You are on page 1of 442

CloudEngine 6800&5800 Series Switches

V100R001C00
Configuration Guide - IP Routing
Issue 04
Date 2013-07-10
HUAWEI TECHNOLOGIES CO., LTD.


Copyright Huawei Technologies Co., Ltd. 2013. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.

Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.






Huawei Technologies Co., Ltd.
Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://enterprise.huawei.com
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
i
About This Document
Intended Audience
This document provides the basic concepts, configuration procedures, and configuration
examples for different application scenarios of the CE series switches, Topics covered include
static routes, routing protocols (RIP, BGP,OSPF, and IS-IS), and routing policies.
This document is intended for:
l Data configuration engineers
l Commissioning engineers
l Network monitoring engineers
l System maintenance engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
DANGER
Indicates a hazard with a high level or medium level of risk
which, if not avoided, could result in death or serious injury.
WARNING
Indicates a hazard with a low level of risk which, if not
avoided, could result in minor or moderate injury.
CAUTION
Indicates a potentially hazardous situation that, if not
avoided, could result in equipment damage, data loss,
performance deterioration, or unanticipated results.
TIP
Provides a tip that may help you solve a problem or save time.
NOTE
Provides additional information to emphasize or supplement
important points in the main text.

CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing About This Document
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
ii
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention Description
Boldface The keywords of a command line are in boldface.
Italic Command arguments are in italics.
[ ] Items (keywords or arguments) in brackets [ ] are optional.
{ x | y | ... } Optional items are grouped in braces and separated by
vertical bars. One item is selected.
[ x | y | ... ] Optional items are grouped in brackets and separated by
vertical bars. One item is selected or no item is selected.
{ x | y | ... }
*
Optional items are grouped in braces and separated by
vertical bars. A minimum of one item or a maximum of all
items can be selected.
[ x | y | ... ]
*
Optional items are grouped in brackets and separated by
vertical bars. You can select one or several items, or select
no item.
&<1-n> The parameter before the & sign can be repeated 1 to n times.
# A line starting with the # sign is comments.

Interface Numbering Conventions
Interface numbers used in this manual are examples. In device configuration, use the existing
interface numbers on devices.
Change History
Updates between document issues are cumulative. Therefore, the latest document issue contains
all updates made in previous issues.
Changes in Issue 04 (2013-07-10)
This version has the following updates:
The following information is modified:
l 5.15.4 Example for Configuring IS-IS Auto FRR
l 5.15.2 Example for Configuring IS-IS DIS Election
l 4.19.5 Example for Configuring Load Balancing Among OSPF Routes
l 6.2 BGP Features Supported by the Device
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing About This Document
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
iii
l 2.9.4 Example for Configuring FRR for IPv4 Static Routes on the Public Network
l 2.8 Associating IPv4 Static Routes with NQA
l 5.6.3 Configuring Principles for Using Equal-Cost IS-IS Routes
l 4.9.4 Configuring External Route Selection Rules Compatible with RFC 1583
Changes in Issue 03 (2013-05-10)
This version has the following updates:
The following information is modified:
l 8.3.1 Example for Configuring an MCE Device
l 3.14.3 Example for Configuring Dynamic BFD for RIP
Changes in Issue 02 (2013-03-15)
This version has the following updates:
The following information is modified:
l 4.8 Configuring OSPF NSSA Areas
Changes in Issue 01 (2012-12-31)
Initial commercial release.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing About This Document
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
iv
Contents
About This Document.....................................................................................................................ii
1 IP Routing Basic Configuration..................................................................................................1
1.1 Displaying and Maintaining a Routing Table.................................................................................................................2
1.2 Configuring IPv4 FRR....................................................................................................................................................2
1.3 Configuring the ECMP Load Balancing Mode..............................................................................................................3
1.4 Configuration Examples.................................................................................................................................................4
1.4.1 Example for Configuring IPv4 FRR on the Public Network.......................................................................................4
2 Static Route Configuration........................................................................................................11
2.1 Static Route Overview..................................................................................................................................................13
2.2 Static Route Features Supported by the Device...........................................................................................................13
2.3 Default Configuration of Static Routes........................................................................................................................14
2.4 Configuring IPv4 Static Routes....................................................................................................................................14
2.4.1 Creating IPv4 Static Routes.......................................................................................................................................14
2.4.2 (Optional) Setting the Default Preference for IPv4 Static Routes.............................................................................15
2.4.3 (Optional) Configuring Static Route Selection Based on Iteration Depth................................................................16
2.4.4 Checking the Configuration.......................................................................................................................................17
2.5 Configuring Dynamic BFD for IPv4 Static Routes......................................................................................................17
2.6 Configuring Static BFD for IPv4 Static Routes...........................................................................................................18
2.7 Configuring FRR for IPv4 Static Routes......................................................................................................................19
2.8 Associating IPv4 Static Routes with NQA...................................................................................................................20
2.9 Configuration Examples...............................................................................................................................................22
2.9.1 Example for Configuring IPv4 Static Routes............................................................................................................22
2.9.2 Example for Configuring Dynamic BFD for IPv4 Static Routes..............................................................................26
2.9.3 Example for Configuring Static BFD for IPv4 Static Routes...................................................................................29
2.9.4 Example for Configuring FRR for IPv4 Static Routes on the Public Network.........................................................31
2.9.5 Example for Configuring NQA for IPv4 Static Routes.............................................................................................36
3 RIP Configuration.......................................................................................................................44
3.1 RIP Overview...............................................................................................................................................................46
3.2 RIP Features Supported by the Device.........................................................................................................................46
3.3 Default Configuration...................................................................................................................................................47
3.4 Configuring Basic RIP Functions.................................................................................................................................47
3.4.1 Enabling RIP..............................................................................................................................................................48
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing Contents
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
v
3.4.2 Enabling RIP on the Specified Network Segment.....................................................................................................48
3.4.3 (Optional) Configuring RIP Neighbors on an NBMA Network...............................................................................49
3.4.4 (Optional) Specifying the RIP Version.....................................................................................................................50
3.4.5 Checking the Configuration.......................................................................................................................................51
3.5 Configuring RIP-2........................................................................................................................................................51
3.5.1 Configuring RIP-2 Route Summarization.................................................................................................................51
3.5.2 Configuring RIP-2 Packet Authentication.................................................................................................................52
3.5.3 Checking the Configuration.......................................................................................................................................53
3.6 Avoiding Routing Loops..............................................................................................................................................53
3.6.1 Configuring Split Horizon.........................................................................................................................................54
3.6.2 Configuring Poison Reverse......................................................................................................................................54
3.6.3 Checking the Configuration.......................................................................................................................................55
3.7 Controlling RIP Routing...............................................................................................................................................55
3.7.1 Configuring RIP Preference......................................................................................................................................55
3.7.2 Configuring Additional Metrics of an Interface........................................................................................................56
3.7.3 Setting the Maximum Number of Equal-Cost Routes...............................................................................................57
3.7.4 Checking the Configuration.......................................................................................................................................57
3.8 Controlling RIP Route Advertisement.........................................................................................................................58
3.8.1 Configuring RIP to Advertise Default Routes...........................................................................................................58
3.8.2 Disabling an Interface from Sending Update Packets...............................................................................................59
3.8.3 Configuring RIP to Import Routes............................................................................................................................60
3.8.4 Checking the Configuration.......................................................................................................................................61
3.9 Controlling Receiving of RIP Routing Information.....................................................................................................61
3.9.1 Disabling an Interface from Receiving RIP Update Packets.....................................................................................61
3.9.2 Configuring RIP to Deny Host Routes......................................................................................................................62
3.9.3 Configuring RIP to Filter Received Routes...............................................................................................................63
3.9.4 Checking RIP Packets with Metric 0.........................................................................................................................63
3.9.5 Checking the Configuration.......................................................................................................................................64
3.10 Improving RIP Network Performance........................................................................................................................64
3.10.1 Configuring RIP Timers..........................................................................................................................................65
3.10.2 Setting the Interval for Sending Update Packets and Maximum Number of Sent Packets.....................................66
3.10.3 Setting the Maximum Length of RIP Packets.........................................................................................................66
3.10.4 Configuring RIP to Check the Validity of Update Packets.....................................................................................67
3.10.5 Configuring RIP Triggered Update.........................................................................................................................68
3.10.6 Setting the Maximum Number of RIP Routes.........................................................................................................69
3.10.7 Checking the Configuration.....................................................................................................................................69
3.11 Configuring BFD for RIP...........................................................................................................................................70
3.11.1 Configuring Dynamic BFD for RIP........................................................................................................................70
3.11.2 Configuring Static BFD for RIP..............................................................................................................................72
3.12 Configuring the Network Management Function for RIP..........................................................................................74
3.13 Maintaining RIP.........................................................................................................................................................74
3.13.1 Resetting RIP...........................................................................................................................................................75
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing Contents
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
vi
3.13.2 Clearing RIP Statistics.............................................................................................................................................75
3.14 Configuration Examples.............................................................................................................................................75
3.14.1 Example for Configuring Basic RIP Functions.......................................................................................................76
3.14.2 Example for Importing Routes to RIP.....................................................................................................................79
3.14.3 Example for Configuring Dynamic BFD for RIP...................................................................................................83
3.15 Common Configuration Errors...................................................................................................................................88
3.15.1 Failed to Receive RIP Update Packets from Neighbors..........................................................................................88
3.15.2 Failed to Send RIP Update Packets to Neighbors...................................................................................................89
3.15.3 Route Flapping Occurs on a RIP Network..............................................................................................................89
4 OSPF Configuration....................................................................................................................91
4.1 OSPF Overview............................................................................................................................................................93
4.2 OSPF Features Supported by the Device.....................................................................................................................96
4.3 Default Configuration...................................................................................................................................................99
4.4 Configuring Basic OSPF Functions...........................................................................................................................100
4.4.1 Creating an OSPF Process.......................................................................................................................................100
4.4.2 Creating an OSPF Area...........................................................................................................................................101
4.4.3 Enable OSPF............................................................................................................................................................102
4.4.4 Checking the Configuration.....................................................................................................................................103
4.5 Setting Parameters for OSPF Neighbor Relationship.................................................................................................104
4.5.1 Setting the OSPF Packet Retransmission Limit......................................................................................................104
4.5.2 Configuring an Interface to Fill in the DD Packet with the Actual MTU...............................................................105
4.5.3 Checking the Configuration.....................................................................................................................................105
4.6 Configuring OSPF Attributes in Different Types of Networks..................................................................................106
4.6.1 Configuring Network Types of OSPF Interfaces....................................................................................................107
4.6.2 (Optional) Setting the DR Priority for the OSPF Interface of the Broadcast or NBMA Network Type.................108
4.6.3 (Optional) Disabling the Function of Checking the Network Mask on a P2MP Network......................................109
4.6.4 Configuring Neighbors for NBMA Networks.........................................................................................................109
4.6.5 (Optional) Configuring the Interval for Sending Poll Packets in NBMA Networks...............................................110
4.6.6 Checking the Configuration.....................................................................................................................................110
4.7 Configuring OSPF Stub Areas...................................................................................................................................111
4.7.1 Defining the Current Area to be a Stub Area..........................................................................................................111
4.7.2 (Optional) Configuring Metrics of Default Routes Sent to Stub Areas..................................................................112
4.7.3 Checking the Configuration.....................................................................................................................................113
4.8 Configuring OSPF NSSA Areas.................................................................................................................................113
4.9 Adjusting OSPF Route Selection...............................................................................................................................116
4.9.1 Setting the Link Cost for an OSPF Interface...........................................................................................................116
4.9.2 Setting the Preference for Equal-cost OSPF Routes...............................................................................................117
4.9.3 Setting the Maximum Number of Equal-Cost Routes.............................................................................................118
4.9.4 Configuring External Route Selection Rules Compatible with RFC 1583.............................................................119
4.9.5 Checking the Configuration.....................................................................................................................................119
4.10 Controlling OSPF Routing Information...................................................................................................................120
4.10.1 Configuring OSPF to Import External Routes......................................................................................................120
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing Contents
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
vii
4.10.2 Configuring OSPF to Advertise the Default Route to the OSPF Area..................................................................122
4.10.3 Configuring OSPF Route Aggregation..................................................................................................................123
4.10.4 Configuring OSPF to Filter the Received Routes.................................................................................................124
4.10.5 Configuring OSPF to Filter the Routes to Be Advertised.....................................................................................125
4.10.6 Configuring OSPF to Filter ABR Type3 LSA......................................................................................................125
4.10.7 Checking the Configuration...................................................................................................................................126
4.11 Configuring OSPF IP FRR.......................................................................................................................................126
4.11.1 Enabling OSPF IP FRR.........................................................................................................................................127
4.11.2 (Optional) Blocking FRR on an OSPF Interface...................................................................................................128
4.11.3 Checking the Configuration...................................................................................................................................128
4.12 Configuring BFD for OSPF......................................................................................................................................129
4.12.1 Configuring Global BFD.......................................................................................................................................129
4.12.2 Configuring BFD for OSPF Feature......................................................................................................................130
4.12.3 (Optional) Preventing an Interface from Dynamically Setting Up a BFD Session...............................................131
4.12.4 (Optional) Configuring BFD on the Specified Interface.......................................................................................131
4.12.5 Checking the Configuration...................................................................................................................................132
4.13 Configuring OSPF Fast Convergence......................................................................................................................132
4.13.1 Setting the Convergence Priority of OSPF Routes................................................................................................132
4.13.2 Setting the Interval for Sending Hello Packets......................................................................................................133
4.13.3 Setting the Dead Time of the Neighbor Relationship............................................................................................134
4.13.4 Configuring Smart-discover..................................................................................................................................135
4.13.5 Setting the Interval for Updating LSAs.................................................................................................................135
4.13.6 Setting the Interval for Receiving LSAs................................................................................................................137
4.13.7 Setting the Interval for the SPF Calculation..........................................................................................................138
4.13.8 Checking the Configuration...................................................................................................................................139
4.14 Configuring OSPF GR Helper..................................................................................................................................139
4.15 Improving the Stability of an OSPF Network..........................................................................................................140
4.15.1 Setting the Priority of OSPF..................................................................................................................................141
4.15.2 Configuring the Delay for Transmitting LSAs on the Interface............................................................................141
4.15.3 Configuring the Interval for Retransmitting LSAs................................................................................................142
4.15.4 Configuring Secure Synchronization.....................................................................................................................142
4.15.5 Configuring Stub Routers......................................................................................................................................143
4.15.6 Suppressing an Interface from Receiving or Sending OSPF Packets...................................................................144
4.15.7 Checking the Configuration...................................................................................................................................144
4.16 Improving the Security of an OSPF Network..........................................................................................................145
4.16.1 Configuring the Area Authentication Mode..........................................................................................................145
4.16.2 Configuring the Interface Authentication Mode....................................................................................................146
4.16.3 Checking the Configuration...................................................................................................................................147
4.17 Configuring the Network Management Function of OSPF......................................................................................148
4.18 Maintaining OSPF....................................................................................................................................................148
4.18.1 Clearing OSPF.......................................................................................................................................................149
4.18.2 Resetting OSPF......................................................................................................................................................149
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing Contents
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
viii
4.19 Configuring Examples..............................................................................................................................................150
4.19.1 Example for Configuring Basic OSPF Functions..................................................................................................150
4.19.2 Example for Configuring OSPF Stub Areas..........................................................................................................155
4.19.3 Example for Configuring an NSSA Area..............................................................................................................160
4.19.4 Example for Configuring DR Election of OSPF...................................................................................................165
4.19.5 Example for Configuring Load Balancing Among OSPF Routes.........................................................................170
4.19.6 Example for Configuring OSPF IP FRR...............................................................................................................175
4.19.7 Example for Configuring BFD for OSPF..............................................................................................................181
5 IPv4 IS-IS Configuration..........................................................................................................186
5.1 IS-IS Overview...........................................................................................................................................................188
5.2 IS-IS (IPv4) Features Supported by the Device.........................................................................................................188
5.3 Default Configuration.................................................................................................................................................190
5.4 Configure Basic IS-IS Functions................................................................................................................................191
5.4.1 Creating IS-IS Processes.........................................................................................................................................191
5.4.2 Configuring a NET..................................................................................................................................................192
5.4.3 Configuring the Device Level.................................................................................................................................192
5.4.4 Establishing IS-IS Neighbor Relationships.............................................................................................................193
5.4.5 Checking the Configuration.....................................................................................................................................196
5.5 Improving IS-IS Network Security.............................................................................................................................196
5.5.1 Configuring Interface Authentication......................................................................................................................197
5.5.2 Configuring Area or Domain Authentication..........................................................................................................198
5.5.3 Checking the Configuration.....................................................................................................................................200
5.6 Controlling IS-IS Route Selection..............................................................................................................................200
5.6.1 Configuring a Preference Value for IS-IS...............................................................................................................200
5.6.2 Configuring the Cost of an IS-IS Interface..............................................................................................................201
5.6.3 Configuring Principles for Using Equal-Cost IS-IS Routes....................................................................................204
5.6.4 Configuring IS-IS Route Leaking............................................................................................................................205
5.6.5 Checking the Configuration.....................................................................................................................................206
5.7 Controlling IS-IS Route Exchange.............................................................................................................................206
5.7.1 Configuring IS-IS to Advertise a Default Route.....................................................................................................207
5.7.2 Configuring IS-IS to Import External Routes..........................................................................................................208
5.7.3 Configuring IS-IS to Advertise Specified External Routes to an IS-IS Routing Domain.......................................208
5.7.4 Adding Specified IS-IS Routes to the IP Routing Table.........................................................................................209
5.7.5 Checking the Configuration.....................................................................................................................................210
5.8 Configuring IS-IS Route Summarization...................................................................................................................210
5.9 Controlling IS-IS Route Convergence........................................................................................................................211
5.9.1 Configuring Attributes for Hello Packets................................................................................................................211
5.9.2 Configuring Attributes for LSPs..............................................................................................................................213
5.9.3 Configuring Attributes for CSNPs..........................................................................................................................218
5.9.4 Setting the SPF Calculation Interval.......................................................................................................................219
5.9.5 Configuring Convergence Priorities for IS-IS Routes.............................................................................................220
5.9.6 Checking the Configuration.....................................................................................................................................221
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing Contents
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
ix
5.10 Configuring LSP Fragment Extension.....................................................................................................................221
5.11 Configuring a Mesh Group on an NBMA Network.................................................................................................222
5.12 Configuring IS-IS Reliability...................................................................................................................................223
5.12.1 Enabling IS-IS Auto FRR......................................................................................................................................223
5.12.2 Configuring Static BFD for IS-IS..........................................................................................................................225
5.12.3 Configuring Dynamic BFD for IS-IS....................................................................................................................226
5.13 Configuring the Overload Bit for an IS-IS Device...................................................................................................229
5.14 Maintaining IS-IS.....................................................................................................................................................229
5.14.1 Resetting IS-IS.......................................................................................................................................................230
5.14.2 Suppressing IS-IS..................................................................................................................................................230
5.14.3 Configuring IS-IS Host Name Mapping................................................................................................................231
5.15 Configuration Examples...........................................................................................................................................232
5.15.1 Example for Configuring Basic IS-IS Functions...................................................................................................232
5.15.2 Example for Configuring IS-IS DIS Election........................................................................................................237
5.15.3 Example for Configuring IS-IS to Interact with BGP...........................................................................................242
5.15.4 Example for Configuring IS-IS Auto FRR............................................................................................................247
5.15.5 Example for Configuring Static BFD for IS-IS.....................................................................................................255
5.15.6 Example for Configuring Dynamic BFD for IS-IS...............................................................................................259
5.16 Common Configuration Errors.................................................................................................................................265
5.16.1 Failed to Establish IS-IS Neighbor Relationships.................................................................................................266
5.16.2 A Device Cannot Learn IS-IS Routes from Its Neighbor......................................................................................267
6 BGP Configuration....................................................................................................................269
6.1 BGP Overview............................................................................................................................................................271
6.2 BGP Features Supported by the Device.....................................................................................................................271
6.3 Default Configuration.................................................................................................................................................275
6.4 Configuring Basic BGP Functions.............................................................................................................................275
6.4.1 Starting a BGP Process............................................................................................................................................276
6.4.2 Configuring BGP Peers...........................................................................................................................................276
6.4.3 (Optional) Configuring a BGP Peer Group.............................................................................................................278
6.4.4 Configuring BGP to Import Routes.........................................................................................................................279
6.4.5 Checking the Configuration.....................................................................................................................................281
6.5 Configuring BGP Security..........................................................................................................................................281
6.5.1 Configuring MD5 Authentication...........................................................................................................................282
6.5.2 Configuring Keychain Authentication.....................................................................................................................282
6.5.3 Configuring BGP GTSM.........................................................................................................................................283
6.5.4 Checking the Configuration.....................................................................................................................................284
6.6 Simplifying IBGP Network Connections...................................................................................................................284
6.6.1 Configuring a BGP Route Reflector........................................................................................................................285
6.6.2 Configuring a BGP Confederation..........................................................................................................................286
6.7 Configuring BGP Route Selection and Load Balancing............................................................................................287
6.7.1 Configuring the BGP Priority..................................................................................................................................287
6.7.2 Configuring the Next_Hop Attribute.......................................................................................................................288
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing Contents
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
x
6.7.3 Configuring the PrefVal Attribute...........................................................................................................................289
6.7.4 Configuring the Default Local_Pref Attribute.........................................................................................................290
6.7.5 Configuring the AS_Path Attribute.........................................................................................................................291
6.7.6 Configuring the MED Attribute..............................................................................................................................293
6.7.7 Configuring the BGP Community Attribute...........................................................................................................294
6.7.8 Configuring BGP Load Balancing..........................................................................................................................296
6.7.9 Checking the Configuration.....................................................................................................................................298
6.8 Controlling the Receiving and Advertisement of BGP Routes..................................................................................298
6.8.1 Configuring a Routing Policy..................................................................................................................................299
6.8.2 Controlling the Advertisement of BGP Routes.......................................................................................................299
6.8.3 Controlling the Receiving of BGP Routes..............................................................................................................301
6.8.4 Configuring BGP Soft Reset...................................................................................................................................303
6.8.5 Checking the Configuration.....................................................................................................................................304
6.9 Adjusting the BGP Network Convergence Speed......................................................................................................305
6.9.1 Configuring a BGP ConnectRetry Timer................................................................................................................305
6.9.2 Configuring BGP Keepalive and Hold Timers........................................................................................................306
6.9.3 Configuring a Update Message Timer.....................................................................................................................308
6.9.4 Disabling Rapid EBGP Connection Reset...............................................................................................................309
6.9.5 Configuring BGP Route Dampening.......................................................................................................................309
6.9.6 Checking the Configuration.....................................................................................................................................310
6.10 Configuring BGP Reliability....................................................................................................................................311
6.10.1 Configuring Association Between BGP and BFD................................................................................................311
6.10.2 Configuring BGP Auto FRR.................................................................................................................................313
6.10.3 Configuring the BGP GR Helper Function...........................................................................................................314
6.11 Configuring BGP Route Summarization..................................................................................................................315
6.12 Configuring On-demand Route Advertisement........................................................................................................316
6.13 Configuring BGP to Advertise Default Routes to Peers..........................................................................................317
6.14 Configuring MP-BGP...............................................................................................................................................318
6.15 Maintaining BGP......................................................................................................................................................319
6.15.1 Resetting BGP Connections..................................................................................................................................319
6.15.2 Clearing BGP Statistics.........................................................................................................................................320
6.16 Configuration Examples...........................................................................................................................................321
6.16.1 Example for Configuring Basic BGP Functions...................................................................................................321
6.16.2 Example for Configuring Basic MBGP Functions................................................................................................327
6.16.3 Example for Configuring BGP Load Balancing and the MED Attribute..............................................................335
6.16.4 Example for Configuring a BGP Route Reflector.................................................................................................339
6.16.5 Example for Configuring a BGP Confederation...................................................................................................345
6.16.6 Example for Configuring the BGP Community Attribute.....................................................................................353
6.16.7 Example for Configuring Prefix-based BGP ORF................................................................................................357
6.16.8 Example for Configuring BGP Route Dampening................................................................................................361
6.16.9 Example for Associating BGP with BFD..............................................................................................................365
6.16.10 Example for Configuring BGP Auto FRR..........................................................................................................370
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing Contents
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
xi
7 Routing Policy Configuration.................................................................................................376
7.1 Routing Policy Overview...........................................................................................................................................377
7.2 Routing Policy Features Supported by the Device.....................................................................................................377
7.3 Filter Configuration....................................................................................................................................................378
7.3.1 Configuring an IP Prefix List..................................................................................................................................379
7.3.2 Configuring an AS_Path Filter................................................................................................................................380
7.3.3 Configuring a Community Filter.............................................................................................................................380
7.3.4 Configuring an Extended Community Filter...........................................................................................................381
7.3.5 Configuring an RD Filter.........................................................................................................................................382
7.4 Configuring a Routing Policy.....................................................................................................................................382
7.4.1 Creating a Routing Policy........................................................................................................................................383
7.4.2 (Optional) Configuring an if-match Clause.............................................................................................................383
7.4.3 (Optional) Configuring an apply Clause.................................................................................................................385
7.4.4 Checking the Configuration.....................................................................................................................................387
7.5 Maintaining the Routing Policy..................................................................................................................................387
7.6 Configuration Examples.............................................................................................................................................388
7.6.1 Example for Filtering the Routes to Be Received or Advertised............................................................................388
7.6.2 Example for Applying a Routing Policy for Importing Routes...............................................................................393
8 MCE Configuration...................................................................................................................398
8.1 MCE Overview...........................................................................................................................................................399
8.2 Configuring an MCE Device......................................................................................................................................402
8.2.1 Configuring a VPN Instance....................................................................................................................................403
8.2.2 Configure Route Exchange Between an MCE Device and VPN Sites...................................................................405
8.2.3 Configure Route Exchange Between an MCE Device and a PE Device................................................................411
8.2.4 Checking the Configuration.....................................................................................................................................415
8.3 Configuration Examples.............................................................................................................................................416
8.3.1 Example for Configuring an MCE Device..............................................................................................................416
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing Contents
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
xii
1 IP Routing Basic Configuration
About This Chapter
You can configure IP routing to learn about basic parameters for IP routing.
1.1 Displaying and Maintaining a Routing Table
You can view routing tables to learn about the network topology and locate routing faults.
1.2 Configuring IPv4 FRR
IPv4 FRR applies to the services that are very sensitive to delay and packet loss on IPv4 networks.
1.3 Configuring the ECMP Load Balancing Mode
Equal-Cost Multi-Path routing (ECMP) implements load balancing and link backup.
1.4 Configuration Examples
This section provides examples for configuring IP routing, including networking requirements
and configuration roadmap.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 1 IP Routing Basic Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
1
1.1 Displaying and Maintaining a Routing Table
You can view routing tables to learn about the network topology and locate routing faults.
Context
You can view routing table information to locate routing faults. The following describes the
commands used to display and maintain routing table information.
The display commands can be used in all views. The reset commands are used in the user view.
If the switch imports a large number of routes, system performance may be affected when
services are being processed because the routes consume a lot of system resources. To improve
system security and reliability, configure a limit on the number of public route prefixes. When
the number of public route prefixes exceeds the limit, an alarm is generated, prompting you to
check whether unnecessary public route prefixes exist.
Procedure
l Run the display ip routing-table command to check brief information about the active
routes in the IPv4 routing table.
l Run the display ip routing-table verbose command to check detailed information about
the IPv4 routing table.
l Run the display ip routing-table ip-address [ mask | mask-length ] [ longer-match ]
[ verbose ] command to check detailed information about the routes with the specified
destination address in the IPv4 routing table.
l Run the display ip routing-table ip-address1 { mask1 | mask-length1 } ip-address2
{ mask2 | mask-length2 } [ verbose ] command to check detailed information about the
routes within the specified destination address range in the IPv4 routing table.
l Run the display ip routing-table ip-prefix ip-prefix-name [ verbose ] command to check
detailed information about the routes that match the specified IP prefix list in the IPv4
routing table.
l Run the display ip routing-table protocol protocol [ inactive | verbose ] command to
check detailed information about the routes discovered by the specified routing protocol in
the IPv4 routing table.
l Run the display ip routing-table statistics command to check route statistics in the IPv4
routing table.
l Run the reset ip routing-table statistics protocol [ vpn-instance vpn-instance-name ]
{ all | protocol } command to clear route statistics in the IPv4 routing table.
l Run the ip prefix limit number { alert-percent [ route-unchanged ] | simply-alert }
command in the system view to set a limit on the number of IPv4 public route prefixes.
l Run the ipv6 prefix limit number { alert-percent [ route-unchanged ] | simply-alert }
command in the system view to set a limit on the number of IPv6 public route prefixes.
----End
1.2 Configuring IPv4 FRR
IPv4 FRR applies to the services that are very sensitive to delay and packet loss on IPv4 networks.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 1 IP Routing Basic Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
2
Applicable Environment
If a link failure occurs after FRR is enabled, the fault detection module reports the failure to the
upper-layer routing system. The FRR module immediately uses a backup link to forward packets,
minimizing the impact of the link failure on services.
CAUTION
IPv4 FRR implements route backup among routes of different routing protocols and may cause
routing loops. Therefore, exercise caution when using IPv4 FRR.
Pre-configuration Tasks
Before configuring IPv4 FRR, complete the following task:
l Configuring link layer protocol parameters and assigning IPv4 addresses to interfaces to
ensure that the link layer protocol of the interfaces is Up
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ip frr
IPv4 FRR is enabled.
NOTE
When FRR is configured in both the system view and the routing protocol view, FRR configured in the
routing protocol view is used for route backup.
Step 3 Run:
commit
The configuration is committed.
----End
Checking the Configuration
After IPv4 FRR is configured, run the following command to check the configuration.
Run the display ip routing-table verbose command to check detailed information about the
backup outbound interfaces and backup next hops of routes in the routing table.
1.3 Configuring the ECMP Load Balancing Mode
Equal-Cost Multi-Path routing (ECMP) implements load balancing and link backup.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 1 IP Routing Basic Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
3
Context
ECMP applies to the network where multiple links to the same destination are available. In the
traditional routing technology, packets are forwarded to the destination through one link only;
the other links are in backup or inactive state; switching between these links requires a certain
period when dynamic routes are used. Different from the traditional routing technology, ECMP
can use multiple links to increase transmission bandwidth and transmit data on a faulty link
without any delay or packet loss.
Procedure
1. Run:
system-view
The system view is displayed.
2. Run:
load-balance ecmp
The ECMP view is displayed.
3. Run:
ipv4 { src-ip | dst-ip | vlan | l4-src-port | l4-dst-port | protocol | src-
interface }
*
The ECMP load balancing mode of IPv4 packets is set.
By default, ECMP load balancing is performed on IPv4 packets based on the source
IP address, destination IP address, and port number.
4. Run:
commit
The configuration is committed.
----End
Checking the Configuration
Run the display port forwarding-path src-ip src-ip-data dst-ip dst-ip-data command to check
the outbound interface and statistics about packets that contain specified 5-tuple information.
1.4 Configuration Examples
This section provides examples for configuring IP routing, including networking requirements
and configuration roadmap.
1.4.1 Example for Configuring IPv4 FRR on the Public Network
Networking Requirements
As shown in Figure 1-1, OSPF is configured on SwitchT, SwitchA, and SwitchC, and IS-IS is
configured on SwitchT, SwitchB, and SwitchC. OSPF routes have a higher priority than IS-IS
routes. Therefore, link B is the backup link of link A. Traffic must be rapidly switched from link
A to link B when a fault occurs on link A.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 1 IP Routing Basic Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
4
Figure 1-1 Networking diagram of configuring IPv4 FRR on the public network
10GE1/0/1
VLANIF20
192.168.10.2/24
10GE1/0/2
VLANIF20
192.168.10.1/24
10GE1/0/2
VLANIF40
192.168.11.1/24
10GE1/0/3
VLANIF50
192.168.21.1/24
10GE1/0/2
VLANIF50
192.168.21.2/24
10GE1/0/2
VLANIF40
192.168.11.2/24
10GE1/0/1
VLANIF30
192.168.20.2/24
10GE1/0/3
VLANIF30
192.168.20.1/24
10GE1/0/1
VLANIF60
172.17.1.1/24
10GE1/0/1
VLANIF10
172.16.1.1/24
SwitchA
SwitchB
SwitchT SwitchC
Link A
Link B

Configuration Roadmap
Enable IPv4 FRR on the public network on SwitchT so that traffic can be rapidly switched to
link B when a fault occurs on link A.
Procedure
Step 1 Create VLANs and add interfaces to the VLANs.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchT
[~HUAWEI] commit
[~SwitchT] vlan batch 10 20 30
[~SwitchT] interface 10ge 1/0/1
[~SwitchT-10GE1/0/1] port link-type trunk
[~SwitchT-10GE1/0/1] port trunk allow-pass vlan 10
[~SwitchT-10GE1/0/1] quit
[~SwitchT] interface 10ge 1/0/2
[~SwitchT-10GE1/0/2] port link-type trunk
[~SwitchT-10GE1/0/2] port trunk allow-pass vlan 20
[~SwitchT-10GE1/0/2] quit
[~SwitchT] interface 10ge 1/0/3
[~SwitchT-10GE1/0/3] port link-type trunk
[~SwitchT-10GE1/0/3] port trunk allow-pass vlan 30
[~SwitchT-10GE1/0/3] quit
[~SwitchT] commit
The configurations of SwitchA, SwitchB, and SwitchC are similar to the configuration of
SwitchT, and are not mentioned here.
Step 2 Assign IPv4 addresses to VLANIF interfaces.
[~SwitchT] interface vlanif 10
[~SwitchT-Vlanif10] ip address 172.16.1.1 24
[~SwitchT-Vlanif10] quit
[~SwitchT] interface vlanif 20
[~SwitchT-Vlanif20] ip address 192.168.10.1 24
[~SwitchT-Vlanif20] quit
[~SwitchT] interface vlanif 30
[~SwitchT-Vlanif30] ip address 192.168.20.1 24
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 1 IP Routing Basic Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
5
[~SwitchT-Vlanif30] quit
[~SwitchT] commit
The configurations of SwitchA, SwitchB, and SwitchC are similar to the configuration of
SwitchT, and are not mentioned here.
Step 3 Configure OSPF on SwitchT, SwitchA, and SwitchC.
# Configure SwitchT.
[~SwitchT] ospf
[~SwitchT-ospf-1] area 0
[~SwitchT-ospf-1-area-0.0.0.0] network 172.16.1.0 0.0.0.255
[~SwitchT-ospf-1-area-0.0.0.0] network 192.168.10.0 0.0.0.255
[~SwitchT-ospf-1-area-0.0.0.0] commit
# Configure SwitchA.
[~SwitchA] ospf
[~SwitchA-ospf-1] area 0
[~SwitchA-ospf-1-area-0.0.0.0] network 192.168.10.0 0.0.0.255
[~SwitchA-ospf-1-area-0.0.0.0] network 192.168.11.0 0.0.0.255
[~SwitchA-ospf-1-area-0.0.0.0] commit
# Configure SwitchC.
[~SwitchC] ospf
[~SwitchC-ospf-1] area 0
[~SwitchC-ospf-1-area-0.0.0.0] network 172.17.1.0 0.0.0.255
[~SwitchC-ospf-1-area-0.0.0.0] network 192.168.11.0 0.0.0.255
[~SwitchC-ospf-1-area-0.0.0.0] commit
Step 4 Configure IS-IS on SwitchT, SwitchB, and SwitchC.
# Configure SwitchT.
[~SwitchT] isis
[~SwitchT-isis-1] network-entity 10.0000.0000.0001.00
[~SwitchT-isis-1] quit
[~SwitchT] interface vlanif 10
[~SwitchT-Vlanif10] isis enable 1
[~SwitchT-Vlanif10] quit
[~SwitchT] interface vlanif 30
[~SwitchT-Vlanif30] isis enable 1
[~SwitchT-Vlanif30] commit
[~SwitchT-Vlanif30] quit
# Configure SwitchB.
[~SwitchB] isis
[~SwitchB-isis-1] network-entity 10.0000.0000.0002.00
[~SwitchB-isis-1] quit
[~SwitchB] interface vlanif 30
[~SwitchB-Vlanif30] isis enable 1
[~SwitchB-Vlanif30] quit
[~SwitchB] interface vlanif 50
[~SwitchB-Vlanif50] isis enable 1
[~SwitchB-Vlanif50] commit
[~SwitchB-Vlanif50] quit
# Configure SwitchC.
[~SwitchC] isis
[~SwitchC-isis-1] network-entity 10.0000.0000.0003.00
[~SwitchC-isis-1] quit
[~SwitchC] interface vlanif 50
[~SwitchC-Vlanif50] isis enable 1
[~SwitchC-Vlanif50] quit
[~SwitchC] interface vlanif 60
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 1 IP Routing Basic Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
6
[~SwitchC-Vlanif60] isis enable 1
[~SwitchC-Vlanif60] commit
[~SwitchC-Vlanif60] quit
Step 5 Check routing information.
# Check the routes to destination 172.17.1.0 on SwitchT.
<SwitchT> display ip routing-table 172.17.1.0 verbose
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : _public_
Summary Count : 2
Destination: 172.17.1.0/24
Protocol: OSPF Process ID: 1
Preference: 10 Cost: 3
NextHop: 192.168.10.2 Neighbour: 0.0.0.0
State: Active Adv Age: 00h00m07s
Tag: 0 Priority: low
Label: NULL QoSInfo: 0xa98ac7
IndirectID: 0x40000041
RelayNextHop: 0.0.0.0 Interface: Vlanif20
TunnelID: 0x0 Flags: D
Destination: 172.17.1.0/24
Protocol: ISIS-L1 Process ID: 1
Preference: 15 Cost: 30
NextHop: 192.168.20.2 Neighbour: 0.0.0.0
State: Inactive Adv Age: 00h01m26s
Tag: 0 Priority: high
Label: NULL QoSInfo: 0xa98ac7
IndirectID: 0x80000081
RelayNextHop: 0.0.0.0 Interface: Vlanif30
TunnelID: 0x0 Flags: 0
The routing table contains two routes to 172.17.1.0/24. OSPF routes have a higher priority than
IS-IS routes. Therefore, the route with next hop 192.168.10.2 is the optimal route.
Step 6 Enable IPv4 FRR on the public network.
# Enable IPv4 FRR on the public network on SwitchT.
<SwitchT> system-view
[~SwitchT] ip frr
[~SwitchT] commit
# Check information about the backup outbound interface and backup next hop on SwitchT.
<SwitchT> display ip routing-table 172.17.1.0 verbose
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : _public_
Summary Count : 2
Destination: 172.17.1.0/24
Protocol: OSPF Process ID: 1
Preference: 10 Cost: 3
NextHop: 192.168.10.2 Neighbour: 0.0.0.0
State: Active Adv Age: 00h01m36s
Tag: 0 Priority: low
Label: NULL QoSInfo: 0xa98ac7
IndirectID: 0x40000041
RelayNextHop: 0.0.0.0 Interface: Vlanif20
TunnelID: 0x0 Flags: D
BkNextHop: 192.168.20.2 BkInterface: Vlanif30
BkLabel: NULL SecTunnelID: 0x0
BkPETunnelID: 0x0 BkPESecTunnelID: 0x0
BkIndirectID: 0x80000081
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 1 IP Routing Basic Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
7
Destination: 172.17.1.0/24
Protocol: ISIS-L1 Process ID: 1
Preference: 15 Cost: 30
NextHop: 192.168.20.2 Neighbour: 0.0.0.0
State: Inactive Adv Age: 00h02m55s
Tag: 0 Priority: high
Label: NULL QoSInfo: 0xa98ac7
IndirectID: 0x80000081
RelayNextHop: 0.0.0.0 Interface: Vlanif30
TunnelID: 0x0 Flags: 0
The routing table contains the backup outbound interface and backup next hop of the route to
172.17.1.0/24. The IS-IS route becomes the backup route.
----End
Configuration Files
l Configuration file of SwitchT
#
sysname SwitchT
#
ip frr
#
isis 1
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
ip address 172.16.1.1 255.255.255.0
isis enable 1
#
interface Vlanif20
ip address 192.168.10.1 255.255.255.0
#
interface Vlanif30
ip address 192.168.20.1 255.255.255.0
isis enable 1
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 30
#
ospf 1
area 0.0.0.0
network 172.16.1.0 0.0.0.255
network 192.168.10.0 0.0.0.255
#
return
l Configuration file of SwitchA
#
sysname SwitchA
#
interface Vlanif20
ip address 192.168.10.2 255.255.255.0
#
interface Vlanif40
ip address 192.168.11.2 255.255.255.0
#
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 1 IP Routing Basic Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
8
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
ospf 1
area 0.0.0.0
network 192.168.10.0 0.0.0.255
network 192.168.11.0 0.0.0.255
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
isis 1
network-entity 10.0000.0000.0002.00
#
interface Vlanif30
ip address 192.168.20.2 255.255.255.0
isis enable 1
#
interface Vlanif50
ip address 192.168.21.2 255.255.255.0
isis enable 1
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 50
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
isis 1
network-entity 10.0000.0000.0003.00
#
interface Vlanif40
ip address 192.168.11.1 255.255.255.0
#
interface Vlanif50
ip address 192.168.21.1 255.255.255.0
isis enable 1
#
interface Vlanif60
ip address 172.17.1.1 255.255.255.0
isis enable 1
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 60
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 50
#
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 1 IP Routing Basic Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
9
ospf 1
area 0.0.0.0
network 172.17.1.0 0.0.0.255
network 192.168.11.0 0.0.0.255
#
return
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 1 IP Routing Basic Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
10
2 Static Route Configuration
About This Chapter
Static routes apply to simple networks. Proper static routes can improve network performance
and ensure bandwidth for important applications.
2.1 Static Route Overview
On a simple network, you only need to configure static routes to ensure that the network works
properly. On a complex large-scale network, static routes ensure bandwidth for important
applications because they remain unchanged even when the topology changes.
2.2 Static Route Features Supported by the Device
The Switch supports the following static route features: IPv4 static routes, static default routes,
bidirectional forwarding detection (BFD) for IPv4 static routes, NQA for IPv4 static routes, fast
reroute (FRR) for IPv4 static routes, and static routes in VPN instances.
2.3 Default Configuration of Static Routes
This section describes the default configuration of static routes, which can be changed according
to network requirements.
2.4 Configuring IPv4 Static Routes
On a network, you can accurately control route selection by configuring IPv4 static routes.
2.5 Configuring Dynamic BFD for IPv4 Static Routes
By configuring dynamic BFD to detect IPv4 static routes, you can enable devices to fast detect
link changes, improving network reliability.
2.6 Configuring Static BFD for IPv4 Static Routes
Static BFD for IPv4 static routes enables a device to rapidly detect changes of a link to a
destination address of a stack route, improving network reliability.
2.7 Configuring FRR for IPv4 Static Routes
FRR applies to IP services that are sensitive to packet delay and packet loss. FRR can be
configured for IPv4 static routes to implement traffic protection by use of a backup link.
2.8 Associating IPv4 Static Routes with NQA
If devices do not support BFD, associate IPv4 static routes with NAQ so that NQA test instances
can monitor the link status to improve network reliability.
2.9 Configuration Examples
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
11
This section provides configuration examples of static routes. Configuration examples explain
networking requirements, networking diagram, configuration notes, configuration roadmap, and
configuration procedure.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
12
2.1 Static Route Overview
On a simple network, you only need to configure static routes to ensure that the network works
properly. On a complex large-scale network, static routes ensure bandwidth for important
applications because they remain unchanged even when the topology changes.
2.2 Static Route Features Supported by the Device
The Switch supports the following static route features: IPv4 static routes, static default routes,
bidirectional forwarding detection (BFD) for IPv4 static routes, NQA for IPv4 static routes, fast
reroute (FRR) for IPv4 static routes, and static routes in VPN instances.
IPv4 Static Routes
IPv4 static routes are manually configured by the administrator. These routes ensure normal
running of simple networks and ensure bandwidth for important applications.
Static Default Routes
If the destination IP address of a packet does not match any entry in the routing table, the packet
is forwarded using the default route. If no default route exists and the destination IP address of
the packet does not match any entry in the routing table, the packet is discarded.
BFD for IPv4 Static Routes
Unlike dynamic routing protocols, static routes do not have a detection mechanism. When a fault
occurs on a network, the administrator needs to rectify the fault. BFD for static routes enables
a BFD session to monitor the status of the link of the static route on the public IPv4 network,
implementing fault detection at the millisecond level.
NQA for IPv4 Static Routes
In real-world situations, the link status is monitored in real time for network stability. If an active
link fails, traffic switches to a standby link to ensure non-stop traffic forwarding. The Address
Resolution Protocol (ARP) probe function and BFD are usually used to detect link faults. In
addition, Interior Gateway Protocol (IGP) convergence helps reveal link faults. However, these
methods are not applicable in certain situations, for example:
l If only one link on the network needs to be monitored, ARP detection is not applicable.
l If any device on the network does not support BFD, BFD is not applicable.
l If either end of a link is a Layer 2 device, dynamic routing protocols cannot be deployed.
As a result, IGP convergence is not applicable.
In these situations, NQA for IPv4 static routes can be configured to detect link faults. It can
detect faults on links where Layer 2 devices reside and take effect even if only one of the two
communicating devices supports NQA.
If a fault occurs, an NQA test instance can immediately detect the fault and instruct the system
to delete the associated static route from the IP routing table. Traffic is then forwarded along
another path.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
13
FRR for IPv4 Static Routes
On traditional IP networks, it takes the routing system several seconds to complete route
convergence after a fault is detected. For services that require a low delay and low packet loss
ratio, the convergence time of several seconds is intolerant because it may lead to service
interruption. For example, voice over IP (VoIP) services are tolerant of interruption at the
millisecond level. When a fault is detected at the physical layer or link layer, FRR for static
routes implements convergence at the millisecond level, reducing the impact on services.
Static Routes in VPN Instances
The device supports static routes associated with VPN instances. The static routes associated
with VPN instances are used to manage VPN routes.
2.3 Default Configuration of Static Routes
This section describes the default configuration of static routes, which can be changed according
to network requirements.
Table 2-1 describes the default configuration of static routes.
Table 2-1 Default configuration of static routes
Parameter Default Setting
Preference of static routes 60

2.4 Configuring IPv4 Static Routes
On a network, you can accurately control route selection by configuring IPv4 static routes.
Pre-configuration Tasks
Before configuring IPv4 static routes, complete the following task:
l Configuring link layer parameters and IP addresses for interfaces to ensure network-layer
communication between neighbor nodes
Configuration Procedures
You can perform the following configuration tasks (excluding the task of Checking the
Configuration) in any sequence as required.
2.4.1 Creating IPv4 Static Routes
Context
When creating static routes, you can specify both the outbound interface and next hop.
Alternatively, you can specify only the outbound interface or next hop based on the outbound
interface type.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
14
l Specify the outbound interface for P2P interfaces.
l Specify the next hop for non broadcast multiple access (NBMA) interfaces.
l Specify the next hop for broadcast interfaces (for example, Ethernet interfaces).
If you specify the same preference for static routes to the same destination, you can implement
load balancing among these routes. If you specify different preferences for static routes, you can
implement route backup among the routes.
If the destination IP address and mask are set to all 0s, an IPv4 static default route is configured.
By default, no IPv4 static default route is configured.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Configure IPv4 static routes.
l Run:
ip route-static ip-address { mask | mask-length } { nexthop-address | interface-
type interface-number [ nexthop-address ] | vpn-instance vpn-instance-name
nexthop-address } [ preference preference | tag tag ]
*
[ description text ]
l Run:
ip route-static vpn-instance vpn-source-name destination-address { mask | mask-
length } { nexthop-address [ public ] | interface-type interface-number
[ nexthop-address ] | vpn-instance vpn-instance-name nexthop-address }
[ preference preference | tag tag ]
*
[ description text ]
NOTE
To implement load balancing among an Ethernet interface's static route and other static routes, configure
the outbound interface and next hop.
Step 3 Run:
commit
The configuration is committed.
----End
2.4.2 (Optional) Setting the Default Preference for IPv4 Static
Routes
Context
The default preference of IPv4 static routes affects route selection. When an IPv4 static route is
configured, the default preference is used if no preference is specified for the static route.
Procedure
Step 1 Run:
system-view
The system view is displayed.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
15
Step 2 Run:
ip route-static default-preference preference
The default preference of static routes is set.
By default, the preference of static routes is 60.
NOTE
After the default preference is reconfigured, the new default preference is valid only for new IPv4 static
routes.
Step 3 Run:
commit
The configuration is committed.
----End
2.4.3 (Optional) Configuring Static Route Selection Based on
Iteration Depth
Context
Route iteration refers to the process of finding the directly-connected outbound interface based
on the next hop of a route. The iteration depth indicates the number of times the system searches
for routes. A smaller number of route iterations indicates a smaller iteration depth.
When there are multiple static routes with the same prefix but different iteration depths, the
system selects the static route with the smallest iteration depth as the active route and delivers
it to the FIB table after static route selection based on iteration depth is configured. The other
static routes then become inactive. A smaller iteration depth indicates a more stable route.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ip route-static selection-rule relay-depth
Static route selection based on iteration depth is configured.
By default, static routes are not selected based on iteration depth.
Step 3 Run:
commit
The configuration is committed.
----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
16
2.4.4 Checking the Configuration
Procedure
l Run the display static routing-table command to check information about static routes.
l Run the display ip routing-table command to check brief information about the IPv4
routing table.
l Run the display ip routing-table verbose command to check detailed information about
the IPv4 routing table.
----End
2.5 Configuring Dynamic BFD for IPv4 Static Routes
By configuring dynamic BFD to detect IPv4 static routes, you can enable devices to fast detect
link changes, improving network reliability.
Pre-configuration Tasks
Before configuring dynamic BFD for IPv4 static routes, complete the following task:
l Configuring link layer parameters and IP addresses for interfaces to ensure that the link
layer protocol on the interfaces is Up
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bfd
BFD is enabled globally.
Step 3 Run:
quit
Return to the system view.
Step 4 (Optional) Run:
ip route-static default-bfd [ min-rx-interval min-rx-interval ] [ min-tx-interval
min-tx-interval ] [ detect-multiplier multiplier ]
Global BFD parameters are configured for static routes.
By default, the values of min-rx-interval, min-tx-interval, and detect-multiplier are 1000 ms,
1000 ms, and 3 respectively.
Step 5 Run:
ip route-static bfd interface-type interface-number nexthop-address [ local-
address address ] [ min-rx-interval min-rx-interval | min-tx-interval min-tx-
interval | detect-multiplier multiplier ]
*
BFD parameters are configured for an IPv4 static route.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
17
NOTE
If interface-type interface-number is not specified, local-address address must be specified.
If none of min-rx-interval, min-tx-interval, and detect-multiplier is specified, the global default values
of BFD parameters are used.
Step 6 Run:
ip route-static ip-address { mask | mask-length } { nexthop-address | interface-
type interface-number [ nexthop-address ] } [ preference preference | tag tag ]
*

bfd enable [ description text ]
A public network static IPv4 route is bound to a BFD session.
Step 7 Run:
commit
The configuration is committed.
----End
Checking the Configuration
Run the following command to check the configuration.
l Run the display bfd session { all | discriminator discr-value } [ verbose ] command to
check information about the BFD session.
2.6 Configuring Static BFD for IPv4 Static Routes
Static BFD for IPv4 static routes enables a device to rapidly detect changes of a link to a
destination address of a stack route, improving network reliability.
Pre-configuration Tasks
Before configuring static BFD for IPv4 static routes, complete the following tasks:
l Configuring link layer parameters and IP addresses for interfaces to ensure network-layer
communication between neighbor nodes
l Configuring BFD sessions
For details, see "BFD Configuration" in the CloudEngine 6800&5800 Series Switches -
Configuration Guide - Reliability.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ip route-static ip-address { mask | mask-length } { nexthop-address | interface-
type interface-number [ nexthop-address ] } [ preference preference | tag tag ]
*

track bfd-session cfg-name [ description text ]
A public network static IPv4 route is bound to a BFD session.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
18
NOTE
Before binding a static route to a BFD session, ensure that the BFD session and the static route reside on
the same link.
Step 3 Run:
commit
The configuration is committed.
----End
Checking the Configuration
Run the following commands to check the previous configuration.
l Run the display bfd session all [ verbose ] command to check information about the BFD
session.
2.7 Configuring FRR for IPv4 Static Routes
FRR applies to IP services that are sensitive to packet delay and packet loss. FRR can be
configured for IPv4 static routes to implement traffic protection by use of a backup link.
Pre-configuration Tasks
Before configuring FRR for IPv4 static routes, complete the following task:
l Configuring link layer parameters and IP addresses for interfaces to ensure that the link
layer protocol on the interfaces is Up
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ip route-static frr
FRR is enabled for public network IPv4 static routes.
NOTE
FRR is implemented only on the static routes that are manually configured. That is, FRR cannot be
implemented on iterated next hops.
To implement route backup by configuring FRR for static routes, specify different preferences for these
static routes.
To enable FRR for an Ethernet interface's static route and other static routes, configure the outbound
interface and next hop.
Step 3 Run:
commit
The configuration is committed.
----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
19
Checking the Configuration
Run the following commands to check the previous configuration.
l Run the display ip routing-table verbose command to check detailed information about
the backup outbound interfaces and backup next hops of routes in the routing table.
l Run the display ip routing-table ip-address [ mask | mask-length ] [ longer-match ]
verbose command to check detailed information about the backup outbound interfaces and
backup next hops of the routes with specified destination address and mask in the routing
table.
l Run the display ip routing-table ip-address1 { mask1 | mask-length1 } ip-address2
{ mask2 | mask-length2 } verbose command to check detailed information about the backup
outbound interfaces and backup next hops of routes with specified IP address range in the
routing table.
2.8 Associating IPv4 Static Routes with NQA
If devices do not support BFD, associate IPv4 static routes with NAQ so that NQA test instances
can monitor the link status to improve network reliability.
Pre-configuration Tasks
Before associating IPv4 static routes with NQA, complete the following task:
l Configuring link layer parameters for interfaces to ensure that the link layer protocol on
the interfaces is Up
Procedure
Step 1 Configure an NQA ICMP test instance.
1. Run:
system-view
The system view is displayed.
2. Run:
nqa test-instance admin-name test-name
An NQA test instance is created, and the view of the test instance is displayed.
3. Run:
test-type icmp
The test type is set to ICMP.
NOTE
When a static route is associated with an NQA test instance, only ICMP test instances are used to
test whether there are reachable routes between the source and destination.
4. Run:
destination-address ipv4 ip-address
The destination address is set.
In an NQA test instance, you can specify an NQA server by running the destination-
address command to configure a destination address for the NQA test instance.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
20
5. (Optional) Run:
frequency interval
The interval for automatically performing an NQA test is set.
By default, no interval is set, that is, only one test is performed.
6. (Optional) Run:
probe-count number
The number of probes to be sent each time is set for the NQA test instance.
By default, the number of probes is 3.
By sending probes multiple times in an NQA test instance, you can accurately estimate
network quality based on the collected statistics.
7. Run:
start
The NQA test instance is started.
The start command can configure an NQA test instance to be started immediately, at a
specified time, after a specified delay, or every day. You can perform one of the following
operations as required:
l Run:
start now [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second |
hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ]
The NQA test instance is started immediately.
l Run:
start at [ yyyy/mm/dd ] hh:mm:ss [ end { at [ yyyy/mm/dd ] hh:mm:ss |
delay { seconds second | hh:mm:ss } | lifetime { seconds second |
hh:mm:ss } } ]
The NQA test instance is started at a specified time.
l Run:
start delay { seconds second | hh:mm:ss } [ end { at [ yyyy/mm/dd ]
hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds second
| hh:mm:ss } } ]
The NQA test instance is started after a specified delay.
l Run:
start daily hh:mm:ss to hh:mm:ss [ begin yyyy/mm/dd ] [ end yyyy/mm/dd ]
The NQA test instance is started every day.
8. Run:
commit
The configuration is committed.
9. Run:
quit
Return to the system view.
Step 2 Associate static routes with an NQA test instance.
1. Run:
ip route-static ip-address { mask | mask-length } { nexthop-address | interface-
type interface-number [ nexthop-address ] } [ preference preference | tag
tag ]
*
track nqa admin-name test-name [ description text ]
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
21
IPv4 static routes are associated with an NQA test instance.
NOTE
The destination address of an NQA test instance cannot be the destination address of an associated
static route.
If the static route associated with an NQA test instance is associated with another NQA test instance,
the static route is disassociated from the first NQA test instance.
2. Run:
commit
The configuration is committed.
----End
Checking the Configuration
After IPv4 static routes are associated with NAQ, run the following commands to check the
configuration.
l Run the display current-configuration | include nqa command to check the configuration
of association between static routes and NQA.
l Run the display nqa results [ collection ] [ test-instance admin-name test-name ]
command to check the NQA test result.
The NQA test result cannot be displayed automatically. You must run the display nqa
results command to view the NQA test result. By default, the command output shows the
results of the latest five NQA tests.
2.9 Configuration Examples
This section provides configuration examples of static routes. Configuration examples explain
networking requirements, networking diagram, configuration notes, configuration roadmap, and
configuration procedure.
2.9.1 Example for Configuring IPv4 Static Routes
Networking Requirements
Servers on different network segments are connected using several Switchs. Each two servers
on different network segments can communicate with each other without using dynamic routing
protocols.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
22
Figure 2-1 Networking diagram of configuring IPv4 static routes
10GE1/0/2
VLANIF30
1.1.1.1/24
SwitchA
10GE1/0/1
VLANI10
1.1.4.1/30
10GE1/0/1
VLANIF10
1.1.4.2/30
10GE1/0/2
VLANIF20
1.1.4.5/30
10GE1/0/1
VLANIF20
1.1.4.6/30
10GE1/0/2
VLANIF50
1.1.3.1/24
10GE1/0/3
VLANIF40
1.1.2.1/24
1.1.2.2/24
1.1.1.2/24 1.1.3.2/24
SwitchC
SwitchB
Server3 Server1
Server2

Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs, add interfaces to the VLANs, and assign IPv4 addresses to VLANIF
interfaces so that directly-connected interfaces can communicate with each other.
2. Configure the default gateway on each server, and configure IPv4 static routes and default
routes on each Switch so that servers on different network segments can communicate with
each other.
Procedure
Step 1 Create VLANs and add interfaces to the VLANs.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[~HUAWEI] commit
[~SwitchA] vlan 10
[~SwitchA-vlan10] quit
[~SwitchA] vlan 30
[~SwitchA-vlan30] quit
[~SwitchA] interface 10ge 1/0/1
[~SwitchA-10GE1/0/1] port link-type trunk
[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10
[~SwitchA-10GE1/0/1] quit
[~SwitchA] interface 10ge 1/0/2
[~SwitchA-10GE1/0/2] port default vlan 30
[~SwitchA-10GE1/0/2] quit
[~SwitchA] commit
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
Step 2 Assign IPv4 addresses to the VLANIF interfaces.
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] ip address 1.1.4.1 30
[~SwitchA-Vlanif10] quit
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
23
[~SwitchA] interface vlanif 30
[~SwitchA-Vlanif30] ip address 1.1.1.1 24
[~SwitchA-Vlanif30] quit
[~SwitchA] commit
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
Step 3 Configure servers.
Set the Server1 default gateway to 1.1.1.1, the Server2 default gateway to 1.1.2.1, and the Server3
default gateway to 1.1.3.1.
Step 4 Configure static routes.
# Configure an IPv4 default route on SwitchA.
<SwitchA> system-view
[~SwitchA] ip route-static 0.0.0.0 0.0.0.0 1.1.4.2
[~SwitchA] commit
# Configure two IPv4 static routes on SwitchB.
<SwitchB> system-view
[~SwitchB] ip route-static 1.1.1.0 255.255.255.0 1.1.4.1
[~SwitchB] ip route-static 1.1.3.0 255.255.255.0 1.1.4.6
[~SwitchB] commit
# Configure an IPv4 default route on SwitchC.
<SwitchC> system-view
[~SwitchC] ip route-static 0.0.0.0 0.0.0.0 1.1.4.5
[~SwitchC] commit
Step 5 Verify the configuration.
# Check the routing table on SwitchA.
<SwitchA> display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: _public_
Destinations : 10 Routes : 10

Destination/Mask Proto Pre Cost Flags NextHop Interface

0.0.0.0/0 Static 60 0 RD 1.1.4.2 Vlanif10
1.1.1.0/24 Direct 0 0 D 1.1.1.1 Vlanif30
1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
1.1.4.0/30 Direct 0 0 D 1.1.4.1 Vlanif10
1.1.4.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
1.1.4.2/32 Direct 0 0 D 1.1.4.2 Vlanif10
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
# Run the ping command to verify the connectivity.
[~SwitchA] ping 1.1.3.1
PING 1.1.3.1: 56 data bytes, press CTRL_C to break
Reply from 1.1.3.1: bytes=56 Sequence=1 ttl=254 time=62 ms
Reply from 1.1.3.1: bytes=56 Sequence=2 ttl=254 time=63 ms
Reply from 1.1.3.1: bytes=56 Sequence=3 ttl=254 time=63 ms
Reply from 1.1.3.1: bytes=56 Sequence=4 ttl=254 time=62 ms
Reply from 1.1.3.1: bytes=56 Sequence=5 ttl=254 time=62 ms

--- 1.1.3.1 ping statistics ---
5 packet(s) transmitted
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
24
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 62/62/63 ms
# Run the tracert command to verify the connectivity.
[~SwitchA] tracert 1.1.3.1
traceroute to 1.1.3.1(1.1.3.1), max hops: 30 ,packet length: 40
1 1.1.4.2 31 ms 32 ms 31 ms
2 1.1.4.6 62 ms 63 ms 62 ms
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 30
#
interface Vlanif10
ip address 1.1.4.1 255.255.255.252
#
interface Vlanif30
ip address 1.1.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port default vlan 30
#
ip route-static 0.0.0.0 0.0.0.0 1.1.4.2
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 10 20 40
#
interface Vlanif10
ip address 1.1.4.2 255.255.255.252
#
interface Vlanif20
ip address 1.1.4.5 255.255.255.252
#
interface Vlanif40
ip address 1.1.2.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/3
port default vlan 40
#
ip route-static 1.1.1.0 255.255.255.0 1.1.4.1
ip route-static 1.1.3.0 255.255.255.0 1.1.4.6
#
return
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
25
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 20 50
#
interface Vlanif20
ip address 1.1.4.6 255.255.255.252
#
interface Vlanif50
ip address 1.1.3.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/2
port default vlan 50
#
ip route-static 0.0.0.0 0.0.0.0 1.1.4.5
#
return
2.9.2 Example for Configuring Dynamic BFD for IPv4 Static Routes
Networking Requirements
As shown in Figure 2-2, a static route with destination address 8.1.1.0/24 is configured on
SwitchA, and static routes with destination address 7.1.1.0/24 are configured on SwitchA and
SwitchB. To improve convergence speed, users require link faults between SwitchA and
SwitchB to be detected at the millisecond level.
Figure 2-2 Networking diagram of configuring dynamic BFD for IPv4 static routes
10GE1/0/1
VLANIF10
200.1.1.1/24
10GE1/0/1
VLANIF10
200.1.1.2/24
10GE1/0/2
VLANIF30
8.1.1.1/24
SwitchA SwitchB
10GE1/0/2
VLANIF20
7.1.1.1/24

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure dynamic BFD for IPv4 static routes to implement link fault detection at the
millisecond level between SwitchA and SwitchB. This configuration can improve
convergence speed of static routes.
Procedure
Step 1 Add interfaces to VLANs.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[~HUAWEI] commit
[~SwitchA] vlan 10
[~SwitchA-vlan10] quit
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
26
[~SwitchA] interface 10ge 1/0/1
[~SwitchA-10GE1/0/1] port link-type trunk
[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10
[~SwitchA-10GE1/0/1] quit
[~SwitchA] vlan 20
[~SwitchA-vlan20] quit
[~SwitchA] interface 10ge 1/0/2
[~SwitchA-10GE1/0/2] port link-type trunk
[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 20
[~SwitchA-10GE1/0/2] quit
[~SwitchA] commit
The configuration of SwitchB is similar to the configuration of SwitchA, and is not mentioned
here.
Step 2 Assign IP addresses to the VLANIF interfaces.
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] ip address 200.1.1.1 24
[~SwitchA-Vlanif10] quit
[~SwitchA] interface vlanif 20
[~SwitchA-Vlanif10] ip address 7.1.1.1 24
[~SwitchA-Vlanif10] quit
[~SwitchA] commit
The configuration of SwitchB is similar to the configuration of SwitchA, and is not mentioned
here.
Step 3 Configure static routes.
# Configure a static route to 8.1.1.1/24 on SwitchA.
[~SwitchA] ip route-static 8.1.1.1 24 200.1.1.2
[~SwitchA] commit
# Configure a static route to 7.1.1.1/24 on SwitchB.
[~SwitchB] ip route-static 7.1.1.1 24 200.1.1.1
[~SwitchB] commit
Step 4 Configure dynamic BFD for static routes.
# Bind a static route to a BFD session on SwitchA.
[~SwitchA] bfd
[~SwitchA-bfd] quit
[~SwitchA] ip route-static bfd 200.1.1.2 local-address 200.1.1.1
[~SwitchA] ip route-static 8.1.1.1 24.1.1.2 bfd enable
[~SwitchA] commit
# Bind a static route to a BFD session on SwitchB.
[~SwitchB] bfd
[~SwitchB-bfd] quit
[~SwitchB] ip route-static bfd 200.1.1.1 local-address 200.1.1.2
[~SwitchB] ip route-static 7.1.1.1 24 200.1.1.1 bfd enable
[~SwitchB] commit
Step 5 Verify the configuration.
# When the configuration is complete, run the display bfd session all verbose command on
SwitchA and SwitchB. The command output shows that the BFD session is established, the BFD
session status is Up, and static routes are bound to BFD sessions.
Take the display on SwitchA as an example.
[~SwitchA] display bfd session all verbose
------------------------------------------------------------------------------
(Multi Hop) State : Up Name : dyn_8193
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
27
------------------------------------------------------------------------------
Local Discriminator : 8193 Remote Discriminator : 8193
Session Detect Mode : Asynchronous Mode Without Echo Function
BFD Bind Type : Peer IP Address
Bind Session Type : Dynamic
Bind Peer IP Address : 200.1.1.2
Bind Interface : -
Bind Source IP Address : 200.1.1.1
FSM Board Id : 0 TOS-EXP : 6
Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10
Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10
Local Detect Multi : 3 Detect Interval (ms) : 30
Echo Passive : Disable Acl Number : -
Destination Port : 4784 TTL : 253
Proc Interface Status : Disable Process PST : Disable
WTR Interval (ms) : 0 Local Demand Mode : Disable
Active Multi : 3
Last Local Diagnostic : No Diagnostic
Bind Application : STATICRT
Session TX TmrID : 0 Session Detect TmrID : 0
Session Init TmrID : - Session WTR TmrID : -
Session Echo Tx TmrID : -
Session Description : -
------------------------------------------------------------------------------
Total UP/DOWN Session Number : 1/0
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
bfd
#
interface Vlanif10
ip address 200.1.1.1 255.255.255.0
#
interface Vlanif20
ip address 7.1.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
ip route-static bfd 200.1.1.2 local-address 200.1.1.1
ip route-static 8.1.1.1 24 200.1.1.2 bfd enable
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
bfd
#
interface Vlanif10
ip address 200.1.1.2 255.255.255.0
#
interface Vlanif20
ip address 8.1.1.1 255.255.255.0
#
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
28
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
ip route-static bfd 200.1.1.1 local-address 200.1.1.2
ip route-static 7.1.1.1 24 200.1.1.1 bfd enable
#
return
2.9.3 Example for Configuring Static BFD for IPv4 Static Routes
Networking Requirements
As shown in Figure 2-3, you can configure the default static route on SwitchA so that
SwitchA can connect to the external network. Link fault detection between SwitchA and
SwitchB must be at the millisecond level to improve convergence speed.
Figure 2-3 Networking diagram of configuring static BFD for static routes
10GE1/0/1
VLANIF10
1.1.1.1/24
10GE1/0/1
VLANIF10
1.1.1.2/24
SwitchA SwitchB
10GE1/0/2
VLANIF20
2.2.2.2/24

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a BFD session between SwitchA and SwitchB.
2. Configure a default route from SwitchA to other devices and bind a BFD session to the
default route. This configuration can implement link fault detection at the millisecond level
and improve convergence speed of static routes.
Procedure
Step 1 Create VLANs, add interfaces to the VLANs, and assign IP addresses to the VLANIF interfaces.
(Details are not mentioned here.)
Step 2 Configure device names. (Details are not mentioned here.)
Step 3 Configure a BFD session between SwitchA and SwitchB.
# Create a BFD session on SwitchA.
<SwitchA> system-view
[~SwitchA] bfd
[~SwitchA-bfd] quit
[~SwitchA] bfd aa bind peer-ip 1.1.1.2
[~SwitchA-bfd-session-aa] discriminator local 10
[~SwitchA-bfd-session-aa] discriminator remote 20
[~SwitchA-bfd-session-aa] commit
[~SwitchA-bfd-session-aa] quit
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
29
# Create a BFD session on SwitchB.
<SwitchB> system-view
[~SwitchB] bfd
[~SwitchB-bfd] quit
[~SwitchB] bfd bb bind peer-ip 1.1.1.1
[~SwitchB-bfd-session-bb] discriminator local 20
[~SwitchB-bfd-session-bb] discriminator remote 10
[~SwitchB-bfd-session-bb] commit
[~SwitchB-bfd-session-bb] quit
Step 4 Configure a default static route and bind a BFD session to the default static route.
# Configure a default static route to the external network on SwitchA and bind the default static
route to the BFD session named aa.
[~SwitchA] ip route-static 0.0.0.0 0 1.1.1.2 track bfd-session aa
[~SwitchA] commit
Step 5 Verify the configuration.
# After the configuration is complete, run the display bfd session all command on SwitchA and
SwitchB. The command output shows that the BFD session is established and its status is Up.
Run the display current-configuration | include bfd command. The command output shows
that the BFD session is bound to the static route.
Take the display on SwitchA as an example.
[~SwitchA] display bfd session all
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------
10 20 1.1.1.2 Up S_IP_PEER -
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 1/0
[~SwitchA] display current-configuration | include bfd
bfd
bfd aa bind peer-ip 1.1.1.2
ip route-static 0.0.0.0 0.0.0.0 1.1.1.2 track bfd-session aa
# Check the IP routing table on SwitchA, and you can find that the static route exists in the
routing table.
[~SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 3 Routes : 3
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 Static 60 0 RD 1.1.1.2 Vlanif10
1.1.1.0/24 Direct 0 0 D 1.1.1.1 Vlanif10
1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Run the shutdown command on GE1/0/1 of SwitchB to simulate a link fault.
[~SwitchB] interface 10GE 1/0/1
[~SwitchB-10GE1/0/1] shutdown
[~SwitchB-10GE1/0/1] commit
# Check the routing table on SwitchA, and you can find that the default static route 0.0.0.0/0
does not exist. This is because when the default static route is bound to a BFD session, BFD
rapidly notifies that the bound static route is unavailable after BFD detects a link fault.
[~SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
30
Destinations : 2 Routes : 2
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 Direct 0 0 D 1.1.1.1 Vlanif10
1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
bfd
#
interface Vlanif10
ip address 1.1.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
ip route-static 0.0.0.0 0.0.0.0 1.1.1.2 track bfd-session aa
#
bfd aa bind peer-ip 1.1.1.2
discriminator local 10
discriminator remote 20
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
bfd
#
interface Vlanif10
ip address 1.1.1.2 255.255.255.0
#
interface Vlanif20
ip address 2.2.2.2 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
bfd bb bind peer-ip 1.1.1.1
discriminator local 20
discriminator remote 10
#
return
2.9.4 Example for Configuring FRR for IPv4 Static Routes on the
Public Network
Networking Requirements
As shown in Figure 2-4, two static routes with next hops being SwitchA and SwitchB
respectively are configured on SwitchT. Link B functions as the backup of link A. If link A is
faulty, traffic can be switched to link B in a timely manner.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
31
Figure 2-4 Networking diagram of configuring FRR for IPv4 static routes on the public network
10GE1/0/1
VLANIF20
192.168.10.2/24
10GE1/0/2
VLANIF20
192.168.10.1/24
10GE1/0/2
VLANIF40
192.168.11.1/24
10GE1/0/3
VLANIF50
192.168.21.1/24
10GE1/0/2
VLANIF50
192.168.21.2/24
10GE1/0/2
VLANIF40
192.168.11.2/24
10GE1/0/1
VLANIF30
192.168.20.2/24
10GE1/0/3
VLANIF30
192.168.20.1/24
10GE1/0/1
VLANIF60
172.17.1.1/24
10GE1/0/1
VLANIF10
172.16.1.1/24
SwitchA
SwitchB
SwitchT SwitchC
Link A
Link B

