # ipv4-family unicast peer 10.3.1.1 enable peer 10.4.1.1 enable network 4.4.4.4 255.255.255.255#return



375

7 Routing Policy Configuration

About This Chapter

Routing policies are applied to routing information to change the path through which networktraffic passes.

7.1 Routing Policy OverviewRouting tables are sharply increased with the expansion of the network scale, which brings aheavy burden and security issues to the network. To solve this problem, configure a routingpolicy to filter routes and change attributes of routes when routing protocols advertise, receive,and import routes.

7.2 Routing Policy Features Supported by the DeviceRouting policy configuration includes the configurations of filters and policies.

7.3 Filter ConfigurationFilters in a routing policy include ACL, IP prefix list, AS_Path filter, community filter, extendedcommunity filter, and RD filter. This section describes the configuration of IP prefix list,AS_Path filter, community filter, extended community filter, and RD filter. For details aboutACL configuration, see "ACL Configuration" in the CloudEngine 6800&5800 Seriesswitch-Configuration Guide - Security.

7.4 Configuring a Routing PolicyEach node of a routing policy can comprise a set of if-match and apply clauses.

7.5 Maintaining the Routing PolicyMaintaining routing policies involves clearing the statistics of the IP prefix list.

7.6 Configuration ExamplesThe configuration examples in this section explain the networking requirements, networkingdiagram, configuration notes, configuration roadmap, and configuration procedure for differenttypes of routing policies.

CloudEngine 6800&5800 Series SwitchesConfiguration Guide - IP Routing 7 Routing Policy Configuration


376

7.1 Routing Policy OverviewRouting tables are sharply increased with the expansion of the network scale, which brings aheavy burden and security issues to the network. To solve this problem, configure a routingpolicy to filter routes and change attributes of routes when routing protocols advertise, receive,and import routes.

Differences Between the Routing Policy and PBR

Different from the routing based on the destination addresses of IP packets, policy-based routing(PBR) is a routing mechanism based on the traffic policy and user-defined policies to selectroutes. PBR provides various functions such as ensuring security and implementing loadbalancing.

Routing policies and PBR are different mechanisms. Table 7-1 shows the differences betweenthe two mechanisms.

Table 7-1 Differences between the routing policy and PBR

Routing Policy Policy-based Routing

Applies to routing information. Applies to data flows.

Forwards packets based on the routingtable.

Forwards packets based on the policy. If packetsfail to be forwarded based on the policy, the devicebegins to search the routing table for packetforwarding.

Is based on the control plane and servesrouting protocols and routing tables.

Is based on the forwarding plane and servesforwarding policies.

Combines with routing protocols toform policies.

Needs to be manually configured hop by hop toensure that packets are forwarded according to thepolicies.

7.2 Routing Policy Features Supported by the DeviceRouting policy configuration includes the configurations of filters and policies.

After configuring routing policies, apply them to route advertisement, route acceptance, androute importing so that they can filter routes and set route attributes. For the applications ofrouting policies in routing protocols, refer to the corresponding routing protocol configurations.

Filter

Filters in a routing policy include ACL, IP prefix list, AS_Path filter, community filter, extendedcommunity filter, and RD filter. The filters are used in if-match clauses and can be usedindependently in some special scenarios. Table 7-2 describes the application of filters.



377

Table 7-2 Application of filters

Filter Application

ACL l Used independently when dynamicrouting protocols advertise and receiveroutes.

l Applies to if-match clauses in a routingpolicy.

IP prefix list l Used independently when dynamicrouting protocols advertise and receiveroutes.

l Applies to if-match clauses in a routingpolicy.

AS_Path Filter l Used independently when BGP advertisesand receives routes.

l Applies to if-match clauses in a routingpolicy when IGP and BGP interact witheach other.

Community filter l Used independently when BGP advertisesand receives routes.

l Applies to if-match clauses in a routingpolicy when IGP and BGP interact witheach other.

Extended community filter Applies to the if-match clause in a routingpolicy when the RT attribute is used to filterroutes in a VPN.

RD filter Applies to the if-match clause in a routingpolicy when the RD attribute is used to filterroutes in a VPN.

Routing Policy

To reduce network burden and ensure network security, apply a routing policy with if-matchclauses specified in the following situations:

l Importing routes

l Advertising and receiving routes

l Route filtering using the RT and RD attributes in a VPN

7.3 Filter ConfigurationFilters in a routing policy include ACL, IP prefix list, AS_Path filter, community filter, extendedcommunity filter, and RD filter. This section describes the configuration of IP prefix list,AS_Path filter, community filter, extended community filter, and RD filter. For details about



378

ACL configuration, see "ACL Configuration" in the CloudEngine 6800&5800 Seriesswitch-Configuration Guide - Security.


Before configuring filters, complete the following task:

l Configuring routing protocols


Configure the filters in any sequence based on the network requirements.

7.3.1 Configuring an IP Prefix List

Context

To control the advertising and receiving of routes based on the destination address, configurean IP prefix list.

CAUTIONIf an IP prefix list is not used together with the if-match clauses in a routing policy, you mustset at least one node to the permit mode in the IP prefix list. If no node is set to the permitmode, all routes are filtered out.

Procedure



Step 2 Run:ip ip-prefix ip-prefix-name [ index index-number ] { permit | deny } ip-address mask-length [ greater-equal greater-equal-value ] [ less-equal less-equal-value ]

An IPv4 prefix list is configured.

Step 3 Run:commit


----End

Checking the Configurationl Run the display ip ip-prefix [ ip-prefix-name ] command to check information about the

IPv4 prefix list.



379

7.3.2 Configuring an AS_Path Filter

Context

An AS_Path filter is used to filter routes based on the AS_Path attributes of BGP routes. If youdo not want to receive routes of a specified AS number, configure an AS_Path filter based onthe AS number. On a complex network, multiple ACLs or IP prefix lists must be configured tofilter BGP routes, which is complicated. Configuring an AS_Path filter simplifies theconfiguration.

Procedure



Step 2 Run:ip as-path-filter { as-path-filter-number | as-path-filter-name } [ index index-number ] { permit | deny } regular-expression

An AS_Path filter is configured.

In the preceding command, regular-expression the regular expression that the AS_Path filteruses to define a matching rule. For details about a regular expression, see "CLI Overview" inthe CloudEngine 6800&5800 Seriesswitch - Configuration Guide - Basic Configuration.

Step 3 Run:commit


----End

Checking the Configurationl Run the display ip as-path-filter [ as-path-filter-number | as-path-filter-name ] command

to check information about a configured AS_Path filter.

7.3.3 Configuring a Community Filter

Context

The community attribute identifies routes with the same characteristics without considering afew IP prefixes and numerous AS numbers. Configuring community filters and communityattributes simplifies route management when it is inconvenient to use IP prefix list or AS_Pathfilter. For example, a company branch needs to receive only routes from its headquarters andbranches in adjacent countries. In this case, you can configure different community attributesfor the branches. Routes in this branch can then be managed based on community attributes,without considering a few IP prefixes and numerous AS numbers of routes in different countries.

Community filters are classified into basic and advanced community filters. Compared with abasic community filter, an advanced community filter supports regular expressions and is moreflexible.



380

Procedure



Step 2 Run:ip community-filter

A community filter is configured.

l To configure a basic community filter, run the ip community-filter { basic comm-filter-name | basic-comm-filter-num } [ index index-number ] { permit | deny } [ community-number | aa:nn | internet | no-export-subconfed | no-advertise | no-export ] &<1-20>command.

l To configure an advanced community filter, run the ip community-filter { advanced comm-filter-name | adv-comm-filter-num } [ index index-number ] { permit | deny } regular-expression command.

In the preceding command, regular-expression indicates that the AS_Path filter uses a regularexpression to define matching rules. For details about a regular expression, see "CLI Overview"in the CloudEngine 6800&5800 Seriesswitch - Configuration Guide - Basic Configuration.

Step 3 Run:commit


----End

Checking the Configurationl Run the display ip community-filter [ basic-comm-filter-num | adv-comm-filter-num |

comm-filter-name ] command to check information about a configured community filter.

7.3.4 Configuring an Extended Community Filter

ContextYou can use an extended community filter when using the route target (RT) attribute to filterroutes in a VPN scenario.

Procedure



Step 2 Run:ip extcommunity-filter extcomm-filter-number [ index index-number ] { deny | permit } { rt { as-number:nn | ipv4-addressnn } } &<1-16>

An extended community filter is configured.

Step 3 Run:



381

commit


----End

Checking the Configurationl Run the display ip extcommunity-filter [ extcomm-filter-number ] command to check

information about a configured extended community filter.

7.3.5 Configuring an RD Filter

ContextYou can use an RD filter when using the RD attribute to filter routes in a VPN.

Procedure



Step 2 Run:ip rd-filter rd-filter-number { deny | permit } route-distinguisher &<1-10>

An RD filter is configured.

Step 3 Run:commit


----End

Checking the Configurationl Run the display ip rd-filter [ rd-filter-number ] command to check information about a

configured RD filter.

7.4 Configuring a Routing PolicyEach node of a routing policy can comprise a set of if-match and apply clauses.

Pre-configuration TasksBefore configuring a routing policy, complete the following task:

l Configuring routing protocols

Configuration ProcessBefore configuring the if-match and apply clauses, you must configure a routing policy. Youcan configure the if-match and apply clauses in any sequence based on the network requirements.



382

7.4.1 Creating a Routing Policy

ContextA routing policy can consist of multiple matching rules and actions.

CAUTIONYou must set at least one node to the permit mode in a routing policy; otherwise, all routes arefiltered out.

Procedure



Step 2 Run:route-policy route-policy-name { permit | deny } node node

A routing policy is created, and the routing policy view is displayed.

A routing policy starts route selection from the lowest node ID. If a route matches a node in therouting policy, the system does not match it with other nodes. If a route fails to match all thenodes in the routing policy, the route is filtered out.

Step 3 (Optional) Run:description text

The description of the routing policy is configured.

Step 4 Run:commit

The configuration is submitted.

----End

7.4.2 (Optional) Configuring an if-match Clause

ContextAn if-match clause defines matching rules related to route filters and attributes in a routingpolicy.

