Professional Documents
Culture Documents
Version: 3.02.20
ZTE CORPORATION
No. 55, Hi-tech Road South, ShenZhen, P.R.China
Postcode: 518057
Tel: +86-755-26771900
Fax: +86-755-26770801
URL: http://support.zte.com.cn
E-mail: 800@zte.com.cn
LEGAL INFORMATION
Copyright © 2017 ZTE CORPORATION.
The contents of this document are protected by copyright laws and international treaties. Any reproduction or
distribution of this document or any portion of this document, in any form by any means, without the prior written
consent of ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by
contractual confidentiality obligations.
All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE
CORPORATION or of their respective owners.
This document is provided “as is”, and all express, implied, or statutory warranties, representations or conditions
are disclaimed, including without limitation any implied warranty of merchantability, fitness for a particular purpose,
title or non-infringement. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the
use of or reliance on the information contained herein.
ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications
covering the subject matter of this document. Except as expressly provided in any written license between ZTE
CORPORATION and its licensee, the user of this document shall not acquire any license to the subject matter
herein.
ZTE CORPORATION reserves the right to upgrade or make technical change to this product without further notice.
Users may visit the ZTE technical support website http://support.zte.com.cn to inquire for related information.
The ultimate right to interpret this product resides in ZTE CORPORATION.
Revision History
II
III
IV
Intended Audience
This manual is intended for:
Chapter 3, IPv6 Tunnel Configuration Describes IPv6 tunnel technology and principle,
configuration commands, maintenance
commands and configuration examples on the
ZXR10 5960.
Chapter 4, IPv6 ACL Configuration Describes IPv6 ACL technology and principle,
configuration commands, maintenance
commands and configuration examples on the
ZXR10 5960.
Chapter 5, IPv6 Static Route Configuration Describes IPv6 static route technology and
principle, configuration commands, maintenance
commands and configuration examples on the
ZXR10 5960.
Chapter 10, IPv6 QoS Configuration Describes IPv6 QoS technology and principle,
configuration commands, maintenance
commands and configuration examples on the
ZXR10 5960.
Chapter 11, IPv6 Multicast Configuration Describes IPv6 multicast technology and
principle, configuration commands, maintenance
commands and configuration examples on the
ZXR10 5960.
Chapter 13, IPv6 PIM-SM Configuration Describes IPv6 PIM-SM technology and
principle, configuration commands, maintenance
commands and configuration examples on the
ZXR10 5960.
Chapter 14, IPv6 PIM-SSM Configuration Describes IPv6 PIM-SSM technology and
principle, configuration commands, maintenance
commands and configuration examples on the
ZXR10 5960.
Chapter 15, IPv6 Static Multicast Configuration Describes IPv6 Static Multicast technology and
principle, configuration commands, maintenance
commands and configuration examples on the
ZXR10 5960.
Chapter 16, ISATAP Tunnel Configuration Describes ISATAP tunnel technology and
principle, configuration commands, maintenance
commands and configuration examples on the
ZXR10 5960.
II
Chapter 18, IPv6 Basic Configuration Describes frequently used IPv6 configuration
commands and maintenance commands.
Conventions
This manual uses the following typographical conventions:
Italics Variables in commands. It may also refer to other related manuals and documents.
Bold Menus, menu options, function names, input fields, option button names, check boxes,
drop-down lists, dialog box names, window names, parameters, and commands.
Constant Text that you type, program codes, filenames, directory names, and function names.
width
[] Optional parameters.
{} Mandatory parameters.
III
IV
However, the original design did not anticipate the following conditions:
l Recent exponential growth of the Internet and the impending exhaustion of the Internet
Protocol version 4 (IPv4) address space.
l Growth of the Internet and the ability of Internet backbone routers to maintain large
routing tables.
l Need for simpler auto configuration and renumbering.
l Requirement for security at the IP level.
l Need for better support to real-time delivery of data—also called Quality of Service
(QoS).
Note:
Features such as IP Security Protocol (IPSec) and QoS have been specified for both
versions of IP.
Internet Protocol Version 6 (IPv6) features a huge address capacity up to 128 bits, which
is described as below:
l It provides 2128 different IPv6 addresses, that is, the
number of the allocable addresses around the world is
340,282,366,920,938,463,463,374,607,431,768,211,456.
1-1
l It provides 2.2×1020 addresses per cm2 if addresses are allocated based on ground
area of the whole world.
The following are differences between IPv4 and IPv6 in header format.
Figure 1-1 and Figure 1-2 are the header formats of IPv4 and IPv6 respectively. (Numbers
in the tables refer to bit numbers.)
An IPv6 header is simpler than an IPv4 header in structure because many fields in the
IPv4 header that are not frequently used are deleted from the IPv6 header, and are put
into its options and header extension, which are defined more strictly.
l IPv4 contains ten fields with fixed length, two address spaces and some options, while
IPv6 contains only six fields and two address spaces.
l Although an IPv6 header occupies 40 bytes, which is 1.6 times of an IPv4 header with
24-bytes, it does not consume too much memory capacity due to its fixed length (the
length of the IPv4 header is variable).
l The following six fields are deleted from an IPv4 header: header length, type of
service, identifier, flags, fragmented offsets and header checksum. Names and
some functions of the three fields of total length, protocol and Time to Live (TTL) are
changed, and its optional functions is completely changed. Apart from this, two fields
are added: traffic type and flow label.
1-2
l The IPv6 header format is greatly simplified, which effectively pares down overhead of
processing header by a router or switch. At the same time, IPv6 enhances the support
to the extension header and options, which not only allows more efficient forwarding,
but also provides sufficient supports for future load of new applications to networks.
Each IPv6 packet can have 0, 1 or more extension headers. Each extension header
is determined by the "next header" domain of the previous header.
Address Classifications
In RFC 2373, addresses are classified based on the address prefix. For a list of IPv6
address types, refer to Table 1-1.
The broadcast address in IPv6 is not valid any more. RFC2373 defines three types of IPv6
address:
l Unicast
It is the identifier of a single interface. The packets sent to a unicast address will be
transmitted to the interface with this address identifier.
l Multicast
It is the identifier of a group of interfaces. These interfaces belong to different nodes.
The packets sent to a multicast address will be transmitted to all the interfaces with
this address identifier.
l Anycast
It is the identifier of a group of interfaces. These interfaces belong to different nodes.
The packets sent to an anycast address will be transmitted to an interface with this
address identifier (selecting the nearest one by calculating the distance based on
routing protocol).
An IPv6 unicast address can be regarded as an entity with two fields. One field is used
to identify networks and the other is used to identify interfaces of nodes on this network.
In the subsequent description of the specific unicast address types, the user will find that
the network identifier can be divided into several parts, each of which identifies different
network part.
1. Unicast address
1-3
An IPv6 unicast address can have a varied-length prefix. For the structure of the IPv6
unicast address, refer to Figure 1-3.
The IPv6 unicast address can be classified into the following categories:
l Aggregatable Global Unicast Address
This is another kind of aggregation, which is independent of Internet Service
Provider (ISP). The provider aggregatable addresses must be changed as a
provider changes, while the exchange-based addresses are directly located by
an IPv6 switching entity. The exchange provides address blocks, and users and
providers conclude contracts for the network access.
Such network access is either directly provided by a provider, or indirectly provided
by an exchange. However, the routing is through the exchange. In this way, a user
needs not to address again when it changes a provider. At the same time, users
are allowed to use multiple ISPs to process single-block network address.
Aggregatable global unicast addresses include all the addresses whose three
starting bits are 001, which can be used as prefixes for other unallocated
unicast.Table 1-2 lists the aggregatable global unicast address fields.
3 13 8 24 16 64
1-4
When the 16-bit field is dedicated to the plane address space, there are
at most 65,535 different subnets available. If the first eight bits are used
for the internal advanced routing of this institution, then there will be 255
advanced subnets available, and each advanced subnet can have up to 255
sub-subnets.
à Interface identifier
This is a 64-bit field, containing 64-bit values of the IEEE EUI-64 interface
identifier.
l Special Address & Reserved Address
In the first 1/256 IPv6 address space, the first 8 bits 0000 0000 of all the addresses
are reserved. Most of the vacant address spaces are used for special addresses,
including:
à Undesignated address
à Loopback address
In IPv4, the loopback address is defined as 127.0.0.1. Any packet that sends
a loopback address must be sent to a network interface through protocol
stack, instead of being sent to the network link. The network interface itself
shall accept these packets in the same way as it receives packets from
external nodes, and transmits them back to the protocol stack.
1-5
The loopback function is used for software test and configuration. Except
the lowest bit, all the other bits of an IPv6 loopback address are 0, that is, a
loopback address can be expressed as 0:0:0:0:0:0:0:1 or ::1.
à IPv6 address embedded with IPv4 address
In the RFC 2373, IPv6 provides two kinds of addresses. One is the
IPv4-compatible address, which allows the IPv6 node to access IPv4 nodes
that do not support IPv6.. The other is the IPv4-mapping address, which
allows the IPv6 router to transmit IPv6 packets over the IPv4 network in the
tunnel mode, where the nodes understand both IPv4 and IPv6.
The high-order 80 bits of these two kinds of addresses are all set to zeros,
and the low-order 32 bits contain the IPv4 address. If the middle 16 bits of
an address are set to FFFF, it indicates that this address is the IPv6 address
mapping to IPv4 address. For the address structures of these two kinds of
addresses, refer to Table 1-3.
Table 1-3 Structure of the IPv6 Address Embedded With IPv4 Address
80 16 32
80 16 32
RFC 4291 specifies that these addresses are not used in the IPv6 transition
mechanism. It is not required for new implementations to support the above
address structures.
l Link Local Address and Site-Local Address
Using the network Model 10 address to translate IPv4 network addresses provides
an option for the institutions that do not want to apply for globally unique IPv4
network addresses.
A router that resides outside of an institution but used by the institution shall not
forward these addresses. It can neither prevent these addresses from being
forwarded, nor distinguish these addresses from other valid IPv4 addresses. It
is comparatively easier to make configurations for a router to enable it to forward
these addresses.
To realize this function, IPv6 allocates two different address segments from the
globally unique Internet space. Table 1-4 is originated from RFC 4291, indicating
the structures of link-local and site-local addresses. Site-local addresses were
originally designed to be used for addressing inside a site without the need for
a global prefix. The special behavior of this prefix is no longer supported in
new implementations (meaning that new implementations must treat this prefix as
1-6
Link-local Address
10 54 64
Site-local Address
10 38 16 64
Link-local addresses are used in single network link for host numbering. The
address identified by the first ten bits of the prefix is the link-local address. Routers
do not process the packets with link-local addresses at their source end and
destination end because they will never forward these packets.
The middle 54 bits of this address are set to zero, its 64-bit interface identifier is in
the same IEEE structure as mentioned in the foregoing paragraphs, and the part
of this address space allows some networks to connect up to 264-1 hosts.
Link-local addresses are used for the single network link and site-local addresses
are used for sites. It means that site-local addresses can be used to transmit data
in the interconnected networks but cannot be directly routed to the global Internet
from a site.
Routers within a site can only forward packets within the site instead of forwarding
them outside of the site. The 10-bit prefix of a site-local address is immediately
followed by a succession of zeros, which is slightly different from that of a link-local
address. The subnet identifier of a site-local address is 16-bit, and its interface
identifier is still the 64-bit IEEE-based address.
l Open Systems Interconnection (OSI) Network Service Access Point (NSAP)
Address and Internetwork Packet Exchange (IPX) Address
One of the IPv6 objects is to unify the whole network world for among networks
of IP, IPX and OSI. To support this interoperability, IPv6 reserves 1/128 address
space for OSI NSAP address and network IPX address respectively.
At present, the IPX addresses have not been precisely defined. Refer to RFC
1888 (OSI NSAP and IPv6) for description of the NSAP address allocation.
2. Multicast Address
The format of the IPv6 multicast address is different from that of the IPv6 unicast
address. Multicast addresses can only be used as destination addresses. No packet
uses a multicast address as the source address. Table 1-5 shows the format of a
multicast address.
