Professional Documents
Culture Documents
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
HCIE-R&S
Huawei Certification
en
m/
co
HCIE-R&S
.
ei
Huawei Certified Internetwork Expert-Enterprise
w
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
HUAWEI TECHNOLOGIES
HCIE
en
means without prior written consent of Huawei Technologies Co., Ltd.
m/
Trademarks and Permissions
. co
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
ei
All other trademarks and trade names mentioned in this document are the property of
w
their respective holders.
ua
Notice
g .h
The information in this document is subject to change without notice. Every effort
in
has been made in the preparation of this document to ensure accuracy of the contents,
but all statements, information, and recommendations in this document do not
rn
constitute the warranty of any kind, expressed or implied.
ea
/l
:/
tp
Huawei Certification
ht
HCIE-R&S
s:
HUAWEI TECHNOLOGIES
HCIE-R&S
en
Huawei Certification System
m/
co
Relying on its strong technical and professional training system, in accordance with
different customers at different levels of ICT technology, Huawei certification is
.
ei
committed to provide customs with authentic, professional certification.
w
Based on characteristics of ICT technologies and customers’needs at different levels,
ua
Huawei certification provides customers with certification system of four levels.
.h
HCDA (Huawei Certification Datacom Associate) is primary for IP network
g
maintenance engineers, and any others who want to build an understanding of the IP
in
network. HCDA certification covers the TCP/IP basics, routing, switching and other
common foundational knowledge of IP networks, together with Huawei
rn
communications products, versatile routing platform VRP characteristics and basic
maintenance.
ea
/l
HCDP-Enterprise (Huawei Certification Datacom Professional-Enterprise) is aimed at
enterprise-class network maintenance engineers, network design engineers, and any
:/
others who want to grasp in depth routing, switching, network adjustment and
tp
HUAWEI TECHNOLOGIES
Mo
re
HCIE
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
HUAWEI TECHNOLOGIES
/l
ea
rn
in
g.h
ua
w ei
. co
m/
en
HCIE-R&S
en
Referenced icon
m/
co
.
w ei
ua
.h
Router L3 Switch L2 Switch Firewall Net cloud
g
in
rn
Ethernet line
ea Serial line
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
HUAWEI TECHNOLOGIES
HCIE
CONTENTS
en
m/
RIP ..................................................................................................................................................... 7
co
IS-IS.................................................................................................................................................. 59
.
ei
OSPF .............................................................................................................................................. 123
w
BGP BASICS .................................................................................................................................... 196
ua
.h
BGP ADVANCED AND INTERNET DESIGN ........................................................................................ 266
g
ROUTE IMPORT AND CONTROL ...................................................................................................... 334
in
rn
VLAN .............................................................................................................................................. 393
ea
LAN LAYER 2 TECHNOLOGIES ......................................................................................................... 448
/l
WAN LAYER 2 TECHNOLOGIES........................................................................................................ 496
:/
HUAWEI TECHNOLOGIES
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
m/
RIP is a UDP-based routing protocol. A RIP packet excluding
an IP header has at most 512 bytes, which includes a 4-byte
co
RIP header, and each route includes a 20-byte, the maxium
message of RIP is 4+(25*20)=504-byte routing entries, and an
.
8-byte UDP header. A RIPv1 packet does not carry mask
ei
information. RIPv1 send and receive routes based on the main
w
class network segment mask and interface address mask.
ua
Therefore, RIPv1 does not support route summarization or
discontinuous subnets. RIPv1 packets do not carry the
.h
authentication field, and so RIPv1 does not support
authentication.
g
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
except that RIPv2 uses some new and unused fields in RIPv1
to provide extended functions.
The meaning of the new fields is as follows:
s:
m/
address on a broadcast network.
Multicasts route updates. Only RIPv2-running devices can
co
receive protocol packets, reducing resource consumption.
Supports packet authentication to enhance security.
.
ei
On a broadcast network with more than two devices, the Next Hop field
w
changes to optimize the path.
ua
In MD5 authentication, the AND operation is performed on route entries
.h
and shared key. A router then sends the AND operation results and
route entries to the neighbor.
g
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
does not receive the update of a route from its neighbor within
ce
table.
Relationship between three timers:
ar
Each routing entry has two timers: aging timer and garbage-
collect timer. When a route is learned and added to the routing
table, the aging timer starts. If a RIP device does not receive
re
the update of the route from a neighbor when the aging timer
Mo
m/
unreachable route from the neighbor when the garbage-collect
timer expires, the device deletes the route from the routing
co
table.
.
Precautions
ei
If a RIP device does not have the triggered update function, it
w
deletes an unreachable route from the routing table after a
ua
maximum of 300 seconds (aging time plus garbage-collect
time).
.h
If a RIP device has the triggered update function, it deletes an
unreachable route from the routing table after a maximum of
g
120 seconds (the garbage-collect time).
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Split horizon
RIP uses split horizon to reduce bandwidth consumption and
ht
Implementation
s:
one direct route with zero hops and the other route with two
hops and R2 as the next hop.
so
However, only the direct route is active in the RIP routing table
of R1. When the route from R1 to network 10.0.0.0/8 becomes
Re
routing loop.
Precautions
Split horizon is disabled on NBMA networks by default.
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Implementation
s:
Precautions
Poison reverse is disabled by default. Generally, split horizon
Re
Triggered update
Triggered update can shorten the network convergence time.
ht
Implementation
Re
Route summarization
RIPv2 supports route summarization. Because RIPv2 packets
ht
automatic summarization.
Interface-based summarization can implement manual
ur
summarization.
If the routes to be summarized carry tags, the tags are deleted
so
Case
Two routes: route 10.1.0.0/16 (metric=10) and route
ng
routing entries.
Age routing entries: The router starts a 180-second timer for its
so
update of the route after 120 seconds, it deletes the route from
the routing table.
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
In this case, R1, R2, and R3 reside on network 192.168.1.0/24;
ht
of routes.
ce
Remarks
ur
Command usage
The rip metricin command increases the metric of a received
ht
route. After the route is added to the routing table, the metric of
the route is changed. Running this command affects route
selection of the local device and other devices.
s:
View
Re
Interface view
Parameters
ng
is case-sensitive.
Mo
m/
filtering of an ACL or IP prefix list.
co
Precautions
You can specify value1 to increase the metric of the advertised
.
RIP route that passes the filtering of an ACL or IP prefix list. If
ei
a RIP route does not pass the filtering, its metric is increased
w
by 1.
ua
Running the rip metricin/metricout commands will affect
route selection of other devices.
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
The topology in this case is the same as that in the previous
ht
Command usage
The silent-interface command suppresses an interface to
ht
View
silent-interface: RIP view
Re
Parameters
ng
Precautions
After all the interfaces are suppressed, one of the interfaces
Le
activated.
Mo
en
Configuration verification
m/
The display ip routing-table command output shows that: R3
can receive the update of route 172.16.0.0/24 from R5 but not
co
R4 and can receive the update of route 10.0.0.0/24 from R1
but not R2.
.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
The topology in this case is the same as that in the previous
ht
Command usage
The filter-policy { acl-number | acl-name acl-name } import
ht
View
filter-policy { acl-number | acl-name acl-name | ip-prefix ip-
ur
Parameters
Re
advertising gateway.
Mo
en
Configuration verification
m/
Run the filter-policy gateway command to filter routes from a
specified neighbor. In this case, routes from R4 are filtered on
co
R3.
.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
To reduce routing entries, Company A decides to summarize
ht
Command usage
summary [ always ]: When the class summarization is enable,
ht
routing loops.
ni
View
summary [ always ]: RIP view
ar
Parameters
summary [ always ]
re
m/
network boundary with no always, split horizon or poison
reverse must be disabled in corresponding views.
co
rip summary-address ip-address mask [ avoid-feedback ]
ip-address: specifies a summary IP address.
.
mask: specifies a network mask.
ei
avoid-feedback: avoids learning the summary route to
w
the advertised summary IP address from the interface.
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
In this case, R1 and R2 connect over network 192.168.1.0/24.
ht
Command usage
timers rip update age garbage-collect: adjusts a timer.
ht
View
Re
Parameters
ar
updates.
age: specifies the route aging time.
garbage-collect: specifies the interval at which an
re
m/
If the three timers are configured incorrectly, routes become
unstable. The update time must be shorter than the aging time.
co
For example, if the update time is longer than the aging time, a
RIP router cannot notify route updates to neighbors within the
.
update time. In applications, the timeout period of the garbage-
ei
collect timer is not fixed. When the update timer is set to 30
w
seconds, the garbage-collect timer may range from 90 to 120
ua
seconds. The reason is as follows: Before the RIP router
deletes an unreachable route from the routing table, it sends
.h
Update packets four times to advertise the route and sets the
metric of the route is set to 16. Subsequently, all the neighbors
g
learn that the route is unreachable. Because a route may
in
become unreachable anytime within an update period, the
rn
garbage-collect timer is 3 to 4 times the update timer.
Assume that the Identification field (a field in an IP header) of
ea
the last RIP packet sent before a RIP interface goes Down is X.
After the interface becomes Up, the Identification file of the
/l
RIP packet sent again becomes 0, and subsequent RIP
packets are discarded until a RIP packet with the Identification
:/
field as X+1 is received. This, however, causes asynchronous
and lost RIP routing information between two ends. To
tp
packet by 1.
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
4. Check whether versions of the RIP packets sent by the peer end
and received by the local end match. By default, an interface sends
so
only RIPv1 packets but can receive RIPv1 and RIPv2 packets.
When an inbound interface receives RIP packets of a different
Re
authentication modes.
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
network address.
ce
2. Check whether versions of the RIP packets sent by the peer end
and received by the local end match. By default, an interface sends
ur
only RIPv1 packets but can receive RIPv1 and RIPv2 packets.
When an inbound interface receives RIP packets of a different
so
Case description
In this case, R1 connects to R2 through a frame relay network.
ht
Analysis process
In the pre-configurations of R1 and R2, the frame relay
ht
Results
Generally, the peer command makes the routers send the
ht
be sent.
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Results
The display rip route command displays the RIP routes
ht
learned from other routers and values of timers for routes. The
Tag field indicates whether a RIP route is an internal or
external route. The default value is 0. The Flags field indicates
s:
started.
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Results
After the avoid-feedback keyword is specified, the local
ht
Case description
In this topology, R1, R2, and R3 connect to the same
ht
Analysis process
In requirements 1 and 3, R1 is taken as an example. The
ht
172.16.X.0/24.
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Results
RIP authentication command can only be configured on an
ht
Parameters
ur
rip authentication-
mode { simple password | md5 { nonstandard { password-
so
private standards).
en
password-key2: indicates the cipher-text authentication
m/
keyword.
co
Precautions
Only one authentication password is used for each
.
authentication. If multiple authentication passwords are
ei
configured, only the latest one takes effect. The authentication
w
password does not contain spaces.
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Results
Only an ACL can be used but an IP prefix list cannot be used,
ht
When defined ACLs make sure use the wild-mask. In this case,
need focus on the bits of wild-mask is 0, and the other bits is 1.
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Results
RIPv2 multicasts Update packets by default. You can run the
ht
IS-IS Overview
IS-IS is a dynamic routing protocol designed by the
ht
IS-IS Terms
Connectionless network service (CLNS)
so
is similar to an IP address.
Note for Integrated IS-IS
Integrated IS-IS applies to TCP/IP and OSI environments.
re
Topology Introduction
The figure shows a network that runs IS-IS. The network
so
backbone area.
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Level-1 Router
A Level-1 router manages intra-area routing. It establishes
ht
Level-2 Router
A Level-2 router manages inter-area routing. It can
Re
m/
Level-2 and Level-1-2 routers in the same area or the other
areas.
co
A Level-1 router connects to other areas through a Level-1-
2 router.
.
A Level-1-2 router maintains a Level-1 LSDB for intra-area
ei
routing and a Level-2 LSDB for inter-area routing.
w
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
DIS
In a broadcast network, IS-IS needs to elect a designated
ce
as the DIS.
You can set different DIS priorities for electing DISs of
ng
different levels.
A router whose DIS priority is 0 can also participate in a
ni
on the network.
Mo
en
Pseudonode
m/
A pseudonode is used to simulate a virtual node in the
broadcast network. It is not a real router. In IS-IS, a
co
pseudonode is identified by the system ID of the DIS and
the 1-byte Circuit ID (its value is not 0). The use of
.
pseudonodes simplifies the network topology.
ei
When the network changes, the number of generated LSPs
w
is reduced, and the SPF calculation consumes fewer
ua
resources.
.h
Differences Between DIS in IS-IS and designated router (DR)/backup
designated router (BDR) in OSPF
g
In an IS-IS broadcast network, a router whose priority is 0
in
also takes part in DIS election. In an OSPF network, a
rn
router whose priority is 0 does not take part in DR election.
In an IS-IS broadcast network, when a new router that
ea
meets the requirements of being a DIS connects to the
network, the router is elected as the new DIS, and the
/l
previous pseudonode is deleted. This causes a new
flooding of LSPs. In an OSPF network, when a new router
:/
connects to the network, it is not immediately elected as the
tp
NSAP
An NSAP consists of the initial domain part (IDP) and domain
ht
specific part (DSP). The lengths of the IDP and DSP are variable.
The maximum length of the NSAP is 20 bytes and its minimum
length is 8 bytes.
s:
by the ISO and consists of the authority and format identifier (AFI)
and initial domain identifier (IDI). The AFI indicates the address
ur
type.
The area address (area ID) consists of the IDP and the HODSP of
ni
Routers in the same Level-1 area must have the same area
address, while routers belong to the Level-2 area can have
Le
m/
An NET indicates network layer information about a device. An
NET can be regarded as a special NSAP (SEL is 00). The NET
co
length is the same as the NSAP length. Its maximum length is 20
bytes and minimum length is 8 bytes. When configuring IS-IS on a
.
router, you only need to consider an NET but not an NSAP.
ei
A maximum of three NETs can be configured during IS-IS
w
configuration. When configuring multiple NETs, ensure that their
ua
system IDs are the same.
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
LAN ID fields, but has a Local Circuit ID field. The Priority field
ce
m/
An SNP contains summary information of the LSDB and is used
to maintain LSDB integrity and synchronization.
co
Complete SNPs (CSNPs) carry summaries of all LSPs in LSDBs,
ensuring LSDB synchronization between neighboring routers. In a
.
broadcast network, the DIS periodically sends CSNPs. The
ei
default interval for sending CSNPs is 10 seconds. On a P2P link,
w
CSNPs are sent only when the neighbor relationship is
ua
established for the first time.
Partial SNPs (PSNPs) carry summaries of LSPs in some LSDBs,
.h
and are used to request and acknowledge LSPs.
Initial Packet Structure of an IS-IS PDU
g
Intra domain routing protocol discriminator
in
• This field has a fixed value of 0x83 in all IS-IS PDUs.
•
rn
PDU header length indicator
• It identifies the length of the fixed header field.
ea
• Version/protocol ID extension
• It has a fixed value of 1.
• System ID length
/l
• It indicates the system ID length and has a fixed
:/
value of 6 bytes.
• PDU type
tp
Version
• It has a fixed value of 1.
• Reserve
s:
Circuit type
Re
Holding time
• It indicates the interval for the peer router to wait for
ar
PDU length
• It indicates the PDU length.
Local circuit ID
re
m/
• It indicates the area address of the originating router.
IP interface address TLV
co
• It indicates the interface address or IP address of the
router that sends the PDU.
.
Protocol supported TLV
ei
• It indicates protocol types supported by the
w
originating router, such as IP, CLNP, and IPv6.
ua
Restart option TLV
• It is used for graceful restart.
.h
Point-to-point adjacency state TLV
• It indicates that three-way handshake is supported.
g
Multi topology TLV
in
• It indicates that multi-topology is supported.
rn
Padding TLV
• It indicates that IIH padding is supported.
ea
LSP
PDU length
Remaining lifetime
/l
• It indicates the PDU length.
:/
• It indicates the time before an LSP expires
LSP ID
tp
number.
• The value 0000.0000.0001.00-00 indicates a
common LSP.
s:
Sequence number
• It indicates the sequence number of the LSP. The
so
this feature.
Le
ATT bit
• It indicates that the originating router is connected to
one or multiple areas.
re
OL bit
• It identifies the overload state.
Mo
IS type
• It indicates the router type.
en
Protocol supported TLV
m/
• It indicates protocol types supported by the
originating router, such as IP, CLNP, and IPv6.
co
Area address TLV
• It indicates the area address of the originating router.
.
IS reachability TLV
ei
• It is used to list neighbors of the originating router.
w
IP interface address TLV
ua
• It indicates the interface address or IP address of the
router that sends the PDU.
.h
IP internal reachability TLV
• It indicates that the IP address is internally reachable.
g
• It is used to advertise the IP address and related
in
mask information of the area that directly connects to
rn
the router that sends the LSP. A pseudonode LSP
does not contain this TLV.
ea
CSNP and PSNP
PDU length
/l
• It indicates the PDU length.
Source-ID
:/
• It indicates the system ID of the originating router.
Start LSP-ID
tp
• LSP entries
LSP summary information
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
in different areas.
ce
IP addresses.
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
neighbor relationships. LAN IIHs are classified into Level-1 LAN IIHs
(with the multicast MAC address 01-80-C2-00-00-14) and Level-2 LAN
ur
on a broadcast link.
ni
m/
After the neighbor relationship is established, routers wait for two
intervals before sending Hello PDUs to elect the DIS. Hello PDUs
co
exchanged by the routers contain the Priority field. The router with the
highest priority is elected as the DIS. If the routers have the same
.
priority, the router with the largest interface MAC address is elected as
ei
the DIS. In an IS-IS network, the DIS sends Hello PDUs at an interval
w
of 10/3 seconds, and non-DIS routers send Hello PDUs at an interval of
ua
10 seconds.
.h
Differences between IS-IS Adjacencies and OSPF Adjacencies
In IS-IS, two neighbor routers establish an adjacency if they
g
exchange Hello PDUs. In OSPF, two routers establish a neighbor
in
relationship if they are in 2-Way state, and establish an adjacency
rn
if they are in Full state.
In IS-IS, a router whose priority is 0 can participate in a DIS
ea
election. In OSPF, a router whose priority is 0 does not take part
in DR election.
/l
In IS-IS, the DIS election is based on preemption. In OSPF, a
router cannot preempt to be the DR or BDR if the DR or BDR has
:/
been elected.
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Two-Way Mode
Upon receiving a P2P IIH from a peer router, a router
ce
Three-Way Mode
A neighbor relationship is established after P2P IIHs are
Re
broadcast network.
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
LSDB. After the CSNP timer expires, the DIS sends CSNPs at an
interval of 10 seconds to synchronize the LSDBs on the network.
so
R3 receives the CSNPs from the DIS, checks its LSDB, and
sends a PSNP to the DIS to request the LSPs it does not have.
Re
The DIS receives the PSNP and sends the required LSPs to R3
for LSDB synchronization.
ng
the corresponding LSP in the LSDB, the DIS replaces the local
LSP with the received LSP and multicasts the new LSDB. If the
re
interface.
en
If the sequence number of the received LSP is the same as that of
m/
the
corresponding LSP in the LSDB, the DIS compares the remaining
co
lifetime of the two LSPs. If the remaining lifetime of the received
LSP is smaller than that of the LSP in the LSDB, the DIS replaces
.
the local LSP with the received LSP and broadcasts the new
ei
LSDB. If the remaining lifetime of the received LSP is larger than
w
that of the LSP in the LSDB, the DIS sends the local LSP to the
ua
inbound interface.
If the sequence number and the remaining lifetime of the received
.h
LSP and those of the corresponding LSP in the LSDB are the
same, the DIS compares the checksum of the two LSPs. If the
g
checksum of the received LSP is larger than that of the LSP in the
in
LSDB, the DIS replaces the local LSP with the received LSP and
rn
broadcasts the new LSDB. If the checksum of the received LSP is
smaller than that of the LSP in the LSDB, the DRB sends the local
ea
LSP to the inbound interface.
If the sequence number, remaining lifetime, and checksum of the
/l
received LSP and those of the corresponding LSP in the LSDB
are the same, the LSP is not forwarded.
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
CSNP to each other. If the LSDB of the neighbor and the received
CSNP are not synchronized, the neighbor sends a PSNP to
request the required LSP.
s:
the required LSP to R2, starts the LSP retransmission timer, and
waits for a PSNP from R2 as an acknowledgement for the
ur
received LSP.
If R1 does not receive a PSNP from R2 after the LSP
so
local LSP to the neighbor and waits for a PSNP from the neighbor.
If the sequence number of the received LSP is larger than that of
ar
the corresponding LSP in the LSDB, the router adds the received
LSP to its LSDB, sends a PSNP to acknowledge the received
Le
LSP, and then sends the received LSP to all its neighbors except
the neighbor that sends the LSP.
re
m/
the LSP in the LSDB, the router replaces the local LSP with the
received LSP, sends a PSNP to acknowledge the received LSP,
co
and sends the received LSP to all neighbors except the neighbor
that sends the LSP. If the remaining lifetime of the received LSP
.
is larger than that of the LSP in the LSDB, the router sends the
ei
local LSP to the neighbor and waits for a PSNP.
w
If the sequence number and remaining lifetime of the received
ua
LSP are the same as those of the corresponding LSP in the LSDB,
the router compares the checksums of the two LSPs. If the
.h
checksum of the received LSP is larger than that of the LSP in the
LSDB, the router replaces the local LSP with the received LSP,
g
sends a PSNP to acknowledge the received LSP, and sends the
in
received LSP to all neighbors except the neighbor that sends the
rn
LSP. If the checksum of the received LSP is smaller than that of
the LSP in the LSDB, the router sends the local LSP to the
ea
neighbor and waits for a PSNP.
If the sequence number, remaining lifetime, and checksum of the
/l
received LSP and those of the corresponding LSP in the LSDB
are the same, the LSP is not forwarded.
:/
tp
To solve this question, IS-IS provide the Route Leaking. You can
so
configure access control lists (ACLs) and routing policies and mark
routes with tags on Level-1-2 routers to select eligible routes. Then a
Re
routers in area 47.0001 can know of routes outside area 47.0001 and
routes passing through the two Level-1-2 routers. After route calculation,
ar
Principles
LSPs with the overload bit are still flooded on the network,
ht
but the LSPs are not used when routes that pass through a
router configured with the overload bit are calculated. That is,
s:
after the overload bit is set on a router, other routers ignore this
router when performing SPF calculation and calculate only the
ce
Topology
so
exceptions.
You can manually configure a device to enter the overload
ar
state.