If no if-match clause is configured for a node in a routing policy, all routes match in this node.If one or more if-match clauses are configured in a node, the relationship between the clausesis "AND". This means that routes match this node only when they match all the if-match clausesin this node. When multiple if-match as-path-filter, if-match community-filter, if-matchextcommunity-filter, if-match interface, or if-match route-type clauses are configured, therelationship between the clauses is "OR". The relationship of the five clauses is "AND", and therelationship between the five clauses and other clauses is also "AND". If multiple if-match as-



383

path-filter clauses are configured in a node, the relationship of these clauses is "OR", and therelationship between these clauses and other if-match clauses is "AND".

NOTE

If an if-match clause defines a filter that is not configured, all routes match this if-match clause by default.

The if-match acl and if-match ip-prefix commands cannot be used together in the same node. When boththe commands are used in a node, the later configured one overrides the previous one.

Procedure




The routing policy view is displayed.

Step 3 Configure if-match clauses in any sequence for a routing policy based on the networkrequirements.l Run:

if-match acl { acl-number | acl-name }

An if-match clause is configured to match the basic ACL.l Run:

if-match as-path-filter as-path-filter-number &<1-16>

An if-match clause is configured to match AS_Path filters.l Run either of the following commands as required to configure an if-match clause based on

community filters:– if-match community-filter { basic-comm-filter-num [ whole-match ] | adv-comm-filter-

num } &<1-16>– if-match community-filter comm-filter-name [ whole-match ]

l Run:if-match extcommunity-filter extcomm-filter-number &<1-16>

An if-match clause is configured to match extended community filters.l Run:

if-match cost cost

An if-match clause is configured to match the route cost of routes.l Run:

if-match interface { interface-type interface-number } &<1-16>

An if-match clause is configured to match the outbound interface of routes.l Run:

if-match ip { next-hop | route-source } { acl { acl-number | acl-name } | ip-prefix ip-prefix-name }

An if-match clause is configured to match the next hop or source address of IPv4 routes.l Run:

if-match ip-prefix ip-prefix-name



384

An if-match clause is configured to match the IP prefix list.l Run:

if-match rd-filter rd-filter-numberAn if-match clause is configured to match the RD filter.

l Run any of the following command as required to match the type of route:– Run:

if-match route-type { external-type1 | external-type1or2 | external-type2 | internal | nssa-external-type1 | nssa-external-type1or2 | nssa-external-type2 }An if-match clause is configured to match a specified type of OSPF routes.

– Run:if-match route-type { is-is-level-1 | is-is-level-2 } An if-match clause is configured to match a specified type of IS-IS routes.

l Run:if-match tag tagAn if-match clause is configured to match the tag of routes.

Step 4 Run:commit


----End

7.4.3 (Optional) Configuring an apply Clause

ContextAn apply clause specifies the action of setting attributes for routes matching a routing policynode. If a node is not configured with an apply clause, the node only filters routs. If one or moreapply clauses are configured in a node, all the apply clauses are applied to routes that matchthe node.

Procedure




The route-policy view is displayed.

Step 3 Run any of the following commands as required to configure apply clauses, the commands arenot listed in sequence. A node can have multiple or no apply clauses.l Run:

apply as-path { { as-number | 4as-number } &<1-10> { additive | overwrite } | none overwrite }An apply clause is configured to change the AS_Path attribute of BGP routes.



385

l Run:apply comm-filter { basic-comm-filter-number | adv-comm-filter-number | comm-filter-name } delete

An apply clause is configured to delete the specified community attribute of BGP routes.TIP

To delete the community attributes, you can run the ip community-filter command several times toconfigure community attributes one by one, and apply the routing policy containing the apply comm-filter delete command to delete these community attributes. If multiple community attributes arespecified in one community filter, none of them can be deleted.

l Run:apply community none

An apply clause is configured to delete all community attributes of BGP routes.l Run:

apply community { community-number | aa:nn | internet | no-advertise | no-export | no-export-subconfed } &<1-32> [ additive ]

An apply clause is configured to set the community attributes of BGP routes.l Run:

apply cost { [ + | - ] cost | inherit }

The route cost is set.l Run the following command as required to set the cost type of a route:

– Run:apply cost-type { external | internal }

The IS-IS cost type is set.– Run:

apply cost-type { type-1 | type-2 }

The OSPF cost type is set.l Run:

apply dampening half-life-reach reuse suppress ceiling

The dampening parameters of EBGP routes are set.l Run:

apply extcommunity { rt { as-number:nn | ipv4-address:nn } } &<1-16> [ additive ]

An extended community attribute (route-target) of BGP is set.l Run:

apply ip-address next-hop { ipv4-address | peer-address }

The next-hop address of the IPv4 route is set.l Run:

apply isis { level-1 | level-1-2 | level-2 }

The level of the IS-IS route is set.l Run:

apply local-preference preference

The local preference for BGP routes is set.l Run:

apply origin { egp as-number | igp | incomplete }

The Origin attribute of BGP routes is set.



386

l Run:apply ospf { backbone | stub-area }

An OSPF area into which routes are imported is set.

l Run:apply preference preference

The preference of the routing protocol is set.

l Run:apply preferred-value preferred-value

A preferred value is set for BGP routes.

l Run:apply tag tag

The route tag is set.

Step 4 Run:commit


----End


Procedurel Run the display route-policy [ route-policy-name ] command to check information about

the Route-Policy.

----End

7.5 Maintaining the Routing PolicyMaintaining routing policies involves clearing the statistics of the IP prefix list.

Context

CAUTIONThe statistics of IP prefix lists cannot be restored after being cleared. Exercise caution whenrunning this command.

Procedurel Run reset ip ip-prefix [ ip-prefix-name ] command in the user view to clear the IPv4 prefix

list statistics.

----End



387

7.6 Configuration ExamplesThe configuration examples in this section explain the networking requirements, networkingdiagram, configuration notes, configuration roadmap, and configuration procedure for differenttypes of routing policies.

7.6.1 Example for Filtering the Routes to Be Received or Advertised

Networking RequirementsAs shown in Figure 7-1, on the network where OSPF runs, SwitchA receives routes from theInternet, and provides these routes for the OSPF network. Users want devices on the OSPFnetwork to access only the network segments 172.1.17.0/24, 172.1.18.0/24, and 172.1.19.0/24,and SwitchC to access only the network segment 172.1.18.0/24.

Figure 7-1 Networking diagram for filtering the received and advertised routes

10GE1/0/1VLANIF10192.168.1.1/24

10GE1/0/3VLANIF30

192.168.3.1/24

10GE1/0/2VLANIF20

192.168.2.1/24

10GE1/0/1VLANIF20192.168.2.2/24

10GE1/0/1VLANIF30192.168.3.2/24

SwitchC

SwitchD

SwitchBSwitchA

OSPF

172.1.16.0/24172.1.17.0/24172.1.18.0/24172.1.19.0/24172.1.20.0/24

10GE1/0/1VLANIF10

192.168.1.2/24


1. Configure a routing policy on SwitchA and apply the routing policy during routeadvertisement. When routes are advertised, the routing policy allows SwitchA to provideroutes from network segments 172.1.17.0/24, 172.1.18.0/24, and 172.1.19.0/24 forSwitchB, and allows devices on the OSPF network to access these three network segments.

2. Configure a routing policy on SwitchC and apply the routing policy during route importing.When routes are imported, the routing policy allows SwitchC to receive only the routesfrom the network segment 172.1.18.0/24 and access this network segment.



388

Procedure

Step 1 Add interfaces to the VLANs.<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~HUAWEI] commit[~SwitchA] vlan 10[~SwitchA-vlan10] quit[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] port link-type trunk[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10[~SwitchA-10GE1/0/1] quit[~SwitchA] commit


Step 2 Assign IP addresses to the VLANIF interfaces.[~SwitchA] interface vlanif 10[~SwitchA-Vlanif10] ip address 192.168.1.1 24[~SwitchA-Vlanif10] quit[~SwitchA] commit


Step 3 Configure the basic OSPF functions.


[~SwitchA] ospf[~SwitchA-ospf-1] area 0[~SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255[~SwitchA-ospf-1-area-0.0.0.0] quit[~SwitchA-ospf-1] quit[~SwitchA] commit


[~SwitchB] ospf[~SwitchB-ospf-1] area 0[~SwitchB-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255[~SwitchB-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255[~SwitchB-ospf-1-area-0.0.0.0] network 192.168.3.0 0.0.0.255[~SwitchB-ospf-1-area-0.0.0.0] quit[~SwitchB-ospf-1] quit[~SwitchB] commit


[~SwitchC] ospf[~SwitchC-ospf-1] area 0[~SwitchC-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255[~SwitchC-ospf-1-area-0.0.0.0] quit[~SwitchC-ospf-1] quit[~SwitchC] commit


[~SwitchD] ospf[~SwitchD-ospf-1] area 0[~SwitchD-ospf-1-area-0.0.0.0] network 192.168.3.0 0.0.0.255[~SwitchD-ospf-1-area-0.0.0.0] quit[~SwitchD-ospf-1] quit[~SwitchD] commit

Step 4 Configure five static routes on SwitchA and import these routes into OSPF.



389

[~SwitchA] ip route-static 172.1.16.0 24 NULL 0[~SwitchA] ip route-static 172.1.17.0 24 NULL 0[~SwitchA] ip route-static 172.1.18.0 24 NULL 0[~SwitchA] ip route-static 172.1.19.0 24 NULL 0[~SwitchA] ip route-static 172.1.20.0 24 NULL 0[~SwitchA] commit[~SwitchA] ospf[~SwitchA-ospf-1] import-route static[~SwitchA-ospf-1] quit[~SwitchA] commit

# Check the routing table on SwitchB. You can find that the five static routes are imported intoOSPF.

[~SwitchB] display ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Tables: Public Destinations : 13 Routes : 13 Destination/Mask Proto Pre Cost Flags NextHop Interface 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.1.16.0/24 O_ASE 150 1 D 192.168.1.1 Vlanif10 172.1.17.0/24 O_ASE 150 1 D 192.168.1.1 Vlanif10 172.1.18.0/24 O_ASE 150 1 D 192.168.1.1 Vlanif10 172.1.19.0/24 O_ASE 150 1 D 192.168.1.1 Vlanif10 172.1.20.0/24 O_ASE 150 1 D 192.168.1.1 Vlanif10 192.168.1.0/24 Direct 0 0 D 192.168.1.2 Vlanif10 192.168.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif10 192.168.2.0/24 Direct 0 0 D 192.168.2.1 Vlanif20 192.168.2.1/32 Direct 0 0 D 127.0.0.1 Vlanif20 192.168.3.0/24 Direct 0 0 D 192.168.3.1 Vlanif30 192.168.3.1/32 Direct 0 0 D 127.0.0.1 Vlanif30

Step 5 Configure a policy for advertising routes.