1-7
8 4 4 112
The first byte of the address format is set to full-one, identifying it as a multicast
address. The multicast address occupies the entire 1/256 of the IPv6 address space.
The other parts except the first byte of the multicast address format contain the
following three fields:
l Flags field
This field consists of four single bit flags. Currently, only the bit-4 is designated to
indicate that whether this address is a well-known multicast address designated
by the Internet numbering institution, or a temporary multicast address used in a
specific occasion.
If this flag bit is set to zero, it indicates that this address is a well-known address.
If this flag bit is set to one, it indicates that this address is a temporary address.
The other three flag bits are reserved for future use. The initialization value is 0.
l Scope field
This is a 4-bit field and is used to indicate the range of multicast. That is, whether
a multicast group only includes nodes within the same local network, the same
site or the same institution, or includes nodes that resides anywhere in the IPv6
global address space. The possible 4-bits value ranges from 0 to 15. For the
corresponding ranges, refer to Table 1-6.
0 0 Reserved
1 1 Node-local range
2 2 Link-local range
3 3 Unallocated
4 4 Unallocated
5 5 Site-local range
6 6 Unallocated
7 7 Unallocated
8 8 Institution-local range
9 9 Unallocated
10 A Unallocated
11 B Unallocated
12 C Unallocated
1-8
13 D Unallocated
14 E Global range
15 F Reserved
l Group ID field
The 112-bit multicast ID field identifies a multicast group within a specified range
permanently or temporarily.
3. Anycast Address
A multicast address can be shared by many nodes in a sense. All the nodes of the
members of a multicast address expect to receive all the packets sent to this address.
A router connecting to five different local Ethernet networks shall forward a copy of
these multicast packets to each network respectively (supposing at least one node of
each network subscribes to this multicast address).
Anycast addresses are similar to multicast addresses. Although the two are in the
same case that an anycast address can be shared by multiple nodes, only one node
of an anycast address expects to receive the packet sent to the anycast address.
Anycast is helpful in providing services, especially those requiring no relationship
between client and server, such as, a domain name server and a time server.
A domain name server is nothing but a name server, which provides the same
performance whether it is located closely or remotely.
Similarly, a closely located time server is preferable in terms of accuracy. Therefore,
when a host sends a request to an anycast address to obtain information, it is the
nearest server associated to this anycast address that shall respond.
Anycast addresses are allocated outside of the normal IPv6 unicast address space.
Anycast addresses cannot be distinguished from unicast addresses in their forms, and
each member of an anycast address shall be explicitly configured to identify an anycast
address.
The length of an IPv6 address is four times greater than an IPv4 address, and the
complicacy of expression for an IPv6 address is also four times greater than an IPv4
address. An IPv6 address can be basically expressed as X:X:X:X:X:X:X:X, among which
X is 4-bit hex integers (16-bit). Each number contains four bits, each integer contains four
1-9
numbers and each address contains eight integers. There are totally 128 bits (4 x 4 x 8 =
128). The following are some legal IPv6 addresses:
CDCD: 910A:2222:5498:8475:1111:3900:2020
1030:0:0:0:C9B4:FF12:48AA:1A2B
2000:0:0:0:0:0:0:1
All these integers are hex integers and those from A to F represent 10 to 15. Each integer
of an address must be indicated except for the starting zero. This is a relatively standard
way to express an IPv6 address. Apart from this, there are two more ways that are clearer
and easier to use.
Some IPv6 addresses contain a succession of zeros, similar to the second and the third
examples as mentioned above. In this case, the succession of zeros can be represented
by "pacing", as provided in the relevant standard.
That is to say, the address 2000:0:0:0:0:0:0:1 can be expressed as 2000::1, of which the
two colons mean that the address can be extended to a complete 128-bit address. In this
method, only when the 16-bit group is all-zero, can it be substituted by two colons, which
can only be used once in the address.
Table 1-7 shows examples for compressed formats of IPv6 addresses.
In the environment mixed with IPv4 and IPv6, there may be a third way. The least
significant 32-bit in an IPv6 address can be used to express an IPv4 address in a mixed
way: X:X:X:X:X:X:d.d.d.d, among which X represents a 16-bit and d indicates a 8-bit
decimal integer.
For example, the address 0:0:0:0:0:0:10.0.0.1 is a legal IPv4 address. Therefore, this
address is expressed as: 10.0.0.1 by combining the two possible expressions.
An IPv6 address consists of two parts: subnet prefix and interface identifier. An IP node
address is expected to be expressed in a way similar to that of a CIDR address, as an
address carrying an extra value, indicating how many bits of the address is the mask.
An IPv6 node address indicates the length of a prefix by separating the length from the
IPv6 address with a slash.
For example, in the address of 1030:0:0:0:C9B4:FF12:48AA:1A2B/60, the length of the
prefix for routing is 60-bits
l IPv6 Host Address
1-10
An IPv6 host has many IPv6 addresses even if it has only one single interface. An
IPv6 host can have the following unicast addresses simultaneously.
à The link-local address of each interface
à The unicast address of each interface, which can be a site-local address or one
or more aggregable global addresses
à Loopback address (::1) of a loopback interface
In addition, each host must always keep receiving the data from the following multicast
addresses.
à Multicast addresses (FF01::1) of all the nodes within the node-local range
à Multicast addresses (FF02::1) of all the nodes within the link-local range
à Multicast address of the solicited-node (if the solicited-node group is added to an
interface of the host)
à Multicast address of a multicast group (if any multicast group is added to an
interface of the host)
l IPv6 Router Address
The following unicast addresses can be allocated to an IPv6 router:
à Link-local address of each interface
à Unicast address of each interface, which can be a site-local address or one or
more aggregable global addresses
à Subnet-router anycast address
à Other anycast addresses (optional)
à Loopback address (::1) of a loopback interface
Similarly, apart from these addresses, a router must always keep listening to the data
flow from the following multicast addresses.
à Multicast addresses (FF01::1) of all the nodes within the node-local range
à Multicast addresses (FF02::1) of all the nodes within the link-local range
à Multicast addresses (FF02::2) of all the routers within the link-local range
à Multicast addresses (FF05::2) of all the routers within the site-local range
à Multicast address of the solicited-node (if the solicited-node group is added to an
interface of the router)
à Multicast address of a multicast group (if any multicast group is added to an
interface of the router)
1-11
à A node for auto configuration must determine its own link-local address.
à Authenticate this link-local address to make sure that it is unique in the link.
à The node must determine the information to be configured. Such information can
be the IP address of this node, other configuration information, or both of them.
In case an IP address is needed, the node must determine whether to obtain it
through the stateless auto configuration or through the state auto configuration.
The procedure is as follows:
1. In the stateless auto configuration process, the host adds its network adapter MAC
address after the 1111111010 prefix of the link-local address to create a link-local
unicast address.
IEEE has modified the network adapter MAC address from 48-bit to 64-bit. If the
network adapter MAC address used by the host is still 48-bit, the IPv6 network
adapter driver will convert the 48-bit MAC address to the 64-bit MAC address in
accordance with an IEEE formula.
2. The host sends a neighbor discovery request to the address to check whether the
address is unique.
If there is no response to the request, it indicates that the link-local unicast address
configured by the host itself is unique. Otherwise, the host will use an interface
ID randomly created to form a new link-local unicast address.
3. Taking the address as the source address, the host sends a router solicitation in
the multicast way to all the routers within the local link to request configuration
information. Routers respond to it with a router advertisement containing the
prefix of an aggregable global unicast address and other relevant configuration
information.
1-12
The host automatically uses the global address prefix obtained from routers and
its own interface ID to automatically configure a global address to communicate
with other hosts within the Internet.
Parameter Description
<bytes> Specifies the MTU value in the unit of bytes. The default
value depends on the specific interface type. The minimum
value is 1,280 bytes, and the value range is 1280-9216.
1-13
Command Function
ZXR10#show ipv6 interface brief <interface-name> Shows the brief information about
the specified IPv6 address.
The following is sample output from the show ipv6 interface <interface-name> command:
ZXR10(config)#show ipv6 interface vlan10
Interface vlan10 is up, line protocol is up,
IPv6 protocol is up
IPv6 is enabled, Hardware is Vlan
Hardware address is 00d0.d0be.0200
index 151
Bandwidth 1000000 Kbits
IPv6 MTU is 1500 bytes
inet6 fe80::2d0:d0ff:febe:200/10
inet6 1000::2/64
ND DAD is enabled, number of DAD attempts: 3
ND reachable time is 30000 milliseconds
For a description of the sample output from the show ipv6 interface <interface-name>
command, refer to the following table:
1-14
Method
1. Configure the IP addresses of the interfaces of S1 and S2.
2. Check the configuration results and ensure that S1 and S2 can successfully ping each
other.
Steps
S1 configuration:
S1(config)#interface vlan10
S1(config-if-vlan10)#ipv6 enable
S1(config-if-vlan10)#ipv6 address 3ffe:100::1/64
Or:
S1(config)#interface vlan10
S1(config-if-vlan10)#ipv6 enable
S1(config-if-vlan10)#ipv6 address link-local fe80::1111:2222:3333:4444
S1(config-if-vlan10)#exit
S2 configuration:
S2(config)#interface vlan10
S2(config-if-vlan10)#ipv6 enable
S2(config-if-vlan10)#ipv6 address 3ffe:100::2/64
Or:
S2(config)#interface vlan10
S2(config-if-vlan10)#ipv6 enable
1-15
Verification
Verify the configuration results on S1:
S1#show ipv6 interface brief vlan10
vlan10 [up/up]
fe80::2d1:d1ff:fe3a:7be1
3ffe:100::1/64
S1#ping6 3ffe:100::2
sending 5,100-byte ICMP echo(es) to 3FFE:100:0:0:0:0:0:2,timeout is 2 second(s).
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 9/13/25 ms
1-16
NDP Principle
The IPv6 NDP provides a group of solutions for solving communication-related problems.
The NDP supports address resolution, that is, it can resolve the IPv6 address of one IPv6
node interface into the corresponding link layer address.
The NDP supports router discovery. A host can detect the existence of routers through
the NDP and determine the IDs of the routers willing to forward packets.
The NDP supports prefix discovery. A router can distribute prefix information through the
NDP to the other connected links.
The NDP also supports neighbor unreachability detection. A node can determine the
bidirectional reachability of peer communication entities through the NDP.
All these functions of the NDP are mostly implemented by NDP packets loaded inside
ICMPv6 packets. For this reason, the NDP defines five types of ICMPv6 packets: Router
Solicitation (RS) packets, Router Advertisement (RA) packets, Neighbor Solicitation (NS)
packets, Neighbor Advertisement (NA) packets, and redirection packets.
2-1
A router will periodically send RA packets and may also use them as a response to the RS
packets it has received from hosts. Each RA packet may also contain prefix information,
link configuration information and IPv6 protocol parameters. It indicates the existence of
routers, and routers can forward the packet. The RA packet carries the information of the
routers. Such information helps a host make the next judgment for the packet to be sent.
The host discovers available routers through the RA packet and constructs a list of all the
discovered routers as the default router list.
A host may send an RS packet to inquire router configuration information and router-related
information. A time interval for consecutively sending RA packets has been set on each
router. The interval ranges from several seconds to several minutes. In order to avoid
long-time waiting before the configuration information is obtained and the communication
starts, the host may integrate the sending of RS packets as a part of its startup process.
A node can send an NS packet to interpret the link layer address of another node so as to
verify the reachability of that node and the address uniqueness of a specific link.
A node can send an NA packet as the response to an NS packet. It will also send
unsolicited NA packets to notify its own link layer address changes to other nodes.
2-2
2-3
2-4
Parameter Description
<valid-lifetime> Indicates the valid lifetime of the prefix in the unit of seconds.
Ranging in 0-4294967295. The default value is 2592000
seconds.
no-autoconfig Indicates that the hosts on the link cannot use the prefix for
IPv6 address auto configuration.