Le
Fast Convergence
Incremental SPF (I-SPF): recalculates only the routes of the
ht
changed nodes rather than all the nodes when the network
topology changes, with exception to where calculation is
s:
performed for the first time, at which time all nodes are involved,
thereby speeding up route calculation. I-SPF improves the SPF
ce
calculates only the changed routes, but it does not calculate the
shortest path. It updates routes based on the SPT
ng
m/
LSP generation intelligent timer: There is a minimum
interval restriction on LSP generation to prevent frequent
co
flapping of LSPs from affecting the network. The same LSP
cannot be generated repeatedly within the minimum
.
interval, which is 5 seconds by default. This restriction
ei
significantly affects route convergence speed.
w
In IS-IS, if local routing information changes,
ua
a router generates a new LSP to advertise this change.
When local routing information changes frequently, the
.h
newly generated LSPs consume a lot of system resources.
If the delay in generating an LSP is too long, the router
g
cannot advertise changed routing information to neighbors
in
in time, reducing the network convergence speed. The
rn
delay in generating an LSP for the first time is determined
by init-interval, and the delay in generating an LSP for the
ea
second time is determined by incr-interval. From the third
time on, the delay in generating an LSP increases twice
/l
every time until the delay reaches the value specified by
max-interval. After the delay remains at the value specified
:/
by max-interval for three times or the IS-IS process is
restarted, the delay decreases to the value specified by init-
tp
m/
periodically floods LSPs in batches to reduce the impact of LSP
flooding on network devices. By default, the minimum interval for
co
sending LSPs on an interface is 50 milliseconds and the
maximum number of LSPs sent at a time is 10. After the flash-
.
flood function is enabled, when LSPs change and cause SPF
ei
recalculation, IS-IS immediately floods LSPs that cause SPF
w
recalculation instead of sending the LSPs periodically. When the
ua
network topology changes, LSDBs of all devices on the network
are inconsistent. This function effectively reduces the time during
.h
which LSDBs are inconsistent and improves the network fast
convergence performance. When a network fault occurs, only a
g
small number of LSPs change although a large number of LSPs
in
exist. Therefore, IS-IS only needs to flood the changed LSPs and
rn
consumes a few system resources.
Priority-based Convergence
ea
You can use the IP prefix list to filter routes and configure different
convergence priorities for different routes so that important routes
/l
are converged first, improving the network reliability.
The convergence priorities of IS-IS routes are classified into
:/
critical, high, medium, and low in decreasing order.
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
following ways:
The router sends LSPs and SNPs carrying the authentication TLV
and verifies the authentication information of the received LSPs
s:
and SNPs.
ce
router sends SNPs carrying the authentication TLV but does not
verify the authentication information of the received SNPs.
so
SNPs.
The router sends LSPs and SNPs carrying the authentication TLV
ni
Concepts
Originating system: is a router that runs the IS-IS protocol. After
ht
in a routing domain.
Virtual system: is a system identified by an additional system ID. It
Re
m/
generate more LSP fragments. You can configure up to 50 virtual
systems for the router. Each virtual system can generate a
co
maximum of 256 LSP fragments. An IS-IS router can generate a
maximum of 13,056 LSP fragments.
.
An IS-IS router can run the LSP fragment extension feature in two
ei
modes.
w
Mode-1
ua
• It is used when some routers on the network do not support
LSP fragment extension.
.h
• Virtual systems participate in SPF calculation. The
originating system advertises LSPs containing information
g
about links to each virtual system. Similarly, each virtual
in
system advertises LSPs containing information about links
rn
to the originating system. Virtual systems look like the
physical routers that connect to the originating system.
ea
• The LSP sent by a virtual system contains the same area
address and overload bit as those in a common LSP. If the
/l
LSPs sent by a virtual system contain TLVs specified in
other features, these TLVs must be the same as those in
:/
common LSPs.
• The virtual system carries neighbor information indicating
tp
the route from R1 to R1-1 and the cost of the route from R1
to R1-2 are both 0, the cost of the route from R2 to R1 is
ni
m/
generated by virtual systems actually belong to the
originating system.
co
• R2 supports LSP fragment extension, and R1 is configured
to support LSP fragment extension in mode-2. R1-1 and
.
R1-2 are virtual systems of R1 and send LSPs carrying
ei
some routing information of R1.
w
When receiving LSPs from R1-1 and R1-2, R2 obtains the IS
ua
Alias ID TLV and knows that the originating system of R1-1
and R1-2 is R1. R2 then considers that information
.h
advertised by R1-1 and R1-2 belongs to R1.
Precautions
g
After LSP fragment extension is configured, the system
in
prompts you to restart the IS-IS process if information is
rn
lost because LSPs overflow. After being restarted, the
originating system loads as much routing information as
ea
possible to LSPs, and adds the overloaded information to
the LSPs of the virtual system for transmission.
/l
If there are devices of other vendors on the network, LSP
fragment extension must be set to mode-1, otherwise,
:/
devices of other vendors cannot identify the LSPs.
It is recommended that you configure LSP fragment
tp
import routes.
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Topology
Assume that R1 only needs to receive only Level-1 routing
ur
R3, and R4. Then configure the Level-1-2 router in area 47.0003
to leak only the routes matching the configured administrative tag
Re
To use administrative tags, you must enable the IS-IS wide metric
ni
attribute.
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case Description
In this case, the addresses for interconnecting devices are as
ht
follows:
• If RX interconnects with RY, their interconnection
addresses are XY.1.1.X and XY.1.1.Y respectively, network
s:
mask is 24.
ce
Remarks
R4 and R5 are Level-1-2 routers. They take part in calculate the
ur
routes of Level-1 and Level-2 at the same time, and maintain the
Level-1 and Level-2 LSDB.
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Command Usage
The is-level command sets the level of an IS-IS router. By
ht
View
ce
Parameters
is-level { level-1 | level-1-2 | level-2 }
so
LSDB.
level-1-2: sets a router as a Level-1-2 router, which
ng
m/
Level-2 neighbor relationship can be established on the
interface.
co
Precautions
If a router is a Level-1-2 router and needs to establish a
.
neighbor relationship at a specified level (Level-1 or Level-
ei
2) with a peer router, you can run the isis circuit-level
w
command to allow the local interface to send and receive
ua
only Hello packets of the specified level on the P2P link.
This configuration prevents the router from processing too
.h
many Hello packets and saves the bandwidth.
The configuration of the isis circuit-level command takes
g
effect on the interface only when the IS-IS system type is
in
Level-1-2, otherwise, the level configured using the is-
rn
level command is used as the link type.
In a P2P network, the Circuit ID uniquely identifies a local
ea
interface. In a broadcast network, the Circuit ID is the
system ID and pseudonode ID.
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case Description
The topology in this case is the same as that in the previous case.
ht
Command Usage
The isis dis-priority command sets the priority of the interface
ht
View
ce
Parameters
isis dis-priority priority [ level-1 | level-2 ]
so
Specifies the priority for electing DIS. The value ranges from 0
to 127. The default value is 64. The greater the value of priority
Re
Configuration Verification
Run the display isis interface process-id command, and view
the DIS field in the command output.
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case Description
The topology in this case is the same as that in the previous case.
ht
Command Usage
The import-route command configures IS-IS to import routes
ht
external areas.
The cost-style command sets the cost style of routes sent and
ur
routing policy.
Mo
m/
routes with cost style narrow.
wide: indicates that the device can receive and send
co
routes with cost style wide.
wide-compatible: indicates that the device can receive
.
routes with cost style narrow or wide but sends only
ei
routes with cost style wide.
w
Precautions
ua
To transmit tags in the entire network, run the cost-style wide
command on all devices in the network.
.h
Configuration Verification
Run the display isis router command to view tag information.
g
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case Description
The topology in this case is the same as that in the previous case.
ht
Command Usage
The filter-policy import command allows IS-IS to filter the
ht
Parameters
ce
not affected.
The filter-policy export command takes effect only when it
Le
leaking.
Mo
en
m/
.co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case Description
IS-IS authentication classifies into area authentication, routing
ht
Command Usage
The area-authentication-mode command configures an IS-IS
ht
and password.
View
ur
Parameters
isis authentication-mode { simple password | md5 password-
Re
mode.
en
send-only: indicates that the router encapsulates sent Hello
m/
packets with authentication information but does not
authenticate received Hello packets.
co
area-authentication-mode { simple password | md5 password-
key } [ ip | osi ] [ snp-packet { authentication-avoid | send-only }
.
| all-send-only ]
ei
simple password: indicates that the password is
w
transmitted in plain text.
ua
md5 password-key: indicates that the password to be
transmitted is encrypted using MD5.
.h
keychain keychain-name: specifies a keychain that
changes with time.
g
ip: indicates the IP authentication password. This
in
parameter cannot be configured in the keychain authentication
rn
mode.
osi: indicates the OSI authentication password. This
ea
parameter cannot be configured in the keychain authentication
mode.
/l
send-only: indicates that the router encapsulates sent
Hello packets with authentication information but does not
:/
authenticate received Hello packets.
all-send-only: indicates that the router encapsulates
tp
Precautions
The area-authentication-mode command takes effect only on
so
Case Description
In this case, the addresses for interconnecting devices are as
ht
follows:
• If RX interconnects with RY, their interconnection
addresses are XY.1.1.X and XY.1.1.Y respectively, network
s:
mask is 24.
ce
Results
You can run the display isis peer command to check whether
ht
Results
You can run the display isis interface command to view the
ht
interface relationship.
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Results
You can run the display ip routing-table command to view the
ht
routing table.
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
.co
ei
w
ua
g .h
in
rn
ea
/l
:/
tp
Case Description
In this case, the network runs IS-IS.
ht
Requirement analysis
The log prompt function of IS-IS is disabled by default.
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Results
The nexthop command sets the preferences of equal-cost routes.
ht
preference is.
ce
Parameters
nexthop ip-address weight value
ur
Results
The summary ip-address mask avoid-feedback |
ht
OSPF topology:
OSPF divides an Autonomous System (AS) into one or
ht
Router type:
Internal router: All interfaces on an internal router belong to the
ce
area.
Backbone router: At least one interface on a backbone router
ng
m/
non-backbone area. In OSPF, Area 0 is defined as the
backbone area.
co
In IS-IS, Level-1 and Level-2 routers use the shortest path
first (SPF) algorithm to generate shortest path trees (SPTs)
.
respectively. In OSPF, the SPF algorithm is used only in the
ei
same area, and inter-area routes are forwarded by the
w
backbone area.
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
mode.
NBMA: A network where the link layer protocol is ATM or FR is
ni
m/
Reduces the number of neighbors and further reduces the
number of times that link-state information and routing
co
information are updated. The DRother sets up full adjacency
only with the DR/BDR. The DR and BDR set up full adjacency
.
with each other.
ei
The DR generates Network-LSAs to describe information about
w
the NBMA or broadcast network segment.
ua
DR/BDR election rules
.h
When Hello is used for DR/BDR election, the DR/BDR is
elected based on Router Priority of interfaces.
g
If Router Priority is set to 0, the router cannot be elected as
in
the DR or BDR.
A larger value of Router Priority indicates a higher priority. If
rn
the value of Router Priority is the same on two interfaces, the
ea
interface with a larger Router ID is elected.
The DR/BDR cannot preempt resources.
/l
If the DR is faulty, the BDR automatically becomes the new DR,
and a new BDR is elected on the network. If the BDR is faulty,
:/
the DR does not change, and a new BDR is elected.
tp
Type: specifies the OSPF packet type. There are five types of
OSPF packets.
Re
packet
ni
Hello packet
Network Mask: specifies the network mask of the interface
sending Hello packets.
en
HelloInterval: specifies the interval for sending Hello packets, in
m/
seconds.
Options: specifies optional functions supported by the OSPF
co
router sending the Hello packet. Detailed functions are not
mentioned in this course.
.
Rtr Pri: specifies the router priority on the interface sending
ei
Hello packets. This field is used for electing the DR and BDR.
w
RouterDeadInterval: specifies the interval for advertising that
ua
the neighbor router does not run OSPF on the network
segment, in seconds. In most cases, the value of this field is
.h
four times HelloInterval.
Designated Router: specifies the IP address of the DR elected
g
by routers sending Hello packets. The value 0.0.0.0 of this field
in
indicates that the DR is not elected.
Backup Designated Router: specifies the IP address of the
rn
BDR elected by routers sending Hello packets. The value
ea
0.0.0.0 of this field indicates that the BDR is not elected.
Neighbor: specifies the neighbor router ID, indicating that the
/l
router has received valid Hello packets from neighbors.
:/
DD packet
Interface MTU: specifies the maximum IP data packet size that
tp
LSR packet
Link State Advertisement Type: specifies the LSA type, which
ng
LSU packet
Number of LSAs: specifies the number of LSAs in an LSU
packet.
re
LSU packet
Header of LSA: specifies LSA header information.
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
increases.
Length: specifies the length of an LSA, including the LSA header.
ni
more virtual links with full adjacency when this field is set to 1.
E: is set to 1 when the originating router is an ASBR.
re
an LSA.
Link Type: indicates the link type. The value of this field can be:
1: P2P link to a device, point-to-point connection to another router
en
2: link to a transit network, such as broadcast or NBMA network
m/
3: link to a subnet, such as Loopback interface
4: virtual link
co
Link ID: specifies the link ID. The value of this field can be:
1: neighbor router ID
.
2: IP address of the interface on a DR
ei
3: IP network or subnet address
w
4: neighbor router ID
ua
Link Data: indicates more information about a link. This field
specifies the IP address of the interface on the originating router
.h
connected to the network when the value of Link Type is 1 or 2,
and specifies the IP address or subnet mask of the network when
g
the value of Link Type is 3.
in
ToS: is not supported.
rn
Metric: specifies the metric of a link or interface.
ea
Network-LSA
Link State ID: specifies the IP address of the interface on a DR.
/l
Network Mask: specifies the IP address or subnet mask used on
the network.
:/
Attached router: lists router IDs of the DR and all routers that have
set up adjacency relationships with the DR on an NBMA network.
tp
ht
the ASBR.
Network Mask: specifies the IP address or subnet mask of the
ce
AS-external-LSA
Re
mask.
ni
m/
Forwarding Address: When an internal route is advertised
between an NSSA ASBR and the neighboring AS, this field is set
co
to the next-hop address of the local network. When the internal
route is not used for advertisement, this field is set to the interface
.
ip of the stub network,such as loopback,if have multi stub
ei
network,choose the maximum ip address.
w
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Options field:
DN: prevents loops on an MPLS VPN network. When a type 3, 5,
ht
EA: indicates that the originating router can receive and forward
External-Attributes-LSA(type8 LSA).
Re
N-bit: exists only in Hello packets. The value 1 indicates that the
router supports Type 7 LSAs. The value 0 indicates the router
ng
LSAs. This field is set to 1 in all Type 5 LSAs and LSAs that are
sent from the backbone area and NSSA areas. This field is set to
0 in LSAs that are sent from stub areas. This field in a Hello
re
packet indicates that the interface can receive and send Type 5
Mo
LSAs.
MT-bit: indicates that the originating router supports MOSPF.
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Neighbor status:
Down: It is the initial stage of setting up sessions between
ht
not in the neighbor list of the received Hello packets. The router
has not established bidirectional communication with its neighbor.
ce
master router.
When the neighbor state machine is ExStart on R2, R2 sends the
so
m/
from R2
even through R1 does not need to update its LSDB using new DD
co
packets. R1 sends an empty DD packet with DD Sequence
Number of 5529.
.
When the neighbor state machine is Loading on R1, R1 sends a
ei
Link State Request (LSR) packet to request link state information
w
that is learned from DD packets when the neighbor state machine
ua
is Exchange but not contained in the local LSDB.
After receiving the LSR packet, R2 sends a Link State Update
.h
(LSU) packet containing detailed link state information to R1.
When receiving the LSU packet, R1 changes its neighbor state
g
machine from Loading to Full.
in
R1 then sends a Link State Acknowledgement (LSAck) packet to
rn
R2 to ensure information transmission reliability. LSAck packets
are flooded to acknowledge the receiving of LSAs.
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
OSPF can define areas as stub and totally stub areas. A stub area is a
special area where ABRs do not flood the received AS external routes.
ht
The ABR in a stub area maintains fewer routing entries and transmits
less routing information. The stub area is an optional configuration, but
not all areas can be configured as stub areas. Generally, a stub area is
s:
Stub area
Re
router can then learn the AS external network from the ABR.
Mo
m/
area network from an ABR.
The ABR automatically generates a Type 3 LSA and advertises it
co
within the entire totally stub area.
.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
defines that stub areas cannot import external routes. However, stub
areas cannot meet the requirements of the scenario that requires the
import of external routes while preventing resources from being
s:
Type 7 LSA
Type 7 LSAs are defined in an NSSA Area to describe AS
ur
external routes.
Type 7 LSAs are generated by an ASBR in an NSSA area and
so
m/
also be translated.
The Type 7 LSAs generated by ABRs are not set with the P-bit.
co
Precautions
.
Multiple ABRs may be deployed in an NSSA area. To prevent
ei
routing loops, ABRs do not calculate the default routes advertised
w
by each other.
ua
NSSA and totally NSSA
.h
A small number of AS external routes learned from the ASBR in an
NSSA area can be imported to the NSSA area. Type 5 LSAs
g
cannot be advertised within the NSSA area, but routers can learn
in
the AS external routes from the ASBR.
rn
Neither Type 3 nor Type 5 LSAs can be advertised within a totally
NSSA.
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Fast convergence
I-SPF improves this algorithm. With exception to where
ht
up network convergence.
Similar to I-SPF, PRC calculates only the changed routes. PRC,
ur
but changes in the SPT or leaf and routing information are not
dependent on each other. PRC processes routing information
ng
m/
OSPF intelligent timer dynamically adjusts the interval for
calculating
co
routes based on the user configuration and exponential
backoff technology. In this manner, the route calculation and
.
CPU resource consumption are decreased. Routes are
ei
calculated after the network topology becomes stable.
• On an unstable network, if a router generates or receives
w
LSAs due to frequent topology changes, the OSPF
ua
intelligent timer can dynamically adjust the interval for
calculating routes. No LSA is generated or handled within
.h
an interval, which prevents invalid LSAs from being
generated and advertised on the entire network.
g
• The OSPF intelligent timer helps calculate routes as follows:
in
• Based on the local LSDB, a router that runs OSPF
calculates the SPT with itself as the root using the
rn
SPF algorithm, and determines the next hop to the
destination network according to the SPT. Changing
ea
the interval for SPF calculation can prevent the
bandwidth and resource consumption caused by
/l
frequent LSDB changes.
• On a network that requires short route convergence
:/
time, specify the interval for route calculation in
milliseconds to increase the route calculation
tp
Priority-based convergence
Filter routes based on the IP prefix list. Set different priorities for
re
the routes so that routes with the highest priority are preferentially
converged, improving network reliability.
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
starts the overflow timer. The router automatically leaves the overflow
ce
state after the overflow timer expires. The default timeout period is 5
seconds.
ur
Two ABRs use a virtual link to directly transmit OSPF packets. The
routers between the two ABRs only forward packets. Because the
ce
route within the area. Routers in the area use the received default
route to forward inter-area packets.
An ASBR in an area advertises Type 5 or Type 7 LSAs carrying
s:
the default route within the AS. Routers in the AS use the
ce
Precautions
When no exactly matched route is discovered, a router can
so
the router does not learn this type of LSA advertised by other
routers, which carry a default route. That is, the router uses only
ni
m/
automatically generate default routes, even if the common
OSPF area has default routes.
co
• NSSA area
• To advertise AS external routes using the ASBR in an
.
NSSA area and advertise other external routes
ei
through other areas, configure a default Type 7 LSA
w
on the ABR and advertise this LSA in the entire
ua
NSSA area. In this way, a small number of AS
external routes can be learned from the ASBR in the
.h
NSSA, and other inter-area routes can be learned
from the ABR in the NSSA area.
g
• To advertise all the external routes using the ASBR in
in
the NSSA area, configure a default Type 7 LSA on
rn
the ASBR and advertise this LSA in the entire NSSA
area. In this way, all the external routes are
ea
advertised using the ASBR in the NSSA area.
• The preceding configurations are performed using the
/l
same command in different views. The difference
between these two configurations is described as
:/
follows:
An ABR will generate a default Type 7 LSA
tp
0.0.0.0.
• An ABR does not translate Type 7 LSAs carrying a
ce
Route filtering
LSAs are not filtered during route learning. Route filtering can
ht
Precautions
Stub areas and database overflow can also implement the
ce
specifies the interval for sending Hello packets and its value is
usually the same as the value of RouterDeadInterval.
ur
Init: A router has received Hello packets from its neighbor but is
not in the neighbor list of the received Hello packets. The router
ni
relationship with the neighbor, the router enters the 2-Way state.
en
2-Way: In this state, bidirectional communication has been
m/
established but the router has not established the adjacency
relationship with the neighbor.
co
This is the highest state before the adjacency relationship is established.
1-WayReceived: The router knows that it is not in the neighbor list
.
of Hello packets received from the neighbor. This is caused by the
ei
restart of the neighbor.
w
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
local LSDB.
Exchange: The router exchanges DD packets containing the local
ur
Full: The local LSDBs on the two routers have been synchronized.
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
OSPF works only at the network layer and the protocol number is
89.
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case Description
The NBMA network topology is displayed in this case. Other
ht
Command Usage
The peer command sets the IP address and DR priority of the
ht
View
OSPF view
ur
Parameters
so
router.
dr-priority priority: specifies the priority for the neighbor
ng
to select a DR.
ni
Precautions
In the routing table on R3, the routing entry mapping the IP
ar
Case Description
The network topology in this case is the same as the previous
ht
Command Usage
The vlink-peer command creates and configures a virtual link.
ht
View
OSPF area view
s:
Parameters
ce
vlink-peer router-id
router-id: specifies the router ID of the virtual link
ur
neighbor.
so
Configuration Verification
Run the display ospf vlink command to view information about
Re
Remarks
ng
Case Description
The network topology in this case is the same as the previous
ht
Command Usage
The ospf dr-priority command sets the priority of an interface
ht
View
s:
Interface view
ce
Parameters
ur
Precautions
If the DR priority of an interface on a router is 0, the router
ng
changed.
Le
Configuration Verification
Run the display ospf peer command to view information about
neighbors in OSPF areas.
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case Description
The network topology in this case is the same as the previous
ht
Command Usage
The ospf timer hello command sets the interval for sending Hello
ht
packets on an interface.
The ospf timer poll command sets the poll interval for sending
Hello packets on an NBMA network.
s:
ce
View
ospf timer hello: interface view
ur
Parameters
ospf timer hello interval
Re
packets.
ar
Precautions
By default, the intervals for sending Hello packets are 10
Le
m/
invalid, the router sends Hello packets periodically at the
interval specified using the ospf timer poll command. The
co
poll interval must be at least four times of the interval for
sending Hello packets.
.
ei
Remarks
w
Perform the same interface configuration on R4 as that on
ua
R2 and R3.
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case Description
This case is an extension to the original case. Perform
ht
Command Usage
The import-route command imports routes learned by other
ht
routing protocols.