# Set an IP prefix list named a2b on SwitchA.

[~SwitchA] ip ip-prefix a2b index 10 permit 172.1.17.0 24[~SwitchA] ip ip-prefix a2b index 20 permit 172.1.18.0 24[~SwitchA] ip ip-prefix a2b index 30 permit 172.1.19.0 24[~SwitchA] commit

# Configure a policy for advertising routes on SwitchA, and use the IP prefix list named a2b tofilter routes.

[~SwitchA] ospf[~SwitchA-ospf-1] filter-policy ip-prefix a2b export static[~SwitchA-ospf-1] commit

# Check the routing table on SwitchB. You can find that SwitchB receives only three routesdefined in a2b.

[~SwitchB] display ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Tables: Public Destinations : 11 Routes : 11 Destination/Mask Proto Pre Cost Flags NextHop Interface 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.1.17.0/24 O_ASE 150 1 D 192.168.1.1 Vlanif10 172.1.18.0/24 O_ASE 150 1 D 192.168.1.1 Vlanif10 172.1.19.0/24 O_ASE 150 1 D 192.168.1.1 Vlanif10 192.168.1.0/24 Direct 0 0 D 192.168.1.2 Vlanif10 192.168.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif10 192.168.2.0/24 Direct 0 0 D 192.168.2.1 Vlanif20



390

192.168.2.1/32 Direct 0 0 D 127.0.0.1 Vlanif20 192.168.3.0/24 Direct 0 0 D 192.168.3.1 Vlanif30 192.168.3.1/32 Direct 0 0 D 127.0.0.1 Vlanif30

Step 6 Configure a policy for receiving routes.

# Set an IP prefix list named in on SwitchC.

[~SwitchC] ip ip-prefix in index 10 permit 172.1.18.0 24[~Switchc] commit

# Set a policy for receiving routes on SwitchC, and use in to filter routes.

[~SwitchC] ospf[~SwitchC-ospf-1] filter-policy ip-prefix in import[~SwitchC] commit

# Check the routing table on SwitchC. You can find that SwitchC in the local core routing tablereceives only one route defined in in.

[~SwitchC] display ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.1.18.0/24 O_ASE 150 1 D 192.168.2.1 Vlanif20 192.168.2.0/24 Direct 0 0 D 192.168.2.2 Vlanif20 192.168.2.2/32 Direct 0 0 D 127.0.0.1 Vlanif20

----End


# sysname SwitchA# vlan batch 10#interface Vlanif10 ip address 192.168.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#ospf 1 filter-policy ip-prefix a2b export static import-route static area 0.0.0.0 network 192.168.1.0 0.0.0.255# ip ip-prefix a2b index 10 permit 172.1.17.0 24 ip ip-prefix a2b index 20 permit 172.1.18.0 24 ip ip-prefix a2b index 30 permit 172.1.19.0 24# ip route-static 172.1.16.0 255.255.255.0 NULL0 ip route-static 172.1.17.0 255.255.255.0 NULL0 ip route-static 172.1.18.0 255.255.255.0 NULL0 ip route-static 172.1.19.0 255.255.255.0 NULL0 ip route-static 172.1.20.0 255.255.255.0 NULL0#return



391

l Configuration file of SwitchB# sysname SwitchB# vlan batch 10 20 30#interface Vlanif10 ip address 192.168.1.2 255.255.255.0#interface Vlanif20 ip address 192.168.2.1 255.255.255.0#interface Vlanif30 ip address 192.168.3.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20#interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 30#ospf 1 area 0.0.0.0 network 192.168.1.0 0.0.0.255 network 192.168.2.0 0.0.0.255 network 192.168.3.0 0.0.0.255#return

l Configuration file of SwitchC# sysname SwitchC# vlan batch 20#interface Vlanif20 ip address 192.168.2.2 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 20#ospf 1 filter-policy ip-prefix in import area 0.0.0.0 network 192.168.2.0 0.0.0.255# ip ip-prefix in index 10 permit 172.1.18.0 24#return

l Configuration file of SwitchD# sysname SwitchD# vlan batch 30#interface Vlanif30 ip address 192.168.3.2 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 30#



392

ospf 1 area 0.0.0.0 network 192.168.3.0 0.0.0.255#return

7.6.2 Example for Applying a Routing Policy for Importing Routes


As shown in Figure 7-2, SwitchB exchanges routing information with SwitchA through OSPFand with SwitchC through IS-IS. Users want SwitchB to import IS-IS routes into the OSPFnetwork. Users also want that the route to 172.17.1.0/24 on the OSPF network has a lowpreference and the route to 172.17.2.0/24 has a tag, which makes it easy to reference by a routingpolicy.

Figure 7-2 Networking diagram for applying a routing policy for importing routes

SwitchC

10GE1/0/1VLANIF10192.168.1.1/24

10GE1/0/1VLANIF10

192.168.1.2/24

10GE1/0/1VLANIF20

192.168.2.1/2410GE1/0/2VLANIF20192.168.2.2/24

10GE1/02VLANIF30172.17.1.1/24

SwitchA

SwitchB

OSPF IS-IS

10GE1/0/3VLANIF40172.17.2.1/24

10GE1/0/4VLANIF50172.17.3.1/24



1. Configure a routing policy on SwitchB, set the cost of the route to 172.17.1.0/24 to 100,and apply the routing policy when OSPF imports IS-IS routes. The routing policy allowsthe route to 172.17.1.0/24 have a low preference.

2. Configure a routing policy on SwitchB, set the tag of the route to 172.17.2.0/24 is 20, andapply the routing policy when OSPF imports IS-IS routes. In this way, the tag of the routeto 172.17.2.0/24 can take effect, which makes it easy to reference by a routing policy.

Procedure

Step 1 Add interfaces to the VLANs.<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~HUAWEI] commit[~SwitchA] vlan 10[~SwitchA-vlan10] quit[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] port link-type trunk[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10[~SwitchA-10GE1/0/1] quit[~SwitchA] commit



393


Step 2 Assign IP addresses to the VLANIF interfaces.[~SwitchA] interface vlanif 10[~SwitchA-Vlanif10] ip address 192.168.1.1 24[~SwitchA-Vlanif10] quit[~SwitchA] commit


Step 3 Configure IS-IS.


[~SwitchC] isis[~SwitchC-isis-1] is-level level-2[~SwitchC-isis-1] network-entity 10.0000.0000.0001.00[~SwitchC-isis-1] quit[~SwitchC] interface vlanif 20[~SwitchC-Vlanif20] isis enable[~SwitchC-Vlanif20] quit[~SwitchC] interface vlanif 30[~SwitchC-Vlanif30] isis enable[~SwitchC-Vlanif30] quit[~SwitchC] interface vlanif 40[~SwitchC-Vlanif40] isis enable[~SwitchC-Vlanif40] quit[~SwitchC] interface vlanif 50[~SwitchC-Vlanif50] isis enable[~SwitchC-Vlanif50] quit[~SwitchC] commit


[~SwitchB] isis[~SwitchB-isis-1] is-level level-2[~SwitchB-isis-1] network-entity 10.0000.0000.0002.00[~SwitchB-isis-1] quit[~SwitchB] interface vlanif 20[~SwitchB-Vlanif20] isis enable[~SwitchB-Vlanif20] quit[~SwitchB] commit

Step 4 Configure OSPF and import routes.

# Configure SwitchA and enable OSPF.

[~SwitchA] ospf[~SwitchA-ospf-1] area 0[~SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255[~SwitchA-ospf-1-area-0.0.0.0] quit[~SwitchA-ospf-1] quit[~SwitchA] commit

# Configure SwitchB, enable OSPF, and import IS-IS routes.

[~SwitchB] ospf[~SwitchB-ospf-1] area 0[~SwitchB-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255[~SwitchB-ospf-1-area-0.0.0.0] quit[~SwitchB-ospf-1] import-route isis 1[~SwitchB-ospf-1] quit[~SwitchB] commit

# Check the OSPF routing table on SwitchA. You can find the imported routes.



394

[~SwitchA] display ospf routing OSPF Process 1 with Router ID 192.168.1.1 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 192.168.1.0/24 1 Stub 192.168.1.1 192.168.1.1 0.0.0.0 Routing for ASEs Destination Cost Type Tag NextHop AdvRouter 172.17.1.0/24 1 Type2 1 192.168.1.2 192.168.1.2 172.17.2.0/24 1 Type2 1 192.168.1.2 192.168.1.2 172.17.3.0/24 1 Type2 1 192.168.1.2 192.168.1.2 192.168.2.0/24 1 Type2 1 192.168.1.2 192.168.1.2 Total Nets: 5 Intra Area: 1 Inter Area: 0 ASE: 4 NSSA: 0

Step 5 Set the filtering list.

# Set ACL 2002 to match 172.17.2.0/24.

[~SwitchB] acl number 2002[~SwitchB-acl-basic-2002] rule permit source 172.17.2.0 0.0.0.255[~SwitchB-acl-basic-2002] quit[~SwitchB] commit

# Set an IP prefix list named prefix-a to match 172.17.1.0/24.

[~SwitchB] ip ip-prefix prefix-a index 10 permit 172.17.1.0 24[~SwitchB] commit

Step 6 Configure a routing policy.[~SwitchB] route-policy isis2ospf permit node 10[~SwitchB-route-policy] if-match ip-prefix prefix-a[~SwitchB-route-policy] apply cost 100[~SwitchB-route-policy] quit[~SwitchB] route-policy isis2ospf permit node 20[~SwitchB-route-policy] if-match acl 2002[~SwitchB-route-policy] apply tag 20[~SwitchB-route-policy] quit[~SwitchB] route-policy isis2ospf permit node 30 [~SwitchB-route-policy] quit[~SwitchB] commit

Step 7 Apply the routing policy when routes are imported.