2-5
Parameter Description
off-link Indicates that the L bit (Online flag) of the prefix is not set. By
default, the flag bit is set to 1.
If this flag is set to 1, it indicates that the prefix can be used
to determine whether addresses are online, that is, all the
addresses belonging to this prefix are online if this flag is
set whereas some addresses may be online but the other
addresses are offline if this flag is not set.
Command Function
The following example shows the outputs of the command show nd6 cache. This command
can be run to check the static ND entries and the ND entries dynamically learned including
the MAC address, the entry status, the age of this status, and the corresponding interface
name:
ZXR10#show nd6 cache
Total Cache Number Is:2
Only Current Valid Items Are Shown Below:
Address Link-Address Age Status Interface
8384::2 1234.1234.1234 static Reachable vlan11
fe80::5634 0000.2244.5500 18h17m1s Stale vlan34
The outputs of the command show nd6 cache are described as follows:
age Indicates the age of the entry in this status or other attributes.
infinity: Indicates that the corresponding interface address
is infinitely valid.
static: Indicates that the entry is a static entry infinitely valid.
2-6
Method
1. Enter the interface configuration mode, and add a static entry to the neighbor cache
table.
2. Show the content of the neighbor cache table, and check whether the static entry has
been successfully added.
Steps
Router configuration:
ZXR10(config)#interface vlan10
ZXR10(config-if-vlan10)#nd6 add 780::1 0000.0a00.1345
Verification
Verify the configuration results on the router:
ZXR10#show nd6 cache
Total Cache Number Is:1
2-7
The above results indicate that a static entry has been successfully added to the NDP
neighbor cache table.
2-8
The IPv6 over IPv4 tunnel mechanism is used to add an IPv4 header in the front of the
IPv6 data packet and then transfer the IPv6 packet through a tunnel so that the IPv6
packet traverses the IPv4 network to implement the interworking between two isolated
IPv6 networks, as shown in Figure 3-1.
An IPv6 over IPv4 tunnel can be established between two hosts, between a host and a
router, or between two routers. The termination point of the tunnel may be the ultimate
destination of the IPv6 packet, or the packet may still need to be further forwarded.
Therefore, tunnels are classified into configured tunnels and automatic tunnels based on
the ways to obtain the destination IPv4 address of a tunnel.
l If the termination address of the IPv6 over IPv4 tunnel cannot be automatically
obtained from the destination address of the IPv6 packet but needs to be manually
3-1
configured, the tunnel is called a configured tunnel, such as a 6in4 tunnel or a GRE
tunnel.
l If the interface address of the IPv6 over IPv4 tunnel assumes a special
IPv4-embedded IPv6 address format (i.e. the IPv4 address of the tunnel termination
point can be automatically obtained from the destination address of the IPv6 packet),
the tunnel is called an automatic tunnel, such as a 6to4 tunnel or an ISATAP tunnel.
There is another type of IPv4 or IPv6 over IPv6 tunnel (see RFC 2473). The protocol
encapsulates an IPv4 or IPv6 data packet so that the encapsulated data packet can be
transmitted in another IPv6 network. The data packet after the encapsulation is an IPv6
tunnel packet, as shown in Figure 3-2.
Figure 3-2 Principles of the IPv4 (or IPv6) over IPv4 Tunnel
In the above figure, Original data refers to the IPv4 or IPv6 packet.
3-2
A 6to4 tunnel is a point-to-multipoint auto tunnel used to connect multiple isolated IPv6
sites through an IPv4 network to an IPv6 network. It makes possible the automatic
acquisition of the IPv4 address at the termination point of the tunnel by embedding an
IPv4 address in the destination address of an IPv6 packet.
The 6to4 tunnel assumes a special 6to4 address in the format of
2002:abcd:efgh:Subnet ID::InterfaceID/64. Of the address, 2002 is a fixed IPv6
address prefix, abcd:efgh is a globally unique 32-bit IPv4 source address of the 6to4
tunnel in hexadecimal system (e.g. 1.1.1.1 can be expressed as 0101:0101), and
the rest portion uniquely identifies the position of a host in a 6to4 network. As the
termination point of the tunnel can be automatically determined by this embedded
IPv4 address, tunnel establishment becomes very convenient.
Because the 16-bit subnet ID in the 64-bit address prefix of the 6to4 address can be
user-defined whereas the first 48 bits of the prefix are a fixed number or determined by
the IPv4 address of the device at the start or termination point of a tunnel, it becomes
possible to forward IPv6 packets over the tunnel. The 6to4 tunnel makes possible the
interconnection of two IPv6 networks through an IPv4 network and thus conquers the
limitations of automatic IPv4-compatible IPv6 tunnels in practical use.
The 6to4 tunnel involves a tunnel encapsulation and decapsulation process.
3-3
à Encapsulation: If the egress interface of the sent IPv6 packet is a tunnel interface,
the host first determines the tunnel type. If the tunnel is a 6to4 tunnel, the host
implements IPv4 header encapsulation. During the encapsulation, the source
address is user-configured whereas the destination address is obtained from
the destination address of the packet. The encapsulated packet is then sent
according to the IPv4 packet sending process.
à Decapsulation: If the protocol number in the IPv4 header of the received IPv4
packet is 41, the host proceeds to the 6to4 decapsulation process and searches
for the matched tunnel number according to the source address of the packet.
If the tunnel number is found, the host removes the IPv4 header added during
tunnel encapsulation and delivers the remaining IPv6 packet to the IPv6 packet
receiving process for further handling.
3-4
3-5
Configuration Thought
The 6in4 tunnel is of v6 nature and thus IPv6 needs to be enabled. The source address
of the tunnel is the IPv4 address of the local router, whereas the destination address is
the IPv4 address of the peer router. There must be a route for interworking between the
source address and the destination address of the tunnel (via the IPv4 routing protocol).
1. Create 6in4 tunnel interfaces and enable IPv6 on them.
2. Enter the tunnel configuration mode from the global mode, and then enter the 6in4
tunnel interface to be configured.
3. Configure the tunnel mode, the source address, and the destination address.
Configuration Commands
S1 configuration:
S1(config)#interface v6_tunnel3
S1(config-if-v6_tunnel3)#ipv6 enable
S1(config-if-v6_tunnel3)#ipv6 address 3172::27/64
S1(config-if-v6_tunnel3)#exit
S1(config)#ipv6-tunnel-config
S1(config-ipv6-tunnel)#interface v6_tunnel3
S1(config-ipv6-tunnel-if-v6_tunnel3)#tunnel mode ipv6ip 6in4
S1(config-ipv6-tunnel-if-v6_tunnel3)#tunnel destination ipv4 33.1.1.28
S1(config-ipv6-tunnel-if-v6_tunnel3)#tunnel source ipv4 33.1.1.27
3-6
S1(config-ipv6-tunnel-if-v6_tunnel3)#exit
S1(config-ipv6-tunnel)#exit
S1(config)#ipv6 route ::/0 v6_tunnel3
S1(config)#interface vlan10
S1(config-if-vlan10)#ip address 33.1.1.27 255.255.0.0
S2 configuration:
S2(config)#interface v6_tunnel3
S2(config-if-v6_tunnel3)#ipv6 enable
S2(config-if-v6_tunnel3)#ipv6 address 3172::28/64
S2(config-if-v6_tunnel3)#exit
S2(config)#ipv6-tunnel-config
S2(config-ipv6-tunnel)#interface v6_tunnel3
S2(config-ipv6-tunnel-if-v6_tunnel3)#tunnel mode ipv6ip 6in4
S2(config-ipv6-tunnel-if-v6_tunnel3)#tunnel destination ipv4 33.1.1.27
S2(config-ipv6-tunnel-if-v6_tunnel3)#tunnel source ipv4 33.1.1.28
S2(config-ipv6-tunnel-if-v6_tunnel3)#exit
S2(config-ipv6-tunnel)#exit
S2(config)#ipv6 route ::/0 v6_tunnel3
S2(config)#interface vlan10
S2(config-if-vlan10)#ip address 33.1.1.28 255.255.0.0
Configuration Verification
Check the tunnel configurations on S1 and verify whether the configurations have taken
effect:
S1(config)#show running-config-interface v6_tunnel3
!<if-intf>
interface v6_tunnel3
ipv6 enable
ipv6 address 3172::2/64
$
!</if-intf>
!<ipv6-tunnel>
ipv6-tunnel-config
interface v6_tunnel3
tunnel mode ipv6ip 6in4
tunnel source ipv4 33.1.1.27
tunnel destination ipv4 33.1.1.28
$
$
!</ipv6-tunnel>
!<ipv6-static-route>
ipv6 route::/0 v6_tunnel3
!</ipv6-static-route>
3-7
Configuration Thought
A 6to4 tunnel is of v6 nature and thus IPv6 needs to be enabled to connect the 6to4 node
prefixed with 2002::/16. The source end of the tunnel is bound with the IPv4 address of
the local router, and no destination address is required. The tunnel address must assume
a 2002::/16 prefix.
1. Create a 6to4 tunnel, configure IPv6 addresses, and enable IPv6.
2. Enter the tunnel configuration mode from the global mode, and then enter the 6to4
tunnel interface to be configured.
3. Configure the tunnel mode and the source address.
4. Advertise the tunnel route through static routing or BGP4+.
Configuration Commands
S1 configuration:
S1(config)#interface v6_tunnel2
S1(config-if-v6_tunnel2)#ipv6 address 2002:0101:0101::1/64
S1(config-if-v6_tunnel2)#ipv6 enable
S1(config-if-v6_tunnel2)#exit
S1(config)#ipv6-tunnel-config
3-8
S1(config-ipv6-tunnel)#interface v6_tunnel2
S1(config-ipv6-tunnel-if-v6_tunnel2)#tunnel mode ipv6ip 6to4
S1(c config-ipv6-tunnel-if-v6_tunnel2)#tunnel source ipv4 1.1.1.1
S1(config-ipv6-tunnel-if-v6_tunnel2)#exit
S1(config-ipv6-tunnel)#exit
S1(config)#ipv6 route 2002::/16 v6_tunnel2
S2 configuration:
S2(config)#interface v6_tunnel2
S2(config-if-v6_tunnel2)#ipv6 address 2002:0101:0102::1/64
S2(config-if-v6_tunnel2)#ipv6 enable
S2(config-if-v6_tunnel2)#exit
S2(config)#ipv6-tunnel-config
S2(config-ipv6-tunnel)#interface v6_tunnel2
S2(config-ipv6-tunnel-if-v6_tunnel2)#tunnel mode ipv6ip 6to4
S2(config-ipv6-tunnel-if-v6_tunnel2)#tunnel source ipv4 1.1.1.2
S2(config-ipv6-tunnel-if-v6_tunnel2)#exit
S2(config-ipv6-tunnel)#exit
S2(config)#ipv6 route 2002::/16 v6_tunnel2
Configuration Verification
Check the tunnel configurations on S1 and verify whether the configurations have taken
effect:
3-9
fe80::2d0:d0ff:fe52:abcf
2002:101:101::1/64
3-10
4-1
4-2
Parameter Description
<rule-id> Indicates the unique identity of a rule in the IPv6 ACL table.
This ID determines the sequence of the rule in the IPv6 ACL
table. It ranges from 1 to 2147483644.
If this parameter is not specified, the system inserts the rule
to the end of the table by default and allocates the rule-id
according to the default base and increment.
oper Indicates the port operation type, which can be any of the
keywords "eq", "ge", "le", and "range". If this parameter is set
to "range", two port numbers need to be specified behind
"range".
dscp <value> Indicates the DSCP field. The value range is 0-63.
established, fin, rst, ack, urg, psh, syn Indicates TCP link establishment. This parameter is valid
for TCP only.
Parameter Description
ingress Indicates that the IPv6 ACL is bound to the ingress direction
of the interface.
egress Indicates that the IPv6 ACL is bound to the egress direction
of the interface.