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure two static routes with next hops being SwitchA and SwitchB respectively on
SwitchT so that the devices can communicate with each other.
2. Set a higher preference for link A on SwitchT to ensure that link A functions as the primary
link and link B functions as the backup of link A.
3. Enable FRR for static routes on SwitchT so that traffic can be fast switched to link B if link
A is faulty.
Procedure
Step 1 Create VLANs, add interfaces to the VLANs, and assign IP addresses to the VLANIF interfaces.
(Details are not mentioned here.)
Step 2 Configure device names. (Details are not mentioned here.)
Step 3 Configure static routes.
# Configure static routes on SwitchA.
[~SwitchA] ip route-static 172.16.1.0 24 10GE1/0/1 192.168.10.1
[~SwitchA] ip route-static 172.17.1.0 24 10GE1/0/2 192.168.11.1
[~SwitchA] commit
# Configure static routes on SwitchB.
[~SwitchB] ip route-static 172.16.1.0 24 10GE1/0/1 192.168.20.1
[~SwitchB] ip route-static 172.17.1.0 24 10GE1/0/2 192.168.10.1
[~SwitchB] commit
Configure a static route on Switch C.
[~SwitchC] ip route-static 172.16.1.0 24 10GE1/0/2 192.168.11.2
[~SwitchC] ip route-static 172.16.1.0 24 10GE1/0/3 192.168.21.2
[~SwitchC] commit
# Configure static routes on SwitchT.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
32
[~SwitchT] ip route-static 172.17.1.1 24 10GE1/0/2 192.168.10.2
[~SwitchT] ip route-static 172.17.1.1 24 10GE1/0/3 192.168.20.2
[~SwitchT] commit
# Check the routing table on SwitchT. You can view that the two static routes are in load
balancing mode.
[~SwitchT] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : _public_
Destinations : 10 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.17.1.0/24 Static 60 0 D 192.168.10.2 Vlanif20
Static 60 0 D 192.168.20.2 Vlanif30
192.168.10.0/24 Direct 0 0 D 192.168.10.1 Vlanif20
192.168.10.1/32 Direct 0 0 D 127.0.0.1 Vlanif20
192.168.10.255/32 Direct 0 0 D 127.0.0.1 Vlanif20
192.168.20.0/24 Direct 0 0 D 192.168.20.1 Vlanif30
192.168.20.1/32 Direct 0 0 D 127.0.0.1 Vlanif30
192.168.20.255/32 Direct 0 0 D 127.0.0.1 Vlanif30
Step 4 Change the preferences of IPv4 static routes.
# Change the preferences of static routes on SwitchT.
[~SwitchT] ip route-static 172.17.1.1 24 10GE1/0/2 192.168.10.2 preference 40
[~SwitchT] commit
# Check the IP routing table on SwitchT, and you can view that the preferences of static routes
are changed.
[~SwitchT] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : _public_
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.17.1.0/24 Static 40 0 D 192.168.10.2 Vlanif20
192.168.10.0/24 Direct 0 0 D 192.168.10.1 Vlanif20
192.168.10.1/32 Direct 0 0 D 127.0.0.1 Vlanif20
192.168.10.255/32 Direct 0 0 D 127.0.0.1 Vlanif20
192.168.20.0/24 Direct 0 0 D 192.168.20.1 Vlanif30
192.168.20.1/32 Direct 0 0 D 127.0.0.1 Vlanif30
192.168.20.255/32 Direct 0 0 D 127.0.0.1 Vlanif30
Step 5 Enable FRR for IPv4 static routes.
# Enable FRR for static routes on SwitchT.
[~SwitchT] ip route-static frr
[~SwitchT] commit
# Check information about the backup outbound interface and backup next hop on SwitchT.
<SwitchT> display ip routing-table 172.17.1.0 verbose
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
33
Routing Table : _public_
Summary Count : 1
Destination: 172.17.1.0/24
Protocol: Static Process ID: 0
Preference: 40 Cost: 0
NextHop: 192.168.10.2 Neighbour: 0.0.0.0
State: Active Adv Age: 00h00m03s
Tag: 0 Priority: medium
Label: NULL QoSInfo: 0x0
IndirectID: 0x31000032
RelayNextHop: 0.0.0.0 Interface: Vlanif20
TunnelID: 0x0 Flags: D
BkNextHop: 192.168.20.2 BkInterface: Vlanif30
BkLabel: NULL SecTunnelID: 0x0
BkPETunnelID: 0x0 BkPESecTunnelID: 0x0
BkIndirectID: 0x32000033
Step 6 If link A is faulty, traffic can be fast switched to link B.
[~SwitchT] interface 10GE 1/0/2
[~SwitchT-10GE1/0/2] shutdown
[~SwitchT-10GE1/0/2] commit
[~SwitchT-10GE1/0/2] quit
# Check information about the route to 172.17.1.0/24 on SwitchT.
<SwitchT> display ip routing-table 172.17.1.0 verbose
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : _public_
Summary Count : 1
Destination: 172.17.1.0/24
Protocol: Static Process ID: 0
Preference: 60 Cost: 0
NextHop: 192.168.20.2 Neighbour: 0.0.0.0
State: Active Adv Age: 00h00m07s
Tag: 0 Priority: medium
Label: NULL QoSInfo: 0x0
IndirectID: 0x32000033
RelayNextHop: 0.0.0.0 Interface: Vlanif30
TunnelID: 0x0 Flags: D
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
interface Vlanif20
ip address 192.168.10.2 255.255.255.0
interface Vlanif40
ip address 192.168.11.2 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
ip route-static 172.16.1.0 24 10GE1/0/1 192.168.10.1
ip route-static 172.17.1.0 24 10GE1/0/2 192.168.11.1
#
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
34
return
l Configuration file of SwitchB
#
sysname SwitchB
#
interface Vlanif30
ip address 192.168.20.2 255.255.255.0
#
interface Vlanif50
ip address 192.168.21.2 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 50
#
ip route-static 172.16.1.0 24 10GE1/0/1 192.168.20.1
ip route-static 172.17.1.0 24 10GE1/0/2 192.168.10.1
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
interface Vlanif40
ip address 172.168.11.1 255.255.255.0
interface Vlanif50
ip address 192.168.21.1 255.255.255.0
interface Vlanif60
ip address 192.17.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 60
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 50
#
ip route-static 172.16.1.0 24 10GE1/0/2 192.168.11.2
ip route-static 172.16.1.0 24 10GE1/0/3 192.168.21.2
#
return
l Configuration file of SwitchT
#
sysname SwitchT
#
interface Vlanif10
ip address 172.16.1.1 255.255.255.0
interface Vlanif20
ip address 192.168.10.1 255.255.255.0
interface Vlanif30
ip address 192.168.20.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
35
port trunk allow-pass vlan 20
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 30
#
ip route-static frr
ip route-static 172.17.1.0 24 10GE1/0/2 192.168.10.2 preference 40
ip route-static 172.17.1.0 24 10GE1/0/3 192.168.20.2
#
return
2.9.5 Example for Configuring NQA for IPv4 Static Routes
Networking Requirements
As shown in Figure 2-5, static routes to clients are configured on SwitchB and SwitchC. SwitchB
is the master switch and SwitchC is the backup switch. Normally, traffic must be forwarded
along the primary link SwitchBSwitchD. When the primary link fails, traffic is switched to
the backup link SwitchCSwitchD.
Figure 2-5 Networking diagram of configuring NQA for static IPv4 routes
SwitchC
SwitchA
IP Network
SwitchB
VLANIF80
172.16.8.1/24
SwitchD SwitchE
VLANIF20
172.16.2.2/24
1
0
G
E
1
/
0
/
3
V
L
A
N
I
F
5
0
1
7
2
.
1
6
.
5
.
1
/
2
4
GE1/0/2
VLANIF40
172.16.4.2/24
10GE1/0/2
VLANIF40
172.16.4.1/24
10GE1/0/1
VLANIF30
172.16.3.1/24
VLANIF10
172.16.1.2/24
10GE1/0/2
VLANIF10
172.16.1.1/24
10GE1/0/1
VLANIF30
172.16.3.2/24
...... ......
Client1 Client10 Client91 Client100
VALNIF70
172.16.7.1/24
V
L
A
N
I
F
5
0
1
7
2
.
1
6
.
5
.
2
/
2
4
1
0
G
E
1
/
0
/
3
V
L
A
N
I
F
6
0
1
7
2
.
1
6
.
6
.
1
/
2
4
V
L
A
N
I
F
6
0
1
7
2
.
1
6
.
6
.
2
/
2
4
10GE1/0/1
VLANIF20
172.16.2.1/24
Configuration Roadmap
The configuration roadmap is as follows:
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
36
1. Configure IP addresses and OSPF on each switch, and configure the cost of each link so
that SwitchB functions as the master switch and SwitchC functions as the backup switch.
2. Create an NQA ICMP test instance to monitor the link between SwitchB and SwitchD, and
configure static routes from SwitchB and SwitchC to users. Associate the static route with
the NQA test instance to implement fast link fault detection and service switchover.
NOTE
When a static route is associated with an NQA test instance, only ICMP test instances are used to test
whether there are reachable routes between the source and destination.
Procedure
Step 1 Create VLANs and add interfaces to the VLANs.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[~HUAWEI] commit
[~SwitchA] vlan 30
[~SwitchA-vlan30] quit
[~SwitchA] vlan 40
[~SwitchA-vlan40] quit
[~SwitchA] interface 10ge 1/0/1
[~SwitchA-10GE1/0/1] port link-type trunk
[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 30
[~SwitchA-10GE1/0/1] quit
[~SwitchA] interface 10ge 1/0/2
[~SwitchA-10GE1/0/2] port default vlan 40
[~SwitchA-10GE1/0/2] quit
[~SwitchA] commit
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
Step 2 Assign IPv4 addresses to the VLANIF interfaces.
[~SwitchA] interface vlanif 30
[~SwitchA-Vlanif30] ip address 172.16.3.1 24
[~SwitchA-Vlanif30] quit
[~SwitchA] interface vlanif 40
[~SwitchA-Vlanif40] ip address 172.16.4.1 24
[~SwitchA-Vlanif40] quit
[~SwitchA] commit
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
Step 3 Create an NQA test instance on SwitchB to test the link between SwitchB and SwitchD.
<SwitchB> system-view
[~SwitchB] nqa test-instance user test
[~SwitchB-nqa-user-test] test-type icmp
[~SwitchB-nqa-user-test] destination-address ipv4 172.16.1.2
[~SwitchB-nqa-user-test] frequency 10
[~SwitchB-nqa-user-test] probe-count 2
[~SwitchB-nqa-user-test] interval seconds 5
[~SwitchB-nqa-user-test] timeout 4
[~SwitchB-nqa-user-test] start now
[~SwitchB-nqa-user-test] commit
[~SwitchB-nqa-user-test] quit
Step 4 Configure IPv4 static routes.
# Configure an IPv4 static route on SwitchB and associate it with the NQA test instance.
[~SwitchB] ip route-static 172.16.7.0 255.255.255.0 vlanif 10 172.16.1.2 track nqa
user test
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
37
[~SwitchB] commit
# Configure an IPv4 static route on SwitchC.
[~SwitchC] ip route-static 172.16.7.0 255.255.255.0 vlanif 60 172.16.6.2
[~SwitchC] commit
Step 5 Configure a dynamic routing protocol on SwitchA, SwitchB, and SwitchC. OSPF is used in this
example.
# Configure OSPF on SwitchA.
[~SwitchA] ospf 1
[~SwitchA-ospf-1] area 0.0.0.0
[~SwitchA-ospf-1-area-0.0.0.0] network 172.16.3.0 0.0.0.255
[~SwitchA-ospf-1-area-0.0.0.0] network 172.16.4.0 0.0.0.255
[~SwitchA-ospf-1-area-0.0.0.0] quit
[~SwitchA-ospf-1] quit
[~SwitchA] commit
# Configure OSPF on SwitchB.
[~SwitchB] ospf 1
[~SwitchB-ospf-1] area 0.0.0.0
[~SwitchB-ospf-1-area-0.0.0.0] network 172.16.3.0 0.0.0.255
[~SwitchB-ospf-1-area-0.0.0.0] quit
[~SwitchB-ospf-1] quit
[~SwitchB] commit
# Configure OSPF on SwitchC.
[~SwitchC] ospf 1
[~SwitchC-ospf-1] area 0.0.0.0
[~SwitchC-ospf-1-area-0.0.0.0] network 172.16.4.0 0.0.0.255
[~SwitchC-ospf-1-area-0.0.0.0] quit
[~SwitchC-ospf-1] quit
[~SwitchC] commit
Step 6 Configure OSPF on SwitchB and SwitchC to import static routes.
# Configure OSPF on SwitchB to import a static route, and set the cost to 10 for the static route.
[~SwitchB] ospf 1
[~SwitchB-ospf-1] import-route static cost 10
[~SwitchB-ospf-1] commit
[~SwitchB-ospf-1] quit
# Configure OSPF on SwitchC to import a static route, and set the cost to 20 for the static route.
[~SwitchC] ospf 1
[~SwitchC-ospf-1] import-route static cost 20
[~SwitchC-ospf-1] commit
[~SwitchC-ospf-1] quit
Step 7 Verify the configuration.
After the configuration is complete, run the display current-configuration | include nqa
command in the system view on SwitchB. The command output shows that the IPv4 static route
has been associated with the NQA test instance. Run the display nqa results command. The
command output shows that an NQA test instance has been created.
# Display configurations of NQA for IPv4 static routes.
[~SwitchB] display current-configuration | include nqa
ip route-static 172.16.7.0 255.255.255.0 Vlanif 10 172.16.1.2 track nqa user test
nqa test-instance user test
# Display the NQA test results.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
38
[~SwitchB] display nqa results test-instance user test
NQA entry(user, test) : testflag is active ,testtype is icmp
1 . Test 6645 result The test is finished
Send operation times: 2 Receive response times: 2
Completion:success RTD OverThresholds number:0
Attempts number:1 Drop operation number:0
Disconnect operation number:0 Operation timeout number:0
System busy operation number:0 Connection fail number:0
Operation sequence errors number:0 RTT Stats errors number:0
Destination ip address:172.16.1.2
Min/Max/Average Completion Time: 1/1/1
Sum/Square-Sum Completion Time: 2/2
Last Good Probe Time: 2012-11-14 04:20:36.9
Lost packet ratio: 0 %
The command output shows "Lost packet ratio 0 %," indicating that the link is running properly.
# Check the routing table on SwitchB.
[~SwitchB] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : _public_
Destinations : 15 Routes : 15
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 Direct 0 0 D 172.16.1.1 Vlanif10
172.16.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif10
172.16.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif10
172.16.3.0/24 Direct 0 0 D 172.16.3.2 Vlanif30
172.16.3.2/32 Direct 0 0 D 127.0.0.1 Vlanif30
172.16.3.255/32 Direct 0 0 D 127.0.0.1 Vlanif30
172.16.4.0/24 OSPF 10 2 D 172.16.3.1 Vlanif30
172.16.5.0/24 Direct 0 0 D 172.16.5.1 Vlanif50
172.16.5.1/32 Direct 0 0 D 127.0.0.1 Vlanif50
172.16.5.255/32 Direct 0 0 D 127.0.0.1 Vlanif50
172.16.7.0/24 Static 60 0 D 172.16.1.2 Vlanif10
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
The command output shows that the static route exists in the routing table.
# Check the routing table on SwitchA.
[~SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : _public_
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.3.0/24 Direct 0 0 D 172.16.3.1 Vlanif30
172.16.3.1/32 Direct 0 0 D 127.0.0.1 Vlanif30
172.16.3.255/32 Direct 0 0 D 127.0.0.1 Vlanif30
172.16.4.0/24 Direct 0 0 D 172.16.4.1 Vlanif40
172.16.4.1/32 Direct 0 0 D 127.0.0.1 Vlanif40
172.16.4.255/32 Direct 0 0 D 127.0.0.1 Vlanif40
172.16.7.0/24 O_ASE 150 10 D 172.16.3.2 Vlanif30
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
39
The command output shows that a route to 172.16.7.0/24 exists in the routing table. The route's
next hop address is 172.16.3.2 and cost is 10. Traffic is preferentially transmitted along the link
SwitchB->SwitchD.
# Shut down 10GE1/0/2 on SwitchB to simulate a link fault.
[~SwitchB] interface 10ge 1/0/2
[~SwitchB-10GE1/0/2] shutdown
[~SwitchB-10GE1/0/2] commit
[~SwitchB] quit
# Check the NQA test results.
[~SwitchB] display nqa results test-instance user test
NQA entry(user, test) : testflag is active ,testtype is icmp
1 . Test 7160 result The test is finished
Send operation times: 2 Receive response times: 0
Completion:failed RTD OverThresholds number:0
Attempts number:1 Drop operation number:0
Disconnect operation number:0 Operation timeout number:2
System busy operation number:0 Connection fail number:0
Operation sequence errors number:0 RTT Stats errors number:0
Destination ip address:172.16.1.2
Min/Max/Average Completion Time: 0/0/0
Sum/Square-Sum Completion Time: 0/0
Last Good Probe Time: 0000-00-00 00:00:00.0
Lost packet ratio: 100 %
The command output shows "Completion:failed" and "Lost packet ratio is 100 %," indicating
that the link is faulty.
# Check the routing table on SwitchB.
[~SwitchB] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : _public_
Destinations : 12 Routes : 12
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.3.0/24 Direct 0 0 D 172.16.3.2 Vlanif30
172.16.3.2/32 Direct 0 0 D 127.0.0.1 Vlanif30
172.16.3.255/32 Direct 0 0 D 127.0.0.1 Vlanif30
172.16.4.0/24 OSPF 10 2 D 172.16.3.1 Vlanif30
172.16.5.0/24 Direct 0 0 D 172.16.5.1 Vlanif50
172.16.5.1/32 Direct 0 0 D 127.0.0.1 Vlanif50
172.16.5.255/32 Direct 0 0 D 127.0.0.1 Vlanif50
172.16.7.0/24 O_ASE 150 20 D 172.16.3.1 Vlanif30
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
The command output shows that the static route has been deleted.
# Check the routing table on SwitchA.
[~SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : _public_
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
40
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.3.0/24 Direct 0 0 D 172.16.3.1 Vlanif30
172.16.3.1/32 Direct 0 0 D 127.0.0.1 Vlanif30
172.16.3.255/32 Direct 0 0 D 127.0.0.1 Vlanif30
172.16.4.0/24 Direct 0 0 D 172.16.4.1 Vlanif40
172.16.4.1/32 Direct 0 0 D 127.0.0.1 Vlanif40
172.16.4.255/32 Direct 0 0 D 127.0.0.1 Vlanif40
172.16.7.0/24 O_ASE 150 20 D 172.16.4.2 Vlanif40
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
On SwitchB, the NQA test instance is associated with a static route. When NQA detects a link
failure, it immediately notifies SwitchB that the static route bound to the link is unreachable.
SwitchA cannot learn the route to 172.16.7.0/24 from SwitchB, but it can learn the route to
172.16.7.0/24 from SwitchC. Therefore, you can view that the route to 172.16.7.0/24 has a next
hop 172.16.4.2 and cost 20. Service traffic is then switched to the link SwitchC->SwitchD.
The static route is associated with the NQA test instance on SwitchB. When NQA detects a link
fault, it rapidly notifies SwitchB that the associated static route is unavailable. SwitchA cannot
learn the route to 172.16.7.0/24 from SwitchB. However, SwitchA can learn the route to
172.16.7.0/24 from SwitchC. The route's next hop address is 172.16.4.2 and cost is 20. Traffic
switches to the link SwitchC->SwitchD.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
router id 1.1.1.1
#
vlan batch 30 40
#
interface Vlanif30
ip address 172.16.3.1 255.255.255.0
#
interface Vlanif40
ip address 172.16.4.1 255.255.255.0
#
interface 10GE1/0/1
port link-type
trunk
port trunk allow-pass vlan 30
#
interface 10GE1/0/2
port link-type
trunk
port trunk allow-pass vlan 40
#
ospf 1
area 0.0.0.0
network 172.16.3.0 0.0.0.255
network 172.16.4.0 0.0.0.255
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
router id 2.2.2.2
#
vlan batch 10 30 50
#
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
41
interface Vlanif10
ip address 172.16.1.1 255.255.255.0
#
interface Vlanif30
ip address 172.16.3.2 255.255.255.0
#
interface Vlanif50
ip address 172.16.5.1 255.255.255.0
#
interface 10GE1/0/1
port link-type
trunk
port trunk allow-pass vlan 30
#
interface 10GE1/0/2
port link-type
trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/3
port link-type
trunk
port trunk allow-pass vlan 50
#
ospf 1
import-route static cost 10
area 0.0.0.0
network 172.16.3.0 0.0.0.255
#
ip route-static 172.16.7.0 255.255.255.0 Vlanif 10 172.16.1.2 track nqa user
test
#
nqa test-instance user test
test-type icmp
destination-address ipv4 172.16.1.2
interval seconds 5
timeout 4
probe-count 2
frequency 10
start now
#
return
l Configuration file of Switch C
#
sysname SwitchC
#
router id 3.3.3.3
#
vlan batch 20 40 60
#
interface Vlanif20
ip address 172.16.2.1 255.255.255.0
#
interface Vlanif40
ip address 172.16.4.2 255.255.255.0
#
interface Vlanif60
ip address 172.16.6.1 255.255.255.0
#
interface 10GE1/0/1
port link-type
trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/2
port link-type
trunk
port trunk allow-pass vlan 40
#
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
42
interface 10GE1/0/3
port link-type
trunk
port trunk allow-pass vlan 60
#
ospf 1
import-route static cost 20
area 0.0.0.0
network 172.16.4.0 0.0.0.255
#
ip route-static 172.16.7.0 255.255.255.0 Vlanif 60 172.16.6.2
#
return
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 2 Static Route Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
43
3 RIP Configuration
About This Chapter
RIP is widely used on small-sized networks to discover routes and generate routing information.
3.1 RIP Overview
RIP is a simple Interior Gateway Protocol (IGP) used in small-scale networks, such as campus
networks and regional networks with simple structure. The implementation of RIP is simple,
and RIP is much easier to configure and maintain than Open Shortest Path First (OSPF) and
Intermediate System-to-Intermediate System (IS-IS) protocols.
3.2 RIP Features Supported by the Device
RIP features supported by the Switch includes basic RIP functions, RIP-2 enhanced features,
split horizon, poison reverse, controlling RIP routing, controlling advertisement and receiving
of RIP routes, RIP and BFD association, RIP NSR, and improving RIP performance.
3.3 Default Configuration
This section describes the default configuration of RIP, which can be changed according to
network requirements.
3.4 Configuring Basic RIP Functions
Configuring basic RIP functions includes enabling RIP, specifying network segment, and setting
RIP neighbors and RIP version on a Non-Broadcast Multiple Access (NBMA) network.
3.5 Configuring RIP-2
Different from RIP-1, RIP-2 supports Variable Length Subnet Mask (VLSM), Classless Inter-
Domain Routing (CIDR), and authentication to ensure higher security.
3.6 Avoiding Routing Loops
You can configure split horizon and poison reverse to prevent routing loops.
3.7 Controlling RIP Routing
You can control RIP routing in a network with a complicated environment.
3.8 Controlling RIP Route Advertisement
On a complex network, RIP route advertisement must be accurate.
3.9 Controlling Receiving of RIP Routing Information
To meet the requirements of complex networks, receiving of RIP routing information needs to
be accurately controlled.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
44
3.10 Improving RIP Network Performance
You can adjust and optimize the RIP network performance by configuring RIP functions in
special network environments, such as configuring RIP timers, setting the interval for sending
packets, and setting the maximum number of packets to be sent.
3.11 Configuring BFD for RIP
On a network that runs high-rate data services, BFD for RIP can be configured to quickly detect
and respond to network faults.
3.12 Configuring the Network Management Function for RIP
By binding RIP to the MIB, you can view RIP information and configure RIP through the NMS.
3.13 Maintaining RIP
RIP maintenance includes resetting RIP connections and clearing RIP statistics.
3.14 Configuration Examples
This section provides configuration examples of RIP, including networking requirements,
configuration notes, and configuration roadmap.
3.15 Common Configuration Errors
This section describes common faults caused by incorrect RIP configurations and provides the
troubleshooting procedure.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
45
3.1 RIP Overview
RIP is a simple Interior Gateway Protocol (IGP) used in small-scale networks, such as campus
networks and regional networks with simple structure. The implementation of RIP is simple,
and RIP is much easier to configure and maintain than Open Shortest Path First (OSPF) and
Intermediate System-to-Intermediate System (IS-IS) protocols.
3.2 RIP Features Supported by the Device
RIP features supported by the Switch includes basic RIP functions, RIP-2 enhanced features,
split horizon, poison reverse, controlling RIP routing, controlling advertisement and receiving
of RIP routes, RIP and BFD association, RIP NSR, and improving RIP performance.
Basic RIP Functions
Basic RIP functions include enabling RIP, specifying the network segment where RIP runs, and
specifying RIP version. The basic RIP functions must be configured before you use the RIP
features.
RIP-2
RIP-2 is a classless routing protocol. The RIP-2 packets contain subnet masks. Deploying a
RIP-2 network reduces occupied IP addresses. On a network where the device IP addresses are
discontiguous, only RIP-2 can be used, and RIP-1 is not allowed.
RIP-2 supports authentication for protocol packets and provides two authentication modes,
simple authentication and Message Digest 5 (MD5) authentication, to enhance security.
Avoiding Routing Loops
RIP is a routing protocol based on the Distance-Vector (DV) algorithm. RIP devices advertise
their routing tables to neighbors, so routing loops may occur.
RIP uses split horizon and poison reverse to avoid routing loops:
l Split horizon: prevents a device from advertising a route to the interface from which the
route is learned. It reduces bandwidth consumption and avoids routing loops.
l Poison reverse: sets the cost of a route learned from an interface to 16 (an unreachable
route), and then sends the route to neighbors through this interface. With this feature, RIP
can delete useless routes from the routing table of the neighbor.
Controlling RIP Routing
The RIP parameters are configurable to meet network requirements.
Controlling Advertising and Receiving of RIP Routes
RIP parameters are configurable to accurately control advertising and receiving of RIP routes.
Improving RIP Network Performance
RIP network performance optimization includes:
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
46
l Set the RIP timer to speed up RIP network convergence.
l Set the number of Update packets and Update interval to reduce a waste of resources and
bandwidth.
l Increase the maximum length of RIP packets to add more routes to the packets. This
increases bandwidth use efficiency.
l Enable the Replay-protect function to ensure communication between neighboring devices
after a RIP process restarts.
l Check packet validity to ensure network security.
Associating RIP with BFD
RIP maintains neighbor relationships by periodically sending and receiving Update packets. If
a device does not receive the Update packet from a neighbor within the timeout interval, it
considers the neighbor Down. The default timeout interval is 180 seconds, so RIP can detect a
fault only after the fault lasts for 180 seconds. If high-speed service is deployed on the network,
a lot of packets are discarded.
BFD is a millisecond-level fault detection mechanism. It can detect faults on the protected link
or node immediately, and report the faults to RIP. RIP then quickly triggers network
convergence.
RIP NSR
The device with a distributed architecture supports RIP Non-stop Routing (NSR). RIP backs up
all route data from the Active Main Board (AMB) to the Standby Main Board (SMB). Whenever
the AMB fails, the SMB becomes active and takes over the AMB. RIP, therefore, can keep the
normal operation of services. RIP NSR ensures that real-time data is highly synchronized
between the AMB and SMB. Therefore, during the AMB/SMB switchover, the neighbor will
not detect the fault on the local device.
3.3 Default Configuration
This section describes the default configuration of RIP, which can be changed according to
network requirements.
Table 3-1 describes the default configuration of RIP.
Table 3-1 Default configuration of RIP
Parameter Default Setting
Maximum number of equal-cost routes 64
RIP function Disabled
Split horizon Enabled

3.4 Configuring Basic RIP Functions
Configuring basic RIP functions includes enabling RIP, specifying network segment, and setting
RIP neighbors and RIP version on a Non-Broadcast Multiple Access (NBMA) network.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
47
Pre-configuration Tasks
Before configuring basic RIP functions, complete the following task:
l Configuring IP addresses for interfaces to ensure network-layer communication between
neighbor nodes
Configuration Process
Enabling RIP is the prerequisite for setting RIP neighbors and RIP version on an NBMA network.
3.4.1 Enabling RIP
Context
Enabling RIP is the prerequisite for all RIP-related configurations. If you run the RIP commands
in the interface view before enabling RIP, the configurations take effect only after RIP is enabled.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
rip [ process-id ] [ vpn-instance vpn-instance-name ]
RIP is enabled and the RIP view is displayed.
If a VPN instance is specified, the RIP process belongs to this VPN instance. If no VPN instance
is specified, the RIP process belongs to a public network instance.
Step 3 (Optional) Run:
description text
Descriptions for RIP processes are configured.
Step 4 Run:
commit
The configuration is committed.
----End
3.4.2 Enabling RIP on the Specified Network Segment
Context
After enabling RIP, you need to specify the network segment in which RIP runs. RIP runs only
on the interfaces on the specified network segment. RIP does not receive, send, or forward routes
on the interfaces that do not reside on the specified network segment.
Procedure
l Enable RIP to send and receive routes on the specified network segment.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
48
1. Run the system-view command to enter the system view.
2. Run the rip [ process-id ] command to enter the RIP view.
3. (Optional) Run the undo verify-source command to disable source check for RIP
packets.
If the IP addresses on two ends of a P2P link belong to different network segments,
the devices on the two ends cannot set up neighbor relationship unless source check
is disabled.
4. Run the network network-address command to enable RIP on the specified network
segment.
NOTE
l network-address specifies the address of a natural network segment.
l An interface can be associated with only one RIP process.
5. Run:
commit
The configuration is committed.
l Enable RIP to send and receive routes on all network segments connected to the specified
interface.
1. Run the system-view command to enter the system view.
2. Run the interface interface-type interface-number command to enter the interface
view.
3. Run the rip enable process-id command to enable RIP on all network segments
connected to the interface.
4. Run:
commit
The configuration is committed.
----End
3.4.3 (Optional) Configuring RIP Neighbors on an NBMA Network
Context
Generally, RIP uses a broadcast or multicast address to send packets. If the link running RIP
does not support broadcast or multicast packets, specify the RIP neighbors on the two ends of
the link so that packets can be sent between the two ends in unicast mode.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
rip [ process-id ]
The RIP view is displayed.
Step 3 Run:
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
49
peer ip-address
The RIP neighbor is configured.
Step 4 Run:
commit
The configuration is committed.
----End
3.4.4 (Optional) Specifying the RIP Version
Context
RIP versions include RIP-1 and RIP-2. The two versions have different functions. The RIP
version must be set on the device running RIP. You only need to set the global RIP version
unless you want to specify a different RIP version on an interface.
Procedure
l Configure the global RIP version.
1. Run the system-view command to enter the system view.
2. Run the rip [ process-id ] command to enter the RIP view.
3. Run the version { 1 | 2 } command to set the global RIP version.
NOTE
By default, an interface sends only RIP-1 packets and receives both RIP-1 and RIP-2 packets.
4. Run:
commit
The configuration is committed.
l Configure the RIP version for an interface.
1. Run the system-view command to enter the system view.
2. Run the interface interface-type interface-number command to enter the interface
view.
3. Run the rip version { 1 | 2 [ broadcast | multicast ] } command specify the RIP
version on the specified interface.
NOTE
l By default, an interface sends only RIP-1 packets and receives both RIP-1 and RIP-2
packets.
l If no RIP version number is configured in the interface view, the global RIP version is used.
The RIP version set on an interface takes precedence over the global RIP version.
4. Run:
commit
The configuration is committed.
----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
50
3.4.5 Checking the Configuration
Procedure
l Run the display rip [ process-id | vpn-instance vpn-instance-name ] command to view the
running status and configurations of RIP.
l Run the display rip process-id route command to view all RIP routes learned from other
devices.
l Run the display default-parameter rip command to view default RIP configuration.
l Run the display rip process-id statistics interface { all | interface-type interface-
number [ verbose | neighbor neighbor-ip-address ] } command to view statistics on the
RIP interface.
----End
3.5 Configuring RIP-2
Different from RIP-1, RIP-2 supports Variable Length Subnet Mask (VLSM), Classless Inter-
Domain Routing (CIDR), and authentication to ensure higher security.
Pre-configuration Tasks
Before configuring RIP-2, complete the following task:
l Configuring Basic RIP Functions
Configuration Process
You can perform the following configuration tasks (excluding the task of Checking the
Configuration) in any sequence as required.
3.5.1 Configuring RIP-2 Route Summarization
Context
A large RIP network must maintain large RIP routing tables, which occupy a lot of memory on
devices. Transmitting and processing the routing information requires many network resources.
Route summarization can reduce the routing table size and minimize impact of route flapping
on network.
RIP supports automatic summarization and manual summarization. Manual summarization
takes precedence over automatic summarization. To advertise all subnet routes, disable
automatic route summarization of RIP-2.
NOTE
By default, if split horizon or poison reverse has been configured, classful route summarization is invalid.
When summarized routes are sent to the natural network border, split horizon or poison reverse must be
disabled.
Procedure
l Configure automatic route summarization of RIP-2.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
51
1. Run the system-view command to enter the system view.
2. Run the rip [ process-id ] command to enter the RIP view.
3. Run the version 2 command to set the RIP version to RIP-2.
4. Run the summary command to enable automatic route summarization.
5. (Optional) Run the summary always command to enable automatic route
summarization. This command can enable automatic summarization of RIP-2 no
matter whether split horizon and poison reverse are enabled.
NOTE
The summary command is used in the RIP view to enable classful network-based route
summarization of RIP-2.
6. Run:
commit
The configuration is committed.
l Configure manual route summarization of RIP-2.
1. Run the system-view command to enter the system view.
2. Run the interface interface-type interface-number command to enter the interface
view.
3. Run the rip summary-address ip-address mask [ avoid-feedback ] command to
configure RIP-2 to advertise the local summarization IP address.
NOTE
The rip summary-address ip-address mask [ avoid-feedback ] command is run in the
interface view to enable classless network-based route summarization of RIP-2.
4. Run:
commit
The configuration is committed.
----End
3.5.2 Configuring RIP-2 Packet Authentication
Context
On the RIP network requiring high security, configure RIP-2 packet authentication.
RIP-2 can perform simple authentication or MD5 authentication on protocol packets. Simple
authentication uses the authentication key in plain text, so its security is lower than that of MD5.
CAUTION
If plain is selected during the configuration of the RIP-2 packet authentication mode, the
password is saved in the configuration file in plain text. This brings security risks. It is
recommended that you select cipher to save the password in cipher text.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
52
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Configure RIP-2 packet authentication.
l Run the rip authentication-mode simple { plain plain-text | [ cipher ] password-key }
command to set RIP-2 authentication to simple authentication.
l Run the following commands to set RIP-2 authentication to MD5 authentication.
rip authentication-mode md5 usual { plain plain-text | [ cipher ] password-key }
rip authentication-mode md5 nonstandard { keychain keychain-name | { plain plain-
text | [ cipher ] password-key } key-id }
NOTE
If the MD5 authentication is used, you must set the packet format for MD5 authentication. If the
usual keyword is specified, the MD5 cipher text authentication packets use the universal format (private
standard). If the nonstandard keyword is specified, the MD5 cipher text authentication packets use
the non-standard format (IETF standard).
l Run the rip authentication-mode hmac-sha256 { plain plain-text | [ cipher ] password-
key } key-id command to set RIP-2 authentication to HMAC-SHA256 authentication.
Step 4 Run:
commit
The configuration is committed.
----End
3.5.3 Checking the Configuration
Procedure
l Run the display rip [ process-id | vpn-instance vpn-instance-name ] command to view the
running status and configurations of RIP.
l Run the display rip process-id database [ verbose ] command to view all the active routes
in the RIP database.
l Run the display rip process-id route command to view all RIP routes learned from other
devices.
l Run the display rip process-id interface [ interface-type interface-number ] [ verbose ]
command to view information about the RIP interface.
----End
3.6 Avoiding Routing Loops
You can configure split horizon and poison reverse to prevent routing loops.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
53
Pre-configuration Tasks
Before configuring split horizon and poison reverse, complete the following task:
l Configuring Basic RIP Functions
Configuration Process
You can perform the following configuration tasks (excluding the task of Checking the
Configuration) in any sequence as required.
3.6.1 Configuring Split Horizon
Context
Split horizon can prevent routing loops.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Run:
rip split-horizon
Split horizon is configured.
NOTE
l By default, split horizon is disabled for an NBMA network.
l If both split horizon and poison reverse are configured, only poison reverse takes effect.
Step 4 Run:
commit
The configuration is committed.
----End
3.6.2 Configuring Poison Reverse
Context
Poison reverse can prevent routing loops.
Procedure
Step 1 Run:
system-view
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
54
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Run:
rip poison-reverse
Poison reverse is enabled.
NOTE
If both split horizon and poison reverse are configured, only poison reverse takes effect.
Step 4 Run:
commit
The configuration is committed.
----End
3.6.3 Checking the Configuration
Procedure
l Run the display rip process-id interface [ interface-type interface-number ] [ verbose ]
command to view information about the RIP interface.
----End
3.7 Controlling RIP Routing
You can control RIP routing in a network with a complicated environment.
Pre-configuration Tasks
Before configuring RIP route attributes, complete the following task:
l Configuring Basic RIP Functions
Configuration Process
You can perform the following configuration tasks (excluding the task of Checking the
Configuration) in any sequence as required.
3.7.1 Configuring RIP Preference
Context
When different routing protocols discover the routes to the same destination, set the RIP
preference to select the required route.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
55
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
rip [ process-id ]
The RIP view is displayed.
Step 3 Run:
preference { preference | route-policy route-policy-name }
*
The RIP preference is set.
By default, the RIP preference is 100.
Step 4 Run:
commit
The configuration is committed.
----End
3.7.2 Configuring Additional Metrics of an Interface
Context
Configuring the additional metrics on a RIP interface can change the route selection sequence.
The additional metric is the metric (hop count) to be added to the original metric of a RIP route.
You can specify commands to set additional metrics for incoming and outgoing RIP routes.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Run the following commands as required:
l Run the rip metricin value command to set the additional metric for receiving routes.
l Run the rip metricout { value | { acl-number | acl-name acl-name | ip-prefix ip-prefix-
name } value1 } command to set the additional metric for advertising routes.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
56
NOTE
l The rip metricin command is used to add an additional metric to an incoming route. After this route
is added to the routing table, its metric in the routing table changes. Running this command affects
route selection on the local device and other devices on the network.
l The rip metricout command is used to add an additional metric to an outgoing route. When this route
is advertised, an additional metric is added to this route, but the metric of the route in the routing table
does not change. Running this command does not affect route selection on the local device or other
devices on the network.
Step 4 Run:
commit
The configuration is committed.
----End
3.7.3 Setting the Maximum Number of Equal-Cost Routes
Context
By setting the maximum number of equal-cost RIP routes, you can change the number of routes
for load balancing.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
rip [ process-id ]
The RIP view is displayed.
Step 3 Run:
maximum load-balancing number
The maximum number of equal-cost routes is set. The default value is 64.
Step 4 Run:
commit
The configuration is committed.
----End
3.7.4 Checking the Configuration
Procedure
l Run the display rip [ process-id | vpn-instance vpn-instance-name ] command to view the
running status and configurations of RIP.
l Run the display rip process-id database [ verbose ] command to view all the active routes
in the RIP database.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
57
l Run the display rip process-id route command to view all RIP routes learned from other
devices.
----End
3.8 Controlling RIP Route Advertisement
On a complex network, RIP route advertisement must be accurate.
Pre-configuration Tasks
Before controlling RIP route advertisement, complete the following task:
l Configuring Basic RIP Functions
Configuration Process
You can perform the following configuration tasks (excluding the task of Checking the
Configuration) in any sequence as required.
3.8.1 Configuring RIP to Advertise Default Routes
Context
In a routing table, a default route is the route to the network segment 0.0.0.0 (with the mask
being 0.0.0.0). If the destination address of a packet does not match any entry in the routing
table, the packet is sent along the default route.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
rip [ process-id ]
The RIP view is displayed.
Step 3 Run:
default-route originate [ cost cost | tag tag ]
*
The device is configured to generate a default route or advertise the default route in the routing
table to RIP neighbors, and the route metric is set.
Step 4 Run:
commit
The configuration is committed.
----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
58
3.8.2 Disabling an Interface from Sending Update Packets
Context
Routing loops can be avoided by disabling interfaces from sending Update packets.
There are two ways to prevent interfaces from sending Update packets:
l Suppress an interface in the RIP process view.
l Disable an interface from sending RIP packets in the interface view.
The configuration in the RIP process view has a higher priority than the configuration in the
interface view.
Procedure
l Configuration in a RIP process view
1. Run:
system-view
The system view is displayed.
2. Run:
rip [ process-id ]
The RIP view is displayed.
3. Run one of the following commands depending on the site requirements:
To disable all interfaces from sending Update packets, run the
silent-interface all
command.
To disable an interface from sending Update packets, run the
silent-interface interface-type interface-number
command.
You can set an interface to silent so that it only receives Update packets to update its
routing table. The silent-interface command takes precedence over the undo rip
output command in the interface view.
By default, an interface can receive and send Update packets.
4. Run:
commit
The configuration is committed.
l Configuration in the interface view
1. Run:
system-view
The system view is displayed.
2. Run:
interface interface-type interface-number
The interface view is displayed.
3. Run:
undo rip output
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
59
The interface is disabled from sending RIP Update packets.
By running this command, you can specify whether to send RIP Update packets on
an interface. The silent-interface command takes precedence over the undo rip
output command. By default, an interface is allowed to send RIP Update packets.
4. Run:
commit
The configuration is committed.
----End
3.8.3 Configuring RIP to Import Routes
Context
A RIP process can import the routes learned by other RIP processes or routing protocols.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
rip [ process-id ]
The RIP view is displayed.
Step 3 (Optional) Run:
default-cost cost
The default metric for imported routes is set.
If the metric of imported routes is not specified in step 4, the default metric is used.
Step 4 Run:
import-route bgp [ permit-ibgp ] [ cost { cost | transparent } | route-policy route-
policy-name ]
*
Or
import-route { { static | direct } | { { rip | ospf | isis } [ process-id ] } }
[ cost cost | route-policy route-policy-name ]
*
External routes are imported to RIP.
NOTE
When RIP imports IBGP routes, routing loops may occur. Configure this function with caution.
Step 5 (Optional) Run:
filter-policy { acl-number | acl-name acl-name | ip-prefix ip-prefix-name } export
[ protocol [ process-id ] | interface-type interface-number ]
The imported routes are filtered before being advertised.
The routing information advertised by RIP may contain the routing information imported from
other protocols. You can use the protocol parameter to filter the routing information imported
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
60
from a specified routing protocol. If the protocol parameter is not used, all the routes advertised
by RIP are filtered, including the imported routes and the local routes (direct routes).
NOTE
RIP-2 defines a 16-bit tag, while other routing protocols define 32-bit tags. If the routes of other protocols
are imported to RIP and the tag is used in the routing policy, the tag value cannot exceed 65535. If the tag
value exceeds 65535, the routing policy becomes invalid or the matching result is incorrect.
Step 6 Run:
commit
The configuration is committed.
----End
3.8.4 Checking the Configuration
Procedure
l Run the display rip [ process-id | vpn-instance vpn-instance-name ] command to view the
running status and configurations of RIP.
l Run the display rip process-id database [ verbose ] command to view all the active routes
in the RIP database.
l Run the display rip process-id route command to view all RIP routes learned from other
devices.
----End
3.9 Controlling Receiving of RIP Routing Information
To meet the requirements of complex networks, receiving of RIP routing information needs to
be accurately controlled.
Pre-configuration Tasks
Before controlling receiving of RIP routing information, complete the following task:
l Configuring Basic RIP Functions
Configuration Process
You can perform the following configuration tasks (excluding the task of Checking the
Configuration) in any sequence as required.
3.9.1 Disabling an Interface from Receiving RIP Update Packets
Context
Routing loops can be avoided by disabling interfaces from receiving Update packets.
Procedure
Step 1 Run:
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
61
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Run:
undo rip input
The interface is disabled from receiving RIP Update packets.
By default, an interface is allowed to receive RIP update packets.
Step 4 Run:
commit
The configuration is committed.
----End
3.9.2 Configuring RIP to Deny Host Routes
Context
In certain cases, the switch receives a large number of host routes with 32 bits from the same
network segment. These host routes are unnecessary for routing, and they waste network
resources. You can configure the switch to reject all the host routes it receives.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
rip [ process-id ]
The RIP view is displayed.
Step 3 Run:
undo host-route
Host routes are not added to the RIP routing table.
By default, host routes can be added to the routing table on the switch.
NOTE
The undo host-route command is invalid for RIP-2.
Step 4 Run:
commit
The configuration is committed.
----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
62
3.9.3 Configuring RIP to Filter Received Routes
Context
The filtering policy can be configured on the inbound interface by configuring the ACL and IP
prefix list to filter received routes. Only the routes not filtered out by the filtering policy are
added to the local routing table.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
rip [ process-id ]
The RIP view is displayed.
Step 3 Depending on type of desired filtering, run one of following commands to configure RIP to filter
the received routes:
l Run:
filter-policy { acl-number | acl-name acl-name } import [ interface-type
interface-number ]
The learned routing information is filtered based on an ACL.
l Run:
filter-policy gateway ip-prefix-name import
The routing information advertised by neighbors is filtered based on the IP prefix list.
l Run:
filter-policy ip-prefix ip-prefix-name [ gateway ip-prefix-name ] import
[ interface-type interface-number ]
The routes learned by the specified interface are filtered based on the IP prefix list and
neighbors.
Step 4 Run:
commit
The configuration is committed.
----End
3.9.4 Checking RIP Packets with Metric 0
Context
By default, the device does not accept the RIP packets with metric 0. Therefore, the RIP interface
discards all the RIP packets with metric 0. Some third-party devices on the network accept the
RIP packets with metric 0. To ensure that the Huawei devices can work with the third-party
devices, run the undo zero-metric-check command.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
63
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
rip [ process-id ]
A RIP process is created and the RIP view is displayed.
Step 3 Run:
undo zero-metric-check
Interfaces are allowed to accept the RIP packets with metric 0.
Step 4 Run:
commit
The configuration is committed.
----End
3.9.5 Checking the Configuration
Procedure
l Run the display rip [ process-id | vpn-instance vpn-instance-name ] command to check
the running status and configuration of RIP.
l Run the display rip process-id database [ verbose ] command to check all activated RIP
routes in the database.
l Run the display rip process-id interface [ interface-type interface-number ] [ verbose ]
command to check information about the RIP interface.
l Run the display rip process-id neighbor [ neighbor-address neighbor-address ] [
verbose ] command to check information about RIP neighbors.
l Run the display rip process-id route command to check all the RIP routes that are learned
from other switchs.
----End
3.10 Improving RIP Network Performance
You can adjust and optimize the RIP network performance by configuring RIP functions in
special network environments, such as configuring RIP timers, setting the interval for sending
packets, and setting the maximum number of packets to be sent.
Pre-configuration Tasks
Before improving RIP network performance, complete the following task:
l Configuring Basic RIP Functions
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
64
Configuration Process
You can perform the following configuration tasks (excluding the task of Checking the
Configuration) in any sequence as required.
3.10.1 Configuring RIP Timers
Context
RIP uses 4 timers: Update, Age, Suppress, and Garbage-collect. Changing the timer values
affects the convergence speed of RIP routes.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
rip [ process-id ]
The RIP view is displayed.
Step 3 Run:
timers rip update age suppress garbage-collect
RIP timers are configured.
NOTE
l RIP timers take effect immediately after being changed.
l Route flapping occurs if the values of the four times are set improperly. The relationship between the
values is as follows: update must be smaller than age and suppress must be smaller than garbage-
collect. For example, if the update time is longer than the aging time, and a RIP route changes within
the update time, the switch cannot inform its neighbors of the change on time.
l You must configure RIP timers based on the network performance and uniformly on all the devices
running RIP. This avoids unnecessary network traffic or route flapping.
By default, the Update timer is 30s; the Age timer is 180s; the Suppress timer is 0s; the Garbage-
collect timer is four times the Update timer, namely, 120s.
In practice, the Garbage-collect timer is not fixed. If the Update timer is set to 30s, the Garbage-
collect timer may range from 90s to 120s.
Before permanently deleting an unreachable route from the routing table, RIP advertises this
route (with the metric being set to 16) by periodically sending Update packets four times.
Subsequently, all the neighbors know that this route is unreachable. Because a route may not
always become unreachable at the beginning of an Update period, the Garbage-collect timer is
actually three or four times the Update timer.
Step 4 Run:
commit
The configuration is committed.
----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
65
3.10.2 Setting the Interval for Sending Update Packets and
Maximum Number of Sent Packets
Context
To limit memory resources occupied by RIP Update packets, set the interval for sending RIP
Update packets and the maximum number of Update packets to be sent at a time to appropriate
values.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Run:
rip pkt-transmit { interval interval | number pkt-count | bandwidth bandwidth-
value }
*
The interval for sending RIP Update packets and the maximum number of Update packets to be
sent at a time are set.
Step 4 Run:
commit
The configuration is committed.
----End
3.10.3 Setting the Maximum Length of RIP Packets
Context
By default, a RIP packet contains 25 routes. Increasing the maximum length of RIP packets can
add more routes to the packets. Large RIP packets improve bandwidth use efficiency.
CAUTION
Before using the rip max-packet-length command to increase packet length, ensure that the
peer interface accepts the RIP packets longer than 512 bytes.
After the packet length is increased, Huawei devices may fail to communicate with non-Huawei
devices. Therefore, use this command with caution.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
66
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Run:
rip max-packet-length { value | mtu }
The maximum length of RIP packets is set.
mtu indicates the maximum RIP packet length.
By default, the maximum length of RIP packets is 512 bytes.
Step 4 Run:
commit
The configuration is committed.
----End
3.10.4 Configuring RIP to Check the Validity of Update Packets
Context
Checking RIP Update packet validity improves network security. Validity check includes zero
field check for RIP-1 packets and source address check for RIP Update packets.
l In a RIP-1 packet, the values of some fields must be zero. These fields are zero fields. After
zero field check is enabled, the device checks the zero fields in the RIP-1 packets and
discards the packets in which the zero field values are not 0.
l This command verifies the source IP address of the received RIP packet. Specifically, the
command checks whether the IP address of the interface that sends the packet is in the same
network segment as the IP address of the interface that receives the packet. If the addresses
are not in the same network segment, the RIP packet will not be processed.
Procedure
l Configure the zero field check for RIPv1 packets.
1. Run:
system-view
The system view is displayed.
2. Run:
rip [ process-id ]
The RIP view is displayed.
3. Run:
checkzero
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
67
The zero field check is configured for RIP-1 packets.
Configuring the zero field check is invalid in RIP-2.
4. Run:
commit
The configuration is committed.
l Configure the source address check for RIP Update packets.
1. Run:
system-view
The system view is displayed.
2. Run:
rip [ process-id ]
The RIP view is displayed.
3. Run:
verify-source
The source IP address check is configured for RIP Update packets.
4. Run:
commit
The configuration is committed.
----End
3.10.5 Configuring RIP Triggered Update
Context
You can speed up network convergence by changing the values of triggered update timers.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
rip [ process-id ]
The RIP process is created and the RIP view is displayed.
Step 3 Run:
timers rip triggered { minimum-interval minimum-interval | incremental-interval
incremental-interval | maximum-interval maximum-interval }
*
RIP triggered update timers are configured.
Step 4 Run:
commit
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
68
The configuration is committed.
----End
3.10.6 Setting the Maximum Number of RIP Routes
Context
You can set the maximum number of RIP routes to make full use of network resources and
improve network performance.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
rip [ process-id ]
The RIP process is created and the RIP view is displayed.
Step 3 Run:
maximum-routes max-number [ threshold threshold-value ]
The maximum number of routes is set.
Step 4 Run:
commit
The configuration is committed.
----End
3.10.7 Checking the Configuration
Procedure
l Run the display rip [ process-id | vpn-instance vpn-instance-name ] command to view the
running status and configurations of RIP.
l Run the display rip process-id database [ verbose ] command to view all the active routes
in the RIP database.
l Run the display rip process-id interface [ interface-type interface-number ] [ verbose ]
command to view information about the RIP interface.
l Run the display rip process-id neighbor [ verbose ] command to view the RIP neighbor
configuration.
l Run the display rip process-id route command to view all RIP routes learned from other
devices.
----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
69
3.11 Configuring BFD for RIP
On a network that runs high-rate data services, BFD for RIP can be configured to quickly detect
and respond to network faults.
Pre-configuration Tasks
Before improving RIP network performance, complete the following task:
l Configuring Basic RIP Functions
Configuration Process
You can perform the following configuration tasks in any sequence as required.
3.11.1 Configuring Dynamic BFD for RIP
Applicable Environment
Generally, RIP uses timers to receive and send Update messages to maintain neighbor
relationships. If a RIP device does not receive an Update message from a neighbor after the Age
timer expires, the RIP device will announce that this neighbor goes Down. The default value of
the Age timer is 180s. If a link fault occurs, RIP can detect this fault after 180s. If high-rate data
services are deployed on a network, a great deal of data will be lost during the aging time.
BFD provides millisecond-level fault detection. It can rapidly detect faults in protected links or
nodes and report them to RIP. This speeds up RIP processes's response to network topology
changes and achieves rapid RIP route convergence.
Either of the following methods can be used to configure BFD for RIP:
l Enable BFD in a RIP process: This method is recommended when BFD for RIP needs to
be enabled on most RIP interfaces.
l Enable BFD on RIP interfaces: This method is recommended when BFD for RIP needs to
be enabled on a small number of RIP interfaces.
Procedure
l Enable BFD in a RIP process.
1. Run:
system-view
The system view is displayed.
2. Run:
bfd
BFD is enabled globally.
3. Run:
quit
Return to the system view.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
70
4. Run:
rip process-id
The RIP view is displayed.
5. Run:
bfd all-interfaces enable
BFD is enabled in the RIP process to establish a BFD session.
If BFD is enabled globally, RIP will use default BFD parameters to establish BFD
sessions on all the interfaces where RIP neighbor relationships are in the Up state.
6. (Optional) Run:
bfd all-interfaces { min-rx-interval min-receive-value | min-tx-interval
min-transmit-value | detect-multiplier detect-multiplier-value }
*
The values of BFD parameters used to establish the BFD session are set.
BFD parameter values are determined by the actual network situation and network
reliability requirement.
If links have a high reliability requirement, reduce the interval at which BFD
packets are sent.
If links have a low reliability requirement, increase the interval at which BFD
packets are sent.
Running the bfd all-interfaces command changes BFD session parameters on all RIP
interfaces. The default detection multiplier and interval at which BFD packets are sent
are recommended.
7. (Optional) Perform the following operations to prevent an interface in the RIP process
from establishing a BFD session:
Run the quit command to return to the system view.
Run the interface interface-type interface-number command to enter the view of
a specified interface.
Run the rip bfd block command to prevent the interface from establishing a BFD
session.
8. Run:
commit
The configuration is committed.
l Enable BFD on RIP interfaces.
1. Run:
system-view
The system view is displayed.
2. Run:
bfd
BFD is enabled globally.
3. Run:
quit
Return to the system view.
4. Run:
interface interface-type interface-number
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
71
The view of the specified interface is displayed.
5. Run:
rip bfd enable
BFD is enabled on the interface to establish a BFD session.
6. (Optional) Run:
rip bfd { min-rx-interval min-receive-value | min-tx-interval min-
transmit-value | detect-multiplier detect-multiplier-value }
*
The values of BFD parameters used to establish the BFD session are set.
7. Run:
commit
The configuration is committed.
----End
Checking the Configuration
After enabling BFD for RIP at both ends of a link,
l Run the display rip process-id bfd session { interface interface-type interface-number |
neighbor-id | all } command. You can see that the BFDState field value on the local
switch is displayed Up.
3.11.2 Configuring Static BFD for RIP
Context
BFD provides link failure detection featuring light load and high speed. Static BFD for RIP is
a mode to implement the BFD function.
Establishing BFD sessions between RIP neighbors can rapidly detect faults on links and speed
up response of RIP to network topology changes.
Static BFD must be enabled using a command.
Procedure
Step 1 Enable BFD globally.
1. Run:
system-view
The system view is displayed.
2. Run:
bfd
BFD is enabled globally.
3. Run:
quit
Return to the system view.
Step 2 Configure Static BFD.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
72
1. Run:
bfd session-name bind peer-ip ip-address [ interface interface-type interface-
number ] [ source-ip ip-address ]
BFD binding is created.
If a peer IP address and a local interface are specified, BFD detects only a single-hop link,
that is, a route with the interface specified in the bfd command as the outbound interface
and with the peer IP address specified in the peer-ip command as the next-hop address.
2. Set discriminators.
l Run:
discriminator local discr-value
The local discriminator is set.
l Run:
discriminator remote discr-value
The remote discriminator is set.
The local discriminator must be the remote discriminator of the device on the other end;
otherwise, a BFD session cannot be established. The local and remote discriminators cannot
be modified after being configured.
NOTE
local discr-value set on the local device is the same as that of remote discr-value set on the remote
device.remote discr-value set on the local device is the same as that of local discr-value set on the
remote device.
3. Run:
quit
Return to the system view.
Step 3 Enable static BFD on an interface.
1. Run:
interface interface-type interface-number
The view of the specified interface is displayed.
2. Run:
rip bfd static
Static BFD is enabled on the interface.
3. Run:
quit
Return to the system view.
Step 4 Run:
commit
The configuration is committed.
----End
Checking the Configuration
After configuring static BFD for RIP,
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
73
l Run the display rip process-id interface [ interface-type interface-number ] verbose
command to check BFD for RIP configurations on the specified interface.
3.12 Configuring the Network Management Function for
RIP
By binding RIP to the MIB, you can view RIP information and configure RIP through the NMS.
Pre-configuration Tasks
Before configuring the network management function for RIP, complete the following task:
l Configuring Basic RIP Functions
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
rip mib-binding process-id
RIP is bound to the MIB.
This command is used to bind a RIP process ID to MIBs and specify the ID of the RIP process
that accepts Simple Network Management Protocol (SNMP) requests.
Step 3 Run:
commit
The configuration is committed.
----End
Checking the Configuration
l Run the display current-configuration command to view the binding relationships of RIP.
3.13 Maintaining RIP
RIP maintenance includes resetting RIP connections and clearing RIP statistics.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
74
3.13.1 Resetting RIP
Context
CAUTION
The RIP neighbor relationship is deleted after you reset RIP connections with the reset rip
command. Exercise caution when running this command.
To reset RIP connections, run the following reset commands in the user view.
Procedure
l Run the reset rip { process-id | all } configuration command to reset the system parameters
of a RIP process. When a RIP process restarts, all the parameters of the process retain the
default values.
----End
3.13.2 Clearing RIP Statistics
Context
CAUTION
RIP information cannot be restored after it is cleared. Exercise caution when running the
commands.
To clear RIP statistics, run the following reset commands in the user view.
Procedure
l Run the reset rip { process-id | all } imported-routes command to clear the routes imported
from other routing protocols, including dynamic routes and direct routes, and import the
routes to RIP again.
l Run the reset rip { process-id | all } statistics [ interface { all | interface-type interface-
number } ] command to clear the counters of a certain RIP process. This command is used
to recount statistics during debugging.
----End
3.14 Configuration Examples
This section provides configuration examples of RIP, including networking requirements,
configuration notes, and configuration roadmap.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
75
3.14.1 Example for Configuring Basic RIP Functions
Networking Requirements
As shown in Figure 3-1, SwitchA, SwitchB, SwitchC, and SwitchD are located on a small-sized
network, and they need to communicate with each other.
Figure 3-1 Network diagram of basic RIP functions
10GE1/0/3
VLANIF20
10.1.1.2/24
10GE1/0/2
VLANIF20
172.16.1.1/24
10GE1/0/2
VLANIF20
172.16.1.2/24
10GE1/0/3
VLANIF30
10.1.1.1/24
SwitchA SwitchD
SwitchC
10GE1/0/1
VLANIF10
192.168.1.1/24
10GE1/0/1
VLANIF10
192.168.1.2/24
SwitchB

Configuration Roadmap
The network size is small, so RIP-2 is recommended. The configuration roadmap is as follows:
1. Configure a VLAN and an IP address for each interface to ensure network reachability.
2. Enable RIP on each switch to implement network connections between processes.
3. Configure RIP-2 on each switch to improve RIP performance.
Procedure
Step 1 Name the device.The configuration procedure is not provided here.
Step 2 Configure a VLAN and an IP address for each interface. The configuration procedure is not
provided here.
Step 3 Specify the network segment where RIP needs to be enabled.
# Configure SwitchA.
[~SwitchA] rip
[~SwitchA-rip-1] network 192.168.1.0
[~SwitchA-rip-1] commit
[~SwitchA-rip-1] quit
# Configure SwitchB.
[~SwitchB] rip
[~SwitchB-rip-1] network 192.168.1.0
[~SwitchB-rip-1] network 172.16.0.0
[~SwitchB-rip-1] network 10.0.0.0
[~SwitchB-rip-1] commit
[~SwitchB-rip-1] quit
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
76
# Configure SwitchC.
[~SwitchC] rip
[~SwitchC-rip-1] network 172.16.0.0
[~SwitchC-rip-1] commit
[~SwitchC-rip-1] quit
# Configure SwitchD.
[~SwitchD] rip
[~SwitchD-rip-1] network 10.0.0.0
[~SwitchD-rip-1] commit
[~SwitchD-rip-1] quit
# Display the RIP routing table of SwitchA.
[~SwitchA] display rip 1 route
Route Flags: R - RIP, T - TRIP
P - Permanent, A - Aging, S - Suppressed, G - Garbage-collect
-------------------------------------------------------------------------
Peer 192.168.1.2 on Vlanif10
Destination/Mask Nexthop Cost Tag Flags Sec
10.0.0.0/8 192.168.1.2 1 0 RA 14
172.16.0.0/16 192.168.1.2 1 0 RA 14
192.168.1.0/24 192.168.1.2 1 0 RA 14
From the routing table, you can find that the routes advertised by RIP-1 use natural masks.
Step 4 Specify the RIP version.
# Configure RIP-2 on SwitchA.
[~SwitchA] rip
[~SwitchA-rip-1] version 2
[~SwitchA-rip-1] commit
[~SwitchA-rip-1] quit
# Configure RIP-2 on SwitchB.
[~SwitchB] rip
[~SwitchB-rip-1] version 2
[~SwitchB-rip-1] commit
[~SwitchB-rip-1] quit
# Configure RIP-2 on SwitchC.
[~SwitchC] rip
[~SwitchC-rip-1] version 2
[~SwitchC-rip-1] commit
[~SwitchC-rip-1] quit
# Configure RIP-2 on SwitchD.
[~SwitchD] rip
[~SwitchD-rip-1] version 2
[~SwitchD-rip-1] commit
[~SwitchD-rip-1] quit
Step 5 Verify the configuration.
# Display the RIP routing table of SwitchA.
[~SwitchA] display rip 1 route
Route Flags: R - RIP
A - Aging, S - Suppressed, G - Garbage-collect
-------------------------------------------------------------------------
Peer 192.168.1.2 on Vlanif10
Destination/Mask Nexthop Cost Tag Flags Sec
10.1.1.0/24 192.168.1.2 1 0 RA 32
172.16.1.0/24 192.168.1.2 1 0 RA 32
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
77
192.168.1.0/24 192.168.1.2 1 0 RA 14
The RIP routing table shows that the routes advertised by RIP-2 contain accurate subnet masks.
----End
Configuration Files
l # Configuration file of SwitchA
#
sysname SwitchA
#
interface Vlanif 10
ip address 192.168.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
rip 1
version 2
network 192.168.1.0
#
return
l # Configuration file of SwitchB
#
sysname SwitchB
#
interface Vlanif 10
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif 10
ip address 172.16.1.1 255.255.255.0
#
interface Vlanif 10
ip address 10.1.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 30
#
rip 1
version 2
network 10.0.0.0
network 172.16.0.0
network 192.168.1.0
#
return
l # Configuration file of SwitchC
#
sysname SwitchC
#
interface Vlanif 20
ip address 172.16.1.2 255.255.255.0
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
78
#
rip 1
version 2
network 172.16.0.0
#
return
l # Configuration file of SwitchD
#
sysname SwitchD
#
interface Vlanif 30
ip address 10.1.1.2 255.255.255.0
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
rip 1
version 2
network 10.0.0.0
#
return
3.14.2 Example for Importing Routes to RIP
Networking Requirements
As shown in Figure 3-2, two RIP processes, RIP100 and RIP200, run on SwitchB. SwitchA
needs to communicate with network segment 192.168.3.0/24.
Figure 3-2 Network diagram of importing routes to RIP
10GE1/0/1
VLANIF50
192.168.0.1/24
10GE1/0/2
VLANIF10
192.168.1.1/24
10GE1/0/1
VLANIF20
192.168.2.1/24
10GE1/0/3
VLANIF40
192.168.4.1/24
10GE1/0/2
VLANIF30
192.168.3.1/24
SwitchB
SwitchA
10GE1/0/1
VLANIF20
192.168.2.2/24
SwitchC
10GE1/0/2
VLANIF10
192.168.1.2/24
RIP 100
RIP 200

Configuration Roadmap
The configuration roadmap is as follows:
1. Enable RIP on each switch to implement network connections between processes.
2. On SwitchB, import routes between RIP100 and RIP200 and set the default metric of routes
imported from RIP200 to 3.
3. Configure an ACL on SwitchB to filter route 192.168.4.0/24 imported from RIP200.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
79
Procedure
Step 1 Name the device.The configuration procedure is not provided here.
Step 2 Configure a VLAN and an IP address for each interface. The configuration procedure is not
provided here.
Step 3 Configure basic RIP functions.
# Enable RIP100 on SwitchA.
[~SwitchA] rip 100
[~SwitchA-rip-100] network 192.168.0.0
[~SwitchA-rip-100] network 192.168.1.0
[~SwitchA-rip-100] commit
[~SwitchA-rip-100] quit
# Enable RIP100 and RIP200 on SwitchB.
[~SwitchB] rip 100
[~SwitchB-rip-100] network 192.168.1.0
[~SwitchB-rip-100] commit
[~SwitchB-rip-100] quit
[~SwitchB] rip 200
[~SwitchB-rip-200] network 192.168.2.0
[~SwitchB-rip-200] commit
[~SwitchB-rip-200] quit
# Enable RIP200 on SwitchC.
[~SwitchC] rip 200
[~SwitchC-rip-200] network 192.168.2.0
[~SwitchC-rip-200] network 192.168.3.0
[~SwitchC-rip-200] network 192.168.4.0
[~SwitchC-rip-200] commit
[~SwitchC-rip-200] quit
# Display the routing table of SwitchA.
[~SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: _public_
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.0.0/24 Direct 0 0 D 192.168.0.1 Vlanif50
192.168.0.1/32 Direct 0 0 D 127.0.0.1 Vlanif50
192.168.0.255/32 Direct 0 0 D 127.0.0.1 Vlanif50
192.168.1.0/24 Direct 0 0 D 192.168.1.1 Vlanif10
192.168.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif10
192.168.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif10
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
The routing table of SwitchA does not contain the routes imported from other processes.
Step 4 Configure RIP to import external routes.
# On SwitchB, set the default metric of imported routes to 3 and configure the RIP processes to
import routes into each other's routing table.
[~SwitchB] rip 100
[~SwitchB-rip-100] default-cost 3
[~SwitchB-rip-100] import-route rip 200
[~SwitchB-rip-100] quit
[~SwitchB] rip 200
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
80
[~SwitchB-rip-200] import-route rip 100
[~SwitchB-rip-200] quit
[~SwitchB] commit
# Display the routing table of SwitchA after the routes are imported.
[~SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: _public_
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.0.0/24 Direct 0 0 D 192.168.0.1 Vlanif50
192.168.0.1/32 Direct 0 0 D 127.0.0.1 Vlanif50
192.168.0.255/32 Direct 0 0 D 127.0.0.1 Vlanif50
192.168.1.0/24 Direct 0 0 D 192.168.1.1 Vlanif10
192.168.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif10
192.168.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif10
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.2.0/24 RIP 100 4 D 192.168.1.2 Vlanif10
192.168.3.0/24 RIP 100 4 D 192.168.1.2 Vlanif10
192.168.4.0/24 RIP 100 4 D 192.168.1.2 Vlanif10
The RIP routing table of SwitchA contains routes 192.168.2.0/24, 192.168.3.0/24, and
192.168.4.0/24, which are learned by RIP200 on SwitchB.
Step 5 Configure RIP to filter imported routes.
# Configure an ACL on SwitchB and add a rule to the ACL. The rule denies the packets sent
from 192.168.4.0/24.
[~SwitchB] acl 2000
[~SwitchB-acl-basic-2000] rule deny source 192.168.4.0 0.0.0.255
[~SwitchB-acl-basic-2000] rule permit
[~SwitchB-acl-basic-2000] quit
# Configure SwitchB to filter route 192.168.4.0/24 imported from RIP200.
[~SwitchB] rip 100
[~SwitchB-rip-100] filter-policy 2000 export
[~SwitchB-rip-100] quit
[~SwitchB] commit
Step 6 Verify the configuration.
# Display the RIP routing table of SwitchA after the routes are filtered.
[~SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: _public_
Destinations : 12 Routes : 12
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.0.0/24 Direct 0 0 D 192.168.0.1 Vlanif50
192.168.0.1/32 Direct 0 0 D 127.0.0.1 Vlanif50
192.168.0.255/32 Direct 0 0 D 127.0.0.1 Vlanif50
192.168.1.0/24 Direct 0 0 D 192.168.1.1 Vlanif10
192.168.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif10
192.168.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif10
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.2.0/24 RIP 100 4 D 192.168.1.2 Vlanif10
192.168.3.0/24 RIP 100 4 D 192.168.1.2 Vlanif10
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
81
The RIP routing table of SwitchA does not contain the route originating from 192.168.4.0/24.
----End
Configuration Files
l # Configuration file of SwitchA
#
sysname SwitchA
#
Vlanif10
ip address 192.168.1.1 255.255.255.0
#
Vlanif50
ip address 192.168.0.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 50
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 10
#
rip 100
network 192.168.0.0
network 192.168.1.0
#
return
l # Configuration file of SwitchB
#
sysname SwitchB
#
acl number 2000
rule 5 deny source 192.168.4.0 0.0.0.255
rule 10 permit
#
Vlanif10
ip address 192.168.1.2 255.255.255.0
#
Vlanif20
ip address 192.168.2.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 10
#
rip 100
default-cost 3
network 192.168.1.0
filter-policy 2000 export
import-route rip 200
#
rip 200
network 192.168.2.0
import-route rip 100
#
return
l # Configuration file of SwitchC
#
sysname SwitchC
#
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
82
Vlanif20
ip address 192.168.2.2 255.255.255.0
#
Vlanif30
ip address 192.168.3.1 255.255.255.0
#
Vlanif40
ip address 192.168.4.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 40
#
rip 200
network 192.168.2.0
network 192.168.3.0
network 192.168.4.0
#
return
3.14.3 Example for Configuring Dynamic BFD for RIP
Networking Requirements
As shown in Figure 3-3, there are four switches that communicate using RIP on a small-sized
network. Services are transmitted through the primary link Switch ASwitch BSwitch D.
Reliability must be improved for data transmitted from Switch A to Switch B so that services
can be rapidly switched to another path for transmission when the primary link fails.
Figure 3-3 Networking diagram for configuring BFD for RIP
SwitchA SwitchB SwitchD
SwitchC
10GE1/0/1
VLANIF10
2.2.2.1/24
10GE1/0/1
VLANIF10
2.2.2.2/24
10GE1/0/2
VLANIF30
4.4.4.1/24
10GE1/0/3
VLANIF40
172.16.1.1/24
10GE1/0/1
VLANIF40
172.16.1.2/24
10GE1/0/1
VLANIF30
4.4.4.2/24
10GE1/0/2
VLANIF20
3.3.3.2/24
10GE1/0/2
VLANIF20
3.3.3.1/24

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a VLAN and an IP address for each interface to ensure network reachability.
2. Enable RIP on each switch to implement network connections between processes.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
83
3. Configure BFD for RIP on interfaces at both ends of the link between Switch A and
Switch B. BFD can rapidly detect the link status and help RIP speed up route convergence
to implement fast link switching.
Procedure
Step 1 Configure a VLAN for each interface.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[~HUAWEI] commit
[~SwitchA] vlan batch 10 20
[~SwitchA] interface 10GE 1/0/1
[~SwitchA-GigabitEthernet1/0/1] port link-type trunk
[~SwitchA-GigabitEthernet1/0/1] port trunk allow-pass vlan 10
[~SwitchA-GigabitEthernet1/0/1] quit
[~SwitchA] interface 10GE 1/0/2
[~SwitchA-GigabitEthernet1/0/2] port link-type trunk
[~SwitchA-GigabitEthernet1/0/2] port trunk allow-pass vlan 20
[~SwitchA-GigabitEthernet1/0/2] quit
[~SwitchA] commit
The configurations of Switch B, Switch C and Switch D are similar to the configuration of
Switch A, and are not mentioned here.
Step 2 Configure IP address for each vlanif interface.
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] ip address 2.2.2.1 24
[~SwitchA-Vlanif10] quit
[~SwitchA] interface vlanif 20
[~SwitchA-Vlanif20] ip address 3.3.3.1 24
[~SwitchA-Vlanif20] quit
[~SwitchA] commit
The configurations of Switch B, Switch C and Switch D are similar to the configuration of
Switch A, and are not mentioned here.
Step 3 Configure basic RIP functions.
# Configure Switch A.
<SwitchA> system-view
[~SwitchA] rip 1
[~SwitchA-rip-1] version 2
[~SwitchA-rip-1] network 2.0.0.0
[~SwitchA-rip-1] network 3.0.0.0
[~SwitchA-rip-1] quit
[~SwitchA] commit
# Configure Switch B.
<SwitchB> system-view
[~SwitchB] rip 1
[~SwitchB-rip-1] version 2
[~SwitchB-rip-1] network 2.0.0.0
[~SwitchB-rip-1] network 4.0.0.0
[~SwitchB-rip-1] network 172.16.0.0
[~SwitchB-rip-1] quit
[~SwitchB] commit
# Configure Switch C.
<SwitchC> system-view
[~SwitchC] rip 1
[~SwitchC-rip-1] version 2
[~SwitchC-rip-1] network 3.0.0.0
[~SwitchC-rip-1] network 4.0.0.0
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
84
[~SwitchC-rip-1] quit
[~SwitchC] commit
# Configure Switch D.
<SwitchD> system-view
[~SwitchD] rip 1
[~SwitchD-rip-1] version 2
[~SwitchD-rip-1] network 172.16.0.0
[~SwitchD-rip-1] quit
[~SwitchD] commit
# After completing the preceding operations, run the display rip neighbor command. The
command output shows that Switch A, Switch B, and Switch C have established neighbor
relationships with each other. In the following example, the display on Switch A is used.
[~SwitchA] display rip 1 neighbor
---------------------------------------------------------------------
IP Address Interface Type Last-Heard-Time
---------------------------------------------------------------------
2.2.2.2 Vlanif10 RIP 0:0:14
Number of RIP routes : 2
3.3.3.2 Vlanif20 RIP 0:0:19
Number of RIP routes : 1
# Run the display ip routing-table command. The command output shows that the switches
have imported routes from each other. In the following example, the display on Switch A is
used.
[~SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 13

Destination/Mask Proto Pre Cost Flags NextHop Interface

2.2.2.0/24 Direct 0 0 D 2.2.2.1 Vlanif10
2.2.2.1/32 Direct 0 0 D 127.0.0.1 Vlanif10
2.2.2.255/32 Direct 0 0 D 127.0.0.1 Vlanif10
3.3.3.0/24 Direct 0 0 D 3.3.3.1 Vlanif20
3.3.3.1/32 Direct 0 0 D 127.0.0.1 Vlanif20
3.3.3.255/32 Direct 0 0 D 127.0.0.1 Vlanif20
4.4.4.0/24 RIP 100 1 D 3.3.3.2 Vlanif20
RIP 100 1 D 2.2.2.2 Vlanif10
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 RIP 100 1 D 2.2.2.2 Vlanif10
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
The preceding command output shows that the next-hop address and outbound interface of the
route to destination 172.16.1.0/16 are 2.2.2.2 and Vlanif10 respectively, and traffic is transmitted
over the active link Switch A->Switch B.
Step 4 Configure BFD in RIP processes.
# Configure BFD on all interfaces of Switch A.
[~SwitchA] bfd
[~SwitchA-bfd] quit
[~SwitchA] rip 1
[~SwitchA-rip-1] bfd all-interfaces enable
[~SwitchA-rip-1] bfd all-interfaces min-rx-interval 100 min-tx-interval 100 detect-
multiplier 10
[~SwitchA-rip-1] quit
[~SwitchA] commit
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
85
The configuration of Switch B is similar to that of Switch A, and is not provided here.
# After completing the preceding operations, run the display rip bfd session command on
Switch A. The command output shows that Switch A and Switch B have established a BFD
session and the BFDState field value is displayed as Up. In the following example, the display
on Switch A is used.
[~SwitchA] display rip 1 bfd session all
LocalIp :2.2.2.1 RemoteIp :2.2.2.2 BFDState :Up
TX :100 RX :100 Multiplier:3
BFD Local Dis :8194 Interface :Vlanif10
Diagnostic Info:No diagnostic information

LocalIp :3.3.3.1 RemoteIp :3.3.3.2 BFDState :Down
TX :2800 RX :2800 Multiplier:0
BFD Local Dis :8192 Interface :Vlanif20
Diagnostic Info:No diagnostic information
Step 5 Verify the configuration.
# Run the shutdown command on 10GE 1/0/0 of Switch B to simulate a fault in the active link.
NOTE
The link fault is simulated to verify the configuration. In actual situations, the operation is not required.
[~SwitchB] interface 10GE 1/0/1
[~SwitchB-10GE1/0/1] shutdown
[~SwitchB-10GE1/0/1] commit
# Check the routing table of Switch A.
[~SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 13

Destination/Mask Proto Pre Cost Flags NextHop Interface

3.3.3.0/24 Direct 0 0 D 3.3.3.1 Vlanif20
3.3.3.1/32 Direct 0 0 D 127.0.0.1 Vlanif20
3.3.3.255/32 Direct 0 0 D 127.0.0.1 Vlanif20
4.4.4.0/24 RIP 100 1 D 3.3.3.2 Vlanif20
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 RIP 100 2 D 3.3.3.2 Vlanif20
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
The preceding command output shows that the standby link Switch A->Switch C->Switch B is
used after the active link fails, and the next-hop address and outbound interface of the route to
destination 172.16.1.0/16 are 3.3.3.2 and Vlanif20 respectively.
----End
Configuration Files
l Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 10 20
#
bfd
#
interface Vlanif10
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
86
ip address 2.2.2.1 255.255.255.0
#
interface Vlanif20
ip address 3.3.3.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
rip 1
version 2
network 2.0.0.0
network 3.0.0.0
bfd all-interfaces enable
bfd all-interfaces min-tx 100 min-rx-interval 100 detect-multiplier 10
#
return
l Configuration file of Switch B
#
sysname SwitchB
#
vlan batch 10 30 40
#
bfd
#
interface Vlanif10
ip address 2.2.2.2 255.255.255.0
#
interface Vlanif30
ip address 4.4.4.1 255.255.255.0
#
interface Vlanif40
ip address 172.16.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 40
#
rip 1
version 2
network 2.0.0.0
network 4.0.0.0
network 172.16.0.0
bfd all-interfaces enable
bfd all-interfaces min-tx-interval 100 min-rx-interval 100 detect-multiplier
10
#
return
l Configuration file of Switch C
#
sysname SwitchC
#
vlan batch 20 30
#
interface Vlanif20
ip address 3.3.3.2 255.255.255.0
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
87
#
interface Vlanif30
ip address 4.4.4.2 255.255.255.0
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
rip 1
version 2
network 3.0.0.0
network 4.0.0.0
#
return
l Configuration file of Switch D
#
sysname SwitchD
#
vlan 40
#
interface Vlanif40
ip address 172.16.1.2 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 40
#
rip 1
version 2
network 172.16.0.0
#
return
3.15 Common Configuration Errors
This section describes common faults caused by incorrect RIP configurations and provides the
troubleshooting procedure.
3.15.1 Failed to Receive RIP Update Packets from Neighbors
Fault Description
A device cannot receive RIP Update packets from neighbors when the link runs properly.
Procedure
Step 1 Run the display current-configuration configuration rip command to check RIP
configurations.
l Check whether RIP has been enabled on the interface. Only the RIP-enabled interface can
receive RIP packets.
l Check whether the RIP versions on neighbors and local interface are the same. If the RIP
versions are different, the interface cannot receive RIP packets from neighbors.
Step 2 Run the display current-configuration interface interface-type interface-number command to
view the interface configuration.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
88
l Check whether the undo rip input command has been executed on the interface. If the
command has been executed, the interface does not receive RIP packets.
l Check whether the authentication modes on the two ends of the link are the same. If the
authentication modes are different, the interface cannot receive RIP packets from the peer.
----End
3.15.2 Failed to Send RIP Update Packets to Neighbors
Fault Description
A device cannot send RIP Update packets to neighbors when the link runs properly.
Procedure
Step 1 Run the display current-configuration configuration rip command to check RIP
configurations.
l Check whether RIP has been enabled on the interface. Only the RIP-enabled interface can
send RIP packets.
l Check whether the silent-interface command has been executed on the interface. If the
command has been executed, the interface does not send RIP packets.
Step 2 Run the display current-configuration interface interface-type interface-number command to
view the interface configuration.
l Check whether the undo rip output command has been executed on the interface. If the
command has been executed, the interface does not send RIP packets.
l Check whether the authentication modes on the two ends of the link are the same. If the
authentication modes are different, the interface cannot send RIP packets to the peer.
l Check whether split horizon has been enabled on the interface. If split horizon has been
enabled, the interface cannot send the route learned by itself to neighbors.
NOTE
Split horizon is enabled on all interfaces by default, but the display current-configuration command
output does not show the split horizon option. If the command output for an interface connected to an
NBMA network does not contain the split horizon option, split horizon is disabled on the interface.
----End
3.15.3 Route Flapping Occurs on a RIP Network
Fault Description
Route flapping occurs on a RIP network when the link runs properly. Some routes intermittently
disappear in the routing table.
Procedure
Step 1 Run the display rip command to check the configuration of RIP timers.
The RIP timers on the entire network must be consistent; otherwise, route flapping occurs. The
relationships between the timer values are update < age, update < garbage-collect.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
89
Step 2 Run the timers rip update age suppress garbage-collect command to set the RIP timers.
----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 3 RIP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
90
4 OSPF Configuration
About This Chapter
By building OSPF networks, you can enable OSPF to discover and calculate routes in ASs.
OSPF is applicable to a large-scale network that consists of hundreds of devices.
4.1 OSPF Overview
OSPF, which is developed by the IETF, is a link-state IGP. OSPF is widely used in access
networks and MANs.
4.2 OSPF Features Supported by the Device
The supported Open Shortest Path First (OSPF) features include the OSPF multi-process,
authentication, non-stop routing (NSR), stub area, not so stubby area (NSSA), OSPF IP FRR,
bidirectional forwarding detection (BFD), smart-discover, Interior Gateway Protocol (IGP)
shortcut, forwarding adjacency, OSPF VPN Multi-instance, Synchronization Between OSPF
and LDP, generalized TTL security mechanism (GTSM), host routes advertisement, and fast
convergence.
4.3 Default Configuration
This section describes the default configuration of OSPF, which can be changed according to
network requirements.
4.4 Configuring Basic OSPF Functions
Before building OSPF networks, you need to configure basic OSPF functions.
4.5 Setting Parameters for OSPF Neighbor Relationship
On an OSPF network, all routing information is transmitted and exchanged between neighboring
or adjacent devices. By maintaining neighbor relationships or adjacencies, you can stabilize the
entire network.
4.6 Configuring OSPF Attributes in Different Types of Networks
By setting network types for OSPF interfaces and adjusting OSPF attributes, you can build OSPF
networks flexibly.
4.7 Configuring OSPF Stub Areas
By configuring non-backbone areas at the edge of ASs as stub areas, you can reduce the size of
the routing table and reduce the number of LSAs to be transmitted.
4.8 Configuring OSPF NSSA Areas
Configuring a non-backbone area on the border of an autonomous system (AS) as a not-so-
stubby area (NSSA) can reduce entries in the routing table and the amount of routing information
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
91
to be transmitted. This section describes how to set the cost of the default route to an NSSA and
adjust the selection of the default route.
4.9 Adjusting OSPF Route Selection
By adjusting OSPF route selection, you can enable OSPF to meet the requirements of complex
networks.
4.10 Controlling OSPF Routing Information
This section describes how to control OSPF routing information. Detailed operations include
importing external routes, and filtering the received routes and LSAs.
4.11 Configuring OSPF IP FRR
In the case of a link fault, a device enabled with OSPF IP FRR can fast switch traffic to the
backup link. This protects traffic and greatly improves the reliability of OSPF networks.
4.12 Configuring BFD for OSPF
If there are high requirements for data transmission, and OSPF convergence needs to be speeded
up when the link status changes, you can configure BFD on OSPF links. After detecting a link
failure, BFD notifies the routing protocol of the failure, which triggers fast convergence. When
the neighbor relationship is Down, the BFD session is deleted dynamically.
4.13 Configuring OSPF Fast Convergence
By adjusting OSPF timers, you can implement OSPF fast network convergence.
4.14 Configuring OSPF GR Helper
To avoid traffic interruption and route flapping caused by the active/standby switchover, you
can enable OSPF GR.
4.15 Improving the Stability of an OSPF Network
A stable OSPF network features less route flapping, normal device performance, and good
network performance.
4.16 Improving the Security of an OSPF Network
On a network demanding high security, you can configure OSPF authentication and the
GTSM to improve the security of the OSPF network.
4.17 Configuring the Network Management Function of OSPF
OSPF supports the network management function. You can bind the OSPF MIB to a certain
OSPF process.
4.18 Maintaining OSPF
Maintaining OSPF involves resetting OSPF, and clearing OSPF statistics.
4.19 Configuring Examples
This section provides several configuration examples of OSPF together with the configuration
flowchart. The configuration examples explain networking requirements, and configuration
roadmap.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
92
4.1 OSPF Overview
OSPF, which is developed by the IETF, is a link-state IGP. OSPF is widely used in access
networks and MANs.
Before the emergence of OSPF, the Routing Information Protocol (RIP) is widely used on
networks as an Interior Gateway Protocol (IGP).
RIP is a routing protocol based on the distance vector algorithm. Due to its slow convergence,
routing loops, and poor scalability, RIP is gradually replaced by OSPF.
As a link-state protocol, OSPF can solve many problems encountered by RIP. Additionally,
OSPF has the following advantages:
l Supports area partition. An Autonomous System (AS) can be partitioned into areas to
simplify management. The Link State Database (LSDB) of a device in an area needs to be
consistent with only the LSDBs of other devices in this area. The decrease in the size of
the LSDB greatly reduces the memory consumption and CPU usage of the device. In
addition, less network bandwidth is consumed because of the decrease in routing
information to be transmitted between areas.
l Receives or sends packets in multicast mode to reduce load on the switch that does not run
OSPF.
l Supports Classless Interdomain Routing (CIDR).
l Supports load balancing among equal-cost routes.
l Supports packet authentication.
With the preceding advantages, OSPF is widely accepted and used as an IGP.
NOTE
In this chapter, OSPF refers to OSPF Version 2 (OSPFv2), unless otherwise specified.
Typical Networking of OSPF
As shown in Figure 4-1, there are two most important concepts in an OSPF network, namely,
areas and different types of device.
The number of devices increases with the increasing expansion of the network scale. This leads
to a large LSDB on each device, which imposes a heavy burden on the device. OSPF solves this
problem by partitioning an AS into different areas. An area is regarded as a logical group, which
is identified by an area ID. At the border of an area resides a device rather than a link. A network
segment (or a link) belongs to only one area. That is, the area to which each OSPF interface
belongs needs to be specified.
After area partition, route aggregation can be performed on the Area Border Router (ABR) to
reduce the number of Link State Advertisements (LSAs) to be advertised to other areas. Route
aggregation also minimizes the impacts caused by changes in the topology.
Based on their locations in an AS, the devices that run OSPF are classified into the following
types:
l Internal routers
l ABRs
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
93
l Backbone routers
l AS Boundary Routers (ASBRs)
Figure 4-1 Typical networking diagram of OSPF
Area3
Area0
Area1
Area2
Area4
Internal Router
ABR
Backbone Router
ASBR IS-IS

In an AS, inter-area routes and intra-area routes describe the network structure of the AS. AS
external routes describe how to select a route to a destination outside an AS. OSPF classifies the
imported AS external routes into Type 1 and Type 2 external routes.
Table 4-1 lists route types in descending order of priority.
Table 4-1 OSPF route type
Route Description
Intra area Indicates intra-area routes.
Inter area Indicates inter-area routes.
Type1 external Indicates Type 1 external routes. The cost of a Type 1
external route equals the cost for the OSPF device to reach
an ASBR plus the cost of the route from the ASBR to the
destination.
When the cost of an external route approximately equals the
cost of an AS internal route, this external route is considered
highly reliable and can be configured as a Type 1 external
route.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
94
Route Description
Type2 external Indicates Type 2 external routes. The cost of a Type 2
external route equals the cost of the route from an ASBR to
the destination.
Therefore, during route calculation, OSPF considers only
the cost of the route from an ASBR to the destination outside
an AS, namely, the cost of a Type 2 external route.
When the cost of the route from an ASBR to the destination
outside an AS is much greater than the cost of the internal
route to the ASBR, this external route has a low reliability
and can be configured as a Type 2 external route.