# Configure SwitchB and apply the routing policy when routes are imported.

[~SwitchB] ospf[~SwitchB-ospf-1] import-route isis 1 route-policy isis2ospf[~SwitchB-ospf-1] quit[~SwitchB] commit

# Check the OSPF routing table on SwitchA. You can find that the cost of the route to172.17.1.0/24 is 100; the tag of the route to 172.17.2.0/24 is 20; other route attributes remainunchanged.

[~SwitchA] display ospf routing OSPF Process 1 with Router ID 192.168.1.1 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 192.168.1.0/24 1 Stub 192.168.1.1 192.168.1.1 0.0.0.0 Routing for ASEs Destination Cost Type Tag NextHop AdvRouter



395

172.17.1.0/24 100 Type2 1 192.168.1.2 192.168.1.2 172.17.2.0/24 1 Type2 20 192.168.1.2 192.168.1.2 172.17.3.0/24 1 Type2 1 192.168.1.2 192.168.1.2 192.168.2.0/24 1 Type2 1 192.168.1.2 192.168.1.2 Total Nets: 5 Intra Area: 1 Inter Area: 0 ASE: 4 NSSA: 0

----End


# sysname SwitchA# vlan batch 10#interface Vlanif10 ip address 192.168.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#ospf 1 area 0.0.0.0 network 192.168.1.0 0.0.0.255#return

l Configuration file of SwitchB# sysname SwitchB# vlan batch 10 20#acl number 2002 rule 5 permit source 172.17.2.0 0.0.0.255#isis 1 is-level level-2 network-entity 10.0000.0000.0002.00#interface Vlanif10 ip address 192.168.1.2 255.255.255.0#interface Vlanif20 ip address 192.168.2.2 255.255.255.0 isis enable 1#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20#ospf 1 import-route isis 1 route-policy isis2ospf area 0.0.0.0 network 192.168.1.0 0.0.0.255#route-policy isis2ospf permit node 10 if-match ip-prefix prefix-a apply cost 100#route-policy isis2ospf permit node 20



396

if-match acl 2002 apply tag 20#route-policy isis2ospf permit node 30#ip ip-prefix prefix-a index 10 permit 172.17.1.0 24#return

l Configuration file of SwitchC# sysname SwitchC# vlan batch 20 30 40 50#isis 1 is-level level-2 network-entity 10.0000.0000.0001.00#interface Vlanif20 ip address 192.168.2.1 255.255.255.0 isis enable 1#interface Vlanif30 ip address 172.17.1.1 255.255.255.0 isis enable 1#interface Vlanif40 ip address 172.17.2.1 255.255.255.0 isis enable 1#interface Vlanif50 ip address 172.17.3.1 255.255.255.0 isis enable 1#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 20#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 30#interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 40#interface 10GE1/0/4 port link-type trunk port trunk allow-pass vlan 50#return



397

8 MCE Configuration

About This Chapter

A private network may need to to be divided into multiple VPNs, and services of different VPNsmust be completely isolated. An MCE can provide access to multiple VPNs so that you do notneed to deploy a CE for each VPN. This reduces costs on device purchase and maintenance.

8.1 MCE OverviewA Multi-VPN-Instance CE (MCE) is a CE that supports the multi-VPN-instance function.

8.2 Configuring an MCE DeviceYou can configure multi-instance routing protocols on an MCE device to implement serviceisolation between different VPN users in a LAN.

8.3 Configuration ExamplesThis section provides an example for configuring an MCE device.

CloudEngine 6800&5800 Series SwitchesConfiguration Guide - IP Routing 8 MCE Configuration


398

8.1 MCE OverviewA Multi-VPN-Instance CE (MCE) is a CE that supports the multi-VPN-instance function.

Definition

A BGP/MPLS IP VPN is a Layer 3 Virtual Private Network (L3VPN). BGP/MPLS IP VPN usesthe Border Gateway Protocol (BGP) to advertise VPN routes and the Multiprotocol LabelSwitching (MPLS) to forward VPN packets on backbone networks. IP means that IP packetsare carried by the VPN.

Figure 8-1 shows the basic model of a BGP/MPLS IP VPN.

Figure 8-1 Model of a BGP/MPLS IP VPN

CE

CE

CE IP/MPLS Backbone

CEVPN 1

Site

Site

Site

Site

VPN 1

VPN 2

PE

PE

PEP

P P

PVPN 2

The BGP/MPLS IP VPN model consists of the following parts:

l Customer Edge (CE): It is an edge device on a customer network, providing interfaces thatare directly connected to the Service Provider (SP) network. A CE can be a router, a switch,or a host. Usually, a CE neither senses the VPN nor supports MPLS.

l Provider Edge (PE): It is an edge device on an SP network. A PE is directly connected tothe CE. On an MPLS network, PE devices process all VPN services. Therefore, therequirements on the performance of PE devices are rather high.

l Provider (P): It is a backbone device on an SP network. A P is not directly connected toCE devices. Ps only need to possess basic MPLS forwarding capabilities and do notmaintain information about a VPN.

PE and P devices are managed by SPs. CE devices are managed by users except that the userstrust SPs with the management right.

A PE can access multiple CE devices. A CE can be connected to multiple PE devices of thesame SP or of different SPs.



399

Basic Concepts of BGP/MPLS IP VPNl Site

The concept of "site" is frequently mentioned in the VPN technology. The followingdescribes a site from different aspects:– A site is a group of IP systems with IP connectivity that can be achieved independent

of SP's networks.– Sites are demarcated based on the topology relationships between devices rather than

the geographic positions of the devices although the devices in a site are geographicallyadjacent to each other in general.

– The devices at a site may belong to multiple VPNs. In other words, a site may belongto more than one VPN.

– A site is connected to an SP's network through the CE. A site may contain more thanone CE, but a CE belongs to only one site.

Sites connected to the same SP's network can be divided into different sets based on policies.Only sites that belong to the same set can access each other, and this set is a VPN.

l Address space overlappingAs a private network, a VPN independently manages an address realm, also called anaddress space.Address spaces of different VPNs may overlap. For example, if both VPN 1 and VPN 2use addresses on the network segment 10.110.10.0/24, address space overlap occurs.

l VPN instanceIn BGP/MPLS IP VPN implementation, routes of different VPNs are isolated by VPNinstances.A PE device establishes and maintains a VPN instance for each directly connected site. AVPN instance contains VPN member interfaces and routes of the corresponding site.Specifically, information in a VPN instance includes the IP routing table, label forwardingtable, interface bound to the VPN instance, and VPN instance management information.VPN instance management information includes the route distinguisher (RD), routefiltering policy, and member interface list of the VPN instance.

Figure 8-2 VPN instances

VPN2

Site2 CE

VPN1

Site1 CE

PEVPN1VPN-instance

VPN2VPN-instance

Public forwarding table

IP/MPLSBackbone



400

l RD and VPN-IPv4 Address

The traditional BGP cannot correctly handle the routes of VPNs with overlapping addressspaces. For example, VPN1 and VPN2 use addresses on network segment 10.110.10.0/24and they both advertise a route to this network segment. The local PE device can identifythe routes based on VPN instances. However, when the routes are advertised to the remotePE device, BGP selects only one of the two routes because load balancing is not performedbetween routes of different VPNs. The other route is lost.

To ensure that VPN routes of VPNs with overlapping address spaces are correctlyprocessed, PE devices use MP-BGP to advertise VPN routes and use the VPN-IPv4 addressto identify the routes.

A VPN-IPv4 address consists of 12 bytes. The first eight bytes represent the RD, and thelast four bytes stand for the IPv4 address prefix, as shown in Figure 8-3.

Figure 8-3 VPN-IPv4 address structure

Type Field( 2-Byte )

IPv4 Address Prefix( 4-Byte )

AdministratorSubfield

AssignedNumber Subfield

Route Distinguisher ( 8-Byte )

RDs distinguish the IPv4 prefixes with the same address space. IPv4 addresses with RDsare VPN-IPv4 addresses (VPNv4 addresses). After receiving IPv4 routes from a CE device,a PE device converts the routes into globally unique VPN-IPv4 routes and advertises theroutes on the public network.

The RD format enables SPs to allocate RDs independently. When CE devices are dual-homed to PE devices, RD must be globally unique to ensure correct routing.

l VPN target

The VPN target, also called the route target (RT), is a 32-bit BGP extension communityattribute. BGP/MPLS IP VPN uses the VPN target to control the advertisement of VPNrouting information.

A VPN instance is associated with one or more VPN target attributes, which are of thefollowing types:

– Export target: After learning the IPv4 routes from directly connected sites, a local PEconverts the routes to VPN-IPv4 routes and sets the export target attribute for thoseroutes. As the BGP extension community attribute, the export target attribute isadvertised with the routes.

– Import target: After receiving VPN-IPv4 routes from other PE devices, a PE checks theexport target attribute of the routes. If the export target is identical with the import targetof a VPN instance on the PE, the PE adds the route to the VPN routing table.

In a BGP/MPLS IP VPN, VPN targets are used to control the advertisement and receipt ofVPN routing information between sites. VPN export targets are independent of importtargets. An export target and an import target can be configured with multiple values; inthis manner, flexible VPN access control and diversified VPN networking schemes can beadopted.



401

For example, if the import target of a VPN instance contains 100:1, 200:1, and 300:1, anyroute with the export target of 100:1, 200:1, or 300:1 is added to the routing table of theVPN instance.

Introduction to MCE TechnologyBGP/MPLS IP VPN uses tunnels to transmit data of private networks on a public network. Inthe traditional BGP/MPLS IP VPN architecture, each VPN instance must use a CE device toconnect to a PE device, as shown in Figure 8-1.

In may cases, a private network must be divided into multiple VPNs to realize fine-grainedservice management and enhance security. Services of users in different VPNs must becompletely isolated. Deploying a CE device for each VPN increases the cost of deviceprocurement and maintenance. If multiple VPNs share one CE device, data security cannot beensured because all the VPNs use the same routing and forwarding table.

The MCE technology ensures data security between different VPNs while reducing networkconstruction and maintenance costs. Figure 8-4 shows the MCE deployment.

Figure 8-4 Networking with an MCE device

SiteVPN 2

SiteVPN 1

MCE

CE

CE

Site

SiteVPN 1

PE

PE

P

P

VPN 2PE

IP/MPLS Backbone

An MCE device has some PE functions. By binding each VPN instance to a different interface,an MCE device creates and maintains an independent VRF for each VPN. This application isalso called multi-VRF application. The MCE device isolates forwarding paths of different VPNson a private network and advertises routes of each VPN to the peer PE device, ensuring thatVPN packets are correctly transmitted on the public network.