Configuring IPv6-MIXED-ACL
To configure the IPv6-MIXED-ACL on ZXR10 5960, use the following commands:
4-3
4-4
Parameter Description
oper Port operation type, which can be any of the keywords "eq",
"ge", "le", and "range". If this parameter is set to "range", two
port numbers need to be specified behind "range".
established ,fin,rst,ack,urg,psh,syn Keywords for TCP link establishment. This parameter is valid
for TCP only.
4-5
Parameter Description
inner-cos Priority of the VLAN header for the inner layer, range: 0 to 7.
inner-vlan ID of the VLAN header for the inner layer, range: 1 to 4094.
outer-cos Priority of the VLAN header for the outer layer, range: 0 to 7.
outer-vlan ID of the VLAN header for the outer layer, range: 1 to 4094.
Parameter Description
4-6
Command Function
ZXR10(config)#show ipv6-access-lists [{name <a Shows the IPv6 ACL list or brief
cl-name>[{from<value>|to <value>}]|[ brief [name information.
<acl-name>]|[config]}[|{begin|exclude|include}]
Command Function
The following example shows the outputs of the command show ipv6-access-groups:
ZXR10(config)#show ipv6-access-groups
Interface name|vlan Direction ACL name
--------------------------------------------
xgei-0/1/1/1 Ingress kkk
The following example shows the outputs of the command show running-config port-acl:
ZXR10(config)#show running-config port-acl
!<port-acl>
interface xgei-0/1/1/1
4-7
Command Function
ZXR10#show ipv6-mixed-access-lists config {begin | exclude | Shows the ACL configured in the
include} system database.
Parameter Function
4-8
In this case, it is only necessary to create one ACL and add the following rule to this
ACL: Deny the telnet packets matching the IP address of PC2 and using the protocol type
TCP and the port type telnet. Then bind the ACL to the ingress direction of the interface
xgei-0/1/1/3 or the egress direction of the interface xgei-0/1/1/4.
After the above configuration is completed, the requests initiated by PC2 will not reach S1
but will be discarded when they reach S2 even if PC2 has obtained the telnet username
and password of S1. The other communications of S1 and PC2, however, will not be
affected.
Method
1. First create an ipv6-access-list. During the creation, a customized name can be
assigned to this list but the length of the name shall not exceed 31 characters.
2. Enter the IPv6 ACL configuration mode after the list is created and then add rules. A
packet type can be specified for each rule, and the permit or deny action applies to
the packet type.
3. Bind the customized ipv6-access-list to the ingress or egress direction of the interface
to which traffic filtering applies.
Steps
S2 configuration:
S2(config)#ipv6-access-list test
S2(config-ipv6-acl)#rule deny tcp 100:1::1:2/128 110:1::1:2/128 eq 23
S2(config-ipv6-acl)#rule permit ip any any
S2(config-ipv6-acl)#exit
S2(config)#ipv6-access-group xgei-0/1/1/3 ingress test
Verification
Check the configured ACL in one of the following three modes:
/*Check all the ACLs on the router. In this mode, all the names
and number of ACLs are shown.*/
4-9
Check the interface bound with the ACL. Two methods are available for checking the
binding between the ACL and the interface:
/*Check the binding between IPv6 ACLs on the router and the
related interfaces*/
S2(config)#show ipv6-access-groups
Interface name|vlan Direction ACl name
-----------------------------------------
xgei-0/1/1/3 Ingress test
/*Check the binding between all ACLs on the router and the
related interfaces, including IPv4 ACLs and IPv6 ACLs*/
S2(config)#show running-config port-acl
!<PORT_ACL>
interface xgei-0/1/1/8
ipv4-access-group ingress 1K
!
interface xgei-0/1/1/3
ipv6-access-group ingress test
!
!</PORT_ACL>
4-10
When dynamic routing is applied, sometimes it is necessary to send the routes of the
entire Internet to a router and then the router can hardly tolerate such a huge load. In that
case, static routing can be applied to solve the problem. With static routing, only a few
configurations are required to eliminate the use of dynamic routes.
In a routing environment involving multiple routers and multiple paths, however, it is rather
complex to configure static routes.
The static unicast routing table is configured by the network administrator according to
his/her routing requirements after he/she gets familiar with the entire network topology.
Therefore, the network administrator can exactly control routing behaviors in the network.
When the network topology changes, however, the network administrator needs to
reconfigure the static routing table.
Unlike dynamic routing protocols, static routing does not require the setting of protocol
data on the related interfaces but requires only the validity check of the user-configured
static routing parameters such as destination address, mask length, next hop and egress
interface. The validity of each configured static route, however, still depends on the status
of the egress interface.
5-1
Command Function
Parameter Description
bfd enable Enables the BFD for the route in the IPv6 route configuration.
Command Function
ZXR10(config)#show ipv6 protocol routing static Shows the static routes in the
routing table and the validity of
these routes.
Run the show running-config ipv6-static-route command to show the static routes
configured in the system database. The display results indicate the user-configured static
routes but these routes are not necessarily effective.
5-2
Run the show ipv6 protocol routing static command to show the static routing table of the
router and check the validity of the static routes in the routing table. This command is often
used during the maintenance and diagnosis of routing protocols.
The following is a sample output from the show running-config ipv6-static-route command:
ZXR10(config)#show running-config ipv6-static-route
!<ipv6-static-route>
ipv6 route 11::/64 3::2 20
ipv6 route 22::/64 vlan56
ipv6 route 22::/64 vlan56 3::2
!</ipv6-static-route>
For a description of the sample output from the show running-config ipv6-static-route
command, refer to the following table:
The following is a sample output from the show ipv6 protocol routing static command:
ZXR10(config)#show ipv6 protocol routing static
IPv6 Routing Table
Codes: D - Direct, A - Address, S - Static, R - RIP, UI - USER_IPADDR,
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS static,
O - OSPF intra, OI - OSPF inter, E1 - OSPF ext 1, E2 - OSPF ext 2,
N - ND, B - BGP, IB - IBGP, EB - EBGP, AG - BGP AGG, V - VRRP, P - PPP,
D6 - DHCPv6, SFN - Stateful NAT64, SLN - Stateless NAT64, AF - AFTR,
NP - ND_PREFIX, NF - ND_DFROUTE, NH - ND_HOST
M - Multicast
* - FIB route
> - selected route, p - stale info
Time: The time of last modified!
S> 11::/64 [1/0]
* via 3::2, [out label:-1 in label:-1], 0h9m14s
S> 22::/64 [1/0]
* via ::, vlan56, [out label:-1 in label:-1], 0h18m18s
S> 22::/64 [1/0]
* via 3::2, [out label:-1 in label:-1], 0h7m10s
S> 22::/64 [1/0]
via 3::2, vlan56, [out label:-1 in label:-1], 0h4m16s
5-3
Method
1. Configure the IPv6 address of the network segment 2005::/64 for the direct connection
between S1 and S2.
2. Configure the IPv6 address of another different network segment 2003::/64 on the
non-direct connection interface of S2.
3. Add a static route pointing to the network segment 2003::/64 on S1 so that S1 can
successfully ping the network segment 2003::/64 of S2.
Steps
S1 configuration:
S1(config)#interface vlan10
S1(config-if-vlan10)#ipv6 enable
S1(config-if-vlan10)#ipv6 address 2005::1/64
S1(config-if-vlan10)#exit
S1(config)#ipv6 route 2003::/64 2005::2
S1(config)#exit
S2 configuration:
S2(config)#interface vlan10
S2(config-if-vlan10)#ipv6 enable
S2(config-if-vlan10)#ipv6 address 2005::2/64
S2(config-if-vlan10)#exit
S2(config)#interface vlan20
S2(config-if-vlan20)#ipv6 enable
S2(config-if-vlan20)#ipv6 address 2003::2/64
S2(config-if-vlan20)#exit
5-4
Verification
On S1, check whether the address has been successfully configured, whether the interface
is up, and whether the static route has been successfully added, and then run "ping6
2003::2" to check whether the ping operation is successful.
S1(config)#show running-config-interface vlan10
!<if-intf>
interface vlan10
ipv6 enable
ipv6 address 2005::1/64
$
!</if-intf>
5-5
5-6
l Address Length
RIPv1 and RIPv2 are IPv4-based. The address field consists of only 32 bits. In
contrast, RIPng is IPv6-based and all its addresses comprise 128 bits.
6-1
The application scope of RIPv1 and RIPv2 is not limited to the Transfer Control
Protocol/Internet Protocol (TCP/IP) protocol suite but also includes other network
protocol suites. Therefore, the routing entries of a packet include the network
protocol suite field. However, it is seldom used for other non-IP networks in practice.
Therefore, support for this function is removed from RIPng.
l Next Hop
There is no information about next hop in RIPv1. The router at the receiving end takes
the source address of a packet as the next hop for the route to the destination network.
RIPv2 contains explicit information about the next hop, thus facilitating selection of the
optimum route and avoiding routing loops and slow convergence.
Different from RIPv1 and RIPv2, the next hop field in RIPng exists as a separate RTE
to avoid overlong Routing table Entry (RTE) and to improve the efficiency of routing
information transmission.
l Packet Length
In both RIPv1 and RIPv2, the packet length is limited and a packet can carry at most
25 RTEs.
RIPng has no limit on the length of a packet and the number of RTEs. The length of a
packet depends on the MTU of a medium. This packet length processing mechanism
of RIPng has improved the transmission efficiency of routing information on the
network.
l Security Consideration
RIPv1 packets do not contain authentication information and thus RIPv1 is not secure.
Any host sending packets via UDP port 520 may be regarded by neighboring hosts
as a router and thus router spoofing may easily take place. RIPv2 is designed to
contain authentication packets to enhance security. Although routers that exchange
routes with each other cannot receive route information from each other before
authentication, RIPv2 does not have adequate security.
IPv6 contains perfect security policies, so there is no need to design separate security
authentication packets for RIPng any more but to use IPv6 security policies.
l Packet Transmission Mode
RIPv1 sends routing information through broadcast. In this way, both routers and all
the hosts within the same Local Area Network (LAN) can receive packets, which is
unnecessary and insecure.
However, both RIPv2 and RIPng can send packets either through broadcast or
through multicast. In this way, packets can be sent through multicast in networks that
support multicast, thus greatly reducing the volume of routing information transmitted
in networks.
6-2
Enabling RIPng
To enable RIPng, perform the following steps.
Parameter Description
<timeout> Specifies the time for the route to become invalid in the
unit of seconds. The value range is 5-65535 seconds.
The default value is 180 seconds.
<garbage> Specifies the time period from the time when the route
becomes invalid to the time when the route is deleted in
the unit of seconds. The value range is 5-65535 seconds.
The default value is 120 seconds.
6-3
Parameter Description
Parameter Description
6-4
Parameter Description
Parameter Description
Command Function
ZXR10#clear ipv6 rip route {X:X::X:X/<0-128>| all} Deletes the routes received by
the RIPng. You can delete all
the received routes or a certain
route only.
Parameter Description
all Indicates that all the received RIPng routes will be deleted.
6-5
Parameter Description
6-6
Parameter Description
[only] Indicates that only the default route will be sent on the
interface.
Command Function
ZXR10(config)#show ipv6 rip [vrf <vrf-name>] Shows the content of the RIPng
protocol.
ZXR10(config)#show ipv6 rip database [{X:X::X:X/<0-128 Shows the RIP route database
>|<X:X::X:X>}][vrf <vrf-name>] information.
ZXR10(config)#show ipv6 rip interface [vrf <vrf-name>]<interf Shows the interfaces on which
ace-name> RIPng is enabled.
Parameter Description
The following example shows the outputs of the command show ipv6 rip:
ZXR10(config)#show ipv6 rip
RIPng protocol, port 521, multicast-group FF02::9
administrative distance is 120
default metric is 1
updates every 30 seconds, expire after 180 seconds
garbage collect after 120 seconds
The number of ripng routes:
connect ripng route 1
aggregate ripng route 0
ripng route 0
Redistribution:
The outputs of the command show ipv6 rip are described as follows:
port 521 Indicates that the RIPng uses UDP port 521.