OSPF Network Type
OSPF classifies networks into the following types according to the types of link layer protocol:
l Broadcast networks
If the link layer protocol is Ethernet or Fiber Distributed Data Interface (FDDI), OSPF
defaults the network type to broadcast.
Hello packets and packets from the Designated Router (DR) are sent in multicast mode
by using address 224.0.0.5, which indicates the reserved IP multicast address for OSPF
devices.
Link State Update (LSU) packets are sent to the DR in multicast mode by using address
224.0.0.6, which indicates the reserved IP multicast address for the OSPF DR. Then,
the DR forwards the LSU packets to destination 224.0.0.5.
Database Description (DD) packets, Link State Request (LSR) packets, and all
retransmission packets are sent in unicast mode.
Link State Acknowledgment (LSAck) packets are usually sent in multicast mode by
using address (224.0.0.5). When a device receives repeated LSAs, or the LSAs are
deleted due to the timeout of the maximum lifetime, LSAck packets are sent in unicast
mode.
l Non-Broadcast Multiple Access (NBMA) networks
If the link layer protocol is frame relay (FR), X.25, OSPF defaults the network type to
NBMA. In this type of network, protocol packets, such as Hello packets, DD packets, LSR
packets, LSU packets, and LSAck packets, are sent in unicast mode.
l Point-to-Multipoint (P2MP) networks
There is no concept of P2MP in link layer protocols. Therefore, a P2MP network must be
forcibly changed from other network types. In this type of network, Hello packets are sent
in multicast mode by using address 224.0.0.5; DD packets, LSR packets, LSU packets. and
LSAck packets are sent in unicast mode.
l Point-to-point (P2P) networks
If the link layer protocol is PPP, High-Level Data Link Control (HDLC), or Link Access
Procedure Balanced (LAPB), OSPF defaults the network type to P2P. In this type of
network, protocol packets, such as Hello packets, DD packets, LSR packets, LSU packets,
and LSAck packets, are sent in multicast mode by using address 224.0.0.5.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
95
4.2 OSPF Features Supported by the Device
The supported Open Shortest Path First (OSPF) features include the OSPF multi-process,
authentication, non-stop routing (NSR), stub area, not so stubby area (NSSA), OSPF IP FRR,
bidirectional forwarding detection (BFD), smart-discover, Interior Gateway Protocol (IGP)
shortcut, forwarding adjacency, OSPF VPN Multi-instance, Synchronization Between OSPF
and LDP, generalized TTL security mechanism (GTSM), host routes advertisement, and fast
convergence.
Multi-process
OSPF supports multi-process. Multiple different OSPF processes can run on the same switch,
and are independent of each other. Route interaction between different OSPF processes is similar
to route interaction between different routing protocols.
An interface of the switch belongs to only a certain OSPF process.
Authentication
OSPF supports packet authentication. Only the OSPF packets that pass the authentication can
be received. If packets fail to pass the authentication, the neighbor relationship cannot be
established. The switch supports the following authentication modes:
l Area authentication
l Interface authentication
When both area authentication and interface authentication are available, interface
authentication is preferred.
OSPF NSR
Non-Stop Routing (NSR) is a routing technique that prevents a neighbor from sensing the fault
on the control plane of a device that provides a slave control plane. With NSR, when the control
plane of the device becomes faulty, the neighbor relationship set up through specific routing
protocols, MPLS, and other protocols that carry services are not interrupted.
As networks develop fast, operators pose high requirements for reliability on IP networks. NSR,
as a high availability (HA) solution, is thus introduced to ensure that services transmitted by a
device are not affected when a hardware or software failure occurs on the device.
OSPF Stub Area
In a stub area, the area border router (ABR) does not transmit learned autonomous system (AS)
external routes. This implementation reduces entries in the routing tables on ABRs in stub areas
and the amount of routing information to be transmitted.
To ensure the reachability of AS external routes, the ABR in the stub area generates a default
route and advertises the route to non-ABRs in the stub area.
Note the following points when configuring a stub area:
l The backbone area cannot be configured as a stub area.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
96
l If an area needs to be configured as a stub area, stub attributes must be configured on all
the switchs in this area using the stub command.
l An autonomous system boundary router (ASBR) cannot exist in a stub area. AS external
routes are not transmitted in the stub area.
l Virtual links cannot exist in the stub area.
OSPF NSSA
An NSSA is a new type of OSPF area. Neither the NSSA nor the stub area transmits routes
learned from other areas in the AS where it resides. Different from the stub area, the NSSA
allows AS external routes to be imported and forwarded in the entire AS.
To ensure the reachability of AS external routes, the ABR in the NSSA generates a default route
and advertises this route to the other switchs in the NSSA.
Note the following points when configuring an NSSA:
l The backbone area cannot be configured as an NSSA.
l If an area needs to be configured as an NSSA, NSSA attributes must be configured on all
the switchs in this area.
l Virtual links cannot exist in the NSSA.
OSPF IP FRR
OSPF IP FRR pre-computes a backup link by using the Loop-Free Alternate (LFA) algorithm,
and then adds the backup link and the primary link to the forwarding table. In the case of failures,
OSPF IP FRR can fast switch traffic to the backup link before routes on the control plane
converge. This prevents traffic interruption and thus protects traffic and improves reliability of
an OSPF network.
OSPF IP FRR complies with RFC 5286, that is, Basic Specification for IP Fast Reroute Loop-
Free Alternates, which protects traffic when links or nodes become faulty.
BFD for OSPF
By default, on broadcast networks, the interval for OSPF to send Hello packets is 10 seconds;
on NBMA networks, the interval for sending Hello packets is 30 seconds. The interval for
declaring a neighbor Down, that is, the dead time after which the neighbor relationship becomes
invalid, is four times the interval for sending Hello packets. If the switch does not receive a Hello
packet from its neighbor within the dead time, the switch deletes the neighbor. That is, the
switch detects the neighbor faults in seconds. This causes a large number of packets to be lost
on a high-speed network.
Bidirectional Forwarding Detection (BFD) is introduced to solve the preceding problem in the
existing detection mechanism. BFD ensures the detection interval in milliseconds. Instead of
replacing the Hello mechanism of OSPF, BFD works with OSPF to fast detect the adjacency
fault. In addition, BFD instructs OSPF to recalculate corresponding routes for correct packet
forwarding.
OSPF supports the dynamic establishment or deletion of BFD sessions on broadcast, P2P, P2MP,
or NBMA links.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
97
Smart-discover
Generally, the switch periodically sends Hello packets through OSPF interfaces. By exchanging
Hello packets, the switchs establish and maintain the neighbor relationship, and elect the DR
and the Backup Designated Router (BDR) on the multi-access network (broadcast or NBMA
network). During the establishment of the neighbor relationship or the election of the DR and
the BDR on the multi-access network, interfaces send Hello packets only when the Hello timer
expires. This affects the speed of establishing the neighbor relationship or electing the DR and
the BDR.
NOTE
l The interval for an interface to send Hello packets depends on the configured interval for sending Hello
packets on the interface.
l The default value of the interval for sending Hello packets varies with the network type.
Configuring Smart-discover can solve the preceding problem.
l On a broadcast or NBMA network, the neighbor relationship can be established rapidly,
and a DR and a BDR on the network can be elected rapidly.
When the neighbor status becomes 2-way for the first time or returns to Init from the
2-way or higher state shown in Figure 4-2, the interface enabled with Smart-discover
sends Hello packets to a neighbor without waiting for the timeout of the Hello timer
when detecting that the neighbor status changes.
Figure 4-2 Changes of the neighbor state machine

When the interface status of the DR or the BDR on the multi-access network changes,
the interface enabled with Smart-discover sends Hello packets to the network segment
and then participates in the DR or BDR election.
l On a P2P or P2MP network, the adjacency can be established rapidly. The principle of
establishing adjacencies on a P2P and P2MP network is the same as that on a broadcast or
NBMA network.
OSPF VPN Multi-instance
OSPF supports multi-instance, which can run between Provider Edges (PEs) and Customer
Edges (CEs) on VPNs.
On a VPN, many sites of one VPN can use OSPF as the internal routing protocol. The sites,
however, are handled as being from different ASs. In this manner, the OSPF routes learned on
one site are transmitted as external routes to another site. This results in heavy OSPF traffic and
some originally avoidable problems of network management.
In the implementation of the switch, you can configure domain IDs on PEs to differentiate the
VPNs where different sites reside. Different sites in one VPN consider that they are connected
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
98
directly. In this case, PEs exchange OSPF routing information as if they were directly connected
through a leased line. This improves network management and effectively uses OSPF.
NOTE
For detailed configuration of OSPF VPN multi-instance, refer to the CloudEngine 6800&5800 Series
Switches Configuration Guide - VPN.
Synchronization Between OSPF and LDP
On a network with primary and backup links, when the primary link becomes faulty, traffic is
switched from the primary link to the backup link. In this process, traffic is interrupted in a short
time. After the primary link recovers, traffic is switched back from the backup link to the primary
link. In this process, traffic is interrupted in a comparatively long time.
Configuring synchronization between OSPF and LDP can ensure millisecond-level traffic
interruption when traffic is switched back from the backup link to the primary link.
The principle of synchronization between OSPF and LDP is to delay route switchback by
suppressing the establishment of the OSPF neighbor relationship until LDP convergence is
complete. That is, before an LSP is established on the primary link, the backup link continues
forwarding traffic. The backup link is deleted after the LSP is established on the primary link.
GTSM
The Generalized TTL Security Mechanism (GTSM) protects services above the IP layer against
attacks by checking whether the Time-to-Live (TTL) value in the IP header is within a specified
range. In applications, the GTSM is mainly used to protect the TCP/IP-based control plane,
including routing protocols, against attacks of the CPU-utilization type, such as CPU overload.
NOTE
For detailed configuration of OSPF GTSM, refer to the CloudEngine 6800&5800 Series Switches
Configuration Guide - Security.
OSPF Fast Convergence
OSPF fast convergence is an extended feature of OSPF implemented to speed up route
convergence, which has the following functions:
l Supports OSPF Smart-discover.
l Supports partial route calculation (PRC).
l Controls the generation and receiving of LSAs through the intelligent timer.
l Controls route calculation through the intelligent timer.
l Fast convergence by priority of routes.
4.3 Default Configuration
This section describes the default configuration of OSPF, which can be changed according to
network requirements.
Table 4-2 describes the default configuration of OSPF.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
99
Table 4-2 Default configuration of OSPF
Parameter Default Setting
OSPF Disabled
The interval of sending Hello
packets
By default, for the interface of P2P and Broadcast type,
the interval for sending Hello packets is 10 seconds; for
the interface of NBMA type, it is 30 seconds.
The dead interval of the OSPF
neighbor
By default, for the interface of P2P and Broadcast, the
dead interval for the OSPF neighbors is 40 seconds; for
that of NBMA, it is 120 seconds.
The period during which a
device keeps acting as a stub
router.
500 seconds.
The bandwidth reference value
used to calculate the link cost.
100 Mbit/s

4.4 Configuring Basic OSPF Functions
Before building OSPF networks, you need to configure basic OSPF functions.
Pre-configuration Tasks
Before configuring basic OSPF functions, complete the following tasks:
l Configuring IP addresses for interfaces to ensure that neighboring nodes are reachable at
the network layer
Configuration Procedures
Figure 4-3 Flowchart of configuring basic OSPF functions
Create an OSPF area
Enable OSPF
Mandatory
procedure
Optional
procedure
Create an OSPF process
4.4.1 Creating an OSPF Process
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
100
Context
To run OSPF, the switch needs to have a router ID. A router ID of the switch is a 32-bit unsigned
integer, which uniquely identifies the switch in an AS. To ensure the stability of OSPF, you need
to manually configure a router ID for each device during network planning.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ]
*
An OSPF process is created, and the OSPF view is displayed.
l The parameter process-id specifies the ID of an OSPF process. The default value is 1.
The switch supports OSPF multi-process. You can create different processes for different
types of service. The OSPF process ID is valid in the local area, without affecting packet
exchange with other switchs. Therefore, different switchs can also exchange packets even
though they have different process IDs.
l The parameter router-id router-id specifies the router ID of the switch.
By default, the system automatically selects the largest IP address of the interface as the
router ID. When manually setting a router ID, ensure that the router ID of each device in an
AS is unique. Generally, you can set the router ID to be the same as the IP address of a certain
interface on the device.
NOTE
The router ID of each OSPF process must be unique on the OSPF network; otherwise, the OSPF
neighbor relationship cannot be set up and routing information is incorrect. Configuring a unique router
ID for each OSPF process on each OSPF device is recommended.
l The parameter vpn-instance vpn-instance-name specifies the name of a VPN instance.
If a VPN instance is specified, the OSPF process belongs to the specified VPN instance.
Otherwise, the OSPF process belongs to the public network instances.
Step 3 Run:
commit
The configuration is committed.
----End
4.4.2 Creating an OSPF Area
Context
More and more devices are deployed with the increasing expansion of the network scale. As a
result, each device has to maintain a large LSDB, which becomes a heavy burden. OSPF solves
this problem by dividing an AS into areas. An area is regarded as a logical device group. Each
group is identified by an area ID. The borders of an area are devices, rather than links. A network
segment (or a link) belongs to only one area. That is, each OSPF interface must belong to an
area.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
101
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ]
*
The OSPF process is enabled, and the OSPF view is displayed.
Step 3 Run:
area area-id
The OSPF area view is displayed.
Areas are not equally important. The area with the area ID being 0 is called the backbone area.
The backbone area is responsible for forwarding inter-area routing information. In addition,
routing information between non-backbone areas must be forwarded through the backbone area.
Step 4 Run:
commit
The configuration is committed.
----End
4.4.3 Enable OSPF
Context
After creating an OSPF process, you need to configure the network segments included in an
area. A network segment belongs to only one area. That is, you need to specify an area for each
interface that runs OSPF. In this document, the network segment refers to the network segment
to which the IP address of the OSPF interface belongs.
OSPF checks the network mask carried in a received Hello packets. If the network mask carried
in a received Hello packet is different from the network mask of the local device, the Hello
packet is discarded. Then no OSPF neighbor relationship can be established.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ospf [ process-id ]
The OSPF process view is displayed.
Step 3 Run:
area area-id
The OSPF area view is displayed.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
102
OSPF can be enabled in an OSPF area or on a specific interface.
l Enable OSPF in an OSPF area.
1. Run:
network ip-address wildcard-mask
Network segments belonging to an area are configured.
OSPF can properly run on an interface only when the following conditions are met:
l The IP address mask length of the interface is equal to or greater than the mask length
specified in the network command.
l The primary IP address of the interface must be within the network segment specified
by the network command.
By default, OSPF advertises the IP address of the loopback interface as a 32-bit host route,
which is irrelevant to the mask length configured on the loopback interface. To advertise
routes to the network segment of the loopback interface, configure the network type as
NBMA or broadcast in the interface view. For details, see Configuring Network Types
of OSPF Interfaces.
l Enable OSPF on an interface.
1. Run the following command in the system view:
interface interface-type interface-number
The interface view is displayed.
2. Run:
ospf enable process-id area area-id
OSPF is enabled on the interface.
Step 4 Run:
commit
The configuration is committed.
----End
4.4.4 Checking the Configuration
Prerequisites
All configurations of basic OSPF functions are complete.
Procedure
l Run the display ospf [ process-id ] peer command in any view to check information about
OSPF neighbors.
l Run the display ospf [ process-id ] interface command in any view to check information
about OSPF interfaces.
l Run the display ospf [ process-id ] routing command in any view to check information
about the OSPF routing table.
----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
103
4.5 Setting Parameters for OSPF Neighbor Relationship
On an OSPF network, all routing information is transmitted and exchanged between neighboring
or adjacent devices. By maintaining neighbor relationships or adjacencies, you can stabilize the
entire network.
Pre-configuration Tasks
Before configuring session parameters for the OSPF neighbor or adjacency relationship,
complete the following tasks:
l Configuring a link layer protocol
l Configuring IP addresses for interfaces to ensure that neighboring nodes are reachable at
the network layer
l 4.4 Configuring Basic OSPF Functions
Configuration Procedures
You can choose one or several configuration tasks (excluding "Checking the Configuration") as
required.
4.5.1 Setting the OSPF Packet Retransmission Limit
Context
After an OSPF switch sends one of the following packets, if it does not receive the LSAck packet
within a specified time, it retransmits the packet. After the number of packet retransmissions
reaches the set limit, the OSPF switch tears down the adjacency relationship with its neighbor.
l DD packets
l LSU packets
l LSR packets
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ospf [ process-id ]
The OSPF view is displayed.
Step 3 Run:
retransmission-limit [ max-number ]
The OSPF packet retransmission limit is set.
By default, the OSPF packet retransmission limit is not set. The default maximum number of
packet retransmissions is 30.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
104
Step 4 Run:
commit
The configuration is committed.
----End
4.5.2 Configuring an Interface to Fill in the DD Packet with the
Actual MTU
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The OSPF interface view is displayed.
Step 3 Run:
ospf mtu-enable
The interface is configured to fill in the DD packet with the actual MTU and check whether the
MTU in the DD packet from the neighbor exceeds the MTU of the local end.
By default, the MTU in the DD packet sent by an interface is 0.
CAUTION
Setting the MTU in a DD packet will lead to the reestablishment of the neighbor relationship.
Step 4 Run:
commit
The configuration is committed.
----End
4.5.3 Checking the Configuration
Prerequisites
All configurations of session parameters of the OSPF neighbor or adjacency relationship are
complete.
Procedure
l Run the display ospf [ process-id ] peer command to check information about OSPF
neighbors.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
105
l Run the display ospf [ process-id ] brief command to check brief information about the
specified OSPF process.
l Run the display ospf [ process-id ] retrans-queue [ interface-type interface-number ]
[ neighbor-id] command to check the OSPF retransmission list.
----End
4.6 Configuring OSPF Attributes in Different Types of
Networks
By setting network types for OSPF interfaces and adjusting OSPF attributes, you can build OSPF
networks flexibly.
Applicable Environment
According to the types of link layer protocols, OSPF classifies networks into the following types:
l P2MP: There is no concept of P2MP in link layer protocols. Therefore, a P2MP network
must be forcibly changed from other network types.
l NBMA: If the link layer protocol is FR, X.25, OSPF defaults the network type to NBMA.
l Broadcast: If the link layer protocol is Ethernet or FDDI, OSPF defaults the network type
to broadcast.
l P2P: If the link layer protocol is PPP, HDLC, or LAPB, OSPF defaults the network type
to P2P.
When link layer protocols remain unchanged, you can change network types and configure OSPF
features to flexibly build networks.
Pre-configuration Tasks
Before configuring OSPF attributes in different types of networks, complete the following tasks:
l Configuring IP addresses for interfaces to ensure that neighboring nodes are reachable at
the network layer
l 4.4 Configuring Basic OSPF Functions
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
106
Configuration Procedures
Figure 4-4 Flowchart of configuring OSPF attributes in different types of networks
For an NBMA network For a P2MP network
Set the network type
of the OSPF interface
to P2MP
Set the interval for
sending poll packets
Configure neighbors
Disable OSPF from
checking the network
mask
Set the network type
of the OSPF interface
to NBMA
For a broadcast network
Set the network type
of the OSPF interface
to broadcast
Set the DR Priority for
the OSPF interface
Set the DR priority for
the OSPF interface
For a P2P network
Set the network type
of the OSPF interface
to P2P
Mandatory
procedure
Optional
procedure

4.6.1 Configuring Network Types of OSPF Interfaces
Context
You can configure one of the following network types for an interface as required:
l P2MP: There is no concept of P2MP in link layer protocols. Therefore, a P2MP network
must be forcibly changed from other network types.
l NBMA: An NBMA network must be fully meshed. That is, any two switches on the NBMA
network must be directly reachable. In most cases, however, this requirement cannot be
met. In this case, you need to forcibly change the network type through commands.
l Broadcast: To speed up the establishment of the neighbor relationship, you can change the
network type of broadcast to P2P network.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The OSPF interface view is displayed.
Step 3 Run:
ospf network-type { broadcast | nbma | p2mp | p2p }
The network type of the OSPF interface is configured.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
107
By default, the network type of an interface depends on the physical interface. The network type
of an Ethernet interface is broadcast.
Configuring the new network type for an interface will cause the OSPF session on the interface
to be reestablished.
NOTE
Generally, the network types of OSPF interfaces on both ends of a link must be the same. Otherwise, routes
cannot be correctly calculated.
Step 4 Run:
commit
The configuration is committed.
----End
4.6.2 (Optional) Setting the DR Priority for the OSPF Interface of
the Broadcast or NBMA Network Type
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The OSPF interface view is displayed.
Step 3 Run:
ospf dr-priority priority
The DR priority of the OSPF interface is set. The greater the value, the higher the priority.
By default, the DR priority of an interface is 1.
Step 4 Run:
commit
The configuration is committed.
----End
Follow-up Procedure
CAUTION
Restarting or shutting down the current interface will interrupt the OSPF adjacency relationship
between devices. Therefore, perform the operation with caution.
Reconfiguring the DR priority for a device does not change the DR or BDR on a network. You
can reelect a DR or BDR by using the following methods. This, however, will result in the
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
108
interruption of the OSPF adjacency relationship between devices. Therefore, the following
methods are used only when necessary.
l Restart the OSPF processes on all the switchs.
l Run the shutdown and then undo shutdown commands on the interfaces where the OSPF
adjacency relationship is established.
4.6.3 (Optional) Disabling the Function of Checking the Network
Mask on a P2MP Network
Context
OSPF needs to check the network mask in the received Hello packet. When receiving a Hello
packet that carries a different network mask from that of the local device, OSPF discards the
Hello packet. To establish the OSPF neighbor relationship on a P2MP network, you need to
disable OSPF from checking the network mask.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The OSPF interface view is displayed.
Step 3 Run:
ospf network-type p2mp
The network type of the OSPF interface is configured as P2MP.
Step 4 Run:
ospf p2mp-mask-ignore
OSPF is disabled from checking the network mask on the P2MP network.
Step 5 Run:
commit
The configuration is committed.
----End
4.6.4 Configuring Neighbors for NBMA Networks
Procedure
Step 1 Run:
system-view
The system view is displayed.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
109
Step 2 Run:
ospf [ process-id ]
The OSPF process view is displayed.
Step 3 Run:
peer ip-address [ dr-priority priority ]
Neighbors are configured on an NBMA network.
l The parameter ip-address specifies the IP address of a neighbor.
l The parameter dr-priority priority specifies the DR priority of the neighbor. The greater the
value, the higher the priority.
Step 4 Run:
commit
The configuration is committed.
----End
4.6.5 (Optional) Configuring the Interval for Sending Poll Packets
in NBMA Networks
Context
On an NBMA network, devices establish neighbor relationships with adjacencies by sending
Hello packets.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The OSPF interface view is displayed.
Step 3 Run:
ospf timer poll interval
The interval for sending Poll packets on the NBMA interface is set.
The parameter interval specifies the polling interval for sending Hello packets.
Step 4 Run:
commit
The configuration is committed.
----End
4.6.6 Checking the Configuration
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
110
Prerequisites
All configurations of OSPF attributes in different types of network are complete.
Procedure
l Run the display ospf [ process-id ] interface command to check information about OSPF
interfaces.
l Run the display ospf [ process-id ] peer command to check information about OSPF
neighbors.
l Run the display ospf brief command to check the interval for sending Hello packets on an
NBMA network.
----End
4.7 Configuring OSPF Stub Areas
By configuring non-backbone areas at the edge of ASs as stub areas, you can reduce the size of
the routing table and reduce the number of LSAs to be transmitted.
Applicable Environment
Dividing an AS into different areas can reduce the number of LSAs to be transmitted on the
network and enhance OSPF extensibility. For some non-backbone areas at the edge of ASs, you
can configure these areas as stub areas to further reduce the size of the routing table and the
number of transmitted LSAs.
Pre-configuration Tasks
Before configuring OSPF stub areas, complete the following tasks:
l Configuring IP addresses for interfaces to ensure that neighboring nodes are reachable at
the network layer
l 4.4 Configuring Basic OSPF Functions
Configuration Procedures
Figure 4-5 Flowchart of configuring OSPF stub areas
Configure OSPF stub areas
Configure metrics of default routes
sent to stub areas
Mandatory
procedure
Optional
procedure
4.7.1 Defining the Current Area to be a Stub Area
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
111
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ospf [ process-id ]
The OSPF process view is displayed.
Step 3 Run:
area area-id
The OSPF area view is displayed.
Step 4 Run:
stub [ no-summary ]
The current area is configured as a stub area.
If the parameter no-summary is specified, it indicates that an ABR is disabled from sending
summary LSAs to a stub area. To disable an ABR from sending summary LSAs to a stub area,
you can specify the parameter no-summary in the stub only when the stub command is
configured on the ABR.
To configure an area as a stub area, you need to run the stub command on all the switchs in this
area.
AS external routes in Type 5 LSAs cannot be advertised in a stub area. Therefore, the switchs
in the stub area learn AS external routes from an ABR. The ABR automatically generates a Type
3 summary LSA with the link state ID being 0.0.0.0 and the network mask being 0.0.0.0 and
then advertises the LSA in the entire stub area.
Step 5 Run:
commit
The configuration is committed.
----End
4.7.2 (Optional) Configuring Metrics of Default Routes Sent to Stub
Areas
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ospf [ process-id ]
The OSPF process view is displayed.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
112
Step 3 Run:
area area-id
The OSPF area view is displayed.
Step 4 Run:
stub [ no-summary ]
The current area is configured as a stub area.
Step 5 Run:
default-cost cost
The cost of the default route to the stub area is set.
The parameter cost specifies the cost of the Type 3 default route to a stub area. The default value
is 1.
This command applies to only the ABR that is connected to a stub area.
Step 6 Run:
commit
The configuration is committed.
----End
4.7.3 Checking the Configuration
Prerequisites
All configurations of OSPF stub areas are complete.
Procedure
l Run the display ospf [ process-id ] peer command to check information about OSPF
neighbors.
l Run the display ospf [ process-id ] routing command to check information about the OSPF
routing table.
----End
4.8 Configuring OSPF NSSA Areas
Configuring a non-backbone area on the border of an autonomous system (AS) as a not-so-
stubby area (NSSA) can reduce entries in the routing table and the amount of routing information
to be transmitted. This section describes how to set the cost of the default route to an NSSA and
adjust the selection of the default route.
Applicable Environment
An excessive number of entries in a routing table wastes network resources and causes high
central processing unit (CPU) usage. To reduce entries in a routing table, configure a non-
backbone area on the border of an AS as a stub area or an NSSA to reduce the amount of routing
information to be transmitted. For details on how to configure an OSPF stub area, see 4.7
Configuring OSPF Stub Areas.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
113
An NSSA is a new type of Open Shortest Path First area. Neither the NSSA nor the stub area
transmits routes learned from other areas in the AS where it resides. Different from the stub area,
the NSSA allows AS external routes to be imported and forwarded in the entire AS.
An OSPF stub area can save system resources, but cannot import external routes. An NSSA can
be applied to a scenario in which AS external routes are to be imported but not forwarded to
save system resources.
Type 7 link state advertisements (LSAs) are used to carry imported AS external routing
information in the NSSA. Type 7 LSAs are generated by autonomous system border routers
(ASBRs) of NSSAs and flooded only in the NSSAs where ASBRs reside. The area border router
(ABR) in an NSSA selects Type 7 LSAs from the received LSAs and translates them into Type
5 LSAs to advertise AS external routes to the other areas over the OSPF network.
NOTE
l A Type 7 LSA is a new type of LSA that has been introduced to support NSSAs and describe imported
external routes.
l Type 7 LSAs can be used to carry default route information to guide traffic to other ASs.
If an area needs to be configured as an NSSA, NSSA attributes must be configured on all the
switchs in this area.
Pre-configuration Tasks
Before configuring an NSSA, complete the following tasks:
l Configuring IP addresses for interfaces to ensure that neighboring switchs are reachable at
the network layer
l 4.4 Configuring Basic OSPF Functions
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ospf [ process-id ]
The OSPF process view is displayed.
Step 3 Run:
area area-id
The OSPF area view is displayed.
Step 4 Run:
nssa [ default-route-advertise | no-import-route | no-summary | set-n-bit |
suppress-forwarding-address | translator-always | translator-interval interval-
value | zero-address-forwarding ]
*
The specified area is configured as an NSSA.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
114
NOTE
l NSSA attributes must be configured on all switchs in the NSSA using the nssa command.
l Configuring or deleting NSSA attributes may trigger routing update in the area and disconnection from
neighbors. A second configuration of NSSA attributes can be implemented or canceled only after a
routing update is complete.
The nssa command is applicable to the following scenarios:
l The default-route-advertise parameter is configured to advertise Type 7 LSAs carrying the
default route on the ASBR to the NSSA.
Regardless of whether the default route 0.0.0.0/0 exists in the routing table on the ABR, Type
7 LSAs carrying the default route will be generated. However, Type 7 LSAs carrying the
default route will be generated only when the default route 0.0.0.0/0 exists in the routing
table on the ASBR.
l If an ASBR also functions as an ABR, the no-import-route parameter is configured to
prevent external routes imported using the import-route command from being advertised
to the NSSA.
l The no-summary parameter is configured on an ABR to reduce the number of LSAs that
are transmitted to the NSSA. This implementation prevents the ABR from transmitting Type
3 LSAs to the NSSA.
l After the set-n-bit parameter is configured, the N-bit is set in the database description (DD)
packets during the synchronization between the switch and neighboring switchs.
l The suppress-forwarding-address parameter sets the forwarding address (FA) of the Type
5 LSAs translated from Type 7 LSAs by the NSSA ABR to 0.0.0.0.
l If multiple ABRs are deployed in the NSSA, the system automatically selects an ABR
(generally the switch with the largest router ID) as a translator to convert Type 7 LSAs into
Type 5 LSAs. You can configure the translator-always parameter on an ABR to specify the
ABR as an all-the-time translator. To specify two ABRs for load balancing, configure the
translator-always parameter on the chosen ABRs to specify the ABRs as all-the-time
translators. You can use this command to pre-configure a fixed translator to prevent LSA
flooding caused by translator role changes.
l The translator-interval parameter is used to ensure uninterrupted services when translator
roles change. The value of interval-value must be greater than the flooding period.
l The zero-address-forwarding parameter is used to set the FA of the generated NSSA LSAs
to 0.0.0.0 when external routes are imported to the ABR in an NSSA.
Step 5 (Optional) Run:
default-cost cost
The cost of the default route on which Type 3 LSAs are transmitted to the NSSA by the ABR
is set.
To ensure the reachability of AS external routes, the ABR in the NSSA generates a default route
and advertises this route to the other switchs in the NSSA. The cost of the default route to an
NSSA is set and the selection of the default route is adjusted.
By default, the cost of the default route to the NSSA by the ABR is 1.
Step 6 Run:
commit
The configuration is committed.
----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
115
Checking the Configuration
Run either of the following commands to check LSDB information:
l display ospf [ process-id ] lsdb [ brief ]
l display ospf [ process-id ] lsdb [ router | network | summary | asbr | ase | nssa | opaque-
link | opaque-area ] [ link-state-id ] hostname hostname [ age { min-value min-age-
value | max-value max-age-value }
*
]
l display ospf [ process-id ] lsdb [ router | network | summary | asbr | ase | nssa | opaque-
link | opaque-area ] [ link-state-id ] [ originate-router [ advertising-router-id ] | self-
originate ] [ age { min-value min-age-value | max-value max-age-value }
*
] [ resolve-
hostname ]
Run either of the following commands to check routing table information:
l display ospf [ process-id ] routing [ ip-address [ mask | mask-length ] ] [ interface
interface-type interface-number ] [ nexthop nexthop-address ]
l display ospf [ process-id ] routing router-id [ router-id ]
Run the display ospf [ process-id ] interface [ all | interface-type interface-number ]
[ verbose ] command to check OSPF interface information.
4.9 Adjusting OSPF Route Selection
By adjusting OSPF route selection, you can enable OSPF to meet the requirements of complex
networks.
Applicable Environment
On complex networks, you can adjust OSPF parameters to flexibly adjust the networking and
optimize load balancing.
Pre-configuration Tasks
Before adjusting OSPF route selection, complete the following tasks:
l Configuring IP addresses for interfaces to ensure that neighboring nodes are reachable at
the network layer
l 4.4 Configuring Basic OSPF Functions
Configuration Procedures
You can choose one or several configuration tasks (excluding "Checking the Configuration") as
required.
4.9.1 Setting the Link Cost for an OSPF Interface
Context
OSPF can automatically calculate the link cost for an interface according to the interface
bandwidth. You can also set the link cost for the interface through commands.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
116
If you do not set the cost of an OSPF interface by using the ospf cost cost command, OSPF
automatically calculates the cost of the interface according to the interface bandwidth. The
calculation formula is as follows: Cost of the interface = Bandwidth reference value/Interface
bandwidth. The integer of the calculated result is the cost of the interface. If the calculated result
is smaller than 1, the cost value is 1. Changing the bandwidth reference value can change the
cost of an interface.
Procedure
l Setting the link cost for an OSPF interface
1. Run:
system-view
The system view is displayed.
2. Run:
interface interface-type interface-number
The OSPF interface view is displayed.
3. Run:
ospf cost cost
The cost of the OSPF interface is set.
4. Run:
commit
The configuration is committed.
l Setting the bandwidth reference value
1. Run:
system-view
The system view is displayed.
2. Run:
ospf [ process-id ]
The OSPF process view is displayed.
3. Run:
bandwidth-reference value
The bandwidth reference value is set.
The parameter value specifies the bandwidth reference value used to calculate the link
cost, in Mbit/s.
4. Run:
commit
The configuration is committed.
----End
4.9.2 Setting the Preference for Equal-cost OSPF Routes
Context
After OSPF calculates equal-cost routes, you can run the nexthop command to select the route
with the highest priority from the equal-cost routes as the next hop. The smaller the weight, the
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
117
higher the priority of the route. The default weight is 255. OSPF discovers equal-cost routes and
the number of equal-cost routes is smaller than that specified in the maximum load-
balancing number command. In this case, OSPF traffic will be balanced among these equal-
cost routes.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ospf [ process-id ]
The OSPF process view is displayed.
Step 3 Run:
nexthop ip-address weight value
The preference is set for equal-cost routes.
l The parameter ip-address specifies the next-hop address of the equal-cost route.
l The parameter value specifies the weight of the next hop. The default value is 255. The
smaller the weight, the higher the priority of the route.
Step 4 Run:
commit
The configuration is committed.
----End
4.9.3 Setting the Maximum Number of Equal-Cost Routes
Context
The CE series switches support load balancing among equal-cost routes. That is, you can
configure multiple routes, which have the same destination and preference.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ospf [ process-id ]
The OSPF process view is displayed.
Step 3 Run:
maximum load-balancing number
The maximum number of equal-cost routes is set.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
118
NOTE
When the number of equal-cost routes is greater than number specified in the maximum load-
balancing command, valid routes are selected for load balancing based on the following criteria:
1. Route preference: Routes with higher preferences are selected for load balancing.
2. Interface index: If routes have the same priorities, routes with higher interface index values are selected
for load balancing.
3. Next hop IP address: If routes have the same priorities and interface index values, routes with larger
IP address are selected for load balancing.
Step 4 Run:
commit
The configuration is committed.
----End
4.9.4 Configuring External Route Selection Rules Compatible with
RFC 1583
Context
All devices in an OSPF routing domain must be configured with the same route selection rule.
At present, most OSPF routing domains adopt the route selection rules defined in RFC 2328.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ospf [ process-id ]
The OSPF process view is displayed.
Step 3 (Optional)Run:
rfc1583 compatible
The external route selection rules, which are compatible with RFC 1583, are configured.
By default, the routing rule of compatible 1583 is enabled.
NOTE
On a network, if OSPF switchs have different configurations of the external route selection rules compatible
with RFC 1583, external loops may occur.
Step 4 Run:
commit
The configuration is committed.
----End
4.9.5 Checking the Configuration
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
119
Prerequisites
All configurations of adjusting OSPF route selection are complete.
Procedure
l Run the display ospf [ process-id ] interface command to check information about OSPF
interfaces.
l Run the display ospf [ process-id ] routing command to check information about the OSPF
routing table.
----End
4.10 Controlling OSPF Routing Information
This section describes how to control OSPF routing information. Detailed operations include
importing external routes, and filtering the received routes and LSAs.
Pre-configuration Tasks
Before controlling OSPF routing information, complete the following tasks:
l Configuring IP addresses for interfaces to ensure that neighboring nodes are reachable at
the network layer
l 4.4 Configuring Basic OSPF Functions
Configuration Procedures
You can choose one or several configuration tasks (excluding "Checking the Configuration") as
required.
4.10.1 Configuring OSPF to Import External Routes
Context
OSPF can ensure loop-free intra-area routes and inter-area routes; however, OSPF cannot protect
external routes against loops. Therefore, when configuring OSPF to import external routes, avoid
the loops caused by manual configurations.
Do as follows on the switch that functions as the ASBR running OSPF:
Procedure
l Configuring OSPF to import the routes discovered by other protocols
1. Run:
system-view
The system view is displayed.
2. Run:
ospf [ process-id ]
The OSPF process view is displayed.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
120
3. Run:
import-route { protocol [ process-id ] [ cost cost | route-policy route-
policy-name | tag tag | type type ]
*
}
The routes discovered by other protocols are imported.
The parameter protocol specifies the routing protocol whose routes are imported.
It can be direct, static, rip, ospf, isis, or bgp.
The parameter process-id specifies the process ID of the protocol whose routes are
imported. The default value is 1.
The parameter cost cost specifies the cost of a route.
The parameter type type specifies the type of the metric. It can be 1 or 2.
The parameter tag tag specifies the tag in the external LSA.
The parameter route-policy route-policy-name indicates that the matching rules
of the specified routing policy are applied.
4. Run:
commit
The configuration is committed.
l Setting parameters for OSPF to import routes
1. Run:
system-view
The system view is displayed.
2. Run:
ospf [ process-id ]
The OSPF process view is displayed.
3. Run:
default { cost { cost-value | inherit-metric } | tag tag | type type }
*
The default values of parameters (the metric of routes, tag, and type) are set for
importing routes.
The parameter cost cost-value specifies the default metric of the external route
imported by OSPF.
The parameter inherit-metric indicates that the cost of the imported route is the
cost carried in the route. If the cost is not specified, the default cost set through the
default command is used as the cost of the imported route.
When OSPF imports external routes, you can set default values for some additional
parameters, such as the metric of routes to be imported, route tag, and route type. The
route tag is used to identify the protocol-related information. For example, it can be
used to differentiate AS numbers when OSPF receives BGP routes.
By default, the default metric of the external routes imported by OSPF is 1; the type
of the imported external routes is Type 2; the default tag value is 1.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
121
NOTE
You can run one of the following commands to set the cost of the imported route. The following
commands are listed in descending order of priority:
l Run the apply cost command in a route-policy to set the cost of the imported route.
l Run the import-route command for OSPF to set the cost of the imported route.
l Run the default command to set the default cost of the imported route.
4. Run:
commit
The configuration is committed.
----End
4.10.2 Configuring OSPF to Advertise the Default Route to the
OSPF Area
Context
In a routing table, a default route is the route to the network 0.0.0.0 (with the mask being 0.0.0.0).
You can check whether the default route is configured by using the display ip routing-table
command. If the destination address of a packet does not match any entry in the routing table,
the packet is sent through a default route. If no default route exists and the destination address
of the packet does not match any entry in the routing table, the packet is discarded. An Internet
Control Message Protocol (ICMP) packet is then sent, informing the originating host that the
destination host or network is unreachable.
Procedure
l Configuring OSPF to Advertise the Default Route to the OSPF Area
1. Run:
system-view
The system view is displayed.
2. Run:
ospf [ process-id ]
The OSPF process view is displayed.
3. Run the following commands as required:
Run:
default-route-advertise [ [ always | permit-calculate-other ] | cost
cost | type type | route-policy route-policy-name | distribute-delay
delay-time ]
*
OSPF is configured to advertise the default route to the OSPF area.
always indicates that an LSA describing the default route is generated and then
advertised regardless of whether there are the active default routes of other
OSPF processes in the routing table of the local device.
permit-calculate-other indicates that the local router is still allowed to
calculate the default routes advertised by other switchs after adverting its
default route.
route-policy route-policy-name indicates that the local device advertises
default routes according to the parameters of the configured routing policy
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
122
when there are matched default routing entries generated by other OSPF
processes.
Run:
default-route-advertise summary cost cost
The default cost of a Type 3 summary LSA is set.
Before selecting the preceding parameters, you need to configure VPN. Otherwise,
this command cannot be run.
NOTE
l An ASE LSA that describes the default route is generated and then advertised only when
there are active default routes of other OSPF processes in the routing table of the local
device.
l Before advertising a default route, OSPF compares the preferences of default routes.
Therefore, if a static default route is configured on an OSPF switch, to add the default route
advertised by OSPF to the current routing table, ensure that the preference of the configured
static default route is lower than that of the default route advertised by OSPF.
4. Run:
commit
The configuration is committed.
----End
4.10.3 Configuring OSPF Route Aggregation
Context
Do as follows on the OSPF router.
Procedure
l Configuring ABR Route Aggregation
Do as follows on the OSPF ABR:
1. Run:
system-view
The system view is displayed.
2. Run:
ospf [ process-id ]
The OSPF process view is displayed.
3. Run:
area area-id
The OSPF area view is displayed.
4. Run:
abr-summary ip-address mask [ [ advertise | not-advertise ] | cost cost ]
*
ABR route aggregation of OSPF is configured.
5. Run:
commit
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
123
The configuration is committed.
l Configuring ASBR Route Aggregation
Do as follows on the OSPF ASBR:
1. Run:
system-view
The system view is displayed.
2. Run:
ospf [ process-id ]
The OSPF process view is displayed.
3. Run:
asbr-summary ip-address mask [ not-advertise | tag tag | cost cost |
distribute-delay interval ] *
ASBR route aggregation of OSPF is configured.
4. Run:
commit
The configuration is committed.
----End
4.10.4 Configuring OSPF to Filter the Received Routes
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ospf [ process-id ]
The OSPF process view is displayed.
Step 3 Run:
filter-policy { acl-number | acl-name acl-name | ip-prefix ip-prefix-name | route-
policy route-policy-name [ secondary ] } import
OSPF is configured to filter the received routes.
l The parameter acl-number specifies the number of a basic ACL.
l The parameter acl-name acl-name specifies the name of an ACL.
l The parameter ip-prefix ip-prefix-name specifies the name of an IP prefix list.
OSPF is a link-state dynamic routing protocol, with routing information carried in the LSA.
Therefore, the filter-policy import command cannot be used to filter the advertised or received
LSAs.
The filter-policy import command is used to filter the routes calculated by OSPF. Only the
routes that pass the filtering are added to the routing table. Routes that do not pass the filtering
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
124
can not added to the OSPF routing table, but can be advertised. Therefore, the LSDB is not
affected regardless of whether the received routes pass the filtering.
Step 4 Run:
commit
The configuration is committed.
----End
4.10.5 Configuring OSPF to Filter the Routes to Be Advertised
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ospf [ process-id ]
The OSPF process view is displayed.
Step 3 Run:
filter-policy { acl-number | acl-name acl-name | ip-prefix ip-prefix-name } export
[ protocol [ process-id ] ]
OSPF is configured to filter the routes imported through the import-route command. Only the
routes that pass the filtering are advertised.
l The parameter acl-number specifies the number of a basic ACL.
l The parameter acl-name acl-name specifies the name of an ACL.
l The parameter ip-prefix ip-prefix-name specifies the name of an IP prefix list.
You can specify the parameter protocol [ process-id ] to filter the routes of a certain routing
protocol or a certain OSPF process. If protocol [ process-id ] is not specified, OSPF filters all
the imported routes.
NOTE
l The import-route command cannot be used to import external default routes.
l OSPF filters the imported routes, and generates Type 5 LSAs to advertise only external routes that
passing the filtering.
Step 4 Run:
commit
The configuration is committed.
----End
4.10.6 Configuring OSPF to Filter ABR Type3 LSA
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
125
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ospf [ process-id ]
The OSPF process view is displayed.
Step 3 Run:
area area-id
The OSPF area view is displayed.
Step 4 Depending on type of desired filtering, run one of following commands to configure OSPF to
filter the Type 3 LSAs generated by ABRs.:
OSPF is configured to filter the Type 3 LSAs generated by ABRs.
l Run:
filter { acl-number | acl-name acl-name | ip-prefix ip-prefix-name | route-
policy route-policy-name } export
The outgoing summary LSAs in the local area will be filtered.
l Run:
filter { acl-number | acl-name acl-name | ip-prefix ip-prefix-name | route-
policy route-policy-name } import
The incoming summary LSAs in the local area are to be filtered.
Step 5 Run:
commit
The configuration is committed.
----End
4.10.7 Checking the Configuration
Prerequisites
All configurations of controlling OSPF routing information are complete.
Procedure
l Run the display ospf [ process-id ] lsdb command to check information about the OSPF
LSDB.
----End
4.11 Configuring OSPF IP FRR
In the case of a link fault, a device enabled with OSPF IP FRR can fast switch traffic to the
backup link. This protects traffic and greatly improves the reliability of OSPF networks.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
126
Pre-configuration Tasks
Before configuring OSPF IP FRR, complete the following tasks:
l Configuring IP addresses for interfaces to ensure that neighboring nodes are reachable at
the network layer
l 4.4 Configuring Basic OSPF Functions
Configuration Procedures
Figure 4-6 Flowchart for configuring OSPF IP FRR
Enable OSPF IP FRR
Block FRR on a specified
OSPF interface
Mandatory
procedure
Optional
procedure

4.11.1 Enabling OSPF IP FRR
Context
FRR calculation consumes a large number of CPU resources. When there are import features
such as routing protocol, you need to delay FRR calculation.
After FRR calculation is delayed, devices process important services such as route calculation
first.
Do as follows on the switch that needs to protect traffic to be forwarded:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ospf [ process-id ] [ router-id router-id | vpn-instance vpn-instance-name ]
*
An OSPF process is started and the OSPF view is displayed.
Step 3 Run:
frr
The OSPF IP FRR view is displayed.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
127
Step 4 Run:
loop-free-alternate
OSPF IP FRR is enabled to generate a loop-free backup link.
NOTE
OSPF can generate a loop-free backup link only when the OSPF IP FRR traffic protection inequality is
met.
Step 5 Run:
commit
The configuration is committed.
----End
4.11.2 (Optional) Blocking FRR on an OSPF Interface
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The view of an OSPF interface enabled with FRR is displayed.
Step 3 Run:
ospf frr block
FRR is blocked on the OSPF interface.
Step 4 Run:
commit
The configuration is committed.
----End
4.11.3 Checking the Configuration
Prerequisites
All OSPF IP FRR configurations are complete.
Procedure
l Run the display ospf [ process-id ] routing command to check the information about the
primary link and backup link of a route after configuring OSPF IP FRR.
----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
128
4.12 Configuring BFD for OSPF
If there are high requirements for data transmission, and OSPF convergence needs to be speeded
up when the link status changes, you can configure BFD on OSPF links. After detecting a link
failure, BFD notifies the routing protocol of the failure, which triggers fast convergence. When
the neighbor relationship is Down, the BFD session is deleted dynamically.
Applicable Environment
The link fault or the topology change may cause devices to recalculate routes. Therefore, the
convergence of routing protocols must be speed up to improve the network performance.
Link faults are inevitable. Therefore, a feasible solution is required to fast detect faults and notify
routing protocols of the faults immediately. If BFD is associated with routing protocols, once a
link fault occurs, BFD can speed up the convergence of routing protocols.
Pre-configuration Tasks
Before configuring BFD for OSPF, complete the following tasks:
l Configuring IP addresses for interfaces to ensure that neighboring nodes are reachable at
the network layer
l 4.4 Configuring Basic OSPF Functions
Configuration Procedures
Figure 4-7 Flowchart of configuring BFD for OSPF
Configure BFD on the specified
interface
Configure global BFD
Configure BFD for OSPF
Prevent an interface from
dynamically setting up a BFD session
Mandatory
procedure
Optional
procedure
4.12.1 Configuring Global BFD
Procedure
Step 1 Run:
system-view
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
129
The system view is displayed.
Step 2 Run:
bfd
BFD is configured globally, and the global BFD view is displayed.
Step 3 Run:
commit
The configuration is committed.
----End
4.12.2 Configuring BFD for OSPF Feature
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ospf [ process-id ]
The OSPF view is displayed.
Step 3 Run:
bfd all-interfaces enable
BFD for OSPF is enabled to establish the BFD session.
If all the interfaces in a certain process are configured with BFD and their neighbor relationships
are in the Exstart state, OSPF establishes BFD sessions on all the interfaces in the process.
Run the bfd all-interfaces { min-rx-interval receive-interval | min-tx-interval transmit-
interval | detect-multiplier multiplier-value }
*
command to set parameters for BFD sessions.
l The parameter min-rx-interval receive-interval specifies the expected minimum interval for
receiving BFD packets from the neighbor.
l The parameter min-tx-interval transmit-interval specifies the minimum interval for sending
BFD packets to the neighbor.
l The parameter detect-multiplier multiplier-value specifies the local detection multiplier.
NOTE
If only the bfd all-interfaces { min-rx-interval receive-interval | min-tx-interval transmit-interval |
detect-multiplier multiplier-value }
*
command is run to set BFD parameters, and the bfd all-interfaces
enable command is not run, BFD cannot be enabled.
Step 4 Run:
commit
The configuration is committed.
----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
130
4.12.3 (Optional) Preventing an Interface from Dynamically Setting
Up a BFD Session
Context
After the bfd all-interfaces enable command is run in an OSPF process, BFD sessions can be
established on all the OSPF interfaces whose neighbor relationships are Full.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The view of the interface enabled with BFD for OSPF is displayed.
Step 3 Run:
ospf bfd block
The interface is prevented from dynamically establishing a BFD session.
Step 4 Run:
commit
The configuration is committed.
----End
4.12.4 (Optional) Configuring BFD on the Specified Interface
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The view of the interface enabled with BFD for OSPF is displayed.
Step 3 Run:
ospf bfd enable
BFD is enabled on the interface to establish the BFD session.
If all the interfaces in a certain process are configured with BFD and their neighbor relationships
are in the Exstart state, OSPF establishes BFD sessions on all the interfaces in the process by
using default BFD parameters.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
131
Run the ospf bfd { min-rx-interval receive-interval | min-tx-interval transmit- interval |
detect-multiplier multiplier-value }
*
command to set parameters for BFD sessions.
NOTE
l The BFD priority configured on an interface is higher than the BFD priority configured in a process.
That is, if BFD is enabled on an interface, BFD parameters on the interface are used to establish BFD
sessions.
l If only the ospf bfd { min-rx-interval receive-interval | min-tx-interval transmit- interval | detect-
multiplier multiplier-value }
*
command is run to set BFD parameters, and the ospf bfd enable
command is not run, BFD cannot be enabled on the interface.
Step 4 Run:
commit
The configuration is committed.
----End
4.12.5 Checking the Configuration
Prerequisites
All configurations of BFD for OSPF are complete.
Procedure
l Run one of the following commands to check the BFD session:
display ospf [process-id ] bfd session interface-type interface-number [ router-id ]
display ospf [process-id ] bfd session { router-id | all }
----End
4.13 Configuring OSPF Fast Convergence
By adjusting OSPF timers, you can implement OSPF fast network convergence.
Pre-configuration Tasks
Before configuring OSPF fast convergence, complete the following tasks:
l Configuring a link layer protocol
l Configuring IP addresses for interfaces to ensure that neighboring nodes are reachable at
the network layer
l 4.4 Configuring Basic OSPF Functions
Configuration Procedures
You can choose one or several configuration tasks (excluding "Checking the Configuration") as
required.
4.13.1 Setting the Convergence Priority of OSPF Routes
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
132
Context
With the integration of network services, different services such as data, voice, and video run
on the same network infrastructure, and have different requirements for the network. For Video
on Demand (VoD) services, the route convergence speed of the multicast source server is the
most critical factor that affects multicast services. It is required that the routes to the multicast
source should converge rapidly when network faults occur. On the BGP or MPLS VPN bearer
network where OSPF is used to implement the IP connectivity of the backbone network, end-
to-end routes between PEs need to be converged rapidly.
You can set priorities for specific routes by setting the convergence priority of OSPF routes so
that these routes converge preferentially. This shortens the interruption of key services and
improves the reliability of the entire network.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ospf [ process-id ]
The OSPF view is displayed.
Step 3 Run:
prefix-priority { critical | high | medium } ip-prefix ip-prefix-name
The convergence priority of OSPF routes is set.
After the convergence priority of OSPF routes is set, OSPF can calculate and flood LSAs, and
synchronize LSDBs according to priorities. This speeds up route convergence. When an LSA
meets multiple priorities, the highest priority takes effect. OSPF calculates LSAs in the sequence
of intra-area routes, inter-area routes, and AS external routes. This command makes OSPF
calculate route priorities. Convergence priorities are critical, high, medium, and low. To speed
up the processing of LSAs with the higher priority, during LSA flooding, the LSAs need to be
placed into the corresponding critical, high, medium, and low queues according to priorities.
NOTE
This command takes effect only on the public network.
Step 4 Run:
commit
The configuration is committed.
----End
4.13.2 Setting the Interval for Sending Hello Packets
Context
Hello packets are commonly used packets, which are periodically sent on OSPF interfaces to
establish and maintain neighbor relationships. The intervals set on the interfaces connecting two
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
133
OSPF neighbors need to be the same. Otherwise, the OSPF neighbor relationship cannot be
established.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The OSPF interface view is displayed.
Step 3 Run:
ospf timer hello interval
The interval for sending Hello packets is set on the OSPF interface.
By default, the interval for sending Hello packets on a P2P or broadcast interface is 10s; the
interval for sending Hello packets on a P2MP or NBMA interface is 30s; the dead time for the
OSPF neighbors on the same interface is four times the interval for sending Hello packets.
Step 4 Run:
commit
The configuration is committed.
----End
4.13.3 Setting the Dead Time of the Neighbor Relationship
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The OSPF interface view is displayed.
Step 3 Run:
ospf timer dead interval
The dead time after which the neighbor relationship between two switchs is set.
By default, the dead time of the neighbor relationship on a P2P or broadcast interface is 40s; the
dead time of the neighbor relationship on a P2MP or NBMA interface is 120s; the dead time of
the neighbor relationship on the same interface is four times the interval for sending Hello
packets.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
134
NOTE
Setting the dead interval of an OSPF neighbor to be longer than 20s is recommended. If the dead interval
of an OSPF neighbor is shorter than 20s, the session may be closed.
Both the Hello timer and the Dead timer are restored to the default values after the network type is changed.
Step 4 Run:
commit
The configuration is committed.
----End
4.13.4 Configuring Smart-discover
Context
Before Smart-discover is configured, when the neighbor status of the switch changes or the DR/
BDR on the multi-access network (broadcast or NBMA network) changes, the switch does not
send Hello packets to its neighbor until the Hello timer expires. This slows down the
establishment of neighbor relationships between devices. After Smart-discover is configured,
when the neighbor relationship status of the switch changes or the DR/BDR on the multi-access
network (broadcast or NBMA network) changes, the switch can send Hello packets to its
neighbor immediately without waiting for the expiration of the Hello timer. This speeds up the
establishment of neighbor relationships and thus implements fast convergence of OSPF
networks.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The OSPF interface view is displayed.
Step 3 Run:
ospf smart-discover
Smart-discover is configured on the interface.
Step 4 Run:
commit
The configuration is committed.
----End
4.13.5 Setting the Interval for Updating LSAs
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
135
Context
In OSPF, the interval for updating LSAs is defined as 1s. This aims to prevent network
connections or frequent route flapping from consuming excessive network bandwidth or device
resources.
On a stable network where routes need to be fast converged, you can cancel the interval for
updating LSAs by setting the interval to 0 seconds. In this manner, the changes of the topology
or the routes can be immediately advertised on the network through LSAs. Route convergence
on the network is thus sped up.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ospf [ process-id ]
The OSPF process view is displayed.
Step 3 Run:
lsa-originate-interval { 0 | { intelligent-timer max-interval start-interval hold-
interval | other-type interval }
*
}
The interval for updating LSAs is set.
l The parameter intelligent-timer indicates that the interval for updating router LSAs and
network LSAs is set through an intelligent timer.
l The parameter max-interval specifies the maximum interval for updating LSAs, in
milliseconds.
l The parameter start-interval specifies the initial interval for updating LSAs, in milliseconds.
l The parameter hold-interval specifies the hold interval for updating LSAs, in milliseconds.
l The parameter other-type interval indicates that the interval for updating LSAs excluding
Router LSAs and Network LSAs is set.
By default, no intelligent timer is enabled. After an intelligent timer is enabled, the default
maximum interval for updating LSAs is 5000 ms, the default initial interval is 500 ms, and the
default hold interval is 1000 ms (the interval is expressed in milliseconds). Details about the
interval for updating LSAs are as follows:
1. The initial interval for updating LSAs is specified by start-interval.
2. The interval for updating LSAs for the nth (n 2) time is equal to hold-interval x 2
(n-2)
.
3. When the interval specified by hold-interval x 2
(n-2)
reaches the maximum interval specified
by max-interval, OSPF updates LSAs at the maximum interval for three consecutive times.
Then, OSPF goes back to Step 3.1 and updates LSAs at the initial interval specified by
start-interval.
Step 4 Run:
commit
The configuration is committed.
----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
136
4.13.6 Setting the Interval for Receiving LSAs
Context
In OSPF, the interval for receiving LSAs is 1s. This aims to prevent network connections or
frequent route flapping from consuming excessive network bandwidth or device resources.
On a stable network where routes need to be fast converged, you can cancel the interval for
receiving LSAs by setting the interval to 0 seconds. In this manner, the changes of the topology
or the routes can be immediately advertised to the network through LSAs. Route convergence
on the network is thus sped up.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ospf [ process-id ]
The OSPF process view is displayed.
Step 3 Run:
lsa-arrival-interval { interval | intelligent-timer max-interval start-interval
hold-interval }
The interval for receiving LSAs is set.
l The parameter interval specifies the interval for receiving LSAs, in milliseconds.
l The parameter intelligent-timer indicates that the interval for receiving router LSAs or
network LSAs is set through an intelligent timer.
l The parameter max-interval specifies the maximum interval for receiving LSAs, in
milliseconds.
l The parameter start-interval specifies the initial interval for receiving LSAs, in milliseconds.
l The parameter hold-interval specifies the hold interval for receiving LSAs, in milliseconds.
On a stable network where routes need to be fast converged, you can set the interval for receiving
LSAs to 0 seconds so that the changes of the topology or the routes can be detected immediately.
By default, no intelligent timer is enabled. After an intelligent timer is enabled, the default
maximum interval for receiving LSAs is 1000 ms, the default initial interval is 500 ms, and the
default hold interval is 500 ms. Details about the interval for receiving LSAs are as follows:
1. The initial interval for receiving LSAs is specified by the parameter start-interval.
2. The interval for receiving LSAs for the nth (n 2) time is equal to hold-interval x 2
(n-2)
.
3. When the interval specified by hold-interval x 2
(n-2)
reaches the maximum interval specified
by max-interval, OSPF receives LSAs at the maximum interval for three consecutive times.
Then, OSPF goes back to Step 3.1 and receives LSAs at the initial interval specified by
start-interval.
Step 4 Run:
commit
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
137
The configuration is committed.
----End
4.13.7 Setting the Interval for the SPF Calculation
Context
When the OSPF LSDB changes, the shortest path needs to be recalculated. If a network changes
frequently and the shortest path is calculated continually, many system resources are consumed
and thus system performance is degraded. By configuring an intelligent timer and properly
setting the interval for the SPF calculation, you can prevent excessive system memory and
bandwidth resources from being occupied.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ospf [ process-id ]
The OSPF process view is displayed.
Step 3 Run:
spf-schedule-interval { interval1 | intelligent-timer max-interval start-interval
hold-interval | millisecond interval2 }
The interval for the SPF calculation is set.
l The parameter interval1 specifies the interval for the SPF calculation, in milliseconds.
l The parameter intelligent-timer indicates that the interval for the SPF calculation is set
through an intelligent timer.
l The parameter max-interval specifies the maximum interval for the SPF calculation, in
milliseconds.
l The parameter start-interval specifies the initial interval for the SPF calculation, in
milliseconds.
l The parameter hold-interval specifies the hold interval for the SPF calculation, in
milliseconds.
l The parameter millisecond interval2 specifies the interval for the SPF calculation, in
milliseconds.
By default, an intelligent timer is enabled; the maximum interval for the SPF calculation is 10000
ms, the initial interval is 500 ms, and the hold interval is 1000 ms (the interval is expressed in
milliseconds).
After an intelligent timer is enabled, the interval for the SPF calculation is as follows:
1. The initial interval for the SPF calculation is specified by the parameter start-interval.
2. The interval for the SPF calculation for the nth (n 2) time is equal to hold-interval x 2
(n-2)
.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
138
3. When the interval specified by hold-interval x 2
(n-2)
reaches the maximum interval specified
by max-interval, OSPF performs the SPF calculation at the maximum interval for three
consecutive times. Then, OSPF goes back to 3.1 and performs the SPF calculation at the
initial interval specified by start-interval.
Step 4 Run:
commit
The configuration is committed.
----End
4.13.8 Checking the Configuration
Prerequisites
All configurations of OSPF fast convergence are complete.
Procedure
l Run the display ospf [ process-id ] brief command to check brief information about the
specified OSPF process.
----End
4.14 Configuring OSPF GR Helper
To avoid traffic interruption and route flapping caused by the active/standby switchover, you
can enable OSPF GR.
Applicable Environment
Graceful Restart (GR) is a technology used to ensure normal traffic forwarding and non-stop
forwarding of key services during the restart of routing protocols. GR is one of high availability
(HA) technologies. HA technologies comprise a set of comprehensive techniques, such as fault-
tolerant redundancy, link protection, faulty node recovery, and traffic engineering. As a fault-
tolerant redundancy technology, GR is widely used to ensure non-stop forwarding of key
services during master/slave switchover and system upgrade.
NOTE
The CE series switches support only the GR Helper.
Pre-configuration Tasks
Before configuring OSPF GR, complete the following tasks:
l Configuring IP addresses for interfaces to ensure that neighboring nodes are reachable at
the network layer
l 4.4 Configuring Basic OSPF Functions
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
139
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ospf [ process-id ]
The OSPF view is displayed.
Step 3 Run:
opaque-capability enable
The opaque-LSA capability is enabled.
The opaque-LSA capability of OSPF needs to be enabled first because OSPF supports GR
through Type 9 LSAs.
Step 4 Run:
graceful-restart helper-role { [ { ip-prefix ip-prefix-name | acl-number acl-
number | acl-name acl-name } | ignore-external-lsa | planned-only ]
*
| never }
The GR session parameters is set.
l Set ACL parameters, the local switch can enter the Helper mode only after neighbors pass
the filtering policies of ip-prefix or acl.
l Set ignore-external-lsa, the Helper does not check the LSAs outside the AS (AS-external
LSA). By default, the Helper checks the LSAs outside the AS.
l Set planned-only, the Helper supports only the planned-GR. By default, the Helper supports
both the planned-GR and unplanned-GR.
l Set never, the switch does not support the Helper mode.
----End
Checking the Configuration
Run the display ospf [ process-id ] graceful-restart [ verbose ] command to check the restart
status of OSPF GR.
4.15 Improving the Stability of an OSPF Network
A stable OSPF network features less route flapping, normal device performance, and good
network performance.
Applicable Environment
By setting timers, you can reduce the number of unnecessary packets on networks and reduce
the load on the device. Network performance is thus improved.
Pre-configuration Tasks
Before improving the security of an OSPF network, complete the following tasks:
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
140
l Configuring a link layer protocol
l Configuring IP addresses for interfaces to ensure that neighboring nodes are reachable at
the network layer
l 4.4 Configuring Basic OSPF Functions
Configuration Procedures
You can choose one or several configuration tasks (excluding "Checking the Configuration") as
required.
4.15.1 Setting the Priority of OSPF
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ospf [ process-id ]
The OSPF process view is displayed.
Step 3 Run:
preference [ ase ] { preference | route-policy route-policy-name }
*
The priority of OSPF is set.
l If the parameter ase is specified, it indicates that the preference of AS external routes is set.
l The parameter preference specifies the preference of OSPF routes. The smaller the value,
the higher the preference.
l If the parameter route-policy route-policy-name is specified, it indicates that the preference
is set for specified routes according to the routing policy.
By default, the preference of OSPF routes is 10. When the parameter ase is specified, the default
preference of AS external routes is 150.
Step 4 Run:
commit
The configuration is committed.
----End
4.15.2 Configuring the Delay for Transmitting LSAs on the
Interface
Procedure
Step 1 Run:
system-view
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
141
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The OSPF interface view is displayed.
Step 3 Run:
ospf trans-delay interval
The delay in transmitting LSAs is set on the interface.
By default, the delay in transmitting LSAs is 1s.
Step 4 Run:
commit
The configuration is committed.
----End
4.15.3 Configuring the Interval for Retransmitting LSAs
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The OSPF interface view is displayed.
Step 3 Run:
ospf timer retransmit interval
The interval for retransmitting LSAs between adjacent switchs is set.
By default, the interval for retransmitting LSAs is 5 seconds.
NOTE
The interval for retransmitting LSAs between adjacent switchs cannot be set too small. Otherwise, certain
LSAs are retransmitted unnecessarily. Generally, the interval needs to be greater than the round trip time
of a packet transmitted between two switchs.
Step 4 Run:
commit
The configuration is committed.
----End
4.15.4 Configuring Secure Synchronization
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
142
Context
When the switchs in an area just finish synchronizing the LSDBs, the LSDBs of these switchs
are different from each other. As a result, route flapping occurs. You can configure secure
synchronization to solve this problem. This, however, may delay the establishment of the OSPF
adjacency relationship.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ospf [process-id ]
The OSPF view is displayed.
Step 3 Run:
safe-sync enable
Secure synchronization is configured.
Step 4 Run:
commit
The configuration is committed.
----End
4.15.5 Configuring Stub Routers
Context
A stub switch is used to control traffic and instruct other OSPF switchs not to use it to forward
data. Other OSPF switchs can have a route to the stub switch.
The metric of links in the Router LSAs generated by the stub switch is set to the maximum value
(65535).
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ospf [ process-id ]
The OSPF process view is displayed.
Step 3 Run:
stub-router [ on-startup [ interval ] ]
A stub switch is configured.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
143
The parameter on-startup [ interval ] specifies the interval during which the switch remains to
be a stub switch. By default, the interval is 500 seconds.
NOTE
There is no relation between the stub switch configured through this command and the switch in a stub
area.
Step 4 Run:
commit
The configuration is committed.
----End
4.15.6 Suppressing an Interface from Receiving or Sending OSPF
Packets
Context
After an OSPF interface is set to be in the silent state, the interface can still advertise its direct
routes. Hello packets on the interface, however, cannot be forwarded. Therefore, no neighbor
relationship can be established on the interface. This can enhance the networking adaptability
of OSPF and reduce the consumption of system resources.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ospf [ process-id ]
The OSPF process view is displayed.
Step 3 Run:
silent-interface { all | interface-type interface-number }
The interface is suppressed from receiving or sending OSPF packets.
Step 4 Run:
commit
The configuration is committed.
----End
4.15.7 Checking the Configuration
Prerequisites
All configurations of improving the stability of an OSPF network are complete.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
144
Procedure
l Run the display ospf [ process-id ] brief command to check brief information about the
specified OSPF process.
l Run the display ip routing-table command to check information about the IP routing table.
----End
4.16 Improving the Security of an OSPF Network
On a network demanding high security, you can configure OSPF authentication and the
GTSM to improve the security of the OSPF network.
Applicable Environment
With the increase in attacks on TCP/IP networks and the defects in the TCP/IP protocol suite,
network attacks have a greater impact on the network security. Especially attacks on network
devices will cause the crash of the network. By configuring the GTSM and authentication, you
can improve the security of an OSPF network.
The CE series switches support the following authentication modes:
l Simple authentication
l MD5 authentication
l HMAC-MD5 authentication
l Keychain authentication
NOTE
The CE series switches supports OSPF GTSM. For detailed configuration of OSPF GTSM, refer to the
CloudEngine 6800&5800 Series Switches Configuration Guide - Security
NOTE
Pre-configuration Tasks
Before improving the security of an OSPF network, complete the following tasks:
l Configuring IP addresses for interfaces to ensure that neighboring nodes are reachable at
the network layer
l 4.4 Configuring Basic OSPF Functions
Configuration Procedures
You can choose one or several configuration tasks (excluding "Checking the Configuration") as
required.
4.16.1 Configuring the Area Authentication Mode
Procedure
Step 1 Run:
system-view
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
145
The system view is displayed.
Step 2 Run:
ospf [ process-id ]
The OSPF process view is displayed.
Step 3 Run:
area area-id
The OSPF area view is displayed.
Step 4 Run any of the following command to configure the authentication mode of the OSPF area as
required:
l Run:
authentication-mode simple [ plain plain-text | [ cipher ] cipher-text ]
Simple authentication is configured for the OSPF area.
plain indicates the plain text password.
cipher indicates the cipher text password. For Message Digest 5 (MD5) or Hashed
Message Authentication Code-MD5 (HMAC-MD5) authentication, the authentication
mode is in cipher text by default.
l Run:
authentication-mode { md5 | hmac-md5 } [ key-id { plain plain-text | [ cipher ]
cipher-text } ]
Authentication mode is configured for the OSPF area.
md5 indicates the MD5 cipher text authentication mode.
hmac-md5 indicates the HMAC-MD5 cipher text authentication mode.
key-id specifies the ID of the authentication key.
l Run:
authentication-mode keychain keychain-name
The Keychain authentication is configured for the OSPF area.
NOTE
Before using the Keychain authentication, you need to configure Keychain information in the system
view. To establish the OSPF neighbor relationship, you need to ensure that the key-id, algorithm, and
key-string of the local ActiveSendKey are the same as those of the remote ActiveRecvKey.
Step 5 Run:
commit
The configuration is committed.
----End
4.16.2 Configuring the Interface Authentication Mode
Procedure
Step 1 Run:
system-view
The system view is displayed.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
146
Step 2 Run:
interface interface-type interface-number
The OSPF interface view is displayed.
Step 3 Run any of the following commands to configure the interface authentication mode as required:
l Run:
ospf authentication-mode simple [ plain plain-text | [ cipher ] cipher-text ]
Simple authentication is configured for the OSPF interface.
simple indicates simple authentication.
plain indicates the plain text password. For simple authentication, the authentication
mode is in plain text by default.
cipher indicates the cipher text password. For MD5 or HMAC-MD5 authentication, the
authentication mode is in cipher text by default.
l Run:
ospf authentication-mode { md5 | hmac-md5 } [ key-id { plain plain-text |
[ cipher ] cipher-text } ]
Authentication mode is configured for the OSPF interface.
md5 indicates the MD5 cipher text authentication mode.
hmac-md5 indicates the HMAC-MD5 cipher text authentication mode.
l Run:
ospf authentication-mode null
The OSPF interface is not authenticated.
l Run:
ospf authentication-mode keychain keychain-name
The Keychain authentication is configured for the OSPF area.
NOTE
Before using the Keychain authentication, you need to configure Keychain information in the system
view. To establish the OSPF neighbor relationship, you need to ensure that the key-id, algorithm, and
key-string of the local ActiveSendKey are the same as those of the remote ActiveRecvKey.
Step 4 Run:
commit
The configuration is committed.
----End
4.16.3 Checking the Configuration
Prerequisites
All configurations of improving the security of an OSPF network are complete.
Procedure
l Run the display ospf [ process-id] brief command to view the configurations of the system
in the current view.
----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
147
4.17 Configuring the Network Management Function of
OSPF
OSPF supports the network management function. You can bind the OSPF MIB to a certain
OSPF process.
Applicable Environment
Through the Simple Network Management Protocol (SNMP), the OSPF Management
Information Base (MIB) manages multicast information exchanged between the NMS and
agents.
Pre-configuration Tasks
Before configuring the network management function of OSPF, complete the following tasks:
l Configuring a link layer protocol
l Configuring IP addresses for interfaces to ensure that neighboring nodes are reachable at
the network layer
l 4.4 Configuring Basic OSPF Functions
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ospf mib-binding process-id
The OSPF process is bound to the MIB.
Step 3 Run:
commit
The configuration is committed.
----End
Checking the Configuration
Run the following commands to check the previous configuration.
l Run the display ospf [ process-id ] brief command to check brief information about the
binding between the OSPF process and the MIB.
4.18 Maintaining OSPF
Maintaining OSPF involves resetting OSPF, and clearing OSPF statistics.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
148
4.18.1 Clearing OSPF
Context
CAUTION
OSPF information cannot be restored after you clear it. So, confirm the action before you use
the command.
To clear OSPF information, run the following reset commands in the user view.
Procedure
l Run the reset ospf [ process-id ] counters [ neighbor [ interface-type interface-number ]
[ router-id ] ] command to reset OSPF counters.
counters indicates OSPF counters.
neighbor indicates neighbor information on the specified interface.
l Run the reset ospf [ process-id ] redistribution command in the user view to re-import
routes by OSPF.
l Run the reset gtsm statistics all command in the user view to clear the GTSM statistics
on the device.
l Run the reset ospf [ process-id ] frr command in the user view to perform OSPF IP FRR
calculation again.
l Run the reset ospf [ process-id ] peer [ interface-type interface-number ] router-id
command to restart OSPF peers.
----End
4.18.2 Resetting OSPF
Context
CAUTION
The OSPF adjacency relationship between the switchs will be torn down after you run the reset
ospf command to reset OSPF connections. So, confirm the action before you use the command.
To reset OSPF connections, run the following reset commands in the user view.
Procedure
l Run the reset ospf [ process-id ] process command in the user view to restart the OSPF
process.
----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
149
4.19 Configuring Examples
This section provides several configuration examples of OSPF together with the configuration
flowchart. The configuration examples explain networking requirements, and configuration
roadmap.
4.19.1 Example for Configuring Basic OSPF Functions
Networking Requirements
As shown in Figure 4-8, all switchs run OSPF, and the entire AS is partitioned into three areas.
Switch A and Switch B function as ABRs to forward the routes between areas.
After the configuration is complete, each switch should learn the routes to all network segments
in the AS.
Figure 4-8 Networking diagram of configuring basic OSPF functions
SwitchA
SwitchB
SwitchD
10GE1/0/1
VLANIF10
192.168.0.1/24
10GE1/0/1
VLANIF10
192.168.0.2/24
10GE1/0/2
VLANIF30
192.168.2.1/24
10GE1/0/1
VLANIF30
192.168.2.2/24
Area0
10GE1/0/2
VLANIF20
192.168.1.1/24
10GE1/0/2
VLANIF50
172.17.1.1/24
SwitchC
10GE1/0/1
VLANIF20
192.168.1.2/24
Area1
10GE1/0/2
VLANIF40
172.16.1.1/24
Area2
10GE1/0/1
VLANIF40
172.16.1.2/24
10GE1/0/1
VLANIF50
172.17.1.2/24
SwitchE
SwitchF

Configuration Roadmap
The configuration roadmap is as follows:
1. Enable OSPF on each switch.
2. Specify network segments in different areas.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
150
Procedure
Step 1 Assign an IP address to each interface. The detailed configuration is not mentioned here.
Step 2 Configure basic OSPF functions.
# Configure Switch A.
[~SwitchA] router id 1.1.1.1
[~SwitchA] ospf 1
[~SwitchA-ospf-1] area 0
[~SwitchA-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.0.255
[~SwitchA-ospf-1-area-0.0.0.0] quit
[~SwitchA-ospf-1] area 1
[~SwitchA-ospf-1-area-0.0.0.1] network 192.168.1.0 0.0.0.255
[~SwitchA-ospf-1-area-0.0.0.1] quit
[~SwitchA-ospf-1] commit
# Configure Switch B.
[~SwitchB] router id 2.2.2.2
[~SwitchB] ospf 1
[~SwitchB-ospf-1] area 0
[~SwitchB-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.0.255
[~SwitchB-ospf-1-area-0.0.0.0] quit
[~SwitchB-ospf-1] area 2
[~SwitchB-ospf-1-area-0.0.0.2] network 192.168.2.0 0.0.0.255
[~SwitchB-ospf-1-area-0.0.0.2] quit
[~SwitchB-ospf-1] commit
# Configure Switch C.
[~SwitchC] router id 3.3.3.3
[~SwitchC] ospf 1
[~SwitchC-ospf-1] area 1
[~SwitchC-ospf-1-area-0.0.0.1] network 192.168.1.0 0.0.0.255
[~SwitchC-ospf-1-area-0.0.0.1] network 172.16.1.0 0.0.0.255
[~SwitchC-ospf-1-area-0.0.0.1] commit
[~SwitchC-ospf-1-area-0.0.0.1] quit
# Configure Switch D.
[~SwitchD] router id 4.4.4.4
[~SwitchD] ospf 1
[~SwitchD-ospf-1] area 2
[~SwitchD-ospf-1-area-0.0.0.2] network 192.168.2.0 0.0.0.255
[~SwitchD-ospf-1-area-0.0.0.2] network 172.17.1.0 0.0.0.255
[~SwitchD-ospf-1-area-0.0.0.2] commit
[~SwitchD-ospf-1-area-0.0.0.2] quit
# Configure Switch E.
[~SwitchE] router id 5.5.5.5
[~SwitchE] ospf 1
[~SwitchE-ospf-1] area 1
[~SwitchE-ospf-1-area-0.0.0.1] network 172.16.1.0 0.0.0.255
[~SwitchE-ospf-1-area-0.0.0.1] commit
[~SwitchE-ospf-1-area-0.0.0.1] quit
# Configure Switch F.
[~SwitchF] router id 6.6.6.6
[~SwitchF] ospf 1
[~SwitchF-ospf-1] area 2
[~SwitchF-ospf-1-area-0.0.0.2] network 172.17.1.0 0.0.0.255
[~SwitchF-ospf-1-area-0.0.0.2] commit
[~SwitchF-ospf-1-area-0.0.0.2] quit
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
151
Step 3 Verify the configuration.
# Display the OSPF neighbors of Switch A.
[~SwitchA] display ospf peer
OSPF Process 1 with Router ID 1.1.1.1
Neighbors
Area 0.0.0.0 interface 192.168.0.1(10GE1/0/1)'s neighbors
Router ID: 2.2.2.2 Address: 192.168.0.2
State: Full Mode:Nbr is Master Priority: 1
DR: 192.168.0.2 BDR: 192.168.0.1 MTU: 0
Dead timer due in 36 sec
Retrans timer interval: 5
Neighbor is up for 00:15:04
Authentication Sequence: [~ 0 ]
Area 0.0.0.1 interface 192.168.1.1(10GE1/0/2)'s neighbors
Router ID: 3.3.3.3 Address: 192.168.1.2
State: Full Mode:Nbr is Master Priority: 1
DR: 192.168.1.2 BDR: 192.168.1.1 MTU: 0
Dead timer due in 39 sec
Retrans timer interval: 5
Neighbor is up for 00:07:32
Authentication Sequence: [~ 0 ]
# Display the OSPF routes of Switch A.
[~SwitchA] display ospf routing
OSPF Process 1 with Router ID 1.1.1.1
Routing Tables
Routing for Network
Destination Cost Type NextHop AdvRouter Area
172.16.1.0/24 2 Transit 192.168.1.2 3.3.3.3 0.0.0.1
172.17.1.0/24 3 Inter-area 192.168.0.2 2.2.2.2 0.0.0.0
192.168.2.0/24 2 Inter-area 192.168.0.2 2.2.2.2 0.0.0.0
Total Nets: 3
Intra Area: 1 Inter Area: 2 ASE: 0 NSSA: 0
# Display the LSDB of Switch A.
[~SwitchA] display ospf lsdb
OSPF Process 1 with Router ID 1.1.1.1
Link State Database
Area: 0.0.0.0
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 1.1.1.1 1.1.1.1 93 48 80000004 1
Router 2.2.2.2 2.2.2.2 92 48 80000004 1
Sum-Net 172.16.1.0 1.1.1.1 1287 28 80000002 2
Sum-Net 192.168.1.0 1.1.1.1 1716 28 80000001 1
Sum-Net 172.17.1.0 2.2.2.2 1336 28 80000001 2
Sum-Net 192.168.2.0 2.2.2.2 87 28 80000002 1
Area: 0.0.0.1
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 1.1.1.1 1.1.1.1 1420 48 80000002 1
Router 3.3.3.3 3.3.3.3 1294 60 80000003 1
Router 5.5.5.5 5.5.5.5 1296 36 80000002 1
Network 172.16.1.1 3.3.3.3 1294 32 80000001 0
Sum-Net 172.17.1.0 1.1.1.1 1325 28 80000001 3
Sum-Net 192.168.0.0 1.1.1.1 1717 28 80000001 1
Sum-Net 192.168.2.0 1.1.1.1 1717 28 80000001 2
# Display the routing table on Switch D and perform the ping operation to test the connectivity.
[~SwitchD] display ospf routing
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
152
OSPF Process 1 with Router ID 4.4.4.4
Routing Tables
Routing for Network
Destination Cost Type NextHop AdvRouter Area
172.16.1.0/24 4 Inter-area 192.168.2.1 2.2.2.2 0.0.0.2
192.168.0.0/24 2 Inter-area 192.168.2.1 2.2.2.2 0.0.0.2
192.168.1.0/24 3 Inter-area 192.168.2.1 2.2.2.2 0.0.0.2
Total Nets: 3
Intra Area: 0 Inter Area: 3 ASE: 0 NSSA: 0
[~SwitchD] ping 172.16.1.1
PING 172.16.1.1: 56 data bytes, press CTRL_C to break
Reply from 172.16.1.1: bytes=56 Sequence=1 ttl=253 time=62 ms
Reply from 172.16.1.1: bytes=56 Sequence=2 ttl=253 time=16 ms
Reply from 172.16.1.1: bytes=56 Sequence=3 ttl=253 time=62 ms
Reply from 172.16.1.1: bytes=56 Sequence=4 ttl=253 time=94 ms
Reply from 172.16.1.1: bytes=56 Sequence=5 ttl=253 time=63 ms
--- 172.16.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 16/59/94 ms
----End
Configuration Files
l Configuration file of Switch A
#
sysname SwitchA
#
router id 1.1.1.1
#
vlan batch 10 20
#
interface Vlanif10
ip address 192.168.0.1 255.255.255.0
#
interface Vlanif20
ip address 192.168.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
area 0.0.0.1
network 192.168.1.0 0.0.0.255
#
return
l Configuration file of Switch B
#
sysname SwitchB
#
router id 2.2.2.2
#
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
153
vlan batch 10 30
#
interface Vlanif10
ip address 192.168.0.2 255.255.255.0
#
interface Vlanif30
ip address 192.168.2.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
area 0.0.0.2
network 192.168.2.0 0.0.0.255
#
return
l Configuration file of Switch C
#
sysname SwitchC
#
router id 3.3.3.3
#
vlan batch 20 40
#
interface Vlanif20
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif40
ip address 172.16.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
ospf 1
area 0.0.0.1
network 192.168.1.0 0.0.0.255
network 172.16.1.0 0.0.0.255
#
return
l Configuration file of Switch D
#
sysname SwitchD
#
router id 4.4.4.4
#
vlan batch 30 50
#
interface Vlanif30
ip address 192.168.2.2 255.255.255.0
#
interface Vlanif50
ip address 172.17.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 30
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
154
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 50
#
ospf 1
area 0.0.0.2
network 192.168.2.0 0.0.0.255
network 172.17.1.0 0.0.0.255
#
return
l Configuration file of Switch E
#
sysname SwitchE
#
router id 5.5.5.5
#
vlan batch 40
#
interface Vlanif40
ip address 172.16.1.2 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 40
#
ospf 1
area 0.0.0.1
network 172.16.1.0 0.0.0.255
#
return
l Configuration file of Switch F
#
sysname SwitchF
#
router id 6.6.6.6
#
vlan batch 50
#
interface Vlanif50
ip address 172.17.1.2 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 50
#
ospf 1
area 0.0.0.2
network 172.17.1.0 0.0.0.255
#
return
4.19.2 Example for Configuring OSPF Stub Areas
Networking Requirements
As shown in Figure 4-9, all switchs run OSPF, and the entire AS is partitioned into three areas.
Switch A and Switch B function as ABRs to advertise routes between areas; Switch D functions
as the ASBR to import external routes, that is, static routes.
It is required to configure Area 1 as a stub area to reduce the LSAs advertised to this area without
affecting the route reachability.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
155
Figure 4-9 Networking diagram of configuring an OSPF stub area
SwitchA
SwitchB
SwitchD
10GE1/0/1
VLANIF10
192.168.0.1/24
10GE1/0/1
VLANIF10
192.168.0.2/24
10GE1/0/2
VLANIF30
192.168.2.1/24
10GE1/0/1
VLANIF30
192.168.2.2/24
Area0
10GE1/0/2
VLANIF20
192.168.1.1/24
10GE1/0/2
VLANIF50
172.17.1.1/24
SwitchC
10GE1/0/1
VLANIF20
192.168.1.2/24
Area1
10GE1/0/2
VLANIF40
172.16.1.1/24
Area2
10GE1/0/1
VLANIF40
172.16.1.2/24
10GE1/0/1
VLANIF50
172.17.1.2/24
SwitchE
SwitchF
Stub
ASBR

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic OSPF functions on each switch to realize interconnection.
2. Configure static routes on Switch D and import it into OSPF.
3. Configure Area 1 as a stub area by running the stub command on all switchs in Area 1 and
check the OSPF routing information on Switch C.
4. Prevent Switch A from advertising Type 3 LSAs to the stub area, and check the OSPF
routing information on Switch C.
Procedure
Step 1 Assign an IP address to each interface. The detailed configuration is not mentioned here.
Step 2 Configure basic OSPF functions. For details, see 4.19.1 Example for Configuring Basic OSPF
Functions.
Step 3 Configure Switch D to import static routes.
[~SwitchD] ip route-static 200.0.0.0 8 null 0
[~SwitchD] ospf 1
[~SwitchD-ospf-1] import-route static type 1
[~SwitchD-ospf-1] commit
[~SwitchD-ospf-1] quit
# Display ABR and ASBR information on Switch C.
[~SwitchC] display ospf abr-asbr
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
156
OSPF Process 1 with Router ID 3.3.3.3
Routing Table to ABR and ASBR
Type Destination Area Cost NextHop RtType
Intra-area 1.1.1.1 0.0.0.1 1 192.168.1.1 ABR
Inter-area 4.4.4.4 0.0.0.1 3 192.168.1.1 ASBR
# Display the OSPF routing table on Switch C.
NOTE
If the area where Switch C resides is a common area, external routes exist in the routing table.
[~SwitchC] display ospf routing
OSPF Process 1 with Router ID 3.3.3.3
Routing Tables
Routing for Network
Destination Cost Type NextHop AdvRouter Area
172.17.1.0/24 4 Inter-area 192.168.1.1 1.1.1.1 0.0.0.1
192.168.0.0/24 2 Inter-area 192.168.1.1 1.1.1.1 0.0.0.1
192.168.2.0/24 3 Inter-area 192.168.1.1 1.1.1.1 0.0.0.1
Routing for ASEs
Destination Cost Type Tag NextHop AdvRouter
200.0.0.0/8 4 Type1 1 192.168.1.1 4.4.4.4
Total Nets: 4
Intra Area: 0 Inter Area: 3 ASE: 1 NSSA: 0
Step 4 Configure Area 1 as a stub area.
# Configure Switch A.
[~SwitchA] ospf 1
[~SwitchA-ospf-1] area 1
[~SwitchA-ospf-1-area-0.0.0.1] stub
[~SwitchA-ospf-1-area-0.0.0.1] commit
[~SwitchA-ospf-1-area-0.0.0.1] quit
# Configure Switch C.
[~SwitchC] ospf 1
[~SwitchC-ospf-1] area 1
[~SwitchC-ospf-1-area-0.0.0.1] stub
[~SwitchC-ospf-1-area-0.0.0.1] commit
[~SwitchC-ospf-1-area-0.0.0.1] quit
# Configure Switch E.
[~SwitchE] ospf 1
[~SwitchE-ospf-1] area 1
[~SwitchE-ospf-1-area-0.0.0.1] stub
[~SwitchE-ospf-1-area-0.0.0.1] commit
[~SwitchE-ospf-1-area-0.0.0.1] quit
# Display the routing table on Switch C.
NOTE
After the area where Switch C resides is configured as a stub area, a default route rather than AS external
routes exists in the routing table.
[~SwitchC] display ospf routing
OSPF Process 1 with Router ID 3.3.3.3
Routing Tables
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
157
Routing for Network
Destination Cost Type NextHop AdvRouter Area
0.0.0.0/0 2 Inter-area 192.168.1.1 1.1.1.1 0.0.0.1
172.17.1.0/24 4 Inter-area 192.168.1.1 1.1.1.1 0.0.0.1
192.168.0.0/24 2 Inter-area 192.168.1.1 1.1.1.1 0.0.0.1
192.168.2.0/24 3 Inter-area 192.168.1.1 1.1.1.1 0.0.0.1
Total Nets: 4
Intra Area: 0 Inter Area: 4 ASE: 0 NSSA: 0
Step 5 # Prevent Switch A from advertising Type 3 LSAs to the stub area.
[~SwitchA] ospf
[~SwitchA-ospf-1] area 1
[~SwitchA-ospf-1-area-0.0.0.1] stub no-summary
[~SwitchA-ospf-1-area-0.0.0.1] commit
[~SwitchA-ospf-1-area-0.0.0.1] quit
Step 6 Verify the configuration.
# Display the OSPF routing table on Switch C.
[~SwitchC] display ospf routing
OSPF Process 1 with Router ID 3.3.3.3
Routing Tables
Routing for Network
Destination Cost Type NextHop AdvRouter Area
0.0.0.0/0 2 Inter-area 192.168.1.1 1.1.1.1 0.0.0.1
Total Nets: 1
Intra Area: 0 Inter Area: 1 ASE: 0 NSSA: 0
NOTE
After the advertisement of summary LSAs to the stub area is disabled, the routing entries on the switch in
the stub area are further reduced, and only the default route to a destination outside the stub area is reserved.
----End
Configuration Files
l Configuration file of Switch A
#
sysname SwitchA
#
router id 1.1.1.1
#
vlan batch 10 20
#
interface Vlanif10
ip address 192.168.0.1 255.255.255.0
#
interface Vlanif20
ip address 192.168.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
area 0.0.0.1
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
158
network 192.168.1.0 0.0.0.255
stub no-summary
#
return
NOTE
Configuration files of Switch B and Switch F are similar to the configuration file of Switch A, and
are not mentioned here.
l Configuration file of Switch C
#
sysname SwitchC
#
router id 3.3.3.3
#
vlan batch 20 40
#
interface Vlanif20
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif40
ip address 172.16.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
ospf 1
area 0.0.0.1
network 192.168.1.0 0.0.0.255
network 172.16.1.0 0.0.0.255
stub
#
return
l Configuration file of Switch D
#
sysname SwitchD
#
vlan batch 30 50
#
router id 4.4.4.4
#
interface Vlanif30
ip address 192.168.2.2 255.255.255.0
#
interface Vlanif50
ip address 172.17.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 50
#
ospf 1
import-route static type 1
area 0.0.0.2
network 192.168.2.0 0.0.0.255
network 172.17.1.0 0.0.0.255
#
ip route-static 200.0.0.0 255.0.0.0 NULL0
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
159
#
return
l Configuration file of Switch E
#
sysname SwitchE
#
router id 5.5.5.5
#
vlan batch 40
#
interface Vlanif40
ip address 172.16.1.2 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 40
#
ospf 1
area 0.0.0.1
network 172.16.1.0 0.0.0.255
stub
#
return
4.19.3 Example for Configuring an NSSA Area
Networking Requirements
As shown in Figure 4-10, OSPF is enabled on all Switches and the AS is divided into three
areas. Switch A and Switch B function as ABRs to forward routes between areas; Switch D
functions as the ASBR to import external routes, that is, static routes.
You need to configure Area 1 as an NSSA area and configure SwitchC as an ASBR to import
external routes (static routes). The routing information can be transmitted correctly in the AS.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
160
Figure 4-10 Networking diagram for configuring an NSSA area
SwitchA
SwitchB
SwitchD
10GE1/0/1
VLANIF10
192.168.0.1/24
10GE1/0/1
VLANIF10
192.168.0.2/24
10GE1/0/2
VLANIF30
192.168.2.1/24
10GE1/0/1
VLANIF30
192.168.2.2/24
Area0
10GE1/0/2
VLANIF20
192.168.1.1/24
10GE1/0/2
VLANIF50
172.17.1.1/24
SwitchC
10GE1/0/1
VLANIF20
192.168.1.2/24
Area1
10GE1/0/2
VLANIF40
172.16.1.1/24
Area2
10GE1/0/1
VLANIF40
172.16.1.2/24
10GE1/0/1
VLANIF50
172.17.1.2/24
SwitchE
SwitchF
NSSA
ASBR
ASBR