8.2 Configuring an MCE DeviceYou can configure multi-instance routing protocols on an MCE device to implement serviceisolation between different VPN users in a LAN.

Pre-configuration TasksBefore configuring an MCE device, complete the following task:

l Configuring the link layer protocol and network layer protocol for LAN interfaces andconnecting the LAN to the MCE device (reserve one interface for each service)



402


The following tasks are mandatory.

8.2.1 Configuring a VPN Instance

Context

The following configurations are performed on the MCE device.

Similar configurations must be performed on the PE devices. The PE configuration procedureand commands used vary in devices from different vendors and different product models. Fordetailed configuration, see the documentation of the PE devices.

Procedure

Step 1 Create a VPN instance.

1. Run:system-view


2. Run:ip vpn-instance vpn-instance-name

A VPN instance is created, and its view is displayed.

NOTE

A VPN instance name is case sensitive. For example, vpn1 and VPN1 are different VPN instances.

3. (Optional) Run:description description-information

The description is configured for the VPN instance.

The description is similar to that of the host name and interface, which can be used to recordinformation about the relationship between a VPN instance and a VPN.

4. Run:ipv4-family

The IPv4 address family is enabled for the VPN instance, and the VPN instance IPv4address family view is displayed.

5. Run:route-distinguisher route-distinguisher

An RD is configured for the VPN instance IPv4 address family.

A VPN instance IPv4 address family takes effect only after being configured with an RD.The RDs of different VPN instances on a PE must be different.



403

NOTE

l RDs cannot be modified but can be deleted after being configured.After an RD is deleted, allconfigurations in the VPN instance IPv4 address family of the corresponding VPN instance willbe deleted.

l If you configure an RD for the VPN instance IPv4 address family in the created VPN instanceview, the VPN instance IPv4 address family is enabled and the the VPN instance IPv4 addressfamily view is displayed.

6. Run:vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ]

A VPN target is configured for the VPN instance IPv4 address family.

A VPN target is a BGP extended community attribute. It is used to control the receivingand advertisement of VPN routing information. A maximum of eight VPN targets can beconfigured using a vpn-target command.

When VPN sites connected to the MCE device need to communicate with one another,configure VPN targets on the MCE device to implement VPN route cross. If the VPN sitesconnected to the MCE device do not need to communicate with one another, you do notneed to configure VPN targets.

7. (Optional) Run:prefix limit number { alert-percent [ route-unchanged ] | simply-alert }

The allowed maximum number of route prefixes is set for the VPN instance IPv4 addressfamily.

The configuration restricts the number of route prefixes imported from the CEs and otherPEs into a VPN instance IPv4 address family on a PE, preventing the PE from receivingtoo many route prefixes.

NOTE

If the prefix limit command is run, the system gives a prompt when the number of route prefixesadded to the routing table of the VPN instance IPv4 address family exceeds the limit. After the prefixlimit command is run to increase the allowed maximum number of route prefixes in a VPN instanceIPv4 address family or the undo prefix limit command is run to cancel the limit, the system addsnewly received route prefixes of various protocols to the private network IP routing table.

After the number of route prefixes exceeds the maximum limit, direct and static routes can still beadded to the IPv4 address family routing table of VPN instances.

8. (Optional) Configure a routing policy for the VPN instance.

In addition to using VPN targets to control VPN route advertisement and reception, youcan configure a routing policy for the VPN instance to better control VPN routes.

l An import routing policy filters routes before they are imported into the VPN instanceIPv4 address family.

l An export routing policy filters routes before they are advertised to other PE devices.

NOTE

Before applying a routing policy to a VPN instance, create the routing policy. For details about howto configure a routing policy, see Routing Policy Configuration in the CloudEngine 6800&5800Series Switches Configuration Guide - IP Routing.

Run the following command as required:



404

l To configure an import routing policy for the VPN instance IPv4 address family, runimport route-policy policy-name.

l To configure an export routing policy for the VPN instance IPv4 address family, runexport route-policy policy-name.

9. Run:commit


Step 2 Bind the VPN instance to an interface.1. Run:

system-view




ip binding vpn-instance vpn-instance-name

A VPN instance is bound to the interface.

By default, an interface is a public network interface and is not associated with any VPNinstance.

NOTE

After a VPN instance is bound to an interface, configuration of the Layer 3 features including IPaddresses and routing protocols is deleted from the interface.

4. Run:ip address ip-address { mask | mask-length }

An IP address is configured for the interface.5. Run:

commit


----End

8.2.2 Configure Route Exchange Between an MCE Device and VPNSites

ContextRouting protocols that can be used between an MCE device and VPN sites are static routing,RIP, OSPF, IS-IS, and BGP.Choose one of the following configurations as needed:l Configure static routes between an MCE device and a site.l Configure RIP between an MCE device and a site.l Configure OSPF between an MCE device and a site.l Configure IS-IS between an MCE device and a site.



405

l Configure BGP between an MCE device and a site.

The following configurations are performed on the MCE device. On the devices in the site, youonly need to configure the corresponding routing protocol.

Configure Static Routes Between an MCE Device and a SitePerform the following configurations on the MCE device. You only need to configure a staticroute to the MCE device in the site. The site configuration is not provided here.

NOTE

For detailed configuration of static routes, see Static Route Configuration in the CloudEngine 6800&5800Series Switches Configuration Guide - IP Routing.

Table 8-1 MCE configuration

Action Command Description

Enter the systemview.

system-view -

Configure a staticroute to the site.

ip route-static vpn-instance vpn-source-name destination-address { mask | mask-length } { nexthop-address [ public ] |interface-type interface-number [ nexthop-address ] } [ preference preference | tagtag ] *

You must specify the nexthop address on the MCEdevice.

Commit theconfiguration.

commit -

Configure RIP Between an MCE Device and a SitePerform the following configurations on the MCE device. Configure RIPv1 or RIPv2 in the site.The site configuration is not provided here.

NOTE

For detailed RIP configuration, see RIP Configuration in the CloudEngine 6800&5800 Series SwitchesConfiguration Guide - IP Routing.




system-view -



406


Create a RIPprocess runningbetween the MCEdevice and the siteand enter the RIPview.

rip process-id vpn-instance vpn-instance-name

A RIP process can bebound to only one VPNinstance. If a RIP processis not bound to any VPNinstance before it isstarted, this processbecomes a public networkprocess and can no longerbe bound to a VPNinstance.

Enable RIP on thenetwork segmentof the interface towhich the VPNinstance is bound.

network network-address -

(Optional) Importthe routes to theremote sitesadvertised by thePE device in to theRIP routing table.

import-route protocol [ process-id ][ cost { cost | transparent } | [ route-policy route-policy-name ] ] *

Perform this step if anotherrouting protocol is runningbetween the MCE and PEdevices in the VPNinstance.


commit -

Configure OSPF Between an MCE Device and a SitePerform the following configurations on the MCE device. Configure OSPF in the site. The siteconfiguration is not provided here.

NOTE

For detailed OSPF configuration, see OSPF Configuration in the CloudEngine 6800&5800 SeriesSwitches Configuration Guide - IP Routing.




system-view -

Create an OSPFprocess runningbetween the MCEdevice and the siteand enter theOSPF view.

ospf [ process-id | router-id router-id ] *vpn-instance vpn-instance-name

-



407


(Optional) Importthe routes to theremote sitesadvertised by thePE device into theOSPF routingtable.

import-route { bgp [ permit-ibgp ] |direct | rip [ process-id-rip ] | static | isis[ process-id-isis ] | ospf [ process-id-ospf ] } [ cost cost | route-policy route-policy-name | tag tag | type type ] *

Perform this step if anotherrouting protocol is runningbetween the MCE and PEdevices in the VPNinstance.

Configure anOSPF area andenter the OSPFarea view.

area { area-id | area-id-address } -

Enable OSPF onthe networksegment of theinterface to whichthe VPN instanceis bound.

network ip-address wildcard-mask -


commit -

Configure IS-IS Between an MCE Device and a SitePerform the following configurations on the MCE device. You only need to configure IS-IS inthe site. The site configuration is not provided here.

NOTE

For detailed IS-IS configuration, see IS-IS Configuration in the CloudEngine 6800&5800 Series SwitchesConfiguration Guide - IP Routing.




system-view -

Create an IS-ISprocess runningbetween the MCEdevice and the siteand enter the IS-ISview.

isis process-id vpn-instance vpn-instance-name

An IS-IS process can bebound to only one VPNinstance. If an IS-IS processis not bound to any VPNinstance before it is started,this process becomes apublic network process andcan no longer be bound to aVPN instance.



408


Set a networkentity title (NET)for the IS-ISprocess.

network-entity net A NET specifies the currentIS-IS area address and thesystem ID of the switch. Amaximum of three NETscan be configured for oneprocess on each switch.

Import the routesto the remote sitesadvertised by thePE device into theIS-IS routing table.

Use either of the following commands:l import-route { direct | static | unr |

{ ospf | rip | isis } [ process-id ] |bgp } [ cost-type { external |internal } | cost cost | tag tag | route-policy route-policy-name | [ level-1 |level-2 | level-1-2 ] ] *

l import-route { { ospf | rip | isis }[ process-id ] | bgp | direct } inherit-cost [ { level-1 | level-2 | level-1-2 }| tag tag | route-policy route-policy-name ] *

Perform this step if anotherrouting protocol is runningbetween the MCE and PEdevices in the VPN instance.

Return to systemview.

quit -

Enter the view ofthe interface towhich the VPNinstance is bound.


-

Enable IS-IS onthe interface.

isis enable [ process-id ] -


commit -

Configure BGP between an MCE Device and a SitePerform the following configurations on the MCE device.




system-view -

Enter the BGPview.

bgp as-number -



409


Enter the BGP-VPN instance IPv4address familyview.

ipv4-family vpn-instance vpn-instance-name

-

Configure thedevice connectedto the MCE devicein the site as a VPNpeer.

peer ipv4-address as-number as-number -

Import the routesto the remote sitesadvertised by thePE device into theBGP routing table.

import-route protocol [ process-id ][ med med | route-policy route-policy-name ] *

Perform this step ifanother routing protocolis running between theMCE and PE devices inthe VPN instance.