The ospf cost command sets the cost of a route on an OSPF-
enabled interface.
s:
ce
View
import-route: OSPF view
ur
Parameters
import-route[ cost cost | type type ]
Re
Precautions
ar
Case Description
This case is an extension to the original case. Perform
ht
Command Usage
The filter-policy export command configures a filtering policy
ht
View
Re
Parameters
ni
information.
Mo
m/
prefix-name } import
acl-number: specifies the basic ACL number.
co
acl-name acl-name: specifies the ACL name.
ip-prefix ip-prefix-name: specifies the name of an IP
.
prefix list.
w ei
Precautions
ua
Type 5 LSAs are generated on an ASBR to describe AS
external routes and advertised to all areas (excluding stub and
.h
NSSA areas). The filter-policy command needs to be
configured on an ASBR. To advertise only routing information
g
meeting specific conditions, run the filter-policy command to
in
set filtering conditions.
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case Description
This case is an extension to the original case. Perform
ht
Command Usage
The nssa command configures an OSPF area as an NSSA area.
ht
View
OSPF area view
s:
ce
Parameters
nssa [ default-route-advertise | flush-waiting-timer interval-
ur
to 0.0.0.0.
en
translator-always: specifies an ABR in an NSSA area as
m/
an all-the-time translator. Multiple ABRs in an NSSA area
can be configured as translators.
co
translator-interval interval-value: specifies the timeout
period of a translator.
.
zero-address-forwarding: sets the FA of the generated
ei
NSSA LSAs to 0.0.0.0 when external routes are imported
w
from an ABR in an NSSA area.
ua
Precautions
.h
The parameter default-route-advertise is configured to advertise
Type 7 LSAs carrying the default route. Regardless of the route
g
0.0.0.0 exists in the routing table, Type 7 LSAs carrying the default
in
route will be generated on an ABR. However, Type 7 LSAs
rn
carrying the default route will be generated only when the route
0.0.0.0 exists in the routing table on an ASBR.
ea
When the area to which the ASBR belongs is configured as an
NSSA area, invalid Type 5 LSAs from other routers in the area
/l
where LSAs are flooded will be reserved. These LSAs will be
deleted only when the aging time reaches 3600 seconds. The
:/
router performance is affected because the forwarding of a large
number of LSAs consumes the memory resources. The parameter
tp
Case Description
This case is an extension to the original case. Perform
ht
Command Usage
The authentication-mode command sets the authentication
ht
View
OSPF view
ur
Parameters
so
authentication-
mode simple [ [ plain ] plaintext | cipher ciphertext ]
simple password: indicates simple authentication.
re
m/
cipher: specifies a ciphertext password. If this parameter
is specified, the device allows you to set only a ciphertext
co
key, and the key is displayed in ciphertext mode in the
configuration file.
.
ciphertext: specifies a ciphertext password.
w ei
Precautions
ua
The authentication modes and passwords of all the devices must
be the same in an area, but can be different in different areas.
.h
The authentication-mode command used in the interface view
takes precedence over the authentication-mode command used
g
in the OSPF area view.
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
co
.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case Description
If RX is interconnected with RY, their interconnection
ht
Configuration Verification
Run the display ospf peer brief command to check whether
ht
Configuration Verification
Run the tracert command to trace traffic on R3. The command
ht
Configuration Verification
Run the display ip routing-table command to view the routing
ht
Case Description
so
ur
ce
s:
Analysis
To make R1 select the path through area 2 to reach the
ht
networks in area 1,we must make the path through area2 work
as it is passing through area 0.virtual link meet the
needs.when virtual link is established,R1 will compare the cost
s:
of the two path and choose the path with lower cost as the
ce
best.
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
.co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Configuration Verification
Only the external LSA (10.0.0.0) exists in the LSDB on R2.
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
co
.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Configuration Verification
All neighbor relationships on R3 are correct, indicating
ht
successful authentication.
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
or calculate routes.
BGP uses the Transport Control Protocol (TCP) with listening
ni
connectivity.
• BGP needs to select inter-AS routes, which requires
Le
m/
routes. This greatly reduces the bandwidth occupied by BGP
route advertisements. Therefore, BGP applies to the
co
transmission of a large number of routes on the Internet.
BGP is designed to avoid loops.
.
• Inter-AS: BGP routes carry information about the ASs
ei
along the path. The routes that carry the local AS
w
number are discarded to avoid inter-AS loops.
ua
• Intra-AS: BGP does not advertise the routes learned in
an AS to BGP peers in the AS. In this manner, intra-AS
.h
loops are avoided.
BGP provides rich routing policies to flexibly filter and select
g
routes.
in
BGP provides a route flapping prevention mechanism, which
rn
effectively improves Internet stability.
BGP is easy to extend and adapts to network development. It
ea
is mainly extended using TLVs.
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
private AS numbers.
Each AS on a BGP network is assigned a unique AS number to
so
AS numbers.
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
BGP device does not advertise the routes learned from an IBGP
peer to other IBGP peers, and establishes full-mesh connections
with all the IBGP peers.
s:
called BGP peers. A group of peers sharing the same policies can
form a peer group.
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
messages.
Update message: is used to exchange routes between BGP peers.
so
routes.
• An Update message can be used to advertise multiple
ng
BGP speakers.
en
• An Update message can be used only to withdraw
m/
routes. In this case, it does not need to carry route
attributes or NLRI. Similarly, an Update message can
co
be used only to advertise reachable routes, so it does
not need to carry information about withdrawn routes.
.
Keepalive message: is periodically sent to the BGP peer to
ei
maintain the peer relationship.
w
Notification message: is sent to the BGP peer when an error is
ua
detected. The BGP connection is then terminated immediately.
Route-Refresh message: is used to request the BGP peer resend
.h
routes when the BGP inbound routing policy changes. If all BGP
routers have the Route-Refresh capability, the local BGP router
g
sends a Route-Refresh message to BGP peers when the BGP
in
inbound routing policy changes. After receiving the Route-Refresh
rn
message, the BGP peers resend their routing information to the
local BGP router. In this manner, the BGP routing table can be
ea
dynamically updated, and the new routing policy can be used
without terminating BGP connections. A BGP peer notifies its peer
/l
of its Route-Refresh capability by sending an Open message.
BGP message applications
:/
BGP uses TCP port 179 to set up a connection. BGP connection
setup requires a series of dialogues and handshakes. TCP
tp
After two BGP peers exchange routes for a period of time, they do
not have new routes to be advertised and need to periodically send
so
If the local BGP router does not receive any BGP message from the
BGP peer within the holdtime, the local BGP router considers that
the BGP connection has been terminated, tears down the BGP
ng
connection, and deletes all the BGP routes learned from the peer.
When the local BGP router detects an error during the operation, for
ni
with the peer, the local BGP router also needs to send a Notification
message to the peer.
re
m/
message, including the header.
Type: A 1-byte field that specifies the type of a message:
co
• Open
• Update
.
• Keepalive
ei
• Notification
w
• Route-Refresh
ua
Open message format
.h
Version: Indicates the BGP version number. For BGPv4, the value
is 4.
g
My Autonomous System: Indicates the local AS number.
in
Comparing the AS numbers on both ends, you can determine
rn
whether a BGP connection is an IBGP or EBGP connection.
Hold Time: Indicates the time during which two BGP peers maintain
ea
a BGP connection between them. During the peer relationship
setup, two BGP peers need to negotiate the holdtime and keep the
/l
holdtime consistent. If two BGP peers have different holdtime
periods configured, the shorter holdtime is used. If the local BGP
:/
router does not receive a Keepalive message from the peer within
the holdtime, it considers that the BGP connection is terminated. If
tp
message.
Withdrawn Routes: A variable-length field that contains a list of IP
ni
m/
A Keepalive message has only the message header.
By default, the interval for sending Keepalive messages is 60
co
seconds, and the holdtime is 180 seconds. Each time a BGP router
receives a Keepalive message from its peer, it resets the hold timer.
.
If the hold timer expires, it considers the peer to be 'down'.
w ei
Notification message format
ua
Errorcode: A 1-byte field that uniquely identifies an error. Each error
code may have one or more error subcodes. If no error subcode is
.h
defined for an error code, the Error Subcode Field is all 0s.
Errsubcode: Indicates an error subcode.
g
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
A BGP finite state machine (FSM) has six states: Idle, Connect, Active,
OpenSent, OpenConfirm, and Established.
ht
The Idle state is the initial BGP state. In Idle state, a BGP
device refuses all the connection requests from neighbors.
The BGP device initiates a TCP connection with its BGP peer
s:
m/
occurs, the BGP device returns to the Idle state.
In the Active state, the BGP device keeps trying to establish a
co
TCP connection with the peer.
• If a TCP connection is established, the BGP device
.
sends an open message to the peer, closes the
ei
ConnectRetry timer, and changes to the OpenSent
w
state.
ua
• If a TCP connection fails to be established, the BGP
device stays in the Active state.
.h
• If the BGP device does not receive a response from the
peer before the ConnectRetry timer expires, the BGP
g
device returns to the connect state.
in
In the OpenSent state, the BGP device waits for an Open
rn
message from the peer and then checks the validity of the
received Open message, including the AS number, version,
ea
and authentication password.
• If the received Open message is valid, the BGP device
/l
sends a Keepalive message and changes to the
OpenConfirm state.
:/
• If the received Open message is invalid, the BGP
device sends a Notification message to the peer and
tp
A BGP device adds optimal routes to the BGP routing table to generate
BGP routes. After establishing a BGP peer relationship with a neighbor,
ht
the BGP device follows the following rules to exchange routes with the
peer:
s:
change.
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
The optimal routes are saved in the local BGP RIB (Loc-RIB)
and then submitted to the local IP route selection table (IP-
so
RIB).
In addition to the optimal routes received from peers, Loc-RIB
Re
also contains the BGP prefixes that are selected as the optimal
routes and injected by the current router (locally originated
ng
engine. Only the routes that pass the filtering of the outbound
policy engine can be installed to the RIB (Adj-RIB-Out).
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
BGP and checks whether local IGP routing tables contain the
ce
connections.
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
BGP route attributes are a set of parameters that further describe BGP
routes. Using BGP route attributes, BGP can filter and select routes.
ht
The Origin attribute defines the origin of a route and marks the path of a
BGP route. The Origin attribute is classified into the following types:
ht
IGP: A route with the Origin attribute IGP is an IGP route and
has the highest priority. For example, the Origin attribute of the
s:
command is IGP.
EGP: A route with the Origin attribute EGP is an EGP route
ur
The AS_Path attribute records all the ASs that a route passes through
from a source to a destination in the distance-vector order. To prevent
ht
inter-AS routing loops, a BGP device does not accept the EBGP routes
of which the AS_Path list contains the local AS number.
Assume that a BGP speaker advertises a local route:
s:
When advertising the route to the local AS, the BGP speaker
creates an empty AS_Path list in an Update message.
so
m/
When R4 advertises route 10.0.0.0/24 to AS 400 and AS 100,
it adds the local AS number to the AS_Path list. When R5
co
advertises the route to AS 100, it also adds the local AS
number to the AS_Path list. When R1 and R3 in AS 100
.
advertise the route to R2 in the same AS, they keep the
ei
AS_Path attribute of the route unchanged. R2 selects the route
w
with the shortest AS_Path when other BGP routing rules are
ua
the same. That is, R2 reaches 10.0.0.0/24 through R3.
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
The Next_Hop attribute records the next hop that a route passes
through. The Next_Hop attribute of BGP is different from that of an IGP
ht
Local_Pref attribute
This attribute indicates the BGP preference of a router. It is
ht
the same destination address but with different next hops from
IBGP peers, the router prefers the route with the highest
ur
Local_Pref.
so
Topology description
R1,R2,R3 are IBGP Peers of each other in AS 100, R2 establish EBGP
Re
Local_Pref with R2 and R3: one with Local_Pref value 300 from R2 and
the other with Local_Pref value 200 from R3. R1 prefers the route
ar
The MED attribute helps determine the optimal route when traffic enters
an AS. When a BGP router obtains multiple routes to the same
ht
destination address but with different next hops from EBGP peers, the
router selects the route with the smallest MED value as the optimal
route if the other attributes of the routes are the same.
s:
ce
any other AS. This attribute can be manually configured. If the MED
attribute is not configured for a route, the MED attribute of the route
so
Topology description
R1 and R2 advertise routes 10.0.0.0/24 to their respective
ng
EBGP peers R3 and R4. When other routing rules are the
same, R3 and R4 prefer the route with a smaller MED value.
ni
routers in multiple ASs can share the same routing policy. This attribute
is a route attribute and is transmitted between BGP peers without being
ar
m/
with the No_Advertise attribute to any peer.
No_Export: A BGP device does not advertise a received route
co
with the No_Export attribute to devices outside the local AS. If
a confederation is defined, the route with the No_Export
.
attribute cannot be advertised to ASs outside of the
ei
confederation but to other sub-ASs in the confederation.
w
No_Export_Subconfed: BGP device does not advertise the
ua
received route with the No_Export_Subconfed attribute to
devices outside the local AS or to devices outside the local
.h
sub-AS in a confederation.
g
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
summarized routes.
• Manually summarized routes generated using the
ng
m/
routes after the bestroute as-path-ignore command is
executed.
co
Prefers the route with the lowest MED.
• BGP compares only the MED values of routes sent
.
from the same AS (excluding a confederation sub-AS).
ei
That is, BGP compares the MED values of two routes
w
only when the first AS numbers in the AS_SEQUENCE
ua
attributes (excluding the AS_CONFED_SEQUENCE)
of the two routes are the same.
.h
• If a route does not have the MED attribute, BGP
considers the MED value of the route as the default
g
value 0. After the bestroute med-none-as-maximum
in
command is executed, BGP considers the MED value
rn
of the route as the maximum value 4294967295.
• After the compare-different-as-med command is
ea
executed, BGP compares the MEDs in the routes sent
from peers in different ASs. Do not use this command
/l
unless different ASs use the same IGP and route
selection mode, otherwise routing loops may occur.
:/
• After the bestroute med-confederation command is
executed, BGP compares the MED values of routes
tp
are received.
ur
Load Balancing
so
balancing only when the rules before the attibutes "Prefers the
route with the lowest IGP metric“ are the same.
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
BGP security
MD5: BGP uses TCP as the transport layer protocol. To
ht
packets whose TTL values are not within the specified range
are either allowed to pass through or discarded by GTSM. To
Re
value. A larger penalty value indicates a less stable route. Each time
route flapping occurs, BGP increases the penalty of a route by a value
ur
BGP suppresses this route and does not add it to the IP routing table or
advertise any Update message to BGP peers.
Re
After a route is suppressed for a period of time (half life), the penalty
value is reduced by half. When the penalty value of a route decreases
ng
to the reuse threshold, the route becomes reusable and is added to the
ni
manually configured.
Le
Route dampening applies only to EBGP routes but not IBGP routes.
IBGP routes often include the routes from the local AS, which requires
that the forwarding tables of devices within an AS be the same. In
re
synchronization.
en
If IBGP routes were dampened, forwarding tables on devices would be
m/
inconsistent when these devices have different dampening parameters.
Route dampening therefore does not apply to IBGP routes.
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
IP addresses used to interconnect devices are designed as
ht
follows:
• If RTX connects to RTY, interconnected addresses are
XY.1.1.X and XY.1.1.Y.Network mask is 24.
s:
Case analysis
To establish stable IBGP peer relationships, use loopback
so
addresses.
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Command usage
The peer as-number command sets the AS number of a
ht
View
BGP process view
Re
Parameters
peer ipv4-address as-number as-number
ng
number [ ipv4-source-address ]
ip-address: specifies the IPv4 address of a peer.
Le
m/
Precautions
co
When using a loopback interface to send BGP messages:
• Ensure that the loopback interface address of the BGP
.
peer is reachable.
ei
• In the case of an EBGP connection, you need to run
w
the peer ebgp-max-hop command to enable EBGP to
ua
establish the peer relationship in indirect mode.
The peer next-hop-local and peer next-hop-invariable
.h
commands are mutually exclusive.
The PrefRcv field in the display bgp peer command output
g
indicates the number of route prefixes received from the peer.
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
The topology in this case is the same as that in the previous
ht
Command usage
The peer route-policy command specifies a route-policy to
ht
View
BGP view
ce
ur
Parameters
peer ipv4-address route-policy route-policy-
so
Configuration verification
Run the display bgp routing-table command to view the BGP
Le
routing table.
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
The topology in this case is the same as that in the previous
ht
attribute.
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Command usage
The peer route-policy command specifies a route-policy to
ht
View
BGP view
ce
ur
Parameters
peer ipv4-address route-policy route-policy-
so
Configuration verification
Run the display bgp routing-table command to view the BGP
Le
routing table.
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
The topology in this case is the same as that in the previous
ht
Command usage
The peer route-policy command specifies a route-policy to
ht
View
BGP view
ce
ur
Parameters
peer ipv4-address route-policy route-policy-
so
Configuration verification
Run the display bgp routing-table community command to
Le
Case description
This case is an extension to the previous case. Perform the
ht
Command usage
The peer route-policy command specifies a route-policy to
ht
group.
View
ur
Parameters
Re
m/
route-policy route-policy-name: specifies a route-
policy name.
co
conditional-route-match-all ipv4-
address1{ mask1 | mask-length1 }: specifies the IPv4
.
address and mask/mask length for conditional routes.
ei
The default routes are sent to the peer or peer group
w
only when all conditional routes are matched.
ua
conditional-route-match-any ipv4-
address2{ mask2 | mask-length2 }: specifies the IPv4
.h
address and mask/mask length for conditional routes.
The default routes are sent to the peer or peer group
g
only when any conditional route is matched.
in
rn
Configuration verification
Run the display ip routing-table command to view IP routing
ea
table information.
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
This case is an extension to the previous case. Perform the
ht
Command usage
The maximum load-balancing command configures the
ht
View
s:
BGP view
ce
Parameters
ur
Precautions
ng
m/
Run the display ip routing-table protocol bgp command to
view the load-balanced routes learned by BGP.
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
This case is an extension to the previous case. Perform the
ht
Command usage
The peer valid-ttl-hops command applies the GTSM function
ht
policy.
The gtsm log drop-packet command enables the log function
ce
View
peer valid-ttl-hops: BGP view
Re
Parameters
ni
m/
policy.
pass: allows the packets that do not match the GTSM
co
policy to pass through.
.
Precautions
ei
GTSM and EBGP-MAX-HOP affect the TTL values of sent
w
BGP packets. The two functions are mutually exclusive.
ua
If the default action is configured but the GTSM policy is not
configured, GTSM does not take effect.
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
In the topology, among the IP addresses that are not marked,
ht
Results
Run the displayvlan command to view the results.
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
.co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Results
Run the display bgp peer command to view the BGP peer
ht
relationship.
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Results
Run the display bgp routing-table command to view the BGP
ht
Results
The loop is the result of inconsistency between IGP route
ht
Case description
In the topology, among the IP addresses that are not marked,
ht
Analysis process
Run the display bgp routing-table community command to
ht
Results
You will notice that the Community attribute of route
ht
Results
You can add the AS_Path Attribute to change the route
ht
selection of R3.
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
clients. The RR and its clients establish IBGP connections and form a
cluster. The RR reflects routes to clients, removing the need to
so
RR concepts
RR: a BGP device that can reflect the routes learned from an
ng
cluster.
Mo
the device that functions as a reflector, and clients do not need to know
that they are clients.
Re
When an RR reflects a route for the first time, the RR adds the
Originator_ID attribute to this route. The Originator_ID attribute
identifies the originator of the route. If the route already
s:
Originator_ID attribute.
When a device receives a route, the device compares the
ur
originator ID of the route with the local router ID. If they are the
same, the device discards the route.
so
cluster ID in an AS.
To prevent routing loops between clusters, an RR uses the Cluster_List
ng
attribute to record the cluster IDs of all the clusters that a route
passes through.
ni
the local cluster ID, the RR adds the local cluster ID to the
Mo
Backup RR
On the VRP, you need to run the reflector cluster-id
command to set the same cluster ID for all the RRs in the
s:
same cluster.
When redundant RRs exist, a client receives multiple routes to
ce
the same destination from different RRs and then selects the
ur
Topology description
When Client1 receives an updated route 10.0.0.0/24 from an
ng
and finds that its cluster ID has been contained in the cluster
list. Subsequently, it discards the route without reflecting the
route to its clients.
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Confederation
A confederation divides an AS into sub-ASs. Full-mesh IBGP
ht
is AS_SEQUENCE.
AS_CONFED_SEQUENCE: comprises a series of member
so
the devices.
RRs must establish full-mesh IBGP connections.
ce
seldom used.
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
The BGP routing table of each device on a large network is large. This
burdens devices, increases the route flapping probability, and affects
ht
network stability.
into one route. This mechanism allows a BGP device to advertise only
ce
the summarized route but not all the specific routes to peers. It reduces
the BGP routing table size. If the specific routes flap, the network is not
ur
Precautions
The summary automatic command summarizes the routes
ht
Manual summarization
Summarized routes do not carry the AS_Path attribute of detail
ht
routes.
Using the AS_SET attribute to carry the AS number can
prevent routing loops. Differences between AS_SET and
s:
RFC 5291 and RFC 5292 define the prefix-based BGP outbound route
filtering (ORF) capability to advertise required BGP routes. BGP ORF
ht
unnecessary routes.
ur
Case description
Among directly-connected EBGP peers, after negotiating the
ng
m/
inbound policies and reflects required routes in Route-Refresh
messages to Client1 and Client2. Client1 and Client2 receive only
co
the required routes, and the RR does not need to maintain routing
policies. The configuration workload is thereby reduced.
.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Active-Route-Advertise
Once a route is preferred by BGP, the route can be advertised
ht
Topology description
ur
RR1 has three clients and needs to reflect 100,000 routes to these
clients. If RR1 sends the routes grouped per peer to the three clients,
so
the total number of times that all routes are grouped is 300,000
(100,000 x 3). After the dynamic update peer-groups feature is used,
Re
Protocol extension
ur
byte AS number.
New AS numbers have three formats:
ni
value is 65535.65535.
Mo
en
• asdot: represents a 2-byte AS number using the
m/
asplain format and representing a 4-byte AS number
using the asdot+ format. (1 to 65535; 1.0 to
co
65535.65535)
Huawei supports the asdot format.
.
ei
Topology description
w
R2 receives a route with a 4-byte AS number 10.1 from R1.
ua
R2 establishes a peer relationship with R3 and needs to
enable R3 to consider the AS number of R2 as AS_TRANS.
.h
When advertising a route to R3, R2 records AS_TRANS in the
AS_Path attribute of the route and records 10.1 and its AS
g
number 20.1 to the AS4_Path attribute in the sequence
in
required by BGP.
R3 retains the unrecognized AS4_Path attribute and
rn
advertises the route to R4 according to BGP rules and
ea
considers the AS number of R2 as AS_TRANS.
When receiving the route from R3, R4 replaces AS_TRANS
/l
with the IP address recorded in the AS4_Path attribute and
records the AS4_Path as 30 20.1 10.1.