6-7
multicast-group FF02::9 Indicates that the multicast address used by the RIPng is
FF02::9.
administrative distance is 120 Indicates that the administrative distance of RIPng routes
is 120.
updates every 30 seconds, expire Indicates that the update timer currently set is 30s, the
after 180 seconds timeout timer is 180s, and the garbage timer is 120s.
garbage collect after 120 seconds
connect ripng route 0 Indicates that the number of connect RIPng routes is 0.
aggregate ripng route 0 Indicates that the number of aggregate RIPng routes is 0.
The following example shows the outputs of the command show ipv6 rip database:
ZXR10(config)#show ipv6 rip database
1001::/64
nexthop: ::, via: vlan1
metric: 1, tag: 0 time: 00:20
2001:210:120:1::/64
nexthop: ::, via: vlan2
metric: 1, tag: 0 time: 00:20
2001:210:120:2::/64
nexthop: ::, via: vlan3
metric: 1, tag: 0 time: 00:20
The outputs of the command show ipv6 rip database are described as follows:
metric: 1, tag: 0 Indicates that the metric of the route is 1 and the tag is 0.
The following example shows the outputs of the command show ipv6 rip interface [<interf
ace-name>]:
ZXR10(config)#show ipv6 rip interface vlan1
vlan1: interface is up
RIPng is enabled
6-8
The outputs of the command show ipv6 rip interface [<interface-name>] are described as
follows:
IPv6 interface address: Indicates that the address of the interface vlan1 is
2010::13/64 2010::13/64.
Method
1. Enable the IPv6 protocol on the interfaces and configure IPv6 addresses.
2. Configure the RIPng protocol.
3. Enable the RIPng-related configurations on the interfaces.
4. Configure the redistribution commands if it is necessary to redistribute other routes.
6-9
5. Check the configuration results, and confirm that neighbors are correctly established
between the two routers and each router can learn the routes advertised by the peer
router.
Steps
S1 configuration:
S1(config)#interface vlan1
S1(config-if-vlan1)#ipv6 enable
S1(config-if-vlan1)#ipv6 address 3611::11/64
S1(config-if-vlan1)#exit
S1(config)#interface vlan2
S1(config-if-vlan2)#ipv6 enable
S1(config-if-vlan2)#ipv6 address 2310::66/64
S1(config)#interface loopback5
S1(config-if-loopback5)#ipv6 enable
S1(config-if-loopback5)#ipv6 address 3555::52/64
S1(config-if-loopback5)#exit
S1(config)#ipv6 router rip
S1(config-ripng)#interface vlan1
S1(config-ripng-if-vlan1)#ipv6 rip enable
S1(config-ripng-if-vlan1)#exit
S1(config-ripng)#interface loopback5
S1(config-ripng-if-loopback5)#ipv6 rip enable
S1(config-ripng-if-loopback5)#exit
S1(config-ripng)#redistribute connected
S1(config-ripng)#exit
S2 configuration:
S2(config)#interface vlan1
S2(config-if-vlan1)#ipv6 enable
S2(config-if-vlan1)#ipv6 address 3611::10/64
S2(config-if-vlan1)#exit
S2(config)#interface vlan2
S2(config-if-vlan2)#ipv6 enable
S2(config-if-vlan2)#ipv6 address 2352::52/64
S2(config)#interface loopback5
S2(config-if-loopback5)#ipv6 enable
S2(config-if-loopback5)#ipv6 address 3550::52/64
S2(config-if-loopback5)#exit
S2(config)#ipv6 router rip
S2(config-ripng)#interface vlan1
S2(config-ripng-if-vlan1)#ipv6 rip enable
S2(config-ripng-if-vlan1)#exit
S2(config-ripng)#interface loopback5
6-10
Verification
Run the command show running-config ripng on S1 and S2 to check the RIPng
configuration information, and run the command show ipv6 forwarding route ripng to
check the routing information.
Check the routing information on S1:
S1#show running-config ripng
! <ripng>
ipv6 router rip
redistribute connected
interface vlan1
ipv6 rip enable
$
interface loopback5
ipv6 rip enable
$! </ripng>
6-11
2310::/64
nexthop: 2310::66, via: vlan2
metric: 1, tag: 0 time: 00:03
3555::/64 connected
nexthop: ::, via: loopback1
metric: 1, tag: 0
3555::/64
nexthop: 3555::52, via: loopback1
metric: 1, tag: 0 time: 00:03
3611::/64 connected
nexthop: ::, via: vlan1
metric: 1, tag: 0
3611::/64
nexthop: 3611::11, via: vlan1
metric: 1, tag: 0 time: 00:03
S1#ping6 2352::52
sending 5,100-byte ICMP echoes to 2352::52,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 9/13/25 ms
6-12
6-13
S2#ping6 2310::66
sending 5,100-byte ICMP echoes to 2310::66,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 9/13/25 ms
6-14
7-1
OSPFv3 Principle
Compared with OSPFv2, OSPFv3 has almost the same working mechanism but has also
revised OSPFv2 so as to support the IPv6 address format. The following sections describe
in detail the similarities and differences between OSPFv2 and OSPFv3. For details about
the OSPFv2 principles, please refer to "OSPF Configuration" in IPv4 Routing Volume.
Similarities Between OSPFv3 and OSPFv2
OSPFv3 has almost the same protocol design concept and working mechanism as
OSPFv2.
l The same packet types: Hello, DD, Link State Packet (LSP), Link State Update (LSU),
LSAck packets.
l The same area division.
l The same LSA flooding and synchronization mechanisms: To guarantee the
correctness of Link-state Database (LSDB) information, the reliable flooding and
synchronization of LSAs must be guaranteed.
l The same route computation method: Both use the Shortest Path First (SPF)
algorithm to compute routes.
l The same network types: Both support four network types, i.e. broadcast, NBMA,
point-to-point, point-to-multipoint.
l The same neighbor discovery and neighbor establishment mechanisms: After an
OSPF router is started, it sends a Hello packet via the OSPF interface to another
OSPF router. Upon receipt of the Hello packet, the latter OSPF router checks the
parameters defined in the packet. If the parameters in the received packet are the
same as those in its own packet, adjacency is established between the two routers.
Two routers in an adjacency relationship do not necessarily become neighbors. This
depends on the network type. The two routers become real neighbors only when
they have successfully exchanged the DD packet and the LSA and their LSDBs are
synchronized with each other.
l The same DR election mechanism: The DR and BDR need to be elected in NBMA
and broadcast networks.
Differences Between OSPFv3 and OSPFv2
There are differences between OSPFv3 and OSPFv2 because OSPFv3 is based on IPv6.
l The topology of OSPFv3 is link-based whereas that of OSPFv2 is subnet-based.
IPv6 uses the term "link" to describe the facilities or mediums used by nodes for
communications over the link layer. Nodes are connected with links. Multiple IP
subnets can be attached to the same link. Two nodes in different IP subnets can
communicate with each other directly over a single link.
l Address semanteme is deleted from OSPFv3.
The OSPFv3 packet contains no IPv6 address except for the LSA payload carried in
a link state update packet. The router LSA and network LSA do not contain network
addresses but only indicate topology information. The OSPF router ID and the LSA
ID are reserved as 32-bit IPv4 addresses and not assigned with any IPv6 address.
7-2
7-3
à To process the router LSA during SPF computation, two flag bits R and V6 are
added to the options field. The OSPF header contains an Instance ID, thus
allowing the running of multiple OSPF protocol instances over a single link.
LSA Types
An LSA is the unit to construct the OSPFv3 link state database. A router uses LSAs to
form a complete network topology and further generate a routing table. OSPFv3 has the
following types of LSAs.
l Router LSA
Its link state type is 0x2001. It can generate one or multiple LSAs on each router
within an area.
l Network LSA
Its link state type is 0x2002. It can generate network LSAs for each broadcast and
NBMA link within an area, which supports two or multiple routers. Network LSAs are
created by DR on this link.
Two types of LSAs are added to OSPFv3. They are the Link LSA and the Intra Area Prefix
LSA.Table 7-1 describes the brief similarities and differences between OSPFv3 LSAs and
OSPFv2 LSAs.
7-4
Table 7-1 Similarities and Differences Between OSPFv3 LSAs and OSPFv2 LSAs
Router LSA Router LSA The name is the same and the
function is similar, except that
Network LSA Network LSA
the LSA no longer describes
address information but is used
only to describe the topology
structure of the routing area.
Network Summary LSA Inter Area Prefix LSA The function is similar but the
ASBR Summary LSA Inter Area Router LSA name is different.
AS External LSA AS External LSA Both the function and the name
are completely the same.
7-5
7-6
For a description of the parameters in the command for OSPFv3 interface authentication
key configuration, refer to the following table.
Parameter Description
7-7
Parameter Description
For a description of the parameters in the command for OSPFv3 interface encryption
configuration, refer to the following table.
Parameter Description
7-8
Parameter Description
7-9
7-10
Parameter Description
Parameter Description
Parameter Description
X:X::X:X/< 0-128> Specifies the summary IPv6 route prefix and the prefix length.
Parameter Description
7-11
Parameter Description
<router-id> Specifies the peer router ID of the virtual link in the format of
a dotted decimal IP address.
hello-interval <seconds> Specifies the interval at which Hello packets are sent on the
virtual link in the unit of seconds. The value range is 1-8192.
The default value is 10 seconds.
dead-interval <seconds> Specifies the dead interval of neighbors on the virtual link in
the unit of seconds. The value range is 1-8192. The default
value is 40 seconds.
transmit-delay <seconds> Specifies the delay after which a link state update packet
is transmitted on the virtual link in the unit of seconds. The
value range is 1-8192. The default value is 1 second.
Parameter Description
Parameter Description
Parameter Description
Parameter Description
7-12
Parameter Description
route-map <map-name> Specifies the route map used for protocol route redistribution.
Parameter Description
Parameter Description
<holdtime> Specifies the hold time in the unit of seconds. The value
range is 0-65535. The default value is 10 seconds.
Command Function
7-13
Command Function
The following example shows the outputs of the command show ipv6 ospf:
ZXR10#show ipv6 ospf
Routing Process "ospfv3 1" with ID 1.1.1.8
socket enable
SPF schedule delay 5 secs. Hold time between two SPFs 10 secs
External distance 110. Inter-area distance 110. Intra-area distance 110
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
Number of external LSA 1. Checksum Sum 0x00985A
The number of ospfv3 routes is 3
Default metric is 20
Number of areas in this router is 2. 2 normal 0 stub
Area BACKBONE(0)
Number of interfaces in this area is 1
SPF algorithm executed 3 times
Number of LSA 5. Checksum Sum 0x02BC99
Number of Unknown LSA 0
Area 0.0.0.1
Number of interfaces in this area is 2
SPF algorithm executed 10 times
Number of LSA 9. Checksum Sum 0x045678
Number of Unknown LSA 0
The following example shows the outputs of the command show ipv6 ospf interface:
ZXR10#show ipv6 ospf interface
Vlan10 is up, line protocol is up
Link Local Address fe80::2f0:e0ff:fe21:201, Interface ID 2
Area 0.0.0.1, Process ID 1, Instance ID 0, Router ID 1.1.1.8
Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State BDR, Priority 1
Designated Router(ID) 1.1.1.9, local address fe80::2f0:e0ff:fe21:203
Backup Designated router(ID) 1.1.1.8,local address fe80::2f0:e0ff:fe21:201
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:08
Neighbor Count is 1, Adjacent neighbor count is 1
loopback1 is up, line protocol is up
Link Local Address fe80::2f0:e0ff:fe21:201, Interface ID 4
Area 0.0.0.0, Process ID 1, Instance ID 0, Router ID 1.1.1.8
Network Type LOOPBACK, Cost: 1
Loopback interface is treated as a stub Host
The following example shows the outputs of the command show ipv6 ospf database:
7-14
7-15
Configuration Thought
1. Enable the IPv6 protocol on the direct connection interfaces of S1 and S2, configure
IPv6 addresses for the direct connection interfaces, configure loopback interfaces,
enable IPv6 on the loopback interfaces, and configure IPv6 addresses for the loopback
interfaces.