Allow routingloops.

peer ipv4-address allow-as-loop[ number ]

Generally, BGP uses theAS number to detectroute loops. If BGP isrunning between theMCE device and the site,the MCE deviceadvertises the routinginformation with thelocal AS number to thesite. If the route updatemessages sent from thesite contain the local ASnumber, the MCE devicerejects the route updatemessages. To configurethe MCE device to acceptthese route updatemessages, configure it toallow routing loops.


commit -

Perform the following configurations on the device connected to the MCE device in the site.

Table 8-6 Site configuration



system-view -



410


Enter the BGPview.

bgp as-number -

Configure theMCE device as aVPN peer.


Import IGP routesof the VPN into theBGP routing table.

import-route protocol [ process-id ][ med med | route-policy route-policy-name ] *

The site must advertiseroutes to its attachedVPN network segmentsto the MCE device.


commit -

8.2.3 Configure Route Exchange Between an MCE Device and a PEDevice

ContextRouting protocols that can be used between an MCE device and a PE device are static routing,RIP, OSPF, IS-IS, and BGP.Choose one of the following configurations as needed:

l Configure static routes between an MCE device and a PE device.l Configure RIP between an MCE device and a PE device.l Configure OSPF between an MCE device and a PE device.l Configure IS-IS between an MCE device and a PE device.l Configure BGP between an MCE device and a PE device.

The following configurations are performed on the MCE device. The configurations on the PEdevice are similar. For details, see the user manual of the PE device.

Configure Static Routes Between an MCE Device and a PE DevicePerform the following configurations on the MCE device.




system-view -

Configure a staticroute to the PEdevice.

ip route-static vpn-instance vpn-source-name destination-address { mask | mask-length } vpn-instance vpn-destination-name nexthop-address [ preferencepreference | tag tag ] *

You must specify thenext hop address on theMCE device.



411



commit -

Configure RIP Between an MCE Device and a PE DevicePerform the following configurations on the MCE device.




system-view -

Create a RIPprocess runningbetween the MCEand PE devices andenter the RIP view.

rip process-id vpn-instance vpn-instance-name

A RIP process can bebound to only one VPNinstance. If a RIPprocess is not bound toany VPN instancebefore it is started, thisprocess becomes apublic network processand can no longer bebound to a VPNinstance.

Enable RIP on thenetwork segment ofthe interface towhich the VPNinstance is bound.

network network-address -

(Optional) ImportVPN routes of thesite into the RIProuting table.

import-route protocol [ process-id ][ cost { cost | transparent } | [ route-policy route-policy-name ] ] *

Perform this step ifanother routingprotocol is runningbetween the MCEdevice and VPN sites inthe VPN instance.


commit -

Configure OSPF Between an MCE Device and a PE DevicePerform the following configurations on the MCE device.



412




system-view -

Create an OSPFprocess runningbetween the MCEand PE devices andenter the OSPFview.

ospf [ process-id | router-id router-id ] *vpn-instance vpn-instance-name

-

(Optional) ImportVPN routes of thesite into the OSPFrouting table.

import-route { bgp [ permit-ibgp ] |direct | rip [ process-id-rip ] | static | isis[ process-id-isis ] | ospf [ process-id-ospf ] }[ cost cost | route-policy route-policy-name | tag tag | type type ] *

Perform this step ifanother routing protocolis running between theMCE device and VPNsites in the VPNinstance.

Disable routingloop detection in theOSPF process.

vpn-instance-capability simple By default, routing loopdetection is disabled inan OSPF process. Ifrouting loop detection isnot disabled in theOSPF process on theMCE device, the MCEdevice rejects OSPFroutes sent from the PEdevice.

Configure an OSPFarea and enter theOSPF area view.

area { area-id | area-id-address } -

Enable OSPF on thenetwork segment ofthe interface towhich the VPNinstance is bound.

network ip-address wildcard-mask -


commit -

Configure IS-IS Between an MCE Device and a PE DevicePerform the following configurations on the MCE device.



413




system-view -

Create an IS-ISprocess runningbetween the MCEand PE devices andenter the IS-ISview.

isis process-id vpn-instance vpn-instance-name

An IS-IS process can bebound to only one VPNinstance. If an IS-ISprocess is not bound toany VPN instancebefore it is started, thisprocess becomes apublic network processand can no longer bebound to a VPNinstance.

Set a networkentity title (NET)for the IS-ISprocess.

network-entity net A NET specifies thecurrent IS-IS areaaddress and the systemID of the switch. Amaximum of threeNETs can be configuredfor one process on eachswitch.

(Optional) ImportVPN routes of thesite into the IS-ISrouting table.

Use either of the following commands:l import-route { direct | static | unr | {

ospf | rip | isis } [ process-id ] | bgp }[ cost-type { external | internal } | costcost | tag tag | route-policy route-policy-name | [ level-1 | level-2 | level-1-2 ] ] *

l import-route { { ospf | rip | isis }[ process-id ] | bgp | direct } inherit-cost [ { level-1 | level-2 | level-1-2 } |tag tag | route-policy route-policy-name ] *

Perform this step ifanother routing protocolis running between theMCE device and VPNsites in the VPNinstance.

Return to systemview.

quit -

Enter the view ofthe interface towhich the VPNinstance is bound.

interface interface-type interface-number -

Enable IS-IS onthe interface.

isis enable [ process-id ] -


commit -



414

Configure BGP Between an MCE Device and a PE Device

Perform the following configurations on the MCE device.




system-view -

Enter the BGPview.

bgp as-number -

Enter the BGP-VPN instance IPv4address familyview.

ipv4-family vpn-instance vpn-instance-name

-

Configure the PEdevice as the VPNpeer of the MCEdevice.


Import the routesto the remote sitesadvertised by thePE device into theBGP routing table.

import-route protocol [ process-id ] [ medmed | route-policy route-policy-name ] *

Perform this step ifanother routingprotocol is runningbetween the MCEdevice and VPN sites inthe VPN instance.


commit -


PrerequisitesThe MCE configuration is complete.

Procedurel Run the display ip vpn-instance vpn-instance-name command to check brief information

about a specified VPN instance.

l Run the display ip vpn-instance verbose vpn-instance-name command to check detailedinformation about a specified VPN instance.

l Run the display ip vpn-instance import-vt ivt-value command to check information aboutall the VPN instances with import VPN targets.

l Run the display ip vpn-instance [ vpn-instance-name ] interface command to check briefinformation about the interface to which a specified VPN instance is bound.



415

l Run the display ip routing-table vpn-instance vpn-instance-name [ verbose ] commandto check the routing table on the MCE device. The routing table contains routes to the LANand remote sites for each service.

----End

8.3 Configuration ExamplesThis section provides an example for configuring an MCE device.

8.3.1 Example for Configuring an MCE Device

Networking RequirementsThe headquarters and branch of a company need to communicate through MPLS VPN, and twoservices of the company must be isolated. To reduce hardware costs, the company wants thebranch to connect to the PE device through one CE device.

As shown in Figure 8-5, the networking requirements are as follows:

l CE1 and CE2 connect to the headquarters. CE1 belongs to vpna, and CE2 belongs to vpnb.l The MCE device connects to vpna and vpnb of the branch through SwitchA and SwitchB.

NOTE

In Figure 8-5, the CE6800 functions as the MCE.

Figure 8-5 MCE networking

Enterprise headquarters

vpna

CE1

CE2

SwitchB

SwitchA

MCEPE1 PE2

Loopback12.2.2.9./32

10GE1/0/1VLANIF2010.2.1.1/24

10GE1/0/3 10GE1/0/1

10GE1/0/2VLANIF100192.1.1.1/24

Loopback1

企业分支vpnb

10GE1/0/3VLANIF6010.3.1.2/24

10GE1/0/1VLANIF6010.3.1.1/24

10GE1/0/1VLANIF7010.4.1.1/24

10GE1/0/1VLANIF1010.1.1.1/24

IP/MPLS Backbone

10GE1/0/4VLANIF7010.4.1.2/24

10GE1/0/2VLANIF2010.2.1.2/24

VLANIF30172.1.1.1/24

VLANIF30172.1.1.2/24

10GE1/0/1VLANIF1010.1.1.2/24 10GE1/0/1

VLANIF100192.1.1.2/24

10GE1/0/2VLANIF200192.2.1.1/24

10GE1/0/1VLANIF200192.2.1.2/24

1.1.1.9./32Enterprise

branchvpna

Enterprise branchvpnb

192.168.1.0/24

192.168.2.0/24Enterprise headquarters

vpnb



416


1. Configure OSPF between PE devices to implement interworking between them andconfigure MP-IBGP to exchange VPN routes.

2. Enable basic MPLS capabilities and MPLS LDP on the PE devices to set up LDP LSPs.3. Create VPN instances vpna and vpnb on the MCE and PE devices to isolate services.4. Set up EBGP peer relationships between PE1 and local CE devices to exchange VPN routes.5. Configure routing between MCE and sites and between MCE and PE2 to exchange VPN

routes.

Procedure

Step 1 Configure OSPF on PE1 and PE2 to implement interworking between them.

# Configure PE1.

<HUAWEI> system-view[~HUAWEI] sysname PE1[~HUAWEI] commit[~PE1] interface loopback 1[~PE1-LoopBack1] ip address 1.1.1.9 32[~PE1-LoopBack1] quit[~PE1] vlan batch 30[~PE1] interface 10ge 1/0/3[~PE1-10GE1/0/3] port link-type trunk[~PE1-10GE1/0/3] port trunk allow-pass vlan 30[~PE1-10GE1/0/3] quit[~PE1] interface vlanif 30[~PE1-Vlanif30] ip address 172.1.1.1 24[~PE1-Vlanif30] quit[~PE1] ospf[~PE1-ospf-1] area 0[~PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0[~PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255[~PE1-ospf-1-area-0.0.0.0] quit[~PE1-ospf-1] quit[~PE1] commit

The configuration of PE2 is the same as the configuration of PE1.

After the configuration is complete, PE1 and PE2 can learn the route to Loopback1 of each other.

Take the display on PE2 as an example:

[~PE2] display ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Table : _public_ Destinations : 9 Routes : 9


1.1.1.9/32 OSPF 10 1 D 172.1.1.1 Vlanif30 2.2.2.9/32 Direct 0 0 D 127.0.0.1 LoopBack1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.1.1.0/24 Direct 0 0 D 172.1.1.2 Vlanif30 172.1.1.2/32 Direct 0 0 D 172.1.1.1 Vlanif30



417

172.1.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif30255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Step 2 Enable basic MPLS capabilities and MPLS LDP on the PE devices to set up LDP LSPs betweenthem.