Configuration Roadmap
The configuration roadmap is as follows:
1. Enable OSPF on each Switch and configure the basic OSPF functions.
2. Configure static routes on Switch D and import them into OSPF.
3. Configure Area 1 as an NSSA area and check the OSPF routing information of Switch C.
You must run the nssa command on all the devices in Area 1.
4. Configure static routes on Switch C, import them into OSPF, and check the OSPF routing
information of Switch D.
Procedure
Step 1 Configure the VLAN that each interface belongs to.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[~HUAWEI] commit
[~SwitchA] vlan batch 10 20
[~SwitchA] interface 10ge 1/0/1
[~SwitchA-10GE1/0/1] port link-type trunk
[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10
[~SwitchA-10GE1/0/1] quit
[~SwitchA] interface 10ge 1/0/2
[~SwitchA-10GE1/0/2] port link-type trunk
[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 20
[~SwitchA-10GE1/0/2] quit
[~SwitchA-10GE1/0/2] commit
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
161
The configurations of Switch B, Switch C, Switch D, Switch E, and Switch F are similar to the
configuration of Switch A, and are not mentioned here.
Step 2 Assign an IP address to each VLANIF interface.
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] ip address 192.168.0.1 24
[~SwitchA-Vlanif10] quit
[~SwitchA] interface vlanif 20
[~SwitchA-Vlanif20] ip address 192.168.1.1 24
[~SwitchA-Vlanif20] quit
[~SwitchA-Vlanif20] commit
The configurations of Switch B, Switch C, Switch D, Switch E, and Switch F are similar to the
configuration of Switch A, and are not mentioned here.
Step 3 Configure the basic OSPF functions. See 4.19.1 Example for Configuring Basic OSPF
Functions.
Step 4 Configure Switch D to import static routes. See 4.19.2 Example for Configuring OSPF Stub
Areas.
Step 5 Configure Area 1 as an NSSA area.
# Configure Switch A.
[~SwitchA] ospf
[~SwitchA-ospf-1] area 1
[~SwitchA-ospf-1-area-0.0.0.1] nssa default-route-advertise no-summary
[~SwitchA-ospf-1-area-0.0.0.1] quit
[~SwitchA-ospf-1] quit
[~SwitchA-ospf-1] commit
# Configure Switch C.
[~SwitchC] ospf
[~SwitchC-ospf-1] area 1
[~SwitchC-ospf-1-area-0.0.0.1] nssa
[~SwitchC-ospf-1-area-0.0.0.1] quit
[~SwitchC-ospf-1] quit
[~SwitchC-ospf-1] commit
# Configure Switch E.
[~SwitchE] ospf
[~SwitchE-ospf-1] area 1
[~SwitchE-ospf-1-area-0.0.0.1] nssa
[~SwitchE-ospf-1-area-0.0.0.1] quit
[~SwitchE-ospf-1] quit
[~SwitchE-ospf-1] commit
NOTE
The default-route-advertise and no-summary keywords are recommend on the ABR (Switch A). In this
manner, the size of the routing table of devices in an NSSA area can be reduced. For the other devices in
the NSSA area, you need to run only the nssa command.
# View the OSPF routing table of Switch C.
[~SwitchC] display ospf routing

OSPF Process 1 with Router ID 3.3.3.3
Routing Tables

Routing for Network
Destination Cost Type NextHop AdvRouter Area
0.0.0.0/0 2 Inter-area 192.168.1.1 1.1.1.1 0.0.0.1
172.16.1.0/24 1 Transit 172.16.1.1 3.3.3.3 0.0.0.1
192.168.1.0/24 1 Transit 192.168.1.2 3.3.3.3 0.0.0.1
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
162

Total Nets: 3
Intra Area: 2 Inter Area: 1 ASE: 0 NSSA: 0
Step 6 Configure Switch C to import static routes.
# Import static routes on Switch C.
[~SwitchC] ip route-static 100.0.0.0 8 null 0
[~SwitchC] ospf
[~SwitchC-ospf-1] import-route static
[~SwitchC-ospf-1] quit
[~SwitchC-ospf-1] commit
Step 7 Verify the configuration.
# View the OSPF routing table of Switch D.
[~SwitchD] display ospf routing

OSPF Process 1 with Router ID 4.4.4.4
Routing Tables

Routing for Network
Destination Cost Type NextHop AdvRouter Area
172.16.1.0/24 4 Inter-area 192.168.2.1 2.2.2.2 0.0.0.2
172.17.1.0/24 1 Transit 172.17.1.1 4.4.4.4 0.0.0.2
192.168.0.0/24 2 Inter-area 192.168.2.1 2.2.2.2 0.0.0.2
192.168.1.0/24 3 Inter-area 192.168.2.1 2.2.2.2 0.0.0.2
192.168.2.0/24 1 Transit 192.168.2.2 4.4.4.4 0.0.0.2
Routing for ASEs
Destination Cost Type Tag NextHop AdvRouter
100.0.0.0/8 1 Type2 1 192.168.2.1 1.1.1.1

Total Nets: 6
Intra Area: 2 Inter Area: 3 ASE: 1 NSSA: 0
From the routing table of Switch D, you can find that an AS external route is imported to the
NSSA area.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
router id 1.1.1.1
#
vlan batch 10 20
#
interface Vlanif10
ip address 192.168.0.1 255.255.255.0
#
interface Vlanif20
ip address 192.168.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
ospf 1
area 0.0.0.0
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
163
network 192.168.0.0 0.0.0.255
area 0.0.0.1
network 192.168.1.0 0.0.0.255
nssa default-route-advertise no-summary
#
return
NOTE
Configuration files of Switch B, Switch D, and Switch F are similar to the configuration file of Switch
A, and are not mentioned here.
l Configuration file of Switch C
#
sysname SwitchC
#
router id 3.3.3.3
#
vlan batch 20 40
#
interface Vlanif20
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif40
ip address 172.16.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
ospf 1
import-route static
area 0.0.0.1
network 192.168.1.0 0.0.0.255
network 172.16.1.0 0.0.0.255
nssa
#
ip route-static 100.0.0.0 255.0.0.0 NULL0
#
return
l Configuration file of Switch E
#
sysname SwitchE
#
router id 5.5.5.5
#
vlan batch 40
#
interface Vlanif40
ip address 172.16.1.2 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 40
#
ospf 1
area 0.0.0.1
network 172.16.1.0 0.0.0.255
nssa
#
return
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
164
4.19.4 Example for Configuring DR Election of OSPF
Networking Requirements
As shown in Figure 4-11, Switch A has the highest priority of 100 on the network and is elected
as the DR; Switch C has the second highest priority and is elected as the BDR; The priority of
Switch B is 0 and therefore cannot be elected as a DR or a BDR; the priority of Switch D is not
set, so Switch D uses the default value 1.
Figure 4-11 Networking diagram for configuring DR election of an OSPF process
SwitchB SwitchA
SwitchD
10GE1/0/1
VLANIF10
192.168.1.2/24
10GE1/0/1
VLANIF10
192.168.1.1/24
10GE1/0/1
VLANIF10
192.168.1.4/24
SwitchC
10GE1/0/1
VLANIF10
192.168.1.3/24

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the ID of the VLAN that each interface belongs to.
2. Assign an IP address to each VLANIF interface.
3. Configure the router ID, enable OSPF, and specify network segments on each Switch.
4. Check whether an Switch is the DR or BDR with its default DR priority.
5. Set the DR priority of the interface on each Switch and check whether the Switch becomes
the DR or BDR.
Procedure
Step 1 Configure the VLAN that each interface belongs to.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[~HUAWEI] commit
[~SwitchA] vlan 10
[~SwitchA-vlan10] quit
[~SwitchA] interface 10ge 1/0/1
[~SwitchA-10GE1/0/1] port link-type trunk
[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10
[~SwitchA-10GE1/0/1] quit
[~SwitchA] commit
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
165
The configurations of Switch B, Switch C, and Switch D are similar to the configuration of
Switch A, and are not mentioned here.
Step 2 Assign an IP address to each VLANIF interface.
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] ip address 192.168.1.1 24
[~SwitchA-Vlanif10] commit
The configurations of Switch B, Switch C, and Switch D are similar to the configuration of
Switch A, and are not mentioned here.
Step 3 Configure the basic OSPF functions.
# Configure Switch A.
[~SwitchA] router id 1.1.1.1
[~SwitchA] ospf
[~SwitchA-ospf-1] area 0
[~SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[~SwitchA-ospf-1-area-0.0.0.0] quit
[~SwitchA-ospf-1] quit
[~SwitchA] commit
# Configure SwitchB.
[~SwitchB] router id 2.2.2.2
[~SwitchB] ospf
[~SwitchB-ospf-1] area 0
[~SwitchB-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[~SwitchB-ospf-1-area-0.0.0.0] quit
[~SwitchB-ospf-1] quit
[~SwitchB] commit
# Configure Switch C.
[~SwitchC] router id 3.3.3.3
[~SwitchC] ospf
[~SwitchC-ospf-1] area 0
[~SwitchC-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[~SwitchC-ospf-1-area-0.0.0.0] quit
[~SwitchC-ospf-1] quit
[~SwitchC] commit
# Configure Switch D.
[~SwitchD] router id 4.4.4.4
[~SwitchD] ospf
[~SwitchD-ospf-1] area 0
[~SwitchD-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[~SwitchD-ospf-1-area-0.0.0.0] quit
[~SwitchD-ospf-1] quit
[~SwitchD] commit
# Check information about neighbors of Switch A to find the DR and BDR.
[~SwitchA] display ospf peer

OSPF Process 1 with Router ID 1.1.1.1
Neighbors

Area 0.0.0.0 interface 192.168.1.1(Vlanif10)'s neighbors
Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal
State: Full Mode:Nbr is Master Priority: 1
DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0
Dead timer due in 32 sec
Neighbor is up for 00:00:00
Authentication Sequence: [~ 0 ]

CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
166
Router ID: 3.3.3.3 Address: 192.168.1.3 GR State: Normal
State: Full Mode:Nbr is Master Priority: 1
DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0
Dead timer due in 37 sec
Neighbor is up for 00:04:06
Authentication Sequence: [~ 0 ]

Router ID: 4.4.4.4 Address: 192.168.1.4 GR State: Normal
State: Full Mode:Nbr is Master Priority: 1
DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0
Dead timer due in 37 sec
Neighbor is up for 00:03:53
Authentication Sequence: [~ 0 ]
Check the neighbors of Switch A. You can view the DR priority and the neighbor status. By
default, the DR priority is 1. Now Switch D functions as the DR and Switch C functions as the
BDR.
NOTE
When the priority is the same, the switch with a higher router ID is elected as the DR. If a new switch is
added after the DR/BDR election is complete, the new switch cannot become the DR even if it has the
highest priority.
Step 4 Set the DR priority on each VLANIF interface.
# Configure Switch A.
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] ospf dr-priority 100
[~SwitchA-Vlanif10] quit
[~SwitchA] commit
Configure SwitchB.
[~SwitchB] interface vlanif 10
[~SwitchB-Vlanif10] ospf dr-priority 0
[~SwitchB-Vlanif10] quit
[~SwitchB] commit
# Configure Switch C.
[~SwitchC] interface vlanif 10
[~SwitchC-Vlanif10] ospf dr-priority 2
[~SwitchC-Vlanif10] quit
[~SwitchC] commit
# Check the status of the DR or BDR.
[~SwitchD] display ospf peer

OSPF Process 1 with Router ID 4.4.4.4
Neighbors

Area 0.0.0.0 interface 192.168.1.4(Vlanif10)'s neighbors
Router ID: 1.1.1.1 Address: 192.168.1.1 GR State: Normal
State: Full Mode:Nbr is Slave Priority: 100
DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0
Dead timer due in 31 sec
Neighbor is up for 00:11:17
Authentication Sequence: [~ 0 ]
Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal
State: Full Mode:Nbr is Slave Priority: 0
DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0
Dead timer due in 35 sec
Neighbor is up for 00:11:19
Authentication Sequence: [~ 0 ]

Router ID: 3.3.3.3 Address: 192.168.1.3 GR State: Normal
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
167
State: Full Mode:Nbr is Slave Priority: 2
DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0
Dead timer due in 33 sec
Neighbor is up for 00:11:15
Authentication Sequence: [~ 0 ]
NOTE
The DR priorities configured on the interfaces do not take effect immediately.
Step 5 Restart the OSPF process.
In the user view of each Switch, run the reset ospf 1 process command to restart the OSPF
process.
Step 6 Verify the configuration.
# Check the status of OSPF neighbors.
[~SwitchD] display ospf peer

OSPF Process 1 with Router ID 4.4.4.4
Neighbors

Area 0.0.0.0 interface 192.168.1.4(Vlanif10)'s neighbors
Router ID: 1.1.1.1 Address: 192.168.1.1 GR State: Normal
State: Full Mode:Nbr is Slave Priority: 100
DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0
Dead timer due in 35 sec
Neighbor is up for 00:07:19
Authentication Sequence: [~ 0 ]

Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal
State: Full Mode:Nbr is Master Priority: 0
DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0
Dead timer due in 35 sec
Neighbor is up for 00:00:00
Authentication Sequence: [~ 0 ]

Router ID: 3.3.3.3 Address: 192.168.1.3 GR State: Normal
State: Full Mode:Nbr is Slave Priority: 2
DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0
Dead timer due in 37 sec
Neighbor is up for 00:07:17
Authentication Sequence: [~ 0 ]
# Check the status of OSPF interfaces.
[~SwitchA] display ospf interface

OSPF Process 1 with Router ID 1.1.1.1
Interfaces

Area: 0.0.0.0 (MPLS TE not enabled)
IP Address Type State Cost Pri DR BDR
192.168.1.1 Broadcast DR 1 100 192.168.1.1 192.168.1.3

[~SwitchB] display ospf interface

OSPF Process 1 with Router ID 2.2.2.2
Interfaces

Area: 0.0.0.0 (MPLS TE not enabled)
IP Address Type State Cost Pri DR BDR
192.168.1.2 Broadcast DROther 1 0 192.168.1.1 192.168.1.3

If all neighbors are in Full state, it indicates that the local device establishes adjacencies with all
its neighbors. If a neighbor stays in 2-Way state, it indicates the local Switch and the neighbor
are not the DR or BDR. Therefore, they do not need to exchange LSAs.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
168
If the status of an OSPF interface is DROther, it indicates that the router is neither the DR nor
the BDR.
----End
Configuration Files
l Configuration file of Switch A
#
sysname SwitchA
#
router id 1.1.1.1
#
vlan batch 10
#
interface Vlanif10
ip address 192.168.1.1 255.255.255.0
ospf dr-priority 100
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
return
l Configuration file of Switch B
#
sysname SwitchB
#
router id 2.2.2.2
#
vlan batch 10
#
interface Vlanif10
ip address 192.168.1.2 255.255.255.0
ospf dr-priority 0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
return
l Configuration file of Switch C
#
sysname SwitchC
#
router id 3.3.3.3
#
vlan batch 10
#
interface Vlanif10
ip address 192.168.1.3 255.255.255.0
ospf dr-priority 2
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
169
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
return
l Configuration file of Switch D
#
sysname SwitchD
#
router id 4.4.4.4
#
vlan batch 10
#
interface Vlanif10
ip address 192.168.1.4 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
return
4.19.5 Example for Configuring Load Balancing Among OSPF
Routes
Networking Requirements
As shown in Figure 4-12, the networking requirements are as follows:
l Switch A, Switch B, Switch C, and Switch D connect to each other through OSPF.
l Switch A, Switch B, Switch C, and Switch D belong to Area 0.
l Load balancing needs is configured so that the traffic of Switch A can be sent to Switch D
through Switch B and Switch C.
Figure 4-12 Networking diagram for configuring load balancing among OSPF routes
SwitchC
SwitchB
SwitchA SwitchD
10GE1/0/1
VLANIF10
10.1.1.2/24
10GE1/0/1
VLANIF10
10.1.1.1/24
10GE1/0/1
VLANIF30
192.168.0.1/24
10GE1/0/2
VLANIF40
192.168.1.2/24
10GE1/0/2
VLANIF40
192.168.1.1/24
10GE1/0/2
VLANIF30
192.168.0.1/24
10GE1/0/1
VLANIF20
10.1.2.2/24
10GE1/0/2
VLANIF20
10.1.2.1/24
10GE1/0/3
VLANIF60
172.17.1.1/24
10GE1/0/3
VLANIF50
172.16.1.1/24
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
170

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the basic OSPF functions on each Switch to implement interconnection.
2. Disable load balancing on Switch A and check the routing table of Switch A.
3. (Optional) Set the weight of equal-cost routes on Switch A.
Procedure
Step 1 Configure VLANs that the related interfaces belong to.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[~HUAWEI] commit
[~SwitchA] vlan batch 10 20 50
[~SwitchA] interface 10ge 1/0/1
[~SwitchA-10GE1/0/1] port link-type trunk
[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10
[~SwitchA-10GE1/0/1] quit
[~SwitchA] interface 10ge 1/0/2
[~SwitchA-10GE1/0/2] port link-type trunk
[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 20
[~SwitchA-10GE1/0/2] quit
[~SwitchA] interface 10ge 1/0/3
[~SwitchA-10GE1/0/3] port link-type trunk
[~SwitchA-10GE1/0/3] port trunk allow-pass vlan 50
[~SwitchA-10GE1/0/3] quit
[~SwitchA-10GE1/0/3] commit
The configurations of Switch B, Switch C, and Switch D are similar to the configuration of
Switch A, and are not mentioned here.
Step 2 Assign an IP address to each VLANIF interface.
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] ip address 10.1.1.1 24
[~SwitchA-Vlanif10] quit
[~SwitchA] interface vlanif 20
[~SwitchA-Vlanif20] ip address 10.1.2.1 24
[~SwitchA-Vlanif20] quit
[~SwitchA] interface vlanif 50
[~SwitchA-Vlanif50] ip address 172.16.1.1 24
[~SwitchA-Vlanif50] quit
[~SwitchA-Vlanif50] commit
The configurations of Switch B, Switch C, and Switch D are similar to the configuration of
Switch A, and are not mentioned here.
Step 3 Configure the basic OSPF functions. See 4.19.1 Example for Configuring Basic OSPF
Functions.
Step 4 Disable load balancing on Switch A.
[~SwitchA] ospf
[~SwitchA-ospf-1] maximum load-balancing 1
[~SwitchA-ospf-1] quit
[~SwitchA-ospf-1] commit
# View the routing table of Switch A.
[~SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
171
Routing Tables: _public_
Destinations : 15 Routes : 15

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif10
10.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif10
10.1.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif10
10.1.2.0/24 Direct 0 0 D 10.1.2.1 Vlanif20
10.1.2.1/32 Direct 0 0 D 127.0.0.1 Vlanif20
10.1.2.255/32 Direct 0 0 D 127.0.0.1 Vlanif20
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 Direct 0 0 D 172.16.1.1 Vlanif50
172.16.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif50
172.16.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif50
172.17.1.0/24 OSPF 10 3 D 10.1.1.2 Vlanif10
192.168.0.0/24 OSPF 10 2 D 10.1.1.2 Vlanif10
192.168.1.0/24 OSPF 10 2 D 10.1.2.2 Vlanif20
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
As shown in the routing table, when the maximum number of equal-cost routes for load balancing
is set to 1, OSPF selects 10.1.1.2 as the next hop to the destination network 172.17.1.0.
NOTE
In the preceding example, 10.1.1.2 is selected as the optimal next hop. This is because OSPF selects the
next hop randomly among equal-cost routes.
Step 5 Restore the default number of equal-cost routes for load balancing on Switch A.
[~SwitchA] ospf
[~SwitchA-ospf-1] undo maximum load-balancing
[~SwitchA-ospf-1] quit
[~SwitchA-ospf-1] commit
# View the routing table of SwitchA.
[~SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Routing Tables: _public_
Destinations : 15 Routes : 16

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif10
10.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif10
10.1.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif10
10.1.2.0/24 Direct 0 0 D 10.1.2.1 Vlanif20
10.1.2.1/32 Direct 0 0 D 127.0.0.1 Vlanif20
10.1.2.255/32 Direct 0 0 D 127.0.0.1 Vlanif20
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 Direct 0 0 D 172.16.1.1 Vlanif50
172.16.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif50
172.16.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif50
172.17.1.0/24 OSPF 10 3 D 10.1.1.2 Vlanif10
OSPF 10 3 D 10.1.2.2 Vlanif20
192.168.0.0/24 OSPF 10 2 D 10.1.1.2 Vlanif10
192.168.1.0/24 OSPF 10 2 D 10.1.2.2 Vlanif20
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
As shown in the routing table, when the default setting of load balancing is restored, the next
hops of Switch A, that is, 10.1.1.2 (Switch B) and 10.1.2.2 (Switch C), become valid routes.
This is because the default number of equal-cost routes is 16.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
172
Step 6 (Optional) Set the weight of equal-cost routes on Switch A.
If you do not want to implement load balancing between Switch B and Switch C, set the weight
of equal-cost routes to specify the next hop.
[~SwitchA] ospf
[~SwitchA-ospf-1] nexthop 10.1.2.2 weight 1
[~SwitchA-ospf-1] quit
[~SwitchA-ospf-1] commit
# View the routing table of Switch A.
[~SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: _public_
Destinations : 15 Routes : 15

Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif10
10.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif10
10.1.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif10
10.1.2.0/24 Direct 0 0 D 10.1.2.1 Vlanif20
10.1.2.1/32 Direct 0 0 D 127.0.0.1 Vlanif20
10.1.2.255/32 Direct 0 0 D 127.0.0.1 Vlanif20
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 Direct 0 0 D 172.16.1.1 Vlanif50
172.16.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif50
172.16.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif50
172.17.1.0/24 OSPF 10 3 D 10.1.2.2 Vlanif20
192.168.0.0/24 OSPF 10 2 D 10.1.1.2 Vlanif10
192.168.1.0/24 OSPF 10 2 D 10.1.2.2 Vlanif20
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
As shown in the routing table, the priority of the next hop 10.1.2.2 (Switch C) with the weight
as 1 is higher than that of 10.1.1.2 (Switch B), after the weight is set for equal-cost routes. Thus,
OSPF selects the route with the next hop 10.1.2.2 as the optimal route.
----End
Configuration Files
l Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 10 20 50
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface Vlanif20
ip address 10.1.2.1 255.255.255.0
#
interface Vlanif50
ip address 172.16.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
173
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 50
#
ospf 1 router-id 1.1.1.1
nexthop 10.1.2.2 weight 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 172.16.1.0 0.0.0.255
#
return
l Configuration file of Switch B
sysname SwitchB
#
vlan batch 10 30
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif30
ip address 192.168.0.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 192.168.0.0 0.0.0.255
#
return
l Configuration file of Switch C
#
sysname SwitchC
#
vlan batch 20 40
#
interface Vlanif20
ip address 10.1.2.2 255.255.255.0
#
interface Vlanif40
ip address 192.168.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 10.1.2.0 0.0.0.255
network 192.168.1.0 0.0.0.255
#
return
l Configuration file of Switch D
#
sysname SwitchD
#
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
174
vlan batch 30 40 60
#
interface Vlanif30
ip address 192.168.0.2 255.255.255.0
#
interface Vlanif40
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif60
ip address 172.17.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 60
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 192.168.0.0 0.0.0.255
network 192.168.1.0 0.0.0.255
network 172.17.1.0 0.0.0.255
#
return
4.19.6 Example for Configuring OSPF IP FRR
Networking Requirements
When a fault occurs on the primary link T, traffic is switched to a backup link. In such a scenario,
two problems arise:
l It takes hundreds of milliseconds for the traffic to be switched to a backup link during OSPF
fault restoration. During this period, services are interrupted.
l Traffic will pass Switch A after link switching. Switch A is an ASBR and is not expected
to function as a backup device.
When a fault occurs on the network, OSPF IP FRR can fast switch traffic to the backup link
without waiting for route convergence. This ensures uninterrupted traffic transmission. In
addition, you can also configure Switch A to detour around the backup link.
As shown in Figure 4-13:
l All switches run OSPF.
l The link cost meets the OSPF IP FRR traffic protection inequality.
l When the primary link T fails, Switch S immediately switches traffic to the backup link.
Thus, the traffic is forwarded through Switch N.
l Based on the network planning, the link where Switch A resides does not function as an
FRR backup link.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
175
Figure 4-13 Networking diagram for configuring OSPF IP FRR
c
o
s
t
=
1
0
c
o
s
t
=
1
0
SwitchN
SwitchE
SwitchD SwitchS
cost = 15
cost = 5
c
o
s
t
=
1
5
c
o
s
t
=
1
0
SwitchA
ASBR
10GE1/0/1
10GE1/0/2
10GE1/0/3
10GE1/0/1
10GE1/0/2
10GE1/0/3
10GE1/0/1 10GE1/0/2
10GE1/0/1 10GE1/0/2
10GE1/0/4
Area0
IS-IS
Network
Area1
LinkT
OSPF Network
OSPF
Network
Switch Router ID Interface VLANIF interface IP address
SwitchS 1.1.1.1 10GE1/0/1 VLANIF 10 10.1.1.1/24
10GE1/0/2 VLANIF 20 10.1.2.1/24
10GE1/0/3 VLANIF 30 10.1.3.1/24
SwitchA 2.2.2.2 10GE1/0/1 VLANIF 10 10.1.1.2/24
10GE1/0/2 VLANIF 40 20.1.1.2/24
SwitchN 3.3.3.3 10GE1/0/1 VLANIF 50 10.1.3.2/24
10GE1/0/2 VLANIF 60 20.1.3.2/24
SwitchE 4.4.4.4 10GE1/0/1 VLANIF 40 20.1.1.1/24
10GE1/0/2 VLANIF 20 20.1.2.1/24
10GE1/0/3 VLANIF 30 20.1.3.1/24
10GE1/0/4 VLANIF 70 172.17.1.1/24

Configuration Notes
When configuring OSPF IP FRR, note the following points:
Before configuring OSPF IP FRR, you need to block FRR on the interface that is not expected
to be an interface of a backup link. After that, the link where the interface resides is not calculated
as a backup link during FRR calculation.
During the configuration of OSPF IP FRR, the lower layer needs to fast respond to a link change
so that traffic can be rapidly switched to the backup link. After the bfd all-interfaces frr-
binding command is run, the BFD session status is associated with the link status of an interface
(when the BFD session goes Down, the link status of the interface becomes Down) so that link
faults can be rapidly detected.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
176
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic OSPF functions on each switch.
2. Configure BFD for OSPF on all the devices in Area 0.
3. Set the costs of links to ensure that link T is preferred to transmit traffic.
4. Block FRR on a specified interface of Switch S.
5. Enable OSPF IP FRR on Switch S to protect the traffic forwarded by Switch S.
Procedure
Step 1 Assign an IP address to each interface. The configuration details are not mentioned here.
Step 2 Configure basic OSPF functions. For details, see 4.19.1 Example for Configuring Basic OSPF
Functions.
Step 3 Configure BFD for OSPF on all the devices in Area 0. For details, see 4.19.7 Example for
Configuring BFD for OSPF.
Step 4 Set the costs of links to ensure that link T is preferred to transmit traffic.
# Configure Switch S.
[~SwitchS] interface vlanif 10
[~SwitchS-Vlanif10] ospf cost 10
[~SwitchS-Vlanif10] quit
[~SwitchS] interface vlanif 20
[~SwitchS-Vlanif20] ospf cost 15
[~SwitchS-Vlanif20] quit
[~SwitchS] interface vlanif 30
[~SwitchS-Vlanif30] ospf cost 10
[~SwitchS-Vlanif30] quit
[~SwitchS] commit
# Configure Switch A.
[~SwitchA] interface vlanif 40
[~SwitchA-Vlanif40] ospf cost 15
[~SwitchA-Vlanif40] quit
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] ospf cost 10
[~SwitchA-Vlanif10] quit
[~SwitchA] commit
# Configure Switch N.
[~SwitchN] interface vlanif 50
[~SwitchN-Vlanif50] ospf cost 10
[~SwitchN-Vlanif50] quit
[~SwitchN] interface vlanif 60
[~SwitchN-Vlanif60] ospf cost 10
[~SwitchN-Vlanif60] quit
[~SwitchN] commit
# Configure Switch E.
[~SwitchN] interface vlanif 20
[~SwitchN-Vlanif20] ospf cost 15
[~SwitchN-Vlanif20] quit
[~SwitchN] interface vlanif 30
[~SwitchN-Vlanif30] ospf cost 10
[~SwitchN-Vlanif30] quit
[~SwitchN] interface vlanif 40
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
177
[~SwitchN-Vlanif40] ospf cost 15
[~SwitchN-Vlanif40] quit
[~SwitchN] interface vlanif 70
[~SwitchN-Vlanif70] ospf cost 5
[~SwitchN-Vlanif70] quit
[~SwitchN] commit
Step 5 Block FRR on a specified interface of Switch S.
[~SwitchS] interface vlanif 10
[~SwitchS-Vlanif10] ospf frr block
[~SwitchS-Vlanif10] quit
[~SwitchS] commit
Step 6 Enable OSPF IP FRR on Switch S.
[~SwitchS] ospf
[~SwitchS-ospf-1] frr
[~SwitchS-ospf-1-frr] loop-free-alternate
[~SwitchS-ospf] commit
Step 7 Verify the configuration.
# Run the display ospf routing router-id command on Switch S to view routing information.
[~SwitchS-ospf-1-frr] display ospf routing router-id 4.4.4.4
OSPF Process 1 with Router ID 1.1.1.1
Destination : 4.4.4.4 Route Type : Intra-area
Area : 0.0.0.1 AdvRouter : 4.4.4.4
Type : ASBR
URT Cost : 59
NextHop : 20.1.2.1. Interface : Vlanif20
Backup Nexthop : 10.1.3.2 Backup Interface : Vlanif30
Backup Type : LFA LINK
The preceding display shows that a backup route is generated on Switch S.
----End
Configuration Files
l Configuration file of Switch S
#
sysname SwitchS
#
bfd
#
vlan batch 10 20 30
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
ospf cost 10
#
interface Vlanif20
ip address 10.1.2.1 255.255.255.0
ospf cost 15
#
interface Vlanif30
ip address 10.1.3.1 255.255.255.0
ospf frr block
ospf cost 10
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
178
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 30
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
ospf 1 router-id 1.1.1.1
bfd all-interfaces enable
bfd all-interfaces frr-binding
frr
loop-free-alternate
area 0.0.0.1
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
#
return
l Configuration file of Switch A
#
sysname SwitchA
#
bfd
#
vlan batch 10 40
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
ospf cost 10
#
interface Vlanif40
ip address 20.1.1.2 255.255.255.0
ospf cost 15
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
ospf 1 router-id 2.2.2.2
bfd all-interfaces enable
bfd all-interfaces frr-binding
frr
loop-free-alternate
area 0.0.0.1
network 10.1.1.0 0.0.0.255
network 20.1.2.0 0.0.0.255
#
return
l Configuration file of Switch N
#
sysname SwitchN
#
bfd
#
vlan batch 50 60
#
interface Vlanif50
ip address 10.1.3.2 255.255.255.0
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
179
ospf cost 10
#
interface Vlanif60
ip address 20.1.3.2 255.255.255.0
ospf cost 10
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 50
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 60
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
ospf 1 router-id 3.3.3.3
bfd all-interfaces enable
bfd all-interfaces frr-binding
frr
area 0.0.0.1
network 10.1.3.0 0.0.0.255
network 20.1.3.0 0.0.0.255
#
return
l Configuration file of Switch E
#
sysname SwitchE
#
bfd
#
vlan batch 20 30 40 70
#
interface Vlanif20
ip address 20.1.2.1 255.255.255.0
ospf cost 15
#
interface Vlanif30
ip address 20.1.3.1 255.255.255.0
ospf cost 10
#
interface Vlanif40
ip address 20.1.1.1 255.255.255.0
ospf cost 15
#
interface Vlanif70
ip address 172.17.1.1 255.255.255.0
ospf cost 5
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 40
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 30
#
interface 10GE1/0/4
port link-type trunk
port trunk allow-pass vlan 70
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
180
ospf 1 router-id 4.4.4.4
bfd all-interfaces enable
bfd all-interfaces frr-binding
area 0.0.0.1
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
network 172.17.1.0 0.0.0.255
#
return
4.19.7 Example for Configuring BFD for OSPF
Networking Requirements
As shown in Figure 4-14, the networking requirements are as follows:
l Switch A, Switch B, and Switch C run OSPF.
l BFD for OSPF is enabled on Switch A, Switch B, and Switch C.
l Service traffic is transmitted on the main link Switch ASwitch B. Link Switch ASwitch
CSwitch B is a backup link.
l BFD is configured on the interfaces between Switch A and Switch B. When a fault occurs
on the link between the Switch s, BFD can quickly detect the fault and notify OSPF of the
fault. Then, the service flow is transmitted on the backup link.
Figure 4-14 Networking diagram for configuring BFD for OSPF
SwitchA SwitchB
10GE1/0/1
VLANIF10
1.1.1.1/24
SwitchC
10GE1/0/2
VLANIF30
2.2.2.1/24
Area0
10GE1/0/1
VLANIF10
1.1.1.2/24
10GE1/0/1
VLANIF30
2.2.2.2/24
10GE1/0/2
VLANIF20
3.3.3.1/24
10GE1/0/2
VLANIF20
3.3.3.2/24
10GE1/0/3
VLANIF40
172.16.1.1/24

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the basic OSPF functions on the switches.
2. Enable the BFD feature globally.
3. Enable BFD for OSPF on Switch A and Switch B.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
181
Procedure
Step 1 Create VLANs and add corresponding interfaces to the VLANs.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[~HUAWEI] commit
[~SwitchA] vlan 10
[~SwitchA-vlan10] quit
[~SwitchA] vlan 20
[~SwitchA-vlan20] quit
[~SwitchA] interface 10ge 1/0/1
[~SwitchA-10GE1/0/1] port link-type trunk
[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10
[~SwitchA-10GE1/0/1] quit
[~SwitchA] interface 10ge 1/0/2
[~SwitchA-10GE1/0/2] port link-type trunk
[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 20
[~SwitchA-10GE1/0/2] quit
[~SwitchA-10GE1/0/2] commit
The configurations of Switch B and Switch C are similar to the configuration of Switch A, and
are not mentioned here.
Step 2 Assign an IP address to each VLANIF interface.
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] ip address 1.1.1.1 24
[~SwitchA-Vlanif10] quit
[~SwitchA] interface vlanif 20
[~SwitchA-Vlanif20] ip address 3.3.3.1 24
[~SwitchA-Vlanif20] quit
[~SwitchA-Vlanif20] commit
The configurations of Switch B and Switch C are similar to the configuration of Switch A, and
are not mentioned here.
Step 3 Configure the basic OSPF functions. See 4.19.1 Example for Configuring Basic OSPF
Functions.
Step 4 Configure BFD for OSPF.
# Enable BFD globally on Switch A.
[~SwitchA] bfd
[~SwitchA-bfd] quit
[~SwitchA] ospf
[~SwitchA-ospf-1] bfd all-interfaces enable
[~SwitchA-ospf-1] quit
[~SwitchA-ospf-1] commit
# Enable BFD globally on Switch B.
[~SwitchB] bfd
[~SwitchB-bfd] quit
[~SwitchB] ospf
[~SwitchB-ospf-1] bfd all-interfaces enable
[~SwitchB-ospf-1] quit
[~SwitchB-ospf-1] commit
# Run the display ospf bfd session all command on Switch A or Switch B. You can see that the
BFD state is Up.
Take Switch A for example. The display is as follows:
[~SwitchA] display ospf bfd session all
OSPF Process 1 with Router ID 1.1.1.1
Area 0.0.0.0 interface 3.3.3.1(Vlanif20)'s BFD Sessions
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
182
NeighborId:2.2.2.2 AreaId:0.0.0.0 Interface:Vlanif20
BFDState:up rx :1000 tx :1000
Multiplier:3 BFD Local Dis:8195 LocalIpAdd:3.3.3.1
RemoteIpAdd:3.3.3.2 Diagnostic Info:No diagnostic information
Area 0.0.0.0 interface 1.1.1.1(Vlanif10)'s BFD Sessions
NeighborId:3.3.3.3 AreaId:0.0.0.0 Interface:Vlanif10
BFDState:up rx :1000 tx :1000
Multiplier:3 BFD Local Dis:8194 LocalIpAdd1:1.1.1.1
RemoteIpAdd:1.1.1.2 Diagnostic Info:No diagnostic information
Step 5 Configure the BFD feature of interfaces.
# Configure BFD on VLANIF 20 of Switch A, set the minimum interval for sending the packets
and the minimum interval for receiving the packets to 100 ms, and set the local detection time
multiplier to 4.
[~SwitchA] interface vlanif 20
[~SwitchA-Vlanif20] ospf bfd enable
[~SwitchA-Vlanif20] ospf bfd min-tx-interval 100 min-rx-interval 100 detect-
multiplier 4
[~SwitchA-Vlanif20] quit
[~SwitchA-Vlanif20] commit
# Configure BFD on VLANIF20 of Switch B and set the minimum interval for sending the
packets and the minimum interval for receiving the packets to 100 ms and the local detection
time multiplier to 4.
[~SwitchB] bfd
[~SwitchB-bfd] quit
[~SwitchB] interface vlanif 20
[~SwitchB-Vlanif20] ospf bfd enable
[~SwitchB-Vlanif20] ospf bfd min-tx-interval 100 min-rx-interval 100 detect-
multiplier 4
[~SwitchB-Vlanif20] quit
[~SwitchB-Vlanif20] commit
# Run the display ospf bfd session all command on Switch A or Switch B. You can see that the
BFD state is Up.
Take Switch B for example. The display is as follows:
[~SwitchB] display ospf bfd session all
OSPF Process 1 with Router ID 2.2.2.2
Area 0.0.0.0 interface 3.3.3.2(Vlanif20)'s BFD Sessions
NeighborId:1.1.1.1 AreaId:0.0.0.0 Interface: Vlanif20
BFDState:up rx :100 tx :100
Multiplier:4 BFD Local Dis:8198 LocalIpAdd:3.3.3.2
RemoteIpAdd:3.3.3.1 Diagnostic Info:No diagnostic information
Area 0.0.0.0 interface 2.2.2.2(Vlanif30)'s BFD Sessions
NeighborId:3.3.3.3 AreaId:0.0.0.0 Interface: Vlanif30
BFDState:up rx :1000 tx :1000
Multiplier:3 BFD Local Dis:8199 LocalIpAdd:2.2.2.2
RemoteIpAdd:2.2.2.1 Diagnostic Info:No diagnostic information
Step 6 Verify the configuration.
# Run the shutdown command on VLANIF 20 of Switch B to simulate a link fault.
[~SwitchB] interface vlanif 20
[~SwitchB-Vlanif20] shutdown
[~SwitchB-Vlanif20] commit
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
183
# View the routing table of Switch A.
<SwitchA> display ospf routing
OSPF Process 1 with Router ID 1.1.1.1 Routing Tables
Routing for Network
Destination Cost Type NextHop AdvRouter Area
172.16.1.0/24 3 Stub 1.1.1.2 2.2.2.2 0.0.0.0
3.3.3.0/24 1 Stub 3.3.3.1 1.1.1.1 0.0.0.0
2.2.2.0/24 2 Transit 1.1.1.2 3.3.3.3 0.0.0.0
1.1.1.0/24 1 Transit 1.1.1.1 1.1.1.1 0.0.0.0
Total Nets: 4 Intra Area: 4 Inter Area: 0 ASE: 0 NSSA: 0
As shown in the OSPF routing table, the backup link Switch ASwitch CSwitch B takes
effect after the main link fails. The next hop address of the route to 172.16.1.0/24 becomes
1.1.1.2.
----End
Configuration Files
l Configuration file of Switch A
#
sysname SwitchA
#
router id 1.1.1.1
#
vlan batch 10 20
#
bfd
#
interface Vlanif10
ip address 1.1.1.1 255.255.255.0
#
interface Vlanif20
ip address 3.3.3.1 255.255.255.0
ospf bfd enable
ospf bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier 4
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
ospf 1
bfd all-interface enable
area 0.0.0.0
network 3.3.3.0 0.0.0.255
network 1.1.1.0 0.0.0.255
#
return
l Configuration file of Switch B
#
sysname SwitchB
#
router id 2.2.2.2
#
vlan batch 20 30 40
#
bfd
#
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
184
interface Vlanif20
ip address 3.3.3.2 255.255.255.0
ospf bfd enable
ospf bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier 4
#
interface Vlanif30
ip address 2.2.2.2 255.255.255.0
#
interface Vlanif40
ip address 172.16.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 40
#
ospf 1
bfd all-interface enable
area 0.0.0.0
network 3.3.3.0 0.0.0.255
network 2.2.2.0 0.0.0.255
network 172.16.1.0 0.0.0.255
#
return
l Configuration file of Switch C
#
sysname SwitchC
#
router id 3.3.3.3
#
vlan batch 10 30
#
bfd
#
interface Vlanif10
ip address 1.1.1.2 255.255.255.0
#
interface Vlanif30
ip address 2.2.2.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
ospf 1
bfd all-interface enable
area 0.0.0.0
network 1.1.1.0 0.0.0.255
network 2.2.2.0 0.0.0.255
#
return
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
185
5 IPv4 IS-IS Configuration
About This Chapter
You can build an IPv4 IS-IS network to allow IS-IS to discover and calculate routes in an
autonomous system (AS).
5.1 IS-IS Overview
Intermediate System-to-Intermediate System (IS-IS) is an Interior Gateway Protocol (IGP) that
runs within an autonomous system (AS). IS-IS is also a link-state routing protocol, using the
shortest path first (SPF) algorithm to calculate routes.
5.2 IS-IS (IPv4) Features Supported by the Device
The device supports the following IS-IS IPv4 features: basic IS-IS functions, IS-IS network
security, IS-IS route selection, IS-IS route exchange, IS-IS route summarization, IS-IS route
convergence, LSP fragment extension, mesh group, IS-IS NSR, IS-IS reliability, IS-IS Overload,
and IS-IS maintenance.
5.3 Default Configuration
This section describes the default configuration of IPv4 IS-IS, which can be changed according
to network requirements.
5.4 Configure Basic IS-IS Functions
An IS-IS network can be set up only after basic IS-IS functions are configured.
5.5 Improving IS-IS Network Security
On an IS-IS network that requires high security, configure IS-IS authentication to improve IS-
IS network security.
5.6 Controlling IS-IS Route Selection
You can adjust IS-IS route selection to precisely control route selection.
5.7 Controlling IS-IS Route Exchange
If other routing protocols are configured on an IS-IS network, you need to configure IS-IS to
interact with these protocols to ensure successful communication between them.
5.8 Configuring IS-IS Route Summarization
A large IS-IS network has a large number of routing entries. This will slow down routing table
lookup and increase management complexity. You can configure route summarization to reduce
the size of routing tables.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
186
5.9 Controlling IS-IS Route Convergence
Accelerating IS-IS route convergence can improve the fault location efficiency and improve
network reliability.
5.10 Configuring LSP Fragment Extension
LSP fragment extension allows an IS-IS device to generate more LSP fragments to transmit
more IS-IS information.
5.11 Configuring a Mesh Group on an NBMA Network
You can configure a mesh group on an NBMA network to prevent repeated LSP flooding from
causing bandwidth waste.
5.12 Configuring IS-IS Reliability
You can configure IS-IS Auto FRR, BFD for IS-IS, and IS-IS GR to improve IS-IS reliability.
5.13 Configuring the Overload Bit for an IS-IS Device
If an IS-IS device needs to be temporarily isolated, configure the IS-IS device to enter the
overload state to prevent other devices from forwarding traffic to this IS-IS device and prevent
routing black hole.
5.14 Maintaining IS-IS
Maintaining IS-IS includes resetting IS-IS, configuring IS-IS host name mapping, and
configuring the Output of IS-IS Adjacency Status
5.15 Configuration Examples
This section describes IS-IS configuration examples, including networking requirements,
configuration roadmap, and configuration procedure.
5.16 Common Configuration Errors
This section describes common faults caused by incorrect IS-IS configurations and provides the
troubleshooting procedure.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
187
5.1 IS-IS Overview
Intermediate System-to-Intermediate System (IS-IS) is an Interior Gateway Protocol (IGP) that
runs within an autonomous system (AS). IS-IS is also a link-state routing protocol, using the
shortest path first (SPF) algorithm to calculate routes.
IS-IS is a dynamic routing protocol initially designed by the International Organization for
Standardization (ISO) for its Connectionless Network Protocol (CLNP). To support IP routing,
the Internet Engineering Task Force (IETF) extended and modified IS-IS in RFC 1195. This
modification enables IS-IS to apply to TCP/IP and OSI environments. This type of IS-IS is called
Integrated IS-IS or Dual IS-IS.
NOTE
IS-IS stated in this document refers to Integrated IS-IS, unless otherwise stated.
5.2 IS-IS (IPv4) Features Supported by the Device
The device supports the following IS-IS IPv4 features: basic IS-IS functions, IS-IS network
security, IS-IS route selection, IS-IS route exchange, IS-IS route summarization, IS-IS route
convergence, LSP fragment extension, mesh group, IS-IS NSR, IS-IS reliability, IS-IS Overload,
and IS-IS maintenance.
Basic IS-IS Functions
Before deploying IS-IS on an IPv4 network, configure basic IS-IS functions to enable network
devices to communicate. Other IS-IS features can be configured only when basic IS-IS functions
are configured.
IS-IS Network Security
On an IS-IS network, unauthorized users may modify data packets or forge packets of authorized
users to attack the IS-IS network. To ensure service security on the IS-IS network, configure
area authentication, domain authentication, or interface authentication.
IS-IS Route Selection
If multiple routes are available on an IS-IS network, a route discovered by IS-IS may not be the
optimal route. This does not meet network planning requirements nor facilitates traffic
management. Therefore, configure IPv4 IS-IS route selection to implement refined control over
route selection.
IS-IS Route Exchange
In practice, you can control advertising and receiving of IS-IS routes to meet network
requirements.
IS-IS Route Summarization
Route summarization is the process of consolidating multiple routes with the same IP prefix into
one route.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
188
Route summarization on a large-scale IS-IS network efficiently reduces routing entries. This
minimizes system resource consumption and facilitates route management. In addition, if a
specific link frequently alternates between Up and Down, the links not involved in route
summarization will not be affected. This prevents route flapping and improves network stability.
IS-IS Route Convergence
To enable IS-IS to fast detect network changes, speed up IS-IS network convergence. To reduce
the impact of route flapping on networks and lessen the device burden, slow down IS-IS network
convergence.
The procedure for implementing IS-IS is as follows:
l Establishment of neighboring relationships: establishes neighboring relationships by
exchanging Hello packets between two devices.
l LSP flooding: implements link state database (LSDB) synchronization between devices in
the same area.
l SPF calculation: uses the SPF algorithm to calculate IS-IS routes according to the LSDB,
and delivers the IS-IS routes to the routing table.
To accelerate the IS-IS route convergence speed, configure the following parameters:
l Set the number of invalid Hello packets and the interval for sending Hello packets to control
the holding time of the neighbor relationship between two neighbors.
l Set the interval for sending CSNPs, LSP size, minimum interval for sending LSPs,
maximum lifetime of LSPs, interval for updating LSPs, interval for retransmitting LSPs,
intelligent timer for generating LSPs, and LSP fast flooding to speed up LSP flooding.
l Set the SPF calculation interval to improve the fault location efficiency on an IS-IS network
and prevent SPF calculation from consuming excessive system resources.
If some IS-IS routes need to be converged by preference to minimize adverse impacts on services,
configure the highest convergence priority for these routes.
LSP Fragment Extension
When an IS-IS router needs to advertise the LSPs that contain much information, the IS-IS router
generates multiple LSP fragments to carry more IS-IS information.
Mesh Group
On the Non Broadcast Multiple Access (NBMA) network, after receiving an LSP, the interface
of a switch floods the LSP to the other interfaces. In a network with higher connectivity and
multiple P2P links, however, the flooding method causes repeated LSP flooding and wastes
bandwidth.
To avoid the preceding problem, you can configure several interfaces to form a mesh group. The
switch in the mesh group does not flood the LSP received from an interface of the group to the
other interfaces of the group, but floods it to interfaces of other groups or interfaces that do not
belong to any group.
IS-IS Reliability
To ensure that faults are fast rectified on an IS-IS network, speed up fault detection and link
switchover. However, the IS-IS fault detection mechanism and link switchover require a long
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
189
period, which cannot meet requirements of services that are very sensitive to packet loss and
delay.
To meet requirements of these services, use BFD for IS-IS to implement fast fault detection and
use IS-IS Auto FRR and IS-IS GR helper to implement fast switchover. This improves IS-IS
reliability.
IS-IS NSR
With Routing Information Protocol next generation (IS-IS) NSR, IS-IS real-time data is
synchronized between the AMB and SMB. After an AMB/SMB switchover is performed on a
device, the SMB takes over services from the AMB, and neighbors are unaware of the local
fault. After the switchover, the new AMB recovers IS-IS immediately based on the synchronized
IS-IS real-time data. Therefore, neighbors are unaware of the switchover as well.
IS-IS Overload
If the system cannot store new LSPs and so fails to synchronize the LSDB, the routes calculated
by this system are incorrect. In this situation, the device enters the overload state and the routes
passing through this device are not calculated. However, the direct routes of the device are still
valid.
When an IS-IS device on the network needs to be upgraded or maintained, isolate this device
from the network temporarily. Set the overload bit on the device to prevent other devices from
forwarding traffic through this device.
IS-IS Maintenance
After configuring IS-IS features, you need to maintain IS-IS.
l After IS-IS is reset, all the structure information and neighbor relationships are
reestablished.
l After IS-IS host name mapping is configured, the configured host name rather than the
system ID is displayed in IS-IS information. This improves IS-IS network maintainability.
l After neighbor relationship debugging is enabled, changes of IS-IS neighbor relationships
are displayed on terminals. When faults occur, you can view logs to locate the faults.
5.3 Default Configuration
This section describes the default configuration of IPv4 IS-IS, which can be changed according
to network requirements.
Table 5-1 describes the default configuration of IPv4 IS-IS.
Table 5-1 Default configuration of IPv4 IS-IS
Parameter Default Configuration
IS-IS Disabled
DIS priority 64
Device level Level-1-2
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
190
Parameter Default Configuration
Interval for sending Hello packets 10s
Minimum interval for sending LSPs 50 ms
Maximum number of LSPs to be sent 10
Interval for updating LSPs 900s
Maximum lifetime of LSPs 1200s
Bandwidth reference value 100 Mbit/s

5.4 Configure Basic IS-IS Functions
An IS-IS network can be set up only after basic IS-IS functions are configured.
Pre-configuration Tasks
Before configuring basic IS-IS functions, complete the following task:
l Configuring IP addresses for interfaces to ensure that neighboring nodes are reachable at
the network layer
Configuration Flowchart
Creating an IS-IS process is the prerequisite for configuring a network entity title (NET),
configuring the device level, and establishing an IS-IS neighbor relationship.
5.4.1 Creating IS-IS Processes
Context
Creating IS-IS processes is the prerequisite for performing IS-IS configurations.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
isis [ process-id ] [ vpn-instance vpn-instance-name ]
An IS-IS process is created, and the IS-IS process view is displayed.
The process-id parameter specifies the ID of an IS-IS process. If the process-id is not specified,
by default, The value of process-id is 1. To associate the IS-IS process with a VPN instance,
specify the VPN instance name.
Step 3 (Optional) Run:
description
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
191
Description for the IS-IS process is configured.
Step 4 Run:
commit
The configuration is committed.
----End
5.4.2 Configuring a NET
Context
NET is the special form of the network service access point (NSAP). After the IS-IS view is
displayed, IS-IS can start only when a NET is configured for an IS-IS process.
Generally, you only need to configure one NET for an IS-IS process. When an area needs to be
redefined, for example, the area needs to be merged with other areas or divided into sub-areas,
configure multiple NETs to ensure route correctness. A maximum of three area addresses can
be configured for an IS-IS process. Therefore, a maximum of three NETs can be configured for
an IS-IS process. When configuring multiple NETs, ensure that their system IDs are the same.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
isis [ process-id ]
The IS-IS process view is displayed.
Step 3 Run:
network-entity net
A NET is configured.
NOTE
Configuring loopback interface addresses based on NETs is recommended to ensures that a NET is unique
on the network. If NETs are not unique, route flapping will easily occur.
An area ID uniquely identifies an area in the same IS-IS domain. All routers in the same Level-1 area must
share the same area ID, while routers in the same Level-2 area can have different area IDs.
Step 4 Run:
commit
The configuration is committed.
----End
5.4.3 Configuring the Device Level
Context
Configure the device level according to network planning requirements:
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
192
l When the level of a device is Level-1, the device establishes neighbor relationships with
only Level-1 and Level-1-2 routers in the same area and maintains only Level-1 LSDBs.
l When the level of a device is Level-2, the device can establish neighbor relationship with
Level-2 routers in the same area or different areas and with Level-1-2 routers in different
areas and maintain only Level-2 LSDB.
l When the level of a device is Level-1-2, the device can establish neighbor relationships
with Level-1 and Level-2 routers and maintain Level-1 and Level-2 LSDBs.
CAUTION
If the levels of IS-IS devices are changed during network operation, the IS-IS process will be
restarted and IS-IS neighbor relationships will be disconnected. Setting the levels of devices
when configuring IS-IS is recommended.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
isis [ process-id ]
The IS-IS process view is displayed.
Step 3 Run:
is-level { level-1 | level-1-2 | level-2 }
The level of the switch is configured.
By default, the level of the switch is Level-1-2.
Step 4 Run:
commit
The configuration is committed.
----End
5.4.4 Establishing IS-IS Neighbor Relationships
Context
The methods to establish IS-IS neighbor relationships on a broadcast network and a P2P network
are different. Therefore, you need to set different IS-IS attributes for interfaces of different types:
l On a broadcast network, IS-IS needs to select the designated intermediate system (DIS).
You can set the DIS priority for IS-IS interfaces to enable the device with the highest DIS
priority to be elected as the DIS.
l On a P2P network, IS-IS does not need to select the DIS. Therefore, the DIS priority does
not need to be configured for interfaces. To ensure P2P link reliability, configure IS-IS to
establish a neighbor relationship on two P2P interfaces in 3-way mode for unidirectional
link fault detection.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
193
Generally, IS-IS checks the IP addresses of received Hello packets. A neighbor relationship
can be established only when the source IP address carried in a received Hello packet and
the address of the interface that receives the Hello packet are on the same network segment.
If the IP addresses of the two P2P interfaces are on different network segments, and the
isis peer-ip-ignore command is run on the two interfaces, IS-IS does not check the peer
IP address. The neighbor relationship can be correctly established on the two P2P interfaces.
Procedure
l Establish an IS-IS neighbor relationship on a broadcast link.
1. Run:
system-view
The system view is displayed.
2. Run:
interface interface-type interface-number
The interface view is displayed.
3. Run:
isis enable [ process-id ]
IS-IS is enabled on the interface.
After this command is run, IS-IS establishes neighbor relationships and floods LSPs
through this interface.
NOTE
Loopback interfaces are not used to establish neighbor relationships. If IS-IS is enabled on a
loopback interface, IS-IS advertises the routes of the network segment where the interface
resides through other IS-IS interfaces.
4. Run:
isis circuit-level [ level-1 | level-1-2 | level-2 ]
The level of the interface is configured.
By default, the level of an interface is level-1-2.
When two Level-1-2 devices establish IS-IS neighbor relationship, they establish both
Level-1 and Level-2 neighbor relationships. To allow the two Level-1-2 devices to
establish only Level-1 or Level-2 neighbor relationship, change the level of interfaces.
NOTE
Changing the level of an IS-IS interface is valid only when the level of the IS-IS device is
Level-1-2. If the level of the device is not Level-1-2, the level of the device determines the
level of the established neighbor relationship.
5. (Optional) Run:
isis dis-priority priority [ level-1 | level-2 ]
The DIS priority is set for the interface. A larger value indicates a higher priority.
By default, the DIS priority of Level-1 and Level-2 broadcast interfaces is 64.
6. (Optional) Run:
isis silent
The interface is suppressed.
By default, an IS-IS interface is not suppressed.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
194
When an IS-IS interface is suppressed, the interface no longer sends or receives IS-
IS packets. The routes of the network segment where the interface resides, however,
can still be advertised to other IS-IS devices within the same AS.
7. Run:
commit
The configuration is committed.
l Establish an IS-IS neighbor relationship on a P2P link.
1. Run:
system-view
The system view is displayed.
2. Run:
interface interface-type interface-number
The interface view is displayed.
3. Run:
isis enable [ process-id ]
IS-IS is enabled on the interface.
4. Run:
isis circuit-level [ level-1 | level-1-2 | level-2 ]
The level of the interface is configured.
By default, the level of an interface is level-1-2.
5. Run:
isis circuit-type p2p
The network type of the interface is set to P2P.
By default, the network type of an interface is determined by the physical type of the
interface.
When the network type of an IS-IS interface changes, the interface configuration
changes accordingly:
After a broadcast interface is simulated as a P2P interface using the isis circuit-
type p2p command, the interval for sending Hello packets, number of Hello
packets that IS-IS does not receive from a neighbor before the neighbor is declared
Down, interval for retransmitting LSPs on a P2P link, and various IS-IS
authentication modes are restored to the default settings; other configurations such
as the DIS priority, DIS name, and interval for sending CSNPs on a broadcast
network become invalid.
After the undo isis circuit-type command is run to restore the default network
type of an IS-IS interface, the interval for sending Hello packets, number of Hello
packets that IS-IS does not receive from a neighbor before the neighbor is declared
Down, interval for retransmitting LSPs on a P2P link, various IS-IS authentication
modes, DIS priority, and interval for sending CSNPs on a broadcast network are
restored to the default settings.
6. Run:
isis ppp-negotiation { 2-way | 3-way [ only ] }
The negotiation mode is specified for the interface.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
195
By default, the negotiation mode is 3-way.
7. Run:
isis peer-ip-ignore
IS-IS is configured not to check the IP addresses of received Hello packets.
By default, IS-IS checks the IP addresses of received Hello packets.
8. Run:
isis ppp-osicp-check
OSICP negotiation status check is configured on the interface.
By default, the OSICP negotiation status of a PPP interface does not affect the status
of an IS-IS interface.
NOTE
This command applies only to PPP interfaces and is invalid for other P2P interfaces.
After this command is run, the OSICP negotiation status of a PPP interface affects the status
of an IS-IS interface. When PPP detects that the OSI network fails, the link status of the IS-IS
interface goes Down and the routes of the network segment where the interface resides are not
advertised through LSPs.
9. Run:
commit
The configuration is committed.
----End
5.4.5 Checking the Configuration
Procedure
l Run the display isis peer [ verbose ] [ process-id | vpn-instance vpn-instance-name ]
command to check information about IS-IS neighbors.
l Run the display isis interface [ verbose ] [ process-id | vpn-instance vpn-instance-
name ] command to check information about IS-IS interfaces.
l Run the display isis route [ process-id | vpn-instance vpn-instance-name ] [ ipv4 ]
[ verbose | [ level-1 | level-2 ] | ip-address [ mask | mask-length ] ]
*
command to check
information about IS-IS routes.
----End
5.5 Improving IS-IS Network Security
On an IS-IS network that requires high security, configure IS-IS authentication to improve IS-
IS network security.
Pre-configuration Tasks
Before improving IS-IS network security, complete the following task:
l 5.4 Configure Basic IS-IS Functions
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
196
Configuration Flowchart
You can perform the following configuration tasks (excluding the task of Checking the
Configuration) in any sequence as required.
5.5.1 Configuring Interface Authentication
Context
Generally, the IS-IS packets to be sent are not encapsulated with authentication information, and
the received packets are not authenticated. If a user sends malicious packets to attack a network,
information on the entire network may be stolen. Therefore, you can configure IS-IS
authentication to improve the network security.
After the IS-IS interface authentication is configured, authentication information can be
encapsulated into the Hello packet to confirm the validity and correctness of neighbor.
CAUTION
If plain is selected during the configuration of the authentication mode for the IS-IS interface,
the password is saved in the configuration file in plain text. This brings security risks. It is
recommended that you select cipher to save the password in cipher text.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Run any of the following command to configure the authentication mode of the IS-IS interface
as required:
l Run:
isis authentication-mode simple { plain plain-text | [ cipher ] plain-cipher-
text } [ level-1 | level-2 ] [ ip | osi ] [ send-only ]
Simple authentication is configured for the IS-IS interface.
l Run:
isis authentication-mode md5 { plain plain-text | [ cipher ] plain-cipher-text }
[ level-1 | level-2 ] [ ip | osi ] [ send-only ]
MD5 authentication is configured for the IS-IS interface.
l Run:
isis authentication-mode hmac-sha256 key-id key-id { plain plain-text |
[ cipher ] plain-cipher-text } [ level-1 | level-2 ] [ send-only ]
HMAC-SHA256 authentication is configured for the IS-IS interface.
l Run:
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
197
isis authentication-mode keychain keychain-name [ level-1 | level-2 ] [ send-
only ]
The Keychain authentication is configured for the IS-IS interface.
By default, an IS-IS interface does not authenticate received Hello packets and no authentication
password is configured on the interface.
NOTE
Use the send-only parameter according to network requirements:
l If the send-only parameter is specified, the device only encapsulates the Hello packets to be sent with
authentication information rather than checks whether the received Hello packets pass the
authentication. When the Hello packets do not need to be authenticated on the local device and pass
the authentication on the remote device, the two devices can establish the neighbor relationship.
l If the send-only parameter is not specified, ensure that passwords of all interfaces with the same level
on the same network are the same.
Parameters level-1 and level-2 apply only to the VLANIF interfaces on which IS-IS is enabled using the
isis enable command.
Step 4 Run:
commit
The configuration is committed.
----End
5.5.2 Configuring Area or Domain Authentication
Context
Generally, the IS-IS packets to be sent are not encapsulated with authentication information, and
the received packets are not authenticated. If a user sends malicious packets to attack a network,
information on the entire network may be stolen. Therefore, you can configure IS-IS
authentication to improve the network security.
The area authentication password is encapsulated into Level-1 IS-IS packets. Only the packets
that pass the area authentication can be accepted. Therefore, you must configure IS-IS area
authentication on all the IS-IS devices in the specified Level-1 area to authenticate the Level-1
area.
The domain authentication password is encapsulated into Level-2 IS-IS packets. Only the
packets that pass the domain authentication can be accepted. Therefore, you must configure IS-
IS domain authentication on all the IS-IS devices in the Level-2 area to authenticate Level-2
area.
CAUTION
If plain is selected during the configuration of the area authentication mode or domain
authentication mode, the password is saved in the configuration file in plain text. This brings
security risks. It is recommended that you select cipher to save the password in cipher text.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
198
NOTE
When configuring IS-IS authentication, the area or domain authentication modes and passwords of the
routers in the same area must be consistent so that IS-IS packets can be flooded normally.
Whether IS-IS packets can pass area or domain authentication does not affect the establishment of Level-1
or Level-2 neighbor relationships.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
isis [ process-id ]
The IS-IS process view is displayed.
Step 3 Perform the following operations at any sequence as required.
l Run:
area-authentication-mode { { simple | md5 } { plain plain-text | [ cipher ]
plain-cipher-text } [ ip | osi ] | keychain keychain-name } [ snp-packet
{ authentication-avoid | send-only } | all-send-only ]
The area authentication mode is configured.
By default, the system neither encapsulates generated Level-1 packets with authentication
information nor authenticates received Level-1 packets.
l Run:
domain-authentication-mode { { simple | md5 } { plain plain-text | [ cipher ]
plain-cipher-text } [ ip | osi ] | keychain keychain-name } [ snp-packet
{ authentication-avoid | send-only } | all-send-only ]
The domain authentication mode is configured.
By default, the system neither encapsulates generated Level-2 packets with authentication
information nor authenticates received Level-2 packets.
NOTE
The authentication involves the following situations:
l The device encapsulates the authentication mode into LSPs and SNPs to be sent and checks whether
the received packets pass authentication. Then, the device discards the packets that do not pass the
authentication. In this case, the parameter snp-packet or all-send-only is not specified.
l The device encapsulates authentication information into LSPs to be sent and checks whether the
received LSPs pass the authentication; the device neither encapsulates the SNPs to be sent with
authentication information nor checks whether the received SNPs pass the authentication. In this case,
the parameter snp-packet authentication-avoid needs to be specified.
l The device encapsulates the LSPs and SNPs to be sent with authentication information; the device,
however, checks the authentication mode of only the received LSPs rather than the received SNPs. In
this case, the parameter snp-packet send-only needs to be specified.
l The device encapsulates the LSPs and SNPs to be sent with authentication information, but does not
check whether the received LSPs or SNPs pass the authentication. In this case, the parameter all-send-
only needs to be specified.
Step 4 Run:
commit
The configuration is committed.
----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
199
5.5.3 Checking the Configuration
Procedure
l Run the display isis lsdb verbose command to check the detailed information in the IS-IS
LSDB.
----End
5.6 Controlling IS-IS Route Selection
You can adjust IS-IS route selection to precisely control route selection.
Pre-configuration Tasks
Before configuring IS-IS route selection, complete the following task:
l 5.4 Configure Basic IS-IS Functions
Configuration Flowchart
You can perform the following configuration tasks (excluding the task of Checking the
Configuration) in any sequence as required.
5.6.1 Configuring a Preference Value for IS-IS
Context
If multiple routes to the same destination are discovered by different routing protocols running
on the same device, the route discovered by the protocol with the highest preference is selected.
To prefer a route discovered by IS-IS, configure a higher preference value for IS-IS. In addition,
a routing policy can be configured to increase the preferences of specified IS-IS routes, without
affecting route selection.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
isis [ process-id ]
The IS-IS view is displayed.
Step 3 Run:
preference { preference | route-policy route-policy-name }
*
The IS-IS preference value is configured.
The default IS-IS preference value is 15. A smaller preference value indicates a higher
preference.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
200
Step 4 Run:
commit
The configuration is committed.
----End
5.6.2 Configuring the Cost of an IS-IS Interface
Context
The costs of IS-IS interfaces can be determined in the following modes in descending order by
priority:
l Interface cost: is configured for a specified interface.
l Global cost: is configured for all interfaces.
l Automatically calculated cost: is automatically calculated based on the interface
bandwidth.
If no cost is configured for an IS-IS interface, the IS-IS interface uses the default cost 10 and
cost style narrow.
CAUTION
If you want to change the cost style of IS-IS devices, running the command while configuring
basic IS-IS functions is recommended. If the cost style of IS-IS devices is changed during
network operation, the IS-IS process is restarted and neighbors are disconnected.
Procedure
Step 1 Configure the IS-IS cost style.
1. Run:
system-view
The system view is displayed.
2. Run:
isis [ process-id ]
The IS-IS view is displayed.
3. Run:
cost-style { narrow | wide | wide-compatible | { { narrow-compatible |
compatible } [ relax-spf-limit ] } }
The IS-IS cost style is configured.
By default, the cost style of routes received and sent by an IS-IS device is narrow.
4. Run:
commit
The configuration is committed.
The cost range of an interface and a route received by the interface vary with the cost type.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
201
l If the cost style is narrow, the cost of an interface ranges from 1 to 63. The maximum cost
of a route received by the interface is 1023.
l If the cost style is narrow-compatible or compatible, the cost of an interface ranges from 1
to 63. The cost of a received route is related to relax-spf-limit.
l If the cost style is wide-compatible or wide, the cost of the interface ranges from 1 to
16777215. When the cost is 16777215, the neighbor TLV generated on the link cannot be
used for route calculation but for the transmission of TE information. The maximum cost of
a received route is 0xFFFFFFFF.
Step 2 Configure the cost of an IS-IS interface.
Perform any of the following operations to configure the cost of an IS-IS interface.
Configure the cost of a specified IS-IS interface.
1. Run:
system-view
The system view is displayed.
2. Run:
interface interface-type interface-number
The interface view is displayed.
3. Run:
isis cost cost [ level-1 | level-2 ]
The cost of the IS-IS interface is configured.
By default, the link cost of an IS-IS interface is 10.
NOTE
To change the cost of a loopback interface, run the isis cost command only in the loopback interface
view.
4. Run:
commit
The configuration is committed.
Configure the global IS-IS cost.
1. Run:
system-view
The system view is displayed.
2. Run:
isis [ process-id ]
The IS-IS view is displayed.
3. Run:
circuit-cost cost [ level-1 | level-2 ]
The global IS-IS cost is configured.
By default, no global cost is configured.
4. Run:
commit
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
202
The configuration is committed.
Enable IS-IS to automatically calculate the interface cost.
1. Run:
system-view
The system view is displayed.
2. Run:
isis [ process-id ]
The IS-IS view is displayed.
3. Run:
bandwidth-reference value
The reference value of the bandwidth is configured. By default, the bandwidth reference
value is 100 Mbit/s.
4. Run:
auto-cost enable
The interface is configured to automatically calculate its cost.
5. Run:
commit
The configuration is committed.
The bandwidth reference value set using the bandwidth-reference command takes effect only
when the cost style is wide or wide-compatible. In this case, the interface cost is calculated using
the following formula:
Cost of each interface = (Bandwidth-reference/Interface bandwidth) 10
If the cost-style is narrow, narrow-compatible, or compatible, the cost of each interface is based
on costs listed in Table 5-2.
Table 5-2 Mapping between IS-IS interface costs and interface bandwidth
Cost Bandwidth Range
60 Interface bandwidth 10 Mbit/s
50 10 Mbit/s < interface bandwidth 100 Mbit/s
40 100 Mbit/s < interface bandwidth 155 Mbit/s
30 155 Mbit/s < interface bandwidth 622 Mbit/s
20 622 Mbit/s < Interface bandwidth 2.5 Gbit/s
10 2.5 Gbit/s < Interface bandwidth

----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
203
5.6.3 Configuring Principles for Using Equal-Cost IS-IS Routes
Context
If there are redundant IS-IS links, multiple routes may have an equal cost. Choose either of the
following methods to use these equal-cost IS-IS routes:
l Configure load balancing for equal-cost IS-IS routes so that traffic will be evenly balanced
among these links.
This mechanism increases the link bandwidth usage and prevents network congestion
caused by link overload. However, this mechanism may make traffic management more
difficult because traffic will be randomly forwarded.
l Configure preference values for equal-cost IS-IS routes so that only the route with the
highest preference will be used and the others function as backups.
This configuration facilitates traffic management and improves the network reliability,
without the need to change original configurations.
Procedure
l Configure equal-cost IS-IS routes to work in load-balancing mode.
1. Run:
system-view
The system view is displayed.
2. Run:
isis [ process-id ]
The IS-IS view is displayed.
3. Run:
maximum load-balancing number
The maximum number of load-balancing equal-cost IS-IS routes is set.
By default, load balancing is supported and a maximum of 16 equal-cost routes can
participate in load balancing.
NOTE
When the number of equal-cost routes is greater than number specified in the maximum load-
balancing command, valid routes are selected for load balancing based on the following
criteria:
1. Route preference: Routes with higher preferences are selected for load balancing.
2. Interface index: If routes have the same priorities, routes with higher interface index values
are selected for load balancing.
3. Next hop IP address: If routes have the same priorities and interface index values, routes
with larger IP address are selected for load balancing.
4. Run:
commit
The configuration is committed.
l Configure preference values for equal-cost IS-IS routes.
1. Run:
system-view
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
204
The system view is displayed.
2. Run:
isis [ process-id ]
The IS-IS view is displayed.
3. Run:
nexthop ip-address weight value
A preference value is configured for an equal-cost IS-IS route.
By default, the preference value configured for equal-cost IS-IS routes is 255. A
smaller value indicates a higher priority.
4. Run:
commit
The configuration is committed.
----End
5.6.4 Configuring IS-IS Route Leaking
Context
If multiple Level-1-2 devices in a Level-1 area are connected to devices in the Level-2 area, a
Level-1 LSP sent by each Level-1-2 device carries an ATT flag bit of 1. This Level-1 area will
have multiple routes to the Level-2 area and to other Level-1 areas.
By default, routes in a Level-1 area can be leaked into the Level-2 area so that Level-1-2 and
Level-2 devices can learn about the topology of the entire network. Devices in a Level-1 area
are unaware of the entire network topology because they only maintain LSDBs in the local
Level-1 area. Therefore, a device in a Level-1 area can forward traffic to a Level-2 device only
through the nearest Level-1-2 device. The route used may not be the optimal route to the
destination.
To enable a device in a Level-1 area to select the optimal route, configure IPv4 IS-IS route
leaking so that specified routes in the Level-2 area can be leaked into the local Level-1 area.
Routes of services deployed only in the local Level-1 area do not need to be leaked into the
Level-2 area. A policy can be configured to leak only desired routes into the Level-2 area.
Procedure
l Specify routes in the Level-2 area and other Level-1 areas that can be leaked into the local
Level-1 area.
1. Run:
system-view
The system view is displayed.
2. Run:
isis [ process-id ]
The IS-IS view is displayed.
3. Run:
import-route isis level-2 into level-1 [ tag tag | filter-policy { acl-
number | acl-name acl-name | ip-prefix ip-prefix-name | route-policy route-
policy-name } ]
*
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
205
Routes that meet the specified conditions in the Level-2 areas are leaked into the local
Level-1 area.
By default, routes in the Level-2 area are not leaked into Level-1 areas.
NOTE
The command is run on the Level-1-2 device that is connected to an external area.
4. Run:
commit
The configuration is committed.
l Configure routes in Level-1 areas to leak into the Level-2 area.
1. Run:
system-view
The system view is displayed.
2. Run:
isis [ process-id ]
The IS-IS view is displayed.
3. Run:
import-route isis level-1 into level-2 [ tag tag | filter-policy { acl-
number | acl-name acl-name | ip-prefix ip-prefix-name | route-policy route-
policy-name } ]
*
Routes that meet the specifies conditions in Level-1 areas are leaked into the Level-2
area.
By default, all routes in a Level-1 area are leaked into the Level-2 area.
NOTE
The command is run on the Level-1-2 device that is connected to an external area.
----End
5.6.5 Checking the Configuration
Procedure
l Run the display isis route [ process-id | vpn-instance vpn-instance-name ] [ ipv4 ]
[ verbose | [ level-1 | level-2 ] | ip-address [ mask | mask-length ] ]
*
command to check IS-
IS routing information.
l Run the display isis lsdb [ { level-1 | level-2 } | verbose | { local | lsp-id | is-name symbolic-
name } ]
*
[ process-id | vpn-instance vpn-instance-name ] command to check information
in the IS-IS LSDB.
----End
5.7 Controlling IS-IS Route Exchange
If other routing protocols are configured on an IS-IS network, you need to configure IS-IS to
interact with these protocols to ensure successful communication between them.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
206
Pre-configuration Tasks
Before controlling IS-IS route exchange, complete the following task:
l 5.4 Configure Basic IS-IS Functions
Configuration Flowchart
You can perform the following configuration tasks (excluding the task of Checking the
Configuration) in any sequence as required.
5.7.1 Configuring IS-IS to Advertise a Default Route
Context
If IS-IS is configured to advertise a default route on a border device that has external routes, the
device advertises a default route 0.0.0.0/0 in the IS-IS routing domain. All traffic destined for
other routing domains is first forwarded to the border device.
NOTE
Configuring a static default route can also allow all the traffic to be first forwarded to a border device,
which then forwards the traffic outside an IS-IS routing domain. However, this method leads to heavy
workload in configuration and management when a large number of devices are deployed on the network.
In addition, advertising default routes using IS-IS is flexible. If multiple border devices are deployed, a
routing policy can be configured to allow only the border device that meets the specified conditions to
advertise a default route, preventing routing blackholes.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
isis [ process-id ]
The IS-IS view is displayed.
Step 3 Run:
default-route-advertise [ always | match default | route-policy route-policy-name ]
[ cost cost | tag tag | [ level-1 | level-1-2 | level-2 ] ]
*
[ avoid-learning ]
IS-IS is configured to advertise a default route.
By default, IS-IS does not advertise a default route.
Step 4 Run:
commit
The configuration is committed.
----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
207
5.7.2 Configuring IS-IS to Import External Routes
Context
After IS-IS is configured to advertise a default route on a border device in an IS-IS routing
domain, all the traffic destined outside the IS-IS routing domain is forwarded through the border
device. This burdens the border device because other devices in the IS-IS routing domain do not
have the routes destined outside the domain. If multiple border devices are deployed in the IS-
IS routing domain, optimal routes to other routing domains need to be selected.
To ensure optimal routes are selected, all the other devices in the IS-IS routing domain must
learn all or some external routes.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
isis [ process-id ]
The IS-IS view is displayed.
Step 3 Configure IS-IS to import external routes.
l When you need to set the cost of imported routes, run the import-route { direct | static |
{ ospf | rip | isis } [ process-id ] | bgp } [ cost-type { external | internal } | cost cost | tag
tag | route-policy route-policy | [ level-1 | level-2 | level-1-2 ] ]
*
command to configure IS-
IS to import external routes.
l When you need to retain the original cost of imported routes, run the import-route
{ { ospf | rip | isis } [ process-id ] | bgp | direct } inherit-cost [ { level-1 | level-2 |
level-1-2 } | tag tag | route-policy route-policy ]
*
command to configure IS-IS to import
external routes. In this case, the source routing protocol of imported routes cannot be static.
NOTE
IS-IS will advertise all imported external routes to the IS-IS routing domain by default.
Step 4 Run:
commit
The configuration is committed.
----End
5.7.3 Configuring IS-IS to Advertise Specified External Routes to
an IS-IS Routing Domain
Context
When the local IS-IS device advertises imported external routes to other IS-IS devices, routing
policies can be configured to advertise only the external routes that meet specified conditions if
these devices do not require all the imported external routes.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
208
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
isis [ process-id ]
The IS-IS view is displayed.
Step 3 Run:
filter-policy { acl-number | acl-name acl-name | ip-prefix ip-prefix-name | route-
policy route-policy-name } export [ protocol [ process-id ] ]
IS-IS is configured to advertise the external routes that meet specified conditions to the IS-IS
routing domain.
Step 4 Run:
commit
The configuration is committed.
----End
5.7.4 Adding Specified IS-IS Routes to the IP Routing Table
Context
Only routes in an IP routing table can be used to forward IP packets. An IS-IS route can take
effect only after this IS-IS route has been successfully added to an IP routing table.
If an IS-IS route does not need to be added to a routing table, specify conditions, such as a basic
ACL, IP prefix, and routing policy, to filter routes so that only IS-IS routes that meet the specified
conditions can added to an IP routing table. IS-IS routes that do not meet the specified conditions
cannot be added to the IP routing table and cannot be selected to forward IP packets.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
isis [ process-id ]
The IS-IS view is displayed.
Step 3 Run:
filter-policy { acl-number | acl-name acl-name | ip-prefix ip-prefix-name | route-
policy route-policy-name } import
Conditions for filtering IS-IS routes are configured.
Step 4 Run:
commit
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
209
The configuration is committed.
----End
5.7.5 Checking the Configuration
Procedure
l Run the display isis lsdb [ { level-1 | level-2 } | verbose | { local | lsp-id | is-name symbolic-
name } ]
*
[ process-id | vpn-instance vpn-instance-name ] command to check IS-IS LSDB
information.
l Run the display isis route [ process-id | vpn-instance vpn-instance-name ] [ ipv4 ]
[ verbose | [ level-1 | level-2 ] | ip-address [ mask | mask-length ] ]
*
command to check IS-
IS routing information.
l Run the display ip routing-table [ verbose ] command to check the IP routing table.
----End
5.8 Configuring IS-IS Route Summarization
A large IS-IS network has a large number of routing entries. This will slow down routing table
lookup and increase management complexity. You can configure route summarization to reduce
the size of routing tables.
Pre-configuration Tasks
Before configuring IS-IS route summarization, complete the following task:
l 5.4 Configure Basic IS-IS Functions
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
isis [ process-id ]
The IS-IS view is displayed.
Step 3 Run:
summary ip-address mask [ avoid-feedback | generate_null0_route | tag tag |
[ level-1 | level-1-2 | level-2 ] ]
*
The specified IS-IS routes are summarized into one IS-IS route.
NOTE
After route summarization is configured on a device, the local routing table still contains all specific routes
before the summarization. The routing tables on other devices contain only the summary route, and the
summary route is deleted only after all its specific routes are deleted.
Step 4 Run:
commit
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
210
The configuration is committed.
----End
Checking the Configuration
l Run the display isis route command to check summary routes in the IS-IS routing table.
l Run the display ip routing-table [ verbose ] command to check summary routes in the IP
routing table.
5.9 Controlling IS-IS Route Convergence
Accelerating IS-IS route convergence can improve the fault location efficiency and improve
network reliability.
Pre-configuration Tasks
Before configuring IS-IS route convergence, complete the following task:
l 5.4 Configure Basic IS-IS Functions
Configuration Flowchart
You can perform the following configuration tasks (excluding the task of Checking the
Configuration) in any sequence as required.
5.9.1 Configuring Attributes for Hello Packets
Context
IS-IS maintains neighbor relationships between neighbors by sending and receiving Hello
packets. If the local device does not receive Hello packets from its neighbor within a specified
period, the device considers the neighbor Down.
In IS-IS, you can set the interval for sending Hello packets and the holding multiplier of
neighboring devices to control the holdtime of neighbor relationships between the local device
and neighbors.
l If the interval for sending Hello packets is too short, more system resources are consumed
to send Hello packets, causing a heavy CPU load.
l If the holdtime of neighboring devices is too long, the local device needs to spend much
time detecting the failure of neighbors, slowing down IS-IS route convergence. If the
holdtime of neighboring devices is too short, some Hello packets may be lost or become
incorrect because of network transmission delay and errors. This will cause neighbor
relationships to frequently alternate between Up and Down and lead to route flapping on
the IS-IS network.
NOTE
You are advised to set the same interval for sending Hello packets and same holding multiplier of
neighboring devices on all the devices on the IS-IS network. This method prevents IS-IS route
convergence from being slowed down when some devices detect link failures at a lower speed than
other devices.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
211
Procedure
l Configure the interval for sending Hello packets.
1. Run:
system-view
The system view is displayed.
2. Run:
interface interface-type interface-number
The interface view is displayed.
3. Run:
isis timer hello hello-interval [ level-1 | level-2 ]
The interval for sending Hello packets is set on an interface.
By default, the interval for sending Hello packets 10 seconds.
NOTE
Parameters level-1 and level-2 are configured only on a broadcast interface.
On a broadcast link, there are Level-1 and Level-2 Hello packets. For different types of packets,
you can set different intervals. If no level is specified, both the Level-1 timer and Level-2 timer
are configured. On a P2P link, there are only one type of Hello packets. Therefore, neither
level-1 nor level-2 is required.
4. Run:
commit
The configuration is committed.
l Set the holding multiplier for neighboring devices.
1. Run:
system-view
The system view is displayed.
2. Run:
interface interface-type interface-number
The interface view is displayed.
3. Run:
isis timer holding-multiplier number [ level-1 | level-2 ]
The holding multiplier of neighboring devices is set.
The default holding multiplier is 3. The holdtime of neighbor relationships is three
times the interval for sending Hello packets.
NOTE
Parameters level-1 and level-2 are configured only on a broadcast interface.
4. Run:
commit
The configuration is committed.
----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
212
5.9.2 Configuring Attributes for LSPs
Context
LSPs are used to exchange link state information. You can configure attributes for LSPs to
control the length and maximum lifetime of LSPs. To accelerate network convergence, you can
enable LSP fast flooding or reduce the minimum interval for sending LSPs and the interval for
updating LSPs to speed up LSP flooding. However, CPU resources will be consumed too much
if the network topology changes frequently. In this situation, configure the intelligent timer for
generating LSPs. This timer can fast respond to emergencies, speed up network convergence,
and improve CPU resource efficiency because its interval becomes longer when the network
changes frequently.
Configured
Parameters
Function Usage Scenario
Set the
maximum
length for LSPs
Set the size
for LSPs to
be
generated
and LSPs to
be received.
When the volume of link status information increases, the
length of LSPs to be generated can be increased to carry
more information in each LSP.
Set the
maximum
lifetime for
LSPs
Set the
maximum
lifetime for
LSPs to
ensure the
validity of
an LSP
before its
updated
LSP is
received.
When a switch generates the system LSP, it fills in the
maximum lifetime for this LSP. After this LSP is received
by other switchs, the lifetime of the LSP is reduced
gradually. If the switch does not receive any more update
LSPs and the lifetime of the LSP is reduced to 0, the LSP
will be deleted from the LSDB 60s later if no more updated
LSPs are received.
Set the refresh
interval for
LSPs
Set the
refresh
interval for
LSPs to
synchronize
LSDBs.
On an IS-IS network, LSDB synchronization is
implemented through LSP flooding. During LSP flooding,
a switch sends an LSP to its neighbors and then the neighbors
send the received LSP to their respective neighbors except
the switch that first sends the LSP. In this manner, the LSP
is flooded among the switchs of the same level. LSP flooding
allows each switch of the same level to have the same LSP
information and synchronize its LSDB with each other.
Set the
minimum
interval at
which LSPs are
sent
Set the
interval for
sending an
LSP during
LSP update.
Reducing the minimum interval for sending LSPs speeds up
LSP flooding.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
213
Configured
Parameters
Function Usage Scenario
Configure the
intelligent
timer used to
generate LSPs
Control the
interval for
generating
LSPs
intelligently
to speed up
route
convergenc
e and reduce
system
load.
On an IS-IS network, if the local routing information
changes, a switch needs to generate a new LSP to notify this
change. If the local routing information changes frequently,
a large number of new LSPs are generated, which occupies
a lot of system resources and decreases system performance.
To speed up network convergence and prevent system
performance from being affected, configure an intelligent
timer for generating LSPs. This timer can adjust the delay
in generating LSPs based on the routing information change
frequency.
Enable LSP
fast flooding
Control the
number of
LSPs
flooded
each time
on an
interface to
speed up IS-
IS network
convergenc
e.
When an IS-IS switch receives new LSPs from other
switchs, it switch updates the LSPs in the local LSDB and
periodically floods out the updated LSPs according to a
timer . LSP fast flooding updates the preceding method.
When a device configured with LSP fast flooding receives
one or more new LSPs. it floods out the LSPs with a number
smaller than the specified number before calculating routes.
This speeds up LSDB synchronization.
Set an interval
at which LSPs
are
retransmitted
over a P2P link
Control the
interval for
retransmitti
ng LSPs to
ensure
LSDB
synchroniza
tion on a
P2P
network.
On a point-to-point network, devices at both ends of a link
synchronize LSDBs with each other by flooding LSPs. The
device at one end of the link sends an LSP. If the device at
the other end receives this LSP, it replies with a PSNP. If the
device that has sent an LSP does not receive a PSNP from
the other end in a period of time, the device will retransmit
the LSP.