2. Configure OSPFv3.
3. Add the interfaces to OSPF area 0.
4. Check and verify the configuration results: Neighbors are correctly established
between the two routers, each router can learn the routes advertised by the peer
router, and each router can ping the peer loopback interface.
Configuration Commands
S1 configuration:
S1(config)#interface vlan10
S1(config-if-vlan10)#ipv6 enable
S1(config-if-vlan10)#ipv6 address 3611::11/64
S1(config-if-vlan10)#exit
S1(config)#interface loopback5
S1(config-if-loopback5)#ipv6 enable
S1(config-if-loopback5)#ipv6 address 3555::52/64
S1(config-if-loopback5)#exit
S1(config)#ipv6 router ospf 1
S1(config-ospfv3-1)#router-id 11.11.11.11
S1(config-ospfv3-1)#area 0
S1(config-ospfv3-1-area-0)#interface vlan10
S1(config-ospfv3-1-if-vlan10)#exit
S1(config-ospfv3)#interface loopback5
S1(config-ospfv3-1-if-loopback5)#exit
S1(config-ospfv3-1)#exit
S2 configuration:
S2(config)#interface vlan10
S2(config-if-vlan10)#ipv6 enable
S2(config-if-vlan10)#ipv6 address 3611::10/64
S2(config-if-vlan10)#exit
S2(config)#interface loopback5
S2(config-if-loopback5)#ipv6 enable
7-16
Configuration Verification
After completing the above configuration, run the commands show ipv6 ospf neighbor and
show ipv6 forwarding route on each router to check the established neighbors and routes.
Ping the peer loopback interface from each router. If both routers can ping the loopback
interface of the peer router, the configuration is successful.
Check and verify the configuration results as follows on S1:
7-17
Codes : K: kernel, I1: isis-l1, SFN: sf-nat64, R: ripng, AF: aftr, B: bgp,
D: direct, I2: isis-l2, SLN: sl-nat64, O: ospfv3, D6: dhcp, P: ppp,
S: static, N: nd, V: vrrp, A: address, M: multicast, UI: user-ipaddr;
Dest Owner Metric
Interface Pri Gw
3555::/64 O 1
vlan10 110 fe80:2e::2d0:d0ff:fe78:99dd
S2#ping6 3555::52
sending 5,100-byte ICMP echoes to 3555::52,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 9/13/25 ms
Configuration Thought
1. Enable the IPv6 protocol on the interfaces, configure IPv6 addresses for these
interfaces, configure loopback interfaces, enable IPv6 on the loopback interfaces,
and configure IPv6 addresses for the loopback interfaces.
2. Configure OSPFv3.
3. Add the interfaces to OSPFv3. S1 and S2 establish a link with each other in area 0,
S2 and S3 establish a link with each other in area 10, and S1 redistributes the direct
route.
7-18
4. Check and verify the configuration results: Neighbors are correctly established
between the routers, each router can learn the routes advertised by the other two
routers, and each router can ping the loopback interfaces of the other two routers.
Configuration Commands
S1 configuration:
S1(config)#interface vlan10
S1(config-if-vlan10)#ipv6 enable
S1(config-if-vlan10)#ipv6 address 3611::11/64
S1(config-if-vlan10)#exit
S1(config)#interface loopback5
S1(config-if-loopback5)#ipv6 enable
S1(config-if-loopback5)#ipv6 address 3555::52/64
S1(config-if-loopback5)#exit
S1(config)#ipv6 router ospf 1
S1(config-ospfv3-1)#router-id 11.11.11.11
S1(config-ospfv3-1)# area 0
S1(config-ospfv3-1-area-0)#interface vlan10
S1(config-ospfv3-1-if-vlan10)#exit
S1(config-ospfv3-1)#redistribute connected
S1(config-ospfv3-1)#exit
S2 configuration:
S2(config)#interface vlan10
S2(config-if-vlan10)#ipv6 enable
S2(config-if-vlan10)#ipv6 address 3611::10/64
S2(config-if-vlan10)#exit
S2(config)#interface vlan20
S2(config-if-vlan20)#ipv6 enable
S2(config-if-vlan20)#ipv6 address 2352::52/64
S2(config-if-vlan20)#exit
S2(config)#interface loopback5
S2(config-if-loopback5)#ipv6 enable
S2(config-if-loopback5)#ipv6 address 3550::52/64
S2(config-if-loopback5)#exit
S2(config)#ipv6 router ospf 1
S2(config-ospfv3-1)#router-id 10.10.10.10
S2(config-ospfv3-1)#area 0
S2(config-ospfv3-1-area-0)#interface vlan10
S2(config-ospfv3-1-if-vlan10)#exit
S2(config-ospfv3-1)#interface loopback5
S2(config-ospfv3-1-if-loopback5)#exit
S2(config-ospfv3-1)#area 10
S2(config-ospfv3-1-area-10)#interface vlan20
7-19
S2(config-ospfv3-1-if-vlan20)#exit
S2(config-ospfv3-1)#exit
S3 configuration:
S3(config)#interface vlan20
S3(config-if-vlan20)#ipv6 enable
S3(config-if-vlan20)#ipv6 address 2352::55/64
S3(config-if-vlan20)#exit
S3(config)#interface loopback5
S3(config-if-loopback5)#ipv6 enable
S3(config-if-loopback5)#ipv6 address 3500::55/64
S3(config-if-loopback5)#exit
S3(config)#ipv6 router ospf 1
S3(config-ospfv3-1)#router-id 1.1.1.5
S3(config-ospfv3-1)#area 10
S3(config-ospfv3-1-area-10)#interface vlan20
S3(config-ospfv3-1-if-vlan20)#exit
S3(config-ospfv3-1)#interface loopback5
S3(config-ospfv3-1-if-loopback5)#exit
S3(config-ospfv3-1)#exit
Configuration Verification
After completing the above configuration, run the commands show ipv6 ospf neighbor and
show ipv6 forwarding route on each router to check the established neighbors and routes.
Ping the loopback interfaces of the other two routers from each router. If each router can
ping the loopback interfaces of the other two routers, the configuration is successful.
!</ospfv3>
S1#show ipv6 ospf neighbor
OSPFv3 Process 1
Neighbor ID Pri State Dead Time Interface ID Interface
10.10.10.10 1 FULL/BDR 00:00:35 46 vlan10
7-20
7-21
3555::/64 O 1
vlan10 110 fe80:2e::2d0:d0ff:fe78:99dd
3500::/64 O 1
Vlan20 110 fe80:2d::1416:15ff:fe14:1212
S2#ping6 3555::55
sending 5,100-byte ICMP echoes to 3555::55,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 9/13/25 ms
7-22
IS-IS is a routing protocol with high expansibility, so it can support the expansion of the
CLNS routing protocol to support IPv4 and support IPv6.
RFC 5308 (Routing IPv6 with IS-IS) defines how to use IS-IS to support IPv6. It defines
two new Tag, Length, Values (TLVs): IPv6 Reachability TLV and IPv6 Interface Address
TLV.
l The TLV type value of the IPv6 Reachability TLV is 236 (0xEC). Its TLV effects are
equal to the two TLVs of IPv4: IP internally reachable and IP externally reachable.
Up/down and external are defined in this TLV and are used to indicate that routes are
redistributed mutually in the L2/L1 and to determine whether a route is an external
route.
l The TLV type value of the IPv6 Interface Address TLV is 232 (0xE8). Its TLV effects
are equal to the TLV of IPv4: IP port address. The difference is that the original 32-bit
address segment is superseded by the 128-bit address segment in the new TLV.
l The operating principles of IS-ISv6 are similar to those of IS-ISv4. For details, please
refer to "IS-IS Configuration" in IPv4 Routing Volume.
8-1
Parameter Description
Parameter Description
range <range-number> Specifies the extensible range of the System ID. The
value range is 0-32. The default value is 0. The instance
will assume an ID ranging from System ID to System
ID+<range-number>.
8-2
IS-IS parameter configuration includes the configuration of global parameters and the
configuration of interface parameters. The global parameters of IS-ISv6 need to be
configured in IS-ISv6 routing mode (some parameters are configured under the IS-ISv6
address suite).
To configure the global information about IS-ISv6, perform the following steps:
8-3
8-4
For a description of the parameters in Step 2.1, refer to the following table:
Parameter Description
For a description of the parameters in Step 2.2, refer to the following table:
Parameter Description
range <range-number> Specifies the extensible range of the System ID. The
value range is 0-32. The default value is 0. The instance
will assume an ID ranging from System ID to System
ID+<range-number>.
Parameter Description
level-1 | level-2 Indicates the level to which the authentication mode applies.
For a description of the parameters in Step 2.5, refer to the following table:
Parameter Description
level-1 | level-2-only | level-1-2 Specifies the level of the configured router. By default, a
router is a level-1-2 router.
This is a basic parameter involved in IS-IS configuration. It is used to define the operation
type of the router according to the practical networking condition. By default, IS-IS-enabled
router is identified as a level-1-2 router.
For a description of the parameters in Step 2.6, refer to the following table:
Parameter Description
Set the LSP refresh interval of the IS-IS protocol so that the LSP packets locally generated
are periodically updated when the network is stable. By default, LSP packets are refreshed
at an interval of 900 seconds.
8-5
For a description of the parameters in Step 2.7, refer to the following table:
Parameter Description
Set the maximum LSP lifetime of the local IS-IS, that is, the lifetime of LSP packets locally
generated in the databases of all the reachable nodes. By default, the maximum lifetime
of LSP packets is 1,200 seconds.
For a description of the parameters in Step 2.8, refer to the following table:
Parameter Description
The metric range in the narrow mode is smaller than that in the wide mode. In addition, the
wide mode supports more TLV extensions. By default, the metric-style is set to "narrow".
Topology creation may fail due to inconsistent settings of the metric-type between the two
routers to be interconnected.
For a description of the parameters in Step 2.9, refer to the following table:
Parameter Description
After configuring this command, you also need to set the same authentication code for
SNP packets. By default, application also applies to SNP packets. To clear SNP packet
authentication, run the command disable-snp-authentication.
For a description of the parameters in Step 2.12, refer to the following table:
Parameter Description
<size> Specifies the size of LSP packets in the unit of bytes. The
value range is 512-7680.
8-6
By default, the size of LSP packets transmitted on a broadcast link is 1,492 bytes. You
can run this command to specify the LSP packet size to a value between 512 and 7,680
bytes. It is not recommended that users run this command unless really necessary.
For a description of the parameters in Step 2.13, refer to the following table:
Parameter Description
For a description of the parameters in Step 4.1, refer to the following table:
Parameter Description
<1-255> Specifies the distance. The value range is 1-255. The default
value is 115.
The administrative distance of an IS-ISv5 route is used for IPv6 route computation. The
smaller the value, the better the IS-ISv6 route is than the routes obtained by other routing
means or other routing protocols.
For a description of the parameters in Step 4.3, refer to the following table:
Parameter Description
level-1 | level-2 | level-1-2 Specifies the redistribution range. The default value is
"level-2".
metric <metric-value> Specifies the metric value of the redistributed route. The
value range is 0-4261412864. The default value is 10.
route-map <map-tag> Specifies the route map name for the current protocol
redistribution, which is a string of 1 to 31 characters.
If the metric-style is narrow, the value range of <metric-value> is 0-63. If the metric-style is
wide, the value range of <metric-value> is 0-426142864.
For a description of the parameters in Step 4.5, refer to the following table:
Parameter Description
8-7
Parameter Description
level-1 | level-1-2 | level-2 Specifies the route aggregation level, which is "level-1-2" by
default.
When a local LSP packet of the corresponding level carries
non-local interface address information that indicates a route
with this network segment prefix, the route is then aggregated
to the set level according to the aggregate address.
metric <metric-value> Specifies the metric value of the redistributed route. The
value range is 0-4261412864. The default value is 0.
The IS-ISv6 protocol may aggregate certain routing table entries into an aggregate route
and advertise it to other routers instead of advertising the specific routes.