# Configure PE1.

[~PE1] mpls lsr-id 1.1.1.9[~PE1] mpls[~PE1-mpls] quit[~PE1] mpls ldp[~PE1-mpls-ldp] quit[~PE1] interface vlanif 30[~PE1-Vlanif30] mpls[~PE1-Vlanif30] mpls ldp[~PE1-Vlanif30] quit[~PE1] commit

The configuration of PE2 is the same as the configuration of PE1.

After the configuration is complete, run the display mpls ldp session command on the PEdevices. You can see that the MPLS LDP session between the PE devices is in Operational state.

Take the display on PE2 as an example:

[~PE2] display mpls ldp session

LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM) A '*' before a session means the session is being deleted.------------------------------------------------------------------------------PeerID Status LAM SsnRole SsnAge KASent/Rcv------------------------------------------------------------------------------ 1.1.1.9:0 Operational DU Active 0000:00:04 17/17------------------------------------------------------------------------------ TOTAL: 1 session(s) Found.

Step 3 Configure VPN instances on the PE devices. On PE1, bind the VPN instances to the interfacesconnected to CE1 and CE2 respectively. On PE2, bind the VPN instances to the interfacesconnected to the MCE device.

# Configure PE1.

[~PE1] vlan batch 10 20[~PE1] interface 10ge 1/0/1[~PE1-10GE1/0/1] port link-type trunk[~PE1-10GE1/0/1] port trunk allow-pass vlan 10[~PE1-10GE1/0/1] quit[~PE1] interface 10ge 1/0/2[~PE1-10GE1/0/2] port link-type trunk[~PE1-10GE1/0/2] port trunk allow-pass vlan 20[~PE1-10GE1/0/2] quit[~PE1] commit[~PE1] ip vpn-instance vpna[~PE1-vpn-instance-vpna] ipv4-family[~PE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1[~PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both[~PE1-vpn-instance-vpna-af-ipv4] quit[~PE1-vpn-instance-vpna] quit[~PE1] ip vpn-instance vpnb[~PE1-vpn-instance-vpnb] ipv4-family[~PE1-vpn-instance-vpnb-af-ipv4] route-distinguisher 100:2[~PE1-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both[~PE1-vpn-instance-vpnb-af-ipv4] quit[~PE1-vpn-instance-vpnb] quit[~PE1] interface vlanif 10



418

[~PE1-Vlanif10] ip binding vpn-instance vpna[~PE1-Vlanif10] ip address 10.1.1.2 24[~PE1-Vlanif10] quit[~PE1] interface vlanif 20[~PE1-Vlanif20] ip binding vpn-instance vpnb[~PE1-Vlanif20] ip address 10.2.1.2 24[~PE1-Vlanif20] quit[~PE1] commit

# Configure PE2.

[~PE2] vlan batch 100 200[~PE2] interface 10ge 1/0/2[~PE2-10GE1/0/2] port link-type trunk[~PE2-10GE1/0/2] port trunk allow-pass vlan 100 200[~PE2-10GE1/0/2] quit[~PE2] commit[~PE2] ip vpn-instance vpna[~PE2-vpn-instance-vpna] ipv4-family[~PE2-vpn-instance-vpna-af-ipv4] route-distinguisher 200:1[~PE2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both[~PE2-vpn-instance-vpna-af-ipv4] quit[~PE2-vpn-instance-vpna] quit[~PE2] ip vpn-instance vpnb[~PE2-vpn-instance-vpnb] ipv4-family[~PE2-vpn-instance-vpnb-af-ipv4] route-distinguisher 200:2[~PE2-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both[~PE2-vpn-instance-vpnb-af-ipv4] quit[~PE2-vpn-instance-vpnb] quit[~PE2] interface vlanif 100[~PE2-Vlanif100] ip binding vpn-instance vpna[~PE2-Vlanif100] ip address 192.1.1.1 24[~PE2-Vlanif100] quit[~PE2]interface vlanif 200[~PE2-Vlanif200] ip binding vpn-instance vpnb[~PE2-Vlanif200] ip address 192.2.1.1 24[~PE2-Vlanif200] quit[~PE2] commit

Step 4 Configure VPN instances on the MCE device and bind the instances to the interfaces connectedto SwitchA and SwitchB respectively.<HUAWEI> system-view[~HUAWEI] sysname MCE[~HUAWEI] commit[~MCE] vlan batch 60 70 100 200[~MCE] interface 10ge 1/0/1[~MCE-10GE1/0/1] port link-type trunk[~MCE-10GE1/0/1] port trunk allow-pass vlan 100 200[~MCE-10GE1/0/1] quit[~MCE] interface 10ge 1/0/3[~MCE-10GE1/0/3] port link-type trunk[~MCE-10GE1/0/3] port trunk allow-pass vlan 60[~MCE-10GE1/0/3] quit[~MCE] interface 10ge 1/0/4[~MCE-10GE1/0/4] port link-type trunk[~MCE-10GE1/0/4] port trunk allow-pass vlan 70[~MCE-10GE1/0/4] quit[~MCE] commit[~MCE] ip vpn-instance vpna[~MCE-vpn-instance-vpna] ipv4-family[~MCE-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1[~MCE-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both[~MCE-vpn-instance-vpna-af-ipv4] quit[~MCE-vpn-instance-vpna] quit[~MCE] ip vpn-instance vpnb[~MCE-vpn-instance-vpnb] ipv4-family[~MCE-vpn-instance-vpnb-af-ipv4] route-distinguisher 100:2[~MCE-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both



419

[~MCE-vpn-instance-vpnb-af-ipv4] quit[~MCE-vpn-instance-vpnb] quit[~MCE] interface vlanif 60[~MCE-Vlanif60] ip binding vpn-instance vpna[~MCE-Vlanif60] ip address 10.3.1.2 24[~MCE-Vlanif60] quit[~MCE] interface vlanif 70[~MCE-Vlanif70] ip binding vpn-instance vpnb[~MCE-Vlanif70] ip address 10.4.1.2 24[~MCE-Vlanif70] quit[~MCE] interface vlanif 100[~MCE-Vlanif100] ip binding vpn-instance vpna[~MCE-Vlanif100] ip address 192.1.1.2 24[~MCE-Vlanif100] quit[~MCE] interface vlanif 200[~MCE-Vlanif200] ip binding vpn-instance vpnb[~MCE-Vlanif200] ip address 192.2.1.2 24[~MCE-Vlanif200] quit[~MCE] commit

Step 5 Set up an MP-IBGP peer relationship between PE1 and PE2. Set up an EBGP peer relationshipbetween PE1 and CE1, and between PE1 and CE2.

The configuration details are not mentioned here.

After the configuration is complete, run the display bgp vpnv4 all peer command on PE1. Thecommand output shows that the PE1 has set up an IBGP peer relationship with PE2 and EBGPpeer relationships with CE1 and CE2. All the peer relationships are in Established state.

[~PE1] display bgp vpnv4 all peer

BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 3 Peers in established state : 3

Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv

2.2.2.9 4 100 288 287 0 01:19:16 Established 6

Peer of IPv4-family for vpn instance :

VPN-Instance vpna, router ID 1.1.1.9: Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 10.1.1.1 4 65410 9 11 0 00:04:14 Established 2 VPN-Instance vpnb, router ID 1.1.1.9: Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 10.2.1.1 4 65420 9 12 0 00:04:09 Established 2

Step 6 Configure routing between the MCE device and VPN sites.

The MCE device directly connects to vpna, and no routing protocol is used in vpna. Configurestatic routes to implement communication between the MCE device and vpna.l # Configure SwitchA.

Assign IP address 192.168.1.1/24 to the interface connected to vpna. The configuration isnot provided here.<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~HUAWEI] commit[~SwitchA] vlan batch 60[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] port link-type trunk[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 60[~SwitchA-10GE1/0/1] quit[~SwitchA]interface vlanif 60[~SwitchA-Vlanif60]ip address 10.3.1.1 24



420

[~SwitchA-Vlanif60] quit[~SwitchA]ip route-static 0.0.0.0 0.0.0.0 10.3.1.2[~SwitchA] commit

l # Configure the MCE device.

[~MCE] ip route-static vpn-instance vpna 192.168.1.0 24 10.3.1.1 [~MCE] commit

l # Check the routes of vpna on the MCE device.[~MCE] display ip routing-table vpn-instance vpnaRoute Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: vpna Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.3.1.0/24 Direct 0 0 D 10.3.1.2 Vlanif60 10.3.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif60 10.3.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif60 192.168.1.0/24 Static 60 0 RD 10.3.1.1 Vlanif60 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 The preceding information shows that the MCE device has a static route to vpna.

The RIP protocol runs in vpnb. Configure RIP process 200 on the MCE device and bind it tovpnb so that routes learned by RIP are added to the routing table of vpnb.

l # Configure the MCE device.

[~MCE] rip 200 vpn-instance vpnb[~MCE-rip-200] version 2[~MCE-rip-200] network 10.0.0.0[~MCE-rip-200] import-route ospf 200[~MCE-rip-200] quit[~MCE] commit

l # Configure SwitchB.Assign IP address 192.168.2.1/24 to the interface connected to vpnb. The configuration isnot provided here.<HUAWEI> system-view[~HUAWEI] sysname SwitchB[~HUAWEI] commit[~SwitchB] vlan batch 70[~SwitchB] interface 10ge 1/0/1[~SwitchB-10GE1/0/1] port link-type trunk[~SwitchB-10GE1/0/1] port trunk allow-pass vlan 70[~SwitchB-10GE1/0/1] quit[~SwitchB]interface vlanif 70[~SwitchB-Vlanif70]ip address 10.4.1.1 24[~SwitchB-Vlanif70] quit[~SwitchB] rip 200[~SwitchB-rip-200] version 2[~SwitchB-rip-200] network 10.0.0.0[~SwitchB-rip-200] network 192.168.2.0[~SwitchB-rip-200] quit[~SwitchB]commit

l # Check the routes of vpnb on the MCE device.[~MCE] display ip routing-table vpn-instance vpnb Route Flags: R - relay, D - download to



421

fib ------------------------------------------------------------------------------ Routing Tables: vpnb Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.4.1.0/24 Direct 0 0 D 10.4.1.2 Vlanif70 10.4.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif70 10.4.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif70 192.168.2.0/24 RIP 100 1 D 10.4.1.1 Vlanif70 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 The preceding information shows that the MCE device has learned the route to vpnb throughRIP. The route to vpnb and the route to vpna (192.168.1.0) are maintained in different VPNrouting tables so that users in the two VPNs are isolated from each other.