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Topology description
IBGP peer relationships are established between R1 and R2,
so
The user expects that: when the route with the next hop
2.2.2.2 becomes unreachable, the route with the next hop
3.3.3.3 is preferred. Actually, the fault is caused by BGP
re
m/
length of the route through which the original next hop can be
iterated. After the next-hop iteration policy is configured, the
co
route with the original next hop 2.2.2.2 depends on only the
IGP route 2.2.2.2/32.
.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
propagation.
Route summarization
Route summarization can optimize BGP routing entries and
re
Redundancy
Path redundancy ensures that a backup path is available when
ht
Load balancing
When multiple paths to the same destination exist, traffic can
ur
Policy-based routing
Traffic paths can be optimized through PBR.
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
.co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
routes on BGP.
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
IP addresses used to interconnect devices are as follows:
ht
Case analysis
EBGP peer relationships are established using loopback
so
interfaces.
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Command usage
The peer as-number command sets an AS number for a
ht
View
Re
Parameters
ng
m/
ip-address: specifies the IPv4 address of a peer.
group group-name [ external | internal ]
co
group-name: specifies the name of a peer group.
external: creates an EBGP peer group.
.
internal: creates an IBGP peer group.
w ei
Precautions
ua
When configuring a device to use a loopback interface as the
source interface of BGP messages, note the following points:
.h
• The loopback interface of the device's BGP peer must
be reachable.
g
• In the case of an EBGP connection, the peer ebgp-
in
max-hop command must be executed to enable the
rn
two devices to establish an indirect peer relationship.
The peer next-hop-local and peer next-hop-invariable
ea
commands are mutually exclusive.
The Rec field in the display bgp peer command output
/l
indicates the number of route prefixes received from the peer.
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
The topology in this case is the same as that in the previous
ht
Command usage
The undo reflect between-clients command prohibits an RR
ht
View
BGP view
so
Configuration verification
Re
Case description
The topology in this case is the same as that in the previous
ht
routes.
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Command usage
The peer ip-prefix command configures a route filtering policy
ht
View
s:
BGP view
ce
Parameters
ur
Configuration verification
Run the display bgp routing-table command to view the BGP
Le
routing table.
For the same node in a route-policy, the relationship between
if-match clauses is AND. A route needs to meet all the
re
are performed.
en
The relationship between the if-match clauses in the if-match route-
m/
type and if-match interface commands is "OR", but the relationship
between the if-match clauses in the two commands and other
co
commands is "AND".
.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
This case is an extension to the previous case. Perform the
ht
Command usage
The peer route-policy command specifies a route-policy to
ht
group.
ur
View
peer route-policy: BGP view
so
m/
route-policy route-policy-name: specifies a route-
policy name.
co
conditional-route-match-all ipv4-
address1{ mask1 | mask-length1 }: specifies the IPv4
.
address and mask/mask length for conditional routes.
ei
The default routes are sent to the peer or peer group
w
only when all conditional routes are matched.
ua
conditional-route-match-any ipv4-
address2{ mask2 | mask-length2 }: specifies the IPv4
.h
address and mask/mask length for conditional routes.
The default routes are sent to the peer or peer group
g
only when any conditional route is matched.
in
rn
Configuration verification
Run the display ip routing-table command to view
ea
information about the IP routing table.
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
This case is an extension to the previous case. Perform the
ht
Command usage
The aggregate command creates an aggregated route in the
ht
View
s:
BGP view
ce
Parameters
ur
m/
name of a policy for suppressing the advertisement of
specified routes.
co
Precautions
.
During manual or automatic summarization, routes pointing to
ei
NULL0 are generated locally.
w
ua
Configuration verification
Run the display ip routing-table protocol bgp command to
.h
view the routes learned by BGP.
g
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
This case is an extension to the previous case. Perform the
ht
Command usage
The peer capability-advertise orf command enables prefix-
ht
View
s:
BGP view
ce
Parameters
ur
packets.
receive: allows the device to receive only ORF packets.
ni
Precautions
BGP ORF has three modes: send, receive, and both. In send
Le
m/
IP-prefix information, configure this device to work in receive or
both mode and the peer device to work in send or both mode.
co
Configuration verification
.
Run the display bgp peer 1.1.1.1 orf ip-prefix command to
ei
view prefix-based BGP ORF information received from a
w
specified peer.
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
IP addresses used to interconnect devices are as follows:
ht
Results
The configuration is the basic OSPF configuration.
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Results
Run the display bgp peer command to view the BGP peer
ht
status.
Run the display bfd session all command to view the BFD
session. In the command output, D_IP_IF indicates that a BFD
s:
Results
Run the display bgp routing-table command to view BGP
ht
Case description
This case is an extension to the previous case. Perform the
ht
Analysis process
You can use commands peer groups to reduce the RR load.
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Results
Run the display bgp routing-table community command to
ht
Results
Run the display bgp routing-table community command to
ht
ACL
An ACL is a series of sequential rules composed of permit and
ht
IP prefix list
An IP prefix list filters matching routes in defined matching
Re
AS_Path filter
Each BGP route contains an AS path attribute. AS path
ni
Community filter
Community filters are exclusively used in BGP. Each BGP
re
step is determined by the ACL step. You can add new rules to
a rule group based on the rule ID.
ur
rule.
ar
The action defined in the last rule of a Huawei ACL is permit by default.
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Interface-based ACL
Match packets based on the rules defined on the inbound
ht
Basic ACL
Define rules based on the source IP address, VPN instance,
ce
Advanced ACL
so
Layer 2 ACL
ar
Automatic order
The automatic order follows the depth-first principle.
Re
You can make ACL rules valid only at the specified time or
ni
IP prefix list
An IP prefix list can contain multiple indexes. Each index has a
ht
does not match any node, the system filters the route.
According the matching prefix, an IP prefix list can be used for
ce
range.
An IP prefix list can implement accurate matching, or matching
so
length, less-equal-value].
The mask length range can be specified as mask-
Le
length<=greater-equal-value<=less-equal-value<=32.
When all IP prefix lists are not matched, the last matching
Mo
routes.
Since the number of the last AS that a route passes through is added to
s:
caution:
If a route originating from an AS passes through AS 300, AS
ur
routes.
attributes.
Self-defined community attributes and well-known
ce
A route policy is used to filter routes and set attributes for routes. By
changing route attributes (including reachability), a route policy
ht
route matches a node only when the route matches all the if-
Mo
m/
matches the route policy. If a route does not match any node,
the route fails to match the route policy.
co
The relationship between the if-match clauses of a node in a
route policy is AND. The actions defined by apply clauses can
.
be performed on a route only when the route meets all the
ei
matching conditions defined by the if-match clauses. The
w
relationship between the if-match clauses in the if-match
ua
route-type and if-match interface commands is OR, but the
relationship between the if-match clauses in the two
.h
commands and other commands is AND.
g
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
it has learned the route through IS-IS even though the external
LSA has been aged in the OSPF area. R1 and R3 then learn
ni
Topology description
s:
only incoming routes but not LSAs that carry these routes.
ce
That is, OSPF and IS-IS do not add the filtered routes to the
local routing tables, but LSAs of these routes are still
ur
direction.
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Topology description
You can modify the Local_Pref attribute contained in a route
ht
services.
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Matching process
If a device finds a matching local PBR node, the device
ht
outbound interface.
• If not, the device performs step 2.
Re
m/
configured for the local PBR.
• If so, the device sends the packets to the
co
default next hop.
• If not, the device performs step 6.
.
Step 6 Discards the packets and generates
ei
ICMP_UNREACH messages.
w
If the device does not find a matching local PBR node, it
ua
searches the routing table for a route based on the destination
addresses of the packets and then sends the packets.
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
IP addresses used to interconnect devices are as follows:
ht
Command usage
The route-policy command creates a route policy and
ht
View
s:
System view
ce
Parameters
ur
Precautions
Mo
A route policy is used to filter routes and set attributes for the routes
that match the route policy. A route policy consists of multiple nodes.
en
One node contains multiple if-match and apply clauses.
m/
The if-match clauses define matching conditions for this node, and the
apply clauses define the actions to be performed on the routes that
co
meet the matching conditions. The relationship between if-match
clauses is AND. That is, a route must match all the if-match clauses of
.
a node. The relationship between the nodes of a route policy is OR.
ei
That is, if a route matches a node, the route matches the route policy. If
w
a route does not match any node, the route does not match the route
ua
policy.
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
The topology in this case is the same as that in the previous
ht
Command usage
The filter-policy export command filters imported routes to be
ht
View
s:
System view
ce
Parameters
ur
Precautions
Le
After external routes are imported into OSPF using the import-
route command, you can run the filter-policy export
command to filter the imported routes to be advertised.
re
Mo
en
This configuration allows only the external routes that meet the
m/
matching conditions to be translated into Type 5 LSAs (AS-
external-LSAs) and advertised. In this case, routing loops are
co
prevented.
You can specify protocol or process-id to filter the routes of a
.
specified protocol or process. If no protocol or process-id is
ei
specified, OSPF filters all of the imported routes.
w
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
The topology in this case is the same as that in the previous
ht
Results
After routing protocols import routes from each other, R4
ht
Case description
This case is an extension to the previous case. Perform the
ht
Results
If we do not filter routes when bidirectional route importing,
ht
OSPF and RIP, and the preference of OSPF external routes is greater
than RIP, R3 or R4(one of them ) reaches 172.16.X.0/24 through a sub-
optimal. To slove this you need to modify the preference of OSPF
s:
Case description
This case is an extension to the previous case. Perform the
ht
Results
When only route summarization is performed, two problems
ht
they import the summary routes into the RIP area again.
The reason why the second problem occurs is as follows: After
ur
importing the routes into the OSPF area. That is, filter the
summary route learned from each other on R3 and R4.
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
This case is an extension to the previous case. Perform the
ht
Command usage
The policy-based-route command creates or modifies a PBR.
ht
View
s:
Parameters
policy-based-route policy-name { permit | deny } node node-
so
id
policy-name: specifies the PBR name.
Re
Precautions
When deploying PBR, do not configure a broadcast interface
such as an Ethernet interface as the outbound interface of
re
packets.
Mo
en
Configuration verification
m/
Run the display bgp peer 1.1.1.1 orf ip-prefix command to
view prefix-based BGP ORF information received from a
co
specified peer.
.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
IP addresses used to interconnect devices are designed as
ht
follows:
• If RTX connects to RTY, interconnected addresses are
XY.1.1.X and XY.1.1.Y. Network mask is 24.
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
co
.
wei
ua
g .h
in
rn
ea
/l
:/
tp
Results
When R5 imports routes, accurate matching must be
ht
performed.
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Results
When you tracert a nonexistent IP address that belongs to
ht
Results
You can configure static routes pointing to Null0 on R5 using a
ht
Case description
This case is an extension to the previous case. Perform the
ht
S0/0/1 is 21.1.1.1/24.
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Results
Use the ACL and route-policy commands to import two
ht
Results
After you use tags to prevent routing loops, If IS-IS support
ht
IS routes.
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Results
Configuration on this case avoid sub-optimal routes of R3 and
ht
unreasonable.
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
Results
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
Use local PBR to meet this requirement.
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Topology description
S1 and S2 are located in different positions. Each switch
ng
IEEE 802.1Q
IEEE 802.1Q is an Ethernet networking standard for a
ht
has 3 bits. The value ranges from 0 to 7. The greater the value,
the higher the priority. When QoS is deployed on a switch, the
ng
m/
In a VLAN, Ethernet frames are classified into the following types:
Tagged frame: frame with the 4-byte 802.1Q tag
co
Untagged frame: frame without the 4-byte 802.1Q tag
.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Topology description
A host does not need to know the VLAN to which it
belongs. It sends only untagged frames.
ng
information.
en
After a switching device determines the outbound
m/
interface of a frame and before the switching device
sends the frame to the destination host, the switching
co
device connected to the destination host removes the
VLAN tag from the frame to ensure that the host receives
.
an untagged frame.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Interface types
An access interface on a switch connects to an interface on a
ht
same as the PVID, the switch removes the tag from the
ni
frame.
A hybrid interface on a switch can connect to either a host or
another switch. It can connect to either access or trunk links.
re
does not add a VLAN tag to the data frame even if the
interface is configured with a PVID.
so
matching the source MAC address of the frame and adds the
VLAN ID to the frame.
Le
m/
VLAN IDs are allocated to packets received on an interface
according to the protocol (suite) type and encapsulation format
co
of the packets. The network administrator needs to configure
the mappings between protocol types and VLAN IDs. When
.
the switch receives an untagged frame, it searches the
ei
protocol-VLAN mapping table for a VLAN tag mapping the
w
protocol of the frame and adds it to the frame.
ua
The protocol support vlan assignment contains
IPV4\IPV6\IPX\AppleTalk(AT), encapsulation type is Ethernet
.h
II、802.3 raw、802.2 LLC、802.2 SNAP.
g
Policy-based VLAN assignment
in
Terminals’ MAC addresses and IP addresses need to be
rn
configured and associated with VLANs on the switch. Only
terminals matching conditions can be added to a specified
ea
VLAN. After terminals matching conditions are added to the
VLAN, changes of the IP addresses or MAC addresses may
/l
cause the terminals to be removed from the VLAN.
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Topology description
To implement intra-communication in VLAN 2 and VLAN 3
ht
Topology description
R1 is a Layer 3 switch supporting sub-interfaces, and S1 is a
ht
m/
ARP Reply packet in which the source MAC address is
the MAC address of the sub-interface mapping VLAN 2.
co
• PC1 obtains R1's MAC address.
• PC1 sends a packet in which the destination MAC
.
address is the MAC address of the sub-interface and
ei
the destination IP address is PC2's IP address to R1.
w
• After receiving the packet, R1 forwards the packet and
ua
detects that the route to PC2 is a direct route. The
packet is forwarded by the sub-interface mapping
.h
VLAN 3.
• R1 as the gateway in VLAN 3 broadcasts an ARP
g
Request packet requesting PC2's MAC address.
in
• After receiving the ARP Request packet, PC2 returns
rn
an ARP Reply packet.
• After receiving the ARP Reply packet, R1 sends the
ea
packet from PC1 to PC2. All packets sent from PC1 to
PC2 are sent to R1 first for Layer 3 forwarding.
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Topology description
VLAN 2 and VLAN 3 are assigned. To implement inter-
ce
m/
address is the MAC address of the VLANIF
interface and the destination IP address is PC2's IP
co
address to S1.
• After receiving the packet, S1 forwards the packet
.
and detects that the route to PC2 is a direct route.
ei
The packet is forwarded by VLANIF 3.
S1 as the gateway in VLAN 3 broadcasts an ARP
w
•
Request packet requesting PC2's MAC address.
ua
• After receiving the ARP Request packet, PC2
.h
returns an ARP Reply packet.
• After receiving the ARP Reply packet, S1 sends the
g
packet from PC1 to PC2. All packets sent from PC1
in
to PC2 are sent to S1 first for Layer 3 forwarding.
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
exists.
Sub-VLAN: is used to isolate broadcast domains. In the sub-
ce
Topology description
The super-VLAN (VLAN 10) contains the sub-VLANs (VLAN 2
ht
m/
gateway, and then the gateway performs Layer 3
forwarding.
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Topology description
The frame that enters S1 through Port 1 on PC1 is tagged with
ht
10.
A super-VLAN has no physical interface:
so
On S1, only VLAN 2 and VLAN 3 are valid, and all frames are
forwarded in these VLANs.
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Topology description
S2 is configured with super-VLAN 4, sub-VLAN 2, sub-VLAN 3,
ht
to super-VLAN 4.
• PC1 learns S2’s MAC address.
Le
m/
Layer 3 forwarding and sends the ARP Reply packet to
S1, with the next hop address of 1.1.2.2 and outbound
co
interface as VLANIF 10.
• After receiving the ARP Reply packet, Switch2
.
performs Layer 3 forwarding and sends the ARP Reply
ei
packet to PC3 through the directly connected interface
w
VLANIF 20.
ua
• The ARP Reply packet from PC3 reaches S2 after
Layer 3 forwarding on S1.
.h
• After receiving the ARP Reply packet, S2 performs
Layer 3 forwarding and sends the packet to PC1
g
through the super-VLAN.
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
The MUX VLAN falls into the principal VLAN and subordinate VLAN.
The subordinate VLAN is classified into the separate VLAN and group
ht
VLAN.
Principal VLAN: A principal interface can communicate with all
interfaces in a MUX VLAN.
s:
Subordinate VLAN
• Separate VLAN: A separate interface can communicate
ce
Topology description
The principal interface connects to the enterprise server;
ar
Case description
To meet requirement 2, configure VLAN 2 and VLAN 3 to be
ht
Command usage
The port link-type command sets the link type of an interface.
ht
View
Interface view
so
Parameters
port link-type { access | dot1q-tunnel | hybrid | trunk }
Re
Precautions
Before changing the link type of an interface, you need to
Le
vlan command does not take effect. The port trunk allow-
Mo
m/
When a hybrid interface is connected to a user host, it must be
added to VLANs in untagged mode because user hosts cannot
co
process untagged frames. The port hybrid untagged vlan
command is invalid on a member interface of an Eth-Trunk. A
.
super VLAN cannot be specified in the port hybrid untagged
ei
vlan command.
w
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
The topology is similar to that in slide 22. The difference is that
ht
Command usage
The mac-vlan mac-address command associates a MAC
ht
Precautions
After a MAC address is associated with a VLAN, it cannot
be associated with other VLANs.
ur
interface:
• When receiving an untagged packet, the interface
Re
Case description
The topology is similar to that in slide 22.
ht
Command usage
The ip-subnet-vlan command associates an IP subnet
ht
with a VLAN.
The ip-subnet-vlan enable command enables IP subnet-
based VLAN assignment on an interface.
s:
ce
Precautions
The ip-subnet-vlan command associated with a VLAN
cannot be a multicast network segment or multicast
ur
address.
so
Case description
Protocol-based assignment can be configured only on
ht
hybrid interfaces.
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Command usage
The protocol-vlan command associates a protocol with a
ht
VLAN.
The protocol-vlan vlan command associates an interface with
a protocol-based VLAN.
s:
ce
Precautions
Protocol-based assignment can be configured only on hybrid
ur
interfaces.
When protocol-based assignment is used on an interface, the
so
Case description
You can use the VLANIF interface or sub-interface to
ht
Command usage
The interface vlanif command creates a VLANIF interface
ht
Precautions
Before running the interface vlanif command, you must run
so
Case description
Configure VLAN aggregation to meet the requirements.
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Command usage
The aggregate-vlan command configures a VLAN as a
ht
super-VLAN.
The access-vlan command adds one or more sub-VLANs
to a super-VLAN.
s:
ce
Precautions
VLAN 1 cannot be configured as a super-VLAN.
The super-VLAN must be different from all its sub-VLANs.
ur
Case description
Configure the MUX VLAN to meet the requirements.
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Command usage
The mux-vlan command configures a VLAN as a principal
ht
VLAN.
The subordinate group command configures subordinate
group VLANs for a principal VLAN.
s:
as a super-VLAN.
Before running the undo subordinate group command delete
a subordinate group VLAN to which interfaces have been
re
m/
subordinate separate VLAN.
Precautions for the subordinate separate VLAN
co
Before configuring a subordinate separate VLAN, you must
configure a principal VLAN and enter the principal VLAN view.
.
The VLAN to be configured as a subordinate separate VLAN
ei
must have been created.
w
The VLAN to be configured as a subordinate separate VLAN
ua
cannot have a VLANIF interface configured or be configured
as a super-VLAN.
.h
Before running the undo subordinate separate command
delete a subordinate separate VLAN to which interfaces have
g
been added, delete the interfaces from the subordinate
in
separate VLAN.
A subordinate separate VLAN must be different from the
rn
principal VLAN.
ea
A subordinate separate VLAN must be different from a
subordinate group VLAN.
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
to delete the existing entries so that the switch can learn MAC
address entries again.
ur
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
To implement communication between VLANs through RIPv2,
ht
Result
Perform the ping operation. PC1 in VLAN 2 and VLAN 3 can
ht
Result
To implement communication between VLANs through RIPv2,
ht
Proxy ARP
Routed proxy ARP: Routed proxy ARP enables network
ht
Topology Description
Routed proxy ARP
ng
m/
for a routing entry corresponding to PC2. If the routing
entry corresponding to PC2 exists, S1 responds to the
co
ARP Request packet with its own MAC address. PC1
forwards data based on the MAC address of S1. S1
.
functions as the proxy of PC2.
ei
Intra-VLAN proxy ARP
w
• PC1 cannot communicate with PC2 in the same VLAN
ua
because interface isolation is configured on the
interface of S1 connected to PC1 and PC2. To solve
.h
this problem, enable intra-VLAN proxy ARP on the
interfaces of S1. After S1's interface connected to PC1
g
receives an ARP Request packet destined for another
in
address, S1 does not discard the packet but searches
rn
for the ARP entry corresponding to PC2. If the ARP
entry corresponding to PC2 exists, S1 sends its MAC
ea
address to PC1 and forwards packets sent from PC1 to
PC2. S1 functions as the proxy of PC2.
Inter-VLAN proxy ARP
/l
• This function is used in VLAN aggregation. Refer to the
:/
VLAN documentation.
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
same IP address.
Advertises a new MAC address: If the MAC address of a host
ce
After the system is reset or the interface card is hot swapped or reset,
the dynamic entries will be lost but the static and the blackhole entries
ht
other interfaces.
Preventing MAC address overwriting on interfaces with the
ce
Topology description
ni
switch.
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Topology description
No loop prevention protocol is used on the switching network.
ht
flapping occurs.
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
m/
setting guarantees higher network reliability. When the number
of active member interfaces reaches the upper threshold,
co
additional active member interfaces are set to Down and used
as backup links.
.
Lower threshold for the number of active interfaces: This
ei
setting ensure the minimum bandwidth of an Eth-Trunk. When
w
the number of active interfaces falls below this threshold, the
ua
Eth-Trunk goes Down.
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Forwarding principle
An Eth-Trunk interface is assumed to be a physical interface at
ht
Figure description
For example, If three physical interfaces, 1, 2, and 3, are
ng
m/
The Eth-Trunk module receives a frame from the MAC sub-
layer, and then extracts its source MAC address/IP address or
co
destination MAC address/IP address according to the load
balancing mode.
.
The Eth-Trunk module calculates the HASH-KEY value using
ei
the hash algorithm.
w
Based on the HASH-KEY value, the Eth-Trunk module
ua
searches the Eth-Trunk forwarding table for the interface
number, and then sends the frame from the corresponding
.h
interface.
g
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
second data frame may arrive at the peer device earlier than
ce
mode.
ce
LACP mode
ur
aggregation.
ni
LACP concepts
LACP system priority: The LACP system priority (default value
ar
m/
interfaces based on the selection of the peer. The smaller the
LACP system priority value, the higher the LACP system
co
priority. When LACP system priorities are the same, the device
with smaller MAC address functions as the Actor.
.