For a description of the parameters in Step 4.6, refer to the following table:
Parameter Description
route-map <map-tag> Specifies the route map name for protocol route redistribution,
which is a string of 1 to 31 characters.
For a description of the parameters in Step 4.8, refer to the following table.
Parameter Description
<interval> Sets the route mapping name for the current protocol
reallocation, range: 1–31 characters.
level-1 | level-2 Sets the level for the interval that is used to calculate the
topology.
For a description of the parameters in Step 4.9, refer to the following table.
Parameter Description
Note:
If the maximum-paths parameter is not set, only one equivalent route entry is supported.
8-8
8-9
For a description of the parameters in Step 3.1, refer to the following table:
Parameter Description
level-1 | level-1-2 | level-2-only Specifies the circuit type of an interface. Either option must
be selected. By default, the circuit type of an interface is
level-1-2.
This is a basic parameter involved in IS-IS configuration to specify the operation type for
an interface. The default value is level-1-2. The value needs to match the IS-IS global
operation type. The settings of this parameter must also be matched between two routers
establishing adjacency.
For a description of the parameters in Step 3.2, refer to the following table:
Parameter Description
8-10
Parameter Description
level-1 | level-2 Specifies the applicable scope of the CSNP interval (level-1
CSNP or level-2 CSNP). By default, the interval takes effect
for both level-1 and level-2.
The above parameters specify the CSNP packet sending interval. When the optional
parameter is not carried in the command, the set interval takes effect for both level-1 CSNP
and level-2 CSNP on the interface.
For a description of the parameters in Step 3.3, refer to the following table:
Parameter Description
level-1 | level-2 Specifies the applicable scope of the hello interval (level-1
hello or level-2 hello). By default, the interval takes effect
for both level-1 and level-2.
When the optional parameter is not carried in the command, the set interval takes effect
for both level-1 hello and level-2 hello on the interface.
For a description of the parameters in Step 3.4, refer to the following table:
Parameter Description
level-1 | level-2 Specifies the applicable scope of the hello multiplier (level-1
or level-2). By default, the hello multiplier takes effect for both
level-1 and level-2.
When the optional parameter is not carried in the command, the set multiplier takes effect
for both level-1 and level-2.
For a description of the parameters in Step 3.6, refer to the following table:
Parameter Description
level-1 | level-2 Specifies the applicable scope of the PSNP interval (level-1
PSNP or level-2 PSNP). By default, the interval takes effect
for both level-1 and level-2.
8-11
In general, PSNP is used in point-to-point networks. When the optional parameter is not
carried in the command, the set interval takes effect for both level-1 PSNP and level-2
PSNP on the interface.
For a description of the parameters in Step 3.7, refer to the following table:
Parameter Description
level-1 | level-2 Specifies the applicable scope of the metric value (level-1
or level-2).
The above parameters set the metric value for IS-ISv6 SPF computation on an interface.
When the optional parameter is not carried in the command, the metric-value takes effect
for both level-1 metric and level-2 metric on the interface.
For a description of the parameters in Step 3.8, refer to the following table:
Parameter Description
level-1 | level-2 Indicates the level to which the authentication mode applies.
For a description of the parameters in Step 3.9, refer to the following table.
Parameter Description
For a description of the parameters in Step 3.10, refer to the following table:
Parameter Description
<priority> Sets the port priority in the unit of seconds. The value range
is 0-127. The default value is 64.
8-12
The above parameter settings exist only for broadcast links. When the optional parameter
is not carried, the priority takes effect for both level-1 priority and level-2 priority.
For a description of the parameters in Step 3.11, refer to the following table:
Parameter Description
The above parameter settings exist only for point-to-point links. When the optional
parameter is not carried, the set retransmission interval takes effect for both level-1
retransmission interval and level-2 retransmission interval.
For a description of the parameters in Step 3.14, refer to the following table:
Parameter Description
<mesh group number> Specifies the mesh-group to which the interface belongs. The
value range is 1-4294967295.
Command Function
ZXR10(config)#show isis circuits [{process-id | detail [process-id Shows IS-ISv6 port information.
<process-id>]}]
ZXR10(config)#show isis ipv6 route [<ipv6-address>][ipv6-prefi Shows the current IS-ISv6 route
x][{level-1 | level-2}][detail][summary] table
8-13
Parameter Description
The following is a sample output from the show isis adjacency command:
ZXR10(config)#show isis adjacency
Process ID: 1
Interface System id State Lev Holds SNPA(802.2) Pri MT
vlan1 1111.1111.1111 UP/UP L1L2 27/27 00E0.D023.0203 64
ZXR10(config-isis-0-if-vlan100)#show isis adjacency process-id 1
Process ID: 1
Interface System id State Lev Holds SNPA(802.2) Pri MT
vlan2 AAAA.AAAA.AAAA UP L1 21 00E0.D023.0203 64
ZXR10(config-isis-0-if-vlan100)#show isis adjacency up-time level-1 process-id 1
Process ID: 1
Interface System id State Lev Holds Pri MT Time
vlan1 1111.1111.1111 UP L1 22 64 000:00:01:1
For a description of the sample output from the show isis adjacency command, refer to the
following table:
8-14
The following is a sample output from the show isis database command:
ZXR10#show isis database
Process ID:0
IS-IS Level-1 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
2.00-00* 0x42 0xb2a1 918 1/0/0
IS-IS Level-2 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
1.00-00 0x4f 0x7e94 918 0/0/0
2.00-00* 0x4d 0x3977 917 0/0/0
2.02-00* 0x48 0x1f29 917 0/0/0
For a description of the sample output from the show isis database command, refer to the
following table:
LSP Seq Num Indicates the LSP sequence number in the form of
0xdddddddd.
LSP Holdtime Indicates the LSP lifetime in the form of a common number.
The following is a sample output from the show isis circuit command:
ZXR10(config)#show isis circuits
Process ID: 0
Interface State Lev CirId Level1-DR Level2-DR Pri(L1/L2)
vlan1 Up L1L2 2 Dis is me Dis is me 64/64
For a description of the sample output from the show isis circuit command, refer to the
following table:
Lev Indicates the port level, which can be "L1", "L2", or "L1L2".
8-15
Level1–DR Indicates the level-1 designated router on the port, which can
be "xxxx.xxxx.xxxx.xx", "No found", "Disabled", "Dis is me",
"P to P" and so on.
Level2–DR Indicates the level-2 designated router on the port, which can
be "xxxx.xxxx.xxxx.xx", "No found", "Disabled", "Dis is me",
"P to P" and so on.
The following is a sample output from the show isis ipv6 route command:
ZXR10(config)#show isis ipv6 route
IS-IS Local IPv6 Routing Table
Codes: I1 - ISIS L1, I2 - ISIS L2
Porcess ID: 1
I1 1001::/64 [115/20]
via fe80::200:0:0:0,vlan2
I2 1002::/64 [115/30]
via fe80::200:0:0:0,vlan2
There are totally 2 routes.
For a description of the sample output from the show isis ipv6 route command, refer to the
following table:
The following is a sample output from the show isis topology command:
ZXR10(config)#show isis topology
Process ID: 0
IS-IS paths to Level-1 routers
System id Metric Next-Hop Interface SNPA
1 --
59E 10 59E vlan200 0059.28E0.0801
IS-IS paths to Level-2 routers
System id Metric Next-Hop Interface SNPA
1 --
59E 10 59E vlan200 0059.28E0.0801
2 10 2 vlan100 00D0.D0C7.FFE0
For a description of the sample output from the show isis topology command, refer to the
following table:
8-16
Configuration Thought
1. Enable the IPv6 protocol on the direct connection interfaces of S1 and S2, configure
IPv6 addresses for the direct connection interfaces, configure loopback interfaces,
enable IPv6 on the loopback interfaces, and configure IPv6 addresses for the loopback
interfaces.
2. Configure the IS-ISv6 protocol and ensure that the system-ids of the two routers are
not the same. If the IPv4 IS-IS protocol has been configured on certain interfaces of
the two routers, set both routers to the multi-topology mode. To set the multi-topology
mode, first set the metric type of the IS-IS protocol to "wide". If the IPv4 IS-IS protocol
is not configured on any interface of the two routers, adjacency can be established
through the default single-topology settings on the two routers. If any interface of either
router is configured with an IPv4 address and the IS-IS protocol, IS-ISv6 neighbors
can be established through the single-topology function on the two routers. In the
latter case, the interface needs to be configured with both an IPv4 address and an
8-17
IPv6 address as well as the commands ip router isis and ipv6 router isis. Here, the
multi-topology environment is taken as an example.
3. Enable the IS-ISv6 protocol on the interfaces.
4. Check and verify the configuration results: Neighbors are correctly established be-
tween the routers, and each router correctly computes the IPv6 topology and can suc-
cessfully ping the loopback interface of the peer router.
Configuration Commands
S1 configuration:
S1(config)#interface vlan10
S1(config-if-vlan10)#ipv6 enable
S1(config-if-vlan10)#ipv6 address 3611::11/64
S1(config-if-vlan10)#exit
S1(config)#interface loopback5
S1(config-if-vlan10)#ipv6 enable
S1(config-if-vlan10)#ipv6 address 3555::52/64
S1(config-if-vlan10)#exit
S1(config)#router isis
S1(config-isis-0)#area 47.0005
S1(config-isis-0)#system-id 0000.0000.0011
S1(config-isis-0)#metric-style wide
S1(config-isis-0)#interface vlan10
S1(config-isis-0-if-vlan10)#ipv6 router isis
S1(config-isis-0-if-vlan10)#exit
S1(config-isis-0)#interface loopback5
S1(config-isis-0-if-loopback5)#ipv6 router isis
S1(config-isis-0-if-loopback5)#exit
S1(config-isis-0)#address-family ipv6
S1(config-isis-0-af)#multi-topology
S1(config-isis-0-af)#end
S2 configuration:
S2(config)#interface vlan10
S2(config-if-vlan10)#ipv6 enable
S2(config-if-vlan10)#ipv6 address 3611::10/64
S2(config-if-vlan10)#exit
S2(config)#interface loopback5
S2(config-if-loopback5)#ipv6 enable
S2(config-if-loopback5)#ipv6 address 3550::52/64
S2(config-if-loopback5)#exit
S2(config)#router isis
S2(config-isis-0)#area 47.0005
S2(config-isis-0)#system-id 0000.0000.0022
S1(config-isis-0)#metric-style wide
8-18
S2(config-isis-0)#interface vlan10
S2(config-isis-0-if-vlan10)#ipv6 router isis
S2(config-isis-0-if-vlan10)#exit
S2(config-isis-0)#interface loopback5
S2(config-isis-0-if-loopback5)#ipv6 router isis
S2(config-isis-0-if-loopback5)#exit
S2(config-isis-0)#address-family ipv6
S2(config-isis-0-af)#multi-topology
S2(config-isis-0-af)#end
Configuration Verification
After the configuration is completed, run the show command on each router to check the
configuration information: Neighbors are correctly established between the routers, and
each router correctly computes the IPv6 topology and can successfully ping the loopback
interface of the peer router.
First verify the configuration results on S1. Run the command show running-config isis to
check the IS-IS configuration information as follows:
Run the command show isis adjacency to check whether the neighbor status is normal, that
is, check whether the state field is UP. After the neighbor is established, the state field
should indicate "UP":
S1#show isis adjacency
Interface System id State Lev Holds SNPA(802.2) Pri MT
vlan10 S2 UP/UP L1L2 7/6 00D0.D0AF.CC10 64/64 M
Run the command show isis ipv6 topology to check whether the topology is correctly
computed (For the single-topology environment, run the command show isis topology
instead to check it). If the topology has been successfully computed, the execution results
8-19
will indicate the following item. If the metric is "–", it indicates the local router. If the metric
is "xx", it indicates that the destination is unreachable.