Procedure
l Set the maximum length for LSPs.
1. Run:
system-view
The system view is displayed.
2. Run:
isis [ process-id ]
The IS-IS view is displayed.
3. Set the maximum length for LSPs.
Run:
lsp-length originate max-size
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
214
The maximum length is set for each generated LSP.
Run:
lsp-length receive max-size
The maximum length is set for each received LSP.
By default, the IS-IS system generates and receives 1497-byte LSPs.
NOTE
Ensure that the value of max-size for LSPs to be generated must be smaller than or equal to the
value of max-size for LSPs to be received.
The value of max-size set through the lsp-length command must meet the following
requirements; otherwise, the MTU status on the interface is considered Down.
l The MTU of an Ethernet interface must be greater than or equal to the sum of the value of
max-size and 3.
l The MTU of a P2P interface must be greater than or equal to the value of max-size.
4. Run:
commit
The configuration is committed.
l Set the maximum lifetime for LSPs.
1. Run:
system-view
The system view is displayed.
2. Run:
isis [ process-id ]
The IS-IS view is displayed.
3. Run:
timer lsp-max-age age-time
The maximum lifetime is set for LSPs.
By default, the maximum lifetime of LSPs is 1200 seconds.
4. Run:
commit
The configuration is committed.
l Set the refresh interval for LSPs.
1. Run:
system-view
The system view is displayed.
2. Run:
isis [ process-id ]
The IS-IS view is displayed.
3. Run:
timer lsp-refresh refresh-time
A refresh interval is set for LSPs.
y default, the LSP refresh interval is 900s.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
215
NOTE
Ensure that the LSP refresh interval is more than 300s shorter than the maximum LSP lifetime.
This allows new LSPs to reach all devices in an area before existing LSPs expire.
The larger a network, the greater the deviation between the LSP refresh interval and the
maximum LSP lifetime.
4. Run:
commit
The configuration is committed.
l Set the minimum interval at which LSPs are sent.
1. Run:
system-view
The system view is displayed.
2. Run:
interface interface-type interface-number
The interface view is displayed.
3. Run:
isis timer lsp-throttle throttle-interval [ count count ]
The minimum interval for sending LSPs on an IS-IS interface and the maximum
number of LSPs sent within the interval are set.
By default, the minimum interval for sending LSPs is 50 ms, and the maximum number
of LSPs sent each time is 10.
4. Run:
commit
The configuration is committed.
l Configure the intelligent timer used to generate LSPs.
1. Run:
system-view
The system view is displayed.
2. Run:
isis [ process-id ]
The IS-IS view is displayed.
3. Run:
timer lsp-generation max-interval [ init-interval [ incr-interval ] ]
[ level-1 | level-2 ]
The intelligent timer used to generate LSPs is set.
If no level is configured, both Level-1 and Level-2 are configured.
The initial delay for generating the same LSPs (or LSP fragments) is init-interval. The
delay for generating the same LSPs (or LSP fragments) secondly is incr-interval.
When the routes change each time, the delay for generating the same LSPs (or LSP
fragments) is twice as the previous value until the delay is up to max-interval. After
the delay reaches max-interval for three times or reset the IS-IS process, the interval
is reduced to init-interval.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
216
When incr-interval is not used and generating the same LSPs (or LSP fragments) for
the first time, init-interval is used as the initial delay. Then, the delay for generating
the same LSPs (or LSP fragments) is max-interval. After the delay reaches max-
interval for three times or the IS-IS process is reset, the interval is reduced to init-
interval.
When only max-interval is used, the intelligent timer changes into a normal one-short
timer.
4. Run:
commit
The configuration is committed.
l Enable LSP fast flooding.
1. Run:
system-view
The system view is displayed.
2. Run:
isis [ process-id ]
The IS-IS view is displayed.
3. Run:
flash-flood [ lsp-count ] [ max-timer-interval interval ] [ level-1 |
level-2 ]
The LSP fast flooding is enabled.
The lsp-count parameter specifies the number of LSPs flooded each time, which is
applicable to all interfaces. If the number of LSPs to be sent is greater than the value
of lsp-count, lsp-count takes effect. If the number of LSPs to be sent is smaller than
the value of lsp-count, LSPs of the actual number are sent. If a timer is configured and
the configured timer does not expire before the route calculation, the LSPs are flooded
immediately when being received; otherwise, the LSPs are sent when the timer
expires.
When LSP fast flooding is enabled, Level-1 LSPs and Level-2 LSPs are fast flooded
by default if no level is specified.
4. Run:
commit
The configuration is committed.
l Set an interval at which LSPs are retransmitted over a P2P link.
1. Run:
system-view
The system view is displayed.
2. Run:
interface interface-type interface-number
The interface view is displayed.
3. (Optional) Run:
isis circuit-type p2p
A broadcast interface is simulated as a P2P interface.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
217
NOTE
If the interface type is P2P, step 3 is not required.
4. Run:
isis timer lsp-retransmit retransmit-interval
The interval at which LSPs are retransmitted over a P2P link is set.
By default, the interval for retransmitting LSPs over a P2P link is 5 seconds.
5. Run:
commit
The configuration is committed.
----End
5.9.3 Configuring Attributes for CSNPs
Context
Complete sequence number PDUs (CSNPs) contains the summary of all the LSPs in an LSDB
to ensure LSDB synchronization between neighbors. CSNPs are processed differently on
broadcast and P2P links.
l On a broadcast link, CSNPs are periodically sent by a DIS device. If a device detects that
its LSDB is not synchronized with that on its neighboring device, the device will send
PSNPs to apply for missing LSPs.
l On a P2P link, CSNPs are sent only during initial establishment of neighboring
relationships.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Run:
isis timer csnp csnp-interval [ level-1 | level-2 ]
The interval at which CSNPs are sent is set on the specified interface.
By default, the interval at which CSNPs are sent on a broadcast network is 10 seconds.
NOTE
Configure Level-1 and Level-2 only when a broadcast interface is specified.
Step 4 Run:
commit
The configuration is committed.
----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
218
5.9.4 Setting the SPF Calculation Interval
Context
A network change always triggers IS-IS to perform SPF calculation. Frequent SPF calculation
will consume excessive CPU resources, affecting services.
To solve this problem, configure an intelligent timer to control the interval for SPF calculation.
For example, to speed up IS-IS route convergence, set the interval for SPF calculation to a small
value and set the interval to a large value after the IS-IS network becomes stable.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
isis [ process-id ]
The IS-IS view is displayed.
Step 3 Run:
timer spf max-interval [ init-interval [ incr-interval ] ]
The SPF intelligent timer is configured.
By default, no SPF intelligent timer is configured and the maximum delay in SPF calculation is
5 seconds.
The intelligent timer changes as follows:
l The delay in the first SPF calculation is determined by init-interval; the delay in the second
SPF calculation is determined by incr-interval. From the third time on, the delay in SPF
calculation increases twice every time until the delay reaches the value specified by max-
interval. After the delay remains at the value specified by max-interval for three times or the
IS-IS process is restarted, the delay decreases to the value specified by init-interval.
l If incr-interval is not specified, the delay in SPF calculation for the first time is determined
by init-interval. From the second time on, the delay in SPF calculation is determined by max-
interval. After the delay remains at the value specified by max-interval for three times or the
IS-IS process is restarted, the delay decreases to the value specified by init-interval.
l When only max-interval is specified, the intelligent timer functions as an ordinary one-time
triggering timer.
Step 4 Run:
commit
The configuration is committed.
----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
219
5.9.5 Configuring Convergence Priorities for IS-IS Routes
Context
Devices allow you to configure the highest convergence priority for specific IS-IS routes so that
these IS-IS routes will be converged first when a network topology changes.
The application rules of the convergence priorities for IS-IS routes are as follows:
l Existing IS-IS routes are converged based on the priorities configured in the prefix-
priority command.
l New IS-IS routes are converged based on the priorities configured in the prefix-priority
command.
l If an IS-IS route conforms to the matching rules of multiple convergence priorities, the
highest convergence priority is used.
l The convergence priority of a Level-1 IS-IS route is higher than that of a Level-2 IS-IS
route.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
isis [ process-id ]
The IS-IS view is displayed.
Step 3 Run:
prefix-priority [ level-1 | level-2 ] { critical | high | medium } { ip-prefix
prefix-name | tag tag-value }
Convergence priorities are set for IS-IS routes.
By default, the convergence priority of 32-bit host routes is medium, and the convergence
priority of the other IS-IS routes is low.
NOTE
The prefix-priority command is only applicable to the public network.
After the prefix-priority command is run, the convergence priority of 32-bit host routes is low, and the
convergence priorities of the other routes are determined as specified in the prefix-priority command.
Step 4 Run:
commit
The configuration is committed.
----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
220
5.9.6 Checking the Configuration
Procedure
l Run the display isis interface [ verbose ] [ | vpn-instance vpn-instance-name ] command
to check IS-IS packet information.
l Run the display isis route [ process-id | vpn-instance vpn-instance-name ] [ ipv4 ]
[ verbose | [ level-1 | level-2 ] | ip-address [ mask | mask-length ] ]
*
[ | count ] command
to check the informations of IS-IS routes.
----End
5.10 Configuring LSP Fragment Extension
LSP fragment extension allows an IS-IS device to generate more LSP fragments to transmit
more IS-IS information.
Pre-configuration Tasks
Before configuring LSP fragment extension, complete the following task:
l 5.4.1 Creating IS-IS Processes
NOTE
When a new device connects to an IS-IS network, you are advertised to configure LSP fragment extension
and virtual systems before establishing IS-IS neighbors or importing routes. If you establish IS-IS neighbors
or import routes, which causes IS-IS to carry much information that cannot be loaded through 256
fragments, you must configure LSP fragment extension and virtual systems. The configurations, however,
take effect only after you restart the IS-IS process.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
isis [ process-id ]
The IS-IS view is displayed.
Step 3 Run:
lsp-fragments-extend [ [ level-1 | level-2 | level-1-2 ] | [ mode-1 | mode-2 ] ]
*
LSP fragment extension is enabled in an IS-IS process.
By default, LSP fragment extension is disabled in an IS-IS process.
If the mode or level is not specified during the configuration of LSP fragment extension, mode-1
and level-1-2 are used by default.
NOTE
If there are devices of other manufacturers on the network, LSP fragment extension must be set to mode-1.
Otherwise, devices of other manufacturers cannot identify LSPs.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
221
Step 4 Run:
virtual-system virtual-system-id
A virtual system is configured.
By default, no virtual system is configured.
To configure a switch to generate extended LSP fragments, you must configure at least one
virtual system. The ID of the virtual system must be unique in the domain.
An IS-IS process can be configured with up to 50 virtual system IDs.
Step 5 Run:
commit
The configuration is committed.
----End
Checking the Configuration
Run the following commands to check IS-IS process statistics.
l display isis statistics [ updated-lsp [ history ] ] [ level-1 | level-2 | level-1-2 ] [ process-
id | vpn-instance vpn-instance-name ]
l display isis process-id statistics [ [ [ updated-lsp [ history ] ] [ level-1 | level-2 |
level-1-2 ] ] | [ packet ] ]
5.11 Configuring a Mesh Group on an NBMA Network
You can configure a mesh group on an NBMA network to prevent repeated LSP flooding from
causing bandwidth waste.
Pre-configuration Tasks
Before configuring a mesh group, complete the following task:
l 5.4 Configure Basic IS-IS Functions
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Run:
isis mesh-group { mesh-group-number | mesh-blocked }
The interface is added to a mesh group.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
222
When mesh-blocked is configured on an interface, the interface is blocked and cannot flood
LSPs outside. All the interfaces added to a mesh group implement global LSDB synchronization
through CSNP and PSNP mechanisms.
Step 4 Run:
commit
The configuration is committed.
----End
Checking the Configuration
Run the following commands to check IS-IS process statistics.
l display isis statistics [ updated-lsp [ history ] ] [ level-1 | level-2 | level-1-2 ] [ process-
id | vpn-instance vpn-instance-name ]
l display isis process-id statistics [ [ [ updated-lsp [ history ] ] [ level-1 | level-2 |
level-1-2 ] ] | [ packet ] ]
5.12 Configuring IS-IS Reliability
You can configure IS-IS Auto FRR, BFD for IS-IS, and IS-IS GR to improve IS-IS reliability.
Pre-configuration Tasks
Before configuring IS-IS reliability, complete the following task:
l 5.4 Configure Basic IS-IS Functions
Configuration Flowchart
You can perform the following configuration tasks (excluding the task of Checking the
Configuration) in any sequence as required.
5.12.1 Enabling IS-IS Auto FRR
Context
At present, the VoIP and on-line video services require high-quality real-time transmission.
Nevertheless, if an IS-IS fault occurs, multiple processes, including fault detection, LSP update,
LSP flooding, route calculation, and FIB entry delivery, must be performed to switch the traffic
to a new link. As a result, it takes much more than 50 ms to recover the link from the fault, which
cannot meet the requirement for real-time services on the network.
After the BFD session status is bound to IS-IS Auto FRR, traffic can be fast switched from the
faulty link to the backup link. This ensures that the traffic interruption time is within 50 ms,
which protects traffic and improves IS-IS network reliability.
Procedure
Step 1 Run:
system-view
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
223
The system view is displayed.
Step 2 Run:
isis [ process-id ]
The IS-IS process is enabled and the IS-IS view is displayed.
Step 3 Run:
frr
The IS-IS FRR view is displayed.
Step 4 (Optional) Run:
frr-policy route route-policy route-policy-name
Backup routes are filtered using a filtering policy. Only backup routes that have passed the
filtering policy are added to the routing table.
Step 5 Run:
loop-free-alternate [ level-1 | level-2 | level-1-2 ]
IS-IS Auto FRR is enabled and the loop-free backup route is created.
By default, IS-IS Auto FRR is disabled from calculating loop-free backup routes using the loop-
free alternate (LFA) algorithm.
If the IS-IS level is not specified, IS-IS Auto FRR is enabled on Level-1 and Level-2 to create
the backup route.
Step 6 (Optional) Run the following command in the interface view:
isis lfa-backup [ level-1 | level-2 | level-1-2 ] disable
The interface is disabled from participating in LFA calculation.
By default, an IS-IS interface can participate in LFA calculation.
During network deployment, to facilitate traffic management and fast determine the traffic
forwarding path when the primary link fails, disable some interfaces from participating in LFA
calculation.
Step 7 Run:
commit
The configuration is committed.
----End
Checking the Configuration
l Run the display isis route [ process-id | vpn-instance vpn-instance-name ] [ ipv4 ]
[ verbose | [ level-1 | level-2 ] | ip-address [ mask | mask-length ] ]
*
command to check
information about the primary link and backup link generated by IS-IS Auto FRR.
l Run the display isis spf-tree verbose command to check the traffic protection type of IS-
IS Auto FRR.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
224
5.12.2 Configuring Static BFD for IS-IS
Context
On an IS-IS network, a device periodically sends Hello packets to detect the neighbor status
change. By default, the device considers a neighbor Down when it does not receive a Hello
packet from the neighbor after sending three Hello packets (30 seconds). This IS-IS fault
detection mechanism, however, cannot provide high reliability for the network that requires fast
network convergence and no packet loss. BFD for IS-IS can solve this problem. BFD is a
millisecond-level fault detection mechanism. It can detect faults on the link between IS-IS
neighbors within 50 ms. Therefore, BFD can speed up IS-IS route convergence, ensures fast link
switchover, and reduces traffic loss.
Compared to dynamic BFD, static BFD has the following characteristics:
l Static BFD can be manually controlled and is easy to deploy. To save memory and ensure
reliability of key links, BFD can be deployed on specified links.
l Establishing and deleting BFD sessions need to be manually triggered and lack flexibility.
Configuration errors may occur. For example, if an incorrect local or remote discriminator
is configured, a BFD session cannot work properly.
NOTE
A BFD session currently does not detect route switching. If the change of bound peer IP address causes a
route to switch to another link, the BFD session is negotiated again only when the original link fails.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bfd
BFD is enabled globally.
Step 3 Run:
quit
The system view is displayed.
Step 4 Run:
bfd cfg-name bind peer-ip ip-address [ interface interface-type interface-number ]
BFD is enabled between the specified interface and peer router.
If a peer IP address and a local interface are specified in the bfd command, BFD monitors only
a single-hop link with the interface specified in the bfd command as the outbound interface and
with the peer IP address specified in the peer-ip command as the next-hop address.
Step 5 Set discriminators.
l Run:
discriminator local discr-value
A local discriminator is set.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
225
l Run:
discriminator remote discr-value
A remote discriminator is set.
The local discriminator of a device must be the remote discriminator of the device on the other
end; otherwise, a BFD session cannot be established. In addition, the local and remote
discriminators cannot be modified after being configured.
NOTE
The local discriminator of the local device must be the same as the remote discriminator of the remote
device, and the remote discriminator of the local device must be the same as the local discriminator of the
remote device.
Step 6 Run:
quit
The system view is displayed.
Step 7 Run:
interface interface-type interface-number
The view of the specified interface is displayed.
Step 8 Run:
isis bfd static
Static IPv4 BFD is enabled on the specified interface.
Step 9 Run:
commit
The configuration is committed.
----End
Checking the Configuration
You can check information about a BFD session only after parameters of the BFD session are
configured and the BFD session is established.
l Run the display isis [ process-id | vpn-instance vpn-instance-name ] bfd session { peer
ip-address | all } command to check information about the BFD session.
l Run the display isis interface verbose command. The command output shows that the
status of static BFD for IS-IS process is Yes.
5.12.3 Configuring Dynamic BFD for IS-IS
Context
On an IS-IS network, a device periodically sends Hello packets to detect the neighbor status
change. By default, the device considers a neighbor Down when it does not receive a Hello
packet from the neighbor after sending three Hello packets (30 seconds). This IS-IS fault
detection mechanism, however, cannot provide high reliability for the network that requires fast
network convergence and no packet loss. BFD for IS-IS can solve this problem. BFD is a
millisecond-level fault detection mechanism. It can detect faults on the link between IS-IS
neighbors within 50 ms. Therefore, BFD can speed up IS-IS route convergence, ensures fast link
switchover, and reduces traffic loss.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
226
Dynamic BFD for IS-IS implements dynamic setup of BFD sessions. When a new IS-IS neighbor
relationship is set up, BFD is notified of the neighbor parameters and the detection parameters
(including source and destination IP addresses). Then a BFD session will be established based
on the received neighbor parameters.
Dynamic BFD is more flexible than static BFD. In dynamic BFD, routing protocols trigger the
setup of BFD sessions, preventing the configuration errors caused by manual configuration.
Dynamic BFD is easy to configure and applies to the scenarios where BFD needs to be configured
on the entire network. Dynamic BFD for IS-IS can fast detect neighbor status changes and
implement fast network convergence.
NOTE
A BFD session currently does not detect route switching. If the change of bound peer IP address causes a
route to switch to another link, the BFD session is negotiated again only when the original link fails.
The priority of BFD configured on an interface is higher than that of BFD configured for a process. If BFD
session parameters are configured for both a process and an interface, the parameters on the interface will
be used to establish a dynamic BFD session.
Procedure
l Configure dynamic BFD for IS-IS in a specified IS-IS process.
1. Run:
system-view
The system view is displayed.
2. Run:
bfd
BFD is enabled globally.
3. Run:
quit
The system view is displayed.
4. Run:
isis process-id
The IS-IS view is displayed.
5. Run:
bfd all-interfaces enable
BFD for IS-IS is enabled to establish a BFD session.
This command enables an IS-IS process to use default BFD parameters to create BFD
sessions on all the interfaces in the IS-IS process.
6. (Optional) Run:
bfd all-interfaces { min-rx-interval receive-interval | min-tx-interval
transmit-interval | detect-multiplier multiplier-value | frr-binding }
*
The parameters for establishing BFD sessions are set for all interfaces.
The command execution result is applicable to BFD session parameters on all IS-IS
interfaces.
7. (Optional) Run the following command in the interface view:
isis bfd block
The interface is prohibited from dynamically establishing a BFD session.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
227
By default, an interface can dynamically establish BFD sessions.
8. Run:
commit
The configuration is committed.
l Configure dynamic BFD for IS-IS on a specified interface.
1. Run:
system-view
The system view is displayed.
2. Run:
bfd
BFD is enabled globally.
3. Run:
quit
The system view is displayed.
4. Run:
interface interface-type interface-number
The interface view is displayed.
5. Run:
isis bfd enable
BFD is enabled on the interface to establish a BFD session.
After BFD is configured globally and the neighbor status is Up (on a broadcast
network, DIS is in the Up state), default BFD parameters will be used to establish
BFD sessions on the specified interface.
6. (Optional) Run:
isis bfd { min-rx-interval receive-interval | min-tx-interval transmit-
interval | detect-multiplier multiplier-value | frr-binding }
*
Run this command when BFD session parameters need to be configured for a specified
interface.
7. (Optional) Run:
isis bfd block
The interface is prohibited from dynamically establishing a BFD session.
8. Run:
commit
The configuration is committed.
----End
Checking the Configuration
After BFD is enabled on both ends of a link, run the display isis [ process-id | vpn-instance
vpn-instance-name ] bfd session { all | peer ip-address } command. The command output shows
that BFD status is up.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
228
5.13 Configuring the Overload Bit for an IS-IS Device
If an IS-IS device needs to be temporarily isolated, configure the IS-IS device to enter the
overload state to prevent other devices from forwarding traffic to this IS-IS device and prevent
routing black hole.
Pre-configuration Tasks
Before configuring the overload bit for an IS-IS device, complete the following task:
l 5.4 Configure Basic IS-IS Functions
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
isis [ process-id ]
The IS-IS view is displayed.
Step 3 Run:
set-overload [ on-startup [ timeout1 | start-from-nbr system-id [ timeout1
[ timeout2 ] ] | wait-for-bgp [ timeout1 ] ] ] [ allow { interlevel | external }
*
]
The overload bit for non-pseudonode LSPs is configured.
Step 4 Run:
commit
The configuration is committed.
----End
Checking the Configuration
l Run the display isis lsdb [ { level-1 | level-2 } | verbose | { local | lsp-id | is-name symbolic-
name } ]
*
[ process-id | vpn-instance vpn-instance-name ] command to check information
in the IS-IS LSDB.
5.14 Maintaining IS-IS
Maintaining IS-IS includes resetting IS-IS, configuring IS-IS host name mapping, and
configuring the Output of IS-IS Adjacency Status
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
229
5.14.1 Resetting IS-IS
Context
To reset IS-IS, reset IS-IS data structure and neighbor relationship.
CAUTION
The IS-IS data structure cannot be restored after you reset it. All the previous structure
information and the neighbor relationship are reset. Exercise caution when running this
command.
The specified IS-IS neighbor relationship is deleted after you reset a specified IS-IS neighbor.
Exercise caution when running this command.
Procedure
l Reset IS-IS data structure.
Run the reset isis all[ process-id | vpn-instance vpn-instance-name ] command to reset IS-
IS data structure.
l Reset IS-IS neighbor relationship.
Run the reset isis peer system-id [ process-id | vpn-instance vpn-instance-name ] command
to reset a specific IS-IS neighbor.
After the IS-IS routing policy or the protocol changes, you can reset a specific IS-IS
neighbor to validate the new configuration.
----End
5.14.2 Suppressing IS-IS
Context
By suppressing IS-IS, you can disable an IS-IS process temporarily without affecting the IS-IS
configuration.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
isis [ process-id ]
An IS-IS process is created, and the IS-IS view is displayed.
Step 3 Run:
shutdown
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
230
The IS-IS process is disabled temporarily.
After the IS-IS process is disabled temporarily, you can still perform the IS-IS configuration but
the configuration does not take effect. You can run the undo shutdown command to cancel the
suppression.
Step 4 Run:
commit
The configuration is committed.
----End
5.14.3 Configuring IS-IS Host Name Mapping
Context
After IS-IS host name mapping is configured, the configured host name rather than the system
ID is displayed in IS-IS information. This improves IS-IS network maintainability.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
isis [ process-id ]
An IS-IS process is created and the IS-IS view is displayed.
Step 3 Configure IS-IS host name mapping.
l Run:
is-name symbolic-name
IS-IS dynamic host name mapping is configured and a host name is configured for the local
device.
This configuration is dynamic configuration. Therefore, the configured host name symbolic-
name is advertised through an LSP to other IS-IS devices in the same area. When you use
IS-IS display commands to view IS-IS information on other IS-IS devices, the system ID of
the local device is replaced by the configured host name.
l Run:
is-name map system-id symbolic-name
IS-IS static host name mapping is configured and a host name is configured for the remote
device.
This configuration is static configuration and takes effect only on the local device. Therefore,
the configured host name symbolic-name is not advertised through an LSP. If dynamic host
name mapping is configured on an IS-IS device, dynamic host name mapping takes
precedence over static host name mapping.
Step 4 Run:
commit
The configuration is committed.
----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
231
5.15 Configuration Examples
This section describes IS-IS configuration examples, including networking requirements,
configuration roadmap, and configuration procedure.
5.15.1 Example for Configuring Basic IS-IS Functions
Networking Requirements
As shown in Figure 5-1, there are four devices (SwitchA, SwitchB, SwitchC, and SwitchD) on
the network. The four devices need to communicate with each other. SwitchA and SwitchB can
only process a small amount of data because they have lower performance than the other two
devices.
Figure 5-1 Networking diagram of configuring basic IS-IS functions
10GE1/0/2
VLANIF40
172.16.1.1/16
10GE1/0/3
VLAN30
192.168.0.1/24
10GE1/0/1
VLANIF30
192.168.0.2/24
SwitchD
L2
IS-IS
Area20
10GE1/0/1
VLANIF10
10.1.1.2/24
SwitchC
L1/2
SwitchB
L1
SwitchA
L1
IS-IS
Area10
10GE1/0/1
VLANIF10
10.1.1.1/24
10GE1/0/2
VLANIF20
10.1.2.1/24
10GE1/0/1
VLANIF20
10.1.2.2/24

Configuration Roadmap
The configuration roadmap is as follows:
1. Enable IS-IS on each device so that the devices can be interconnected. Configure SwitchA
and SwitchB as Level-1 devices to enable them to maintain less data.
Procedure
Step 1 Configure VLANs that each interface belongs to.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[~HUAWEI] commit
[~SwitchA] vlan 10
[~SwitchA-vlan10] quit
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
232
[~SwitchA] interface 10ge 1/0/1
[~SwitchA-10GE1/0/1] port link-type trunk
[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10
[~SwitchA-10GE1/0/1] commit
[~SwitchA-10GE1/0/1] quit
The configurations of SwitchB, SwitchC, and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
Step 2 Assign the IP addresses for VLANIF interfaces.
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] ip address 10.1.1.2 24
[~SwitchA-Vlanif10] commit
[~SwitchA-Vlanif10] quit
The configurations of SwitchB, SwitchC, and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
Step 3 Configure basic IS-IS functions.
# Configure SwitchA.
[~SwitchA] isis 1
[~SwitchA-isis-1] is-level level-1
[~SwitchA-isis-1] network-entity 10.0000.0000.0001.00
[~SwitchA-isis-1] quit
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] isis enable 1
[~SwitchA-Vlanif10] commit
[~SwitchA-Vlanif10] quit
# Configure SwitchB.
[~SwitchB] isis 1
[~SwitchB-isis-1] is-level level-1
[~SwitchB-isis-1] network-entity 10.0000.0000.0002.00
[~SwitchB-isis-1] quit
[~SwitchB] interface vlanif 10
[~SwitchB-Vlanif10] isis enable 1
[~SwitchA-Vlanif10] commit
[~SwitchB-Vlanif10] quit
# Configure SwitchC.
[~SwitchC] isis 1
[~SwitchC-isis-1] network-entity 10.0000.0000.0003.00
[~SwitchC-isis-1] quit
[~SwitchC] interface vlanif 10
[~SwitchC-Vlanif10] isis enable 1
[~SwitchC-Vlanif10] quit
[~SwitchC] interface vlanif 20
[~SwitchC-Vlanif20] isis enable 1
[~SwitchC-Vlanif20] quit
[~SwitchC] interface vlanif 30
[~SwitchC-Vlanif30] isis enable 1
[~SwitchC-Vlanif30] commit
[~SwitchC-Vlanif30] quit
# Configure SwitchD.
[~SwitchD] isis 1
[~SwitchD-isis-1] is-level level-2
[~SwitchD-isis-1] network-entity 20.0000.0000.0004.00
[~SwitchD-isis-1] quit
[~SwitchD] interface vlanif 20
[~SwitchD-Vlanif20] isis enable 1
[~SwitchD-Vlanif20] quit
[~SwitchD] interface vlanif 10
[~SwitchD-Vlanif10] isis enable 1
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
233
[~SwitchD-Vlanif10] commit
[~SwitchD-Vlanif10] quit
Step 4 Configure the authentication mode and password for SwitchA and SwitchC to authenticate Hello
packets.
# Configure SwitchA.
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] isis authentication-mode md5 huawei
[~SwitchA-Vlanif10] commit
[~SwitchA-Vlanif10] quit
# Configure SwitchC.
[~SwitchC] interface vlanif 10
[~SwitchC-Vlanif10] isis authentication-mode md5 huawei
[~SwitchC-Vlanif10] commit
[~SwitchC-Vlanif10] quit
Step 5 Verify the configuration.
# View the IS-IS LSDB information of each switch.
[~SwitchA] display isis lsdb
Database information for ISIS(1)
--------------------------------
Level-1 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0001.00-00* 0x00000006 0xbf7d 649 68 0/0/0
0000.0000.0002.00-00 0x00000003 0xef4d 545 68 0/0/0
0000.0000.0003.00-00 0x00000008 0x3340 582 111 1/0/0
Total LSP(s): 3
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
[~SwitchB] display isis lsdb
Database information for ISIS(1)
--------------------------------
Level-1 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0001.00-00 0x00000006 0xbf7d 642 68 0/0/0
0000.0000.0002.00-00* 0x00000003 0xef4d 538 68 0/0/0
0000.0000.0003.00-00 0x00000008 0x3340 574 111 1/0/0
Total LSP(s): 3
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
[~SwitchC] display isis lsdb
Database information for ISIS(1)
--------------------------------
Level-1 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0001.00-00 0x00000006 0xbf7d 638 68 0/0/0
0000.0000.0002.00-00 0x00000003 0xef4d 533 68 0/0/0
0000.0000.0003.00-00* 0x00000008 0x3340 569 111 1/0/0
Total LSP(s): 3
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
Level-2 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0003.00-00* 0x00000008 0x55bb 650 100 0/0/0
0000.0000.0004.00-00 0x00000005 0x651 629 84 0/0/0
Total LSP(s): 2
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
[~SwitchD] display isis lsdb
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
234
Database information for ISIS(1)
--------------------------------
Level-2 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0003.00-00 0x00000008 0x55bb 644 100 0/0/0
0000.0000.0004.00-00* 0x00000005 0x651 624 84 0/0/0
Total LSP(s): 2
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
# View the IS-IS routing information of each switch. The routing table of a Level-1 device
contains a default route with the next hop as a Level-1-2 device. The routing table of a Level-2
device contains all Level-1 and Level-2 routes.
[~SwitchA] display isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------
10.1.1.0/24 10 NULL Vlanif10 Direct D/-/L/-/-
10.1.2.0/24 20 NULL Vlanif10 10.1.1.1 A/-/-/-/-
192.168.0.0/24 20 NULL Vlanif10 10.1.1.1 A/-/-/-/-
0.0.0.0/0 10 NULL Vlanif10 10.1.1.1 A/-/-/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
[~SwitchC] display isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------
10.1.1.0/24 10 NULL Vlanif10 Direct D/-/L/-/-
10.1.2.0/24 10 NULL Vlanif10 Direct D/-/L/-/-
192.168.0.0/24 10 NULL Vlanif10 Direct D/-/L/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------
10.1.1.0/24 10 NULL - Direct D/-/L/-/-
10.1.2.0/24 10 NULL - Direct D/-/L/-/-
192.168.0.0/24 10 NULL - Direct D/-/L/-/-
172.16.0.0/16 20 NULL Vlanif30 192.168.0.2 A/-/-/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
[~SwitchD] display isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
--------------------------------------------------------------------------
192.168.0.0/24 10 NULL Vlanif30 Direct D/-/L/-/-
10.1.1.0/24 20 NULL Vlanif30 192.168.0.1 A/-/-/-/-
10.1.2.0/24 20 NULL Vlanif30 192.168.0.1 A/-/-/-/-
172.16.0.0/16 10 NULL Vlanif20 Direct D/-/L/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
235
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
isis 1
is-level level-1
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
isis enable 1
isis authentication-mode md5 cipher %$%$mCq>5gS+rI*Hnl"\N"n3,sja%$%$
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 20
#
isis 1
is-level level-1
network-entity 10.0000.0000.0002.00
#
interface Vlanif20
ip address 10.1.2.2 255.255.255.0
isis enable 1
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 10 20 30
#
isis 1
network-entity 10.0000.0000.0003.00
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
isis enable 1
isis authentication-mode md5 cipher %$%$xcT`05J];Ja`JG1aI~v&,(|s%$%$
#
interface Vlanif20
ip address 10.1.2.1 255.255.255.0
isis enable 1
#
interface Vlanif30
ip address 192.168.0.1 255.255.255.0
isis enable 1
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
236
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 30
#
return
l Configuration file of SwitchD
#
sysname SwitchD
#
vlan batch 30 40
#
isis 1
is-level level-2
network-entity 20.0000.0000.0004.00
#
interface Vlanif30
ip address 192.168.0.2 255.255.255.0
isis enable 1
#
interface Vlanif40
ip address 172.16.1.1 255.255.255.0
isis enable 1
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
Return
5.15.2 Example for Configuring IS-IS DIS Election
Networking Requirements
In Figure 5-2, four switches on the broadcast network communicate using IS-IS. SwitchA and
SwitchB are Level-1-2 devices, SwitchC is a Level-1 device, and SwitchD is a Level-2 device.
SwitchA with high performance needs to be configured as a Level-2 DIS.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
237
Figure 5-2 Networking diagram of configuring IS-IS DIS election
SwitchA
L1/L2
SwitchB
L1/L2
SwitchC
L1
SwitchD
L2
10GE1/0/1
VLANIF10
10.1.1.1/24
10GE1/0/1
VLANIF10
10.1.1.2/24
10GE1/0/1
VLANIF10
10.1.1.3/24
10GE1/0/1
VLANIF10
10.1.1.4/24

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure IS-IS to enable network interconnectivity.
2. Set the DIS priority of SwitchA to 100 so that SwitchA can be elected as a Level-2 DIS.
Procedure
Step 1 Configure an IPv4 address for each interface. The configuration details are not described here.
Step 2 View the MAC address of the VLANIF interface on each switch. When each VLANIF interface
has the same DIS priority, the switch with a larger interface MAC address is elected as the DIS.
# View the MAC address of VLANIF10 on SwitchA.
[~SwitchA] display arp interface vlanif 10
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
VLAN/CEVLAN PVC
-------------------------------------------------------------------------
10.1.1.1 00e0-fc10-afec I Vlanif10
-------------------------------------------------------------------------
Total:1 Dynamic:0 Static:0 Interface:1
# View the MAC address of VLANIF10 on SwitchB.
[~SwitchB] display arp interface vlanif 10
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
VLAN/CEVLAN PVC
-------------------------------------------------------------------------
10.1.1.2 00e0-fccd-acdf I Vlanif10
-------------------------------------------------------------------------
Total:1 Dynamic:0 Static:0 Interface:1
# View the MAC address of VLANIF10 on SwitchC.
[~SwitchC] display arp interface vlanif 10
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
238
VLAN/CEVLAN PVC
-------------------------------------------------------------------------
10.1.1.3 00e0-fc50-25fe I Vlanif10
-------------------------------------------------------------------------
Total:1 Dynamic:0 Static:0 Interface:1
# View the MAC address of VLANIF10 on SwitchD.
[~SwitchD] display arp interface vlanif 10
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
VLAN/CEVLAN PVC
-------------------------------------------------------------------------
10.1.1.4 00e0-fcfd-305c I Vlanif10
-------------------------------------------------------------------------
Total:1 Dynamic:0 Static:0 Interface:1
Step 3 Configure IS-IS protocol.
# Configure SwitchA.
[~SwitchA] isis 1
[~SwitchA-isis-1] network-entity 10.0000.0000.0001.00
[~SwitchA-isis-1] quit
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] isis enable 1
[~SwitchA-Vlanif10] commit
[~SwitchA-Vlanif10] quit
# Configure SwitchB.
[~SwitchB] isis 1
[~SwitchB-isis-1] network-entity 10.0000.0000.0002.00
[~SwitchB-isis-1] quit
[~SwitchB] interface vlanif 10
[~SwitchB-Vlanif10] isis enable 1
[~SwitchB-Vlanif10] commit
[~SwitchB-Vlanif10] quit
# Configure SwitchC.
[~SwitchC] isis 1
[~SwitchC-isis-1] network-entity 10.0000.0000.0003.00
[~SwitchC-isis-1] is-level level-1
[~SwitchC-isis-1] quit
[~SwitchC] interface vlanif 10
[~SwitchC-Vlanif10] isis enable 1
[~SwitchC-Vlanif10] commit
[~SwitchC-Vlanif10] quit
# Configure SwitchD.
[~SwitchD] isis 1
[~SwitchD-isis-1] network-entity 10.0000.0000.0004.00
[~SwitchD-isis-1] is-level level-2
[~SwitchD-isis-1] quit
[~SwitchD] interface vlanif 10
[~SwitchD-Vlanif10] isis enable 1
[~SwitchD-Vlanif10] commit
[~SwitchD-Vlanif10] quit
# Check IS-IS neighbor information on SwitchA.
[~SwitchA] display isis peer
Peer information for ISIS(1)

System Id Interface Circuit Id State HoldTime Type PRI
-------------------------------------------------------------------------------
0000.0000.0002 Vlanif10 0000.0000.0002.01 Up 9s L1(L1L2) 64
0000.0000.0003 Vlanif10 0000.0000.0002.01 Up 27s L1 64
0000.0000.0002 Vlanif10 0000.0000.0004.01 Up 28s L2(L1L2) 64
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
239
0000.0000.0004 Vlanif10 0000.0000.0004.01 Up 8s L2 64
Total Peer(s): 4
# View IS-IS interface information on SwitchA.
[~SwitchA] display isis interface 1
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
Vlanif10 001 Up Mtu:Up/Lnk:Dn/IP:Dn 1497 L1/L2 No/No
# View IS-IS interface information on SwitchB.
[~SwitchB] display isis interface 1
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
Vlanif10 001 Up Mtu:Up/Lnk:Dn/IP:Dn 1497 L1/L2 Yes/No
# View IS-IS interface information on SwitchD.
[~SwitchD] display isis interface 1
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
Vlanif10 001 Up Mtu:Up/Lnk:Dn/IP:Dn 1497 L1/L2 No/Yes
As shown in the preceding interface information, when the default DIS priority is used, the IS-
IS interface on SwitchB has the largest MAC address among all the interfaces on the Level-1
Switchs. Therefore, SwitchB is elected as a Level-1 DIS. The IS-IS interface on SwitchD has
the largest MAC address among all the interfaces on the Level-2 Switchs. Therefore, SwitchD
is elected as a Level-2 DIS. Level-1 and Level-2 pseudonodes are 0000.0000.0002.01 and
0000.0000.0004.01 respectively.
Step 4 Configure the DIS priority of SwitchA.
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] isis dis-priority 100
[~SwitchA-Vlanif10] commit
# View IS-IS neighbor information on SwitchA.
[~SwitchA] display isis peer
Peer information for ISIS(1)

System Id Interface Circuit Id State HoldTime Type PRI
-----------------------------------------------------------------------------
0000.0000.0002 Vlanif10 0000.0000.0001.01 Up 21s L1(L1L2) 64
0000.0000.0003 Vlanif10 0000.0000.0001.01 Up 27s L1 64
0000.0000.0002 Vlanif10 0000.0000.0001.01 Up 28s L2(L1L2) 64
0000.0000.0004 Vlanif10 0000.0000.0001.01 Up 30s L2 64
Total Peer(s): 4
Step 5 Verify the configuration.
# View IS-IS interface information on SwitchA.
[~SwitchA] display isis interface 1
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
Vlanif10 001 Up Mtu:Up/Lnk:Dn/IP:Dn 1497 L1/L2 Yes/Yes
As shown in the preceding information, after the DIS priority of the IS-IS interface on Switch
is changed, SwitchA becomes a Level-1-2 DIS (DR) immediately and its pseudonode is
0000.0000.0001.01.
# View IS-IS neighbor and interface information on SwitchB.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
240
[~SwitchB] display isis peer
Peer information for ISIS(1)

System Id Interface Circuit Id State HoldTime Type PRI
--------------------------------------------------------------------------------
0000.0000.0001 Vlanif10 0000.0000.0001.01 Up 7s L1(L1L2) 100
0000.0000.0003 Vlanif10 0000.0000.0001.01 Up 25s L1 64
0000.0000.0001 Vlanif10 0000.0000.0001.01 Up 7s L2(L1L2) 100
0000.0000.0004 Vlanif10 0000.0000.0001.01 Up 25s L2 64
Total Peer(s): 4
[~SwitchB] display isis interface 1
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
Vlanif10 1 Up Mtu:Up/Lnk:Dn/IP:Dn 1497 L1/L2 No/No
# View IS-IS neighbor and interface information on SwitchD.
[~SwitchD] display isis peer
Peer information for ISIS(1)

System Id Interface Circuit Id State HoldTime Type PRI
-------------------------------------------------------------------------------
0000.0000.0001 Vlanif10 0000.0000.0001.01 Up 9s L2 100
0000.0000.0002 Vlanif10 0000.0000.0001.01 Up 28s L2 64
Total Peer(s): 2
[~SwitchD] display isis interface 1
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
Vlanif10 1 Up Mtu:Up/Lnk:Dn/IP:Dn 1497 L1/L2 No/No
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
isis 1
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
isis enable 1
isis dis-priority 100
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
l Configuration file of SwitchB
#
#
sysname SwitchB
#
vlan batch 10
#
isis 1
network-entity 10.0000.0000.0002.00
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
isis enable 1
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
241
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 10
#
isis 1
is-level level-1
network-entity 10.0000.0000.0003.00
#
interface Vlanif10
ip address 10.1.1.3 255.255.255.0
isis enable 1
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
l Configuration file of SwitchD
#
sysname SwitchD
#
vlan batch 10
#
isis 1
is-level level-2
network-entity 10.0000.0000.0004.00
#
interface Vlanif10
ip address 10.1.1.4 255.255.255.0
isis enable 1
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
5.15.3 Example for Configuring IS-IS to Interact with BGP
Networking Requirements
As shown in Figure 5-3, Switch A and Switch B belong to the same AS, and the IS-IS neighbor
relationship is established between Switch A and Switch B. An EBGP connection is established
between Switch B and Switch C. Switch A, Switch B, and Switch C need to communicate with
each other. Besides, the metric of routes need to be changed when AS 65009 sends the routes
to AS 65008.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
242
Figure 5-3 Networking diagram of configuring IS-IS to interact with BGP
SwitchA SwitchB
SwitchC
AS65008 AS65009
Loopback0
1.1.1.1/32
Loopback0
2.2.2.2/32
10GE1/0/1
VLANIF10
10.1.1.1/24
10GE1/0/1
VLANIF10
10.1.1.2/24
10GE1/0/2
VLANIF20
10.2.1.1/24
10GE1/0/1
VLANIF20
10.2.1.2/24

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure IP addresses for interfaces, and enable IS-IS and BGP to ensure that there are
reachable routes inside each AS.
2. Configure IS-IS and BGP to import routes from each other on Switch B to ensure that there
are routes on each network segment. Configure a route-policy to change the metric of
imported routes when IS-IS imports BGP routes.
Procedure
Step 1 Configure VLANs that each interface belongs to.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchB
[~HUAWEI] commit
[~SwitchB] vlan batch 10 20
[~SwitchB] interface 10ge 1/0/1
[~SwitchB-10GE1/0/1] port link-type trunk
[~SwitchB-10GE1/0/1] port trunk allow-pass vlan 10
[~SwitchB-10GE1/0/1] quit
[~SwitchB] interface 10ge 1/0/2
[~SwitchB-10GE1/0/2] port link-type trunk
[~SwitchB-10GE1/0/2] port trunk allow-pass vlan 20
[~SwitchB-10GE1/0/2] quit
[~SwitchB] commit
The configurations of SwitchA and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
Step 2 Assign the IP addresses for VLANIF interfaces.
[~SwitchB] interface vlanif 10
[~SwitchB-Vlanif10] ip address 10.1.1.2/24
[~SwitchB-Vlanif10] quit
[~SwitchB] interface vlanif 20
[~SwitchB-Vlanif20] ip address 10.2.1.1/24
[~SwitchB-Vlanif20] quit
[~SwitchB] commit
The configurations of SwitchA and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
243
Step 3 Configure basic IS-IS functions.
# Configure SwitchA.
[~SwitchA] isis 1
[~SwitchA-isis-1] network-entity 10.0000.0000.0001.00
[~SwitchA-isis-1] quit
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] isis enable 1
[~SwitchA-Vlanif10] quit
[~SwitchA] commit
# Configure SwitchB.
[~SwitchB] isis 1
[~SwitchB-isis-1] network-entity 10.0000.0000.0002.00
[~SwitchB-isis-1] quit
[~SwitchB] interface vlanif 20
[~SwitchB-Vlanif20] isis enable 1
[~SwitchB-Vlanif20] quit
[~SwitchB] commit
Step 4 Establish an EBGP connection.
# Configure SwitchB.
[~SwitchB] bgp 65008
[~SwitchB-bgp] router-id 1.1.1.1
[~SwitchB-bgp] peer 10.2.1.2 as-number 65009
[~SwitchB-bgp] ipv4-family unicast
[~SwitchB-bgp-af-ipv4] network 10.2.1.0 255.255.255.0
[~SwitchB-bgp-af-ipv4] commit
Configure SwitchC.
[~SwitchC] bgp 65009
[~SwitchC-bgp] router-id 2.2.2.2
[~SwitchC-bgp] peer 10.2.1.1 as-number 65008
[~SwitchC-bgp] ipv4-family unicast
[~SwitchC-bgp-af-ipv4] network 10.2.1.0 255.255.255.0
[~Switchc-bgp-af-ipv4] commit
Step 5 Configure IS-IS to import BGP routes.
# Configure a static route on SwitchC.
[~SwitchC] ip route-static 200.1.1.1 32 NULL 0
[~SwitchC] commit
# On SwitchC, configure BGP to import the static route.
[~SwitchC] bgp 65009
[~SwitchC-bgp] import-route static
[~SwitchC-bgp] quit
[~SwitchC] commit
# On SwitchB, configure IS-IS to import the BGP route.
[~SwitchB] isis 1
[~SwitchB-isis-1] import-route bgp
[~SwitchB-isis-1] quit
[~SwitchB] commit
# View the routing table of SwitchA, and you can see that IS-IS successfully imports BGP route
200.1.1.1/32.
[~SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
244
Routing Tables: Public
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif10
10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
10.1.1.2/32 Direct 0 0 D 10.1.1.2 Vlanif10
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
200.1.1.1/32 ISIS-L2 15 74 D 10.1.1.2 Vlanif10
# On Switch B, configure the AS_Path filter, and apply the filter in route-policy RTC.
[~SwitchB] ip as-path-filter 1 permit 65009
[~SwitchB] route-policy RTC permit node 0
[~SwitchB-route-policy] if-match as-path-filter 1
[~SwitchB-route-policy] apply cost 20
[~SwitchB-route-policy] quit
[~SwitchB] commit
# On SwitchB, configure IS-IS to import the BGP route.
[~SwitchB] isis 1
[~SwitchB-isis-1] import-route bgp route-policy RTC
[~SwitchB-isis-1] quit
[~SwitchB] commit
# View the routing table of SwitchA, and you can see that the AS_Path filter is successfully
applied and the cost of imported route 200.1.1.1/32 changes from 74 to 94.
[~SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif10
10.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif10
10.1.1.2/32 Direct 0 0 D 10.1.1.2 Vlanif10
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
200.1.1.1/32 ISIS-L2 15 94 D 10.1.1.2 Vlanif10
Step 6 Configure BGP to import IS-IS routes.
[~SwitchB] bgp 65008
[~SwitchB-bgp] import-route isis 1
[~SwitchB-bgp] quit
[~SwitchB] commit
# View the routing table of SwitchC, and you can see that BGP successfully imports IS-IS route
10.1.1.0/24.
[~SwitchC] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 7 Routes : 7
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 EBGP 255 0 D 10.2.1.1 Vlanif20
10.2.1.0/24 Direct 0 0 D 10.2.1.2 Vlanif10
10.2.1.1/32 Direct 0 0 D 10.2.1.1 Vlanif20
10.2.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
245
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
200.1.1.1/32 Static 60 0 D 0.0.0.0 NULL0
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
isis 1
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
isis enable 1
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 10 20
#
isis 1
network-entity 10.0000.0000.0002.00
import-route bgp route-policy RTC
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
isis enable 1
#
interface Vlanif20
ip address 10.2.1.1 255.255.255.0
isis enable 1
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
bgp 65008
router-id 1.1.1.1
peer 10.2.1.2 as-number 65009
#
ipv4-family unicast
undo synchronization
network 10.2.1.0 255.255.255.0
import-route static
import-route isis 1
peer 10.2.1.2 enable
#
route-policy RTC permit node 0
if-match as-path-filter 1
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
246
apply cost 20
#
ip as-path-filter 1 index 10 permit 65009
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 20
#
interface Vlanif20
ip address 10.2.1.2 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
bgp 65009
router-id 2.2.2.2
peer 10.2.1.1 as-number 65008
#
ipv4-family unicast
undo synchronization
network 10.2.1.0 255.255.255.0
import-route static
peer 10.2.1.1 enable
#
ip route-static 200.1.1.1 255.255.255.255 NULL0
#
return
5.15.4 Example for Configuring IS-IS Auto FRR
Networking Requirements
As shown in Figure 5-4, four devices (Switch A, Switch B, Switch C, and Switch D)
communicate using IS-IS. The reliability of data forwarding from Switch A to Switch D needs
to be improved. When the primary link fails, traffic is transmitted to the backup link in
milliseconds.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
247
Figure 5-4 Networking diagram of configuring IS-IS Auto FRR
SwitchC
L1/2
SwitchB
L1/2
SwitchA
L1/2
SwitchD
L1/2
c
o
s
t

=

1
0
c
o
s
t

=

1
0
c
o
s
t

=

3
0
10GE1/0/1
VLANIF10
1.0.0.2/24
10GE1/0/1
VLANIF10
1.0.0.1/24
10GE1/0/1
VLANFI50
4.0.0.2/24
10GE1/0/2
VLANIF30
3.0.0.2/24
10GE1/0/2
VLANIF30
3.0.0.1/24
10GE1/0/2
VLANIF50
4.0.0.1/24
10GE1/0/1
VLANIF20
2.0.0.2/24
10GE1/0/2
VLANIF20
2.0.0.1/24
cost = 10
10GE1/0/3
VLANIF40
100.1.1.1/24
c
o
s
t

=

1
0
Link T

Configuration Roadmap
The configuration roadmap is as follows:
1. Set a larger link cost on GigabitEthernet1/0/2 of Switch A, and ensure that Link T is
preferentially selected for data forwarding from Switch A to Switch D.
2. Configure IS-IS Auto FRR on Switch A to allow traffic to be fast switched to the backup
link without waiting for route convergence when a fault occurs on Link T. This improves
the reliability of data forwarding.
Procedure
Step 1 Configure VLANs that each interface belongs to.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[~HUAWEI] commit
[~SwitchA] vlan batch 10 20
[~SwitchA] interface 10ge 1/0/1
[~SwitchA-10GE1/0/1] port link-type trunk
[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10
[~SwitchA-10GE1/0/1] quit
[~SwitchA] interface 10ge 1/0/2
[~SwitchA-10GE1/0/2] port link-type trunk
[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 20
[~SwitchA-10GE1/0/2] quit
[~SwitchA] commit
The configurations of SwitchB, SwitchC, and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
Step 2 Configure the IP addresses of each VLANIF interface.
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] ip address 10.0.0.1 24
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
248
[~SwitchA-Vlanif10] quit
[~SwitchA] interface vlanif 20
[~SwitchA-Vlanif20] ip address 2.0.0.1 24
[~SwitchA-Vlanif20] quit
[~SwitchA] commit
The configurations of SwitchB, SwitchC, and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
Step 3 Configure basic IS-IS functions.
# Configure SwitchA.
[~SwitchA] isis 1
[~SwitchA-isis-1] is-level level-1-2
[~SwitchA-isis-1] network-entity 10.0000.0000.0001.00
[~SwitchA-isis-1] quit
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] isis enable 1
[~SwitchA-Vlanif10] quit
[~SwitchA] interface vlanif 20
[~SwitchA-Vlanif20] isis enable 1
[~SwitchA-Vlanif20] quit
[~SwitchA] commit
# Configure SwitchB.
[~SwitchB] isis 1
[~SwitchB-isis-1] is-level level-1-2
[~SwitchB-isis-1] network-entity 10.0000.0000.0002.00
[~SwitchB-isis-1] quit
[~SwitchB] interface vlanif 20
[~SwitchB-Vlanif20] isis enable 1
[~SwitchB-Vlanif20] quit
[~SwitchB] interface vlanif 30
[~SwitchB-Vlanif30] isis enable 1
[~SwitchB-Vlanif30] quit
[~SwitchB] commit
# Configure SwitchC.
[~SwitchC] isis 1
[~SwitchC-isis-1] is-level level-1-2
[~SwitchC-isis-1] network-entity 10.0000.0000.0003.00
[~SwitchC-isis-1] quit
[~SwitchC] interface vlanif 10
[~SwitchC-Vlanif10] isis enable 1
[~SwitchC-Vlanif10] quit
[~SwitchC] interface vlanif 50
[~SwitchC-Vlanif50] isis enable 1
[~SwitchC-Vlanif50] quit
[~SwitchC] commit
# Configure SwitchD.
[~SwitchD] isis 1
[~SwitchD-isis-1] is-level level-1-2
[~SwitchD-isis-1] network-entity 10.0000.0000.0004.00
[~SwitchD-isis-1] quit
[~SwitchD] interface vlanif 50
[~SwitchD-Vlanif50] isis enable 1
[~SwitchD-Vlanif50] quit
[~SwitchD] interface vlanif 30
[~SwitchD-Vlanif30] isis enable 1
[~SwitchD-Vlanif30] quit
[~SwitchD] interface vlanif 40
[~SwitchD-Vlanif40] isis enable 1
[~SwitchD-Vlanif40] quit
[~SwitchD] commit
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
249
Step 4 Set the interface cost of VLANIF 20 on SwitchA to 30, and then check the routing information.
# Set the interface cost of VLANIF 20 on SwitchA to 30.
[~SwitchA] interface vlanif 20
[~SwitchA-Vlanif20] isis cost 30
[~SwitchA-Vlanif20] quit
[~SwitchA] commit
# Check information about the link from SwitchA to SwitchD. Link T has a lower cost, and so
IS-IS optimally selects Link T to send traffic that is forwarded by SwitchA.
<SwitchA> display isis route 100.1.1.1 verbose

Route information for ISIS(1)
-----------------------------

ISIS(1) Level-1 Forwarding Table
--------------------------------

IPV4 Dest : 100.1.1.0/24 Int. Cost : 30 Ext. Cost : NULL
Admin Tag : - Src Count : 1 Flags : A/-/L/-
Priority : Low
NextHop : Interface : ExitIndex :
1.0.0.2 Vlanif10 0x00000003

Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set


ISIS(1) Level-2 Forwarding Table
--------------------------------

IPV4 Dest : 100.1.1.0/24 Int. Cost : 30 Ext. Cost : NULL
Admin Tag : - Src Count : 3 Flags : -/-/-/-
Priority : Low

Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set

# Run the display fib 100.1.1.1 verbose command on SwitchA to check the forwarding entry
of traffic from SwitchA to SwitchD.
<SwitchA> display fib 100.1.1.1 verbose
Route Entry Count: 1
Destination: 100.1.1.0 Mask : 255.255.255.0
Nexthop : 1.0.0.2 OutIf : Vlanif10
LocalAddr : 1.0.0.1 LocalMask: 0.0.0.0
Flags : DGU Age : 26sec
ATIndex : 0 Slot : 0
LspFwdFlag : 0 LspToken : 0x0
InLabel : NULL OriginAs : 0
BGPNextHop : 0.0.0.0 PeerAs : 0
QosInfo : 0x0 OriginQos: 0x0
NexthopBak : 0.0.0.0 OutIfBak : [~No Intf]
LspTokenBak: 0x0 InLabelBak : NULL
LspToken_ForInLabelBak : 0x0
EntryRefCount : 0
VlanId : 0x0
BgpKey : 0
BgpKeyBak : 0
LspType : 0 Label_ForLspTokenBak : 0
MplsMtu : 0 Gateway_ForLspTokenBak : 0.0.0.0
NextToken : 0x0 IfIndex_ForLspTokenBak : 0
Label_NextToken : 0 Label : 0
LspBfdState : 0
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
250
As shown in the command output, traffic from SwitchA to SwitchD is only forwarded through
Link T.
Step 5 Enable IS-IS Auto FRR on SwitchA, and then check the routing information.
# Enable IS-IS Auto FRR on SwitchA.
<SwitchA> isis
[~SwitchA-isis-1] frr
[~SwitchA-isis-1-frr] loop-free-alternate
[~SwitchA-isis-1-frr] commit
# Check the routing information from SwitchA to SwitchD. You can find that IS-IS creates a
backup link because IS-IS Auto FRR is enabled.
<SwitchA> display isis route 100.1.1.1 verbose

Route information for ISIS(1)
-----------------------------

ISIS(1) Level-1 Forwarding Table
--------------------------------

IPV4 Dest : 100.1.1.0/24 Int. Cost : 30 Ext. Cost : NULL
Admin Tag : - Src Count : 1 Flags : A/-/L/-
Priority : Low
NextHop : Interface : ExitIndex :
1.0.0.2 Vlanif10 0x00000003
(B)2.0.0.2 Vlanif20 0x00000004

Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set


ISIS(1) Level-2 Forwarding Table
--------------------------------

IPV4 Dest : 100.1.1.0/24 Int. Cost : 30 Ext. Cost : NULL
Admin Tag : - Src Count : 3 Flags : -/-/-/-
Priority : Low

Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set

# Check the protection type for the traffic from SwitchA to SwitchD.
<SwitchA> display isis spf-tree systemid 0000.0000.0004 verbose

Shortest Path Tree for ISIS(1)
------------------------------

ISIS(1) Level-1 Shortest Path Tree
----------------------------------
0000.0000.0004.00
Distance : 20
Distance-URT : 20
Flags : SPT
IPv4 Nexthops-URT : 1
(1) 1.0.0.2 IF:Vlanif10 NBR:0000.0000.0003.00
(B) 2.0.0.2 IF:Vlanif20 NBR:0000.0000.0002.00
TYPE:LOOP-FREE PROTECT:LINK-NODE
IPv4 Nexthops-MIGP : 0
Neighbors: 2 (Children:1 Parents:1 Others:0)
(1) 0000.0000.0003.02
Cost : 10
Flags : Parent

(2) 0000.0000.0004.03
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
251
Cost : 10
Flags : Child


ISIS(1) Level-2 Shortest Path Tree
----------------------------------
0000.0000.0004.00
Distance : 20
Distance-URT : 20
Flags : SPT
IPv4 Nexthops-URT : 1
(1) 1.0.0.2 IF:Vlanif10 NBR:0000.0000.0003.00
(B) 2.0.0.2 IF:Vlanif20 NBR:0000.0000.0002.00
TYPE:LOOP-FREE PROTECT:LINK-NODE
IPv4 Nexthops-MIGP : 0
Neighbors: 2 (Children:1 Parents:1 Others:0)
(1) 0000.0000.0003.02
Cost : 10
Flags : Parent

(2) 0000.0000.0004.03
Cost : 10
Flags : Child

As shown in the preceding command output, link-node dual protection is performed on the traffic
from SwitchA to SwitchD.
# Run the display fib 100.1.1.1 verbose command on SwitchA to check the forwarding entry
of traffic from SwitchA to SwitchD.
<SwitchA> display fib 100.1.1.1 verbose
Route Entry Count: 1
Destination: 100.1.1.0 Mask : 255.255.255.0
Nexthop : 1.0.0.2 OutIf : Vlanif10
LocalAddr : 1.0.0.1 LocalMask: 0.0.0.0
Flags : DGU Age : 6sec
ATIndex : 0 Slot : 0
LspFwdFlag : 0 LspToken : 0x0
InLabel : NULL OriginAs : 0
BGPNextHop : 0.0.0.0 PeerAs : 0
QosInfo : 0x0 OriginQos: 0x0
NexthopBak : 2.0.0.2 OutIfBak : Vlanif20
LspTokenBak: 0x0 InLabelBak : NULL
LspToken_ForInLabelBak : 0x0
EntryRefCount : 0
VlanId : 0x0
BgpKey : 0
BgpKeyBak : 0
LspType : 0 Label_ForLspTokenBak : 0
MplsMtu : 0 Gateway_ForLspTokenBak : 0.0.0.0
NextToken : 0x0 IfIndex_ForLspTokenBak : 0
Label_NextToken : 0 Label : 0
LspBfdState : 0
As shown in the command output, the outbound interface of the primary link from SwitchA to
SwitchD is Vlanif10. The backup link follows the route with Vlanif20 as the outbound interface
and 2.0.0.2 as the next hop.
Step 6 Verify the configuration.
# Run the shutdown command on Vlanif50 of SwitchC to shut down the link.
[~SwitchC] interface vlanif 50
[~SwitchC-Vlanif50] shutdown
[~SwitchC-Vlanif50] commit
# Run the display fib 100.1.1.1 verbose command on SwitchA to check information about the
route from SwitchA to SwitchD.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
252
<SwitchA> display fib 100.1.1.1 verbose
Route Entry Count: 1
Destination: 100.1.1.0 Mask : 255.255.255.0
Nexthop : 2.0.0.2 OutIf : Vlanif20
LocalAddr : 2.0.0.1 LocalMask: 0.0.0.0
Flags : DGU Age : 124sec
ATIndex : 0 Slot : 0
LspFwdFlag : 0 LspToken : 0x0
InLabel : NULL OriginAs : 0
BGPNextHop : 0.0.0.0 PeerAs : 0
QosInfo : 0x0 OriginQos: 0x0
NexthopBak : 0.0.0.0 OutIfBak : [~No Intf]
LspTokenBak: 0x0 InLabelBak : NULL
LspToken_ForInLabelBak : 0x0
EntryRefCount : 0
VlanId : 0x0
BgpKey : 0
BgpKeyBak : 0
LspType : 0 Label_ForLspTokenBak : 0
MplsMtu : 0 Gateway_ForLspTokenBak : 0.0.0.0
NextToken : 0x0 IfIndex_ForLspTokenBak : 0
Label_NextToken : 0 Label : 0
LspBfdState : 0
As shown in the command output, the traffic forwarded by the SwitchA is switched to the backup
link with outbound interface Vlanif20 and next hop 2.0.0.2.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 20
#
isis 1
frr
loop-free-alternate level-1
loop-free-alternate level-2
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
ip address 1.0.0.1 255.255.255.0
isis enable 1
#
interface Vlanif20
ip address 2.0.0.1 255.255.255.0
isis enable 1
isis cost 30
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 20 30
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
253
#
isis 1
network-entity 10.0000.0000.0002.00
#
interface Vlanif20
ip address 2.0.0.2 255.255.255.0
isis enable 1
#
interface Vlanif30
ip address 3.0.0.1 255.255.255.0
isis enable 1
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 10 50
#
isis 1
network-entity 10.0000.0000.0003.00
#
interface Vlanif10
ip address 1.0.0.2 255.255.255.0
isis enable 1
#
interface Vlanif50
shutdown
ip address 4.0.0.1 255.255.255.0
isis enable 1
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 50
#
return
l Configuration file of SwitchD
#
sysname SwitchD
#
vlan batch 30 40 50
#
isis 1
network-entity 10.0000.0000.0004.00
#
interface Vlanif50
ip address 4.0.0.2 255.255.255.0
isis enable 1
#
interface Vlanif30
ip address 3.0.0.2 255.255.255.0
isis enable 1
#
interface Vlanif40
ip address 100.1.1.1 255.255.255.0
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
254
isis enable 1
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 50
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 40
#
return
5.15.5 Example for Configuring Static BFD for IS-IS
Networking Requirements
As shown in Figure 5-5, three routers are interconnected using IS-IS, and RouterA and RouterB
communicate with each other through a Layer 2 switch. When a link between RouterA and
RouterB fails, the two routers can respond to the fault rapidly.
Figure 5-5 Networking diagram of configuring static BFD for IS-IS
SwitchA SwitchB SwitchC
10GE1/0/1
VLANIF10
100.1.1.1/24
10GE1/0/1
VLANIF10
100.1.1.2/24
10GE1/0/2
VLANIF20
100.2.1.1/24
10GE1/0/1
VLANIF20
100.2.1.2/24

NOTE
BFD for IS-IS cannot be used to detect the multi-hop link between RouterA and RouterC, because the IS-
IS neighbor relationship cannot be established between RouterA and RouterC.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure IP addresses for interfaces and enable IS-IS on each router to ensure reachable
routes between the routers.
2. Enable static BFD for IS-IS on RouterA and RouterB so that routers can rapidly detect link
faults.
Procedure
Step 1 Configure VLANs that each interface belongs to.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[~HUAWEI] commit
[~SwitchA] vlan batch 10
[~SwitchA] interface 10ge 1/0/1
[~SwitchA-10GE1/0/1] port link-type trunk
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
255
[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10
[~SwitchA-10GE1/0/1] quit
[~SwitchA] commit
The configurations of SwitchB, SwitchC, and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
Step 2 Assign the IP addresses for VLANIF interfaces.
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] ip address 100.1.1.1 24
[~SwitchA-Vlanif10] quit
[~SwitchA] commit
The configurations of SwitchB, SwitchC, and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
Step 3 Configure basic IS-IS functions.
# Configure SwitchA.
[~SwitchA] isis 1
[~SwitchA-isis-1] is-level level-2
[~SwitchA-isis-1] network-entity aa.1111.1111.1111.00
[~SwitchA-isis-1] quit
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] isis enable 1
[~SwitchA-Vlanif10] quit
[~SwitchA] commit
# Configure SwitchB.
[~SwitchB] isis 1
[~SwitchB-isis-1] is-level level-2
[~SwitchB-isis-1] network-entity aa.2222.2222.2222.00
[~SwitchB-isis-1] quit
[~SwitchB] interface vlanif 10
[~SwitchB-Vlanif10] isis enable 1
[~SwitchB-Vlanif10] quit
[~SwitchB] interface vlanif 20
[~SwitchB-Vlanif20] isis enable 1
[~SwitchB-Vlanif20] quit
[~SwitchB] commit
# Configure SwitchC.
[~SwitchC] isis 1
[~SwitchC-isis-1] is-level level-2
[~SwitchC-isis-1] network-entity aa.3333.3333.3333.00
[~SwitchC-isis-1] quit
[~SwitchC] interface vlanif 20
[~SwitchC-Vlanif20] isis enable 1
[~SwitchC-Vlanif20] quit
[~SwitchC] commit
# After the preceding configurations, you can see that the neighbor relationship is established
between SwitchA and SwitchB.
[~SwitchA] display isis peer
Peer information for ISIS(1)
----------------------------
System Id Interface Circuit Id State HoldTime Type PRI
2222.2222.2222 Vlanif10 0000000001 Up 23s L2 64
The IS-IS routing table of SwitchA contains the routes to SwitchB and SwitchC.
[~SwitchA] display isis route
Route information for ISIS(1)
-----------------------------
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
256
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------
100.1.1.0/24 10 NULL Vlanif10 Direct D/-/L/-
100.2.1.0/24 20 NULL Vlanif10 100.1.1.2 A/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
Step 4 Configure BFD.
# Enable BFD on SwitchA and configure a BFD session.
[~SwitchA] bfd
[~SwitchA-bfd] quit
[~SwitchA] bfd atob bind peer-ip 100.1.1.2 interface vlanif 10
[~SwitchA-bfd-session-atob] discriminator local 1
[~SwitchA-bfd-session-atob] discriminator remote 2
[~SwitchA-bfd-session-atob] commit
[~SwitchA-bfd-session-atob] quit
[~SwitchA] commit
# Enable BFD on SwitchA and configure a BFD session.
[~SwitchB] bfd
[~SwitchB-bfd] quit
[~SwitchB] bfd btoa bind peer-ip 100.1.1.1 interface vlanif 10
[~SwitchB-bfd-session-btoa] discriminator local 2
[~SwitchB-bfd-session-btoa] discriminator remote 1
[~SwitchB-bfd-session-btoa] quit
[~SwitchB] commit
After the preceding configurations, run the display bfd session command on SwitchA or
SwitchB, and you can see that the status of the BFD session is Up.
The following uses the display on SwitchA as an example.
[~SwitchA] display bfd session all
------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
------------------------------------------------------------------------
1 2 100.1.1.2 Up S_IP_IF Vlanif10
------------------------------------------------------------------------
Total UP/DOWN Session Number : 1/0
Step 5 Enable IS-IS fast detect.
# Configure SwitchA.
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] isis bfd static
[~SwitchA-Vlanif10] quit
[~SwitchA] commit
# Configure SwitchB.
[~SwitchB] interface Vlanif 10
[~SwitchB-Vlanif10] isis bfd static
[~SwitchB-Vlanif10] quit
[~SwitchB] commit
Step 6 Verify the configuration.
# Enable debugging on SwitchA.
<SwitchA> debugging isis adjacency
<SwitchA> debugging isis circuit-information
<SwitchA> terminal debugging
# Run the shutdown command on 10GE1/0/1 of SwitchB to simulate a link fault.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
257
[~~SwitchB-10GE1/0/1] shutdown
[~~SwitchB-10GE1/0/1] commit
# On SwitchA, you can view the following log information, which indicates that IS-IS deletes
the neighbor relationship with SwitchB after being notified by BFD of the fault.
#80/active/IsisAdjacencyChange/Major/occurredTime:2011-03-09 04:17:07/-/-/alarmI
D:0x08960007/VS=0:ISIS adjacency state change. (SysInstance=1, SysLevel=1, CircI
ndex=2, CircIfIndex=20, LspId=2222.2222.2222.00.00, AdjState=1, IfIndex=20, IfNa
me=GE1/0/1, Reason=BFD detected that the neighbor went Down, SubReason=14)
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
info-center source BFD channel 1 log level debugging
#
bfd
#
isis 1
is-level level-2
network-entity aa.1111.1111.1111.00
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.0
isis enable 1
isis bfd static
#
bfd atob bind peer-ip 100.1.1.2 interface Vlanif10
discriminator local 1
discriminator remote 2
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 10 20
#
bfd
#
isis 1
is-level level-2
network-entity aa.2222.2222.2222.00
#
interface Vlanif10
ip address 100.1.1.2 255.255.255.0
isis enable 1
isis bfd static
shutdown
#
interface Vlanif20
ip address 100.2.1.1 255.255.255.0
isis enable 1
#
bfd btoa bind peer-ip 100.1.1.1 interface Vlanif10
discriminator local 2
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
258
discriminator remote 1
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 20
#
isis 1
is-level level-2
network-entity aa.3333.3333.3333.00
#
interface Vlanif20
ip address 100.2.1.2 255.255.255.0
isis enable 1
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
return
5.15.6 Example for Configuring Dynamic BFD for IS-IS
Networking Requirements
As shown in Figure 5-6, three devices are interconnected using IS-IS, and Switch A and Switch
B communicate with each other through a Layer 2 switch. When the link that passes through the
switch between Switch A and Switch B fails, the two devices need to rapidly respond to the
fault, and traffic can be switched to the link that passes through Switch C for forwarding.
Figure 5-6 Networking diagram of configuring dynamic BFD for IS-IS
SwitchA SwitchB
SwitchC
10GE1/0/2
VLANIF20
3.3.3.1/24
10GE1/0/2
VLANIF20
3.3.3.2/24
10GE1/0/3
VLANIF40
172.16.1.1/24
10GE1/0/1
VLANIF10
1.1.1.1/24
10GE1/0/1
VLANIF10
1.1.1.2/24
10GE1/0/1
VLANIF30
2.2.2.2/24
10GE1/0/2
VLANIF30
2.2.2.1/24

CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
259
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure IP addresses for interfaces and enable IS-IS on each device to ensure reachable
routes between the devices.
2. Set the IS-IS interface cost to control route selection of the devices to make the link that
passes through the switch from Switch A to Switch B as the primary link and the link that
passes through Switch C as the backup link.
3. Configure dynamic BFD for IS-IS on Switch A, Switch B, and Switch C so that link faults
can be detected rapidly and traffic can be switched to the backup link for forwarding.
Procedure
Step 1 Configure VLANs that each interface belongs to.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[~HUAWEI] commit
[~SwitchA] vlan batch 10 20
[~SwitchA] interface 10ge 1/0/1
[~SwitchA-10GE1/0/1] port link-type trunk
[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10
[~SwitchA-10GE1/0/1] quit
[~SwitchA] interface 10ge 1/0/2
[~SwitchA-10GE1/0/2] port link-type trunk
[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 20
[~SwitchA-10GE1/0/2] quit
[~SwitchA-10GE1/0/2] commit
The configurations of SwitchB, SwitchC, and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
Step 2 Assign the IP addresses for VLANIF interfaces.
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] ip address 1.1.1.1 24
[~SwitchA-Vlanif10] quit
[~SwitchA] interface vlanif 20
[~SwitchA-Vlanif20] ip address 3.3.3.1 24
[~SwitchA-Vlanif20] quit
[~SwitchA-Vlanif20] commit
The configurations of SwitchB, SwitchC, and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
Step 3 Configure basic IS-IS functions.
# Configure SwitchA.
[~SwitchA] isis
[~SwitchA-isis-1] is-level level-2
[~SwitchA-isis-1] network-entity 10.0000.0000.0001.00
[~SwitchA-isis-1] quit
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] isis enable 1
[~SwitchA-Vlanif10] quit
[~SwitchA] interface vlanif 20
[~SwitchA-Vlanif20] isis enable 1
[~SwitchA-Vlanif20] commit
[~SwitchA-Vlanif20] quit
# Configure SwitchB.
[~SwitchB] isis
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
260
[~SwitchB-isis-1] is-level level-2
[~SwitchB-isis-1] network-entity 10.0000.0000.0002.00
[~SwitchB-isis-1] quit
[~SwitchB] interface vlanif 30
[~SwitchB-Vlanif30] isis enable 1
[~SwitchB-Vlanif30] quit
[~SwitchB] interface vlanif 20
[~SwitchB-Vlanif20] isis enable 1
[~SwitchB-Vlanif20] quit
[~SwitchB] interface vlanif 40
[~SwitchB-Vlanif40] isis enable 1
[~SwitchB-Vlanif40] commit
[~SwitchB-Vlanif40] quit
# Configure SwitchC.
[~SwitchC] isis
[~SwitchC-isis-1] is-level level-2
[~SwitchC-isis-1] network-entity 10.0000.0000.0003.00
[~SwitchC-isis-1] quit
[~SwitchC] interface vlanif 10
[~SwitchC-Vlanif10] isis enable 1
[~SwitchC-Vlanif10] quit
[~SwitchC] interface vlanif 30
[~SwitchC-Vlanif30] isis enable 1
[~SwitchC-Vlanif30] commit
[~SwitchC-10GE1/0/2] quit
# After the preceding configurations, run the display isis peer command. You can see that the
neighbor relationships are established between SwitchA and SwitchB, and between SwitchA
and SwitchC. The following uses the configuration of SwitchA as an example.
[~SwitchA] display isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
-------------------------------------------------------------------------------
0000.0000.0002 Vlanif20 0000.0000.0002.01 Up 9s L2 64
0000.0000.0003 Vlanif10 0000.0000.0001.02 Up 21s L2 64
Total Peer(s): 2
# switchs learn routes from each other. The following uses the routing table of SwitchA as an
example.
[~SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: _public_
Destinations : 8 Routes : 9
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 Direct 0 0 D 1.1.1.1 Vlanif10
1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
2.2.2.0/24 ISIS 15 20 D 1.1.1.2 Vlanif10
3.3.3.0/24 Direct 0 0 D 3.3.3.1 Vlanif10
3.3.3.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 ISIS 15 20 D 3.3.3.2 Vlanif20
As shown in the routing table, the next-hop address of the route to 172.16.1.0/24 is 3.3.3.2, and
traffic is transmitted on the primary link SwitchASwitchB.
Step 4 Set the interface cost.
# Configure SwitchA.
[~SwitchA] interface vlanif 20
[~SwitchA-Vlanif20] isis cost 5
[~SwitchA-Vlanif20] commit
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
261
[~SwitchA-Vlanif20] quit
# Configure SwitchB.
[~SwitchB] interface vlanif 20
[~SwitchB-Vlanif20] isis cost 5
[~SwitchB-Vlanif20] commit
[~SwitchB-Vlanif20] quit
Step 5 Configure BFD for IS-IS processes.
# Enable BFD for IS-IS on SwitchA.
[~SwitchA] bfd
[~SwitchA-bfd] quit
[~SwitchA] isis
[~SwitchA-isis-1] bfd all-interfaces enable
[~SwitchA-isis-1] commit
[~SwitchA-isis-1] quit
# Enable BFD for IS-IS on SwitchB.
[~SwitchB] bfd
[~SwitchB-bfd] quit
[~SwitchB] isis
[~SwitchB-isis-1] bfd all-interfaces enable
[~SwitchB-isis-1] commit
[~SwitchB-isis-1] quit
# Enable BFD for IS-IS on SwitchC.
[~SwitchC] bfd
[~SwitchC-bfd] quit
[~SwitchC] isis
[~SwitchC-isis-1] bfd all-interfaces enable
[~SwitchC-isis-1] commit
[~SwitchC-isis-1] quit
# After the preceding configurations, run the display isis bfd session all command on SwitchA,
SwitchB, and SwitchC. You can see that the BFD session status is Up.
The following uses the display on SwitchA as an example.
[~SwitchA] display isis bfd session all
BFD session information for ISIS(1)
-----------------------------------
Peer System ID : 0000.0000.0002 Interface : Vlanif20
TX : 10 BFD State : up Peer IP Address : 3.3.3.2
RX : 10 LocDis : 16385 Local IP Address: 3.3.3.1
Multiplier : 3 RemDis : 16388 Type : L2
Diag : No diagnostic information
Peer System ID : 0000.0000.0003 Interface : Vlanif10
TX : 10 BFD State : up Peer IP Address : 1.1.1.2
RX : 10 LocDis : 16386 Local IP Address: 1.1.1.1
Multiplier : 3 RemDis : 16387 Type : L2
Diag : No diagnostic information
Total BFD session(s): 2
As shown in the preceding display, the status of the BFD session between SwitchA and
SwitchB and that between SwitchA and SwitchC is Up.
Step 6 Configure BFD for IS-IS interfaces.
# Configure BFD on VLANIF 20 of SwitchA, set the minimum interval for sending packets to
100 ms, the minimum interval for receiving packets to 100 ms, and the local detection multiplier
to 4.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
262
[~SwitchA] interface vlanif 20
[~SwitchA-Vlanif20] isis bfd enable
[~SwitchA-Vlanif20] isis bfd min-tx-interval 100 min-rx-interval 100 detect-
multiplier 4
[~SwitchA-Vlanif20] commit
[~SwitchA-Vlanif20] quit
# Configure BFD on VLANIF 20 of SwitchB, set the minimum interval for sending packets to
100 ms, the minimum interval for receiving packets to 100 ms, and the local detection multiplier
to 4.
[~SwitchB] interface vlanif 20
[~SwitchB-Vlanif20] isis bfd enable
[~SwitchB-Vlanif20] isis bfd min-tx-interval 100 min-rx-interval 100 detect-
multiplier 4
[~SwitchB-Vlanif20] commit
[~SwitchB-Vlanif20] quit
# After the preceding configurations, run the display isis bfd session all command on SwitchA
or SwitchB. You can see that the BFD parameters have taken effect. The following uses the
display on SwitchB as an example.
[~SwitchB] display isis bfd session all
BFD session information for ISIS(1)
-----------------------------------
Peer System ID : 0000.0000.0001 Interface : Vlanif20
TX : 100 BFD State : up Peer IP Address : 3.3.3.1
RX : 100 LocDis : 16385 Local IP Address: 3.3.3.2
Multiplier : 4 RemDis : 16385 Type : L2
Diag : No diagnostic information
Peer System ID : 0000.0000.0003 Interface : Vlanif30
TX : 10 BFD State : up Peer IP Address : 2.2.2.1
RX : 10 LocDis : 16385 Local IP Address: 2.2.2.2
Multiplier : 4 RemDis : 16385 Type : L2
Diag : No diagnostic information
Total BFD session(s): 2
Step 7 # Run the shutdown command on GigabitEthernet1/0/2 of SwitchB to simulate a primary link
failure.
[~SwitchB] interface 10ge 1/0/2
[~SwitchB-10GE1/0/2] shutdown
[~SwitchB-10GE1/0/2] commit
Step 8 Verify the configuration.
# View the routing table of SwitchA.
[~SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : _public_
Destinations : 9 Routes : 9
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 Direct 0 0 D 1.1.1.1 Vlanif10
1.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif10
1.1.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif10
2.2.2.0/24 ISIS 15 20 D 1.1.1.2 Vlanif10
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 ISIS 15 30 D 1.1.1.2 Vlanif10
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
263
As shown in the routing table, the backup link SwitchASwitchCSwitchB takes effect after
the primary link fails, and the next-hop address of the route to 172.16.1.0/24 becomes 1.1.1.2.
# Run the display isis bfd session all command SwitchA. You can see that the status of the BFD
session between SwitchA and SwitchC is Up.
[~SwitchA] display isis bfd session all
BFD session information for ISIS(1)
-----------------------------------
Peer System ID : 0000.0000.0003 Interface : Vlanif10
TX : 10 BFD State : up Peer IP Address : 1.1.1.2
RX : 10 LocDis : 16385 Local IP Address: 1.1.1.1
Multiplier : 3 RemDis : 16388 Type : L2
Diag : No diagnostic information
Total BFD session(s): 1
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 20
#
bfd
#
isis 1
is-level level-2
bfd all-interfaces enable
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
ip address 1.1.1.1 255.255.255.0
isis enable 1
#
interface Vlanif20
ip address 3.3.3.1 255.255.255.0
isis enable 1
isis cost 5
isis bfd enable
isis bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier 4
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 20 30 40
#
bfd
#
isis 1
is-level level-2
bfd all-interfaces enable
network-entity 10.0000.0000.0002.00
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
264
#
interface Vlanif20
ip address 3.3.3.2 255.255.255.0
isis enable 1
isis cost 5
isis bfd enable
isis bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier 4
#
interface Vlanif30
ip address 2.2.2.2 255.255.255.0
isis enable 1
#
interface Vlanif40
ip address 172.16.1.1 255.255.255.0
isis enable 1
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 40
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 10 30
#
bfd
#
isis 1
is-level level-2
bfd all-interfaces enable
network-entity 10.0000.0000.0003.00
#
interface Vlanif10
ip address 1.1.1.2 255.255.255.0
isis enable 1
#
interface Vlanif30
ip address 2.2.2.1 255.255.255.0
isis enable 1
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
return
5.16 Common Configuration Errors
This section describes common faults caused by incorrect IS-IS configurations and provides the
troubleshooting procedure.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
265
5.16.1 Failed to Establish IS-IS Neighbor Relationships
Fault Symptom
IS-IS neighbor relationship fails to be established when the link is working properly.
Procedure
Step 1 Check whether devices on both ends of the link have the matching IS-IS levels.
l Run the display current-configuration configuration isis | include is-level command to
check the level configurations of IS-IS processes on both ends.
l Run the display current-configuration interface interface-type interface-number | include
isis circuit-level command to check the IS-IS level configuration of the specified interface.
IS-IS neighbor relationship can be established when IS-IS interfaces on both ends of the link
have the matching IS-IS levels.
NOTE
If you cannot view the IS-IS level of an interface using the display current-configuration interface
interface-type interface-number | include isis circuit-level command, the interface uses the default IS-IS
level. To view the default IS-IS level, run the display default-parameter isis command to check the
Circuit-Level field.
Requirements on the IS-IS levels of interfaces on both ends of a link are as follows:
l If the IS-IS level of the local interface is Level-1, the IS-IS level of the remote interface must be
Level-1 or Level-1-2.
l If the IS-IS level of the local interface is Level-2, the IS-IS level of the remote interface must be
Level-2 or Level-1-2.
l If the IS-IS level of the local interface is Level-1-2, the IS-IS level of the remote interface can be
Level-1, Level-2, or Level-1-2.
If the IS-IS levels of interfaces on both ends of a link do not match, perform either of the following
operations to change the IS-IS level:
l Run the is-level command in the IS-IS view to change the global IS-IS level.
l Run the isis circuit-level command in the interface view to change the interface IS-IS level.
Step 2 Check whether devices on both ends of the link have the matching area addresses.
Run the display current-configuration configuration isis command to check area address
information.
NOTE
If IS-IS Level-1 neighbor relationship needs to be established between devices on both ends, ensure that
the two devices reside in the same area.
A maximum of three area addresses can be configured for an IS-IS process. Devices on both ends can
establish IS-IS Level-1 neighbor relationship when the two devices have a same area address.
When IS-IS Level-2 neighbor relationship needs to established between the two devices, the two devices
can have the same or different area addresses.
If the area addresses of the two devices are different, run the network-entity command in the
IS-IS view to set the same area address for the two devices.
Step 3 Check whether devices on both ends of the link have the authentication mode.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
266
Run the display current-configuration interface interface-type interface-number | include isis
authentication-mode command to check the IS-IS authentication modes of the interfaces on
both ends of the link.
If the two interfaces use different authentication modes, run the isis authentication-mode
command in the view of one interface to ensure that this interface has the same authentication
mode and password as the other interface.
Step 4 Run:
commit
The configuration is committed.
----End
5.16.2 A Device Cannot Learn IS-IS Routes from Its Neighbor
Fault Symptom
A device cannot learn IS-IS routes from its neighbor when its link is working properly.
Procedure
Step 1 Check whether IS-IS neighbor relationship has been established between the device and its
neighbor.
Run the display isis peer command on each device on the link to check whether IS-IS neighbor
relationship has been established.
If IS-IS neighbor relationship is not established, rectify the fault according to 5.16.1 Failed to
Establish IS-IS Neighbor Relationships.
Step 2 Check whether the IS-IS routing table of the device is correct.
Run the display isis route command on the device to check the IS-IS routing table.
1. If the IS-IS routing table contains specified routes, run the display ip routing-table ip-
address [ mask | mask-length ] verbose command to check whether the IP routing table
contains routes with higher protocol preference than IS-IS routes.
NOTE
If the State field of a route displays Active Adv, the route is active. If there are routes that have the
same prefix but are discovered by different routing protocols, routes with higher protocol preference
are preferred as active routes.
2. If the IP routing table contains routes with higher protocol preference than IS-IS routes,
modify the configuration based on network planning.
Step 3 Check whether the device and its neighbor have the matching IS-IS cost style.
Run the display current-configuration configuration isis command on the device and its
neighbor to check the IS-IS cost style.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
267
NOTE
The device can learn IS-IS routes from its neighbor when it has the same IS-IS cost style as its neighbor.
The IS-IS cost style of a device can be set as follows:
l narrow: indicates that the device can receive and send packets with cost style narrow.
l narrow-compatible: indicates that the device can receive packets with cost style narrow or wide but
sends only packets with cost style narrow.
l compatible: indicates that the device can receive and send packets with cost style narrow or wide.
l wide-compatible: indicates that the device can receive packets with cost style narrow or wide but sends
only packets with cost style wide.
l wide: indicates that the device can receive and send packets with cost style wide.
If the IS-IS cost styles of both ends are set to narrow and wide (or wide-compatible) respectively, the two
ends cannot communicate.
If the IS-IS cost styles of both ends are set to narrow-compatible and wide respectively, the two ends cannot
communicate either.
If the device and its neighbor have mismatching IS-IS cost styles, run the cost-style command
on the device to modify the configuration.
Step 4 Run:
commit
The configuration is committed.
----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 5 IPv4 IS-IS Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
268
6 BGP Configuration
About This Chapter
The Border Gateway Protocol (BGP) is used between Autonomous Systems (ASs) to transmit
routing information. BGP applies to large and complex networks.
6.1 BGP Overview
The Border Gateway Protocol (BGP) is a path vector protocol that allows devices between
Autonomous Systems (ASs) to communicate and selects optimal routes. BGP-1 (defined in RFC
1105), BGP-2 (defined in RFC 1163), and BGP-3 (defined in RFC 1267) are three earlier
versions of BGP. BGP-4 (defined in RFC 1771) has been used since 1994. Since 2006, unicast
IPv4 networks have been using BGP-4 defined in RFC 4271, and other networks have been
using MP-BGP defined in RFC 4760.
6.2 BGP Features Supported by the Device
This section describes the BGP features supported by the Switch. The information will help you
complete configuration tasks quickly and accurately.
6.3 Default Configuration
This section describes the default configuration of BGP, which can be changed according to
network requirements.
6.4 Configuring Basic BGP Functions
Before building a BGP network, you need to configure basic BGP functions.
6.5 Configuring BGP Security
Configuring connection authentication and BGP GTSM for BGP peers can improve BGP
network security.
6.6 Simplifying IBGP Network Connections
Configuring a route reflector and a confederation on an IBGP network can simplify IBGP
network connections.
6.7 Configuring BGP Route Selection and Load Balancing
BGP has many route attributes. You can configure these attributes to change the route selection
result.
6.8 Controlling the Receiving and Advertisement of BGP Routes
Controlling the receiving and advertisement of BGP routes can reduce the routing table size and
improve network security.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
269
6.9 Adjusting the BGP Network Convergence Speed
You can configure BGP timers, disable rapid EBGP connection reset, and configure BGP route
dampening to speed up BGP network convergence and improve BGP security.
6.10 Configuring BGP Reliability
You can configure association between BGP and BFD, BGP Auto FRR, and BGP GR helper to
speed up BGP network convergence and improve BGP reliability.
6.11 Configuring BGP Route Summarization
On IPv4 networks, BGP supports automatic route summarization and manual route
summarization. Manual route summarization takes precedence over automatic route
summarization.
6.12 Configuring On-demand Route Advertisement
If a BGP device only wants to received required routes but its peer cannot maintain different
export policies for connected devices, you can configure prefix-based BGP outbound route
filtering (ORF) to meet this requirement.
6.13 Configuring BGP to Advertise Default Routes to Peers
If a BGP device needs to send multiple routes to its peer, the BGP device can be configured to
send only a default route with the local address as the next-hop address to its peer, regardless of
whether there are default routes in the local routing table. This function reduces the number of
network routes and saves memory and network resources.
6.14 Configuring MP-BGP
Multiprotocol BGP (MP-BGP) enables BGP to support IPv4 unicast networks and IPv4
multicast networks.
6.15 Maintaining BGP
Maintaining BGP includes resetting BGP connections and clearing BGP statistics.
6.16 Configuration Examples
The section provides BGP configuration examples, including networking requirements,
networking diagram, configuration roadmap, and configuration procedure.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
270
6.1 BGP Overview
The Border Gateway Protocol (BGP) is a path vector protocol that allows devices between
Autonomous Systems (ASs) to communicate and selects optimal routes. BGP-1 (defined in RFC
1105), BGP-2 (defined in RFC 1163), and BGP-3 (defined in RFC 1267) are three earlier
versions of BGP. BGP-4 (defined in RFC 1771) has been used since 1994. Since 2006, unicast
IPv4 networks have been using BGP-4 defined in RFC 4271, and other networks have been
using MP-BGP defined in RFC 4760.
A network is divided into different ASs to facilitate the management over the network. In 1982,
the Exterior Gateway Protocol (EGP) was used to dynamically exchange routing information
between ASs. EGP advertises only reachable routes but not select optimal routes or prevent
routing loops. Therefore, EGP cannot meet network management requirements.
BGP was designed to replace EGP. Different from EGP, BGP can select optimal routes, prevent
routing loops, transmit routing information efficiently, and maintain a large number of routes.
6.2 BGP Features Supported by the Device
This section describes the BGP features supported by the Switch. The information will help you
complete configuration tasks quickly and accurately.
CAUTION
l The CloudEngine 6800&5800 Series switch supports BGP4 and MBGP. The configurations
performed in the BGP view take effect in BGP4 and MBGP. For example, after 6.5.1
Configuring MD5 Authentication is performed in the BGP view, the configuration takes
effect in BGP4 and MBGP.
l By default, the commands configured in the BGP-IPv4 unicast address family view can also
be configured in the BGP view but take effect only in BGP4. For example, after 6.4.4
Configuring BGP to Import Routes is performed in the BGP view, the configuration takes
effect only in BGP4 but not MBGP.
BGP configurations are performed logically in the following sequence:
1. Configure basic BGP functions to allow devices on BGP networks to communicate. You
can also import Interior Gateway Protocol (IGP) routes to BGP to help BGP select routes
and avoid routing blackholes.
2. Configure the following features in sequence to provide extended functions in BGP4 and
MBGP:
l In BGP4: BGP security, simplifying IBGP network connections, BGP route selection
and load balancing, controlling the receiving and advertisement of BGP routes,
adjusting the BGP network convergence speed, BGP reliability, BGP NSR, BGP route
summarization, on-demand route advertisement, and advertising default routes to peers
l In MBGP: BGP security, simplifying IBGP network connections, BGP route selection
and load balancing, controlling the receiving and advertisement of BGP routes,
adjusting the BGP network convergence speed, BGP reliability, BGP NSR, BGP route
summarization, and advertising default routes to peers
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
271
BGP Security
On a BGP network, unauthorized users may modify data packets or forge packets of authorized
users to attack the BGP network. To ensure service security on the BGP network, configure BGP
Message Digest 5 (MD5) authenticationor BGP keychain authentication.
Simplifying IBGP Network Connections
Within an AS, routes received from an IBGP peer are not advertised to the other IBGP peers.
To ensure the connectivity between IBGP peers in an AS, full-mesh connections must be
established between IBGP peers on a BGP network. When there are a large number of IBGP
peers on the network, the peer configuration is complex, and many network resources and CPU
resources need to be consumed. To reduce the number of IBGP connections on the BGP network,
configure a route reflector and confederation.
BGP Route Selection and Load Balancing
When there are multiple routes with the same destination address but of different routing protocol
types, BGP selects the optimal route based on the routing protocol priority. To change BGP
route selection sequence in an IP routing table, set the BGP priority.
There may be multiple routes to the same destination in a BGP routing table. To guide route
selection, BGP defines the next-hop selection policy and route selection rules. The next-hop
policy takes precedence over route selection rules. After performing the next-hop policy, BGP
selects the optimal route based on the following rules:
NOTE
You can specify whether the Switch compares the AS_Path length, next-hop IGP metric, and router ID.
1. Prefers the route with the largest PrefVal value.
2. Prefers the route with the highest Local_Pref.
3. Prefers the manually summarized route, automatically summarized route, route imported
using the network command, route imported using the import-route command, and route
learned from peers. These routes are in descending order of priority.
4. Prefers the route with the shortest AS_Path.
5. Prefers the route with the lowest origin type. IGP is lower than EGP, and EGP is lower than
Incomplete.
6. Prefers the route with the lowest MED if routes are received from the same AS.
7. Prefers EBGP routes, IBGP routes, LocalCross routes, and RemoteCross routes, which are
listed in descending order of priority.
8. Prefers the route with the lowest IGP metric to the BGP next hop.
9. Prefers the route with the shortest Cluster_List.
10. Prefers the route advertised by the switch with the smallest router ID.
NOTE
If a route carries the Originator_ID attribute, BGP prefers the route with the smallest Originator_ID
without comparing the router ID.
11. Prefers the route learned from the peer with the lowest IP address.
On networks, there may be multiple valid routes to the same destination. BGP, however,
advertises only the optimal route to its peers. This may result in unbalanced traffic on different
routes. Configuring BGP load balancing better utilizes network resources and reduces network
congestion.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
272
Controlling the Receiving and Advertisement of BGP Routes
As the network size increases, the routing table size rapidly increases. This burdens the network
and leads to more security problems. To avoid security problems, configure routing policies to
filter routes so that only the required BGP routes are advertised and received. Multiple routes
to the same destination may exist and traverse different ASs. Routes to be advertised need to be
filtered in order to direct routes to specific ASs.
Adjusting the BGP Network Convergence Speed
To enable BGP to fast detect network changes, speed up BGP network convergence. To reduce
the impact of route flapping on networks and lessen the device burden, slow down BGP network
convergence.
BGP Reliability
To prevent services from being interrupted for a long period because of network faults, you can
use the backup link. However, it takes more than 1 second for the BGP fault detection mechanism
to detect a fault and an active/standby switchover. To ensure the quality of delay-sensitive
services such as voice and video services, use BGP tracking and association between BGP and
BFD to fast detect faults, and then use BGP Auto Fast Reroute (FRR) , BGP nonstop routing
(NSR), and BGP graceful restart (GR) helper functions to perform fast active/standby
swichovers.
During an active/standby switchover, BGP NSR ensures continuous forwarding and
advertisement of BGP routes. The active/standby switchover in NSR does not need to be
configured and does not affect the neighbor relationship, and so neighbors are unaware of the
switchover.
NOTE
Only CE6800 series switches in a stack support the NSR function.
BGP NSR
NSR is a reliability technique that prevents neighbors from detecting the control plane
switchover. It applies to the devices that have the active and standby MPUs configured.
Compared to GR, NSR does not require the help of neighbors and does not need to deal with
interoperability issues.
Route Summarization
A medium or large BGP network must maintain large BGP routing tables, which occupy a lot
of memory on devices. Transmitting and processing the routing information requires many
network resources. Route summarization can reduce the routing table size and minimize impact
of route flapping on the network. BGP automatic route summarization is easy to configure but
only summarizes routes into a route with the natural mask. BGP manual route summarization
can work with flexible routing policies to allow BGP to efficiently transmit and control routing
information.
On-demand BGP Route Advertisement (BGP ORF)
BGP outbound route filtering (ORF) can implement on-demand BGP route advertisement.
When BGP peers of a BGP device have different routing requirements, different export policies
need to be configured on the BGP device. This, however, increases the configuration workload
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
273
and maintenance cost of the BGP device. To solve this problem, configure BGP ORF on the
peers to allow the peers to maintain required routing policies and send the policies as export
policies to the BGP device.
Advertising Default Routes to Peers
A medium or large BGP network must maintain large BGP routing tables, which occupy a lot
of memory on devices. Transmitting and processing the routing information requires many
network resources. If a BGP device needs to send multiple routes to its peer, the BGP device
can be configured to send only a default route with the local address as the next-hop address to
its peer, regardless of whether there are default routes in the local routing table. This function
reduces the number of network routes and saves memory and network resources.
Figure 6-1 Advertising default routes to peers
SwitchB SwitchA
192.168.2.1/24
192.168.2.2/24
20.1.1.0/24
20.3.1.0/24
20.2.1.0/24
As shown in Figure 6-1, SwitchA and SwitchB establish a BGP peer relationship. Generally,
SwitchB imports routes destined for three network segments 20.1.1.0/24, 20.2.1.0/24, and
20.3.1.0/24 to the BGP routing table and then advertises the three imported routes to SwitchA,
which then adds the three routes to the local BGP routing table. To save storage resources of
SwitchA and bandwidth resources used for route advertisement, configure SwitchB to advertise
a default route to its peer SwitchA, and configure a traffic policy to prohibit the routes destined
for 20.1.1.0/24, 20.2.1.0/24, and 20.3.1.0/24 from being advertised to SwitchA. When this
occurs, SwitchA has only one default route, and traffic can still reach the three network segments.
MP-BGP
Tradition BGP-4 manages only routing information of IPv4 unicast networks but cannot support
inter-AS route transmission on multicast networks. To support multiple types of network layer
protocols, the Internet Engineering Task Force (IETF) extends BGP-4 to Multiprotocol
Extensions for BGP-4 (MP-BGP) defined in RFC 4760. MP-BGP is called multicast BGP
(MBGP) on multicast networks.
MP-BGP uses address families to differentiate network layer protocols. Basic BGP functions
are configured in the BGP view, and extended BGP functions are configured in their respective
address family views. Currently, the Switch supports the following address family views:
l BGP view
l BGP-IPv4 unicast address family view
l BGP-VPN instance IPv4 address family view
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
274
l BGP-IPv4 multicast address family view
6.3 Default Configuration
This section describes the default configuration of BGP, which can be changed according to
network requirements.
Table 6-1 describes the default configuration of BGP.
Table 6-1 Default configuration of BGP
Parameter Default Setting
BGP Disabled
Keepalive message interval 60s
Hold time 180s

6.4 Configuring Basic BGP Functions
Before building a BGP network, you need to configure basic BGP functions.
Pre-configuration Tasks
Before configuring basic BGP functions, complete the following task:
l Configuring IP addresses for interfaces to ensure network-layer communication between
neighbor nodes
Configuration Flowchart
Perform the following operations in sequence and as required.Select tasks from Table 6-2 as
required.
Table 6-2 Configuring basic BGP functions
Task Configuring a
Single Peer
Configuring an
IBGP Peer Group
Configuring an
EBGP Peer Group
Start a BGP process Y Y Y
Configure BGP peers Y N Y
Configure a BGP
peer group
N Y Y
Configure BGP to
import routes
Y Y Y

CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
275
6.4.1 Starting a BGP Process
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bgp as-number
BGP is started, the local AS number is specified, and the BGP view is displayed.
CAUTION
After BGP peers are configured, changing the router ID of a BGP peer resets BGP peer
relationships.
Step 3 Run:
router-id ipv4-address
A router ID of a BGP device is set.
By default, BGP prefers the router ID configured in the system view, highest loopback interface
address, highest interface address, and then IP address 0.0.0.0.
TIP
To improve network stability, configure the IP address of a loopback interface as the router ID is
recommended.
Step 4 Run:
commit
The configuration is committed.
----End
6.4.2 Configuring BGP Peers
Context
During the configuration of BGP peers, if the AS number of the specified peer is the same as
the local AS number, an IBGP peer is configured. If the AS number of the specified peer is
different from the local AS number, an EBGP peer is configured. To enhance the stability of
BGP connections, you are advised to use the reachable loopback interface addresses to establish
BGP connections.
When loopback interface addresses are used to establish a BGP connection, run the peer
connect-interface command on the both ends of the BGP connection to ensure the correctness
of interfaces and addresses on the TCP connection. If the command is run on only one end, the
BGP connection may fail to be established.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
276
When loopback interface addresses are used to establish an EBGP connection, the peer ebgp-
max-hop command with hop-count greater than or equal to 2 must be run. Otherwise, the EBGP
connection cannot be established.
To perform the same configuration on a large number of peers, configure a BGP peer group
according to 6.4.3 (Optional) Configuring a BGP Peer Group to reduce the configuration
workload.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bgp as-number
The BGP view is displayed.
Step 3 Run:
peer ipv4-address as-number as-number
The BGP peer is created.
By default, BGP does not create BGP peers.
Step 4 (Optional) Run:
peer ipv4-address connect-interface { interface-type interface-number [ ipv4-
source-address ] | ipv4-source-address }
A source interface and a source IP address are specified for the peer to establish a TCP
connection.
By default, BGP uses the interface that is directly connected to the peer to establish a TCP
connection.
Step 5 (Optional) Run:
peer ipv4-address ebgp-max-hop [ hop-count ]
The maximum number of hops allowed for the establishment of an EBGP connection is set.
By default, the maximum number of hops allowed for an EBGP connection is 1. That is, an
EBGP connection must be established on a directly connected physical link.
Step 6 (Optional) Run:
peer ipv4-address description description-text
The description of the peer is configured.
NOTE
If a BGP peer group is configured on an IPv4 unicast network, steps 7 and 8 are not required. If a BGP
peer group is configured on an IPv4 unicast network, steps 7 and 8 are required.
Step 7 (Optional) Run:
ipv4-family multicast
The BGP-IPv4 multicast address family view is displayed.
Step 8 (Optional) Run:
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
277
peer ipv4-address enable
MP-BGP is enabled on the BGP peers to configure them as MP-BGP peers.
Step 9 Run:
commit
The configuration is committed.
----End
6.4.3 (Optional) Configuring a BGP Peer Group
Context
A large BGP network has a large number of peers. It is difficult to configure and maintain these
peers. You can add the BGP peers with the same configurations to a BGP peer group and then
configure the BGP peers in batches. This simplifies peer management and improves route
advertisement efficiency.
NOTE
l If a function is configured on a peer and its peer group, the function configured on the peer takes precedence
over that configured on the peer group.
l You can repeat step 5 to add multiple peers to a peer group. To add an EBGP peer to a peer group, configure
the EBGP peer according to 6.4.2 Configuring BGP Peers and then perform step 5. To add an IBGP peer
to a peer group, perform step 5. The system creates an IBGP peer in the BGP view and sets its AS number
as the AS number of the peer group.
l When loopback interface addresses are used to establish a BGP connection, you are advertised to perform
step 6 on the both ends of the BGP connection simultaneously to ensure the correct establishment of the
connection. If step 6 is performed on only one end, the BGP connection may fail to be established.
l When loopback interface are used to establish an EBGP connection, step 7 is required and hop-count in the
peer ebgp-max-hop command must be greater than or equal to 2. Otherwise, the EBGP connection cannot
be established.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bgp as-number
The BGP view is displayed.
Step 3 Run:
group group-name [ external | internal ]
A BGP peer group is created.
NOTE
The AS number of an IBGP peer group is the local AS number. Therefore, step 4 is not required.
Step 4 Run:
peer group-name as-number as-number
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
278
An AS number is configured for the EBGP peer group.
Step 5 Run:
peer ipv4-address group group-name
A peer is added to the peer group.
Step 6 (Optional) Run:
peer group-name connect-interface interface-type interface-number [ ipv4-source-
address ]
A source interface and a source IP address are specified for the peer to establish a TCP
connection.
By default, BGP uses the interface that is directly connected to the peer to establish a TCP
connection.
Step 7 (Optional) Run:
peer group-name ebgp-max-hop [ hop-count ]
The maximum number of hops allowed for the establishment of an EBGP connection is set.
By default, the maximum number of hops allowed for an EBGP connection is 1. That is, an
EBGP connection must be established on a directly connected physical link.
Step 8 (Optional) Run:
peer group-name description description-text
The description is configured for the peer group.
NOTE
If a BGP peer group is configured on an IPv4 unicast network, steps 9 and 10 are not required. If a BGP
peer group is configured on an IPv4 unicast network, steps 9 and 10 are required.
Step 9 Run:
ipv4-family multicast
The BGP-IPv4 multicast address family view is displayed.
Step 10 Run:
peer group-name enable
MP-BGP is enabled on the BGP peers to configure them as MP-BGP peers.
Step 11 Run:
commit
The configuration is committed.
----End
6.4.4 Configuring BGP to Import Routes
Context
BGP cannot discover routes and needs to import routes such as IGP routes into BGP routing
tables so that the imported routes can be transmitted within an AS or between ASs. BGP imports
routes in either import or network mode:
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
279
l In import mode, BGP imports IGP routes, including RIP, OSPF, and IS-IS routes, into BGP
routing tables based on protocol type. To ensure the validity of imported IGP routes, BGP
can also import static routes and direct routes in import mode.
l In network mode, BGP imports the routes in the IP routing table one by one to BGP routing
tables. The network mode is more accurate than the import mode.
Procedure
l In import mode
1. Run:
system-view
The system view is displayed.
2. Run:
bgp as-number
The BGP view is displayed.
3. Enter the corresponding address family view based on network type to configure BGP
devices on networks.
Run:
ipv4-family { unicast | multicast }
The IPv4 address family view is displayed.
4. Run:
import-route protocol [ process-id ] [ med med | route-policy route-policy-
name ]
*
BGP is configured to import routes of other routing protocols.
5. (Optional) Run:
default-route imported
BGP is allowed to import default routes from the local IP routing table.
By default, BGP does not add default routes to BGP routing tables.
6. Run:
commit
The configuration is committed.
l In network mode
1. Run:
system-view
The system view is displayed.
2. Run:
bgp as-number
The BGP view is displayed.
3. Enter the corresponding address family view based on network type to configure BGP
devices on networks.
Run:
ipv4-family { unicast | multicast }
The IPv4 address family view is displayed.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
280
4. Run:
network ipv4-address [ mask | mask-length ] [ route-policy route-policy-
name ]
BGP is configured to import routes from the IP routing table one by one.
5. Run:
commit
The configuration is committed.
----End
6.4.5 Checking the Configuration
Procedure
l Run the display bgp peer [ verbose ] command to check information about all BGP peers.
l Run the display bgp peer ipv4-address { log-info | verbose } command to check
information about the specified BGP peer.
l Run the display bgp routing-table [ ipv4-address [ mask | mask-length ] ] command to
check BGP routing information.
l Run the display bgp group [ group-name ] command to check information about the
specified BGP peer group.
l Run the display bgp multicast peer [ [ peer-address ] verbose ] command to check
information about the specified MBGP peer.
l Run the display bgp multicast group [ group-name ] command to displays the information
about an MBGP peer group.
l Run the display bgp multicast network command to check the routing information that
MBGP advertises.
l Run the display bgp multicast routing-table [ ip-address [ mask-length [ longer-
prefixes ] | mask [ longer-prefixes ] ] ] command to check the MBGP routing table.
----End
6.5 Configuring BGP Security
Configuring connection authentication and BGP GTSM for BGP peers can improve BGP
network security.
Pre-configuration Tasks
Before configuring BGP security, complete the following task:
l Configuring Basic BGP Functions
Configuration Flowchart
You can perform the following configuration tasks as required. The following configuration
tasks (excluding the task of checking the configuration) can be performed at any sequence.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
281
6.5.1 Configuring MD5 Authentication
Context
BGP uses TCP as the transmission protocol, and considers a packet valid as long as the source
address, destination address, source port, destination port, and TCP sequence number of the
packet are correct. However, most parameters in a packet may be easily obtained by attackers.
To protect BGP from attacks, MD5 authentication or keychain authentication can be used
between BGP peers to reduce the possibility of attacks. The MD5 algorithm is easy to configure,
generates a single password that needs to be manually changed, and applies to the network
requiring short-period encryption.
CAUTION
If simple is selected during the configuration of the MD5 authentication password, the password
is saved in the configuration file in plain text. This brings security risks. It is recommended that
you select cipher to save the password in cipher text.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bgp as-number
The BGP view is displayed.
Step 3 Run:
peer { ipv4-address | group-name } password { cipher cipher-password | simple
simple-password }
The MD5 authentication password is set.
NOTE
l To prevent the MD5 password set on BGP peers from being decrypted, update the MD5 password
periodically.
l BGP MD5 authentication and BGP keychain authentication are mutually exclusive, and only one of
them can be configured for a BGP peer.
Step 4 Run:
commit
The configuration is committed.
----End
6.5.2 Configuring Keychain Authentication
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
282
Context
BGP uses TCP as the transmission protocol, and considers a packet valid as long as the source
address, destination address, source port, destination port, and TCP sequence number of the
packet are correct. However, most parameters in a packet may be easily obtained by attackers.
To protect BGP from attacks, use MD5 authentication or keychain authentication between BGP
peers to reduce the possibility of attacks. The keychain algorithm is complex to configure and
generates a set of passwords. Keychain authentication allows automatically changing a password
based on the configuration. Therefore, keychain authentication applies to networks requiring
high security.
NOTE
Before configuring BGP keychain authentication, configure a keychain corresponding to keychain-name.
Otherwise, the TCP connection cannot be established. For details about configuring a keychain, see
"Keychain Configuration" in the CloudEngine 6800&5800 Series Configuration Guide - Security.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bgp as-number
The BGP view is displayed.
Step 3 Run:
peer { ipv4-address | group-name } keychain keychain-name
Keychain authentication is configured,
NOTE
l You must configure keychain authentication on both BGP peers. Encryption algorithms and passwords
configured on both peers must be the same; otherwise, the TCP connection cannot be established
between BGP peers and BGP messages cannot be transmitted.
l BGP MD5 authentication and BGP keychain authentication are mutually exclusive, and only one of
them can be configured for a BGP peer.
Step 4 Run:
commit
The configuration is committed.
----End
6.5.3 Configuring BGP GTSM
Context
To protect a device against the attacks of forged BGP packets, you can configure GTSM to check
whether the TTL value in the IP packet header is within the specified range. If the TTL value
of a packet is within the specified range, the packet is allowed to pass through. Otherwise, the
packet is discarded to protect the device.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
283
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bgp as-number
The BGP view is displayed.
NOTE
The configurations of GTSM and peer ebgp-max-hop affect the TTL values of BGP packets, which may
cause a conflict between TTL values. Therefore, you can configure only one of the two functions for a peer
or peer group.
Step 3 Run:
peer { group-name | ipv4-address } valid-ttl-hops [ hops ]
BGP GTSM is configured.
By default, GTSM is not configured on any BGP peer or peer group.
Step 4 Run:
commit
The configuration is committed.
----End
6.5.4 Checking the Configuration
Procedure
l Run the display bgp peer [ ipv4-address ] verbose command to check authentication
detailed information about the specified BGP peer.
----End
6.6 Simplifying IBGP Network Connections
Configuring a route reflector and a confederation on an IBGP network can simplify IBGP
network connections.
Pre-configuration Tasks
Before simplifying IBGP network connections, complete the following configuration task:
l Configuring Basic BGP Functions
Configuration Flowchart
Perform the following configuration tasks as required.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
284
6.6.1 Configuring a BGP Route Reflector
Context
To ensure the connectivity between IBGP peers within an AS, you need to establish full-mesh
connections between the IBGP peers. When there are many IBGP peers, it is costly to establish
a fully-meshed network. A route reflector (RR) can solve this problem.
A cluster ID can help prevent routing loops between multiple RRs within a cluster and between
clusters. When a cluster has multiple RRs, the same cluster ID must be configured for all the
RRs within the cluster.
If full-mesh IBGP connections are established between clients of multiple RRs, route reflection
between clients is not required and wastes bandwidth resources. In this case, prohibit route
reflection between clients to reduce the network burden.
Within an AS, an RR transmits routing information and forwards traffic. When an RR connects
to a large number of clients and non-clients, many CPU resources are consumed if the RR
transmits routing information and forwards traffic simultaneously. This also reduces route
transmission efficiency. To improve route transmission efficiency, prohibit BGP from adding
preferred routes to IP routing tables on the RR to enable the RR only to transmit routing
information.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bgp as-number
The BGP view is displayed.
Step 3 Enter the corresponding address family view based on network type to configure BGP devices
on networks.
l Run:
ipv4-family { unicast | multicast }
The IPv4 address family view is displayed.
Step 4 Run:
peer { ipv4-address | group-name } reflect-client
An RR and its client are configured.
Step 5 (Optional) Run:
reflector cluster-id cluster-id
A cluster ID is configured for the RR.
By default, each RR uses its router ID as the cluster ID.
Step 6 (Optional) Run:
undo reflect between-clients
Route reflection is prohibited between clients.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
285
By default, route reflection is allowed between clients.
Step 7 (Optional) Run:
bgp-rib-only [ route-policy route-policy-name ]
BGP is prohibited from adding preferred routes to IP routing tables.
By default, BGP adds preferred routes to IP routing tables.
Step 8 Run:
commit
The configuration is committed.
----End
Checking the Configuration
l Run the display bgp group [ group-name ] command to check information about the
specified BGP peer group.
l Run the display bgp routing-table [ network [ { mask | mask-length } [ longer-
prefixes ] ] ] command to check routing information in a BGP routing table.
l Run the display bgp multicast routing-table [ ip-address [ mask-length [ longer-
prefixes ] | mask [ longer-prefixes ] ] ] command to check the MBGP routing table.
6.6.2 Configuring a BGP Confederation
Context
A confederation divides an AS into sub-ASs. Within each sub-AS, IBGP peers establish full-
mesh connections or have an RR configured. Sub-ASs establish EBGP connections. On a large
BGP network, configuring a confederation can reduce the number of IBGP connections, simplify
routing policy management, and improve route advertisement efficiency.
Other devices may implement the confederation not in accordance with RFC 3065. You can
configure confederation compatibility to make standard devices compatible with nonstandard
devices.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bgp as-number
The BGP view is displayed.
Step 3 Run:
confederation id as-number
A confederation ID is configured.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
286
CAUTION
An old speaker that has a 2-byte AS number cannot be in the same confederation with a new
speaker that has a 4-byte AS number. Otherwise, a routing loop may occur. This is because the
AS4_Path attribute does not support confederations.
Step 4 Run:
confederation peer-as as-number &<1-32>
A sub-AS number is configured for a confederation.
Step 5 (Optional) Run:
confederation nonstandard
Confederation compatibility is configured.
By default, confederations comply with RFC 3065.
Step 6 Run:
commit
The configuration is committed.
----End
Checking the Configuration
l Run the display bgp peer [ ipv4-address ] verbose command to check detailed information
about BGP peers.
l Run the display bgp routing-table [ network ] [ { mask | mask-length } [ longer-
prefixes ] ] command to check routing information in a BGP routing table.
6.7 Configuring BGP Route Selection and Load Balancing
BGP has many route attributes. You can configure these attributes to change the route selection
result.
Pre-configuration Tasks
Before configuring BGP route attributes, complete the following task:
l Configuring Basic BGP Functions
Configuration Flowchart
You can perform the following configuration tasks as required. The following configuration
tasks (excluding the task of checking the configuration) can be performed at any sequence. For
detailed route selection rules, see 6.2 BGP Features Supported by the Device.
6.7.1 Configuring the BGP Priority
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
287
Context
The routing protocols may share and select routing information because switches may run
multiple dynamic routing protocols at the same time. The system sets a default priority for each
routing protocol. When multiple routing protocols are used to select routes, the route selected
by the routing protocol with a higher priority takes effect.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bgp as-number
The BGP view is displayed.
Step 3 Enter the corresponding address family view based on network type to configure BGP devices
on networks.
l Run:
ipv4-family { unicast | multicast }
The IPv4 address family view is displayed.
Step 4 Run:
preference { external internal local | route-policy route-policy-name }
The BGP priority is set.
The default BGP priority is 255.
NOTE
You cannot use the peer route-policy command on BGP peers to apply routing policies to set the BGP
priority.
Step 5 Run:
commit
The configuration is committed.
----End
6.7.2 Configuring the Next_Hop Attribute
Context
When an Autonomous System Boundary Router (ASBR) forwards the route learned from an
EBGP peer to an IBGP peer, the ASBR does not change the next hop of the route by default.
When the IBGP peer receives this route, it finds the next hop unreachable, sets the route to
inactive, and does not use this route to guide traffic forwarding. To enable the IBGP peer to use
this route to guide traffic forwarding, configure the ASBR to set its IP address as the next hop
of the route when the ASBR forwards this route to the IBGP peer. After the IBGP peer receives
the route from the ASBR, it finds the next hop of the route reachable, sets the route to active,
and uses this route to guide traffic forwarding.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
288
When a BGP route changes, BGP needs to iterate the indirect next hop of the route again. If no
restriction is imposed on the iterated route, BGP may iterate the next hop to an incorrect
forwarding path, causing traffic loss. To prevent traffic loss, configure routing policy-based
route iteration to prevent traffic loss.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bgp as-number
The BGP view is displayed.
Step 3 Enter the corresponding address family view based on network type to configure BGP devices
on networks.
l Run:
ipv4-family { unicast | multicast }
The IPv4 address family view is displayed.
Step 4 Perform either of the following operations as required:
l Run:
peer { ipv4-address | group-name } next-hop-local
A BGP device is configured to set its IP address as the next hop when the device advertises
routes to an IBGP peer or an IBGP peer group.
By default, a BGP device does not modify the next-hop address when advertising routes
to its IBGP peers.
l Run:
nexthop recursive-lookup route-policy route-policy-name
Routing-policy-based next hop iteration is configured.
By default, routing-policy-based next hop iteration is not configured.
NOTE
The nexthop recursive-lookup route-policy route-policy-name command does not take effect for the
routes received from direct connected EBGP peers.
Step 5 Run:
commit
The configuration is committed.
----End
6.7.3 Configuring the PrefVal Attribute
Context
The PrefVal attribute is a Huawei proprietary attribute and is valid only on the device where it
is configured. When a BGP routing table contains multiple routes to the same destination, BGP
prefers the route with the highest PrefVal.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
289
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bgp as-number
The BGP view is displayed.
Step 3 Enter the corresponding address family view based on network type to configure BGP devices
on networks.
l Run:
ipv4-family { unicast | multicast }
The IPv4 address family view is displayed.
Step 4 Run:
peer { group-name | ipv4-address } preferred-value value
The PrefVal attribute is configured for all the routes learned from a specified peer.
By default, the PrefVal of a route learned from a peer is 0.
Step 5 Run:
commit
The configuration is committed.
----End
6.7.4 Configuring the Default Local_Pref Attribute
Context
The Local_Pref attribute is used to determine the optimal route for outgoing traffic of an AS.
When a BGP device obtains multiple routes to the same destination address but with different
next hops from different IBGP peers, the BGP device prefers the route with the highest
Local_Pref.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bgp as-number
The BGP view is displayed.
Step 3 Enter the corresponding address family view based on network type to configure BGP devices
on networks.
l Run:
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
290
ipv4-family { unicast | multicast }
The IPv4 address family view is displayed.
Step 4 Run:
default local-preference local-preference
The default Local_Pref attribute is configured.
By default, the Local_Pref attribute is 100.
Step 5 Run:
commit
The configuration is committed.
----End
6.7.5 Configuring the AS_Path Attribute
Context
The AS_Path attribute records all the ASs that a route passes through from the source to the
destination in the vector order. You can configure the AS_Path attribute to implement flexible
route selection.
l Generally, BGP compares the AS_Path lists of routes and prefers the route with the shortest
AS_Path list. When the AS_Path attribute is not required in route selection, configure BGP
not to compare the AS_Path lists of routes during route selection.
l In most cases, BGP detects routing loops based on AS number. However, to ensure correct
route transmission on a hub-and-spoke network, you need to configure all the BGP peers
that VPN routes advertised from a hub CE to a spoke CE pass through to accept the routes
with a repeated AS number.
l Public AS numbers can be used on the Internet, but private AS numbers cannot because
they may cause routing loops. To prevent routing loops, configure the AS_Path attribute
to carry only public AS numbers in EBGP Update messages.
l When the AS_Path attribute is reconstructed or summarized routes are generated, you can
set the maximum number of AS numbers in the AS_Path attribute. Then a BGP device
checks whether the number of AS numbers in the AS_Path attribute of a route exceeds the
maximum value. If so, the BGP device discards the route.
l A device usually supports only one BGP process. This indicates that a device supports only
one AS number. In some cases, for example, when network migration changes an AS
number, you can set a fake AS number to ensure successful network migration.
l BGP checks the first AS number in the AS_Path list that is carried in the Update message
sent by an EBGP peer. If the first AS number specifies the AS where the EBGP peer resides,
BGP accepts the Update message. Otherwise, BGP rejects the Update message and
interrupts the EBGP connection. If you do not want BGP to check the first AS number,
disable BGP from checking the first AS number.
Procedure
Step 1 Run:
system-view
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
291
The system view is displayed.
Step 2 Run:
route-policy route-policy-name { deny | permit } node node
A node is configured for a route-policy, and the view of the route-policy is displayed.
Step 3 (Optional) Configure matching rules for the route-policy to change only the community
attributes of the routes meet matching rules.
By default, all routes meet matching rules. For details, see 7.4.2 (Optional) Configuring an if-
match Clause.
Step 4 Run:
apply as-path { as-number | 4as-number } &<1-10> { additive | overwrite }
The AS_Path attribute is set for BGP routes.
Step 5 Run:
quit
Return to the system view.
Step 6 Run:
bgp as-number
The BGP view is displayed.
Step 7 Enter the corresponding address family view based on network type to configure BGP devices
on networks.
l Run:
ipv4-family { unicast | multicast }
The IPv4 address family view is displayed.
Step 8 Add the AS_Path attribute to routes.
l Run:
peer { ipv4-address | group-name } route-policy route-policy-name export
The AS_Path attribute is added to the routes advertised to BGP peers or peer groups.
l Run:
peer { ipv4-address | group-name } route-policy route-policy-name import
The AS_Path attribute is added to the routes received from BGP peers or peer groups.
l Run:
import-route protocol [ process-id ] route-policy route-policy-name
The AS_Path attribute is added to the routes imported by BGP in import mode.
l Run:
network ipv4-address [ mask | mask-length ] route-policy route-policy-name
The AS_Path attribute is added to the routes imported by BGP in network mode.
Step 9 (Optional) Run one of the following commands to configure the AS_Path attribute as required.
l Run:
bestroute as-path-ignore
BGP is configured not to compare the AS_Path attributes of routes during route selection.
By default, BGP compares the AS_Path attributes of routes during route selection.
l Run:
peer { ipv4-address | group-name } allow-as-loop [ number ]
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
292
Repeated local AS numbers are allowed in routes.
By default, repeated local AS number is not allowed.
l Run:
peer { ipv4-address | group-name } public-as-only
BGP is configured to carry only public AS numbers in the AS_Path attribute in an EBGP
Update message.
By default, the AS_Path attribute can carry both public and private AS numbers in an EBGP
Update message.
l Return to the BGP view to configure the AS_Path attribute.
1. Run:
quit
Return to the BGP view.
2. (Optional) Run one of the following commands to configure the AS_Path attribute as
required.
Run:
as-path-limit as-path-limit-num
The maximum number of AS numbers in the AS_Path attribute is set.
By default, the maximum number of AS numbers in the AS_Path attribute is 255.
Run:
peer { ipv4-address | group-name } fake-as as-number
A fake AS number is configured for an EBGP peer group.
By default, EBGP peers establish a connection using a real AS number.
CAUTION
Running the undo check-first-as command increases the probability of routing
loops. Therefore, exercise caution when using this command.
Run:
undo check-first-as
BGP is configured not to check the first AS number in the AS_Path list that is carried
in the Update message sent by an EBGP peer.
By default, BGP checks the first AS number in the AS_Path list that is carried in the
Update message sent by an EBGP peer.
NOTE
When BGP is disabled from checking the first AS number, run the refresh bgp command in
the user view if you want BGP to check the first AS number of received routes.
Step 10 Run:
commit
The configuration is committed.
----End
6.7.6 Configuring the MED Attribute
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
293
Context
The multi-exit discriminator (MED) helps determine the optimal route for incoming traffic of
an AS. It is similar to the metric used in IGP. When a BGP device obtains multiple routes to the
same destination address but with different next hops from EBGP peers, the BGP device selects
the route with the smallest MED value as the optimal route.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bgp as-number
The BGP view is displayed.
Step 3 Enter the corresponding address family view based on network type to configure BGP devices
on networks.
l Run:
ipv4-family { unicast | multicast }
The IPv4 address family view is displayed.
Step 4 Perform one of the following operations as required:
l Run:
default med med
The default MED value is set.
By default, the MED is 0.
l Run:
bestroute med-none-as-maximum
BGP defines the MED value as the maximum value is a route does not have the MED
attribute.
By default, BGP uses the default MED value when a route does not have the MED attribute.
l Run:
compare-different-as-med
BGP is allowed to compare the MED values of routes received from EBGP peers in any
AS.
By default, BGP compares only the MEDs of the routes received from EBGP peers within
the same AS.
Step 5 Run:
commit
The configuration is committed.
----End
6.7.7 Configuring the BGP Community Attribute
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
294
Context
The Community attribute is a private BGP route attribute. It is transmitted between BGP peers
and is not restricted within an AS. The Community attribute allows a group of BGP devices in
multiple ASs to share the same routing policies, which simplifies routing policy applications
and facilitates routing policy management and maintenance. A BGP device can add or change
the community attributes of routes to be advertised.
Extended community attributes are extensions to community attributes in services. Currently,
only the route-target attribute is supported in VPN.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
route-policy route-policy-name { deny | permit } node node
A node is configured for a route-policy, and the view of the route-policy is displayed.
Step 3 (Optional) Configure matching rules for the route-policy to change only the community
attributes of the routes meet matching rules.
By default, all routes meet matching rules. For details, see 7.4.2 (Optional) Configuring an if-
match Clause.
Step 4 Run either of the following commands to configure the Community attribute.
l Run:
apply community { community-number | aa:nn | internet | no-advertise | no-
export | no-export-subconfed } &<1-32> [ additive ]
Common community attributes are configured for BGP routes.
NOTE
This command allows you to configure a maximum of 32 community attributes.
l Run:
apply extcommunity { rt { as-number:nn | ipv4-address:nn } } &<1-16>
[ additive ]
An extended community attribute (route-target) is configured.
Step 5 Run:
quit
Return to the system view.
Step 6 Run:
bgp as-number
The BGP view is displayed.
Step 7 Enter the corresponding address family view based on network type to configure BGP devices
on networks.
l Run:
ipv4-family { unicast | multicast }
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
295
The IPv4 address family view is displayed.
Step 8 Add the Community attribute to routes.
l Run:
peer { ipv4-address | group-name } route-policy route-policy-name export
The Community attribute is added to the routes advertised to BGP peers or peer groups.
l Run:
peer { ipv4-address | group-name } route-policy route-policy-name import
The Community attribute is added to the routes received from BGP peers or peer groups.
l Run:
import-route protocol [ process-id ] route-policy route-policy-name
The Community attribute is added to the routes imported by BGP in import mode.
l Run:
network ipv4-address [ mask | mask-length ] route-policy route-policy-name
The Community attribute is added to the routes imported by BGP in network mode.
NOTE
Step 9 is required only when the Community attribute needs to be added to the routes advertised to BGP
peers or peer groups.
Step 9 (Optional) Allow BGP to advertise community attributes when BGP adds community attributes
to the routes advertised to BGP peers or peer groups.
l Run:
peer { ipv4-address | group-name } advertise-community
BGP is allowed to advertise community attributes to BGP peers or peer groups.
By default, BGP does not advertise community attributes to any peer or peer group.
l Run:
peer { ipv4-address | group-name } advertise-ext-community
BGP is allowed to advertise extended community attributes to BGP peers or peer groups.
By default, BGP does not advertise extended community attributes to any peer or peer group.
Step 10 Run:
commit
The configuration is committed.
----End
6.7.8 Configuring BGP Load Balancing
Context
On large networks, there may be multiple valid routes to the same destination. BGP, however,
advertises only the optimal route to its peers. This may result in unbalanced traffic on different
routes. Configuring BGP load balancing better utilizes network resources and reduces network
congestion.
Equal-cost BGP routes can be generated for traffic load balancing only when the first eight route
attributes described in "BGP Route Selection Policies" are the same, and the AS_Path attributes
are also the same. You can change load balancing rules by performing some configurations, for
example, ignoring the comparison of the AS_Path attribute or IGP metric. When performing
these configurations, ensure that these configurations do not result in routing loops.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
296
NOTE
If BGP load balancing is configured, the local device changes the next-hop address of routes to its address
when advertising routes to IBGP peer groups, regardless of whether the peer next-hop-local command is
used.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bgp as-number
The BGP view is displayed.
Step 3 Enter the corresponding address family view based on network type to configure BGP devices
on networks.
l Run:
ipv4-family { unicast | multicast }
The IPv4 address family view is displayed.
Step 4 Run:
maximum load-balancing [ ebgp | ibgp ] number [ ecmp-nexthop-changed ]
The maximum number of BGP routes to be used for load balancing is set.
By default, the maximum number of BGP routes to be used for load balancing is 1, indicating
that load balancing is not performed.
NOTE
l On a public network, if the routes to the same destination implement load balancing, the system will
determine the type of the optimal route. If the optimal routes are IBGP routes, only IBGP routes carry
out load balancing. If the optimal routes are EBGP routes, only EBGP routes carry out load balancing.
This means that load balancing cannot be implemented among IBGP and EBGP routes with the same
destination address.
l On an IPv4 multicast network, BGP compares the AS_Path attributes of the routes to be used for load
balancing. In this case, step 5 is not supported.
CAUTION
Configuring BGP not to compare the AS_Path attributes of the routes to be used for load
balancing may cause routing loops.
Step 5 (Optional) Run:
load-balancing as-path-ignore
BGP is configured not to compare the AS_Path attributes of the routes to be used for load
balancing.
By default, BGP compares the AS_Path attributes of the routes to be used for load balancing.
Step 6 Run:
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
297
commit
The configuration is committed.
----End
6.7.9 Checking the Configuration
Procedure
l Run the display bgp paths [ as-regular-expression ] command to check information about
BGP AS_Path.
l Run the display bgp routing-table different-origin-as command to check the routes with
the same destination address but different origin ASs.
l Run the display bgp routing-table regular-expression as-regular-expression command
to check information about routes that match the AS regular expression.
l Run the display bgp routing-table [ network [ { mask | mask-length } [ longer-
prefixes ] ] ] command to check routing information in a BGP routing table.
l Run the display bgp routing-table community [ community-number | aa:nn ] &<1-33>
[ internet | no-advertise | no-export | no-export-subconfed ]
*
[ whole-match ] command
to check routing information with the specified BGP community.
l Run the display bgp routing-table community-filter { { community-filter-name | basic-
community-filter-number } [ whole-match ] | advanced-community-filter-number }
command to check information about routes matching a specified BGP community filter.
l Run the display bgp multicast routing-table [ ip-address [ mask-length [ longer-
prefixes ] | mask [ longer-prefixes ] ] ] command to check the MBGP routing table.
l Run the display bgp multicast routing-table statistics command to check statistics about
the MBGP routing table.
----End
6.8 Controlling the Receiving and Advertisement of BGP
Routes
Controlling the receiving and advertisement of BGP routes can reduce the routing table size and
improve network security.
Pre-configuration Tasks
Before controlling the receiving and advertisement of BGP routes, complete the following task:
l Configuring Basic BGP Functions
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
298
Configuration Flowchart
Figure 6-2 Flowchart of controlling the receiving and advertisement of BGP routes
Controlling the
Advertisement of BGP
Routes
Configuring BGP Soft
Reset
Required steps
Configuring a Routing
Policy
Controlling the Receiving
of BGP Routes
6.8.1 Configuring a Routing Policy
Context
Before controlling the receiving and advertisement of BGP routes, configure routing policies or
filters of routing policies for route selection. For details, see "Routing Policy Configuration" in
the CloudEngine 6800&5800 Series Switches Configuration Guide - IP Routing.
6.8.2 Controlling the Advertisement of BGP Routes
Context
There are usually a large number of routes in a BGP routing table. Transmitting a great deal of
routing information brings a heavy load to devices. Routes to be advertised need to be controlled
to address this problem. You can configure devices to advertise only routes that these devices
want to advertise or routes that their peers require. Multiple routes to the same destination may
exist and traverse different ASs. Routes to be advertised need to be filtered in order to direct
routes to specific ASs.
Procedure
l Configure a BGP device to advertise routes to all peers or peer groups.
You can configure a BGP device to filter routes to be advertised.
1. Run:
system-view
The system view is displayed.
2. Run:
bgp as-number
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
299
The BGP view is displayed.
3. Enter the corresponding address family view based on network type to configure BGP
devices on networks.
Run:
ipv4-family { unicast | multicast }
The IPv4 address family view is displayed.
4. Perform either of the following operations to configure the BGP device to advertise
routes to all peers or peer groups:
To filter routes based on an ACL, run the filter-policy { acl-number | acl-name
acl-name } export [ protocol [ process-id ] ] command.
To filter routes based on an IP prefix list, run the filter-policy ip-prefix ip-prefix-
name export [ protocol [ process-id ] ] command.
NOTE
If an ACL has been referenced in the filter-policy command but no VPN instance is specified
in the ACL rule, BGP will filter routes including public and private network routes in all address
families. If a VPN instance is specified in the ACL rule, only the data traffic from the VPN
instance will be filtered, and no route of this VPN instance will be filtered.
5. Run:
commit
The configuration is committed.
l Configure a BGP device to advertise routes to a specific peer or peer group.
1. Run:
system-view
The system view is displayed.
2. Run:
bgp as-number
The BGP view is displayed.
3. Enter the corresponding address family view based on network type to configure BGP
devices on networks.
Run:
ipv4-family { unicast | multicast }
The IPv4 address family view is displayed.
4. Perform any of the following operations to configure the BGP device to advertise
routes to a specific peer or peer group:
To filter routes based on an ACL, run the peer { group-name | ipv4-address }
filter-policy { acl-number | acl-name acl-name } export command.
To filter routes based on an IP prefix list, run the peer { ipv4-address | group-
name } ip-prefix ip-prefix-name export command.
To filter routes based on an AS_Path filter, run the peer { ipv4-address | group-
name } as-path-filter as-path-filter-number export command.
To filter routes based on a route-policy, run the peer { ipv4-address | group-
name } route-policy route-policy-name export command.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
300
NOTE
The routing policy applied in the peer route-policy export command does not support a
specific interface as one matching rule. That is, the routing policy does not support the if-match
interface command.
5. Run:
commit
The configuration is committed.
----End
6.8.3 Controlling the Receiving of BGP Routes
Context
When a BGP device is attacked or network configuration errors occur, the BGP device will
receive a large number of routes from its neighbor. As a result, many device resources are
consumed. Therefore, the administrator must limit the resources used by the device based on
network planning and device capacity. BGP provides peer-based route control to limit the
number of routes to be sent by a neighbor. This addresses the preceding problem.
Procedure
l Configure a BGP device to receive routes from all its peers or peer groups.
1. Run:
system-view
The system view is displayed.
2. Run:
bgp as-number
The BGP view is displayed.
3. Enter the corresponding address family view based on network type to configure BGP
devices on networks.
Run:
ipv4-family { unicast | multicast }
The IPv4 address family view is displayed.
4. Perform either of the following operations to configure the BGP device to filter the
routes received from all its peers or peer groups:
To filter routes based on an ACL, run the filter-policy { acl-number | acl-name
acl-name } import command.
To filter routes based on an IP prefix list, run the filter-policy ip-prefix ip-prefix-
name import command.
NOTE
If an ACL has been referenced in the filter-policy command but no VPN instance is specified
in the ACL rule, BGP will filter routes including public and private network routes in all address
families. If a VPN instance is specified in the ACL rule, only the data traffic from the VPN
instance will be filtered, and no route of this VPN instance will be filtered.
5. Run:
commit
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
301
The configuration is committed.
l Configure a BGP device to receive routes from a specific peer or peer group.
1. Run:
system-view
The system view is displayed.
2. Run:
bgp as-number
The BGP view is displayed.
3. Enter the corresponding address family view based on network type to configure BGP
devices on networks.
Run:
ipv4-family { unicast | multicast }
The IPv4 address family view is displayed.
4. Perform any of the following operations to configure the BGP device to filter the
routes received from a specific peer or peer group:
To filter routes based on an ACL, run the peer { group-name | ipv4-address }
filter-policy { acl-number | acl-name acl-name } import command.
To filter routes based on an IP prefix list, run the peer { ipv4-address | group-
name } ip-prefix ip-prefix-name import command.
To filter routes based on an AS_Path filter, run the peer { ipv4-address | group-
name } as-path-filter as-path-filter-number import command.
To filter routes based on a route-policy, run the peer { ipv4-address | group-
name } route-policy route-policy-name import command.
NOTE
The routing policy applied in the peer route-policy import command does not support a
specific interface as one matching rule. That is, the routing policy does not support the if-match
interface command.
CAUTION
If the number of routes received by the local device exceeds the upper limit and the
peer route-limit command is used for the first time, the local device and its peer
reestablish the peer relationship, regardless of whether alert-only is set.
5. (Optional) Run:
peer { group-name | ipv4-address } route-limit limit [ percentage ]
[ alert-only | idle-forever | idle-timeout times ]
The maximum number of routes that can be received from the peer or peer group is
set.
6. Run:
commit
The configuration is committed.
----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
302
6.8.4 Configuring BGP Soft Reset
Context
After changing a BGP import policy, you must reset BGP connections for the new import policy
to take effect. This, however, interrupts these BGP connections temporarily. BGP route-refresh
allows the system to softly reset BGP connections to refresh a BGP routing table without tearing
down any BGP connection. If a device's peer does not support route-refresh, configure the device
to remain all routing updates received from the peer so that the device can refresh its routing
table without tearing down the BGP connection with the peer.
Procedure
l If a device's peer supports route-refresh, configure the device to softly reset the BGP
connection with the peer and update the BGP routing table.
1. Run:
system-view
The system view is displayed.
2. Run:
bgp as-number
The BGP view is displayed.
3. (Optional) Run:
peer { ipv4-address | group-name } capability-advertise route-refresh
Route-refresh is enabled.
By default, route-refresh is enabled.
4. Run:
commit
The configuration is committed.
5. Run:
quit
Return to the system view.
6. Run:
quit
Return to the user view.
7. Run:
refresh bgp [ vpn-instance vpn-instance-name ipv4-family ] { all | ipv4-
address | group group-name | external | internal } { export | import }
or run :
BGP soft reset is configured.
l If a device's peer does not support route-refresh, configure the device to remain all routing
updates received from the peer so that the device can refresh its routing table without tearing
down the BGP connection with the peer.
1. Run:
system-view
The system view is displayed.
2. Run:
bgp as-number
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
303
The BGP view is displayed.
3. Enter the corresponding address family view based on network type to configure BGP
devices on networks.
Run:
ipv4-family { unicast | multicast }
The IPv4 address family view is displayed.
CAUTION
If the peer keep-all-routes command is used on the device for the first time, the
sessions between the device and its peers are reestablished.
The refresh bgp command takes effect when the peer keep-all-routes command is
used on the device supporting route-refresh.
4. Run:
peer { ipv4-address | group-name } keep-all-routes
The device is configured to store all the routing updates received from its peers or
peer groups.
By default, the device stores only the routing updates that are received from peers or
peer groups and match a configured import policy.
5. Run:
commit
The configuration is committed.
----End
6.8.5 Checking the Configuration
Procedure
l Run the display ip as-path-filter [ as-path-filter-number | as-path-filter-name ] command
to check information about a configured AS_Path filter.
l Run the display ip community-filter [ basic-comm-filter-num | adv-comm-filter-num |
comm-filter-name ] command to check information about a configured community filter.
l Run the display ip extcommunity-filter [ extcomm-filter-number ] command to check
information about a configured extcommunity filter.
l Run the display bgp routing-table as-path-filter as-path-filter as-path-filter-number
command to check information about routes matching a specified AS_Path filter.
l Run the display bgp routing-table community-filter { { community-filter-name | basic-
community-filter-number } [ whole-match ] | advanced-community-filter-number }
command to check information about routes matching a specified BGP community filter.
l Run the display bgp routing-table peer ipv4-address received-routes [ active ]
[ statistics ] command to check information about routes received by a BGP device from
its peers.
l Run the display bgp multicast routing-table different-origin-as command to check
information about MBGP routes with different origin ASs.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
304
l Run the display bgp multicast routing-table regular-expression as-regular-expression
to check information about MBGP routes matching the AS regular expression.
l Run the display bgp multicast paths as-regular-expression command to check
information about AS paths.
l Run the display bgp multicast routing-table as-path-filter as-path-filter-number
command to check information about MBGP routes matching the AS_Path filter.
l Run the display bgp multicast routing-table community-filter { { community-filter-
name | basic-community-filter-number } [ whole-match ] | advanced-community-filter-
number } command to check information about routes matching a specified MBGP
community filter.
l Run the display bgp multicast routing-table peer peer-address { advertised-routes |
received-routes [ active ] } [ statistics ] command to check information about routes that
are sent by and received from the specified MBGP peer.
l Run the display bgp multicast network command to check the routing information that
MBGP advertises.
----End
6.9 Adjusting the BGP Network Convergence Speed
You can configure BGP timers, disable rapid EBGP connection reset, and configure BGP route
dampening to speed up BGP network convergence and improve BGP security.
Pre-configuration Tasks
Before configuring adjusting the BGP network convergence speed, complete the following task:
l Configuring Basic BGP Functions
Configuration Flowchart
You can perform the following configuration tasks as required. The following configuration
tasks (excluding the task of checking the configuration) can be performed at any sequence.
6.9.1 Configuring a BGP ConnectRetry Timer
Context
After BGP initiates a TCP connection, the ConnectRetry timer will be stopped if the TCP
connection is established successfully. If the first attempt to establish a TCP connection fails,
BGP tries again to establish the TCP connection after the ConnectRetry timer expires.
l Setting a short ConnectRetry interval reduces the period BGP waits between attempts to
establish a TCP connection. This speeds up the establishment of the TCP connection.
l Setting a long connectRetry interval suppresses routing flapping caused by peer relationship
flapping.
A ConnectRetry timer can be configured either for all peers or peer groups, or for a specific peer
or peer group. A ConnectRetry timer configured for a specific peer takes precedence over that
configured for the peer group of this peer. In addition, a ConnectRetry timer configured for a
specific peer or peer group takes precedence over that configured for all peers or peer groups.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
305
Procedure
l Configure a BGP ConnectRetry timer for all peers or peer groups.
1. Run:
system-view
The system view is displayed.
2. Run:
bgp as-number
The BGP view is displayed.
3. Run:
timer connect-retry connect-retry-time
A BGP ConnectRetry timer is configured for all peers or peer groups.
By default, the ConnectRetry timer value is 32s.
4. Run:
commit
The configuration is committed.
l Configure a ConnectRetry timer for a specific peer or peer group.
1. Run:
system-view
The system view is displayed.
2. Run:
bgp as-number
The BGP view is displayed.
3. Run:
peer { group-name | ipv4-address } timer connect-retry connect-retry-time
A ConnectRetry timer is configured for a specific peer or peer group.
By default, the ConnectRetry timer value is 32s.
4. Run:
commit
The configuration is committed.
----End
6.9.2 Configuring BGP Keepalive and Hold Timers
Context
Keepalive messages are used by BGP to maintain peer relationships.
l If short Keepalive time and holdtime are set, BGP can detect a link fault quickly. This
speeds up BGP network convergence, but increases the number of Keepalive messages on
the network and loads of devices, and consumes more network bandwidth resources.
l If long Keepalive time and holdtime are set, the number of Keepalive messages on the
network is reduced, loads of devices are reduced, and fewer network bandwidth are
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
306
consumed. If the Keepalive time is too long, BGP is unable to detect link status changes in
a timely manner. This is unhelpful for implementing rapid BGP network convergence and
may cause many packets to be lost.
Keepalive and hold timers can be configured either for all peers or peer groups, or for a specific
peer or peer group. Keepalive and hold timers configured for a specific peer take precedence
over those configured for the peer group of this peer. In addition, Keepalive and hold timers
configured for a specific peer or peer group take precedence over those configured for all peers
or peer groups.
CAUTION
Changing timer values using the timer command or the peer timer command interrupts BGP
peer relationships between switchs.
Setting the Keepalive time to 20s is recommended. If the Keepalive time is smaller than 20s,
sessions between peers may be closed.
Procedure
l Configure BGP timers for all peers or peer groups.
1. Run:
system-view
The system view is displayed.
2. Run:
bgp as-number
The BGP view is displayed.
3. Run:
timer keepalive keepalive-time hold hold-time
BGP timers are configured.
The proper maximum interval at which Keepalive messages are sent is one third the
holdtime. By default, the Keepalive time is 60s and the holdtime is 180s.
4. Run:
commit
The configuration is committed.
l Configure BGP timers for a specific peer or peer group.
1. Run:
system-view
The system view is displayed.
2. Run:
bgp as-number
The BGP view is displayed.
3. Run:
peer { ipv4-address | group-name } timer keepalive keepalive-time hold
hold-time
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
307
The Keepalive and hold timers are configured for a specific peer or peer group.
The proper maximum interval at which Keepalive messages are sent is one third the
holdtime. By default, the Keepalive time is 60s and the holdtime is 180s.
4. Run:
commit
The configuration is committed.
----End
6.9.3 Configuring a Update Message Timer
Context
BGP does not periodically update a routing table. When BGP routes change, BGP updates the
changed BGP routes in the BGP routing table by sending Update messages.
l If a short Update message interval is set, BGP can fast detect route changes. This speeds
up BGP network convergence, but increases the number of Update messages on the network
and loads of devices, and consumes more network bandwidth resources.
l If a long Update message interval is set, the number of Update messages on the network is
reduced, loads of devices are reduced, and fewer network bandwidth are consumed. This
avoids network flapping. If the Update message interval is too long, BGP is unable to detect
route changes in a timely manner. This is unhelpful for implementing rapid BGP network
convergence and may cause many packets to be lost.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bgp as-number
The BGP view is displayed.
Step 3 Enter the corresponding address family view based on network type to configure BGP devices
on networks.
l Run:
ipv4-family { unicast | multicast }
The IPv4 address family view is displayed.
Step 4 Run:
peer { ipv4-address | group-name } route-update-interval interval
An Update message timer is configured.
By default, the interval at which Update messages are sent to IBGP peers is 15s, and the interval
at which Update messages are sent to EBGP peers is 30s.
Step 5 Run:
commit
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
308
The configuration is committed.
----End
6.9.4 Disabling Rapid EBGP Connection Reset
Context
Rapid EBGP connection reset is enabled by default. This allows BGP to immediately respond
to a fault on an interface and delete the direct EBGP sessions on the interface without waiting
for the hold timer to expire and implements rapid BGP network convergence.
If the status of an interface used to establish an EBGP connection changes frequently, the EBGP
session will be deleted and reestablished repeatedly, causing network flapping. Rapid EBGP
connection reset can be disabled in such a situation. BGP will delete direct EBGP sessions on
the interface until the hold timer expires. This suppresses BGP network flapping, helps
implement rapid BGP network convergence, and reduces network bandwidth consumption.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bgp as-number
The BGP view is displayed.
Step 3 Run:
undo ebgp-interface-sensitive
Rapid EBGP connection reset is disabled.
By default, rapid EBGP connection reset is enabled.
NOTE
Rapid EBGP connection reset enables BGP to quickly respond to interface faults but does not enable BGP
to quickly respond to interface recovery. After the interface recovers, BGP uses its state machine to restore
relevant sessions.
Rapid EBGP connection reset is disabled in a situation where the status of an interface used to establish
an EBGP connection changes frequently. If the status of the interface becomes stable, run the ebgp-
interface-sensitive command to enable rapid EBGP connection reset to implement rapid BGP network
convergence.
Step 4 Run:
commit
The configuration is committed.
----End
6.9.5 Configuring BGP Route Dampening
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
309
Context
A route is considered to be flapping when it repeatedly appears and then disappears in the routing
table. BGP generally applies to complex networks where routes change frequently. Frequent
route flapping consumes lots of bandwidths and CPU resources and even affects normal network
operation. BGP route dampening prevents frequent route flapping.
BGP can differentiate routes based on policies and use different route dampening parameters to
suppress different routes. For example, on a network, you can set a long suppression time for
routes with a long mask and set a short suppression time for routes with a short mask (such as
8-bit mask).
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bgp as-number
The BGP view is displayed.
Step 3 Enter the corresponding address family view based on network type to configure BGP devices
on networks.
l Run:
ipv4-family { unicast | multicast }
The IPv4 address family view is displayed.
Step 4 Run:
dampening [ half-life-reach reuse suppress ceiling | route-policy route-policy-
name ]
*
BGP route dampening parameters are configured.
Step 5 Run:
commit
The configuration is committed.
----End
6.9.6 Checking the Configuration
Procedure
l Run the display bgp peer [ verbose ] command to check information about all BGP peers.
l Run the display bgp group [ group-name ] command to check information about the
specified BGP peer group.
l Run the display bgp routing-table dampened command to check dampened BGP routes.
l Run the display bgp routing-table dampening parameter command to check configured
BGP route dampening parameters.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
310
l Run the display bgp routing-table flap-info [ regular-expression as-regular-
expression | as-path-filter as-path-filter-number | network-address [ { mask | mask-
length } [ longer-match ] ] ] command to check route flapping statistics.
l Run the display bgp multicast routing-table dampened command to check dampened
MBGP routes.
l Run the display bgp multicast routing-table dampening parameter command to check
MBGP route dampening parameters.
l Run the following commands to check statistics about flapping MBGP routes.
display bgp multicast routing-table flap-info [ ip-address [ mask [ longer-match ] |
mask-length [ longer-match ] ] | as-path-filter as-path-filter-number | regular-
expression as-regular-expression ]
display bgp multicast routing-table flap-info as-regular-expression
----End
6.10 Configuring BGP Reliability
You can configure association between BGP and BFD, BGP Auto FRR, and BGP GR helper to
speed up BGP network convergence and improve BGP reliability.
Pre-configuration Tasks
Before configuring BGP reliability, complete the following task:
l Configuring Basic BGP Functions
Configuration Flowchart
You can perform the following configuration tasks as required. The following configuration
tasks can be performed at any sequence.
6.10.1 Configuring Association Between BGP and BFD
Context
BGP periodically sends Keepalive messages to its peers to detect the status of its peers. It takes
more than 1 minute for this detection mechanism to detect a fault. When data is transmitted at
gigabit rates, long-time fault detection will cause packet loss. This cannot meet high reliability
requirements of carrier-class networks. Association between BGP and BFD can solve this
problem. BFD is a millisecond-level fault detection mechanism. It can detect faults on the link
between BGP peers within 50 ms. Therefore, BFD can speed up BGP route convergence, ensures
fast link switching, and reduces traffic loss.
When a peer joins a peer group on which BFD is enabled, BFD also takes effect on the peer and
a BFD session is created on the peer. To prevent BFD from taking effect on the peer, run the
peer bfd block command.
By default, Huawei devices establish multi-hop IBGP sessions with each other. When a Huawei
device communicates with a non-Huawei device that establishes a single-hop IBGP session by
default, you are advised to configure only association between IGP and BFD or association
between IBGP and BFD.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
311
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bfd
Global BFD is enabled on the local device.
Step 3 Run:
quit
Return to the system view.
Step 4 Run:
bgp as-number
The BGP view is displayed.
Step 5 Run:
peer { group-name | ipv4-address } bfd enable
BFD is configured for the peer or peer group, and default BFD parameters are used to establish
BFD sessions.
If BFD is configured for a peer group, BFD sessions are created for the peers on which the peer
bfd block command is not used.
Step 6 Run:
peer { group-name | ipv4-address } bfd { min-tx-interval min-tx-interval | min-rx-
interval min-rx-interval | detect-multiplier multiplier }
*
BFD session parameters are configured.
Step 7 (Optional) Run:
peer ipv4-address bfd block
The peer is disabled from inheriting the BFD function of the peer group to which the peer belongs.
NOTE
l BFD sessions are established when they are in Established state.
l If BFD parameters are configured on a peer, BFD sessions are established using these parameters.
l The peer ipv4-address bfd block and peer ipv4-address bfd enable commands are mutually exclusive.
The two commands can be configured on a peer simultaneously.
Step 8 Run:
commit
The configuration is committed.
----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
312
Checking the Configuration
l Run the display bgp bfd session { [ vpnv4 vpn-instance vpn-instance-name ] peer ipv4-
address | all } command to check information about the BFD sessions established between
BGP peers.
l Run the display bgp [ vpnv4 vpn-instance vpn-instance-name ] peer [ [ ipv4-address ]
verbose ] command to check information about BGP peers.
l Run the display bgp group [ group-name ] command to check information about the
specified BGP peer group.
l Run the display bgp vpnv4 { all | vpn-instance vpn-instance-name } group [ group-
name ] command to check information about the BGP VPNv4 peer group.
6.10.2 Configuring BGP Auto FRR
Context
On a traditional IP network, it often takes the routing system several seconds to complete route
convergence after a link fault is detected. This convergence speed cannot meet requirements of
the services that require a low delay and low packet loss ratio because it may lead to service
interruption. For example, Voice over Internet Protocol (VoIP) services are only tolerant of
millisecond-level interruption. BGP Auto Fast Reroute (FRR) implements route convergence at
the millisecond level after a fault is detected at the physical layer or link layer. BGP Auto FRR
reduces the impact of link faults on services.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bgp as-number
The BGP view is displayed.
Step 3 Enter the corresponding address family view based on network type to configure BGP devices
on networks.
l Run:
ipv4-family unicast
The IPv4 address family view is displayed.
Step 4 Run:
auto-frr
BGP Auto FRR is enabled for unicast routes.
By default, BGP Auto FRR is not enabled for unicast routes.
Step 5 Run:
commit
The configuration is committed.
----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
313
Checking the Configuration
l Run the display ip routing-table [ vpn-instance vpn-instance-name ] [ ipv4-address
[ mask | mask-length ] [ longer-match ] ] verbose command to check backup forwarding
information about routes in the IP routing table.
6.10.3 Configuring the BGP GR Helper Function
Context
BGP restart causes peer relationships reestablishment and traffic interruption. Graceful restart
(GR) ensures uninterrupted traffic interruption in the case of BGP restart.
NOTE
Currently, devices support only the GR helper function, and the GR restarter function is implemented using
non-stop routing (NSR). NSR does not need to be configured.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bgp as-number
The BGP view is displayed.
Step 3 Run:
graceful-restart
BGP GR is enabled.
By default, BGP GR is disabled.
Step 4 (Optional) Run:
graceful-restart timer wait-for-rib timer
The time during which the restarting speaker and receiving speaker wait for End-of-RIB
messages is set.
By default, the time for waiting for End-of-RIB messages is 600 seconds.
Step 5 Run:
commit
The configuration is committed.
----End
Checking the Configuration
l Run the display bgp peer verbose command to check detailed information about BGP
peers.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
314
6.11 Configuring BGP Route Summarization
On IPv4 networks, BGP supports automatic route summarization and manual route
summarization. Manual route summarization takes precedence over automatic route
summarization.
Pre-configuration Tasks
Before configuring BGP route summarization, complete the following task:
l Configuring Basic BGP Functions
Procedure
l Configure automatic route summarization.
1. Run:
system-view
The system view is displayed.
2. Run:
bgp as-number
The BGP view is displayed.
3. Enter the corresponding address family view based on network type to configure BGP
devices on networks.
Run:
ipv4-family { unicast | multicast }
The IPv4 address family view is displayed.
4. Run:
summary automatic
BGP summarizes subnet routes based on natural mask.
NOTE
The command summarizes the routes imported by BGP. These routes can be direct routes, static
routes, RIP routes, OSPF routes, or IS-IS routes. The command, however, is invalid for the routes
imported using the network command.
5. Run:
commit
The configuration is committed.
l Configure manual route summarization.
1. Run:
system-view
The system view is displayed.
2. Run:
bgp as-number
The BGP view is displayed.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
315
3. Enter the corresponding address family view based on network type to configure BGP
devices on networks.
Run:
ipv4-family { unicast | multicast }
The IPv4 address family view is displayed.
4. Perform any of the following operations to configure manual route summarization.
To advertise the summarized routes and specific routes, run the aggregate ipv4-
address { mask | mask-length } command.
To advertise only the summarized routes, run the aggregate ipv4-address
{ mask | mask-length } detail-suppressed command.
To advertise the summarized routes and specific routes that meet the specified
route-policy, run the aggregate ipv4-address { mask | mask-length } suppress-
policy route-policy-name command.
To advertise the summarized routes of which the AS_Set attribute helps detect
routing loops, run the aggregate ipv4-address { mask | mask-length } as-set
command.
To set attributes for the summarized routes, run the aggregate ipv4-address
{ mask | mask-length } attribute-policy route-policy-name command.
To summarize the specific routes that meet the specified route-policy, run the
aggregate ipv4-address { mask | mask-length } origin-policy route-policy-name
command.
NOTE
Manual route summarization is valid for the routes in the local BGP routing table. For example, if
the local BGP routing table does not contain routes with mask longer than 16 bits, such as 10.1.1.1/24,
BGP will not generate an aggregated route for it even if the aggregate 10.1.1.1 16 command is used.
5. Run:
commit
The configuration is committed.
----End
Checking the Configuration
l Run the display bgp routing-table [ network [ { mask | mask-length } [ longer-
prefixes ] ] ] command to check information about summarized routes.
l Run the display bgp multicast routing-table [ ip-address [ mask-length [ longer-
prefixes ] | mask [ longer-prefixes ] ] ] command to check the MBGP routing table.
6.12 Configuring On-demand Route Advertisement
If a BGP device only wants to received required routes but its peer cannot maintain different
export policies for connected devices, you can configure prefix-based BGP outbound route
filtering (ORF) to meet this requirement.
Pre-configuration Tasks
Before configuring prefix-based BGP ORF, complete the following tasks:
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
316
l Configuring Basic BGP Functions
l Configuring an IP Prefix List
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bgp as-number
The BGP view is displayed.
Step 3 Run:
ipv4-family unicast
The IPv4 unicast address family view is displayed.
Step 4 Run:
peer { group-name | ipv4-address } ip-prefix ip-prefix-name import
A prefix-based import policy is configured for a peer or peer group.
Step 5 Run:
peer { group-name | ipv4-address } capability-advertise orf [ non-standard-
compatible ] ip-prefix { both | receive | send }
Prefix-based ORF is enabled for a peer or peer group.
By default, prefix-based ORF is disabled for a peer or peer group.
Step 6 Run:
commit
The configuration is committed.
----End
Checking the Configuration
l Run the display bgp peer [ ipv4-address ] verbose command to check detailed information
about BGP peers.
l Run the display bgp peer ipv4-address orf ip-prefix command to check prefix-based BGP
ORF information received from a specified peer.
6.13 Configuring BGP to Advertise Default Routes to Peers
If a BGP device needs to send multiple routes to its peer, the BGP device can be configured to
send only a default route with the local address as the next-hop address to its peer, regardless of
whether there are default routes in the local routing table. This function reduces the number of
network routes and saves memory and network resources.
Pre-configuration Tasks
Before configuring BGP to send default routes to peers, complete the following task:
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
317
l Configuring Basic BGP Functions
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bgp as-number
The BGP view is displayed.
Step 3 Enter the corresponding address family view based on network type to configure BGP devices
on networks.
l Run:
ipv4-family { unicast | multicast }
The IPv4 address family view is displayed.
Step 4 Run:
peer { group-name | ipv4-address } default-route-advertise [ route-policy route-
policy-name ] [ conditional-route-match-all { ipv4-address1 { mask1 | mask-
length1 } } &<1-4> | conditional-route-match-any { ipv4-address2 { mask2 | mask-
length2 } } &<1-4> ]
A BGP device is configured to send default routes to a peer or peer group.
NOTE
The conditional-route-match-all and conditional-route-match-any keywords are not supported in the IPv4
multicast address family view and the IPv6 address family view.
Step 5 Run:
commit
The configuration is committed.
----End
Checking the Configuration
l Run the display bgp routing-table [ ipv4-address [ mask | mask-length ] ] command to
check received BGP default routes.
l Run the display bgp multicast routing-table [ ip-address [ mask-length [ longer-
prefixes ] | mask [ longer-prefixes ] ] ] command to check received MBGP default routes.
6.14 Configuring MP-BGP
Multiprotocol BGP (MP-BGP) enables BGP to support IPv4 unicast networks and IPv4
multicast networks.
Pre-configuration Tasks
Before configuring MP-BGP, complete the following task:
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
318
l 6.4.1 Starting a BGP Process
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bgp as-number
BGP is started, the local AS number is specified, and the BGP view is displayed.
Step 3 Enter the corresponding address family view based on network type to configure BGP devices
on networks.
l Run:
ipv4-family unicast
The BGP-IPv4 unicast address family view is displayed.
l Run:
ipv4-family vpnv4
The BGP-VPNv4 address family view is displayed.
l Run:
ipv4-family vpn-instance vpn-instance-name
The BGP-VPN instance IPv4 address family view is displayed.
l Run:
ipv4-family multicast
The BGP-IPv4 multicast address family view is displayed.
NOTE
l Different extended BGP functions must be configured in their respective address family views, while
common BGP functions are configured in the BGP view.
l The Switch supports the following MBGP features: basic BGP functions, BGP security (MD5
authentication and keychain authentication), simplifying IBGP network connections (route reflector
and confederation), BGP route selection and load balancing, controlling the receiving and
advertisement of BGP routes, adjusting the BGP network convergence speed, BGP reliability, BGP
route summarization, and advertising default routs to peers.
----End
6.15 Maintaining BGP
Maintaining BGP includes resetting BGP connections and clearing BGP statistics.
6.15.1 Resetting BGP Connections
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
319
Context
CAUTION
Running the reset bgp command to reset BGP connections will interrupt BGP peer relationships
between BGP devices. Exercise caution when you use this command.
When the BGP routing policy changes, for example, the switch does not support the route-refresh
capability, reset BGP connections to make the modification take effect.
Procedure
l To reset all BGP connections, run the reset bgp all command in the user view.
l To reset the BGP connection with a specified AS, run the reset bgp as-number command
in the user view.
l To reset the BGP connection with a specified peer, run the reset bgp ipv4-address
command in the user view.
l To reset all EBGP connections, run the reset bgp external command in the user view.
l To reset the BGP connection with a specified peer group, run the reset bgp group group-
name command in the user view.
l To reset all IBGP connections, run the reset bgp internal command in the user view.
l To reset the MBGP connection with a specified peer, run the reset bgp multicast peer-
address command in the user view.
l To reset all MBGP connections, run the reset bgp multicast all command in the user view.
l To reset the MBGP connection with all the peers in a specified peer group, run the reset
bgp multicast group group-name command in the user view.
l To reset all external connections, run the reset bgp multicast external command in the
user view.
l To reset all internal connections, run the reset bgp multicast internal command in the
user view.
----End
6.15.2 Clearing BGP Statistics
Context
CAUTION
BGP statistics cannot be restored after being cleared. Exercise caution when you reset BGP
statistics.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
320
Procedure
l To clear route flapping statistics, run the reset bgp flap-info [ regexp as-path-regexp | as-
path-filter as-path-filter-number | ipv4-address [ mask | mask-length ] ] command in the
user view.
l To clear route flapping statistics on a specified peer, run the reset bgp ipv4-address flap-
info command in the user view.
l To clear route dampening statistics and release suppressed routes, run the reset bgp
dampening [ ipv4-address [ mask | mask-length ] ] command in the user view.
l To clear MBGP route dampening statistics, run the reset bgp multicast dampening [ ip-
address [ mask | mask-length ] ] command in the user view.
l To clear MBGP route flapping statistics, run the reset bgp multicast flap-info [ ip-
address [ mask | mask-length ] | as-path-filter as-path-list-number | regrexp regrexp ]
command in the user view.
----End
6.16 Configuration Examples
The section provides BGP configuration examples, including networking requirements,
networking diagram, configuration roadmap, and configuration procedure.
6.16.1 Example for Configuring Basic BGP Functions
Networking Requirements
As shown in Figure 6-3, BGP runs between Switches; an EBGP connection is established
between SwitchA and SwitchB; IBGP full-mesh connections are established between SwitchB,
SwitchC, and SwitchD.
Figure 6-3 Networking diagram of configuring basic BGP functions
10GE1/0/1
VLANIF10
200.1.1.2/24
10GE1/0/1
VLANIF30
9.1.1.2/24
10GE1/0/1
VLANIF20
9.1.3.2/24 10GE1/0/1
VLANIF10
200.1.1.1/24
10GE1/0/2
VLANIF40
9.1.2.1/24
10GE1/0/2
VLANIF40
9.1.2.2/24
10GE1/0/2
VLANIF20
9.1.3.1/24
10GE1/0/3
VLANIF30
9.1.1.1/24
10GE1/0/2
VLANIF50
8.1.1.1/8
SwitchA
SwitchB
SwitchD
SwitchC
AS65008 AS65009

Configuration Roadmap
The configuration roadmap is as follows:
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
321
1. Configure IBGP connections between SwitchB, SwitchC, and SwitchD.
2. Configure an EBGP connection between SwitchA and SwitchB.
Procedure
Step 1 Configure the VLAN that each interface belongs to.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[~HUAWEI] commit
[~SwitchA] vlan batch 10 50
[~SwitchA] interface 10ge 1/0/1
[~SwitchA-10GE1/0/1] port link-type trunk
[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10
[~SwitchA-10GE1/0/1] quit
[~SwitchA] interface 10ge 1/0/2
[~SwitchA-10GE1/0/2] port link-type trunk
[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 50
[~SwitchA-10GE1/0/2] quit
[~SwitchA] commit
The configurations of SwitchB, SwitchC, and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
Step 2 Configure VLANIF interfaces and assign IP addresses to the VLANIF interfaces.
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] ip address 200.1.1.2 24
[~SwitchA-Vlanif10] quit
[~SwitchA] interface vlanif 50
[~SwitchA-Vlanif50] ip address 8.1.1.1 8
[~SwitchA-Vlanif50] quit
[~SwitchA] commit
The configurations of SwitchB, SwitchC, and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
Step 3 Configure IBGP connections.
# Configure SwitchB.
[~SwitchB] bgp 65009
[~SwitchB-bgp] router-id 2.2.2.2
[~SwitchB-bgp] peer 9.1.1.2 as-number 65009
[~SwitchB-bgp] peer 9.1.3.2 as-number 65009
[~SwitchB-bgp] quit
[~SwitchB] commit
# Configure SwitchC.
[~SwitchC] bgp 65009
[~SwitchC-bgp] router-id 3.3.3.3
[~SwitchC-bgp] peer 9.1.3.1 as-number 65009
[~SwitchC-bgp] peer 9.1.2.2 as-number 65009
[~SwitchC-bgp] quit
[~SwitchC] commit
# Configure SwitchD.
[~SwitchD] bgp 65009
[~SwitchD-bgp] router-id 4.4.4.4
[~SwitchD-bgp] peer 9.1.1.1 as-number 65009
[~SwitchD-bgp] peer 9.1.2.1 as-number 65009
[~SwitchD-bgp] quit
[~SwitchD] commit
Step 4 Configure an EBGP connection.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
322
# Configure SwitchA.
[~SwitchA] bgp 65008
[~SwitchA-bgp] router-id 1.1.1.1
[~SwitchA-bgp] peer 200.1.1.1 as-number 65009
[~SwitchA-bgp] quit
[~SwitchA] commit
# Configure SwitchB.
[~SwitchB] bgp 65009
[~SwitchB-bgp] peer 200.1.1.2 as-number 65008
[~SwitchB-bgp] quit
[~SwitchB] commit
# View the status of BGP peers.
[~SwitchB] display bgp peer