LACP interface priority: The LACP interface priority (default
ei
value of 32768) is used to determine whether a member
w
interface can be selected as an active interface. The smaller
ua
the LACP interface priority value, the higher the LACP
interface priority.
.h
In LACP mode, LACP determines active and inactive links in
an LAG. This mode is also called M:N mode, where M refers to
g
the number of active links and N refers to the number of
in
backup links. This mode guarantees high reliability and allows
rn
load balancing to be carried out across M active links.
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
LACP implementation
After member interfaces are added to an Eth-Trunk in LACP
ht
Negotiation process
so
m/
• E1 becomes faulty, and then recovers. When E1 fails,
E3 replaces E1 to transmit services. After E1 recovers,
co
if LACP preemption is not enabled on the Eth-Trunk,
E1 still retains a backup state. If LACP preemption is
.
enabled on the Eth-Trunk, E1 becomes the active
ei
interface and E3 becomes the backup interface
w
because E1 has higher priority than E3.
ua
LACP preemption delay
• When LACP preemption occurs, the backup link waits
.h
for a given period of time before switching to the active
state.
g
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
GVRP
GVRP is based on GARP and is used to maintain VLAN
ht
Participant
Re
VLAN.
GVRP registers and deregisters VLAN attributes through
attribute declarations and reclaim declarations:
re
m/
• When an interface receives a VLAN attribute reclaim
declaration, it deregisters the VLAN specified in the
co
declaration. That is, the interface is removed from the
VLAN.
.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
messages.
Join message: When a GARP participant requires that other
devices register its attributes, receives Join messages from
s:
Join timer
To ensure that a Join message is reliably transmitted to
ht
Hold timer
When you configure an attribute on a participant or when
Re
m/
Upon receiving a Leave or LeaveAll message, a GARP
participant starts its Leave timer. If it receives no Join message
co
containing the attribute carried in the Leave or LeaveAll
message when the Leave timer expires, it deregisters the
.
attribute.
ei
The Leave timer value is twice that of the Join timer value.
w
ua
LeaveAll timer
Upon startup, a GARP participant starts the LeaveAll timer.
.h
When the LeaveAll timer expires, the GARP participant sends
out a LeaveAll message, and then restarts the LeaveAll timer
g
to start another cycle.
in
When receiving a LeaveAll message, a GARP participant re-
rn
starts all timers, including the LeaveAll timer.
If LeaveAll timers of multiple devices expire at the same time,
ea
multiple LeaveAll messages will be sent at the same time,
creating unnecessary traffic. To avoid this problem, the actual
/l
LeaveAll timer value of a participant is a random value
between the LeaveAll timer value and the LeaveAll timer value
:/
multiplied by 1.5. A LeaveAll event is equivalent to
deregistering all attributes network wide by sending Leave
tp
messages.
The LeaveAll timer value must be at least larger than the
ht
JoinEmpty message.
• After E2 on S2 receives the first JoinEmpty message,
Re
m/
S3 creates dynamic VLAN 2 and adds E4 to VLAN 2.
After E4 receives the second JoinEmpty message, S3
co
does not take any action because E4 has been added
to VLAN 2.
.
• Every time the LeaveAll timer expires or a LeaveAll
ei
message is received, each device restarts the LeaveAll
w
timer, Join timer, Hold timer, and Leave timer. E1 then
ua
repeats step 1 to send JoinEmpty messages. E3 of S2
sends JoinEmpty messages to S3 in the same way.
.h
Two-way registration of VLAN attributes
g
After one-way registration is complete, E1, E2, and E4 are
in
added to VLAN 2 but E3 is not added to VLAN 2 because only
rn
interfaces receiving a JoinEmpty or JoinIn message can be
added to dynamic VLANs. To transmit traffic of VLAN 2 in both
ea
directions, VLAN registration from S3 to S1 is required. The
process is as follows:
/l
• After one-way registration is complete, static VLAN 2 is
created on S3 (the dynamic VLAN is replaced by the
:/
static VLAN). E4 on S3 starts the Join timer and Hold
timer. When the Hold timer expires, E4 on S3 sends
tp
created.
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
on S3.
m/
S3 starts the Hold timer. When the Hold timer expires,
E4 sends a LeaveEmpty message to S2.
co
• After E3 on S2 receives the LeaveEmpty message, it
starts the Leave timer. When the Leave timer expires,
.
E3 deregisters VLAN 2. Then E3 is deleted from
ei
dynamic VLAN 2, and dynamic VLAN 2 is deleted from
w
S2. At this time, S2 requests E2 to start the Hold timer.
ua
When the Hold timer expires, E2 sends a LeaveEmpty
message to S1.
.h
• After E1 on S1 receives the LeaveEmpty message, it
starts the Leave timer. When the Leave timer expires,
g
E1 deregisters VLAN 2. Then E1 is deleted from
in
dynamic VLAN 2, and dynamic VLAN 2 is deleted from
rn
S1.
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
co
.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
To enable PC1 and PC2 whose interfaces are isolated in
ht
Command usage
The port-isolate enable command enables port isolation.
ht
View
Interface view
ce
ur
Parameters
port-isolate enable [ group group-id ]
so
Precautions
You can use the display port-isolate command to view the
ng
Case description
Preemption needs to be enabled to meet requirement 3.
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Command usage
The mode command configures the working mode of an Eth-
ht
Trunk.
The eth-trunk command adds an interface to an Eth-Trunk.
The load-balance command sets a load balancing mode of an
s:
Eth-Trunk.
The max active-linknumber command sets the upper
ce
Trunk.
The lacp priority command sets the LACP system or interface
so
priority.
The lacp preempt enable command enables priority
Re
Precautions
ng
following points:
• An Eth-Trunk contains a maximum of 8 member
ar
interfaces.
• A member interface cannot be configured with any
Le
m/
interface cannot be an Eth-Trunk.
• An Ethernet interface can be added to only one Eth-
co
Trunk. To add the Ethernet interface to another Eth-
Trunk, delete it from the original Eth-Trunk first.
.
• Member interfaces of an Eth-Trunk must be of the
ei
same type. That is, FE and GE interfaces cannot join
w
the same Eth-Trunk.
ua
• Ethernet interfaces on different LPUs can join the same
Eth-Trunk.
.h
• The remote interface directly connected to the local
Eth-Trunk member interface must also be bundled into
g
an Eth-Trunk; otherwise, the two ends cannot
in
communicate.
•
rn
When member interfaces use different rates,
congestion may occur on the low-rate interface,
ea
causing packet loss.
• After interfaces are added to an Eth-Trunk, MAC
/l
addresses are learned on the Eth-Trunk but not the
member interfaces.
:/
• When all member interfaces of an Eth-Trunk work in
half-duplex mode, the Eth-Trunk cannot negotiate an
tp
Up state.
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
.co
ei
w
ua
.hg
in
rn
ea
/l
:/
tp
Case description
Deploy GVRP to meet requirement 2.
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Command usage
The gvrp command enables GVRP globally or on an interface.
ht
Precautions
Before enabling GVRP on an interface, you must set the link
type of the interface to trunk.
s:
tear down PPP data links. LCP can automatically detect the
link environment, for example, check whether there are loops.
It also negotiates link parameters such as the maximum
s:
Control field
• The Control field value defaults to 0x03, indicating
an unsequenced frame. By default, PPP does not
so
packet.
LCP packet format
Code field
ar
m/
request and response packets. If a device receives a
packet with an invalid Identifier field, the device
co
discards the packet.
• The sequence number of a Configure-Request
.
packet usually begins with 0x01 and increases by 1
ei
each time a Configure-Request packet is sent. After
a receiver receives a Configure-Request packet, it
w
must send a response packet with the same
ua
sequence number as that of the received Configure-
Request packet.
Length field
.h
• The Length field specifies the total number of bytes
in the LCP packet. It specifies the length of an LCP
g
packet, including the Code, Identifier, Length and
in
Data fields.
• The Length field value cannot exceed the maximum
rn
receive unit (MRU) of the link. Bytes outside the
range of the Length field are treated as padding and
ea
are ignored after they are received.
Data field
• The Type field specifies the negotiation option type.
/l
• The Length field specifies the total length of the Data
field, including Type, Length, and Data.
:/
• The Data field contains the contents of the
negotiation option.
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Network: In the Network phase, the two devices use NCP to negotiate
ni
m/
of the PPP protocol because PPP is a protocol suite that does not have
a protocol status. Only specified protocols such as LCP and NCP can
co
have a protocol status that can change from one state to another.
.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
LCP uses the magic number to detect link loops and other exceptions.
A magic number is a randomly generated digit. It should be ensured
so
that the two ends do not generate the same magic number.
After a device receives a Configure-Request packet, it compares the
Re
magic number and LCP does not generate a new magic number.
If the magic number in the Configure-Request packet received is the
Le
received is the same as that . If a link loop exists, the process persists.
If no link loop exists, packet exchange will soon be restored.
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
PPP. When the physical status of the link becomes Up, R1 and R2
use the LCP to negotiate link layer parameters. In this example, R1
sends an LCP packet.
s:
negotiation fails.
The Configure-Nak packet contains only the parameters whose
ce
If negotiation still fails after the Configure-Request packet is sent for
five consecutive times, the parameters are disabled and parameter
negotiation stops.
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
cannot be identified.
After receiving the Configure-Reject packet, R1 sends a Configure-
ce
by R2.
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
every 10 seconds.
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
When the authenticating party is configured with a user name (that is,
the ppp chap user username command is configured on the interface):
so
m/
password of the authenticated party by using MD5. The
authenticating party then compares the generated
co
ciphertext password with that carried in the received
Response packet, and returns a response based on the
.
check result.
ei
When the authenticating party is not configured with a user name
w
(that is, the ppp chap user username command is not configured on
ua
the interface):
• The authenticating party initiates an authentication
.h
request by sending a Challenge packet.
• After receiving the Challenge packet, the
g
authenticated party uses MD5 to calculate the
in
concatenation of Identifier, password generated by
rn
the ppp chap password command, and a random
number. It then sends a Response packet carrying
ea
the ciphertext password and local user name to the
authenticating party.
/l
• The authenticating party encrypts the locally saved
password of the authenticated party by using MD5.
:/
The authenticating party then compares the
generated ciphertext password with that carried in
tp
IPCP and LCP have the same negotiation mechanism, packet type,
and working process.
Topology
s:
packet.
• IPCP uses Configure-Request and Configure-Ack packets
ar
Multilink PPP fragments a packet and sends the fragments to the same
destination over multiple PPP links.
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
PPPoE overview
PPPoE allows a large number of hosts on an Ethernet to
ht
Topology
A PPPoE session is set up between each PC and the
ur
Discovery stage:
A PPPoE client broadcasts a PPPoE Active Discovery
Initial (PADI) packet that contains service information
s:
The PPPoE client selects the PPPoE server from which the
first PADO packet is received and unicasts a PPPoE Active
Discovery Request (PADR) packet to the PPPoE server.
ng
Session stage.
When the PPPoE session is established, the PPPoE server
and PPPoE client share the unique PPPoE session ID and
re
m/
PPP negotiation at the PPPoE Session stage is the same
as common PPP negotiation.
co
When PPP negotiation succeeds, PPP data packets can be
forwarded.
.
At the PPPoE Session stage, the PPPoE server and client
ei
send all Ethernet data packets in unicast mode.
Terminate stage:
w
After a PPPoE session is established, the PPPoE client or
ua
the PPPoE server can unicast a PADT packet to terminate
the PPPoE session at any time. When a PADT packet is
.h
received, no further PPP traffic can be sent using this
session.
g
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
types:
• PVC: refers to the manually created VC.
Re
interfaces.
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
except Huawei.
The PVC status of the DTE is determined by the DCE. The
ce
When the DTE and DCE can normally send and receive
LMI negotiation messages, the link protocol status changes
ar
After the FR LMI negotiation succeeds and the PVC status changes to
Active, two devices on a PVC start the InARP negotiation process:
ht
R1.
After receiving the Inverse ARP Response packet, R1
Re
respectively.
Two types of sub-interfaces are available:
P2P sub-interface: used to connect to a single remote
ng
m/
devices. Each sub-interface can be configured with multiple
PVCs. Each PVC maps the protocol address of its
co
connected remote device. In this way, different PVCs can
reach different remote devices. You can manually configure
.
the address mapping, or use InARP to dynamically create
ei
the address mapping.
w
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
The NCP protocol can be used to allocate an IP address to the peer.
ht
You need to configure the ppp chap user Huawei command on R1's
interface to enable R1 to send a Challenge packet to R2 carrying the
user name Huawei.
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Command usage
ppp authentication-mode: Configures the PPP authentication mode
in which the local device authenticates the remote device.
ht
device.
remote address: Configures the local device to assign an IP address
ur
Parameters
Re
m/
password to the authenticating party.
The local device can use IPCP to learn the 32-bit host address from
co
the remote
.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Command usage
interface mp-group: Creates an MP-Group interface and enters the
ht
Precautions
Data frames will be lost after you disable the interface. Exercise
ur
Case description
You need to get familiar with the configurations of the PPPoE
ht
Command usage
virtual-template: Creates a VT interface and enters the VT interface
ht
view.
pppoe-server bind virtual-template: Binds a specified VT interface
to an Ethernet interface and enables PPPoE on the Ethernet interface.
s:
Parameters
remote address { ip-address | pool pool-name }
ip-address: Specifies an IP address to be allocated to the remote
re
device.
Mo
pool pool-name: Specifies the name of the IP address pool, from which
an IP address is allocated to the remote device.
en
dialer-rule dialer-rule-number { acl { acl-number | name acl-name }
m/
| ip { deny | permit } | ipv6 { deny | permit } }
dialer-rule-number: Specifies the number of a dialer access group. The
co
number is the same as the value of group-number in the dialer-group
command.
.
acl { acl-number |name acl-name }: Indicates the number or name of
ei
the dialer ACL.
w
ip { deny | permit }: Indicates whether the dialer ACL allows or forbids
ua
IPv4 packets.
.h
Precautions
To configure the local device to allocate an IP address to the remote
g
device, run the ppp ipcp remote-address forced command in the
in
interface view.
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
.co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
In the case of FR network, you do not need to manually
ht
Precautions
You do not need to manually configure the mapping
ht
Topology Description
Broadcast storm
ht
STP
STP can eliminate network loops. STP is used to build a loop-
ht
Root bridge
The root bridge is the bridge with the smallest BID, which is
ht
The root port is determined based on the path cost. Among all
STP-capable ports on a network bridge, the port with the
ur
smallest root path cost is the root port. There is only one root
port on an STP-capable device, but there is no root port on the
so
root bridge.
Re
After the root bridge, root port, and designated port are selected
successfully, the entire tree topology is set up. When the topology is
re
stable, only the root port and the designated port forward traffic. All the
Mo
other ports are in Blocking state, and receive only STP BPDUs but not
forward user traffic.
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
scenarios:
When ports are enabled with STP, the designated ports send
configuration BPDUs at intervals specified by the Hello timer.
s:
m/
The Hello timer specifies the interval at which an STP-capable
device sends configuration BPDUs to detect link faults.
co
When the network topology becomes stable, the change of the
interval takes effect only after a new root bridge takes over.
.
After a topology changes, TCN BPDUs will be sent. This
ei
interval is irrelevant to the transmission of TCN BPDUs.
w
The default value is 2 seconds.
ua
Max Age
After a non-root bridge running STP receives a configuration
.h
BPDU, the non-root bridge compares the Message Age value
with the Max Age value in the received configuration BPDU.
g
• If the Message Age value is smaller than or equal to
in
the Max Age value, the non-root bridge forwards the
rn
configuration BPDU.
• If the Message Age value is larger than the Max Age
ea
value, the configuration BPDU ages and the non-root
bridge directly discards it. In this case, the network size
/l
is considered too large and the non-root bridge
disconnects from the root bridge.
:/
In real world situations, each time a configuration BPDU
passes through a bridge, the value of Message Age increases
tp
by 1.
The default value is 20.
ht
Forward Delay
The Forward Delay timer specifies the delay for interface
s:
the root bridge and sets the root bridge ID as the device ID.
Devices exchange configuration BPDUs to compare the root
so
bridge IDs. The device with the smallest BID is elected as the
root bridge.
Re
BPDU of {1, 0, 1, Port B}. After the two switches compare the
configuration BPDUs, S1 is deemed to have a higher priority
Le
Topology Description
Priorities of S1, S2, and S3 are 0, 1, and 2, and the path costs
ht
Port A2
S2: {1, 0, 1, PortB1} on PortB1 and {1, 0, 1, Port B2} on
ur
Port B2
S3: {2, 0, 2, PortC1} on PortC1 and {21, 0, 2, Port C2}
so
on Port C2
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
m/
• Port B1 receives the configuration BPDU {0, 0, 0, Port
A1} from Port A1 and finds that its configuration BPDU
co
{0, 0, 0, Port A1} has a higher priority than the
configuration BPDU {1, 0, 1, Port B1}, so Port B1
.
updates its configuration BPDU.
ei
• Port B2 receives the configuration BPDU {2, 0, 2, Port
w
C2} from Port C2 and finds that its configuration BPDU
ua
{1, 0, 1, Port B2} has a higher priority than the
configuration BPDU {2, 0, 2, Port C2}, so Port B2
.h
discards the configuration BPDU {2, 0, 2, Port C2}.
• The configuration BPDU {0, 0, 0, Port A1} on Port
g
B1 and the configuration BPDU {1, 0, 1, Port B2} on
in
Port B2 are optimal.
•
rn
Comparison of configuration BPDUs on ports:
• S2 compares the configuration BPDU on each
ea
port and finds that the configuration BPDU on
Port B1 has the highest priority, so Port B1 is
/l
used as the root port and the configuration
BPDU on Port B1 remains unchanged.
:/
• S2 calculates the BPDU {0, 5, 1, Port B2} for
Port B2 based on the configuration BPDU and
tp
m/
C1 and configuration BPDU {1, 0, 1, Port B2} on
Port C2 are optimal.
co
• Comparison of configuration BPDUs on ports:
• S3 compares the configuration BPDU on each
.
port and finds that the configuration BPDU on
ei
Port C1 has the highest priority, so Port C1 is
w
used as the root port and the configuration
ua
BPDU on Port C1 remains unchanged.
• S3 calculates the configuration BPDU {0, 10, 2,
.h
Port C2} for Port C2 based on the configuration
BPDU and path cost of the root port, and
g
compares the configuration BPDU {0, 10, 2,
in
Port C2} with its configuration BPDU {1, 0, 1,
rn
Port B2} on Port C2. S3 finds that the calculated
configuration BPDU has a higher priority, so
ea
Port C2 is used as the designated port and its
configuration BPDU is replaced by the
/l
calculated configuration BPDU.
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Port A2}.
Configuration BPDUs sent by S2
ce
Port B2}.
Configuration BPDUs sent by S3
Re
Port C2}.
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
one.
• Port B2 receives the configuration BPDU {0, 10, 2, Port
ur
discards it.
• After comparison, the optimal configuration BPDUs
Re
S3
• Port C1 receives the configuration BPDU {0, 0, 0, Port
ar
m/
costs are compared. Port C2 finds that the received
configuration BPDU has a higher priority(10>9), so Port
co
C2 updates its BPDU as {0, 5, 1, Port B2}.
After comparison, the optimal configuration BPDUs
.
on Port C1 and Port C2 are {0, 0, 0, Port A2} and {0,
ei
5, 1, Port B2} respectively.
w
• Comparison of configuration BPDUs on each port:
ua
• S3 compares the root path cost of Port C1 (root
path cost of 0 in the received configuration
.h
BPDU + path cost 10 of the link) with the root
path cost of Port C2 (root path cost of 5 in the
g
received configuration BPDU + path cost 4 of
in
the link). The root path cost of Port C2 is
rn
smaller, so the configuration BPDU of Port C2
is preferred. Port C2 is used as the root port
ea
and its configuration BPDU remains unchanged.
• S3 calculates the configuration BPDU {0, 9, 2,
/l
Port C1} for Port C1 according to the
configuration BPDU and path cost of the root
:/
port, and compares the calculated configuration
BPDU with its configuration BPDU. S3 finds
tp
Down.
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
the root bridge. Then determine the root port, designated port,
and alternate port.
E0 and E1 on S2 receive BPDUs {0, 0, 0, E0} and {0, 0, 0, E1}
s:
from S1. In the two BPDUs, only the transmit port is different.
ce
the root bridge. Then determine the root port, designated port,
and alternate port.
Re
from the root port using their designated ports. The designated port on
a non-root-bridge sends the optimal BPDU only after receiving BPDUs
with a lower priority.
s:
Topology description:
ce
Topology Description
The figure on the left side shows the initial topology. The path
ht
costs are the same. S1, S2, and S3 are connected, S1 is the
root port, and interconnected ports are in forwarding state. In
the figure on the right side, a link between S1 and S2 is added.
s:
the port connected to S1 is the new root port and the port
connected to S3 is the designated port. All ports are root ports
ur
Forward Delay
The default interval for port status transition is 15 seconds.
ht
period. The port then enters the Forwarding state from the
Learning state after the Forward Delay period. The port in
ni
transitions from the MSTP mode to the STP mode, its STP-
capable port supports the same port states as those supported
by an MSTP-capable port, including the Forwarding, Learning,
s:
other ports may receive the TCN BPDU but do not process it.
The upstream device sets the TCA bit of the Flags field in the
ur
BPDUs.
The upstream device sends a copy of the TCN BPDU to the
Re
root bridge.
Steps 1 to 4 repeat until the root bridge receives the TCN
ng
BPDU.
After receiving the TCN BPDU, the root bridge resets the TCA
ni
bridge sends the BPDU with the reset TC bit. The network
bridge that receives the BPDU reduces the aging time of MAC
address entries to the Forward Delay period.
re
Mo
en
Topology Description:
m/
Through STP calculation, S1 is the root bridge and port E1 on
S4 is blocked.
co
When the link of port E1 on S3 fails, the STP will be
calculation again, port E1 of S4 will turn to designated port and
.
the status is forwarding, S4 immediately sends a TCN BPDU
ei
to the upstream.
w
After S2 receives the TCN BPDU from S3, S2 resets the TCA
ua
bit in the subsequent configuration BPDU and sends it to S4
from port E3. S2 also sends the TCN BPDU to the root from
.h
the root port E1.
After S1 receives the TCN BPDU from S2, S1 resets the TCA
g
and TC bits in the subsequent configuration BPDU and sends
in
it to S2 from the designated port E1. Within the period of 35
rn
seconds (20 seconds + 15 seconds), S1 resets the TC bit in
the configuration BPDU. After receiving the configuration
ea
BPDU with the reset TC bit, each network bridge changes its
aging time of MAC address entries to 15 seconds.
/l
When the topology change, the MAC address table will
established soon, which can avoid wasting of bandwidth.
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
from the root bridge. S2 and S3 detect the root bridge failure
only after a Max Age period. S2 and S3 then determine the
new root bridge, root port, and designated port. The topology
s:
STP Limitation:
Port statuses or port roles are not distinguished in a fine-
ht
convergence.