Step 7 Configure OSPF multi-instance between the MCE device and PE2.

# Configure PE2.NOTE

To configure OSPF multi-instance between the MCE device and PE2, complete the following tasks onPE2:l In the OSPF view, import BGP routes and advertise VPN routes of PE1 to the MCE device.l In the BGP view, import routes of the OSPF processes and advertise the VPN routes of the MCE device

to PE1.

[~PE2] ospf 100 vpn-instance vpna[~PE2-ospf-100] import-route bgp[~PE2-ospf-100] area 0[~PE2-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255[~PE2-ospf-100-area-0.0.0.0] quit[~PE2-ospf-100] quit[~PE2] ospf 200 vpn-instance vpnb[~PE2-ospf-200] import-route bgp[~PE2-ospf-200] area 0[~PE2-ospf-200-area-0.0.0.0] network 192.2.1.0 0.0.0.255[~PE2-ospf-200-area-0.0.0.0] quit[~PE2-ospf-200] quit[~PE2] commit[~PE2] bgp 100[~PE2-bgp] ipv4-family vpn-instance vpna[~PE2-bgp-vpna] import-route ospf 100[~PE2-bgp-vpna] quit[~PE2-bgp] ipv4-family vpn-instance vpnb[~PE2-bgp-vpnb] import-route ospf 200[~PE2-bgp-vpnb] quit[~PE2] commit

# Configure the MCE device.NOTE

Import VPN routes to the OSPF processes.

[~MCE] ospf 100 vpn-instance vpna[~MCE-ospf-100] import-route static[~MCE-ospf-100] vpn-instance-capability simple[~MCE-ospf-100] area 0



422

[~MCE-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255[~MCE-ospf-100-area-0.0.0.0] quit[~MCE-ospf-100] quit[~MCE] ospf 200 vpn-instance vpnb[~MCE-ospf-200] import-route rip 200[~MCE-ospf-200] vpn-instance-capability simple[~MCE-ospf-200] area 0[~MCE-ospf-200-area-0.0.0.0] network 192.2.1.0 0.0.0.255[~MCE-ospf-200-area-0.0.0.0] quit[~MCE-ospf-200] quit[~MCE] commit


After the configuration is complete, run the display ip routing-table vpn-instance commandon the MCE device to view the routes to the remote CE devices.

Take the routing table of vpna as an example:[~MCE] display ip routing-table vpn-instance vpnaRoute Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: vpna Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 O_ASE 150 1 D 10.3.1.3 Vlanif60 10.3.1.0/24 Direct 0 0 D 10.3.1.2 Vlanif60 10.3.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif60 10.3.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif60 192.1.1.0/24 Direct 0 0 D 192.1.1.2 Vlanif100 192.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif100 192.1.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif100 192.168.1.0/24 Static 60 0 RD 10.3.1.1 Vlanif60 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Run the display ip routing-table vpn-instance command on the PE devices to view the routesto the remote CE devices.

Take the VPN routing table of vpna on PE as an example:[~PE1] display ip routing-table vpn-instance vpnaRoute Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: vpna Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.2 Vlanif10 10.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif10 10.1.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif10 10.3.1.0/24 IBGP 255 0 RD 2.2.2.9 Vlanif30 192.168.1.0/24 IBGP 255 2 RD 2.2.2.9 Vlanif30 192.1.1.0/24 IBGP 255 0 RD 2.2.2.9 Vlanif30 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0

CE1 and SwitchA can communicate with each other. CE2 and SwitchB can communicate witheach other.

Take the ping from CE1 to SwitchA as an example:[~CE1] ping 10.3.1.1 PING 10.3.1.1: 56 data bytes, press CTRL_C to break Reply from 10.3.1.1: bytes=56 Sequence=1 ttl=252 time=3 ms Reply from 10.3.1.1: bytes=56 Sequence=2 ttl=252 time=3 ms Reply from 10.3.1.1: bytes=56 Sequence=3 ttl=252 time=3 ms Reply from 10.3.1.1: bytes=56 Sequence=4 ttl=252 time=3 ms



423

Reply from 10.3.1.1: bytes=56 Sequence=5 ttl=252 time=11 ms --- 10.3.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 3/4/11 ms

CE1 cannot ping CE2 or SwitchB. SwitchA cannot ping CE2 or SwitchB.

Take the ping from CE1 to SwitchB as an example:

[~CE1] ping 10.4.1.1 PING 10.4.1.1: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out

--- 10.4.1.1 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss

----End

Configuration Filesl Configuration file of CE1

# sysname CE1# vlan batch 10#interface Vlanif10 ip address 10.1.1.1 255.255.255.0#interface 10GE1/0/1port link-type trunkport trunk allow-pass vlan 10#bgp 65410 peer 10.1.1.2 as-number 100# ipv4-family unicast undo synchronization import-route direct peer 10.1.1.2 enable#return

l Configuration file of CE2# sysname CE2# vlan batch 20#interface Vlanif20 ip address 10.2.1.1 255.255.255.0#interface 10GE1/0/1port link-type trunkport trunk allow-pass vlan 20#bgp 65420 peer 10.2.1.2 as-number 100#



424

ipv4-family unicast undo synchronization import-route direct peer 10.2.1.2 enable#return

l Configuration file of PE1# sysname PE1# vlan batch 10 20 30#ip vpn-instance vpna ipv4-family route-distinguisher 100:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity#ip vpn-instance vpnb ipv4-family route-distinguisher 100:2 vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity# mpls lsr-id 1.1.1.9# mpls#mpls ldp#interface Vlanif10 ip binding vpn-instance vpna ip address 10.1.1.2 255.255.255.0#interface Vlanif20 ip binding vpn-instance vpnb ip address 10.2.1.2 255.255.255.0#interface Vlanif30 ip address 172.1.1.1 255.255.255.0 mpls mpls ldp#interface 10GE1/0/1port link-type trunkport trunk allow-pass vlan 10#interface 10GE1/0/2port link-type trunkport trunk allow-pass vlan 20#interface 10GE1/0/3port link-type trunkport trunk allow-pass vlan 30#

interface LoopBack1 ip address 1.1.1.9 255.255.255.255#bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1# ipv4-family unicast undo synchronization peer 2.2.2.9 enable# ipv4-family vpnv4 policy vpn-target



425

peer 2.2.2.9 enable# ipv4-family vpn-instance vpna peer 10.1.1.1 as-number 65410 import-route direct# ipv4-family vpn-instance vpnb peer 10.2.1.1 as-number 65420 import-route direct#ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 172.1.1.0 0.0.0.255#return

l Configuration file of PE2# sysname PE2# vlan batch 30 100 200#ip vpn-instance vpna ipv4-family route-distinguisher 200:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity#ip vpn-instance vpnb ipv4-family route-distinguisher 200:2 vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity# mpls lsr-id 2.2.2.9# mpls#mpls ldp#interface Vlanif30 ip address 172.1.1.2 255.255.255.0 mpls mpls ldp#interface Vlanif100 ip binding vpn-instance vpna ip address 192.1.1.1 255.255.255.0 # interface Vlanif200 ip binding vpn-instance vpnb ip address 192.2.1.1 255.255.255.0 # interface LoopBack1 ip address 2.2.2.9 255.255.255.255#interface 10GE1/0/1port link-type trunkport trunk allow-pass vlan 30#interface 10GE1/0/2 port link-type trunk



426

port trunk allow-pass vlan 100 200 #bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1# ipv4-family unicast undo synchronization peer 1.1.1.9 enable# ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable# ipv4-family vpn-instance vpna import-route ospf 100# ipv4-family vpn-instance vpnb import-route ospf 200#ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 172.1.1.0 0.0.0.255#ospf 100 vpn-instance vpnaimport-route bgp area 0.0.0.0 network 192.1.1.0 0.0.0.255 #ospf 200 vpn-instance vpnbimport-route bgp area 0.0.0.0 network 192.2.1.0 0.0.0.255#return

l Configuration file of the MCE device# sysname MCE# vlan batch 60 70 100 200#ip vpn-instance vpna ipv4-family route-distinguisher 100:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity#ip vpn-instance vpnb ipv4-family route-distinguisher 100:2 vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity#interface Vlanif60 ip binding vpn-instance vpna ip address 10.3.1.2 255.255.255.0#interface Vlanif70 ip binding vpn-instance vpnb ip address 10.4.1.2 255.255.255.0#interface Vlanif100 ip binding vpn-instance vpna ip address 192.1.1.2 255.255.255.0#interface Vlanif200 ip binding vpn-instance vpnb ip address 192.2.1.2 255.255.255.0



427

#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 100 200 #interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 60 #interface 10GE1/0/4 port link-type trunk port trunk allow-pass vlan 70 #ospf 100 vpn-instance vpna import-route static vpn-instance-capability simple area 0.0.0.0 network 192.1.1.0 0.0.0.255 #ospf 200 vpn-instance vpnb import-route rip 200 vpn-instance-capability simple area 0.0.0.0 network 192.2.1.0 0.0.0.255#rip 200 vpn-instance vpnb version 2 network 10.0.0.0 import-route ospf 200#ip route-static vpn-instance vpna 192.168.1.0 255.255.255.0 10.3.1.1 #return

l Configuration file of SwitchA# sysname SwitchA# vlan batch 60#interface Vlanif60 ip address 10.3.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 60 # ip route-static 0.0.0.0 0.0.0.0 10.3.1.2 #return

l Configuration file of SwitchB# sysname SwitchB# vlan batch 70#interface Vlanif70 ip address 10.4.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 70 #rip



428

200 version 2 network 10.0.0.0 network 192.168.2.0 #return



429

CloudEngine 6800&5800 V100R001C00 Configuration Guide - IP Routing 04.pdf

Documents

Transcript of CloudEngine 6800&5800 V100R001C00 Configuration Guide - IP Routing 04.pdf