BGP local router ID : 2.2.2.2
Local AS number : 65009
Total number of peers : 3 Peers in established state : 3

Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv

9.1.1.2 4 65009 49 62 0 00:44:58 Established 0
9.1.3.2 4 65009 56 56 0 00:40:54 Established 0
200.1.1.2 4 65008 49 65 0 00:44:03 Established 1
The preceding command output shows that BGP connections have been established between
SwitchB and Switches.
Step 5 Configure SwitchA to advertise route 8.0.0.0/8.
# Configure SwitchA to advertise route 8.0.0.0.
[~SwitchA] bgp 65008
[~SwitchA-bgp] ipv4-family unicast
[~SwitchA-bgp-af-ipv4] network 8.0.0.0 255.0.0.0
[~SwitchA-bgp-af-ipv4] quit
[~SwitchA-bgp] quit
[~SwitchA] commit
# View the BGP routing table of SwitchA.
[~SwitchA] display bgp routing-table

BGP Local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn

*> 8.0.0.0 0.0.0.0 0 0 i
# View the BGP routing table of SwitchB.
[~SwitchB] display bgp routing-table

BGP Local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn

*> 8.0.0.0 200.1.1.2 0 0 65008i
# View the BGP routing table of SwitchC.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
323
[~SwitchC] display bgp routing-table

BGP Local router ID is 3.3.3.3
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn

*> 8.0.0.0 200.1.1.2 0 100 0 65008i
The preceding command output shows that SwitchC has learned the route to destination 8.0.0.0
in AS 65008. The route, however, is invalid because the next hop 200.1.1.2 of this route is
unreachable.
Step 6 Configure BGP to import direct routes.
# Configure SwitchB.
[~SwitchB] bgp 65009
[~SwitchB-bgp] ipv4-family unicast
[~SwitchB-bgp-af-ipv4] import-route direct
[~SwitchB-bgp-af-ipv4] quit
[~SwitchB-bgp] quit
[~SwitchB] commit
# View the BGP routing table of SwitchA.
[~SwitchA] display bgp routing-table

BGP Local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn

*> 8.0.0.0 0.0.0.0 0 0 i
*> 9.1.1.0/24 200.1.1.1 0 0 65009?
*> 9.1.3.0/24 200.1.1.1 0 0 65009?
* 200.1.1.0/24 200.1.1.1 0 0 65009?
# View the BGP routing table of SwitchC.
[~SwitchC] display bgp routing-table

BGP Local router ID is 3.3.3.3
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn

* i 8.0.0.0 200.1.1.2 0 100 0 65008i
*>i 9.1.1.0/24 9.1.3.1 0 100 0 ?
i 9.1.3.0/24 9.1.3.1 0 100 0 ?
*>i 200.1.1.0/24 9.1.3.1 0 100 0 ?
The preceding command output shows that the route to destination 8.0.0.0 becomes valid
because the next-hop address of this route is the address of SwitchA.
# Run the ping 8.1.1.1 command on SwitchC.
[~SwitchC] ping 8.1.1.1
PING 8.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 8.1.1.1: bytes=56 Sequence=1 ttl=254 time=31 ms
Reply from 8.1.1.1: bytes=56 Sequence=2 ttl=254 time=47 ms
Reply from 8.1.1.1: bytes=56 Sequence=3 ttl=254 time=31 ms
Reply from 8.1.1.1: bytes=56 Sequence=4 ttl=254 time=16 ms
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
324
Reply from 8.1.1.1: bytes=56 Sequence=5 ttl=254 time=31 ms

--- 8.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 16/31/47 ms
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 50
#
interface Vlanif10
ip address 200.1.1.2 255.255.255.0
#
interface Vlanif50
ip address 8.1.1.1 255.0.0.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 50
#
bgp 65008
router-id 1.1.1.1
peer 200.1.1.1 as-number 65009
#
ipv4-family unicast
undo synchronization
network 8.0.0.0
peer 200.1.1.1 enable
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 10 20 30
#
interface Vlanif10
ip address 200.1.1.1 255.255.255.0
#
interface Vlanif20
ip address 9.1.3.1 255.255.255.0
#
interface Vlanif30
ip address 9.1.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/3
port link-type trunk
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
325
port trunk allow-pass vlan 30
#
bgp 65009
router-id 2.2.2.2
peer 9.1.1.2 as-number 65009
peer 9.1.3.2 as-number 65009
peer 200.1.1.2 as-number 65008
#
ipv4-family unicast
undo synchronization
import-route direct
peer 9.1.1.2 enable
peer 9.1.3.2 enable
peer 200.1.1.2 enable
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 20 40
#
interface Vlanif20
ip address 9.1.3.2 255.255.255.0
#
interface Vlanif40
ip address 9.1.2.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
bgp 65009
router-id 3.3.3.3
peer 9.1.2.2 as-number 65009
peer 9.1.3.1 as-number 65009
#
ipv4-family unicast
undo synchronization
peer 9.1.2.2 enable
peer 9.1.3.1 enable
#
return
l Configuration file of SwitchD
#
sysname SwitchD
#
vlan batch 30 40
#
interface Vlanif30
ip address 9.1.1.2 255.255.255.0
#
interface Vlanif40
ip address 9.1.2.2 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
bgp 65009
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
326
router-id 4.4.4.4
peer 9.1.1.1 as-number 65009
peer 9.1.2.1 as-number 65009
#
ipv4-family unicast
undo synchronization
peer 9.1.1.1 enable
peer 9.1.2.1 enable
#
return
6.16.2 Example for Configuring Basic MBGP Functions
Networking Requirements
As shown in Figure 6-4, the receiver receives VoD information in multicast mode. The receiver
and the source reside in different ASs. Multicast routing information needs to be transmitted
between ASs.
Figure 6-4 Networking diagram of configuring MBGP
MBGP peers
SwitchA
AS100
SwitchB
SwitchD
SwitchC
AS200
Source
Receiver
Loopback0
Loopback0
Loopback0
Loopback0
10GE1/0/1 10GE1/0/1
10GE1/0/1
10GE1/0/1
10GE1/0/2
10GE1/0/2
10GE1/0/2
10GE1/0/3
10GE1/0/2
10GE1/0/3
Switch Interface VLANIF Interface IP Address
SwitchA 10GE1/0/1 VLANIF 100 192.1.1.1/24
10GE1/0/2 VLANIF 101 10.10.10.1/24
Loopback0 1.1.1.1/32
SwitchB 10GE1/0/1 VLANIF 100 192.1.1.2/24
10GE1/0/2 VLANIF 200 194.1.1.2/24
10GE1/0/3 VLANIF 300 193.1.1.2/24
Loopback0 2.2.2.2/32
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
327
SwitchC 10GE1/0/1 VLANIF 400 195.1.1.1/24
10GE1/0/2 VLANIF 102 22.22.22.1/24
10GE1/0/3 VLANIF 300 193.1.1.1/24
Loopback0 3.3.3.3/32
SwitchD 10GE1/0/1 VLANIF 400 195.1.1.2/24
10GE1/0/2 VLANIF 200 194.1.1.1/24
Loopback0 4.4.4.4/32

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure MBGP peers for inter-AS multicast transmission.
2. Configure the routes advertised by MBGP.
3. Enable the multicast function on each Switch .
4. Configure basic PIM-SM functions on each Switch in ASs and enable IGMP on receiver-
side interfaces.
5. Configure a BSR boundary on the interfaces that connect to two ASs.
6. Configure MSDP peers to transmit inter-domain multicast source information.
Procedure
Step 1 Assign IP addresses to the interfaces on each Switch and configure OSPF in ASs.
# Configure IP addresses and masks for the interfaces on each Switch according to Figure
6-4 and configure OSPF on the Switch es in ASs. Ensure that Switch B, Switch C, Switch D can
communicate with the receiver at the network layer, learn routes to the loopback interfaces of
each other, and dynamically update routes using a unicast routing protocol. Configure OSPF
process 1. The configuration procedure is not mentioned here.
Step 2 Configure BGP, enable the MBGP protocol, and configure MBGP peers.
# Configure BGP and the MBGP peer on SwitchA.
[~SwitchA] bgp 100
[~SwitchA-bgp] peer 192.1.1.2 as-number 200
[~SwitchA-bgp] ipv4-family multicast
[~SwitchA-bgp-af-multicast] peer 192.1.1.2 enable
[~SwitchA-bgp-af-multicast] quit
[~SwitchA-bgp] quit
[~SwitchA] commit
# Configure BGP and the MBGP peer on SwitchB.
[~SwitchB] bgp 200
[~SwitchB-bgp] peer 192.1.1.1 as-number 100
[~SwitchB-bgp] peer 193.1.1.1 as-number 200
[~SwitchB-bgp] peer 194.1.1.1 as-number 200
[~SwitchB-bgp] ipv4-family multicast
[~SwitchB-bgp-af-multicast] peer 192.1.1.1 enable
[~SwitchB-bgp-af-multicast] peer 193.1.1.1 enable
[~SwitchB-bgp-af-multicast] peer 194.1.1.1 enable
[~SwitchB-bgp-af-multicast] quit
[~SwitchB-bgp] quit
[~SwitchB] commit
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
328
# Configure BGP and the MBGP peer on SwitchC..
[~SwitchC] bgp 200
[~SwitchC-bgp] peer 193.1.1.2 as-number 200
[~SwitchC-bgp] peer 195.1.1.2 as-number 200
[~SwitchC-bgp] ipv4-family multicast
[~SwitchC-bgp-af-multicast] peer 193.1.1.2 enable
[~SwitchC-bgp-af-multicast] peer 195.1.1.2 enable
[~SwitchC-bgp-af-multicast] quit
[~SwitchC-bgp] quit
[~SwitchC] commit
# Configure BGP and the MBGP peer on SwitchD.
[~SwitchD] bgp 200
[~SwitchD-bgp] peer 194.1.1.2 as-number 200
[~SwitchD-bgp] peer 195.1.1.1 as-number 200
[~SwitchD-bgp] ipv4-family multicast
[~SwitchD-bgp-af-multicast] peer 194.1.1.2 enable
[~SwitchD-bgp-af-multicast] peer 195.1.1.1 enable
[~SwitchD-bgp-af-multicast] quit
[~SwitchD-bgp] quit
[~SwitchD] commit
Step 3 Configure the routes to be advertised.
# Configure the routes to be advertised on SwitchA.
[~SwitchA] bgp 100
[~SwitchA-bgp] import-route direct
[~SwitchA-bgp] ipv4-family multicast
[~SwitchA-bgp-af-multicast] import-route direct
[~SwitchA-bgp-af-multicast] quit
[~SwitchA-bgp] quit
[~SwitchA] commit
# Configure the routes to be advertised on SwitchB.
[~SwitchB] bgp 200
[~SwitchB-bgp] import-route direct
[~SwitchB-bgp] import-route ospf 1
[~SwitchB-bgp] ipv4-family multicast
[~SwitchB-bgp-af-multicast] import-route direct
[~SwitchB-bgp-af-multicast] import-route ospf 1
[~SwitchB-bgp-af-multicast] quit
[~SwitchB-bgp] quit
[~SwitchB] commit
# Configure the routes to be advertised on SwitchC. The configuration of SwitchD is similar to
the configuration of SwitchC, and is not mentioned here.
[~SwitchC] bgp 200
[~SwitchC-bgp] import-route direct
[~SwitchC-bgp] ipv4-family multicast
[~SwitchC-bgp-af-multicast] import-route direct
[~SwitchC-bgp-af-multicast] import-route ospf 1
[~SwitchC-bgp-af-multicast] quit
[~SwitchC-bgp] quit
[~SwitchC] commit
Step 4 Enable the multicast function on each Switch and interfaces on the Switches.
# Configure SwitchA.
[~SwitchA] multicast routing-enable
[~SwitchA] interface vlanif 100
[~SwitchA-Vlanif100] pim sm
[~SwitchA-Vlanif100] quit
[~SwitchA] interface vlanif 101
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
329
[~SwitchA-Vlanif101] pim sm
[~SwitchA-Vlanif101] quit
[~SwitchA] commit
# Configure SwitchB.
[~SwitchB] multicast routing-enable
[~SwitchB] interface vlanif 100
[~SwitchB-Vlanif100] pim sm
[~SwitchB-Vlanif100] quit
[~SwitchB] interface vlanif 200
[~SwitchB-Vlanif200] pim sm
[~SwitchB-Vlanif200] quit
[~SwitchB] interface vlanif 300
[~SwitchB-Vlanif300] pim sm
[~SwitchB-Vlanif300] quit
[~SwitchB] commit
# Configure SwitchC.
[~SwitchC] multicast routing-enable
[~SwitchC] interface vlanif 400
[~SwitchC-Vlanif400] pim sm
[~SwitchC-Vlanif400] quit
[~SwitchC] interface vlanif 102
[~SwitchC-Vlanif102] pim sm
[~SwitchC-Vlanif102] igmp enable
[~SwitchC-Vlanif102] quit
[~SwitchC] interface vlanif 300
[~SwitchC-Vlanif300] pim sm
[~SwitchC-Vlanif300] quit
[~SwitchC] commit
# Configure SwitchD.
[~SwitchD] multicast routing-enable
[~SwitchD] interface vlanif 400
[~SwitchD-Vlanif400] pim sm
[~SwitchD-Vlanif400] quit
[~SwitchD] interface vlanif 200
[~SwitchD-Vlanif200] pim sm
[~SwitchD-Vlanif200] quit
[~SwitchD] commit
Step 5 Configure the BSR and RP within each AS.
# Configure SwitchA.
[~SwitchA] interface loopback 0
[~SwitchA-LoopBack0] ip address 1.1.1.1 255.255.255.255
[~SwitchA-LoopBack0] pim sm
[~SwitchA-LoopBack0] quit
[~SwitchA] pim
[~SwitchA-pim] c-bsr loopback 0
[~SwitchA-pim] c-rp loopback 0
[~SwitchA-pim] quit
[~SwitchA] commit
# Configure SwitchB.
[~SwitchB] interface loopback 0
[~SwitchB-LoopBack0] ip address 2.2.2.2 255.255.255.255
[~SwitchB-LoopBack0] pim sm
[~SwitchB-LoopBack0] quit
[~SwitchB] pim
[~SwitchB-pim] c-bsr loopback 0
[~SwitchB-pim] c-rp loopback 0
[~SwitchB] quit
[~SwitchB] commit
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
330
Step 6 Configure a BSR boundary on the interfaces that connect to two ASs.
# Configure SwitchA.
[~SwitchA] interface vlanif 100
[~SwitchA-Vlanif100] pim bsr-boundary
[~SwitchA-Vlanif100] quit
[~SwitchA] commit
# Configure SwitchB.
[SwitchB] interface vlanif 100
[~SwitchB-Vlanif100] pim bsr-boundary
[~SwitchB-Vlanif100] quit
[~SwitchB] commit
Step 7 Configure MSDP peers.
# Configure SwitchA.
[~SwitchA] msdp
[~SwitchA-msdp] peer 192.1.1.2 connect-interface vlanif100
[~SwitchA-msdp] quit
[~SwitchA] commit
# Configure SwitchB.
[~SwitchB] msdp
[~SwitchB-msdp] peer 192.1.1.1 connect-interface vlanif100
[~SwitchB-msdp] quit
[~SwitchB] commit
Step 8 Verify the configuration.
# Run the display bgp multicast peer command to view the MBGP peer relationship between
Switches. For example, information about the MBGP peer relationship on SwitchA is as follows:
[~SwitchA] display bgp multicast peer
BGP local router ID : 1.1.1.1
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
192.1.1.2 4 200 82 75 0 00:30:29 Established 17
# Run the display msdp brief command to view information about the MSDP peer relationship
between Switches. For example, brief information about the MSDP peer relationship on
SwitchB is as follows:
[~SwitchB] display msdp brief
MSDP Peer Brief Information
Configured Up Listen Connect Shutdown Down
1 1 0 0 0 0

Peer's Address State Up/Down time AS SA Count Reset Count
192.1.1.1 Up 00:07:17 100 1 0
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 100 to 101
#
multicast routing-enable
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
331
#
interface Vlanif100
ip address 192.1.1.1 255.255.255.0
pim bsr-boundary
pim sm
#
interface Vlanif101
ip address 10.10.10.1 255.255.255.0
pim sm
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 100
#
interface 10GE1/0/2
port default vlan 101
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
pim sm
#
pim
c-bsr loopback 0
c-rp loopback 0
#
bgp 100
peer 192.1.1.2 as-number 200
#
ipv4-family unicast
undo synchronization
peer 192.1.1.2 enable
#
ipv4-family multicast
undo synchronization
import-route direct
peer 192.1.1.2 enable
#
msdp
peer 192.1.1.2 connect-interface Vlanif100
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 100 200 300
#
multicast routing-enable
#
interface Vlanif100
ip address 192.1.1.2 255.255.255.0
pim bsr-boundary
pim sm
#
interface Vlanif200
ip address 194.1.1.2 255.255.255.0
pim sm
#
interface Vlanif300
ip address 193.1.1.2 255.255.255.0
pim sm
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 100
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 200
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
332
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 300
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
pim sm
#
ospf 1
area 0.0.0.0
network 193.1.1.0 0.0.0.255
network 194.1.1.0 0.0.0.255
network 2.2.2.2 0.0.0.0
#
bgp 200
peer 192.1.1.1 as-number 100
peer 193.1.1.1 as-number 200
peer 194.1.1.1 as-number 200
#
ipv4-family unicast
undo synchronization
peer 192.1.1.1 enable
peer 193.1.1.1 enable
peer 194.1.1.1 enable
#
ipv4-family multicast
undo synchronization
import-route direct
import-route ospf 1
peer 192.1.1.1 enable
peer 193.1.1.1 enable
peer 194.1.1.1 enable
#
msdp
peer 192.1.1.1 connect-interface Vlanif100
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 102 300 400
#
multicast routing-enable
#
interface Vlanif102
ip address 22.22.22.1 255.255.255.0
pim sm
igmp enable
#
interface Vlanif300
ip address 193.1.1.1 255.255.255.0
pim sm
#
interface Vlanif400
ip address 195.1.1.1 255.255.255.0
pim sm
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 400
#
interface 10GE1/0/2
port default vlan 102
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 300
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
333
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 193.1.1.0 0.0.0.255
network 195.1.1.0 0.0.0.255
network 3.3.3.3 0.0.0.0
#
bgp 200
peer 193.1.1.2 as-number 200
peer 195.1.1.2 as-number 200
#
ipv4-family unicast
undo synchronization
peer 193.1.1.2 enable
peer 195.1.1.2 enable
#
ipv4-family multicast
undo synchronization
import-route direct
import-route ospf 1
peer 193.1.1.2 enable
peer 195.1.1.2 enable
#
return
l Configuration file of SwitchD
#
sysname SwitchD
#
vlan batch 200 400
#
multicast routing-enable
#
interface Vlanif200
ip address 194.1.1.1 255.255.255.0
pim sm
#
interface Vlanif400
ip address 195.1.1.2 255.255.255.0
pim sm
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 400
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 200
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
pim sm
#
ospf 1
area 0.0.0.0
network 194.1.1.0 0.0.0.255
network 195.1.1.0 0.0.0.255
network 4.4.4.4 0.0.0.0
#
bgp 200
peer 194.1.1.2 as-number 200
peer 195.1.1.1 as-number 200
#
ipv4-family unicast
undo synchronization
peer 194.1.1.2 enable
peer 195.1.1.1 enable
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
334
#
ipv4-family multicast
undo synchronization
import-route direct
import-route ospf 1
peer 194.1.1.2 enable
peer 195.1.1.1 enable
#
return
6.16.3 Example for Configuring BGP Load Balancing and the MED
Attribute
Networking Requirements
As shown in Figure 6-5, BGP is configured on all switches; SwitchA resides in AS 65008;
SwitchB and SwitchC reside in AS 65009. EBGP connections are established between
SwitchA and SwitchB, and between SwitchA and SwitchC. An IBGP connection is established
between SwitchB and SwitchC. Load balancing needs to be implemented between AS 65008
and AS 65009. After a period, traffic from AS 65008 to AS 65009 needs to first pass through
SwitchC.
Figure 6-5 Networking diagram of BGP route selection
10GE1/0/1
VLANIF10
200.1.1.2/24
10GE1/0/2
VLANIF20
200.1.2.2/24
10GE1/0/1
VLANIF10
200.1.1.1/24
10GE1/0/2
VLANIF30
9.1.1.1/24
AS 65009
10GE1/0/2
VLANIF30
9.1.1.2/24
10GE1/0/1
VLANIF20
200.1.2.1/24
SwitchA
AS 65008
EBGP
EBGP
IBGP
SwitchC
SwitchB

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure load balancing on SwitchA.
2. Set the MED value on SwitchA to enable traffic from AS 65008 to AS 65009 to first pass
through SwitchC.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
335
Procedure
Step 1 Configure the VLAN that each interface belongs to.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[~HUAWEI] commit
[~SwitchA] vlan batch 10 20
[~SwitchA] interface 10ge 1/0/1
[~SwitchA-10GE1/0/1] port link-type trunk
[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10
[~SwitchA-10GE1/0/1] quit
[~SwitchA] interface 10ge 1/0/2
[~SwitchA-10GE1/0/2] port link-type trunk
[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 20
[~SwitchA-10GE1/0/2] quit
[~SwitchA] commit
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
Step 2 Configure VLANIF interfaces and assign IP addresses to the VLANIF interfaces.
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] ip address 200.1.1.2 24
[~SwitchA-Vlanif10] quit
[~SwitchA] interface vlanif 20
[~SwitchA-Vlanif20] ip address 200.1.2.2 24
[~SwitchA-Vlanif20] quit
[~SwitchA] commit
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
Step 3 Configure BGP connections.
# Configure SwitchA.
[~SwitchA] bgp 65008
[~SwitchA-bgp] router-id 1.1.1.1
[~SwitchA-bgp] peer 200.1.1.1 as-number 65009
[~SwitchA-bgp] peer 200.1.2.1 as-number 65009
[~SwitchA-bgp] quit
[~SwitchA] commit
# Configure SwitchB.
[~SwitchB] bgp 65009
[~SwitchB-bgp] router-id 2.2.2.2
[~SwitchB-bgp] peer 200.1.1.2 as-number 65008
[~SwitchB-bgp] peer 9.1.1.2 as-number 65009
[~SwitchB-bgp] ipv4-family unicast
[~SwitchB-bgp-af-ipv4] network 9.1.1.0 255.255.255.0
[~SwitchB-bgp-af-ipv4] quit
[~SwitchB-bgp] quit
[~SwitchB] commit
# Configure SwitchC.
[~SwitchC] bgp 65009
[~SwitchC-bgp] router-id 3.3.3.3
[~SwitchC-bgp] peer 200.1.2.2 as-number 65008
[~SwitchC-bgp] peer 9.1.1.1 as-number 65009
[~SwitchC-bgp] ipv4-family unicast
[~SwitchC-bgp-af-ipv4] network 9.1.1.0 255.255.255.0
[~SwitchC-bgp-af-ipv4] quit
[~SwitchC-bgp] quit
[~SwitchC] commit
# View the BGP routing table of SwitchA.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
336
[~SwitchA] display bgp routing-table

BGP Local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete

Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn

*> 9.1.1.0/24 200.1.1.1 0 0 65009i
* 200.1.2.1 0 0 65009i
In the BGP routing table, there are two valid routes to destination 9.1.1.0/24. The route with
next-hop address 200.1.1.1 is the optimal route because the router ID of SwitchB is the smallest.
Step 4 Configure load balancing.
# Configure SwitchA.
[~SwitchA] bgp 65008
[~SwitchA-bgp] ipv4-family unicast
[~SwitchA-bgp-af-ipv4] maximum load-balancing 2
[~SwitchA-bgp-af-ipv4] quit
[~SwitchA-bgp] quit
[~SwitchA] commit
# View the BGP routing table of SwitchA.
[~SwitchA] display bgp routing-table

BGP Local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn

*> 9.1.1.0/24 200.1.1.1 0 0 65009i
*> 200.1.2.1 0 0 65009i
In the BGP routing table, BGP route 9.1.1.0/24 has two next hops: 200.1.1.1 and 200.1.2.1. Both
of them are optimal routes.
Step 5 Configure the MED attribute.
# Set the MED value for the route sent from SwitchB to SwitchA using a route-policy.
[~SwitchB] route-policy 10 permit node 10
[~SwitchB-route-policy] apply cost 100
[~SwitchB-route-policy] quit
[~SwitchB] bgp 65009
[~SwitchB-bgp] peer 200.1.1.2 route-policy 10 export
[~SwitchB-bgp] quit
[~SwitchB] commit
# View the BGP routing table of SwitchA.
[~SwitchA] display bgp routing-table

BGP Local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn

CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
337
*> 9.1.1.0/24 200.1.2.1 0 0 65009i
* 200.1.1.1 100 0 65009i
In the BGP routing table, the MED value of the route with next hop 200.1.1.1 (SwitchB) is 100,
and the MED value of the route with next hop 200.1.2.1 is 0. Therefore, the route with the smaller
MED value is preferred.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 20
#
interface Vlanif10
ip address 200.1.1.2 255.255.255.0
#
interface Vlanif20
ip address 200.1.2.2 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
bgp 65008
router-id 1.1.1.1
peer 200.1.1.1 as-number 65009
peer 200.1.2.1 as-number 65009
#
ipv4-famlily unicast
undo synchronization
maximum load-balancing 2
peer 200.1.1.1 enable
peer 200.1.2.1 enable
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 10 30
#
interface Vlanif10
ip address 200.1.1.1 255.255.255.0
#
interface Vlanif30
ip address 9.1.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
pport link-type trunk
port trunk allow-pass vlan 30
#
bgp 65009
router-id 2.2.2.2
peer 9.1.1.2 as-number 65009
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
338
peer 200.1.1.2 as-number 65008
#
ipv4-family unicast
undo synchronization
default med 100
network 9.1.1.0 255.255.255.0
peer 9.1.1.2 enable
peer 200.1.1.2 enable
peer 200.1.1.2 route-policy 10 export
#
route-policy 10 permit node 10
apply cost 100
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 20 30
#
interface Vlanif10
ip address 200.1.2.1 255.255.255.0
#
interface Vlanif30
ip address 9.1.1.2 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
bgp 65009
router-id 3.3.3.3
peer 9.1.1.1 as-number 65009
peer 200.1.2.2 as-number 65008
#
ipv4-family unicast
undo synchronization
network 9.1.1.0 255.255.255.0
peer 9.1.1.1 enable
peer 200.1.2.2 enable
#
return
6.16.4 Example for Configuring a BGP Route Reflector
Networking Requirements
As shown in Figure 6-6, eight Switches need to form an IBGP network. Full-mesh BGP
connections have been established between SwitchB, SwitchD, and SwitchE. Users require that
the IBGP network be formed without interrupting full-mesh BGP connections between
SwitchB, SwitchD, and SwitchE and require simplified device configuration and management.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
339
Figure 6-6 Networking diagram of configuring a BGP route reflector
SwitchA
SwitchB
SwitchD SwitchE SwitchF SwitchG
SwitchH SwitchC
Cluster1
Cluster2
10GE1/0/1
10GE1/0/3
10GE1/0/2
10GE1/0/2
10GE1/0/4
10GE1/0/4
10GE1/0/1
10GE1/0/2
10GE1/0/1
10GE1/0/2
10GE1/0/5
10GE1/0/1 10GE1/0/1
10GE1/0/3
10GE1/0/3
10GE1/0/2 10GE1/0/1
10GE1/0/1
10GE1/0/1
AS 65010
Switch Interface VLANIF Interface IP Address
SwitchA 10GE 1/0/1 VLANIF 10 10.1.1.2/24
SwitchA 10GE 1/0/2 VLANIF 30 10.1.3.2/24
SwitchA 10GE 1/0/3 VLANIF 100 9.1.1.1/24
SwitchB 10GE 1/0/1 VLANIF 10 10.1.1.1/24
SwitchB 10GE 1/0/2 VLANIF 20 10.1.2.1/24
SwitchB 10GE 1/0/3 VLANIF 40 10.1.4.1/24
SwitchB 10GE 1/0/4 VLANIF 50 10.1.5.1/24
SwitchC 10GE 1/0/1 VLANIF 30 10.1.3.1/24
SwitchC 10GE 1/0/2 VLANIF 20 10.1.2.2/24
SwitchC 10GE 1/0/3 VLANIF 70 10.1.7.1/24
SwitchC 10GE 1/0/4 VLANIF 80 10.1.8.1/24
SwitchC 10GE 1/0/5 VLANIF 90 10.1.9.1/24
SwitchD 10GE 1/0/1 VLANIF 40 10.1.4.2/24
SwitchD 10GE 1/0/2 VLANIF 60 10.1.6.1/24
SwitchE 10GE 1/0/1 VLANIF 50 10.1.5.2/24
SwitchE 10GE 1/0/2 VLANIF 60 10.1.6.2/24
SwitchF 10GE 1/0/1 VLANIF 70 10.1.7.2/24
SwitchG 10GE 1/0/1 VLANIF 80 10.1.8.2/24
SwitchH 10GE 1/0/1 VLANIF 90 10.1.9.2/24

CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
340
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure SwitchB as the route reflector of Cluster1 and SwitchD and SwitchE as the clients
of SwitchB. Prohibit communication between the clients to form an IBGP network without
interrupting full-mesh BGP connections between SwitchB, SwitchD, and SwitchE.
2. Configure SwitchC as the route reflector of Cluster2 and SwitchF, SwitchG, and SwitchH
as the clients of SwitchC to simplify device configuration and management.
Procedure
Step 1 Configure the VLAN that each interface belongs to.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[~HUAWEI] commit
[~SwitchA] vlan batch 10 30 100
[~SwitchA] interface 10ge 1/0/1
[~SwitchA-10GE1/0/1] port link-type trunk
[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10
[~SwitchA-10GE1/0/1] quit
[~SwitchA] interface 10ge 1/0/2
[~SwitchA-10GE1/0/2] port link-type trunk
[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 30
[~SwitchA-10GE1/0/2] quit
[~SwitchA] interface 10ge 1/0/3
[~SwitchA-10GE1/0/3] port link-type trunk
[~SwitchA-10GE1/0/3] port trunk allow-pass vlan 100
[~SwitchA-10GE1/0/3] quit
[~SwitchA] commit
The configurations of SwitchB, SwitchC, SwitchD, SwitchE, SwitchF, SwitchG, and SwitchH
are similar to the configuration of SwitchA, and are not mentioned here.
Step 2 Configure VLANIF interfaces and assign IP addresses to the VLANIF interfaces.
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] ip address 10.1.1.2 24
[~SwitchA-Vlanif10] quit
[~SwitchA] interface vlanif 30
[~SwitchA-Vlanif30] ip address 10.1.3.2 24
[~SwitchA-Vlanif30] quit
[~SwitchA] interface vlanif 100
[~SwitchA-Vlanif100] ip address 9.1.1.1 24
[~SwitchA-Vlanif100] quit
[~SwitchA] commit
The configurations of SwitchB, SwitchC, SwitchD, SwitchE, SwitchF, SwitchG, and SwitchH
are similar to the configuration of SwitchA, and are not mentioned here.
Step 3 Configure IBGP connections between clients, non-clients, and route reflectors.
# Configure SwitchF.
[~SwitchF] bgp 65010
[~SwitchF-bgp] router-id 6.6.6.6
[~SwitchF-bgp] peer 10.1.7.1 as-number 65010
[~SwitchF-bgp] quit
[~SwitchF] commit
The configurations of SwitchA, SwitchB, SwitchC, SwitchD, SwitchE, SwitchG, and SwitchH
are similar to the configuration of SwitchF, and are not mentioned here.
Step 4 Configure a route reflector on SwitchB and SwitchC.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
341
# Configure SwitchB.
[~SwitchB] bgp 65010
[~SwitchBbgp] router-id 2.2.2.2
[~SwitchBbgp] group in_rr internal
[~SwitchBbgp] peer 10.1.4.2 group in_rr
[~SwitchBbgp] peer 10.1.5.2 group in_rr
[~SwitchBbgp] ipv4-family unicast
[~SwitchBbgp-af-ipv4] peer in_rr reflect-client
[~SwitchBbgp-af-ipv4] undo reflect between-clients
[~SwitchBbgp-af-ipv4] reflector cluster-id 1
[~SwitchBbgp-af-ipv4] commit
[~SwitchBbgp-af-ipv4] quit
# Configure SwitchC.
[~SwitchC] bgp 65010
[~SwitchC-bgp] router-id 3.3.3.3
[~SwitchC-bgp] group in_rr internal
[~SwitchC-bgp] peer 10.1.7.2 group in_rr
[~SwitchC-bgp] peer 10.1.8.2 group in_rr
[~SwitchC-bgp] peer 10.1.9.2 group in_rr
[~SwitchC-bgp] ipv4-family unicast
[~SwitchC-bgp-af-ipv4] peer in_rr reflect-client
[~SwitchC-bgp-af-ipv4] reflector cluster-id 2
[~SwitchC-bgp-af-ipv4] commit
[~SwitchC-bgp-af-ipv4] quit
# View the BGP routing table of SwitchD.
[~SwitchD] display bgp routing-table 9.1.1.0
BGP local router ID : 4.4.4.4
Local AS number : 65010
Paths: 1 available, 0 best, 0 select
BGP routing table entry information of 9.1.1.0/24:
From: 10.1.4.1 (2.2.2.2)
Route Duration: 00h00m14s
Relay IP Nexthop: 0.0.0.0
Relay IP Out-Interface:
Original nexthop: 10.1.1.2
Qos information : 0x0
AS-path Nil, origin igp, MED 0, localpref 100, pref-val 0, internal, pre 255
Originator: 1.1.1.1
Cluster list: 0.0.0.1
Not advertised to any peer yet
In the BGP routing table, you can see that SwitchD has learned from SwitchB the route advertised
from SwitchA, and see the Originator_ID and Cluster_List attributes of the route.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 30 100
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif30
ip address 10.1.3.2 255.255.255.0
#
interface Vlanif100
ip address 9.1.1.1 255.255.255.0
#
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
342
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 100
#
bgp 65010
router-id 1.1.1.1
peer 10.1.1.1 as-number 65010
peer 10.1.3.1 as-number 65010
#
ipv4-family unicast
undo synchronization
network 9.1.1.0 255.255.255.0
peer 10.1.1.1 enable
peer 10.1.3.1 enable
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 10 20 40 50
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface Vlanif20
ip address 10.1.2.1 255.255.255.0
#
interface Vlanif40
ip address 10.1.4.1 255.255.255.0
#
interface Vlanif50
ip address 10.1.5.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 40
#
interface 10GE1/0/4
port link-type trunk
port trunk allow-pass vlan 50
#
bgp 65010
router-id 2.2.2.2
peer 10.1.1.2 as-number 65010
peer 10.1.2.2 as-number 65010
group in_rr internal
peer 10.1.4.2 as-number 65010
peer 10.1.4.2 group in_rr
peer 10.1.5.2 as-number 65010
peer 10.1.5.2 group in_rr
#
ipv4-family unicast
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
343
undo synchronization
undo reflect between-clients
reflector cluster-id 1
peer 10.1.1.2 enable
peer 10.1.2.2 enable
peer in_rr enable
peer in_rr reflect-client
peer 10.1.4.2 enable
peer 10.1.4.2 group in_rr
peer 10.1.5.2 enable
peer 10.1.5.2 group in_rr
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 20 30 70 80 90
#
interface Vlanif20
ip address 10.1.2.2 255.255.255.0
#
interface Vlanif30
ip address 10.1.3.1 255.255.255.0
#
interface Vlanif70
ip address 10.1.7.1 255.255.255.0
#
interface Vlanif80
ip address 10.1.8.1 255.255.255.0
#
interface Vlanif90
ip address 10.1.9.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 70
#
interface 10GE1/0/4
port link-type trunk
port trunk allow-pass vlan 80
#
interface 10GE1/0/5
port link-type trunk
port trunk allow-pass vlan 90
#
bgp 65010
router-id 3.3.3.3
peer 10.1.2.1 as-number 65010
peer 10.1.3.2 as-number 65010
group in_rr internal
peer 10.1.7.2 as-number 65010
peer 10.1.7.2 group in_rr
peer 10.1.8.2 as-number 65010
peer 10.1.8.2 group in_rr
peer 10.1.9.2 as-number 65010
peer 10.1.9.2 group in_rr
#
ipv4-family unicast
undo synchronization
reflector cluster-id 2
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
344
peer 10.1.2.1 enable
peer 10.1.3.2 enable
peer in_rr enable
peer in_rr reflect-client
peer 10.1.7.2 enable
peer 10.1.7.2 group in_rr
peer 10.1.8.2 enable
peer 10.1.8.2 group in_rr
peer 10.1.9.2 enable
peer 10.1.9.2 group in_rr
#
return
l Configuration file of SwitchD
#
sysname SwitchD
#
vlan batch 40 60
#
interface Vlanif40
ip address 10.1.4.2 255.255.255.0
#
interface Vlanif60
ip address 10.1.6.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 40
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 60
#
bgp 65010
router-id 4.4.4.4
peer 10.1.4.1 as-number 65010
peer 10.1.6.2 as-number 65010
#
ipv4-family unicast
undo synchronization
peer 10.1.4.1 enable
peer 10.1.6.2 enable
#
return
NOTE
The configuration files of the other switches are similar to the configuration file of SwitchD, and are not
mentioned here.
6.16.5 Example for Configuring a BGP Confederation
Networking Requirements
As shown in Figure 6-7, there are multiple BGP switches in AS 200. It is required that the
number of IBGP connections be reduced.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
345
Figure 6-7 Network diagram of configuring a BGP confederation
SwitchA
SwitchB
SwitchD
SwitchE
SwitchF
SwitchC
10GE1/0/2
10GE1/0/4
10GE1/0/1
10GE1/0/2
10GE1/0/1
10GE1/0/5
10GE1/0/1
10GE1/0/3
10GE1/0/1
10GE1/0/1
10GE1/0/1
AS 100
10GE1/0/2
AS 200
AS 65001
AS 65002 AS 65003
10GE1/0/2

Switch Interface VLANIF
Interface
IP Address
SwitchA 10GE 1/0/1 VLANIF 10 10.1.1.1/24
SwitchA 10GE 1/0/2 VLANIF 20 10.1.2.1/24
SwitchA 10GE 1/0/3 VLANIF 30 10.1.3.1/24
SwitchA 10GE 1/0/4 VLANIF 40 10.1.4.1/24
SwitchA 10GE 1/0/5 VLANIF 60 200.1.1.1/24
SwitchB 10GE 1/0/1 VLANIF 10 10.1.1.2/24
SwitchC 10GE 1/0/1 VLANIF 20 10.1.2.2/24
SwitchD 10GE 1/0/1 VLANIF 30 10.1.3.2/24
SwitchD 10GE 1/0/2 VLANIF 50 10.1.5.1/24
SwitchE 10GE 1/0/1 VLANIF 40 10.1.4.2/24
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
346
SwitchE 10GE 1/0/2 VLANIF 50 10.1.5.2/24
SwitchF 10GE 1/0/1 VLANIF 60 200.1.1.2/24
SwitchF 10GE 1/0/2 VLANIF 70 9.1.1.1/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a BGP confederation on each switch in AS 200 to divide AS 200 into three sub-
ASs: AS 65001, AS 65002, and AS 65003. Three switches in AS 65001 establish full-mesh
IBGP connections to reduce the number of IBGP connections.
Procedure
Step 1 Configure the VLAN that each interface belongs to.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[~HUAWEI] commit
[~SwitchA] vlan batch 10 20 30 40 60
[~SwitchA] interface 10ge 1/0/1
[~SwitchA-10GE1/0/1] port link-type trunk
[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10
[~SwitchA-10GE1/0/1] quit
[~SwitchA] interface 10ge 1/0/2
[~SwitchA-10GE1/0/2] port link-type trunk
[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 20
[~SwitchA-10GE1/0/2] quit
[~SwitchA] interface 10ge 1/0/3
[~SwitchA-10GE1/0/3] port link-type trunk
[~SwitchA-10GE1/0/3] port trunk allow-pass vlan 30
[~SwitchA-10GE1/0/3] quit
[~SwitchA] interface 10ge 1/0/4
[~SwitchA-10GE1/0/4] port link-type trunk
[~SwitchA-10GE1/0/4] port trunk allow-pass vlan 40
[~SwitchA-10GE1/0/4] quit
[~SwitchA] interface 10ge 1/0/5
[~SwitchA-10GE1/0/5] port link-type trunk
[~SwitchA-10GE1/0/5] port trunk allow-pass vlan 60
[~SwitchA-10GE1/0/5] quit
[~SwitchA] commit
The configurations of SwitchB, SwitchC, SwitchD, SwitchE, and SwitchF are similar to the
configuration of SwitchA, and are not mentioned here.
Step 2 Configure VLANIF interfaces and assign IP addresses to the VLANIF interfaces.
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] ip address 10.1.1.1 24
[~SwitchA-Vlanif10] quit
[~SwitchA] interface vlanif 20
[~SwitchA-Vlanif20] ip address 10.1.2.1 24
[~SwitchA-Vlanif20] quit
[~SwitchA] interface vlanif 30
[~SwitchA-Vlanif30] ip address 10.1.3.1 24
[~SwitchA-Vlanif30] quit
[~SwitchA] interface vlanif 40
[~SwitchA-Vlanif40] ip address 10.1.4.1 24
[~SwitchA-Vlanif40] quit
[~SwitchA] interface vlanif 60
[~SwitchA-Vlanif60] ip address 200.1.1.1 24
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
347
[~SwitchA-Vlanif60] quit
[~SwitchA] commit
The configurations of SwitchB, SwitchC, SwitchD, SwitchE, and SwitchF are similar to the
configuration of SwitchA, and are not mentioned here.
Step 3 Configure a BGP confederation.
# Configure SwitchA.
[~SwitchA] bgp 65001
[~SwitchA-bgp] router-id 1.1.1.1
[~SwitchA-bgp] confederation id 200
[~SwitchA-bgp] confederation peer-as 65002 65003
[~SwitchA-bgp] peer 10.1.1.2 as-number 65002
[~SwitchA-bgp] peer 10.1.2.2 as-number 65003
[~SwitchA-bgp] ipv4-family unicast
[~SwitchA-bgp-af-ipv4] peer 10.1.1.2 next-hop-local
[~SwitchA-bgp-af-ipv4] peer 10.1.2.2 next-hop-local
[~SwitchA-bgp-af-ipv4] commit
[~SwitchA-bgp-af-ipv4] quit
[~SwitchA-bgp] quit
# Configure SwitchB.
[~SwitchB] bgp 65002
[~SwitchB-bgp] router-id 2.2.2.2
[~SwitchB-bgp] confederation id 200
[~SwitchB-bgp] confederation peer-as 65001
[~SwitchB-bgp] peer 10.1.1.1 as-number 65001
[~SwitchB-bgp] commit
[~SwitchB-bgp] quit
# Configure SwitchC.
[~SwitchC] bgp 65003
[~SwitchC-bgp] router-id 3.3.3.3
[~SwitchC-bgp] confederation id 200
[~SwitchC-bgp] confederation peer-as 65001
[~SwitchC-bgp] peer 10.1.2.1 as-number 65001
[~SwitchC-bgp] commit
[~SwitchC-bgp] quit
Step 4 Configure IBGP connections within AS 65001.
# Configure SwitchA.
[~SwitchA] bgp 65001
[~SwitchA-bgp] peer 10.1.3.2 as-number 65001
[~SwitchA-bgp] peer 10.1.4.2 as-number 65001
[~SwitchA-bgp] ipv4-family unicast
[~SwitchA-bgp-af-ipv4] peer 10.1.3.2 next-hop-local
[~SwitchA-bgp-af-ipv4] peer 10.1.4.2 next-hop-local
[~SwitchA-bgp-af-ipv4] commit
[~SwitchA-bgp-af-ipv4] quit
[~SwitchA-bgp] quit
# Configure SwitchD.
[~SwitchD] bgp 65001
[~SwitchD-bgp] router-id 4.4.4.4
[~SwitchD-bgp] confederation id 200
[~SwitchD-bgp] peer 10.1.3.1 as-number 65001
[~SwitchD-bgp] peer 10.1.5.2 as-number 65001
[~SwitchD-bgp] commit
[~SwitchD-bgp] quit
# Configure SwitchE.
[~SwitchE] bgp 65001
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
348
[~SwitchE-bgp] router-id 5.5.5.5
[~SwitchE-bgp] confederation id 200
[~SwitchE-bgp] peer 10.1.4.1 as-number 65001
[~SwitchE-bgp] peer 10.1.5.1 as-number 65001
[~SwitchE-bgp] commit
[~SwitchE-bgp] quit
Step 5 Configure EBGP connections between AS 100 and AS200.
# Configure SwitchA.
[~SwitchA] bgp 65001
[~SwitchA-bgp] peer 200.1.1.2 as-number 100
[~SwitchA-bgp] commit
[~SwitchA-bgp] quit
# Configure SwitchF.
[~SwitchF] bgp 100
[~SwitchF-bgp] router-id 6.6.6.6
[~SwitchF-bgp] peer 200.1.1.1 as-number 200
[~SwitchF-bgp] ipv4-family unicast
[~SwitchF-bgp-af-ipv4] network 9.1.1.0 255.255.255.0
[~SwitchF-bgp-af-ipv4] commit
[~SwitchF-bgp-af-ipv4] quit
[~SwitchF-bgp] quit
Step 6 Verify the configuration.
# View the BGP routing table of SwitchB.
[~SwitchB] display bgp routing-table
BGP Local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 9.1.1.0/24 10.1.1.1 0 100 0 (65001) 100i
[~SwitchB] display bgp routing-table 9.1.1.0
BGP local router ID : 2.2.2.2
Local AS number : 65002
Paths: 1 available, 1 best, 1 select
BGP routing table entry information of 9.1.1.0/24:
From: 10.1.1.1 (1.1.1.1)
Route Duration: 00h12m29s
Relay IP Nexthop: 0.0.0.0
Relay IP Out-Interface: Pos1/0/1
Original nexthop: 10.1.1.1
Qos information : 0x0
AS-path (65001) 100, origin igp, MED 0, localpref 100, pref-val 0, valid, external-
confed, best, select, active, pre 255
Not advertised to any peer yet
# View the BGP routing table of SwitchD.
[~SwitchD] display bgp routing-table
BGP Local router ID is 4.4.4.4
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 9.1.1.0/24 10.1.3.1 0 100 0 100i
[~SwitchD] display bgp routing-table 9.1.1.0
BGP local router ID : 4.4.4.4
Local AS number : 65001
Paths: 1 available, 1 best, 1 select
BGP routing table entry information of 9.1.1.0/24:
From: 10.1.3.1 (1.1.1.1)
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
349
Route Duration: 00h23m57s
Relay IP Nexthop: 0.0.0.0
Relay IP Out-Interface: Pos1/0/1
Original nexthop: 10.1.3.1
Qos information : 0x0
AS-path 100, origin igp, MED 0, localpref 100, pref-val 0, valid, internal-
confed, best, select, active, pre 255
Not advertised to any peer yet
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 20 30 40 60
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface Vlanif20
ip address 10.1.2.1 255.255.255.0
#
interface Vlanif30
ip address 10.1.3.1 255.255.255.0
#
interface Vlanif40
ip address 10.1.4.1 255.255.255.0
#
interface Vlanif60
ip address 200.1.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 30
#
interface 10GE1/0/4
port link-type trunk
port trunk allow-pass vlan 40
#
interface 10GE1/0/5
port link-type trunk
port trunk allow-pass vlan 60
#
bgp 65001
router-id 1.1.1.1
confederation id 200
confederation peer-as 65002 65003
peer 10.1.1.2 as-number 65002
peer 10.1.2.2 as-number 65003
peer 10.1.3.2 as-number 65001
peer 10.1.4.2 as-number 65001
peer 200.1.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
peer 10.1.1.2 enable
peer 10.1.1.2 next-hop-local
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
350
peer 10.1.2.2 enable
peer 10.1.2.2 next-hop-local
peer 10.1.3.2 enable
peer 10.1.3.2 next-hop-local
peer 10.1.4.2 enable
peer 10.1.4.2 next-hop-local
peer 200.1.1.2 enable
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
bgp 65002
router-id 2.2.2.2
confederation id 200
confederation peer-as 65001 65003
peer 10.1.1.1 as-number 65001
#
ipv4-family unicast
undo synchronization
peer 10.1.1.1 enable
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 20
#
interface Vlanif20
ip address 10.1.2.2 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
bgp 65003
router-id 3.3.3.3
confederation id 200
confederation peer-as 65001 65002
peer 10.1.2.1 as-number 65001
#
ipv4-family unicast
undo synchronization
peer 10.1.2.1 enable
#
return
l Configuration file of SwitchD
#
sysname SwitchD
#
vlan batch 30 50
#
interface Vlanif30
ip address 10.1.3.2 255.255.255.0
#
interface Vlanif50
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
351
ip address 10.1.5.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 50
#
bgp 65001
router-id 4.4.4.4
peer 10.1.3.1 as-number 65001
peer 10.1.5.2 as-number 65001
#
ipv4-family unicast
undo synchronization
peer 10.1.3.1 enable
peer 10.1.5.2 enable
#
return
l Configuration file of SwitchE
#
sysname SwitchE
#
vlan batch 40 50
#
interface Vlanif40
ip address 10.1.4.2 255.255.255.0
#
interface Vlanif50
ip address 10.1.5.2 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 40
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 50
#
bgp 65001
router-id 5.5.5.5
peer 10.1.4.1 as-number 65001
peer 10.1.5.1 as-number 65001
#
ipv4-family unicast
undo synchronization
peer 10.1.4.1 enable
peer 10.1.5.1 enable
#
return
l Configuration file of SwitchF
#
sysname SwitchF
#
vlan batch 60 70
#
interface Vlanif60
ip address 200.1.1.2 255.255.255.0
#
interface Vlanif70
ip address 9.1.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 60
#
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
352
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 70
#
bgp 100
router-id 6.6.6.6
peer 200.1.1.1 as-number 200
#
ipv4-family unicast
undo synchronization
network 9.1.1.0 255.255.255.0
peer 200.1.1.1 enable
#
return
6.16.6 Example for Configuring the BGP Community Attribute
Networking Requirements
As shown in Figure 6-8, EBGP connections are established between SwitchB and SwitchA, and
between SwitchB and SwitchC. It is required that AS 20 not advertise the routes advertised by
AS 10 to AS 30.
Figure 6-8 Networking diagram of configuring the BGP Community attribute
SwitchA
AS 10
10GE1/0/3
VLANIF30
200.1.3.2/24
SwitchC
AS 20
SwitchB
AS 30
10GE1/0/2
VLANIF20
200.1.2.2/24
10GE1/0/2
VLANIF20
200.1.2.1/24
10GE1/0/3
VLANIF30
200.1.3.1/24
10GE1/0/1
VLANIF10
9.1.1.1/24

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a route-policy on SwitchA to advertise the No_Export attribute so that AS 20
does not advertise the routes advertised by AS 10 to AS 30.
Procedure
Step 1 Configure the VLANs to which interfaces belong and assign IP addresses to VLANIF interfaces.
# Configure SwitchC.
<HUAWEI> system-view
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
353
[~HUAWEI] sysname SwitchC
[~HUAWEI] commit
[~SwitchC] vlan 30
[~SwitchC-vlan30] quit
[~SwitchC] interface 10ge 1/0/3
[~SwitchC-10GE1/0/3] port link-type trunk
[~SwitchC-10GE1/0/3] port trunk allow-pass vlan 30
[~SwitchC-10GE1/0/3] quit
[~SwitchC] interface vlanif 30
[~SwitchC-Vlanif30] ip address 200.1.3.2 255.255.255.0
[~SwitchC-Vlanif30] quit
[~SwitchC] commit
The configurations of SwitchA and SwitchB are similar to the configuration of SwitchC, and
are not mentioned here.
Step 2 Configure EBGP connections.
# Configure SwitchA.
[~SwitchA] bgp 10
[~SwitchA-bgp] router-id 1.1.1.1
[~SwitchA-bgp] peer 200.1.2.2 as-number 20
[~SwitchA-bgp] ipv4-family unicast
[~SwitchA-bgp-af-ipv4] network 9.1.1.0 255.255.255.0
[~SwitchA-bgp-af-ipv4] commit
[~SwitchA-bgp-af-ipv4] quit
# Configure SwitchB.
[~SwitchB] bgp 20
[~SwitchB-bgp] router-id 2.2.2.2
[~SwitchB-bgp] peer 200.1.2.1 as-number 10
[~SwitchB-bgp] peer 200.1.3.2 as-number 30
[~SwitchB-bgp] commit
[~SwitchB-bgp] quit
# Configure SwitchC.
[~SwitchC] bgp 30
[~SwitchC-bgp] router-id 3.3.3.3
[~SwitchC-bgp] peer 200.1.3.1 as-number 20
[~SwitchC-bgp] commit
[~SwitchC-bgp] quit
# View the BGP routing table of SwitchB.
[~SwitchB] display bgp routing-table 9.1.1.0
BGP local router ID : 2.2.2.2
Local AS number : 20
Paths: 1 available, 1 best, 1 select
BGP routing table entry information of 9.1.1.0/24:
From: 200.1.2.1 (1.1.1.1)
Route Duration: 0d00h00m37s
Direct Out-interface: Vlanif20
Original nexthop: 200.1.2.1
Qos information : 0x0
AS-path 10, origin igp, MED 0, pref-val 0, valid, external, best, select, pre 255
Advertised to such 2 peers:
200.1.2.1
200.1.3.2
The preceding command output shows that SwitchB has advertised received route to SwitchC
in AS 30.
# View the BGP routing table of SwitchC.
[~SwitchC] display bgp routing-table
BGP Local router ID is 3.3.3.3
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
354
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 9.1.1.0/24 200.1.3.1 0 20 10i
The preceding command output shows that SwitchC has learned route to 9.1.1.0/24 from
SwitchB.
Step 3 Configure the BGP Community attribute.
# Configure a route-policy on SwitchA to prevent SwitchB from advertising the routes advertised
by SwitchA to AS 30.
[~SwitchA] route-policy comm_policy permit node 10
[~SwitchA-route-policy] apply community no-export
[~SwitchA-route-policy] commit
[~SwitchA-route-policy] quit
# Apply the route-policy.
[~SwitchA] bgp 10
[~SwitchA-bgp] ipv4-family unicast
[~SwitchA-bgp-af-ipv4] peer 200.1.2.2 route-policy comm_policy export
[~SwitchA-bgp-af-ipv4] peer 200.1.2.2 advertise-community
[~SwitchA-bgp-af-ipv4] commit
# View the BGP routing table of SwitchB.
[~SwitchB] display bgp routing-table 9.1.1.0
BGP local router ID : 2.2.2.2
Local AS number : 20
Paths: 1 available, 1 best, 1 select
BGP routing table entry information of 9.1.1.0/24:
From: 200.1.2.1 (1.1.1.1)
Route Duration: 0d00h00m12s
Direct Out-interface: Vlanif20
Original nexthop: 200.1.2.1
Qos information : 0x0
Community:no-export
AS-path 10, origin igp, MED 0, pref-val 0, valid, external, best, select, pre 255
Not advertised to any peers yet
In the BGP routing table of SwitchB, you can view the configured Community attribute. There
is no route to 9.1.1.0/24 in the BGP routing table of SwitchC.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
interface Vlanif10
ip address 9.1.1.1 255.255.255.0
#
interface Vlanif20
ip address 200.1.2.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
355
#
bgp 10
router-id 1.1.1.1
peer 200.1.2.2 as-number 20
#
ipv4-family unicast
undo synchronization
network 9.1.1.0 255.255.255.0
peer 200.1.2.2 enable
peer 200.1.2.2 route-policy comm_policy export
peer 200.1.2.2 advertise-community
#
route-policy comm_policy permit node 10
apply community no-export
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
interface Vlanif20
ip address 200.1.2.2 255.255.255.0
#
interface Vlanif30
ip address 200.1.3.1 255.255.255.0
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 30
#
bgp 20
router-id 2.2.2.2
peer 200.1.2.1 as-number 10
peer 200.1.3.2 as-number 30
#
ipv4-family unicast
undo synchronization
peer 200.1.2.1 enable
peer 200.1.3.2 enable
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
interface Vlanif30
ip address 200.1.3.2 255.255.255.0
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 30
#
bgp 30
router-id 3.3.3.3
peer 200.1.3.1 as-number 20
#
ipv4-family unicast
undo synchronization
peer 200.1.3.1 enable
#
return
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
356
6.16.7 Example for Configuring Prefix-based BGP ORF
Networking Requirements
As shown in Figure 6-9, PE1 and PE2 belong to AS 100. PE2 needs to advertise only the routes
that match the import policy of PE1 without having to maintain export policies.
Figure 6-9 Networking diagram of configuring prefix-based BGP ORF
AS 100
10GE1/0/1
VLANIF10
111.1.1.1/24
SwitchA SwitchB
10GE1/0/1
VLANIF10
111.1.1.2/24

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure prefix-based BGP ORF so that PE2 can advertise only the routes that match the
import policy of PE1 without having to maintain export policies.
Procedure
Step 1 Configure the VLANs to which interfaces belong and assign IP addresses to VLANIF interfaces.
# Configure PE1.
<HUAWEI> system-view
[~HUAWEI] sysname PE1
[~HUAWEI] commit
[~PE1] vlan 10
[~PE1-vlan10] quit
[~PE1] interface 10ge 1/0/1
[~PE1-10GE1/0/1] port link-type trunk
[~PE1-10GE1/0/1] port trunk allow-pass vlan 10
[~PE1-10GE1/0/1] quit
[~PE1] interface vlanif 10
[~PE1-Vlanif10] ip address 111.1.1.1 255.255.255.0
[~PE1-Vlanif10] quit
[~PE1] commit
The configuration of PE2 is similar to that of PE1 and is not mentioned here.
Step 2 Configure IPv4 unicast neighbors.
# Configure PE1.
[~PE1] bgp 100
[~PE1-bgp] peer 111.1.1.2 as-number 100
[~PE1-bgp] commit
[~PE1-bgp] quit
The configuration of PE2 is similar to that of PE1 and is not mentioned here.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
357
Step 3 Apply the prefix-based import policy on PE1.
# Configure PE1.
[~PE1] ip ip-prefix 1 permit 4.4.4.0 24 greater-equal 32
[~PE1] bgp 100
[~PE1-bgp] peer 111.1.1.2 ip-prefix 1 import
[~PE1-bgp] commit
[~PE1-bgp] quit
# Configure PE2.
[~PE2] ip route-static 3.3.3.3 255.255.255.255 NULL0
[~PE2] ip route-static 4.4.4.4 255.255.255.255 NULL0
[~PE2] ip route-static 5.5.5.5 255.255.255.255 NULL0
[~PE2] bgp 100
[~PE2-bgp] import-route static
[~PE2-bgp] commit
[~PE2-bgp] quit
# View the routes sent by PE2.
[~PE2] display bgp routing-table peer 111.1.1.1 advertised-routes
BGP Local router ID is 111.1.1.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 3
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 3.3.3.3/32 0.0.0.0 0 0 ?
*> 4.4.4.4/32 0.0.0.0 0 0 ?
*> 5.5.5.5/32 0.0.0.0 0 0 ?
# View the routes received on PE1.
[~PE1] display bgp routing-table peer 111.1.1.2 received-routes
BGP Local router ID is 111.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 4.4.4.4/32 111.1.1.2 0 100 0 ?
When prefix-based BGP ORF is not enabled, PE2 sends three routes 3.3.3.3, 4.4.4.4, and 5.5.5.5,
but PE1 accepts only one route 4.4.4.4 because PE1 applies the prefix-based import policy to
the three routes.
Step 4 Enable prefix-based BGP ORF.
# Configure PE1.
[~PE1] bgp 100
[~PE1-bgp] peer 111.1.1.2 capability-advertise orf ip-prefix both
[~PE1-bgp] commit
[~PE1-bgp] quit
# Configure PE2.
[~PE2] bgp 100
[~PE2-bgp] peer 111.1.1.1 capability-advertise orf ip-prefix both
[~PE2-bgp] commit
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
358
[~PE2-bgp] quit
Step 5 Verify the configuration.
# View prefix-based BGP ORF negotiation information.
<PE1> display bgp peer 111.1.1.2 verbose
BGP Peer is 111.1.1.2, remote AS 100
Type: IBGP link
BGP version 4, Remote router ID 111.1.1.2
Update-group ID: 2
BGP current state: Established, Up for 00h01m22s
BGP current event: KATimerExpired
BGP last state: OpenConfirm
BGP Peer Up count: 8
Received total routes: 1
Received active routes total: 1
Advertised total routes: 0
Port: Local - 54845 Remote - 179
Configured: Active Hold Time: 180 sec Keepalive Time:60 sec
Received : Active Hold Time: 180 sec
Negotiated: Active Hold Time: 180 sec Keepalive Time:60 sec
Peer optional capabilities:
Peer supports bgp multi-protocol extension
Peer supports bgp route refresh capability
Peer supports bgp outbound route filter capability
Support Address-Prefix: IPv4-UNC address-family, rfc-compatible, both
Peer supports bgp 4-byte-as capability
Address family IPv4 Unicast: advertised and received
Received: Total 5 messages
Update messages 1
Open messages 1
KeepAlive messages 2
Notification messages 0
Refresh messages 1
Sent: Total 4 messages
Update messages 0
Open messages 1
KeepAlive messages 2
Notification messages 0
Refresh messages 1
Authentication type configured: None
Last keepalive received: 2010/03/30 13:37:25 UTC-08:00
Minimum route advertisement interval is 15 seconds
Optional capabilities:
Route refresh capability has been enabled
Outbound route filter capability has been enabled
Enable Address-Prefix: IPv4-UNC address-family, rfc-compatible, both
4-byte-as capability has been enabled
Peer Preferred Value: 0
Routing policy configured:
No import update filter list
No export update filter list
Import prefix list is: 1
No export prefix list
No import route policy
No export route policy
No import distribute policy
No export distribute policy
# View the routes sent by PE2.
<PE2> display bgp routing-table peer 111.1.1.1 advertised-routes
BGP Local router ID is 111.1.1.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
359
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 4.4.4.4/32 0.0.0.0 0 0 ?
# # View the routes accepted by PE1.
<PE1> display bgp routing-table peer 111.1.1.2 received-routes
BGP Local router ID is 111.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 4.4.4.4/32 111.1.1.2 0 100 0 ?
After prefix-based BGP ORF is enabled, PE2 sends only one route 4.4.4.4 based on the prefix-
based import policy provided by PE1.
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
interface Vlanif10
ip address 111.1.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
bgp 100
peer 111.1.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
peer 111.1.1.2 enable
peer 111.1.1.2 ip-prefix 1 import
peer 111.1.1.2 capability-advertise orf ip-prefix both
#
ip ip-prefix 1 index 10 permit 4.4.4.0 24 greater-equal 32 less-equal 32
#
return
l Configuration file of PE2
#
sysname PE2
#
interface Vlanif10
ip address 111.1.1.2 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
bgp 100
peer 111.1.1.1 as-number 100
#
ipv4-family unicast
undo synchronization
import-route static
peer 111.1.1.1 enable
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
360
peer 111.1.1.1 capability-advertise orf ip-prefix both
#
ip route-static 3.3.3.3 255.255.255.255 NULL0
ip route-static 4.4.4.4 255.255.255.255 NULL0
ip route-static 5.5.5.5 255.255.255.255 NULL0
#
return
6.16.8 Example for Configuring BGP Route Dampening
Networking Requirements
As shown in Figure 6-10, BGP is configured on all Switches. SwitchA resides in AS 100,
SwitchB resides in AS 200. SwitchC resides in AS 300, and SwitchD resides in AS 400. EBGP
runs between SwitchC and SwitchA, between SwitchC and SwitchB, and between SwitchC and
SwitchD. SwitchC must apply different route dampening policies to routes of different EBGP
peers to suppress unstable routes and improve network stability.
Figure 6-10 Networking diagram of configuring BGP route dampening
SwitchB
AS 200
10GE1/0/1
VLANIF10
200.1.1.1/24
SwitchA
AS 300
SwitchC
AS 100
10GE1/0/2
VLANIF20
200.1.2.2/24
10GE1/0/2
VLANIF20
200.1.2.1/24
10GE1/0/1
VLANIF10
200.1.1.2/24
10GE1/0/1
VLANIF40
9.1.1.1/24
10GE1/0/2
VLANIF30
8.1.1.1/8

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a route dampening policy on SwitchC.
2. Apply the route dampening policy to flapping routes on SwitchC to suppress unstable routes
and improve network stability.
Procedure
Step 1 Configure the VLAN that each interface belongs to.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[~HUAWEI] commit
[~SwitchA] vlan batch 10 30
[~SwitchA] interface 10ge 1/0/1
[~SwitchA-10GE1/0/1] port link-type trunk
[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
361
[~SwitchA-10GE1/0/1] quit
[~SwitchA] interface 10ge 1/0/2
[~SwitchA-10GE1/0/2] port link-type trunk
[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 30
[~SwitchA-10GE1/0/2] quit
[~SwitchA] commit
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
Step 2 Configure VLANIF interfaces and assign IP addresses to the VLANIF interfaces.
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] ip address 200.1.1.1 24
[~SwitchA-Vlanif10] quit
[~SwitchA] interface vlanif 30
[~SwitchA-Vlanif30] ip address 8.1.1.1 8
[~SwitchA-Vlanif30] quit
[~SwitchA] commit
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
Step 3 Configure BGP connections.
# Configure SwitchA.
[~SwitchA] bgp 100
[~SwitchA-bgp] router-id 1.1.1.1
[~SwitchA-bgp] peer 200.1.1.2 as-number 300
[~SwitchA-bgp] ipv4-family unicast
[~SwitchA-bgp-af-ipv4] network 8.0.0.0 255.0.0.0
[~SwitchA-bgp-af-ipv4] commit
[~SwitchA-bgp-af-ipv4] quit
[~SwitchA-bgp] quit
# Configure SwitchB.
[~SwitchB] bgp 200
[~SwitchB-bgp] router-id 2.2.2.2
[~SwitchB-bgp] peer 200.1.2.2 as-number 300
[~SwitchB-bgp] ipv4-family unicast
[~SwitchB-bgp-af-ipv4] network 9.1.1.0 255.255.255.0
[~SwitchB-bgp-af-ipv4] commit
[~SwitchB-bgp-af-ipv4] quit
[~SwitchB-bgp] quit
# Configure SwitchC.
[~SwitchC] bgp 300
[~SwitchC-bgp] router-id 3.3.3.3
[~SwitchC-bgp] peer 200.1.1.1 as-number 100
[~SwitchC-bgp] peer 200.1.2.1 as-number 200
[~SwitchC-bgp] commit
[~SwitchC-bgp] quit
# View the BGP peers of SwitchC.
The preceding command output shows that the status of BGP connections of SwitchC is
Established.
Step 4 Configure a BGP route dampening policy.
# Configure an IP prefix list prefix-a on SwitchC to allow routes with prefix 8.0.0.0/8 to pass
through.
[~SwitchC] ip ip-prefix prefix-a index 10 permit 8.0.0.0 8
[~SwitchC] commit
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
362
# Configure an IP prefix list prefix-b on SwitchC to allow routes with prefix 9.1.1.0/24 to pass
through.
[~SwitchC] ip ip-prefix prefix-b index 20 permit 9.1.1.0 24
[~SwitchC] commit
# Configure a route-policy dampen-policy on SwitchC to apply different route dampening
policies to routes with different prefixes.
[~SwitchC] route-policy dampen-policy permit node 10
[~SwitchC-route-policy] if-match ip-prefix prefix-a
[~SwitchC-route-policy] apply dampening 10 1000 2000 5000
[~SwitchC-route-policy] commit
[~SwitchC-route-policy] quit
[~SwitchC] route-policy dampen-policy permit node 20
[~SwitchC-route-policy] if-match ip-prefix prefix-b
[~SwitchC-route-policy] apply dampening 10 800 3000 10000
[~SwitchC-route-policy] commit
[~SwitchC-route-policy] quit
# Apply the route dampening policy to flapping routes.
[~SwitchC] bgp 300
[~SwitchC-bgp] ipv4-family unicast
[~SwitchC-bgp-af-ipv4] dampening route-policy dampen-policy
[~SwitchC-bgp-af-ipv4] commit
[~SwitchC-bgp] quit
# View the configured BGP route dampening parameters on SwitchC.
[~SwitchC] display bgp routing-table dampening parameter
Maximum Suppress Time(in second) : 3973
Ceiling Value : 16000
Reuse Value : 750
HalfLife Time(in second) : 900
Suppress-Limit : 2000
Route-policy : dampen-policy
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 30
#
interface Vlanif10
ip address 200.1.1.1 255.255.255.0
#
interface Vlanif30
ip address 8.1.1.1 255.0.0.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
bgp 100
router-id 1.1.1.1
peer 200.1.1.2 as-number 300
#
ipv4-family unicast
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
363
undo synchronization
network 8.0.0.0 255.0.0.0
peer 200.1.1.2 enable
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 20 40
#
interface Vlanif20
ip address 200.1.2.1 255.255.255.0
#
interface Vlanif40
ip address 9.1.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
bgp 200
router-id 2.2.2.2
peer 200.1.2.2 as-number 300
#
ipv4-family unicast
undo synchronization
network 9.1.1.0 255.255.255.0
peer 200.1.2.2 enable
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 10 20
#
interface Vlanif10
ip address 200.1.1.2 255.255.255.0
#
interface Vlanif20
ip address 200.1.2.2 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
bgp 300
router-id 3.3.3.3
peer 200.1.1.1 as-number 100
peer 200.1.2.1 as-number 200
#
ipv4-family unicast
undo synchronization
dampening route-policy dampen-policy
peer 200.1.1.1 enable
peer 200.1.2.1 enable
#
route-policy dampen-policy permit node 10
if-match ip-prefix prefix-a
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
364
apply dampening 10 1000 2000 5000
#
route-policy dampen-policy permit node 20
if-match ip-prefix prefix-b
apply dampening 10 800 3000 10000
#
ip ip-prefix prefix-a index 10 permit 8.0.0.0 8
#
ip ip-prefix prefix-b index 20 permit 9.1.1.0 24
#
return
6.16.9 Example for Associating BGP with BFD
Networking Requirements
As shown in Figure 6-11, SwitchA belongs to AS 100, SwitchB and SwitchC belong to AS 200.
EBGP connections are established between SwitchA and SwitchB, and between SwitchA and
SwitchC.
Service traffic is transmitted along the primary link SwitchASwitchB. The link SwitchA
SwitchCSwitchB functions as the backup link.
Use BFD to monitor the BGP peer relationship between SwitchA and SwitchB. When a fault
occurs on the link between SwitchA and SwitchB, BFD can rapidly detect the fault and notify
BGP. Then traffic is transmitted on the standby link.
Figure 6-11 Networking diagram of associating BGP with BFD
10GE1/0/1
VLANIF10
200.1.2.1/24
10GE1/0/2
VLANIF20
200.1.1.1/24
10GE1/0/1
VLANIF10
200.1.2.2/24
10GE1/0/1
VLANIF30
9.1.1.1/24
AS 200
10GE1/0/2
VLANIF30
9.1.1.2/24
10GE1/0/2
VLANIF20
200.1.1.2/24
SwitchA
AS 100
EBGP
EBGP
IBGP
SwitchC
SwitchB
10GE1/0/3
VLANIF40
172.16.1.1/24

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic BGP functions on each switch.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
365
2. Configure the MED attribute to control route selection.
3. Enable BFD on SwitchA and Switch.
Procedure
Step 1 Configure the VLAN to which each interface belongs.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[~HUAWEI] commit
[~SwitchA] vlan batch 10 20
[~SwitchA] interface 10ge 1/0/1
[~SwitchA-10GE1/0/1] port link-type trunk
[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10
[~SwitchA-10GE1/0/1] quit
[~SwitchA] interface 10ge 1/0/2
[~SwitchA-10GE1/0/2] port link-type trunk
[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 20
[~SwitchA-10GE1/0/2] quit
[~SwitchA] commit
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
Step 2 Configure VLANIF interfaces and assign IP addresses to the VLANIF interfaces.
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] ip address 200.1.2.1 24
[~SwitchA-Vlanif10] quit
[~SwitchA] interface vlanif 20
[~SwitchA-Vlanif20] ip address 200.1.1.1 24
[~SwitchA-Vlanif20] quit
[~SwitchA] commit
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
Step 3 Configure basic BGP functions, establish EBGP connections between SwitchA and SwitchB,
and between SwitchA and SwitchC, and establish an IBGP connection between SwitchB and
SwitchC.
# Configure SwitchA.
[~SwitchA] bgp 100
[~SwitchA-bgp] router-id 1.1.1.1
[~SwitchA-bgp] peer 200.1.1.2 as-number 200
[~SwitchA-bgp] peer 200.1.2.2 as-number 200
[~SwitchA-bgp] commit
[~SwitchA-bgp] quit
# Configure SwitchB.
[~SwitchB] bgp 200
[~SwitchB-bgp] router-id 2.2.2.2
[~SwitchB-bgp] peer 200.1.1.1 as-number 100
[~SwitchB-bgp] peer 9.1.1.2 as-number 200
[~SwitchB-bgp] network 172.16.1.0 255.255.255.0
[~SwitchB-bgp] commit
[~SwitchB-bgp] quit
# Configure SwitchC.
[~Switchc] bgp 200
[~Switchc-bgp] router-id 3.3.3.3
[~Switchc-bgp] peer 200.1.2.1 as-number 100
[~Switchc-bgp] peer 9.1.1.1 as-number 200
[~Switchc-bgp] commit
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
366
[~Switchc-bgp] quit
# View the BGP peer status on SwitchA, finding that BGP peers have been established.
<SwitchA> display bgp peer
BGP local router ID : 1.1.1.1
Local AS number : 100
Total number of peers : 2 Peers in established state : 2
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
200.1.1.2 4 200 2 5 0 00:01:25 Established 0
200.1.2.2 4 200 2 4 0 00:00:55 Established 0
Step 4 Configure the MED attribute.
# Set the MED values for the routes sent from SwitchB and SwitchC to SwitchA using a route-
policy.
# Configure SwitchB.
[~SwitchB] route-policy 10 permit node 10
[~SwitchB-route-policy] apply cost 100
[~SwitchB-route-policy] commit
[~SwitchB-route-policy] quit
[~SwitchB] bgp 200
[~SwitchB-bgp] peer 200.1.1.1 route-policy 10 export
[~SwitchB-bgp] commit
# Configure SwitchC.
[~SwitchC] route-policy 10 permit node 10
[~SwitchC-route-policy] apply cost 150
[~SwitchC-route-policy] commit
[~SwitchC-route-policy] quit
[~SwitchC] bgp 200
[~SwitchC-bgp] peer 200.1.2.1 route-policy 10 export
[~SwitchC-bgp] commit
# View all BGP routing information on SwitchA.
<SwitchA> display bgp routing-table
BGP Local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 172.16.1.0/24 200.1.1.2 100 0 200i
* 200.1.2.2 150 0 200i
In the BGP routing table, you can view that the next-hop address of the route to 172.16.1.0/24
is 200.1.1.2, and traffic is transmitted on the primary link SwitchASwitchB.
Step 5 Configure BFD, and set the interval for sending BFD packets, the interval for receiving BFD
packets, and the local detection multiplier.
# Enable BFD on SwitchA, and set the minimum intervals for sending and receiving BFD packets
to 100 ms and the local detection multiplier to 4.
[~SwitchA] bfd
[~SwitchA-bfd] quit
[~SwitchA] bgp 100
[~SwitchA-bgp] peer 200.1.1.2 bfd enable
[~SwitchA-bgp] peer 200.1.1.2 bfd min-tx-interval 100 min-rx-interval 100 detect-
multiplier 4
[~SwitchA-bgp] commit
# Enable BFD on SwitchB, and set the minimum intervals for sending and receiving BFD packets
to 100 ms and the local detection multiplier to 4.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
367
[~SwitchB] bfd
[~SwitchB-bfd] quit
[~SwitchB] bgp 200
[~SwitchB-bgp] peer 200.1.1.1 bfd enable
[~SwitchB-bgp] peer 200.1.1.1 bfd min-tx-interval 100 min-rx-interval 100 detect-
multiplier 4
[~SwitchB-bgp] commit
# View all the BFD sessions set up by BGP on SwitchA.
<SwitchA> display bgp bfd session all
--------------------------------------------------------------------------------
Local_Address Peer_Address Interface
200.1.1.1 200.1.1.2 Vlanif20
Tx-interval(ms) Rx-interval(ms) Multiplier Session-State
100 100 4 Up
--------------------------------------------------------------------------------
Step 6 Verify the configuration.
# Run the shutdown command on GE1/0/2 of SwitchB to simulate a primary link fault.
[~SwitchB] interface 10ge 1/0/2
[~SwitchB-10GE1/0/2] shutdown
[~SwitchB-10GE1/0/2] commit
# View the BGP routing table of SwitchA.
<SwitchA> display bgp routing-table
BGP Local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 172.16.1.0/24 200.1.2.2 150 0 200i
In the BGP routing table, you can view that the backup link SwitchASwitchCSwitchB takes
effect after the primary link fails, and the next-hop address of the route to 172.16.1.0/24 becomes
200.1.2.2.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
router id 1.1.1.1
#
vlan batch 10 20
#
bfd
#
interface Vlanif10
ip address 200.1.2.1 255.255.255.0
#
interface Vlanif20
ip address 200.1.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
368
#
bgp 100
router-id 1.1.1.1
peer 200.1.1.2 as-number 200
peer 200.1.1.2 bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier
4
peer 200.1.1.2 bfd enable
peer 200.1.2.2 as-number 200
#
ipv4-family unicast
undo synchronization
peer 200.1.1.2 enable
peer 200.1.2.2 enable
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
router id 2.2.2.2
#
vlan batch 20 30 40
#
bfd
#
interface Vlanif30
ip address 9.1.1.1 255.255.255.0
#
interface Vlanif20
ip address 200.1.1.2 255.255.255.0
#
interface Vlanif40
ip address 172.16.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/3
port hybrid pvid vlan 40
port trunk allow-pass vlan 40
#
bgp 200
router-id 2.2.2.2
peer 9.1.1.2 as-number 200
peer 200.1.1.1 as-number 100
peer 200.1.1.1 bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier
4
peer 200.1.1.1 bfd enable
#
ipv4-family unicast
undo synchronization
network 172.16.1.0 255.255.255.0
peer 9.1.1.2 enable
peer 200.1.1.1 enable
peer 200.1.1.1 route-policy 10 export
#
route-policy 10 permit node 10
apply cost 100
#
return
l Configuration file of SwitchC
#
sysname SwitchC
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
369
#
router id 3.3.3.3
#
vlan batch 10 30
#
bfd
#
interface Vlanif10
ip address 200.1.2.2 255.255.255.0
#
interface Vlanif30
ip address 9.1.1.2 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
bgp 200
router-id 3.3.3.3
peer 9.1.1.1 as-number 200
peer 200.1.2.1 as-number 100
#
ipv4-family unicast
undo synchronization
network 9.1.1.0 255.255.255.0
peer 9.1.1.1 enable
peer 200.1.2.1 enable
peer 200.1.2.1 route-policy 10 export
#
route-policy 10 permit node 10
apply cost 150
#
return
6.16.10 Example for Configuring BGP Auto FRR
Networking Requirements
As shown in Figure 6-12, SwitchA belongs to AS 100, SwitchB, SwitchC, and SwitchD belong
to AS 200 and establish IBGP connections. Routes from SwitchA to SwitchD must have backup
forwarding information so that traffic can be fast switched to the backup link after a fault is
detected. This improves network reliability.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
370
Figure 6-12 Networking diagram of configuring BGP Auto FRR
10GE1/0/1
VLANIF10
10.1.1.1/24
10GE1/0/2
VLANIF20
10.2.1.1/24
10GE1/0/1
VLANIF10
10.1.1.2/24
10GE1/0/2
VLANIF40
10.4.1.2/24
AS 200
10GE1/0/2
VLANIF40
10.4.1.1/24
10GE1/0/1
VLANIF20
10.2.1.2/24
SwitchA
AS 100
SwitchC
SwitchB
SwitchD
10GE1/0/2
VLANIF30
10.3.1.1/24
10GE1/0/1
VLANIF30
10.3.1.2/24

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a route-policy on SwitchB and SwitchC to change the MED values of routes to
SwitchD to facilitate route selection.
2. Configure BGP Auto FRR on SwitchA so that traffic can be fast switched to the backup
link when a fault is detected.
Procedure
Step 1 Configure the VLAN to which each interface belongs.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[~HUAWEI] commit
[SwitchA] vlan batch 10 20
[~SwitchA] interface 10ge 1/0/1
[~SwitchA-10GE1/0/1] port link-type trunk
[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10
[~SwitchA-10GE1/0/1] quit
[~SwitchA] interface 10ge 1/0/2
[~SwitchA-10GE1/0/2] port link-type trunk
[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 20
[~SwitchA-10GE1/0/2] quit
[~SwitchA] commit
The configurations of SwitchB, SwitchC, and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
Step 2 Configure VLANIF interfaces and assign IP addresses to the VLANIF interfaces.
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] ip address 10.1.1.1 24
[~SwitchA-Vlanif10] quit
[~SwitchA] interface vlanif 20
[~SwitchA-Vlanif20] ip address 10.2.1.1 24
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
371
[~SwitchA-Vlanif20] quit
[~SwitchA] commit
The configurations of SwitchB, SwitchC, and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
Step 3 Establish EBGP connections between SwitchA and SwitchB, and between SwitchA and
SwitchC, and establish IBGP connections between SwitchD and SwitchB, and between
SwitchD and SwitchC.
# Configure SwitchA.
<SwitchA> system-view
[~SwitchA] bgp 100
[~SwitchA-bgp] router-id 1.1.1.1
[~SwitchA-bgp] peer 10.1.1.2 as-number 200
[~SwitchA-bgp] peer 10.2.1.2 as-number 200
[~SwitchA-bgp] commit
NOTE
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and are not
mentioned here.
# Configure SwitchD.
<SwitchD> system-view
[~SwitchD] bgp 200
[~SwitchD-bgp] router-id 4.4.4.4
[~SwitchD-bgp] peer 10.3.1.1 as-number 200
[~SwitchD-bgp] peer 10.4.1.1 as-number 200
[~SwitchD-bgp] commit
NOTE
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchD, and are not
mentioned here.
Step 4 Configure a route-policy on SwitchB and SwitchC so that routes to SwitchD have different MED
values.
# Configure a route-policy on SwitchB.
<SwitchB> system-view
[~SwitchB] route-policy rtb permit node 10
[~SwitchB-route-policy] apply cost 80
[~SwitchB-route-policy] quit
[~SwitchB] bgp 200
[~SwitchB-bgp] ipv4-family unicast
[~SwitchB-bgp-af-ipv4] peer 10.1.1.1 route-policy rtb export
[~SwitchB-bgp-af-ipv4] commit
[~SwitchB-bgp-af-ipv4] quit
# Configure a route-policy on SwitchC.
<SwitchC> system-view
[~SwitchC] route-policy rtc permit node 10
[~SwitchC-route-policy] apply cost 120
[~SwitchC-route-policy] quit
[~SwitchC] bgp 200
[~SwitchC-bgp] ipv4-family unicast
[~SwitchC-bgp-af-ipv4] peer 10.2.1.1 route-policy rtc export
[~SwitchC-bgp-af-ipv4] commit
[~SwitchC-bgp-af-ipv4] quit
# Advertise a route to 4.4.4.4/32 on SwitchD.
[~SwitchD] bgp 200
[~SwitchD-bgp] ipv4-family unicast
[~SwitchD-bgp] network 4.4.4.4 32
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
372
[~SwitchD-bgp] commit
# Run the display ip routing-table verbose command on SwitchA to check detailed information
about the route to 4.4.4.4/32.
<SwitchA> display ip routing-table 4.4.4.4 32 verbose
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : _public_
Summary Count : 1
Destination: 4.4.4.4/32
Protocol: BGP Process ID: 0
Preference: 255 Cost: 80
NextHop: 10.1.1.2 Neighbour: 10.1.1.2
State: Active Adv Age: 00h00m12s
Tag: 0 Priority: low
Label: NULL QoSInfo: 0x0
IndirectID: 0x4
RelayNextHop: 0.0.0.0 Interface: Vlanif10
TunnelID: 0x0 Flags: D
The MED value of the route learned from SwitchB is smaller. Therefore, SwitchA selects the
path SwitchASwitchBSwitchD as the route to 4.4.4.4/32. Because FRR is not configured,
no backup forwarding information is available.
Step 5 Enable BGP Auto FRR on SwitchA, and check the routing information.
# Enable BGP Auto FRR on SwitchA.
<SwitchA> system-view
[~SwitchA] bgp 100
[~SwitchA-bgp] ipv4-family unicast
[~SwitchA-bgp-af-ipv4] auto-frr
[~SwitchA-bgp-af-ipv4] commit
[~SwitchA-bgp-af-ipv4] quit
# After the configuration, run the display ip routing-table verbose command on SwitchA to
check the routing information.
<SwitchA> display ip routing-table 4.4.4.4 32 verbose
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : _public_
Summary Count : 1
Destination: 4.4.4.4/32
Protocol: BGP Process ID: 0
Preference: 255 Cost: 80
NextHop: 10.1.1.2 Neighbour: 10.1.1.2
State: Active Adv Age: 00h52m45s
Tag: 0 Priority: low
Label: NULL QoSInfo: 0x0
IndirectID: 0x4
RelayNextHop: 0.0.0.0 Interface: Vlanif10
TunnelID: 0x0 Flags: D
BkNextHop: 10.2.1.2 BkInterface: Vlanif20
BkLabel: NULL SecTunnelID: 0x0
BkPETunnelID: 0x0 BkPESecTunnelID: 0x0
BkIndirectID: 0x2
The preceding command output shows that SwitchA has a backup next hop and a backup
outbound interface for the route to 4.4.4.4/32.
----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
373
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface Vlanif20
ip address 10.2.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
bgp 100
router-id 1.1.1.1
peer 10.1.1.2 as-number 200
peer 10.2.1.2 as-number 200
#
ipv4-family unicast
peer 10.1.1.2 enable
peer 10.2.1.2 enable
auto-frr
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif40
ip address 10.3.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
bgp 200
router-id 2.2.2.2
peer 10.1.1.1 as-number 100
peer 10.3.1.2 as-number 200
#
ipv4-family unicast
peer 10.1.1.1 enable
peer 10.3.1.2 enable
peer 10.1.1.1 route-policy rtb export
#
route-policy rtb permit node 10
apply cost 80
#
return
l Configuration file of SwitchC
#
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
374
sysname SwitchC
#
interface Vlanif20
ip address 10.2.1.2 255.255.255.0
#
interface Vlanif30
ip address 10.4.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
bgp 200
router-id 3.3.3.3
peer 10.2.1.1 as-number 100
peer 10.4.1.2 as-number 200
#
ipv4-family unicast
peer 10.2.1.1 enable
peer 10.4.1.2 enable
peer 10.2.1.1 route-policy rtc export
#
route-policy rtc permit node 10
apply cost 120
#
return
l Configuration file of SwitchD
#
sysname SwitchD
#
interface Vlanif40
ip address 10.3.1.2 255.255.255.0
#
interface Vlanif30
ip address 10.4.1.2 255.255.255.0
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 40
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
bgp 200
router-id 4.4.4.4
peer 10.3.1.1 as-number 200
peer 10.4.1.1 as-number 200
#
ipv4-family unicast
peer 10.3.1.1 enable
peer 10.4.1.1 enable
network 4.4.4.4 255.255.255.255
#
return
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 6 BGP Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
375
7 Routing Policy Configuration
About This Chapter
Routing policies are applied to routing information to change the path through which network
traffic passes.
7.1 Routing Policy Overview
Routing tables are sharply increased with the expansion of the network scale, which brings a
heavy burden and security issues to the network. To solve this problem, configure a routing
policy to filter routes and change attributes of routes when routing protocols advertise, receive,
and import routes.
7.2 Routing Policy Features Supported by the Device
Routing policy configuration includes the configurations of filters and policies.
7.3 Filter Configuration
Filters in a routing policy include ACL, IP prefix list, AS_Path filter, community filter, extended
community filter, and RD filter. This section describes the configuration of IP prefix list,
AS_Path filter, community filter, extended community filter, and RD filter. For details about
ACL configuration, see "ACL Configuration" in the CloudEngine 6800&5800 Seriesswitch-
Configuration Guide - Security.
7.4 Configuring a Routing Policy
Each node of a routing policy can comprise a set of if-match and apply clauses.
7.5 Maintaining the Routing Policy
Maintaining routing policies involves clearing the statistics of the IP prefix list.
7.6 Configuration Examples
The configuration examples in this section explain the networking requirements, networking
diagram, configuration notes, configuration roadmap, and configuration procedure for different
types of routing policies.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 7 Routing Policy Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
376
7.1 Routing Policy Overview
Routing tables are sharply increased with the expansion of the network scale, which brings a
heavy burden and security issues to the network. To solve this problem, configure a routing
policy to filter routes and change attributes of routes when routing protocols advertise, receive,
and import routes.
Differences Between the Routing Policy and PBR
Different from the routing based on the destination addresses of IP packets, policy-based routing
(PBR) is a routing mechanism based on the traffic policy and user-defined policies to select
routes. PBR provides various functions such as ensuring security and implementing load
balancing.
Routing policies and PBR are different mechanisms. Table 7-1 shows the differences between
the two mechanisms.
Table 7-1 Differences between the routing policy and PBR
Routing Policy Policy-based Routing
Applies to routing information. Applies to data flows.
Forwards packets based on the routing
table.
Forwards packets based on the policy. If packets
fail to be forwarded based on the policy, the device
begins to search the routing table for packet
forwarding.
Is based on the control plane and serves
routing protocols and routing tables.
Is based on the forwarding plane and serves
forwarding policies.
Combines with routing protocols to
form policies.
Needs to be manually configured hop by hop to
ensure that packets are forwarded according to the
policies.