The STP algorithm requires a stable network topology. After
ur
RSTP has all functions of STP, and the RSTP-capable and STP-
capable network bridges can work together.
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
RSTP defines four port roles: root port, designated port, alternate port,
and backup port.
ht
The functions of the root port and designated port are the same as
those defined in STP. The alternate port and backup port are described
as follows.
s:
bridges.
• A backup port is blocked after learning the
so
bridge.
• A backup port backs up the designated port and
ni
Port statuses are simplified from five types to three types. Based on
whether a port forwards user traffic and learns MAC addresses, the port
ht
RSTP Calculation
Roles of ports in Discarding state are determined:
Re
Bit 1 indicates the Proposal flag bit, indicating that the BPDU is
the Proposal packet in the fast convergence mechanism.
Re
Bit 2 and bit 3 indicate the port role. The value 00 indicates the
unknown port; the value 01 indicates the root port; the value
ng
Bit 7 indicates the TCA bit, which is the same as that in STP.
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
becomes stable
• In STP, after the topology becomes stable, the root
bridge sends configuration BPDUs at an interval set by
s:
device independently.
Shorter timeout interval of BPDUs
ni
m/
• In RSTP, when a port receives an RST BPDU from the
upstream designated bridge, the port compares the
co
received RST BPDU with its own RST BPDU. If its own
RST BPDU has higher priority than the received one,
.
the port discards the received RST BPDU and
ei
immediately responds to the upstream device with its
w
own RST BPDU. After receiving the RST BPDU, the
ua
upstream device updates its own RST BPDU based on
the corresponding fields in the received RST BPDU. In
.h
this manner, RSTP processes BPDUs with lower
priority more rapidly, independent of any timer that is
g
used in STP.
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
STP convergence
To eliminate loops, STP uses timers to complete convergence.
ht
The default period from the time the port is enabled to the time
the port is in Forwarding state is 30 seconds. Shortening the
values of timers may cause the network to become unstable.
s:
ce
m/
• When a port is selected as a designated port, in STP,
the port does not enter the Forwarding state until a
co
Forward Delay period expires; in RSTP, the port enters
the Discarding state, and then the Proposal/Agreement
.
mechanism allows the port to immediately enter the
ei
Forwarding state. The Proposal/Agreement mechanism
w
must be applied on the P2P links in full-duplex mode.
ua
• The P/A mechanism is short for the
Proposal/Agreement mechanism
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Edge port
An edge port directly connects to a terminal. When the network
ht
P/A mechanism
The Proposal/Agreement (P/A) mechanism enables a
ht
m/
synced variables are set to 1. The synced variable of
the root port p1 is then set to 1, and p1 sends an RST
co
BPDU with the Agreement field of 1 to S1. With
exception of the Agreement field that is set to 1 and the
.
Proposal field that is set to 0, the RST BPDU is the
ei
same as that received.
w
• After receiving this RST BPDU, S1 identifies the RST
ua
BPDU as a response to the Proposal packet that it just
sent, and p0 immediately enters the Forwarding state.
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
as follows:
S1 sends an RST BPDU with the Proposal field of 1 to S2.
After receiving the RST BPDU, S2 determines that E2 is the
s:
Timer value doubles the Hello timer value. All MAC address
ce
one that receives the RST BPDU. The switching device then
starts a TC While timer for all non-edge ports and the root port.
ng
When a port switches from RSTP to STP, the port loses RSTP features
such as fast convergence.
ht
capable device, the port switches to the STP mode after two intervals
ce
VLAN packets.
ce
Topology Description
ur
VLAN-MSTI mappings
MSTP revision level
ce
ur
The Common and Internal Spanning Tree (CIST), calculated using STP
or RSTP, connects all switching devices on a switching network.
ht
The CIST root is the network bridge with the highest priority on
the entire network, that is, root bridge of the CIST.
In the preceding topology, the lines in red in MSTIs and the
s:
The master bridge is the IST master, which is the switching device
closest to the CIST root in a region.
re
m/
A Single Spanning Tree (SST) is formed in either of the following
co
situations:
A switching device running STP or RSTP belongs to only one
.
spanning tree.
ei
An MST region has only one switching device.
w
There is no SST in the preceding topology.
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
MSTI
An MST region can contain multiple spanning trees, each
ht
one or more VLANs, but one VLAN can map to only one MSTI.
Each MSTI has an MSTI ID. The MSTI ID starts from 1, which
ce
The MSTI regional root is the network bridge with the highest
priority in each MSTI. You can specify different roots in
ng
different MSTIs.
In the preceding topology, assuming that S9 has the highest
ni
root in MSTI 2.
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
When compared to RSTP, MSTP has two additional port types. MSTP
ports include the root port, designated port, alternate port, backup port,
ht
in instances.
• In the preceding topology, the port on S7 connected to
Re
BPDU format.
ce
in an MST BPDU.
The EPC field in an MST BPDU indicates the total path cost
Re
from the MST region where the network bridge sending the
BPDU resides to the MST region where the CIST root resides.
The Bridge ID field in an MST BPDU indicates the regional
ng
MSTP-specific fields:
• Version 3 Length: indicates the BPDUv3 length, which
Le
m/
bridge is located. Neighboring switches are in the same
MST region only when the following fields on the
co
switches are the same:
• Format Selector: indicates the 802.1s-defined
.
protocol selector. It has a fixed value of 0.
ei
• Name: indicates the configuration name, that is,
w
the MST region name of a switch. The value
ua
has 32 bytes. Each switch has an MST region
name configured. The default value is the
.h
switch’s MAC address.
• Config Digest: indicates the configuration digest,
g
which has 16 bytes. Switches in an MST region
in
should maintain the same mapping between
rn
VLANs and MSTIs. However, the MST
configuration table is too large (8192 bytes) and
ea
cannot be easily transmitted between switches.
This field is the digest calculated from the MST
/l
configuration table using the MD5 algorithm.
• Revision Level: indicates the revision level of an
:/
MST region, which has two bytes. The default
value is all 0s. The value of the Config Digest
tp
m/
ID of the MSTI.
• MSTI IRPC: indicates the path cost from the
co
network bridge sending the BPDU to the MSTI
regional root.
.
• MSTI Bridge Priority: indicates the priority of the
ei
network bridge that sends the BPDU.
w
• MSTI Port Priority: indicates the priority of the
ua
port that sends the BPDU.
• MSTI Remaining Hops: indicates the remaining
.h
number of hops in an MSTI.
g
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Vectors
so
value (16 bits) and MAC address (48 bits). The priority value is
the priority of MSTI 0.
External root path cost (ERPC): indicates the external root
ng
path cost from the CIST regional root to the CIST root. ERPCs
ni
regional root ID consists of the priority value (16 bits) and MAC
address (48 bits).
Internal root path cost (IRPC): indicates the path cost from the
re
m/
that sends the BPDU.
Designated port ID: identifies the port on the designated
co
switching device connected to the root port on the local device.
The port ID consists of the priority value (4 bits) and port
.
number (12 bits). The priority value must be a multiple of 16.
ei
Receiving port ID: identifies the port that receives the BPDU.
w
The port ID consists of the priority value (4 bits) and port
ua
number (12 bits). The priority value must be a multiple of 16.
.h
If the priority of a vector carried in the configuration message of a
BPDU received by a port is higher than the priority of the vector in the
g
configuration message saved on the port, the port replaces the saved
in
configuration message with the received one. In addition, the port
rn
updates the global configuration message saved on the device. If the
priority of a vector carried in the configuration message of a BPDU
ea
received on a port is equal to or lower than the priority of the vector in
the configuration message saved on the port, the port discards the
BPDU.
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
CST Calculation
CST and IST calculation is similar to the calculation in RSTP.
ht
vectors: {CIST root, ERPC, regional root ID, designated port ID,
receiving port ID}.
so
Topology description:
• Assume that S1, S4, and S7 are regional roots in
Re
IST Calculation
CST and IST calculation is similar to the calculation in RSTP.
ht
Topology description:
• After CST calculation is complete, S1, S4, and S7 are
Re
Region1 Calculation
In an MST region, MSTP calculates an MSTI for each VLAN
ht
Topology description:
• In Region1, VLAN 2 maps to MSTI 2, VLAN 4 to MSTI
ce
to S1 is blocked.
MSTIs have the following characteristics:
ar
topologies.
Mo
en
Each MSTI sends BPDUs in its spanning tree.
m/
The topology of each MSTI is configured by using commands.
A port can be configured with different parameters for different
co
MSTIs.
A port can play different roles or have different statuses in
.
different MSTIs.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Region2 Calculation
Topology description:
ht
to S4 is blocked.
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Region3 Calculation
Topology description:
ht
are blocked.
• In MSTI 4, S8, S7, S10, and S9 are in descending
Re
are blocked.
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
MSTI Calculation
After CIST and MSTI calculations are complete, the mapping
ht
MST BPDU, it obtains the CIST root, ERPC, regional root ID,
ce
CIST root, ERPC, regional root ID, and designated port ID.
The BID is used as the regional root ID and designated switch
Re
After receiving the Agreement packet, the root port enters the
ur
Forwarding state.
The downstream device replies with an Agreement packet.
so
devices that use the ordinary P/A mechanism, run the stp no-
agreement-check command to configure the ordinary P/A mechanism
ar
Case description
S1, S2, and S3 must be in descending order of priority to meet
ht
requirements 2 and 3.
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Command usage
The stp mode command sets the working mode of a spanning
ht
spanning tree.
so
Parameters
stp mode { mstp | rstp | stp }
Re
m/
priority priority: specifies the priority of the switching
device in a spanning tree. The priority ranges from 0 to
co
61440. The value is a multiple of 4096, such as 0, 4096
and 8192. The default is 32768.
.
stp [ instance instance-id ] cost cost
ei
cost: specifies the path cost of a port. When the path
w
cost of a port changes, spanning tree recalculation will
ua
be performed.
.h
Precautions
On an STP/RSTP/MSTP network, each spanning tree has only
g
one root bridge, which is responsible for sending BPDUs and
in
connecting devices on the entire network. Because the root
rn
bridge is important on a network, the switching device with
high performance and network hierarchy is required to be
ea
selected as the root bridge. Such a device may not have high
priority, so you can run the stp root command to configure a
/l
switching device as the root bridge in a spanning tree.
A switching device in a spanning tree cannot function as both
:/
the primary and secondary root bridges.
After the stp root command is run to configure a switching
tp
cannot be modified.
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
In the preceding topology:
ht
Command usage
The stp mcheck command configures a port to automatically
ht
on a switching device.
The stp root-protection command enables root protection on
so
a port.
Precautions
Re
the device will initiate any BPDUs or negotiate with the directly
connected port on the remote device, and all the ports are in
ni
port.
Mo
en
The role of a designated port enabled with root protection
m/
cannot be changed. When a designated port enabled with root
protection receives a BPDU with a higher priority, the port
co
enters the Discarding state and does not forward packets. If
the port does not receive any BPDUs with higher priority after
.
a given period of time (generally two Forward Delay periods),
ei
the port automatically enters the Forwarding state.
w
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
S1 must be configured as the root bridge in MSTI2 and S3
ht
Command usage
The region-name command configures the MST region name
ht
of a switching device.
The instance command maps a VLAN to an MSTI.
The revision-level command configures the revision level of
s:
Precautions
Re
m/
switching device due to link congestion or
unidirectional link failure, the switching device will re-
co
select a root port. The original root port then becomes
a designated port and the original blocked port enters
.
the Forwarding state. As a result, loops may occur on
ei
the network.
w
• Loop protection can be deployed to prevent this
ua
problem. If the root port or alternate port cannot receive
BPDUs from the upstream device for a long period of
.h
time after loop protection is enabled, the root port or
alternate port will send a notification message to the
g
NMS. The root port will enter the Discarding state, and
in
the alternate port remains in Blocking state and no
rn
longer forwards packets. This prevents loops on the
network. The root port or alternate port restores the
ea
Forwarding state after receiving BPDUs.
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
In fast mode, the switch directly deletes the ARP entries that
ce
Unicast
In unicast mode, the amount of data transmitted on a network
ht
bandwidth.
Multicast has the following advantages over unicast and broadcast:
ar
m/
transmits data only to receivers that require the data. This
saves network resources and enhances data transmission
co
security.
.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Multicast service models are classified for receiver hosts and do not
affect multicast sources. All multicast data packets sent from a
ht
ASM model: Receiver hosts can only specify the group they
want to join and cannot select multicast sources.
so
a group. After joining the group, the hosts receive only the data
sent from the specified sources.
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Multicast addresses
IP addresses 224.0.0.0 to 224.0.0.255 are reserved as
ht
IGMP
IGMP is deployed between multicast routers and user hosts.
ht
PIM
PIM has two modes: PIM-DM and PIM-SM.
so
IGMP
IGMP is an IPv4 group membership management protocol in
ht
m/
message with the destination address 224.0.0.1
(indicating all hosts and routers on the same network
co
segment). The IGMP querier sends General Query
messages at intervals. The interval can be configured
.
using a command, and the default interval is 60
ei
seconds.
w
• All hosts on the network segment receive the General
ua
Query message. PC1 and PC2 then start a timer for G1
(Timer-G1), and PC3 starts a timer for G2 (Timer-G2).
.h
The timer length is a random value between 0 and 10,
in seconds.
g
• The host with the timer expiring first sends a Report
in
message for the multicast group. In this example,
rn
Timer-G1 on PC1 expires first, and PC1 sends a
Report message with the destination address as G1.
ea
When PC2 detects the Report message sent by PC1,
PC2 stops Timer-G1 and does not send any Report
/l
messages for G1. This mechanism reduces the
number of Report messages transmitted on the
:/
network segment, lowering loads on multicast routers.
• When Timer-G2 on PC3 expires, PC3 sends a Report
tp
network segment.
• After the routers receive the Report message, they
know that multicast groups G1 and G2 have members
s:
G3) entry. When the routers receive data sent to G3, they
forward the data to this network segment.
ar
m/
receive Report message for G3. After a period of time (130
seconds, Membership timeout interval = IGMP general query
co
interval x Robustness variable + Maximum response time), the
routers delete the multicast forwarding entry of G3.
.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
adding the Max Response Time field in the message. The field
value controls the response speed of group members and is
so
configurable.
Querier election
Re
m/
querier, and the other routers are non-queriers. In this
network, R1 has a smaller interface IP address than R2,
co
so R1 becomes the querier.
• All non-querier routers start a timer (Other Querier
.
Present Timer, Timer length = Robustness variable x
ei
IGMP general query interval + (1/2) x Maximum
w
response time. If the robustness variable, IGMP
ua
general query interval, and maximum response time
are all default values, the Other Querier Present Timer
.h
length is 125 seconds.) If non-querier routers receive a
Query message from the querier before the timer
g
expires, they reset the timer. If non-querier routers
in
receive no Query message from the querier when the
rn
timer expires, they trigger election of a new querier.
Leave mechanism
ea
In IGMPv2 implementation, the following process occurs when
PC3 wants to leave multicast group G2 and if PC3 is the group
member of last response query:
/l
• PC3 sends a Leave message for G2 to all multicast
:/
routers on the local network segment. The destination
address of the Leave message is 224.0.0.2.
tp
messages sent).
Re
that hosts can receive data sent from a specific source to a specific
group.
IGMPv3 also defines two types of messages: Query and Report.
s:
receive data sent from all multicast sources except the listed
Mo
ones to group G.
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
IS_EX
• Indicates that the source filter mode is EXCLUDE for a
ce
TO_IN
• Indicates that the source filter mode for a multicast
Re
multicast group.
TO_EX
ni
ALLOW
• Indicates that members of a multicast group want to
Le
m/
• Indicates that members of a multicast group no longer
want to receive data from the specified multicast
co
sources. If the source filter mode for the multicast
group is INCLUDE, the specified sources are deleted
.
from the source list. If the source filter mode is
ei
EXCLUDE, the specified sources are added to the
w
source list.
ua
An IGMPv3 Report message can carry multiple groups, whereas an
IGMPv1 or IGMPv2 Report message can carry only one group. IGMPv3
.h
greatly reduces the number of messages transmitted on a network.
Unlike IGMPv2, IGMPv3 does not define a Leave message. Group
g
members send Report messages of a specified type to notify multicast
in
routers that they have left a group. For example, if a member of group
rn
225.1.1.1 wants to leave the group, it sends a Report message with
(225.1.1.1, TO_IN, (0)).
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
hosts in the group), the IGMPv1 hosts will not receive traffic for
this group.
If an IGMPv2 router detects IGMPv1 hosts on the local
ng
messages received.
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
to 232.255.255.255.
ce
addresses, the router provides the ASM service for the host.
ni
Topology description
Mo
en
On an SSM network, PC1 runs IGMPv3, PC2 runs IGMPv2, and
m/
PC3 runs IGMPv1. PC2 and PC3 cannot run IGMPv3. To
provide the SSM service for all the hosts on the network
co
segment, IGMP SSM mapping must be configured on R1.
Before SSM mapping is enabled, the group-source mappings
.
on R1 are as follows:
ei
• Group 232.0.0.0/8 mapped to source 10.10.1.1
w
• Group 232.1.0.0/16 mapped to source 10.10.2.2
ua
• Group 232.1.1.0/24 mapped to source 10.10.3.3
After SSM mapping is enabled on R1, R1 checks group
.h
addresses of received packets to see whether the group
addresses are in the SSM group address range. If the group
g
addresses are in the SSM group address range, R1 generates
in
the following multicast entries according to the configured SSM
rn
mapping entries. If a group address is mapped to multiple
sources, R1 generates multiple (S, G) entries. The following are
ea
entries generated according to information in Report messages
sent from PC2 and PC3:
• (10.10.1.1,232.1.2.2)
• (10.10.2.2,232.1.2.2)
/l
:/
• (10.10.1.1,232.1.3.3)
• (10.10.2.2,232.1.3.3)
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
devices cannot learn any MAC multicast address because the source
ce
MAC addresses of link layer data frames are not MAC multicast
addresses. When a Layer 2 device receives a data frame with a
ur
Concepts
A router port is a link layer device's port towards a
ht
m/
the timer expires, the member port ages out.
• Static member port: Manually specified using a
co
command. Static member ports will not age out.
The output port list is important information for layer-2
.
multicast, include port of router and port of member.
ei
Working mechanisms
w
When a router port on an Ethernet switch receives an
ua
IGMP General Query message, the switch resets the
aging timer of the router port. If the port that receives
.h
the General Query message is not a router port, the
switch starts the aging timer for the port. (The aging
g
time is 180 seconds or the Holdtime value carried in
in
PIM Hello messages received by the switch. The
rn
default Holdtime value is 105 seconds.)
When an Ethernet switch receives an IGMP Report
ea
message, it checks whether there is a MAC multicast
group matching the IP multicast group that the user
wants to join.
/l
• If the MAC multicast group does not exist, the
:/
switch creates the MAC multicast group, adds
the port that receives the Report message to
tp
multicast group.
• If the MAC multicast group exists but the port
so
m/
receives an IGMP Leave message for a group on a
port, it sends an IGMP Group-Specific Query
co
message to the port to check whether the group has
other members on the port. At the same time, the
.
switch starts the query response timer (Timer length =
ei
Group-specific query interval x Robustness variable).
w
If the switch does not receive any IGMP Report
ua
message for the group when the query response
timer expires, it deletes the port from the matching
.h
MAC multicast group. If the MAC multicast group has
no member port, the switch requests the upstream
g
multicast router to delete this branch from the
in
multicast tree.
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Layer 2 multicast
If users in different VLANs require the same multicast data, the
ht
sends only one copy to S1. As the router does not need to
replicate multicast data in VLAN 2 and VLAN 3, network
ni
PIM router
Routers with PIM enabled on interfaces are called PIM routers.
ht
and two receivers (PC1 and PC2). Therefore, two source trees
are established on the network.
ni
multicast forwarding.
An (S, G) entry contains a known multicast source for a group,
Le
PIM DM overview
PIM-DM uses the push mode to forward multicast packets and
ht
pruning, grafting, assert, and state refresh. The flooding, pruning, and
ni
SM networks.
en
• Holdtime: indicates timeout interval of a
m/
neighbor relationship. A PIM router considers its
neighbor reachable within the Holdtime interval.
co
• LAN_Delay: indicates the delay in transmitting
Prune messages on a shared network segment.
.
• Neighbor-Tracking: indicates the neighbor
ei
tracking function.
w
• Override-Interval: indicates the interval for
ua
overriding a pruning operation.
Maintaining neighbor relationships
.h
• PIM routers periodically send Hello messages to each
other. If a PIM router does not receive any Hello
g
message from a PIM neighbor within the Holdtime
in
interval, the router considers the neighbor unreachable
rn
and deletes the neighbor from the neighbor list.
• Changes of PIM neighbors lead to changes in the
ea
multicast network topology. If an upstream or
downstream neighbor in the multicast distribution tree
/l
is unreachable, multicast routes need to re-converge,
and the multicast distribution tree will change.
:/
IGMPv1 querier election
Routers on a PIM-DM network compare the priorities and IP
tp
When multicast packets reach a leaf router, the leaf router processes
so
Topology description
Multicast source S sends a multicast packet to multicast group
G.
re
Mo
en
When R1 receives the multicast packet, it performs an RPF
m/
check on the packet against the unicast routing table. After the
packet passes the RPF check, R1 creates an (S, G) entry, in
co
which the downstream interface list contains interfaces
connected to R2 and R5. R1 then forwards subsequent
.
packets to R2 and R5.
ei
R2 receives the multicast packet from R1. After the packet
w
passes the RPF check, R2 creates an (S, G) entry, in which
ua
the downstream interface list contains the interfaces
connected to R3 and R4. R2 then forwards subsequent
.h
packets to R3 and R4.
R5 receives the multicast packet from R1. Because the
g
downstream network segment does not have group members
in
or PIM neighbors, R5 triggers a pruning process.
R3 receives the multicast packet from R2. After the packet
rn
passes the RPF check, R3 creates an (S, G) entry, in which
ea
the downstream interface list contains the interface connected
to PC1. R3 then forwards subsequent packets to PC1
/l
R4 receives the multicast packet from R2. Because the
downstream network segment does not have group members
:/
or PIM neighbors, R4 triggers a pruning process.
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
downstream network segment does not have any group member, the
PIM router sends a Prune message to the upstream router. After
receiving the Prune message from the downstream interface, the
s:
interface list of the (S, G) entry. The multicast packets will not be
forwarded to this downstream interface. A pruning operation is initiated
ur
by a leaf router. The Prune message is sent upstream hop by hop, and
PIM routers receiving the Prune message deletes the downstream
so
interface from the (S, G) entry. Finally, the multicast distribution tree
contains only branches with group members.