7.2 Routing Policy Features Supported by the Device
Routing policy configuration includes the configurations of filters and policies.
After configuring routing policies, apply them to route advertisement, route acceptance, and
route importing so that they can filter routes and set route attributes. For the applications of
routing policies in routing protocols, refer to the corresponding routing protocol configurations.
Filter
Filters in a routing policy include ACL, IP prefix list, AS_Path filter, community filter, extended
community filter, and RD filter. The filters are used in if-match clauses and can be used
independently in some special scenarios. Table 7-2 describes the application of filters.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 7 Routing Policy Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
377
Table 7-2 Application of filters
Filter Application
ACL l Used independently when dynamic
routing protocols advertise and receive
routes.
l Applies to if-match clauses in a routing
policy.
IP prefix list l Used independently when dynamic
routing protocols advertise and receive
routes.
l Applies to if-match clauses in a routing
policy.
AS_Path Filter l Used independently when BGP advertises
and receives routes.
l Applies to if-match clauses in a routing
policy when IGP and BGP interact with
each other.
Community filter l Used independently when BGP advertises
and receives routes.
l Applies to if-match clauses in a routing
policy when IGP and BGP interact with
each other.
Extended community filter Applies to the if-match clause in a routing
policy when the RT attribute is used to filter
routes in a VPN.
RD filter Applies to the if-match clause in a routing
policy when the RD attribute is used to filter
routes in a VPN.

Routing Policy
To reduce network burden and ensure network security, apply a routing policy with if-match
clauses specified in the following situations:
l Importing routes
l Advertising and receiving routes
l Route filtering using the RT and RD attributes in a VPN
7.3 Filter Configuration
Filters in a routing policy include ACL, IP prefix list, AS_Path filter, community filter, extended
community filter, and RD filter. This section describes the configuration of IP prefix list,
AS_Path filter, community filter, extended community filter, and RD filter. For details about
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 7 Routing Policy Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
378
ACL configuration, see "ACL Configuration" in the CloudEngine 6800&5800 Seriesswitch-
Configuration Guide - Security.
Pre-configuration Tasks
Before configuring filters, complete the following task:
l Configuring routing protocols
Configuration Process
Configure the filters in any sequence based on the network requirements.
7.3.1 Configuring an IP Prefix List
Context
To control the advertising and receiving of routes based on the destination address, configure
an IP prefix list.
CAUTION
If an IP prefix list is not used together with the if-match clauses in a routing policy, you must
set at least one node to the permit mode in the IP prefix list. If no node is set to the permit
mode, all routes are filtered out.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ip ip-prefix ip-prefix-name [ index index-number ] { permit | deny } ip-address
mask-length [ greater-equal greater-equal-value ] [ less-equal less-equal-value ]
An IPv4 prefix list is configured.
Step 3 Run:
commit
The configuration is committed.
----End
Checking the Configuration
l Run the display ip ip-prefix [ ip-prefix-name ] command to check information about the
IPv4 prefix list.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 7 Routing Policy Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
379
7.3.2 Configuring an AS_Path Filter
Context
An AS_Path filter is used to filter routes based on the AS_Path attributes of BGP routes. If you
do not want to receive routes of a specified AS number, configure an AS_Path filter based on
the AS number. On a complex network, multiple ACLs or IP prefix lists must be configured to
filter BGP routes, which is complicated. Configuring an AS_Path filter simplifies the
configuration.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ip as-path-filter { as-path-filter-number | as-path-filter-name } [ index index-
number ] { permit | deny } regular-expression
An AS_Path filter is configured.
In the preceding command, regular-expression the regular expression that the AS_Path filter
uses to define a matching rule. For details about a regular expression, see "CLI Overview" in
the CloudEngine 6800&5800 Seriesswitch - Configuration Guide - Basic Configuration.
Step 3 Run:
commit
The configuration is committed.
----End
Checking the Configuration
l Run the display ip as-path-filter [ as-path-filter-number | as-path-filter-name ] command
to check information about a configured AS_Path filter.
7.3.3 Configuring a Community Filter
Context
The community attribute identifies routes with the same characteristics without considering a
few IP prefixes and numerous AS numbers. Configuring community filters and community
attributes simplifies route management when it is inconvenient to use IP prefix list or AS_Path
filter. For example, a company branch needs to receive only routes from its headquarters and
branches in adjacent countries. In this case, you can configure different community attributes
for the branches. Routes in this branch can then be managed based on community attributes,
without considering a few IP prefixes and numerous AS numbers of routes in different countries.
Community filters are classified into basic and advanced community filters. Compared with a
basic community filter, an advanced community filter supports regular expressions and is more
flexible.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 7 Routing Policy Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
380
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ip community-filter
A community filter is configured.
l To configure a basic community filter, run the ip community-filter { basic comm-filter-
name | basic-comm-filter-num } [ index index-number ] { permit | deny } [ community-
number | aa:nn | internet | no-export-subconfed | no-advertise | no-export ] &<1-20>
command.
l To configure an advanced community filter, run the ip community-filter { advanced comm-
filter-name | adv-comm-filter-num } [ index index-number ] { permit | deny } regular-
expression command.
In the preceding command, regular-expression indicates that the AS_Path filter uses a regular
expression to define matching rules. For details about a regular expression, see "CLI Overview"
in the CloudEngine 6800&5800 Seriesswitch - Configuration Guide - Basic Configuration.
Step 3 Run:
commit
The configuration is committed.
----End
Checking the Configuration
l Run the display ip community-filter [ basic-comm-filter-num | adv-comm-filter-num |
comm-filter-name ] command to check information about a configured community filter.
7.3.4 Configuring an Extended Community Filter
Context
You can use an extended community filter when using the route target (RT) attribute to filter
routes in a VPN scenario.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ip extcommunity-filter extcomm-filter-number [ index index-number ] { deny |
permit } { rt { as-number:nn | ipv4-addressnn } } &<1-16>
An extended community filter is configured.
Step 3 Run:
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 7 Routing Policy Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
381
commit
The configuration is committed.
----End
Checking the Configuration
l Run the display ip extcommunity-filter [ extcomm-filter-number ] command to check
information about a configured extended community filter.
7.3.5 Configuring an RD Filter
Context
You can use an RD filter when using the RD attribute to filter routes in a VPN.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ip rd-filter rd-filter-number { deny | permit } route-distinguisher &<1-10>
An RD filter is configured.
Step 3 Run:
commit
The configuration is committed.
----End
Checking the Configuration
l Run the display ip rd-filter [ rd-filter-number ] command to check information about a
configured RD filter.
7.4 Configuring a Routing Policy
Each node of a routing policy can comprise a set of if-match and apply clauses.
Pre-configuration Tasks
Before configuring a routing policy, complete the following task:
l Configuring routing protocols
Configuration Process
Before configuring the if-match and apply clauses, you must configure a routing policy. You
can configure the if-match and apply clauses in any sequence based on the network requirements.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 7 Routing Policy Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
382
7.4.1 Creating a Routing Policy
Context
A routing policy can consist of multiple matching rules and actions.
CAUTION
You must set at least one node to the permit mode in a routing policy; otherwise, all routes are
filtered out.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
route-policy route-policy-name { permit | deny } node node
A routing policy is created, and the routing policy view is displayed.
A routing policy starts route selection from the lowest node ID. If a route matches a node in the
routing policy, the system does not match it with other nodes. If a route fails to match all the
nodes in the routing policy, the route is filtered out.
Step 3 (Optional) Run:
description text
The description of the routing policy is configured.
Step 4 Run:
commit
The configuration is submitted.
----End
7.4.2 (Optional) Configuring an if-match Clause
Context
An if-match clause defines matching rules related to route filters and attributes in a routing
policy.
If no if-match clause is configured for a node in a routing policy, all routes match in this node.
If one or more if-match clauses are configured in a node, the relationship between the clauses
is "AND". This means that routes match this node only when they match all the if-match clauses
in this node. When multiple if-match as-path-filter, if-match community-filter, if-match
extcommunity-filter, if-match interface, or if-match route-type clauses are configured, the
relationship between the clauses is "OR". The relationship of the five clauses is "AND", and the
relationship between the five clauses and other clauses is also "AND". If multiple if-match as-
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 7 Routing Policy Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
383
path-filter clauses are configured in a node, the relationship of these clauses is "OR", and the
relationship between these clauses and other if-match clauses is "AND".
NOTE
If an if-match clause defines a filter that is not configured, all routes match this if-match clause by default.
The if-match acl and if-match ip-prefix commands cannot be used together in the same node. When both
the commands are used in a node, the later configured one overrides the previous one.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
route-policy route-policy-name { permit | deny } node node
The routing policy view is displayed.
Step 3 Configure if-match clauses in any sequence for a routing policy based on the network
requirements.
l Run:
if-match acl { acl-number | acl-name }
An if-match clause is configured to match the basic ACL.
l Run:
if-match as-path-filter as-path-filter-number &<1-16>
An if-match clause is configured to match AS_Path filters.
l Run either of the following commands as required to configure an if-match clause based on
community filters:
if-match community-filter { basic-comm-filter-num [ whole-match ] | adv-comm-filter-
num } &<1-16>
if-match community-filter comm-filter-name [ whole-match ]
l Run:
if-match extcommunity-filter extcomm-filter-number &<1-16>
An if-match clause is configured to match extended community filters.
l Run:
if-match cost cost
An if-match clause is configured to match the route cost of routes.
l Run:
if-match interface { interface-type interface-number } &<1-16>
An if-match clause is configured to match the outbound interface of routes.
l Run:
if-match ip { next-hop | route-source } { acl { acl-number | acl-name } | ip-
prefix ip-prefix-name }
An if-match clause is configured to match the next hop or source address of IPv4 routes.
l Run:
if-match ip-prefix ip-prefix-name
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 7 Routing Policy Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
384
An if-match clause is configured to match the IP prefix list.
l Run:
if-match rd-filter rd-filter-number
An if-match clause is configured to match the RD filter.
l Run any of the following command as required to match the type of route:
Run:
if-match route-type { external-type1 | external-type1or2 | external-type2 |
internal | nssa-external-type1 | nssa-external-type1or2 | nssa-external-
type2 }
An if-match clause is configured to match a specified type of OSPF routes.
Run:
if-match route-type { is-is-level-1 | is-is-level-2 }
An if-match clause is configured to match a specified type of IS-IS routes.
l Run:
if-match tag tag
An if-match clause is configured to match the tag of routes.
Step 4 Run:
commit
The configuration is submitted.
----End
7.4.3 (Optional) Configuring an apply Clause
Context
An apply clause specifies the action of setting attributes for routes matching a routing policy
node. If a node is not configured with an apply clause, the node only filters routs. If one or more
apply clauses are configured in a node, all the apply clauses are applied to routes that match
the node.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
route-policy route-policy-name { permit | deny } node node
The route-policy view is displayed.
Step 3 Run any of the following commands as required to configure apply clauses, the commands are
not listed in sequence. A node can have multiple or no apply clauses.
l Run:
apply as-path { { as-number | 4as-number } &<1-10> { additive | overwrite } |
none overwrite }
An apply clause is configured to change the AS_Path attribute of BGP routes.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 7 Routing Policy Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
385
l Run:
apply comm-filter { basic-comm-filter-number | adv-comm-filter-number | comm-
filter-name } delete
An apply clause is configured to delete the specified community attribute of BGP routes.
TIP
To delete the community attributes, you can run the ip community-filter command several times to
configure community attributes one by one, and apply the routing policy containing the apply comm-
filter delete command to delete these community attributes. If multiple community attributes are
specified in one community filter, none of them can be deleted.
l Run:
apply community none
An apply clause is configured to delete all community attributes of BGP routes.
l Run:
apply community { community-number | aa:nn | internet | no-advertise | no-
export | no-export-subconfed } &<1-32> [ additive ]
An apply clause is configured to set the community attributes of BGP routes.
l Run:
apply cost { [ + | - ] cost | inherit }
The route cost is set.
l Run the following command as required to set the cost type of a route:
Run:
apply cost-type { external | internal }
The IS-IS cost type is set.
Run:
apply cost-type { type-1 | type-2 }
The OSPF cost type is set.
l Run:
apply dampening half-life-reach reuse suppress ceiling
The dampening parameters of EBGP routes are set.
l Run:
apply extcommunity { rt { as-number:nn | ipv4-address:nn } } &<1-16>
[ additive ]
An extended community attribute (route-target) of BGP is set.
l Run:
apply ip-address next-hop { ipv4-address | peer-address }
The next-hop address of the IPv4 route is set.
l Run:
apply isis { level-1 | level-1-2 | level-2 }
The level of the IS-IS route is set.
l Run:
apply local-preference preference
The local preference for BGP routes is set.
l Run:
apply origin { egp as-number | igp | incomplete }
The Origin attribute of BGP routes is set.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 7 Routing Policy Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
386
l Run:
apply ospf { backbone | stub-area }
An OSPF area into which routes are imported is set.
l Run:
apply preference preference
The preference of the routing protocol is set.
l Run:
apply preferred-value preferred-value
A preferred value is set for BGP routes.
l Run:
apply tag tag
The route tag is set.
Step 4 Run:
commit
The configuration is submitted.
----End
7.4.4 Checking the Configuration
Procedure
l Run the display route-policy [ route-policy-name ] command to check information about
the Route-Policy.
----End
7.5 Maintaining the Routing Policy
Maintaining routing policies involves clearing the statistics of the IP prefix list.
Context
CAUTION
The statistics of IP prefix lists cannot be restored after being cleared. Exercise caution when
running this command.
Procedure
l Run reset ip ip-prefix [ ip-prefix-name ] command in the user view to clear the IPv4 prefix
list statistics.
----End
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 7 Routing Policy Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
387
7.6 Configuration Examples
The configuration examples in this section explain the networking requirements, networking
diagram, configuration notes, configuration roadmap, and configuration procedure for different
types of routing policies.
7.6.1 Example for Filtering the Routes to Be Received or Advertised
Networking Requirements
As shown in Figure 7-1, on the network where OSPF runs, SwitchA receives routes from the
Internet, and provides these routes for the OSPF network. Users want devices on the OSPF
network to access only the network segments 172.1.17.0/24, 172.1.18.0/24, and 172.1.19.0/24,
and SwitchC to access only the network segment 172.1.18.0/24.
Figure 7-1 Networking diagram for filtering the received and advertised routes
10GE1/0/1
VLANIF10
192.168.1.1/24
10GE1/0/3
VLANIF30
192.168.3.1/24
10GE1/0/2
VLANIF20
192.168.2.1/24
10GE1/0/1
VLANIF20
192.168.2.2/24
10GE1/0/1
VLANIF30
192.168.3.2/24
SwitchC
SwitchD
SwitchB
SwitchA
OSPF
172.1.16.0/24
172.1.17.0/24
172.1.18.0/24
172.1.19.0/24
172.1.20.0/24
10GE1/0/1
VLANIF10
192.168.1.2/24

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a routing policy on SwitchA and apply the routing policy during route
advertisement. When routes are advertised, the routing policy allows SwitchA to provide
routes from network segments 172.1.17.0/24, 172.1.18.0/24, and 172.1.19.0/24 for
SwitchB, and allows devices on the OSPF network to access these three network segments.
2. Configure a routing policy on SwitchC and apply the routing policy during route importing.
When routes are imported, the routing policy allows SwitchC to receive only the routes
from the network segment 172.1.18.0/24 and access this network segment.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 7 Routing Policy Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
388
Procedure
Step 1 Add interfaces to the VLANs.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[~HUAWEI] commit
[~SwitchA] vlan 10
[~SwitchA-vlan10] quit
[~SwitchA] interface 10ge 1/0/1
[~SwitchA-10GE1/0/1] port link-type trunk
[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10
[~SwitchA-10GE1/0/1] quit
[~SwitchA] commit
The configurations of SwitchB, SwitchC, and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
Step 2 Assign IP addresses to the VLANIF interfaces.
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] ip address 192.168.1.1 24
[~SwitchA-Vlanif10] quit
[~SwitchA] commit
The configurations of SwitchB, SwitchC, and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
Step 3 Configure the basic OSPF functions.
# Configure SwitchA.
[~SwitchA] ospf
[~SwitchA-ospf-1] area 0
[~SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[~SwitchA-ospf-1-area-0.0.0.0] quit
[~SwitchA-ospf-1] quit
[~SwitchA] commit
# Configure SwitchB.
[~SwitchB] ospf
[~SwitchB-ospf-1] area 0
[~SwitchB-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[~SwitchB-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[~SwitchB-ospf-1-area-0.0.0.0] network 192.168.3.0 0.0.0.255
[~SwitchB-ospf-1-area-0.0.0.0] quit
[~SwitchB-ospf-1] quit
[~SwitchB] commit
# Configure SwitchC.
[~SwitchC] ospf
[~SwitchC-ospf-1] area 0
[~SwitchC-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[~SwitchC-ospf-1-area-0.0.0.0] quit
[~SwitchC-ospf-1] quit
[~SwitchC] commit
# Configure SwitchD.
[~SwitchD] ospf
[~SwitchD-ospf-1] area 0
[~SwitchD-ospf-1-area-0.0.0.0] network 192.168.3.0 0.0.0.255
[~SwitchD-ospf-1-area-0.0.0.0] quit
[~SwitchD-ospf-1] quit
[~SwitchD] commit
Step 4 Configure five static routes on SwitchA and import these routes into OSPF.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 7 Routing Policy Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
389
[~SwitchA] ip route-static 172.1.16.0 24 NULL 0
[~SwitchA] ip route-static 172.1.17.0 24 NULL 0
[~SwitchA] ip route-static 172.1.18.0 24 NULL 0
[~SwitchA] ip route-static 172.1.19.0 24 NULL 0
[~SwitchA] ip route-static 172.1.20.0 24 NULL 0
[~SwitchA] commit
[~SwitchA] ospf
[~SwitchA-ospf-1] import-route static
[~SwitchA-ospf-1] quit
[~SwitchA] commit
# Check the routing table on SwitchB. You can find that the five static routes are imported into
OSPF.
[~SwitchB] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.1.16.0/24 O_ASE 150 1 D 192.168.1.1 Vlanif10
172.1.17.0/24 O_ASE 150 1 D 192.168.1.1 Vlanif10
172.1.18.0/24 O_ASE 150 1 D 192.168.1.1 Vlanif10
172.1.19.0/24 O_ASE 150 1 D 192.168.1.1 Vlanif10
172.1.20.0/24 O_ASE 150 1 D 192.168.1.1 Vlanif10
192.168.1.0/24 Direct 0 0 D 192.168.1.2 Vlanif10
192.168.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif10
192.168.2.0/24 Direct 0 0 D 192.168.2.1 Vlanif20
192.168.2.1/32 Direct 0 0 D 127.0.0.1 Vlanif20
192.168.3.0/24 Direct 0 0 D 192.168.3.1 Vlanif30
192.168.3.1/32 Direct 0 0 D 127.0.0.1 Vlanif30
Step 5 Configure a policy for advertising routes.
# Set an IP prefix list named a2b on SwitchA.
[~SwitchA] ip ip-prefix a2b index 10 permit 172.1.17.0 24
[~SwitchA] ip ip-prefix a2b index 20 permit 172.1.18.0 24
[~SwitchA] ip ip-prefix a2b index 30 permit 172.1.19.0 24
[~SwitchA] commit
# Configure a policy for advertising routes on SwitchA, and use the IP prefix list named a2b to
filter routes.
[~SwitchA] ospf
[~SwitchA-ospf-1] filter-policy ip-prefix a2b export static
[~SwitchA-ospf-1] commit
# Check the routing table on SwitchB. You can find that SwitchB receives only three routes
defined in a2b.
[~SwitchB] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11

Destination/Mask Proto Pre Cost Flags NextHop Interface

127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.1.17.0/24 O_ASE 150 1 D 192.168.1.1 Vlanif10
172.1.18.0/24 O_ASE 150 1 D 192.168.1.1 Vlanif10
172.1.19.0/24 O_ASE 150 1 D 192.168.1.1 Vlanif10
192.168.1.0/24 Direct 0 0 D 192.168.1.2 Vlanif10
192.168.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif10
192.168.2.0/24 Direct 0 0 D 192.168.2.1 Vlanif20
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 7 Routing Policy Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
390
192.168.2.1/32 Direct 0 0 D 127.0.0.1 Vlanif20
192.168.3.0/24 Direct 0 0 D 192.168.3.1 Vlanif30
192.168.3.1/32 Direct 0 0 D 127.0.0.1 Vlanif30
Step 6 Configure a policy for receiving routes.
# Set an IP prefix list named in on SwitchC.
[~SwitchC] ip ip-prefix in index 10 permit 172.1.18.0 24
[~Switchc] commit
# Set a policy for receiving routes on SwitchC, and use in to filter routes.
[~SwitchC] ospf
[~SwitchC-ospf-1] filter-policy ip-prefix in import
[~SwitchC] commit
# Check the routing table on SwitchC. You can find that SwitchC in the local core routing table
receives only one route defined in in.
[~SwitchC] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 5 Routes : 5

Destination/Mask Proto Pre Cost Flags NextHop Interface

127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.1.18.0/24 O_ASE 150 1 D 192.168.2.1 Vlanif20
192.168.2.0/24 Direct 0 0 D 192.168.2.2 Vlanif20
192.168.2.2/32 Direct 0 0 D 127.0.0.1 Vlanif20
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
interface Vlanif10
ip address 192.168.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
ospf 1
filter-policy ip-prefix a2b export static
import-route static
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
ip ip-prefix a2b index 10 permit 172.1.17.0 24
ip ip-prefix a2b index 20 permit 172.1.18.0 24
ip ip-prefix a2b index 30 permit 172.1.19.0 24
#
ip route-static 172.1.16.0 255.255.255.0 NULL0
ip route-static 172.1.17.0 255.255.255.0 NULL0
ip route-static 172.1.18.0 255.255.255.0 NULL0
ip route-static 172.1.19.0 255.255.255.0 NULL0
ip route-static 172.1.20.0 255.255.255.0 NULL0
#
return
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 7 Routing Policy Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
391
l Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 10 20 30
#
interface Vlanif10
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif20
ip address 192.168.2.1 255.255.255.0
#
interface Vlanif30
ip address 192.168.3.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 30
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
network 192.168.3.0 0.0.0.255
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 20
#
interface Vlanif20
ip address 192.168.2.2 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
ospf 1
filter-policy ip-prefix in import
area 0.0.0.0
network 192.168.2.0 0.0.0.255
#
ip ip-prefix in index 10 permit 172.1.18.0 24
#
return
l Configuration file of SwitchD
#
sysname SwitchD
#
vlan batch 30
#
interface Vlanif30
ip address 192.168.3.2 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 7 Routing Policy Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
392
ospf 1
area 0.0.0.0
network 192.168.3.0 0.0.0.255
#
return
7.6.2 Example for Applying a Routing Policy for Importing Routes
Networking Requirements
As shown in Figure 7-2, SwitchB exchanges routing information with SwitchA through OSPF
and with SwitchC through IS-IS. Users want SwitchB to import IS-IS routes into the OSPF
network. Users also want that the route to 172.17.1.0/24 on the OSPF network has a low
preference and the route to 172.17.2.0/24 has a tag, which makes it easy to reference by a routing
policy.
Figure 7-2 Networking diagram for applying a routing policy for importing routes
SwitchC
10GE1/0/1
VLANIF10
192.168.1.1/24
10GE1/0/1
VLANIF10
192.168.1.2/24
10GE1/0/1
VLANIF20
192.168.2.1/24
10GE1/0/2
VLANIF20
192.168.2.2/24
10GE1/02
VLANIF30
172.17.1.1/24
SwitchA
SwitchB
OSPF IS-IS
10GE1/0/3
VLANIF40
172.17.2.1/24
10GE1/0/4
VLANIF50
172.17.3.1/24

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a routing policy on SwitchB, set the cost of the route to 172.17.1.0/24 to 100,
and apply the routing policy when OSPF imports IS-IS routes. The routing policy allows
the route to 172.17.1.0/24 have a low preference.
2. Configure a routing policy on SwitchB, set the tag of the route to 172.17.2.0/24 is 20, and
apply the routing policy when OSPF imports IS-IS routes. In this way, the tag of the route
to 172.17.2.0/24 can take effect, which makes it easy to reference by a routing policy.
Procedure
Step 1 Add interfaces to the VLANs.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[~HUAWEI] commit
[~SwitchA] vlan 10
[~SwitchA-vlan10] quit
[~SwitchA] interface 10ge 1/0/1
[~SwitchA-10GE1/0/1] port link-type trunk
[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 10
[~SwitchA-10GE1/0/1] quit
[~SwitchA] commit
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 7 Routing Policy Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
393
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
Step 2 Assign IP addresses to the VLANIF interfaces.
[~SwitchA] interface vlanif 10
[~SwitchA-Vlanif10] ip address 192.168.1.1 24
[~SwitchA-Vlanif10] quit
[~SwitchA] commit
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
Step 3 Configure IS-IS.
# Configure Switch C.
[~SwitchC] isis
[~SwitchC-isis-1] is-level level-2
[~SwitchC-isis-1] network-entity 10.0000.0000.0001.00
[~SwitchC-isis-1] quit
[~SwitchC] interface vlanif 20
[~SwitchC-Vlanif20] isis enable
[~SwitchC-Vlanif20] quit
[~SwitchC] interface vlanif 30
[~SwitchC-Vlanif30] isis enable
[~SwitchC-Vlanif30] quit
[~SwitchC] interface vlanif 40
[~SwitchC-Vlanif40] isis enable
[~SwitchC-Vlanif40] quit
[~SwitchC] interface vlanif 50
[~SwitchC-Vlanif50] isis enable
[~SwitchC-Vlanif50] quit
[~SwitchC] commit
# Configure Switch B.
[~SwitchB] isis
[~SwitchB-isis-1] is-level level-2
[~SwitchB-isis-1] network-entity 10.0000.0000.0002.00
[~SwitchB-isis-1] quit
[~SwitchB] interface vlanif 20
[~SwitchB-Vlanif20] isis enable
[~SwitchB-Vlanif20] quit
[~SwitchB] commit
Step 4 Configure OSPF and import routes.
# Configure SwitchA and enable OSPF.
[~SwitchA] ospf
[~SwitchA-ospf-1] area 0
[~SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[~SwitchA-ospf-1-area-0.0.0.0] quit
[~SwitchA-ospf-1] quit
[~SwitchA] commit
# Configure SwitchB, enable OSPF, and import IS-IS routes.
[~SwitchB] ospf
[~SwitchB-ospf-1] area 0
[~SwitchB-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[~SwitchB-ospf-1-area-0.0.0.0] quit
[~SwitchB-ospf-1] import-route isis 1
[~SwitchB-ospf-1] quit
[~SwitchB] commit
# Check the OSPF routing table on SwitchA. You can find the imported routes.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 7 Routing Policy Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
394
[~SwitchA] display ospf routing

OSPF Process 1 with Router ID 192.168.1.1
Routing Tables

Routing for Network
Destination Cost Type NextHop AdvRouter Area
192.168.1.0/24 1 Stub 192.168.1.1 192.168.1.1 0.0.0.0

Routing for ASEs
Destination Cost Type Tag NextHop AdvRouter
172.17.1.0/24 1 Type2 1 192.168.1.2 192.168.1.2
172.17.2.0/24 1 Type2 1 192.168.1.2 192.168.1.2
172.17.3.0/24 1 Type2 1 192.168.1.2 192.168.1.2
192.168.2.0/24 1 Type2 1 192.168.1.2 192.168.1.2

Total Nets: 5
Intra Area: 1 Inter Area: 0 ASE: 4 NSSA: 0
Step 5 Set the filtering list.
# Set ACL 2002 to match 172.17.2.0/24.
[~SwitchB] acl number 2002
[~SwitchB-acl-basic-2002] rule permit source 172.17.2.0 0.0.0.255
[~SwitchB-acl-basic-2002] quit
[~SwitchB] commit
# Set an IP prefix list named prefix-a to match 172.17.1.0/24.
[~SwitchB] ip ip-prefix prefix-a index 10 permit 172.17.1.0 24
[~SwitchB] commit
Step 6 Configure a routing policy.
[~SwitchB] route-policy isis2ospf permit node 10
[~SwitchB-route-policy] if-match ip-prefix prefix-a
[~SwitchB-route-policy] apply cost 100
[~SwitchB-route-policy] quit
[~SwitchB] route-policy isis2ospf permit node 20
[~SwitchB-route-policy] if-match acl 2002
[~SwitchB-route-policy] apply tag 20
[~SwitchB-route-policy] quit
[~SwitchB] route-policy isis2ospf permit node 30
[~SwitchB-route-policy] quit
[~SwitchB] commit
Step 7 Apply the routing policy when routes are imported.
# Configure SwitchB and apply the routing policy when routes are imported.
[~SwitchB] ospf
[~SwitchB-ospf-1] import-route isis 1 route-policy isis2ospf
[~SwitchB-ospf-1] quit
[~SwitchB] commit
# Check the OSPF routing table on SwitchA. You can find that the cost of the route to
172.17.1.0/24 is 100; the tag of the route to 172.17.2.0/24 is 20; other route attributes remain
unchanged.
[~SwitchA] display ospf routing

OSPF Process 1 with Router ID 192.168.1.1
Routing Tables
Routing for Network
Destination Cost Type NextHop AdvRouter Area
192.168.1.0/24 1 Stub 192.168.1.1 192.168.1.1 0.0.0.0

Routing for ASEs
Destination Cost Type Tag NextHop AdvRouter
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 7 Routing Policy Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
395
172.17.1.0/24 100 Type2 1 192.168.1.2 192.168.1.2
172.17.2.0/24 1 Type2 20 192.168.1.2 192.168.1.2
172.17.3.0/24 1 Type2 1 192.168.1.2 192.168.1.2
192.168.2.0/24 1 Type2 1 192.168.1.2 192.168.1.2

Total Nets: 5
Intra Area: 1 Inter Area: 0 ASE: 4 NSSA: 0
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
interface Vlanif10
ip address 192.168.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 10 20
#
acl number 2002
rule 5 permit source 172.17.2.0 0.0.0.255
#
isis 1
is-level level-2
network-entity 10.0000.0000.0002.00
#
interface Vlanif10
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif20
ip address 192.168.2.2 255.255.255.0
isis enable 1
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
ospf 1
import-route isis 1 route-policy isis2ospf
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
route-policy isis2ospf permit node 10
if-match ip-prefix prefix-a
apply cost 100
#
route-policy isis2ospf permit node 20
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 7 Routing Policy Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
396
if-match acl 2002
apply tag 20
#
route-policy isis2ospf permit node 30
#
ip ip-prefix prefix-a index 10 permit 172.17.1.0 24
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 20 30 40 50
#
isis 1
is-level level-2
network-entity 10.0000.0000.0001.00
#
interface Vlanif20
ip address 192.168.2.1 255.255.255.0
isis enable 1
#
interface Vlanif30
ip address 172.17.1.1 255.255.255.0
isis enable 1
#
interface Vlanif40
ip address 172.17.2.1 255.255.255.0
isis enable 1
#
interface Vlanif50
ip address 172.17.3.1 255.255.255.0
isis enable 1
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 40
#
interface 10GE1/0/4
port link-type trunk
port trunk allow-pass vlan 50
#
return
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 7 Routing Policy Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
397
8 MCE Configuration
About This Chapter
A private network may need to to be divided into multiple VPNs, and services of different VPNs
must be completely isolated. An MCE can provide access to multiple VPNs so that you do not
need to deploy a CE for each VPN. This reduces costs on device purchase and maintenance.
8.1 MCE Overview
A Multi-VPN-Instance CE (MCE) is a CE that supports the multi-VPN-instance function.
8.2 Configuring an MCE Device
You can configure multi-instance routing protocols on an MCE device to implement service
isolation between different VPN users in a LAN.
8.3 Configuration Examples
This section provides an example for configuring an MCE device.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
398
8.1 MCE Overview
A Multi-VPN-Instance CE (MCE) is a CE that supports the multi-VPN-instance function.
Definition
A BGP/MPLS IP VPN is a Layer 3 Virtual Private Network (L3VPN). BGP/MPLS IP VPN uses
the Border Gateway Protocol (BGP) to advertise VPN routes and the Multiprotocol Label
Switching (MPLS) to forward VPN packets on backbone networks. IP means that IP packets
are carried by the VPN.
Figure 8-1 shows the basic model of a BGP/MPLS IP VPN.
Figure 8-1 Model of a BGP/MPLS IP VPN
CE
CE
CE IP/MPLS
Backbone
CE
VPN 1
Site
Site
Site
Site
VPN 1
VPN 2
PE
PE
PE
P
P
P
P
VPN 2

The BGP/MPLS IP VPN model consists of the following parts:
l Customer Edge (CE): It is an edge device on a customer network, providing interfaces that
are directly connected to the Service Provider (SP) network. A CE can be a router, a switch,
or a host. Usually, a CE neither senses the VPN nor supports MPLS.
l Provider Edge (PE): It is an edge device on an SP network. A PE is directly connected to
the CE. On an MPLS network, PE devices process all VPN services. Therefore, the
requirements on the performance of PE devices are rather high.
l Provider (P): It is a backbone device on an SP network. A P is not directly connected to
CE devices. Ps only need to possess basic MPLS forwarding capabilities and do not
maintain information about a VPN.
PE and P devices are managed by SPs. CE devices are managed by users except that the users
trust SPs with the management right.
A PE can access multiple CE devices. A CE can be connected to multiple PE devices of the
same SP or of different SPs.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
399
Basic Concepts of BGP/MPLS IP VPN
l Site
The concept of "site" is frequently mentioned in the VPN technology. The following
describes a site from different aspects:
A site is a group of IP systems with IP connectivity that can be achieved independent
of SP's networks.
Sites are demarcated based on the topology relationships between devices rather than
the geographic positions of the devices although the devices in a site are geographically
adjacent to each other in general.
The devices at a site may belong to multiple VPNs. In other words, a site may belong
to more than one VPN.
A site is connected to an SP's network through the CE. A site may contain more than
one CE, but a CE belongs to only one site.
Sites connected to the same SP's network can be divided into different sets based on policies.
Only sites that belong to the same set can access each other, and this set is a VPN.
l Address space overlapping
As a private network, a VPN independently manages an address realm, also called an
address space.
Address spaces of different VPNs may overlap. For example, if both VPN 1 and VPN 2
use addresses on the network segment 10.110.10.0/24, address space overlap occurs.
l VPN instance
In BGP/MPLS IP VPN implementation, routes of different VPNs are isolated by VPN
instances.
A PE device establishes and maintains a VPN instance for each directly connected site. A
VPN instance contains VPN member interfaces and routes of the corresponding site.
Specifically, information in a VPN instance includes the IP routing table, label forwarding
table, interface bound to the VPN instance, and VPN instance management information.
VPN instance management information includes the route distinguisher (RD), route
filtering policy, and member interface list of the VPN instance.
Figure 8-2 VPN instances
VPN2
Site2
CE
VPN1
Site1
CE
PE
VPN1
VPN-instance
VPN2
VPN-instance
Public
forwarding table
IP/MPLS
Backbone
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
400

l RD and VPN-IPv4 Address
The traditional BGP cannot correctly handle the routes of VPNs with overlapping address
spaces. For example, VPN1 and VPN2 use addresses on network segment 10.110.10.0/24
and they both advertise a route to this network segment. The local PE device can identify
the routes based on VPN instances. However, when the routes are advertised to the remote
PE device, BGP selects only one of the two routes because load balancing is not performed
between routes of different VPNs. The other route is lost.
To ensure that VPN routes of VPNs with overlapping address spaces are correctly
processed, PE devices use MP-BGP to advertise VPN routes and use the VPN-IPv4 address
to identify the routes.
A VPN-IPv4 address consists of 12 bytes. The first eight bytes represent the RD, and the
last four bytes stand for the IPv4 address prefix, as shown in Figure 8-3.
Figure 8-3 VPN-IPv4 address structure
Type Field
( 2-Byte )
IPv4 Address Prefix
( 4-Byte )
Administrator
Subfield
Assigned
Number Subfield
Route Distinguisher ( 8-Byte )

RDs distinguish the IPv4 prefixes with the same address space. IPv4 addresses with RDs
are VPN-IPv4 addresses (VPNv4 addresses). After receiving IPv4 routes from a CE device,
a PE device converts the routes into globally unique VPN-IPv4 routes and advertises the
routes on the public network.
The RD format enables SPs to allocate RDs independently. When CE devices are dual-
homed to PE devices, RD must be globally unique to ensure correct routing.
l VPN target
The VPN target, also called the route target (RT), is a 32-bit BGP extension community
attribute. BGP/MPLS IP VPN uses the VPN target to control the advertisement of VPN
routing information.
A VPN instance is associated with one or more VPN target attributes, which are of the
following types:
Export target: After learning the IPv4 routes from directly connected sites, a local PE
converts the routes to VPN-IPv4 routes and sets the export target attribute for those
routes. As the BGP extension community attribute, the export target attribute is
advertised with the routes.
Import target: After receiving VPN-IPv4 routes from other PE devices, a PE checks the
export target attribute of the routes. If the export target is identical with the import target
of a VPN instance on the PE, the PE adds the route to the VPN routing table.
In a BGP/MPLS IP VPN, VPN targets are used to control the advertisement and receipt of
VPN routing information between sites. VPN export targets are independent of import
targets. An export target and an import target can be configured with multiple values; in
this manner, flexible VPN access control and diversified VPN networking schemes can be
adopted.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
401
For example, if the import target of a VPN instance contains 100:1, 200:1, and 300:1, any
route with the export target of 100:1, 200:1, or 300:1 is added to the routing table of the
VPN instance.
Introduction to MCE Technology
BGP/MPLS IP VPN uses tunnels to transmit data of private networks on a public network. In
the traditional BGP/MPLS IP VPN architecture, each VPN instance must use a CE device to
connect to a PE device, as shown in Figure 8-1.
In may cases, a private network must be divided into multiple VPNs to realize fine-grained
service management and enhance security. Services of users in different VPNs must be
completely isolated. Deploying a CE device for each VPN increases the cost of device
procurement and maintenance. If multiple VPNs share one CE device, data security cannot be
ensured because all the VPNs use the same routing and forwarding table.
The MCE technology ensures data security between different VPNs while reducing network
construction and maintenance costs. Figure 8-4 shows the MCE deployment.
Figure 8-4 Networking with an MCE device
Site
VPN 2
Site
VPN 1
MCE
CE
CE
Site
Site
VPN 1
PE
PE
P
P
VPN 2
PE
IP/MPLS
Backbone

An MCE device has some PE functions. By binding each VPN instance to a different interface,
an MCE device creates and maintains an independent VRF for each VPN. This application is
also called multi-VRF application. The MCE device isolates forwarding paths of different VPNs
on a private network and advertises routes of each VPN to the peer PE device, ensuring that
VPN packets are correctly transmitted on the public network.
8.2 Configuring an MCE Device
You can configure multi-instance routing protocols on an MCE device to implement service
isolation between different VPN users in a LAN.
Pre-configuration Tasks
Before configuring an MCE device, complete the following task:
l Configuring the link layer protocol and network layer protocol for LAN interfaces and
connecting the LAN to the MCE device (reserve one interface for each service)
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
402
Configuration Process
The following tasks are mandatory.
8.2.1 Configuring a VPN Instance
Context
The following configurations are performed on the MCE device.
Similar configurations must be performed on the PE devices. The PE configuration procedure
and commands used vary in devices from different vendors and different product models. For
detailed configuration, see the documentation of the PE devices.
Procedure
Step 1 Create a VPN instance.
1. Run:
system-view
The system view is displayed.
2. Run:
ip vpn-instance vpn-instance-name
A VPN instance is created, and its view is displayed.
NOTE
A VPN instance name is case sensitive. For example, vpn1 and VPN1 are different VPN instances.
3. (Optional) Run:
description description-information
The description is configured for the VPN instance.
The description is similar to that of the host name and interface, which can be used to record
information about the relationship between a VPN instance and a VPN.
4. Run:
ipv4-family
The IPv4 address family is enabled for the VPN instance, and the VPN instance IPv4
address family view is displayed.
5. Run:
route-distinguisher route-distinguisher
An RD is configured for the VPN instance IPv4 address family.
A VPN instance IPv4 address family takes effect only after being configured with an RD.
The RDs of different VPN instances on a PE must be different.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
403
NOTE
l RDs cannot be modified but can be deleted after being configured.After an RD is deleted, all
configurations in the VPN instance IPv4 address family of the corresponding VPN instance will
be deleted.
l If you configure an RD for the VPN instance IPv4 address family in the created VPN instance
view, the VPN instance IPv4 address family is enabled and the the VPN instance IPv4 address
family view is displayed.
6. Run:
vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-
extcommunity ]
A VPN target is configured for the VPN instance IPv4 address family.
A VPN target is a BGP extended community attribute. It is used to control the receiving
and advertisement of VPN routing information. A maximum of eight VPN targets can be
configured using a vpn-target command.
When VPN sites connected to the MCE device need to communicate with one another,
configure VPN targets on the MCE device to implement VPN route cross. If the VPN sites
connected to the MCE device do not need to communicate with one another, you do not
need to configure VPN targets.
7. (Optional) Run:
prefix limit number { alert-percent [ route-unchanged ] | simply-alert }
The allowed maximum number of route prefixes is set for the VPN instance IPv4 address
family.
The configuration restricts the number of route prefixes imported from the CEs and other
PEs into a VPN instance IPv4 address family on a PE, preventing the PE from receiving
too many route prefixes.
NOTE
If the prefix limit command is run, the system gives a prompt when the number of route prefixes
added to the routing table of the VPN instance IPv4 address family exceeds the limit. After the prefix
limit command is run to increase the allowed maximum number of route prefixes in a VPN instance
IPv4 address family or the undo prefix limit command is run to cancel the limit, the system adds
newly received route prefixes of various protocols to the private network IP routing table.
After the number of route prefixes exceeds the maximum limit, direct and static routes can still be
added to the IPv4 address family routing table of VPN instances.
8. (Optional) Configure a routing policy for the VPN instance.
In addition to using VPN targets to control VPN route advertisement and reception, you
can configure a routing policy for the VPN instance to better control VPN routes.
l An import routing policy filters routes before they are imported into the VPN instance
IPv4 address family.
l An export routing policy filters routes before they are advertised to other PE devices.
NOTE
Before applying a routing policy to a VPN instance, create the routing policy. For details about how
to configure a routing policy, see Routing Policy Configuration in the CloudEngine 6800&5800
Series Switches Configuration Guide - IP Routing.
Run the following command as required:
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
404
l To configure an import routing policy for the VPN instance IPv4 address family, run
import route-policy policy-name.
l To configure an export routing policy for the VPN instance IPv4 address family, run
export route-policy policy-name.
9. Run:
commit
The configuration is committed.
Step 2 Bind the VPN instance to an interface.
1. Run:
system-view
The system view is displayed.
2. Run:
interface interface-type interface-number
The interface view is displayed.
3. Run:
ip binding vpn-instance vpn-instance-name
A VPN instance is bound to the interface.
By default, an interface is a public network interface and is not associated with any VPN
instance.
NOTE
After a VPN instance is bound to an interface, configuration of the Layer 3 features including IP
addresses and routing protocols is deleted from the interface.
4. Run:
ip address ip-address { mask | mask-length }
An IP address is configured for the interface.
5. Run:
commit
The configuration is committed.
----End
8.2.2 Configure Route Exchange Between an MCE Device and VPN
Sites
Context
Routing protocols that can be used between an MCE device and VPN sites are static routing,
RIP, OSPF, IS-IS, and BGP.Choose one of the following configurations as needed:
l Configure static routes between an MCE device and a site.
l Configure RIP between an MCE device and a site.
l Configure OSPF between an MCE device and a site.
l Configure IS-IS between an MCE device and a site.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
405
l Configure BGP between an MCE device and a site.
The following configurations are performed on the MCE device. On the devices in the site, you
only need to configure the corresponding routing protocol.
Configure Static Routes Between an MCE Device and a Site
Perform the following configurations on the MCE device. You only need to configure a static
route to the MCE device in the site. The site configuration is not provided here.
NOTE
For detailed configuration of static routes, see Static Route Configuration in the CloudEngine 6800&5800
Series Switches Configuration Guide - IP Routing.
Table 8-1 MCE configuration
Action Command Description
Enter the system
view.
system-view -
Configure a static
route to the site.
ip route-static vpn-instance vpn-source-
name destination-address { mask | mask-
length } { nexthop-address [ public ] |
interface-type interface-number [ nexthop-
address ] } [ preference preference | tag
tag ]
*
You must specify the next
hop address on the MCE
device.
Commit the
configuration.
commit -

Configure RIP Between an MCE Device and a Site
Perform the following configurations on the MCE device. Configure RIPv1 or RIPv2 in the site.
The site configuration is not provided here.
NOTE
For detailed RIP configuration, see RIP Configuration in the CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing.
Table 8-2 MCE configuration
Action Command Description
Enter the system
view.
system-view -
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
406
Action Command Description
Create a RIP
process running
between the MCE
device and the site
and enter the RIP
view.
rip process-id vpn-instance vpn-instance-
name
A RIP process can be
bound to only one VPN
instance. If a RIP process
is not bound to any VPN
instance before it is
started, this process
becomes a public network
process and can no longer
be bound to a VPN
instance.
Enable RIP on the
network segment
of the interface to
which the VPN
instance is bound.
network network-address -
(Optional) Import
the routes to the
remote sites
advertised by the
PE device in to the
RIP routing table.
import-route protocol [ process-id ]
[ cost { cost | transparent } | [ route-
policy route-policy-name ] ]
*
Perform this step if another
routing protocol is running
between the MCE and PE
devices in the VPN
instance.
Commit the
configuration.
commit -

Configure OSPF Between an MCE Device and a Site
Perform the following configurations on the MCE device. Configure OSPF in the site. The site
configuration is not provided here.
NOTE
For detailed OSPF configuration, see OSPF Configuration in the CloudEngine 6800&5800 Series
Switches Configuration Guide - IP Routing.
Table 8-3 MCE configuration
Action Command Description
Enter the system
view.
system-view -
Create an OSPF
process running
between the MCE
device and the site
and enter the
OSPF view.
ospf [ process-id | router-id router-id ]
*
vpn-instance vpn-instance-name
-
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
407
Action Command Description
(Optional) Import
the routes to the
remote sites
advertised by the
PE device into the
OSPF routing
table.
import-route { bgp [ permit-ibgp ] |
direct | rip [ process-id-rip ] | static | isis
[ process-id-isis ] | ospf [ process-id-
ospf ] } [ cost cost | route-policy route-
policy-name | tag tag | type type ]
*
Perform this step if another
routing protocol is running
between the MCE and PE
devices in the VPN
instance.
Configure an
OSPF area and
enter the OSPF
area view.
area { area-id | area-id-address } -
Enable OSPF on
the network
segment of the
interface to which
the VPN instance
is bound.
network ip-address wildcard-mask -
Commit the
configuration.
commit -

Configure IS-IS Between an MCE Device and a Site
Perform the following configurations on the MCE device. You only need to configure IS-IS in
the site. The site configuration is not provided here.
NOTE
For detailed IS-IS configuration, see IS-IS Configuration in the CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing.
Table 8-4 MCE configuration
Action Command Description
Enter the system
view.
system-view -
Create an IS-IS
process running
between the MCE
device and the site
and enter the IS-IS
view.
isis process-id vpn-instance vpn-
instance-name
An IS-IS process can be
bound to only one VPN
instance. If an IS-IS process
is not bound to any VPN
instance before it is started,
this process becomes a
public network process and
can no longer be bound to a
VPN instance.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
408
Action Command Description
Set a network
entity title (NET)
for the IS-IS
process.
network-entity net A NET specifies the current
IS-IS area address and the
system ID of the switch. A
maximum of three NETs
can be configured for one
process on each switch.
Import the routes
to the remote sites
advertised by the
PE device into the
IS-IS routing table.
Use either of the following commands:
l import-route { direct | static | unr |
{ ospf | rip | isis } [ process-id ] |
bgp } [ cost-type { external |
internal } | cost cost | tag tag | route-
policy route-policy-name | [ level-1 |
level-2 | level-1-2 ] ]
*
l import-route { { ospf | rip | isis }
[ process-id ] | bgp | direct } inherit-
cost [ { level-1 | level-2 | level-1-2 }
| tag tag | route-policy route-policy-
name ]
*
Perform this step if another
routing protocol is running
between the MCE and PE
devices in the VPN instance.
Return to system
view.
quit -
Enter the view of
the interface to
which the VPN
instance is bound.
interface interface-type interface-
number
-
Enable IS-IS on
the interface.
isis enable [ process-id ] -
Commit the
configuration.
commit -

Configure BGP between an MCE Device and a Site
Perform the following configurations on the MCE device.
Table 8-5 MCE configuration
Action Command Description
Enter the system
view.
system-view -
Enter the BGP
view.
bgp as-number -
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
409
Action Command Description
Enter the BGP-
VPN instance IPv4
address family
view.
ipv4-family vpn-instance vpn-instance-
name
-
Configure the
device connected
to the MCE device
in the site as a VPN
peer.
peer ipv4-address as-number as-number -
Import the routes
to the remote sites
advertised by the
PE device into the
BGP routing table.
import-route protocol [ process-id ]
[ med med | route-policy route-policy-
name ]
*
Perform this step if
another routing protocol
is running between the
MCE and PE devices in
the VPN instance.
Allow routing
loops.
peer ipv4-address allow-as-loop
[ number ]
Generally, BGP uses the
AS number to detect
route loops. If BGP is
running between the
MCE device and the site,
the MCE device
advertises the routing
information with the
local AS number to the
site. If the route update
messages sent from the
site contain the local AS
number, the MCE device
rejects the route update
messages. To configure
the MCE device to accept
these route update
messages, configure it to
allow routing loops.
Commit the
configuration.
commit -

Perform the following configurations on the device connected to the MCE device in the site.
Table 8-6 Site configuration
Action Command Description
Enter the system
view.
system-view -
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
410
Action Command Description
Enter the BGP
view.
bgp as-number -
Configure the
MCE device as a
VPN peer.
peer ipv4-address as-number as-number -
Import IGP routes
of the VPN into the
BGP routing table.
import-route protocol [ process-id ]
[ med med | route-policy route-policy-
name ]
*
The site must advertise
routes to its attached
VPN network segments
to the MCE device.
Commit the
configuration.
commit -

8.2.3 Configure Route Exchange Between an MCE Device and a PE
Device
Context
Routing protocols that can be used between an MCE device and a PE device are static routing,
RIP, OSPF, IS-IS, and BGP.Choose one of the following configurations as needed:
l Configure static routes between an MCE device and a PE device.
l Configure RIP between an MCE device and a PE device.
l Configure OSPF between an MCE device and a PE device.
l Configure IS-IS between an MCE device and a PE device.
l Configure BGP between an MCE device and a PE device.
The following configurations are performed on the MCE device. The configurations on the PE
device are similar. For details, see the user manual of the PE device.
Configure Static Routes Between an MCE Device and a PE Device
Perform the following configurations on the MCE device.
Table 8-7 MCE configuration
Action Command Description
Enter the system
view.
system-view -
Configure a static
route to the PE
device.
ip route-static vpn-instance vpn-source-
name destination-address { mask | mask-
length } vpn-instance vpn-destination-
name nexthop-address [ preference
preference | tag tag ]
*
You must specify the
next hop address on the
MCE device.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
411
Action Command Description
Commit the
configuration.
commit -

Configure RIP Between an MCE Device and a PE Device
Perform the following configurations on the MCE device.
Table 8-8 MCE configuration
Action Command Description
Enter the system
view.
system-view -
Create a RIP
process running
between the MCE
and PE devices and
enter the RIP view.
rip process-id vpn-instance vpn-instance-
name
A RIP process can be
bound to only one VPN
instance. If a RIP
process is not bound to
any VPN instance
before it is started, this
process becomes a
public network process
and can no longer be
bound to a VPN
instance.
Enable RIP on the
network segment of
the interface to
which the VPN
instance is bound.
network network-address -
(Optional) Import
VPN routes of the
site into the RIP
routing table.
import-route protocol [ process-id ]
[ cost { cost | transparent } | [ route-
policy route-policy-name ] ]
*
Perform this step if
another routing
protocol is running
between the MCE
device and VPN sites in
the VPN instance.
Commit the
configuration.
commit -

Configure OSPF Between an MCE Device and a PE Device
Perform the following configurations on the MCE device.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
412
Table 8-9 MCE configuration
Action Command Description
Enter the system
view.
system-view -
Create an OSPF
process running
between the MCE
and PE devices and
enter the OSPF
view.
ospf [ process-id | router-id router-id ]
*
vpn-instance vpn-instance-name
-
(Optional) Import
VPN routes of the
site into the OSPF
routing table.
import-route { bgp [ permit-ibgp ] |
direct | rip [ process-id-rip ] | static | isis
[ process-id-isis ] | ospf [ process-id-ospf ] }
[ cost cost | route-policy route-policy-
name | tag tag | type type ]
*
Perform this step if
another routing protocol
is running between the
MCE device and VPN
sites in the VPN
instance.
Disable routing
loop detection in the
OSPF process.
vpn-instance-capability simple By default, routing loop
detection is disabled in
an OSPF process. If
routing loop detection is
not disabled in the
OSPF process on the
MCE device, the MCE
device rejects OSPF
routes sent from the PE
device.
Configure an OSPF
area and enter the
OSPF area view.
area { area-id | area-id-address } -
Enable OSPF on the
network segment of
the interface to
which the VPN
instance is bound.
network ip-address wildcard-mask -
Commit the
configuration.
commit -

Configure IS-IS Between an MCE Device and a PE Device
Perform the following configurations on the MCE device.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
413
Table 8-10 MCE configuration
Action Command Description
Enter the system
view.
system-view -
Create an IS-IS
process running
between the MCE
and PE devices and
enter the IS-IS
view.
isis process-id vpn-instance vpn-instance-
name
An IS-IS process can be
bound to only one VPN
instance. If an IS-IS
process is not bound to
any VPN instance
before it is started, this
process becomes a
public network process
and can no longer be
bound to a VPN
instance.
Set a network
entity title (NET)
for the IS-IS
process.
network-entity net A NET specifies the
current IS-IS area
address and the system
ID of the switch. A
maximum of three
NETs can be configured
for one process on each
switch.
(Optional) Import
VPN routes of the
site into the IS-IS
routing table.
Use either of the following commands:
l import-route { direct | static | unr | {
ospf | rip | isis } [ process-id ] | bgp }
[ cost-type { external | internal } | cost
cost | tag tag | route-policy route-policy-
name | [ level-1 | level-2 | level-1-2 ] ]
*
l import-route { { ospf | rip | isis }
[ process-id ] | bgp | direct } inherit-
cost [ { level-1 | level-2 | level-1-2 } |
tag tag | route-policy route-policy-
name ]
*
Perform this step if
another routing protocol
is running between the
MCE device and VPN
sites in the VPN
instance.
Return to system
view.
quit -
Enter the view of
the interface to
which the VPN
instance is bound.
interface interface-type interface-number -
Enable IS-IS on
the interface.
isis enable [ process-id ] -
Commit the
configuration.
commit -

CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
414
Configure BGP Between an MCE Device and a PE Device
Perform the following configurations on the MCE device.
Table 8-11 MCE configuration
Action Command Description
Enter the system
view.
system-view -
Enter the BGP
view.
bgp as-number -
Enter the BGP-
VPN instance IPv4
address family
view.
ipv4-family vpn-instance vpn-instance-
name
-
Configure the PE
device as the VPN
peer of the MCE
device.
peer ipv4-address as-number as-number -
Import the routes
to the remote sites
advertised by the
PE device into the
BGP routing table.
import-route protocol [ process-id ] [ med
med | route-policy route-policy-name ]
*
Perform this step if
another routing
protocol is running
between the MCE
device and VPN sites in
the VPN instance.
Commit the
configuration.
commit -

8.2.4 Checking the Configuration
Prerequisites
The MCE configuration is complete.
Procedure
l Run the display ip vpn-instance vpn-instance-name command to check brief information
about a specified VPN instance.
l Run the display ip vpn-instance verbose vpn-instance-name command to check detailed
information about a specified VPN instance.
l Run the display ip vpn-instance import-vt ivt-value command to check information about
all the VPN instances with import VPN targets.
l Run the display ip vpn-instance [ vpn-instance-name ] interface command to check brief
information about the interface to which a specified VPN instance is bound.
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
415
l Run the display ip routing-table vpn-instance vpn-instance-name [ verbose ] command
to check the routing table on the MCE device. The routing table contains routes to the LAN
and remote sites for each service.
----End
8.3 Configuration Examples
This section provides an example for configuring an MCE device.
8.3.1 Example for Configuring an MCE Device
Networking Requirements
The headquarters and branch of a company need to communicate through MPLS VPN, and two
services of the company must be isolated. To reduce hardware costs, the company wants the
branch to connect to the PE device through one CE device.
As shown in Figure 8-5, the networking requirements are as follows:
l CE1 and CE2 connect to the headquarters. CE1 belongs to vpna, and CE2 belongs to vpnb.
l The MCE device connects to vpna and vpnb of the branch through SwitchA and SwitchB.
NOTE
In Figure 8-5, the CE6800 functions as the MCE.
Figure 8-5 MCE networking
Enterprise
headquarters
vpna
CE1
CE2
SwitchB
SwitchA
MCE
PE1
PE2
Loopback1
2.2.2.9./32
10GE1/0/1
VLANIF20
10.2.1.1/24
10GE1/0/3 10GE1/0/1
10GE1/0/2
VLANIF100
192.1.1.1/24
L
o
o
p
b
a
c
k
1

vpnb
10GE1/0/3
VLANIF60
10.3.1.2/24
10GE1/0/1
VLANIF60
10.3.1.1/24
10GE1/0/1
VLANIF70
10.4.1.1/24
10GE1/0/1
VLANIF10
10.1.1.1/24
IP/MPLS
Backbone
10GE1/0/4
VLANIF70
10.4.1.2/24
10GE1/0/2
VLANIF20
10.2.1.2/24
VLANIF30
172.1.1.1/24
VLANIF30
172.1.1.2/24
10GE1/0/1
VLANIF10
10.1.1.2/24
10GE1/0/1
VLANIF100
192.1.1.2/24
10GE1/0/2
VLANIF200
192.2.1.1/24
10GE1/0/1
VLANIF200
192.2.1.2/24
1
.
1
.
1
.
9
.
/
3
2
Enterprise
branch
vpna
Enterprise
branch
vpnb
192.168.1.0/24
192.168.2.0/24
Enterprise
headquarters
vpnb
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
416

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure OSPF between PE devices to implement interworking between them and
configure MP-IBGP to exchange VPN routes.
2. Enable basic MPLS capabilities and MPLS LDP on the PE devices to set up LDP LSPs.
3. Create VPN instances vpna and vpnb on the MCE and PE devices to isolate services.
4. Set up EBGP peer relationships between PE1 and local CE devices to exchange VPN routes.
5. Configure routing between MCE and sites and between MCE and PE2 to exchange VPN
routes.
Procedure
Step 1 Configure OSPF on PE1 and PE2 to implement interworking between them.
# Configure PE1.
<HUAWEI> system-view
[~HUAWEI] sysname PE1
[~HUAWEI] commit
[~PE1] interface loopback 1
[~PE1-LoopBack1] ip address 1.1.1.9 32
[~PE1-LoopBack1] quit
[~PE1] vlan batch 30
[~PE1] interface 10ge 1/0/3
[~PE1-10GE1/0/3] port link-type trunk
[~PE1-10GE1/0/3] port trunk allow-pass vlan 30
[~PE1-10GE1/0/3] quit
[~PE1] interface vlanif 30
[~PE1-Vlanif30] ip address 172.1.1.1 24
[~PE1-Vlanif30] quit
[~PE1] ospf
[~PE1-ospf-1] area 0
[~PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[~PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[~PE1-ospf-1-area-0.0.0.0] quit
[~PE1-ospf-1] quit
[~PE1] commit
The configuration of PE2 is the same as the configuration of PE1.
After the configuration is complete, PE1 and PE2 can learn the route to Loopback1 of each other.
Take the display on PE2 as an example:
[~PE2] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : _public_
Destinations : 9 Routes : 9
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.9/32 OSPF 10 1 D 172.1.1.1 Vlanif30
2.2.2.9/32 Direct 0 0 D 127.0.0.1 LoopBack1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.1.1.0/24 Direct 0 0 D 172.1.1.2 Vlanif30
172.1.1.2/32 Direct 0 0 D 172.1.1.1 Vlanif30
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
417
172.1.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif30
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Step 2 Enable basic MPLS capabilities and MPLS LDP on the PE devices to set up LDP LSPs between
them.
# Configure PE1.
[~PE1] mpls lsr-id 1.1.1.9
[~PE1] mpls
[~PE1-mpls] quit
[~PE1] mpls ldp
[~PE1-mpls-ldp] quit
[~PE1] interface vlanif 30
[~PE1-Vlanif30] mpls
[~PE1-Vlanif30] mpls ldp
[~PE1-Vlanif30] quit
[~PE1] commit
The configuration of PE2 is the same as the configuration of PE1.
After the configuration is complete, run the display mpls ldp session command on the PE
devices. You can see that the MPLS LDP session between the PE devices is in Operational state.
Take the display on PE2 as an example:
[~PE2] display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
1.1.1.9:0 Operational DU Active 0000:00:04 17/17
------------------------------------------------------------------------------
TOTAL: 1 session(s) Found.
Step 3 Configure VPN instances on the PE devices. On PE1, bind the VPN instances to the interfaces
connected to CE1 and CE2 respectively. On PE2, bind the VPN instances to the interfaces
connected to the MCE device.
# Configure PE1.
[~PE1] vlan batch 10 20
[~PE1] interface 10ge 1/0/1
[~PE1-10GE1/0/1] port link-type trunk
[~PE1-10GE1/0/1] port trunk allow-pass vlan 10
[~PE1-10GE1/0/1] quit
[~PE1] interface 10ge 1/0/2
[~PE1-10GE1/0/2] port link-type trunk
[~PE1-10GE1/0/2] port trunk allow-pass vlan 20
[~PE1-10GE1/0/2] quit
[~PE1] commit
[~PE1] ip vpn-instance vpna
[~PE1-vpn-instance-vpna] ipv4-family
[~PE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
[~PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[~PE1-vpn-instance-vpna-af-ipv4] quit
[~PE1-vpn-instance-vpna] quit
[~PE1] ip vpn-instance vpnb
[~PE1-vpn-instance-vpnb] ipv4-family
[~PE1-vpn-instance-vpnb-af-ipv4] route-distinguisher 100:2
[~PE1-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both
[~PE1-vpn-instance-vpnb-af-ipv4] quit
[~PE1-vpn-instance-vpnb] quit
[~PE1] interface vlanif 10
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
418
[~PE1-Vlanif10] ip binding vpn-instance vpna
[~PE1-Vlanif10] ip address 10.1.1.2 24
[~PE1-Vlanif10] quit
[~PE1] interface vlanif 20
[~PE1-Vlanif20] ip binding vpn-instance vpnb
[~PE1-Vlanif20] ip address 10.2.1.2 24
[~PE1-Vlanif20] quit
[~PE1] commit
# Configure PE2.
[~PE2] vlan batch 100 200
[~PE2] interface 10ge 1/0/2
[~PE2-10GE1/0/2] port link-type trunk
[~PE2-10GE1/0/2] port trunk allow-pass vlan 100 200
[~PE2-10GE1/0/2] quit
[~PE2] commit
[~PE2] ip vpn-instance vpna
[~PE2-vpn-instance-vpna] ipv4-family
[~PE2-vpn-instance-vpna-af-ipv4] route-distinguisher 200:1
[~PE2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[~PE2-vpn-instance-vpna-af-ipv4] quit
[~PE2-vpn-instance-vpna] quit
[~PE2] ip vpn-instance vpnb
[~PE2-vpn-instance-vpnb] ipv4-family
[~PE2-vpn-instance-vpnb-af-ipv4] route-distinguisher 200:2
[~PE2-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both
[~PE2-vpn-instance-vpnb-af-ipv4] quit
[~PE2-vpn-instance-vpnb] quit
[~PE2] interface vlanif 100
[~PE2-Vlanif100] ip binding vpn-instance vpna
[~PE2-Vlanif100] ip address 192.1.1.1 24
[~PE2-Vlanif100] quit
[~PE2]interface vlanif 200
[~PE2-Vlanif200] ip binding vpn-instance vpnb
[~PE2-Vlanif200] ip address 192.2.1.1 24
[~PE2-Vlanif200] quit
[~PE2] commit
Step 4 Configure VPN instances on the MCE device and bind the instances to the interfaces connected
to SwitchA and SwitchB respectively.
<HUAWEI> system-view
[~HUAWEI] sysname MCE
[~HUAWEI] commit
[~MCE] vlan batch 60 70 100 200
[~MCE] interface 10ge 1/0/1
[~MCE-10GE1/0/1] port link-type trunk
[~MCE-10GE1/0/1] port trunk allow-pass vlan 100 200
[~MCE-10GE1/0/1] quit
[~MCE] interface 10ge 1/0/3
[~MCE-10GE1/0/3] port link-type trunk
[~MCE-10GE1/0/3] port trunk allow-pass vlan 60
[~MCE-10GE1/0/3] quit
[~MCE] interface 10ge 1/0/4
[~MCE-10GE1/0/4] port link-type trunk
[~MCE-10GE1/0/4] port trunk allow-pass vlan 70
[~MCE-10GE1/0/4] quit
[~MCE] commit
[~MCE] ip vpn-instance vpna
[~MCE-vpn-instance-vpna] ipv4-family
[~MCE-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
[~MCE-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[~MCE-vpn-instance-vpna-af-ipv4] quit
[~MCE-vpn-instance-vpna] quit
[~MCE] ip vpn-instance vpnb
[~MCE-vpn-instance-vpnb] ipv4-family
[~MCE-vpn-instance-vpnb-af-ipv4] route-distinguisher 100:2
[~MCE-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
419
[~MCE-vpn-instance-vpnb-af-ipv4] quit
[~MCE-vpn-instance-vpnb] quit
[~MCE] interface vlanif 60
[~MCE-Vlanif60] ip binding vpn-instance vpna
[~MCE-Vlanif60] ip address 10.3.1.2 24
[~MCE-Vlanif60] quit
[~MCE] interface vlanif 70
[~MCE-Vlanif70] ip binding vpn-instance vpnb
[~MCE-Vlanif70] ip address 10.4.1.2 24
[~MCE-Vlanif70] quit
[~MCE] interface vlanif 100
[~MCE-Vlanif100] ip binding vpn-instance vpna
[~MCE-Vlanif100] ip address 192.1.1.2 24
[~MCE-Vlanif100] quit
[~MCE] interface vlanif 200
[~MCE-Vlanif200] ip binding vpn-instance vpnb
[~MCE-Vlanif200] ip address 192.2.1.2 24
[~MCE-Vlanif200] quit
[~MCE] commit
Step 5 Set up an MP-IBGP peer relationship between PE1 and PE2. Set up an EBGP peer relationship
between PE1 and CE1, and between PE1 and CE2.
The configuration details are not mentioned here.
After the configuration is complete, run the display bgp vpnv4 all peer command on PE1. The
command output shows that the PE1 has set up an IBGP peer relationship with PE2 and EBGP
peer relationships with CE1 and CE2. All the peer relationships are in Established state.
[~PE1] display bgp vpnv4 all peer
BGP local router ID : 1.1.1.9
Local AS number : 100
Total number of peers : 3 Peers in established state : 3
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
2.2.2.9 4 100 288 287 0 01:19:16 Established 6
Peer of IPv4-family for vpn instance :
VPN-Instance vpna, router ID 1.1.1.9:
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
10.1.1.1 4 65410 9 11 0 00:04:14 Established 2
VPN-Instance vpnb, router ID 1.1.1.9:
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
10.2.1.1 4 65420 9 12 0 00:04:09 Established 2
Step 6 Configure routing between the MCE device and VPN sites.
The MCE device directly connects to vpna, and no routing protocol is used in vpna. Configure
static routes to implement communication between the MCE device and vpna.
l # Configure SwitchA.
Assign IP address 192.168.1.1/24 to the interface connected to vpna. The configuration is
not provided here.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[~HUAWEI] commit
[~SwitchA] vlan batch 60
[~SwitchA] interface 10ge 1/0/1
[~SwitchA-10GE1/0/1] port link-type trunk
[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 60
[~SwitchA-10GE1/0/1] quit
[~SwitchA]interface vlanif 60
[~SwitchA-Vlanif60]ip address 10.3.1.1 24
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
420
[~SwitchA-Vlanif60] quit
[~SwitchA]ip route-static 0.0.0.0 0.0.0.0 10.3.1.2
[~SwitchA] commit
l # Configure the MCE device.
[~MCE] ip route-static vpn-instance vpna 192.168.1.0 24 10.3.1.1
[~MCE] commit
l # Check the routes of vpna on the MCE device.
[~MCE] display ip routing-table vpn-instance vpna
Route Flags: R - relay, D - download to
fib
------------------------------------------------------------------------------
Routing Tables:
vpna
Destinations : 5 Routes :
5

Destination/Mask Proto Pre Cost Flags NextHop
Interface

10.3.1.0/24 Direct 0 0 D 10.3.1.2
Vlanif60
10.3.1.2/32 Direct 0 0 D 127.0.0.1
Vlanif60
10.3.1.255/32 Direct 0 0 D 127.0.0.1
Vlanif60
192.168.1.0/24 Static 60 0 RD 10.3.1.1
Vlanif60
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
The preceding information shows that the MCE device has a static route to vpna.
The RIP protocol runs in vpnb. Configure RIP process 200 on the MCE device and bind it to
vpnb so that routes learned by RIP are added to the routing table of vpnb.
l # Configure the MCE device.
[~MCE] rip 200 vpn-instance vpnb
[~MCE-rip-200] version 2
[~MCE-rip-200] network 10.0.0.0
[~MCE-rip-200] import-route ospf 200
[~MCE-rip-200] quit
[~MCE] commit
l # Configure SwitchB.
Assign IP address 192.168.2.1/24 to the interface connected to vpnb. The configuration is
not provided here.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchB
[~HUAWEI] commit
[~SwitchB] vlan batch 70
[~SwitchB] interface 10ge 1/0/1
[~SwitchB-10GE1/0/1] port link-type trunk
[~SwitchB-10GE1/0/1] port trunk allow-pass vlan 70
[~SwitchB-10GE1/0/1] quit
[~SwitchB]interface vlanif 70
[~SwitchB-Vlanif70]ip address 10.4.1.1 24
[~SwitchB-Vlanif70] quit
[~SwitchB] rip 200
[~SwitchB-rip-200] version 2
[~SwitchB-rip-200] network 10.0.0.0
[~SwitchB-rip-200] network 192.168.2.0
[~SwitchB-rip-200] quit
[~SwitchB]commit
l # Check the routes of vpnb on the MCE device.
[~MCE] display ip routing-table vpn-instance vpnb
Route Flags: R - relay, D - download to
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
421
fib
------------------------------------------------------------------------------
Routing Tables:
vpnb
Destinations : 5 Routes :
5

Destination/Mask Proto Pre Cost Flags NextHop
Interface

10.4.1.0/24 Direct 0 0 D 10.4.1.2
Vlanif70
10.4.1.2/32 Direct 0 0 D 127.0.0.1
Vlanif70
10.4.1.255/32 Direct 0 0 D 127.0.0.1
Vlanif70
192.168.2.0/24 RIP 100 1 D 10.4.1.1
Vlanif70
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
The preceding information shows that the MCE device has learned the route to vpnb through
RIP. The route to vpnb and the route to vpna (192.168.1.0) are maintained in different VPN
routing tables so that users in the two VPNs are isolated from each other.
Step 7 Configure OSPF multi-instance between the MCE device and PE2.
# Configure PE2.
NOTE
To configure OSPF multi-instance between the MCE device and PE2, complete the following tasks on
PE2:
l In the OSPF view, import BGP routes and advertise VPN routes of PE1 to the MCE device.
l In the BGP view, import routes of the OSPF processes and advertise the VPN routes of the MCE device
to PE1.
[~PE2] ospf 100 vpn-instance vpna
[~PE2-ospf-100] import-route bgp
[~PE2-ospf-100] area 0
[~PE2-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255
[~PE2-ospf-100-area-0.0.0.0] quit
[~PE2-ospf-100] quit
[~PE2] ospf 200 vpn-instance vpnb
[~PE2-ospf-200] import-route bgp
[~PE2-ospf-200] area 0
[~PE2-ospf-200-area-0.0.0.0] network 192.2.1.0 0.0.0.255
[~PE2-ospf-200-area-0.0.0.0] quit
[~PE2-ospf-200] quit
[~PE2] commit
[~PE2] bgp 100
[~PE2-bgp] ipv4-family vpn-instance vpna
[~PE2-bgp-vpna] import-route ospf 100
[~PE2-bgp-vpna] quit
[~PE2-bgp] ipv4-family vpn-instance vpnb
[~PE2-bgp-vpnb] import-route ospf 200
[~PE2-bgp-vpnb] quit
[~PE2] commit
# Configure the MCE device.
NOTE
Import VPN routes to the OSPF processes.
[~MCE] ospf 100 vpn-instance vpna
[~MCE-ospf-100] import-route static
[~MCE-ospf-100] vpn-instance-capability simple
[~MCE-ospf-100] area 0
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
422
[~MCE-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255
[~MCE-ospf-100-area-0.0.0.0] quit
[~MCE-ospf-100] quit
[~MCE] ospf 200 vpn-instance vpnb
[~MCE-ospf-200] import-route rip 200
[~MCE-ospf-200] vpn-instance-capability simple
[~MCE-ospf-200] area 0
[~MCE-ospf-200-area-0.0.0.0] network 192.2.1.0 0.0.0.255
[~MCE-ospf-200-area-0.0.0.0] quit
[~MCE-ospf-200] quit
[~MCE] commit
Step 8 Verify the configuration.
After the configuration is complete, run the display ip routing-table vpn-instance command
on the MCE device to view the routes to the remote CE devices.
Take the routing table of vpna as an example:
[~MCE] display ip routing-table vpn-instance vpna
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpna
Destinations : 9 Routes : 9

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.1.1.0/24 O_ASE 150 1 D 10.3.1.3 Vlanif60
10.3.1.0/24 Direct 0 0 D 10.3.1.2 Vlanif60
10.3.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif60
10.3.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif60
192.1.1.0/24 Direct 0 0 D 192.1.1.2 Vlanif100
192.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif100
192.1.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif100
192.168.1.0/24 Static 60 0 RD 10.3.1.1 Vlanif60
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Run the display ip routing-table vpn-instance command on the PE devices to view the routes
to the remote CE devices.
Take the VPN routing table of vpna on PE as an example:
[~PE1] display ip routing-table vpn-instance vpna
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpna
Destinations : 7 Routes : 7

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.1.1.0/24 Direct 0 0 D 10.1.1.2 Vlanif10
10.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif10
10.1.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif10
10.3.1.0/24 IBGP 255 0 RD 2.2.2.9 Vlanif30
192.168.1.0/24 IBGP 255 2 RD 2.2.2.9 Vlanif30
192.1.1.0/24 IBGP 255 0 RD 2.2.2.9 Vlanif30
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
CE1 and SwitchA can communicate with each other. CE2 and SwitchB can communicate with
each other.
Take the ping from CE1 to SwitchA as an example:
[~CE1] ping 10.3.1.1
PING 10.3.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.3.1.1: bytes=56 Sequence=1 ttl=252 time=3 ms
Reply from 10.3.1.1: bytes=56 Sequence=2 ttl=252 time=3 ms
Reply from 10.3.1.1: bytes=56 Sequence=3 ttl=252 time=3 ms
Reply from 10.3.1.1: bytes=56 Sequence=4 ttl=252 time=3 ms
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
423
Reply from 10.3.1.1: bytes=56 Sequence=5 ttl=252 time=11 ms

--- 10.3.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/4/11 ms
CE1 cannot ping CE2 or SwitchB. SwitchA cannot ping CE2 or SwitchB.
Take the ping from CE1 to SwitchB as an example:
[~CE1] ping 10.4.1.1
PING 10.4.1.1: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 10.4.1.1 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
bgp 65410
peer 10.1.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 10.1.1.2 enable
#
return
l Configuration file of CE2
#
sysname CE2
#
vlan batch 20
#
interface Vlanif20
ip address 10.2.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
bgp 65420
peer 10.2.1.2 as-number 100
#
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
424
ipv4-family unicast
undo synchronization
import-route direct
peer 10.2.1.2 enable
#
return
l Configuration file of PE1
#
sysname PE1
#
vlan batch 10 20 30
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 100:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb
ipv4-family
route-distinguisher 100:2
vpn-target 222:2 export-extcommunity
vpn-target 222:2 import-extcommunity
#
mpls lsr-id 1.1.1.9
#
mpls
#
mpls ldp
#
interface Vlanif10
ip binding vpn-instance vpna
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif20
ip binding vpn-instance vpnb
ip address 10.2.1.2 255.255.255.0
#
interface Vlanif30
ip address 172.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface 10GE1/0/3
port link-type trunk
port trunk allow-pass vlan 30
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.9 enable
#
ipv4-family vpnv4
policy vpn-target
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
425
peer 2.2.2.9 enable
#
ipv4-family vpn-instance vpna
peer 10.1.1.1 as-number 65410
import-route direct
#
ipv4-family vpn-instance vpnb
peer 10.2.1.1 as-number 65420
import-route direct
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 172.1.1.0 0.0.0.255
#
return
l Configuration file of PE2
#
sysname PE2
#
vlan batch 30 100 200
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 200:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb
ipv4-family
route-distinguisher 200:2
vpn-target 222:2 export-extcommunity
vpn-target 222:2 import-extcommunity
#
mpls lsr-id 2.2.2.9
#
mpls
#
mpls ldp
#
interface Vlanif30
ip address 172.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface
Vlanif100
ip binding vpn-instance
vpna
ip address 192.1.1.1
255.255.255.0
#
interface
Vlanif200
ip binding vpn-instance
vpnb
ip address 192.2.1.1
255.255.255.0
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
interface 10GE1/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface 10GE1/0/2
port link-type
trunk
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
426
port trunk allow-pass vlan 100 200
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpna
import-route ospf 100
#
ipv4-family vpn-instance vpnb
import-route ospf 200
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 172.1.1.0 0.0.0.255
#
ospf 100 vpn-instance vpna
import-route bgp
area 0.0.0.0
network 192.1.1.0 0.0.0.255
#
ospf 200 vpn-instance vpnb
import-route bgp
area 0.0.0.0
network 192.2.1.0 0.0.0.255
#
return
l Configuration file of the MCE device
#
sysname MCE
#
vlan batch 60 70 100 200
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 100:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb
ipv4-family
route-distinguisher 100:2
vpn-target 222:2 export-extcommunity
vpn-target 222:2 import-extcommunity
#
interface Vlanif60
ip binding vpn-instance vpna
ip address 10.3.1.2 255.255.255.0
#
interface Vlanif70
ip binding vpn-instance vpnb
ip address 10.4.1.2 255.255.255.0
#
interface Vlanif100
ip binding vpn-instance vpna
ip address 192.1.1.2 255.255.255.0
#
interface Vlanif200
ip binding vpn-instance vpnb
ip address 192.2.1.2 255.255.255.0
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
427
#
interface 10GE1/0/1
port link-type
trunk
port trunk allow-pass vlan 100 200
#
interface 10GE1/0/3
port link-type
trunk
port trunk allow-pass vlan 60
#
interface 10GE1/0/4
port link-type
trunk
port trunk allow-pass vlan 70
#
ospf 100 vpn-instance vpna
import-route static
vpn-instance-capability simple
area 0.0.0.0
network 192.1.1.0 0.0.0.255
#
ospf 200 vpn-instance vpnb
import-route rip 200
vpn-instance-capability simple
area 0.0.0.0
network 192.2.1.0 0.0.0.255
#
rip 200 vpn-instance vpnb
version 2
network 10.0.0.0
import-route ospf 200
#
ip route-static vpn-instance vpna 192.168.1.0 255.255.255.0 10.3.1.1
#
return
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 60
#
interface Vlanif60
ip address 10.3.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type
trunk
port trunk allow-pass vlan 60
#
ip route-static 0.0.0.0 0.0.0.0 10.3.1.2
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 70
#
interface Vlanif70
ip address 10.4.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type
trunk
port trunk allow-pass vlan 70
#
rip
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
428
200
version
2
network
10.0.0.0
network
192.168.2.0
#
return
CloudEngine 6800&5800 Series Switches
Configuration Guide - IP Routing 8 MCE Configuration
Issue 04 (2013-07-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
429

You might also like