Re
A PIM router starts a prune timer (210 seconds by default) for the
pruned downstream interface and resumes multicast forwarding on the
ng
interface after the timer expires. Multicast packets are then flooded on
ni
the entire network, and new group members can receive multicast
packets. Subsequently, leaf routers without group members attached
ar
m/
If new members join the multicast group on the interface and
want to receive multicast packets before the next flood-and-
co
prune process, the leaf router initiates a grafting process.
If no member joins the multicast group and multicast
.
forwarding still needs to be suppressed on the interface, the
ei
leaf router initiates a state refresh process.
w
ua
Topology description
R5 sends a Prune message to R1 to notify R1 that the
.h
downstream network segment no longer needs to receive
multicast data.
g
After receiving the Prune message, R1 stops forwarding data
in
through its downstream interface connecting to R5, and
rn
deletes this downstream interface from the (S, G) entry. R1
has another downstream interface in forwarding state, so the
ea
pruning process ends. Subsequent multicast packets are only
forwarded to R2.
/l
R4 sends a Prune message to R2 to notify R2 that the
downstream network segment no longer needs to receive
:/
multicast data.
After receiving the Prune message, R2 waits for 3 seconds
tp
milliseconds by default).
If a router sends a Prune message upstream but other routers
ni
m/
pending timer (PPT). After a router receives a Prune message
from a downstream interface, it waits until the PPT expires,
co
and then prune the downstream interface. If the router receives
a Join message from the downstream interface before the PPT
.
expires, it cancels the pruning operation.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
forwarding.
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Topology description
Re
Topology description
R1 sends a State-Refresh message to R2 and R5 to initiate a
so
other neighbors, the PIM router sends an Assert message with the
ce
protocol wins.
If these routers have the same priority, the router with the
ng
election results:
The downstream interface of the router that wins the election is
the assert winner and forwards multicast packets to the shared
re
network segment.
Mo
en
The downstream interfaces the PIM routers that lose the
m/
election are assert losers and no longer forward multicast
packets to the shared network segment. The PIM routers
co
delete the downstream interfaces from the downstream
interface list of their (S, G) entries.
.
After the assert election is complete, only one downstream
ei
interface is active on the network segment, so only one copy of
w
multicast packets is transmitted to the network segment. All
ua
assert losers can resume multicast packet forwarding after a
specified interval (180 seconds by default), triggering periodic
.h
assert elections.
g
Topology description
in
In this example, R2 has a smaller cost to the multicast source
rn
than R3.
R2 and R3 receive a multicast packet from each other through
ea
their downstream interfaces, but both the packets fail the RPF
check and are dropped. R2 and R3 then send an Assert
message to the network segment.
/l
R2 compares its routing information with that carried in the
:/
Assert message sent by R3 and finds that its own route cost to
the multicast source is smaller. Therefore, R2 wins the election.
tp
Assert message sent by R2 and finds that its own router cost
to the multicast source is larger. Therefore, R3 fails the
ce
G), the last-hop router sends a Join message to the RP. The
Join message is transmitted hop by hop, and all the routers
Re
seconds by default).
ar
The Join message is transmitted hop by hop, and routers receiving the
ce
(R1).
After receiving the multicast packet, the source DR
ce
On a PIM-SM network, each multicast group can have only RP and one
RPT. Before an SPT switchover, all multicast packets destined for a
ht
specified threshold.
The receiver DR sends a Join message to the source DR. The
Le
m/
message to the RP. The Prune message is transmitted hop by
hop along the RPT, and routers receiving the message delete
co
their downstream interfaces from the (S, G) entry. After the
pruning process is complete, the RP no longer forwards
.
multicast packets along the RPT.
ei
If the SPT does not pass through the RP, the RP continues to
w
send a Prune message to the source DR, so that routers along
ua
the path between the RP and source DR delete their
downstream interfaces from the (S, G) entry. After the pruning
.h
process is complete, the source DR no longer forwards
multicast packets along the SPT to the RP.
g
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
During a BSR election, each C-BSR considers itself as the BSR and
sends a Bootstrap message to the entire network. The Bootstrap
ht
message carries the C-BSR address and priority. Each PIM router
receives Bootstrap messages from all C-BSRs and compares C-BSR
information to elect a BSR. The BSR is elected according to the
s:
following rules:
The C-BSR with the highest priority wins (larger priority value,
ce
higher priority).
ur
If C-BSRs have the same priority, the C-BSR with the largest
IP address wins.
so
m/
algorithm, and the C-RP with the largest hash value
wins.
co
• If all the preceding parameters are the same, the C-RP
with the largest IP address wins.
.
All PIM routers use the same RP-Set and election rules, so
ei
they obtain mappings between RPs and multicast groups. The
w
PIM routers save the mappings for subsequent multicast
ua
forwarding.
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
sources. Therefore, they can specify the multicast sources from which
ce
to the host.
In the SSM model, PIM-SM uses the following mechanisms: neighbor
Re
PIM routers that receive the Join message create (S1, G) and
(S2, G) entries according to the Join message. In this way,
Le
RPF check
When a router receives a multicast packet, it searches the
ht
unicast routing table for the route to the source address of the
packet. After finding the route, the router checks whether the
outbound interface of the route is the same as the inbound
s:
and finds that the multicast stream from this source should
arrive at interface S0. Therefore, the RPF check fails and the
Le
and finds that the RPF interface is also S0. The RPF check
Mo
Case description
In this case, interconnection IP addresses are configured
ht
Command usage
The multicast routing-enable command enables the
ht
running on an interface.
Precautions
so
Case description
The network topology is the same as that in PIM-DM
ht
Command usage
The pim sm command enables PIM-SM on an interface.
ht
The method for checking the SPT in a PIM-SM network is similar to the
method for checking the RPT.
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
The method for checking the SPT in a PIM-SM network is similar to the
method for checking the RPT.
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
In this case, interconnection IP addresses are configured
ht
Pre-configuration
This page provides the basic OSPF configuration. In this case,
ht
Results:
A Bootstrap message is transmitted from R1 to R2 and fails
ht
Results:
A Bootstrap message is transmitted from R1 to R2 and fails
ht
Results:
The ACL restricts the multicast address range.
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
address structure allows for 2128 (4.3 billion x 4.3 billion x 4.3
billion x 4.3 billion) possible addresses. The biggest advantage
of IPv6 is its almost infinite address space.
s:
efficiently.
Autoconfiguration and readdressing: IPv6 provides address
ng
forwarding efficiency.
End-to-end security support: IPv6 supports IP Security (IPSec)
authentication and encryption at the network layer, so it
re
m/
field in the packet header. This field enables network routers to
differentiate data flows and provide special processing for the
co
identified data flows. With this field, the routers can identify
data flows without checking the inner data packets being
.
transmitted. In this way, QoS can be implemented even if the
ei
valid payloads of data packets are encrypted.
w
Mobility: With the support for Router header and Destination
ua
option header, IPv6 provides built-in mobility.
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
It should be noted that an IPv6 address can contain only one double
colon (::). Otherwise, a computer cannot determine the number of zeros
ht
If the first 3 bits of an IPv6 unicast address are not 000, the interface ID
must be of 64 bits. If the first 3 bits are 000, there is no such limitation.
ht
interface ID. In the MAC address, c bits indicate the vendor ID,
ce
between c and d.
The method for converting MAC addresses into IPv6 interface
Re
an IPv6 address.
The defect of this method is that an IPv6 address can be easily
ar
anycast mode.
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
entries.
A global unicast address consists of a global routing prefix,
ce
Link-local address
Link-local addresses have a limited application scope. An IPv6
ht
uniqueness.
• Allows private connections between sites without
creating address conflicts.
re
Mo
en
• Has a well-known prefix (FC00::/7) that allows for easy
m/
route filtering by edge routers.
• Does not conflict with any other addresses or cause
co
Internet route conflicts if it is leaked outside of the site
through routing.
.
• Functions as a global unicast address to upper-layer
ei
applications.
w
• Is independent of the Internet Service Provider (ISP).
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Unspecified address
An IPv6 unspecified address is 0:0:0:0:0:0:0:0/128 or ::/128,
ht
address.
An IPv6 multicast address is composed of a prefix, flag, scope,
ur
address.
• Scope: is 4 bits long. It limits the scope where multicast
ar
multicast group. RFC 2373 does not define all the 112
bits as a group ID but recommends using the low-order
32 bits as the group ID and setting all the remaining 80
re
bits to 0s.
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
address.
An IPv6 multicast address is composed of a prefix, flag, scope,
ur
address.
• Scope: is 4 bits long. It limits the scope where multicast
ar
multicast group. RFC 2373 does not define all the 112
bits as a group ID but recommends using the low-order
32 bits as the group ID and setting all the remaining 80
re
bits to 0s.
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
An IPv6 packet has three parts: an IPv6 basic header, one or more
IPv6 extension headers, and an upper-layer protocol data unit (PDU).
ht
Extension headers
• An IPv6 extension header is an optional header that
so
communications.
• The extension information about packet forwarding in
an IPv6 extension header is not parsed by all the
re
destination router.
en
Upper-layer protocol data unit
m/
• An upper-layer PDU is composed of the upper-layer
protocol header and its payload such as an ICMPv6
co
packet, a TCP packet, or a UDP packet.
.
Fields in an IPv6 packet header are described as follows:
ei
Version: is 4 bits long. In IPv6, the Version field value is 6.
w
Traffic Class: is 8 bits long. It indicates the class or priority of
ua
an IPv6 packet. The Traffic Class field is similar to the TOS
field in an IPv4 packet and is mainly used in QoS control.
.h
Flow Label: is 20 bits long. This field is added in IPv6 to
differentiate traffic. A flow label and source IP address identify
g
a data flow. Intermediate network devices can effectively
in
differentiate data flows based on this field.
Payload Length: is 16 bits long, which indicates the length of
rn
the IPv6 payload. The payload is the rest of the IPv6 packet
ea
following the basic header, including the extension header and
upper-layer PDU. This field indicates only the payload with the
/l
maximum length of 65535 bytes. If the payload length exceeds
65535 bytes, the field is set to 0. The payload length is
:/
expressed by the Jumbo Payload option in the Hop-by-Hop
Options header.
tp
Next Header: is 8 bits long. This field identifies the type of the
ht
first extension header that follows the IPv6 basic header or the
protocol type in the upper-layer PDU.
Hop Limit: is 8 bits long. This field is similar to the Time to Live
s:
m/
Next Header: is 8 bits long. It is similar to the Next Header field
in the IPv6 basic header, indicating the type of the next
co
extension header (if existing) or the upper-layer protocol type.
Extension Header Len: is 8 bits long, which indicates the
.
extension header length excluding the Next Header field.
ei
Extension Head Data: is of variable lengths. It includes a
w
series of options and the padding field.
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Each extension header can only occur once in an IPv6 packet, except
for the Destination Options header. The Destination Options header
ht
may occur at most twice (once before a Routing header and once
before the upper-layer header).
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
the value of the Type field is 1. The value of the Code field can
be 0, 1, 2, 3, and 4. Each value has a specific meaning
ce
(defined in RFC2463)
• Code=0: No route to the destination device.
ur
administratively prohibited.
• Code=2: Not assigned.
Re
because the size of the packet exceeds the link MTU of the
outbound interface, the router sends an ICMPv6 Packet Too
ar
m/
If a router receives a packet with the hop limit being 0, it
discards the data packet and sends an ICMPv6 Time
co
Exceeded message to the source node. In a Time Exceeded
message, the value of the Type field is 3. The value of the
.
Code field can be 0 or 1.
ei
• Code=0: Hop limit exceeded in packet transmission
• Code=1: Fragment reassembly timeout
w
ua
Parameter Problem message
If an IPv6 node detects an error in the IPv6 packet header or
.h
extension header, the IPv6 node discards the data packet and
sends an ICMPv6 Parameter Problem message to the source
g
node, specifying the location and type of the error. In a
in
Parameter Problem message, the value of the Type field is 4.
The value of the Code field can be 0, 1, or 2. The 32-bit Point
rn
field indicates the location of the error. The Code field is
ea
defined as follows:
• Code=0: A field in the IPv6 basic header or extension
header is incorrect.
/l
• Code=1: The Next Header field in the IPv6 basic
:/
header or extension header cannot be identified.
• Code=2: Unknown options exist in the extension
tp
header.
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
m/
of PC1, and the destination IP address is the multicast address
of PC2 (this multicast address is called a solicited-node
co
multicast address composed of the prefix FF02::1:FF00:0/104
and the last 24 bits of the corresponding unicast address).
.
The destination IP address to be parsed is the IPv6 address of
ei
PC2. This indicates that PC1 wants to know the link-layer
w
address of PC2. The Options field in the NS message carries
ua
the link-layer address of PC1.
After receiving the NS message,PC2 replies with an NA
.h
message. In the NA reply message, the source address is the
IPv6 address of PC2, and the destination address is the IPv6
g
address of PC1 (the NS message is sent to PC1 in unicast
in
mode using the link-layer address of PC1). The Options field
rn
carries the link-layer address of PC2. This is the whole
address resolution process.
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
use the tentative address for unicast communication but will join two
multicast groups: ALL-nodes multicast group and Solicited-node
multicast group.
s:
ce
m/
message to the All-nodes multicast group to which the
address belongs. The NA message carries IP address
co
2000::1. In this way, PC1 can find that the tentative
address is duplicate after receiving the message and
.
will not use the address.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Type field.
Router Solicitation (RS) message: After being connected to the
so
Address autoconfiguration
ng
m/
effect. The host is connected to the network and can
communicate with the local node.
co
• The host sends an RS message or receives RA
messages routers periodically send.
.
• The host obtains the IPv6 address based on the prefix
ei
carried in the RA message and the interface ID
w
generated in EUI-64 format.
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
m/
is on the same network segment as the source IP address of
the packet.
co
After checking the source address of the packet, the router
finds a neighboring device in the neighbor entries that uses
.
this address as the global unicast address or the link-local
ei
address.
w
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
the transmission path, the transit device sends a Packet Too Big
ce
message to the source node. The Packet Too Big message contains
the MTU value of the outbound interface on the transit device. After
ur
receiving the message, the source node changes the PMTU value to
the received MTU value and sends packets based on the new MTU.
so
address.
the four links are 1500, 1500, 1400, and 1300 bytes
respectively. Before sending a packet, the source node
ar
again.
Mo
en
When the packet is sent to the outbound interface with MTU
m/
1300, the router returns another Packet Too Big message that
carries MTU 1300. The source node receives the message
co
and fragments the packet based on MTU 1300. In this way, the
source node sends the packet to the destination address and
.
discovers the PMTU of the transmission path.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
network segments.
Therefore, you do not need to configure OSPFv3 on the
interfaces in the same network segment. It is only required that
s:
In OSPFv3, Router IDs, area IDs, and LSA link state IDs no
longer indicate IP addresses, but the IPv4 address format is
Le
still reserved.
Neighbors are identified by Router IDs instead of IP addresses
in broadcast, NBMA, or P2MP networks.
re
m/
field of LSAs of OSPFv3. Thus, OSPFv3 routers can process
LSAs of unidentified types, which makes the processing more
co
flexible.
• OSPFv3 can store or flood unidentified packets,
.
whereas OSPFv2 just discards unidentified packets.
ei
• OSPFv3 floods packets in an OSPF area or on a link. It
w
sets the U flag bit of packets (the flooding area is
ua
based on the link local) so that unidentified packets are
stored or forwarded to the stub area.
.h
OSPFv3 supports multi-process on a link.
Only one OSPFv2 process can be configured on an OSPFv2
g
physical interface. In OSPFv3, one physical interface can be
in
configured with multiple processes that are identified by
rn
different instance IDs.
OSPFv3 uses IPv6 link-local addresses.
ea
As a routing protocol running on IPv6, OSPFv3 also uses link-
local addresses to maintain neighbor relationships and update
/l
LSDBs. Except Vlink interfaces, all OSPFv3 interfaces use
link-local addresses as the source address and that of the next
:/
hop to transmit OSPFv3 packets. The advantages are as
follows:
tp
m/
even if global IPv6 addresses are not configured or they are
configured in different network segments, OSPFv3 can still
co
establish and maintain neighbor relationships so that topology
calculation is not based on IP addresses.
.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
The NLPID is an 8-bit field that identifies the protocol packets of the
Re
network layer. The NLPID of IPv6 is 142 (0x8E). If IS-IS supports IPv6,
it advertises routing information through the NLPID value.
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
information.
MP_UNREACH_NLRI: indicates the multiprotocol unreachable
ur
interested in. Then, MLD delivers the learnt information to the multicast
ce
routing protocols used by the routers to ensure that multicast data can
be sent to all links where the receivers reside.
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
of a new querier.
ar
m/
• Hosts send Multicast Listener Report messages to the
IPv6 multicast groups that they want to join without
co
waiting to receive a Query message from the MLD
querier.
.
• The MLD querier (R1) periodically multicasts General
ei
Query messages with destination address FF02::1 to
w
all hosts and routers on the local network segment.
ua
• After PC2 and PC3 receive the Query message, the
host whose delay timer expires first sends a Report
.h
message to G1. If the delay timer of PC2 expires first,
PC2 multicasts a Report message to G1, declaring that
g
it belongs to G1. All hosts on the local network
in
segment can receive the Report message sent from
rn
PC2 to G1. When PC3 receives this Report message, it
does not send the same Report message to G1
ea
because MLD routers (R1 and R2) have known that G1
has members on the local network segment. This
/l
mechanism suppresses duplicate Report messages,
reducing information traffic on the local network
:/
segment.
• PC1 still needs to multicast a Report message to G2,
tp
m/
sends a Multicast-Address-Specific Query message to
the IPv6 multicast group that the host wants to leave.
co
The destination address and group address of the
Query message are the address of this IPv6 multicast
.
group.
ei
If the IPv6 multicast group has other members on the
w
network segment, the members send a Report
ua
message within the maximum response time.
If the querier receives the Report messages from other
.h
members within the maximum response time, the
querier continues to maintain memberships of the IPv6
g
multicast group. Otherwise, the querier considers that
in
the IPv6 multicast group has no member on the local
rn
network segment and stops maintaining memberships
of the IPv6 multicast group.
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
EXCLUDE state.
• Source list: The MLD querier tracks the sources that
Le
records.
en
Receiver Host Status Listening
m/
Multicast routers running MLDv2 listen to the receiver host
status to record and maintain information about hosts that join
co
IPv6 multicast groups on the local network segment.
.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
the IPv4 protocol stack and IPv6 protocol stack. The source device
selects a protocol stack according to the IP address of the destination
device. Network devices between the source and destination devices
s:
backbone network, all devices must support the IPv4/IPv6 dual stack,
and interfaces connected to the dual-stack network must have both
so
name.
re
Mo
en
The R1 in the figure supports IPv4/IPv6 dual stack. If the host
m/
needs to access network server at IPv4 address 10.1.1.1, the
host can access the network server through the IPv4 protocol
co
stack of R1.If the host needs to access the network server at
IPv6 address 3ffe:yyyy::1, the host can access the network
.
server through the IPv6 protocol stack of R1.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
During early transition, IPv4 networks are widely deployed, while IPv6
networks are isolated islands. IPv6 over IPv4 tunneling allows IPv6
ht
The IPv4 address of the source end of an IPv6 over IPv4 tunnel must
Le
m/
obtain the IPv4 address of the destination end, which must be
manually configured so that the packets can be correctly
co
forwarded to the tunnel end.
Automatic tunnel: The edge routing device can automatically
.
obtain the IPv4 address of the destination end and does not
ei
require you to manually configure an IPv4 address for the
w
destination end. In most cases, two interfaces on both ends of
ua
an automatic tunnel use IPv6 addresses that contain
embedded IPv4 addresses so that the destination IPv4
.h
address can be extracted from the destination IPv6 address of
IPv6 packets.
g
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
traverses IPv4.
Disadvantage: must be manually configured.
so
Switching (MPLS).
ce
6to4 tunnels.
Packet forwarding process is as follows:
After R1 receives an IPv6 packet destined for R2, R1 searches
ng
and finds that the next hop is a tunnel interface. The tunnel
configured on R1 is an automatic IPv4-compatible IPv6 tunnel.
ar
m/
packet to obtain the IPv6 packet and sends the IPv6 packet to
the IPv6 protocol stack for processing. An IPv6 packet is sent
co
from R2 to R1 following a similar process.
.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
router interface and cannot be changed, and the last 16 bits (SLA) can
ni
An IPv4 address can only be used as the source address of one 6to4
tunnel. If one edge router connects to multiple 6to4 networks and uses
ht
the same IPv4 address as the tunnel source address, SLA IDs in 6to4
addresses are used to differentiate the 6to4 networks. These 6to4
networks, however, share the same 6to4 tunnel.
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
6to4 relay is a next-hop device that forwards IPv6 packets of which the
destination address is not a 6to4 address but the next-hop address is a
6to4 address. The tunnel destination IPv4 address is obtained from the
s:
IPv6 network, a route must be configured on the edge router, and the
next-hop address of the route to the IPv6 network is specified as the
so
6to4 address of the 6to4 relay. The 6to4 address of the relay matches
the source address of the 6to4 tunnel. Packets to be sent from 6to4
Re
network 2 to the IPv6 network are first sent to the 6to4 relay according
to the next hop specified in the routing table. The 6to4 relay then
forwards the packet to the IPv6 network. When a packet needs to be
ng
sent from the IPv6 network to 6to4 network , the 6to2 relay
ni
addresses.
en
• The hosts then generate a link-local IPv6 address
m/
according to the ISATAP interface identifier. Then the
two hosts have IPv6 communication capabilities on the
co
local link.
• The hosts perform address autoconfiguration and
.
obtain IPv6 global unicast addresses and ULA
ei
addresses.
w
• The host obtains an IPv4 address from the next hop
ua
IPv6 address as the destination address, and forwards
packets through the tunnel interface to communicate
.h
with another IPv6 host. If the destination host is within
the local site, the next hop is the destination host. If the
g
destination host is in a different site, the next hop
in
address is the address of the ISATAP router.
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Example description:
The device addresses are determined as follows:
ht
Precautions:
The policy usage is similar to that in IPv4.
so
Re
ng
ni
ar
Le
re
Mo
en
m/
co
.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Example description:
The device addresses are determined as follows:
ht
autoconfiguration.
so
Precautions:
OSPFv3 has similar features as OSPFv2.
Re
ng
ni
ar
Le
re
Mo
en
m/
co
.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Example description:
The device addresses are determined as follows:
ht
Precautions:
so
Example description:
The device addresses are determined as follows:
ht
which BGP packets are sent, and a source address used for
initiating a connection.
so
Precautions:
ng
Example description:
IPv6 and IPv4 addresses have been specified.
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
interface of a tunnel.
ipv6 address { ipv6-address prefix-length }: configures IPv6
so
Example description:
IPv6 and IPv4 addresses have been specified.
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
interface of a tunnel.
ipv6 address { ipv6-address prefix-length }: configures IPv6
so
entities:
• Customer Edge (CE): a device that is deployed at the
so
m/
can connect to multiple PE devices of the same SP or different
SPs.
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Site
A site is a group of IP systems with IP connectivity, which can
ht
A public routing and forwarding table and a VRF differ in the following
so
aspects:
A public routing table contains IPv4 routes of all the PE and P
Re
m/
and maintain a VRF independent of the public routing and
forwarding table. Each VPN instance can be considered as a
co
virtual device, which maintains an independent address space
and connects to VPNs through interfaces.
.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
the problem that BGP cannot distinguish VPN routes with the same IP
address prefix.
RDs distinguish the IPv4 prefixes with the same address space. The
s:
A VPN target, also called the route target (RT), is a 32-bit BGP
extension community attribute. BGP/MPLS IP VPN uses VPN targets to
ht
routes and sets the export target attribute for those routes. The
export target attribute is advertised with the routes as a BGP
so
A VPN target defines which sites can receive a VPN route and which
VPN routes of which sites can be received by a PE device.
ar
The reasons for using the VPN target instead of the RD as the
Le
m/
with multiple VPN targets. With multiple extended community
attributes, BGP can greatly improve the flexibility and
co
expansibility of a network.
VPN targets can be used to control route advertisement
.
between different VPNs on a PE device. With properly
ei
configured VPN targets, different VPN instances on a PE
w
device can import routes from each other.
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Traditional BGP-4 defined in RFC 1771 can manage only the IPv4
routes but cannot process VPN routes that have overlapping address
ht
spaces.
To correctly process VPN routes, VPNs use MP-BGP defined in RFC
2858 (Multiprotocol Extensions for BGP-4). MP-BGP supports multiple
s:
in the Network Layer Reachability Information (NLRI) field and the Next
Hop field of an MP-BGP Update message.
ur
(Assigned Numbers).
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
devices. However, you must configure different instances for each VRF
ce
After a PE1 device receives an IPv4 route from a CE1 device, the PE
device adds the manually configured RD of the VRF to the route to
ht
change the IPv4 route into a VPNv4 route. Then the PE device
changes the Next_Hop attribute in the Route Advertisement message
to its own Loopback address and adds a VPN label (randomly
s:
generated by MP-IBGP) to the route. After that, the PE device adds the
ce
Export Route Target attribute to the route and sends the route to all the
PE neighbors. In VRP5.3, after MPLS is enabled on PE1, PE1 uses
ur
may be sent back to the VPN site after the routes traverse the
backbone network. This may cause routing loops in the VPN site. The
Site or Origin (SOO) specifies the source site and prevents routing
ng
loops.
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
After PE2 receives a VPNv4 route advertised by PE1, PE2 converts the
VPNv4 route into an IPv4 route and adds the IPv4 route to the
ht
routing protocol between the PE and CE devices. The next hop in the
ce
used for packet forwarding. An outer label directs packets to the BGP
ce
next hop. An inner label indicates the outbound interface for the packet
or the VPN instance to which the packet belongs. MPLS forwarding is
ur
CE2 sends an IP packet destined for CE1. After receiving the packet,
PE2 encapsulates an inner label 15362 and then an outer label 1024 to
ht
the packet and forwards the packet to the P device. After receiving the
packet, the penultimate hop P pops out the outer label, retains the inner
label, and forwards the packet to PE1 based on the outer label. PE1
s:
determines the VPN site to which the packet belongs based on the
ce
inner label, removes the inner label, and forwards the packet to CE1.
ur
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
In this case, the addresses for interconnecting devices are as
ht
follows:
• If RTX interconnects with RTY, the addresses are
XY.1.1.X and XY.1.1.Y, network mask is 24.
s:
Command usage
ip binding vpn-instance: binds the current AC interface to a
ht
Precautions
After a VPN instance is bound to or unbound from an interface,
ce
Case description
In this case, the addresses for interconnecting devices are as
ht
follows:
• If RTX interconnects with RTY, the addresses are
XY.1.1.X and XY.1.1.Y, network mask is 24.
s:
Command usage
ip binding vpn-instance: binds the current AC interface to a
ht
Precautions
Specify a VPN instance for each RIP process on the PE
ce
device.
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
In this case, the addresses for interconnecting devices are as
ht
follows:
• If RTX interconnects with RTY, the addresses are
XY.1.1.X and XY.1.1.Y, network mask is 24.
s:
Command usage
ip binding vpn-instance: binds the current AC interface to a
ht
Precautions
Specify a VPN instance for each IS-IS process on the PE
ce
device.
ur
Case description
In this case, the addresses for interconnecting devices are as
ht
follows:
• If RTX interconnects with RTY, the addresses are
XY.1.1.X and XY.1.1.Y, network mask is 24.
s:
Command usage
ip binding vpn-instance: binds the current AC interface to a
ht
device.
Deleting a VPN instance or disabling a VPN instance IPv4
ur
address family will delete all the OSPF processes bound to the
VPN instance or the VPN instance IPv4 address family on the
so
PE.
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Case description
In this case, the addresses for interconnecting devices are as
ht
follows:
• If RTX interconnects with RTY, the addresses are
XY.1.1.X and XY.1.1.Y, network mask is 24.
s:
Command usage
ip binding vpn-instance: binds the current AC interface to a
ht
Precautions
VPN sites in the same AS or with different private AS numbers
ur
Concepts
Two network devices establish a BFD session to detect the
ht
local device periodically sends BFD packets. If the local device does
not receive a response from the peer device within the detection time, it
ur
considers the forwarding path faulty. BFD then notifies the upper-layer
application for processing.
so
connections to neighbors.
After setting up a neighbor relationship, OSPF notifies neighbor
ar
After the BFD session is set up, BFD starts to detect link faults and
rapidly responds to link faults.
re
m/
Down.
BFD notifies the local OSPF device that the BFD peer is unreachable.
co
Local OSPF process tears down the connection with the OSPF
neighbor.
.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
The BFD sessions have the following status: Down, Init, Up, and Down.
Down: indicates that a BFD session is in the Down state or has just
ht
After receiving the BFD message with the State field as Down from
R1, R2 switches the session status to Init and sends a BFD message
with State field as Init.
ng
processes the received BFD messages with the State field as Down.
The BFD session status change on R1 is the same as that on R2.
ar
After receiving the BFD message with the State field as Init, R2
changes the local BFD session status to Up.
Le
Common Commands
Single-hop detection and multi-hop detection
ht
session.
• The commit command submits the
so
When a router fails, neighbors at the routing protocol layer detect that
their neighbor relationships are Down and then become Up again after
ht
RP. One is the active board and the other is the standby board. If the
active board restarts, the standby board becomes the active one. The
Re
distributed structure is used. That is, data forwarding and control are
separated, and LPUs are responsible for data forwarding.
System software: When the active control board is running, it
ng
remain Up.
Protocols: Graceful restart (GR) must be supported for related
Le
OSPF GR terms:
GR Restarter: indicates the GR-capable device where protocol restart
occurs.
ng
m/
When R2 receives the Grace LSA sent by R1, it maintains the
neighbor relationship with R1.
co
R1 and R2 exchange hello and DD packets and synchronize LSDB to
each other. LSAs are not generated during GR; therefore, if R1
.
receives its own LSAs from R2 during LSDB synchronization, it stores
ei
them and adds the Stable tag.
w
After LSDB synchronization is complete, R1 sends Grace LSA to
ua
notify R2 that the GR is finished. R1 starts the OSPF process and
regenerates LSAs, and then deletes the LSAs that are tagged Stable
.h
and not regenerated.
After restoring all routing entries, R1 starts to recalculate routes and
g
updates the FIB table.
in
OSPF GR commands:
The opaque-capability enable command enables the Opaque-LSA
rn
capability. After Opaque-LSA capability is enabled, an OSPF process
ea
can generate Opaque-LSAs and receive Opaque-LSAs from
neighboring devices.
/l
The graceful-restart command enables OSPF GR.
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
To support the GR feature, IS-IS adds the Restart TLV field to hello
packets and defines three timers.
T1 timer is similar to the IIH timer used in the IS-IS protocol. When a
s:
fails.
T3 defines the maximum time during which the GR Restarter
performs GR. If LSDB synchronization is not complete when the T3
ng
m/
relationship with R1 and sends a hello packet. Then R2 sends a CSNP
packet and an LSP packet to R1 to help LSDB synchronization.
co
When the interface of R1 receives the hello packet and all CSNP
packets, R1 deletes the T1 timer; otherwise, R1 periodically sends hello
.
packets until it receives all hello packets and CSNP packets. If the
ei
number of times the T1 timer expires reaches the maximum value, the
w
T1 timer is also deleted.
ua
When the LSDB synchronization is complete, R1 deletes the T2 timer.
After all T2 timers are deleted, R1 starts to delete T3 timers. When
.h
the GR is complete, R1 starts the IS-IS process. IIH timer is started on
all interfaces, and then R1 can periodically send hello packets.
g
After restoring all routing entries, R1 starts to recalculate routes and
in
updates the FIB table.
rn
IS-IS GR command:
The graceful-restart command enables IS-IS GR.
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
LAND attack
Because of the vulnerability in the 3-way handshake mechanism of
ht
TCP, a LAND attacker sends SYN packets of which the source address
and port of a device are the same as the destination address and port
respectively. After receiving the SYN packet, the target host creates a
s:
null TCP connection with the source and destination addresses as the
ce
address of the target host. The connection is kept until expiration. The
target host will create many null TCP connections, wasting resources or
ur
server closes the connection and updates the session status in memory.
The interval from the sending of initial SYN+ACK packet to connection
so
of SYN packets to the open interfaces and does not respond to the
SYN+ACK packets from the server. Then, memory of the server is
overloaded and cannot accept new connection requests. As a result,
ng
After defense against TCP SYN flood attacks is enabled, the device
limits the rate of TCP SYN packets so that system resources will not be
ar
exhausted by attacks.
Le
The anti-attack tcp-syn car command configures the rate limit for
Mo
TCP SYN packets. If the rate of received TCP SYN flood packets
exceeds the limit, the device discards excess packets to ensure normal
working of CPU.
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Loose mode
• In this mode, packets pass the check as long as the
Re
security.
Topology description
Le
m/
The urpf command enables URPF on an interface and set the URPF
mode.
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
IPSG principles
IPSG matches IP packets against static or dynamic DHCP binding
ht
matching entry is found, the device considers the IP packet valid and
ce
Working process
so
binding table, the packets are forwarded; otherwise, the packets are
discarded.
ng
IPSG commands
ni
Topology description
The figure shows a scenario of the MITM attack. The attacker sends a
ht
bogus ARP packet using the PC3's address as the source address to
PC1. PC1 records incorrect address mapping relationship of PC3 in the
ARP table. The attacker thus obtains the data sent by PC1 to PC3 and
s:
leaks.
To prevent MITM attacks, configure DAI on S1.
ur
snooping binding table and discards the ARP packet. If the ARP
discarding alarm is enabled on S1, when the number of discarded ARP
Re
DAI uses DHCP snooping binding table to defend against MITM attacks.
ni
ARP packet with entries in the binding table. If an entry is matched, the
device considers the packet valid and forwards it; otherwise, the device
Le
DAI command
re
and jitter.
Best-Effort is not belongs to the QOS technical in strict, but is
ar
m/
The IntServ model, developed by IETF in 1993, supports
various types of service on IP networks. It provides both real-
co
time service and best-effort service on IP networks. The
IntServ model reserves resources for each information flow.
.
The source and destination hosts exchange RSVP messages
ei
to establish packet categories and forwarding status on each
w
node along the transmission path. The model maintains a
ua
forwarding state for each flow, so it has a poor extensibility.
There are millions of flows on the Internet, which consume a
.h
large number of device resources. Therefore, this model is not
widely used. In recent years, IETF has modified the RSVP
g
protocol, and defines that RSVP can be used together with the
in
DiffServ model, especially in the MPLS VPN field. Therefore,
rn
RSVP has a new improvement. However, this model still has
not been widely used. THe DiffServ model addresses
ea
problems in the IntServ mode, so the DiffServ model is a
widely used QoS technology.
DiffServ model
/l
:/
The IntServ has a poor extensibility. After 1995, SPs and
research organizations developed a new mechanism that
tp
Precedence field
The 8-bit Type of Service (ToS) field in an IP packet header
ht
7 are reserved.
Apart from the Precedence field, a ToS field also contains the
so
D, T, and R sub-fields:
• Bit D indicates the delay. The value 0 represents a
Re
reliability.
Le
DSCP field
RFC 2474 redefines the TOS field. The right-most 6 bits
identify service type and the left-most 2 bits are reserved.
re
m/
each BA matches a PHB (such as forward and discard), and
then the PHB is implemented using some QoS mechanisms
co
(such as traffic policing and queuing technologies).
DiffServ network defines four types of PHB: Expedited
.
Forwarding (EF), Assured Forwarding (AF), Class Selector
ei
(CS), and Default PHB (BE PHB). EF PHB is applicable to the
w
services that have high requirements on delay, packet loss,
ua
jitter, and bandwidth. AF PHBs are classified into four
categories and each AF PHB category has three discard
.h
priorities to specifically classify services. The performance of
AF PHB is lower than the performance of EF PHB. CS PHBs
g
originate from IP TOS, and are classified into 8 categories. BE
in
PHB is a special type in CS PHB, and does not provide any
rn
guarantee. Traffic on IP networks belongs to this category by
default.
ea
Priority mapping configuration
/l
Configure the trusted packet priorities: Run the trust command
to specify the packet priority to be mapped.
:/
Configure the priority mapping table: Run the qos map-table
command to enter the 802.1p or DSCP mapping table view,
tp
Token bucket
A token bucket with a certain capacity stores tokens. The
ht
limit.
so
Single-rate-single-bucket
A token bucket is called bucket C. Tc indicates the number of
Re
Single-Rate-Double-Bucket
Two token buckets are available: bucket C and bucket E. Tc and Te
ht
EBS, Te increases.
• If Tc is equal to the CBS and Te is equal to the EBS,
ar
Double-Rate-Double-Bucket
Two token buckets are available: bucket P and bucket C. Tp and Tc
ht
unchanged.
en
B indicates the size of an arriving packet:
m/
• If B is greater than Tp, the packet is colored red.
• If B is greater than Tc and smaller than or equal to Tp,
co
the packet is colored yellow and Tp decreases by B.
• If B is smaller than or equal to Tc, the packet is colored
.
green, and Tp and Tc decrease by B.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
co
.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
requirements.
ni
If the rate of a type of traffic exceeds the threshold, the device lowers
the packet priority and then forwards or directly discards the packets.
ar
decreases.
• If there are insufficient tokens in the bucket, the device
ng
When there are packets in the buffer queue, the system extracts the
packets from the queue and sends them periodically. Each time the
ar
m/
• Run the qos queue-profile queue-profile-name
command to create a queue profile and display the
co
queue profile view.
• Run the queue { start-queue-index [ to end-queue-
.
index ] } &<1-10> length { bytes bytes-value | packets
ei
packets-value } command to set the length of each
w
queue.
ua
• Run the queue { start-queue-index [ to end-queue-
index ] } &<1-10> gts cir cir-value [ cbs cbs-value ]
.h
command to configure queue-based traffic shaping. By
default, traffic shaping is not performed for queues.
g
• Run the qos queue-profile queue-profile-name
in
command to apply the queue profile to an interface.
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
space for storing the packets, some packets are discarded. When
packets are discarded, hosts or routers retransmit the packets, leading
to a vicious circle.
s:
Initially, there is only one queue scheduling policy, that is, First-in-First-
out. To meet different service requirements, more scheduling policies
are developed.
ng
m/
interface. If the interface bandwidth is high, transmission delay is short,
so queue length can be long. An appropriate hardware queue length is
co
important. If the hardware queue length is too long, the policy execution
performance of the software queue degrades because the hardware
.
queue uses the FIFO mechanism for scheduling. If the hardware queue
ei
length is too short, scheduling efficiency is low, link use efficiency is low,
w
and the CPU usage is high.
ua
LAN ports support the FQ and WRR queues.
WAN ports support the FQ and WFQ queues.
.h
Configuration commands:
g
Run the qos queue-profile queue-profile-name command to
in
create a queue profile and display the queue profile view.
On the WAN-side interface, run the schedule{ { pq start-
rn
queue-index [ to end-queue-index ] } | {wfq start-queue-index
ea
[ to end-queue-index ] } command to set a scheduling mode
for each queue on the WAN-side interface.
/l
On the LAN-side interface, run the schedule{ { pq start-
queue-index [ to end-queue-index ] } | { drr start-queue-index
:/
[ to end-queue-index ] } | {wrr start-queue-index [ to end-
queue-index ] } command to set a scheduling mode for each
tp
FIFP characteristics:
Advantages:
ht
• Simple
Disadvantages:
• Unfair and no separation between flows. A large flow
s:
RR
Advantages:
ht
queues.
Disadvantages:
ce
Compared with RR, WRR can set the weights of queues. During the
WRR scheduling, the scheduling chance obtained by a queue is in
ht
in a timely manner.
• It is easy to implement.
Re
PQ
PQ has four-level queues, including Top, Middle, Normal, and
ht
disadvantages.
PQ ensures that the packets in high-priority queues obtain
ur
mechanism.
• When the queue length is set to 0, the queue length
ar
space is exhausted.
• The FIFO logic is used internal the queue.
• The packets in low-priority queues are scheduled only
re
m/
• Precisely controls the delay of high-priority queues.
• Easy to implement, differentiating services
co
Disadvantages:
• Cannot allocate bandwidth as required. When high-
.
priority queues have many packets, the packets in low-
ei
priority queues cannot be scheduled.
w
• It shortens the delay of high-priority queues by
ua
compromising the service quality of low-priority queues.
• If a high-priority queue transmits TCP packets and a
.h
low-priority queue transmits UDP packets, the TCP
packets are transmitted at a high speed, while UDP
g
packets cannot obtain sufficient bandwidth.
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
CQ
The number of bytes to be scheduled must be specified for
ht
Disadvantages:
• When the specified number of bytes is small,
Le
WFQ
Weighted Fair Queuing (WFQ) classifies packets by flow. On
ht
the packets with the same labels and EXP fields belong to the
ce
the weight value of the flow is, the smaller the bandwidth the
flow obtains. The greater the weight value of the flow is, the
Re
obtain the bandwidth of 1/36, 2/36, 3/36, 4/36, 5/36, 6/36, 7/36,
and 8/36. Thus, WFQ assigns different scheduling weights to
services of different priorities while ensuring fairness between
re
Advantages:
en
The queues are scheduled fairly based on the
m/
granularity of bytes.
Differentiates services and allocates weights.
co
Properly controls delay and reduces jitter.
Disadvantages:
.
Difficult to implement.
w ei
ua
g .h
in
rn
ea
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
Congestion Avoidance
Tail drop is a traditional method in the congestion avoidance
ht
the bottom and the peak. The delay and jitter of certain traffic
are affected.
ar
The traditional packet loss policy uses the tail drop method.
When the queue length reaches the upper limit, the excess
Le
m/
(WRED) based on RED technology. WRED discards packets
in queues based on DSCP field or IP precedence. The upper
co
drop threshold, lower drop threshold, and drop probability can
be set for each priority. When the number of packets of a
.
priority reaches the lower drop threshold, the device starts to
ei
discard packets. When the number of packets reaches the
w
upper drop threshold, the device discards all the packets. A
ua
higher threshold indicates a high drop probability. The
maximum drop probability cannot exceed the upper drop
.h
threshold. WRED discards packets in queues based on the
drop probability, thereby relieving congestion.
g
WRED configuration:
in
• Configure a drop profile.
• Run the drop-profile drop-profile-name
rn
command to create a drop profile and enter the
ea
drop profile view.
• Run the dscp{ dscp-value1 [ to dscp-value2 ] }
/l
&<1-10> low-limit low-limit-percentage high-
limit high-limit-percentage discard-percentage
:/
discard-percentage command to set DSCP-
based WRED parameters.
tp
interface.
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
classifier does not contain ACL rules, packets match the traffic
classifier only when the packets match all the non-ACL rules.
so
m/
• Run the traffic classifier classifier-name [ operator
{ and | or } ] command to create a traffic classifier and
co
enter the traffic classifier view.
Configure a traffic behavior.
.
• Run the traffic behavior behavior-name command to
ei
create a traffic behavior and enter the traffic behavior
w
view.
ua
Configure a traffic policy.
• Run the traffic policy policy-name command to create
.h
a traffic policy and enter the traffic policy view.
• The classifier behavior command binds a traffic
g
behavior to a traffic classifier to a traffic behavior in a
in
traffic policy.
Run the traffic-policy policy-name { inbound | outbound }
rn
command to apply a traffic policy to the interface or sub-
ea
interface in the inbound or outbound direction.
/l
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
Mo
re
Le
ar
ni
ng
Re
so
ur
ce
s:
ht
tp
:/
/l
ea
rn
in
g .h
ua
w ei
. co
m/
en
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
SNMP model
NMS station is the manager in a network management system. It
ht
uses the SNMP protocol to manage and monitor the network. The NMS
software runs on an NMS server.
Agent is a process on the managed device. The agent maintains data
s:
from the NMS, and then sends the response packets to the NMS.
Management object is the object to be managed. A device may have
ur
managed device and can be queried or set by the agent. MIB defines
attributes of the managed device, including the name, status, access
rights, and data type of objects.
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
process.
GetNext: reads the next parameter value from the MIB of the agent
process.
s:
Set: sets one or several parameter values in the MIB of the agent
ce
process.
Response: returns one or more queried values. The agent performs
ur
Set request, the agent performs the Query or Modify operation using
MIB tables and then sends the responses to the NMS.
Re
agent.
The agent responds and returns requested parameters to the NMS.
The NMS sends a Get request carrying security parameters to the
s:
agent.
The agent encrypts response packet and returns required parameters
ce
to the NMS.
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
NQA Principles
Creating a test instance
ht
the NMS. Then NQA places the test instances into test
queues for scheduling.
ur
protocol packet.
Processing a test instance
ar
m/
client to the destination is reachable. The ICMP test has a similar
function as the ping command, while the ICMP test provides more
co
output information:
By default, the command output shows the results of the latest five
.
tests.
ei
The output includes the average delay, the packet loss ratio, and the
w
time the last packet is correctly received.
ua
Test Procedure
.h
Source (R1) sends an ICMP echo request packet to the destination
(R2).
g
After receiving the ICMP echo request packet, the destination (R2)
in
responds to the source (R1) with an ICMP echo reply packet.
The source (R1) then can calculate the time of communication
rn
between the source (R1) and the destination (R2) by subtracting the
ea
time the source sends the ICMP echo request packet from the time the
source receives the ICMP echo reply packet. The calculated data can
/l
reflect the network performance and operating status.
:/
tp
ht
s:
ce
ur
so
Re
ng
ni
ar
Le
re
Mo
en
m/
. co
w ei
ua
g .h
in
rn
ea
/l
:/
tp
11:00:02 am (T3), to the NTP packet, indicating the time it leaves R2.
When R1 receives this response packet, it adds a new receive
ur
and the clock offset of R1 is 1 hour. R1 sets its own clock based on
ni