S1#show isis ipv6 topology
IS-IS IPv6 paths to Level-1 routers
System id Metric Next-Hop Interface SNPA
S1 ----
S2 10 S2 vlan10 00D0.D0AF.CC10
IS-IS IPv6 paths to Level-2 routers
System id Metric Next-Hop Interface SNPA
S1 ----
S2 10 S2 vlan10 00D0.D0AF.CC10
Run the command show isis circuits to check the interface information and Designate IS
(DIS) election. If the interface status is "UP", the interface is normal. If the interface status
is "DOWN", the interface is abnormal. Then it is necessary to check the link status. The
Level1-DR item shows the system-id of the DIS.
S1#show isis circuits
IS-IS interface database:
Interface State Lev CirId Level1-DR Level2-DR Pri(L1/L2)
loopback5 Up L1L2 0 Disabled Disabled -/-
vlan10 Up L1L2 2 S2.02 S2.02 64/64
Run the command show ipv6 forwarding route isis_l1 or show ipv6 forwarding route isis_l2
to check route advertisement. If route advertisement is normal, the route advertised by the
loopback interface of the peer router can be seen.
S1#show ipv6 forwarding route isis_l1
IPv6 Routing Table:
Dest Owner Metric Interface Gw
3550::/64 I1 20 vlan10 fe80:12::2d0:d0ff:feaf:cc10
If neighbor establishment and route advertisement are normal, the loopback interface of
the peer route can be pinged through:
S1#ping6 3550::52
sending 5,100-byte ICMP echoes to 3550::52,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 0/0/0 ms.
8-20
$
interface vlan10
ipv6 router isis
$
interface loopback5
ipv6 router isis
$
! </ISIS>
S2#ping6 3555::52
sending 5,100-byte ICMP echoes to 3555::52,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 0/0/0 ms.
8-21
division is helpful to decrease the demand for memory, and the routers in each area only
need to maintain a smaller link state database.
Figure 8-2 shows a multi-area IS-IS instance. S1 is in Area 1, S2 in Area 0, and S3 and
S4 in Area 2. On S1, perform route aggregation for the network segments in Area 1. The
direct routes are redistributed to the IS-IS on R4.
Configuration Thought
1. Enable the IPv6 protocol on the interfaces, configure IPv6 addresses for these
interfaces, configure loopback interfaces, enable IPv6 on the loopback interfaces,
and configure IPv6 addresses for the loopback interfaces.
2. Configure the IS-ISv6 protocol and ensure that the system-ids of the routers are not
the same. Establish L2 neighbors between S2 and S1/S3, and establish L1 neighbors
between S3 and S4. Here, the multi-topology environment is taken as an example.
3. Enable the IS-ISv6 protocol on the interfaces.
4. Enable route aggregation on S1.
5. Redistribute the direct route on S4.
6. Check and verify the configuration results: The routers can correctly establish
neighbors and correctly compute the IPv6 topology, and the interface addresses of
the routers can be successfully pinged from each other
Configuration Commands
S1 configuration:
S1(config)#interface vlan10
S1(config-if-vlan10)#ipv6 enable
S1(config-if-vlan10)#ipv6 address 2003::1/64
S1(config-if-vlan10)#exit
S1(config)#interface loopback1
S1(config-if-loopback1)#ipv6 enable
S1(config-if-loopback1)#ipv6 address 2000:0:0:1::1/64
S1(config-if-loopback1)#exit
8-22
S1(config)#interface loopback2
S1(config-if-loopback2)#ipv6 enable
S1(config-if-loopback2)#ipv6 address 2000:0:0:2::1/64
S1(config-if-loopback2)#exit
S1(config)#interface loopback3
S1(config-if-loopback3)#ipv6 enable
S1(config-if-loopback3)#ipv6 address 2000:0:0:3::1/64
S1(config-if-loopback3)#exit
S1(config)#router isis
S1(config-isis-0)#area 01
S1(config-isis-0)#system-id 0000.0000.0011
S1(config-isis-0)#is-type level-1-2
S1(config-isis-0)#metric-style wide
S1(config-isis-0)#interface vlan10
S1(config-isis-0-if-vlan10)#ipv6 router isis
S1(config-isis-0-if-vlan10)#circuit-type level-2-only
S1(config-isis-0-if-vlan10)#exit
S1(config-isis-0)#interface loopback1
S1(config-isis-0-if-loopback1)#ipv6 router isis
S1(config-isis-0-if-loopback1)#circuit-type level-2-only
S1(config-isis-0-if-loopback1)#exit
S1(config-isis-0)#interface loopback2
S1(config-isis-0-if-loopback2)#ipv6 router isis
S1(config-isis-0-if-loopback2)#circuit-type level-2-only
S1(config-isis-0-if-loopback2)#exit
S1(config-isis-0)#interface loopback3
S1(config-isis-0-if-loopback3)#ipv6 router isis
S1(config-isis-0-if-loopback3)#circuit-type level-2-only
S1(config-isis-0-if-loopback3)#exit
S1(config-isis-0)#address-family ipv6
S1(config-isis-0-af)#multi-topology
S1(config-isis-0-af)#summary-prefix 2000::/48
S1(config-isis-0-af)#end
S2 configuration:
S2(config)#interface vlan10
S2(config-if)#ipv6 enable
S2(config-if)#ipv6 address 2003::2/64
S2(config-if)#exit
S2(config)#interface vlan20
S2(config-if)#ipv6 enable
S2(config-if)#ipv6 address 2001::2/64
S2(config-if)#exit
S2(config)#router isis
S2(config-isis-0)#area 00
8-23
S2(config-isis-0)#system-id 0000.0000.0012
S2(config-isis-0)#is-type level-2
S2(config-isis-0)#metric-style wide
S2(config-isis-0)#interface vlan10
S2(config-isis-0-if-vlan10)#ipv6 router isis
S2(config-isis-0-if-vlan10)#circuit-type level-2-only
S2(config-isis-0-if-vlan10)#exit
S2(config-isis-0)#interface vlan20
S2(config-isis-0-if-vlan20)#ipv6 router isis
S2(config-isis-0-if-vlan20)#circuit-type level-2-only
S2(config-isis-0-if-vlan20)#exit
S2(config-isis-0)#address-family ipv6
S2(config-isis-0-af)#multi-topology
S2(config-isis-0-af)#end
S3 configuration:
S3(config)#interface vlan20
S3(config-if)#ipv6 enable
S3(config-if)#ipv6 address 2001::3/64
S3(config-if)#exit
S3(config)#interface vlan30
S3(config-if)#ipv6 enable
S3(config-if)#ipv6 address 2300::3/64
S3(config-if)#exit
S3(config)#router isis
S3(config-isis-0)#area 02
S3(config-isis-0)#system-id 0000.0000.0013
S3(config-isis-0)#is-type level-1-2
S3(config-isis-0)#metric-style wide
S3(config-isis-0)#interface vlan20
S3(config-isis-0-if-vlan20)#ipv6 router isis
S3(config-isis-0-if-vlan20)#circuit-type level-2
S3(config-isis-0-if-vlan20)#exit
S3(config-isis-0)#interface vlan30
S3(config-isis-0-if-vlan30)#ipv6 router isis
S3(config-isis-0-if-vlan30)#circuit-type level-1
S3(config-isis-0-if-vlan30)#exit
S3(config-isis-0)#address-family ipv6
S3(config-isis-0-af)#multi-topology
S3(config-isis-0-af)#end
S4 configuration:
S4(config)#interface vlan30
S4(config-if)#ipv6 enable
S4(config-if)#ipv6 address 2300::4/64
8-24
S4(config-if)#exit
S4(config)#interface loopback4
S4(config-if)#ipv6 enable
S4(config-if)#ipv6 address 2400::4/64
S4(config-if)#exit
S4(config)#router isis
S4(config-isis-0)#area 02
S4(config-isis-0)#system-id 0000.0000.0014
S4(config-isis-0)#is-type level-1
S4(config-isis-0)#metric-style wide
S4(config-isis-0)#interface vlan30
S4(config-isis-0-if-vlan30)#ipv6 router isis
S4(config-isis-0-if-vlan30)#circuit-type level-1
S4(config-isis-0-if-vlan30)#exit
S4(config-isis-0)#interface loopback4
S4(config-isis-0-if-vlan30)#ipv6 router isis
S4(config-isis-0-if-vlan30)#circuit-type level-1
S4(config-isis-0-if-vlan30)#exit
S4(config-isis-0)#address-family ipv6
S4(config-isis-0-af)#multi-topology
S4(config-isis-0-af)#redistribute connected level-1 metric 10
S4(config-isis-0-af)#end
Configuration Verification
After the configuration is completed, run the show command on each router to check the
configuration information: Neighbors are correctly established, the topology is computed,
and interfaces can be pinged.
First verify the configuration results on S1. Run the command show running-config isis to
check the IS-IS configuration information as follows:
S1#show running-config isis
! <ISIS>
router isis 0
area 01
system-id 0000.0000.0011
metric-style wide
address-family ipv6
multi-topology
summary-address 2000::/48
$
interface vlan10
ipv6 router isis
circuit-type level-2-only
$
interface loopback1
8-25
Run the command show isis adjacency to check whether the neighbor status is normal, that
is, check whether the state field is UP. After the neighbor is established, the state field
should indicate "UP":
S1#show isis adjacency
Interface System id State Lev Holds SNPA(802.2) Pri MT
vlan10 S2 UP L2 7 00D0.D078.99D2 64 M
Run the command show isis ipv6 topology to check whether the topology is correctly
computed (For the single-topology environment, run the command show isis topology
instead to check it). If the topology has been successfully computed, the execution results
will indicate the following item. If the metric is "–", it indicates the local router. If the metric
is "xx", it indicates that the destination is unreachable.
S1#show isis ipv6 topology
IS-IS IPv6 paths to Level-1 routers
System id Metric Next-Hop Interface SNPA
S1 ---
IS-IS IPv6 paths to Level-2 routers
System id Metric Next-Hop Interface SNPA
S1 --
S2 10 S2 vlan10 00D0.D078.99D2
S3 20 S3 vlan10 00D0.D078.99D2
Run the command show ipv6 forwarding route isis_l2 to check route advertisement. If route
advertisement is normal, the route advertised by the loopback interface of the peer router
can be seen.
S1#show ipv6 forwarding route isis-l2
IPv6 Routing Table:
Dest Owner Metric Interface Gw
2001::/64 l2 20 vlan10 fe80:2e::2d0:d0ff:fe78:99d2
2300::/64 l2 30 vlan10 fe80:2e::2d0:d0ff:fe78:99d2
2400::/64 l2 40 vlan10 fe80:2e::2d0:d0ff:fe78:99d2
8-26
If neighbor establishment and route advertisement are normal, the loopback interface of
R4 can be pinged through:
S1#ping6 2400::4
sending 5,100-byte ICMP echoes to 2400::4,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max=97/120/156 ms.
8-27
8-28
8-29
8-30
The operating principles of BGP4+ are similar to those of BGP. For details, please refer
to the "BGP Configuration" chapter in ZXR10 M6000 (V1.00.30) Carrier-Class Router
Configuration Guide (IPv4 Routing Volume).
9-1
Command Function
ZXR10(config)#show bgp ipv6 unicast neighbor Shows BGP adjacency and the
current neighbor status.
ZXR10(config)#show BGP ipv6 unicast summary Shows the states of all BGP
neighbors.
The following is a sample output from the show ip bgp protocol command:
9-2
For a description of the sample output from the show ip bgp protocol command, refer to
the following table:
Hold time is 180 seconds, KeepAlive Indicates that the hold time is 90 seconds and the keepalive
time is 60 seconds time is 30 seconds.
Default local preference is 100 Indicates that the default local preference is 100.
IPv4 IGP synchronization is disabled BGP routing table is synchronized with IPv4 IGP routing table
(by default, they are not synchronized).
IPv6 IGP synchronization is disabled BGP routing table is not synchronized with IPv6 IGP routing
table (by default, they are not synchronized).
Distance : external 20 internal 200 Indicates that the external administrative distance is 20 and
the internal administrative distance is 200.
The following is a sample output from the show bgp ipv6 unicast neighbor command:
ZXR10#show BGP ipv6 unicast neighbor
BGP neighbor is 2002:9::2, remote AS 300, external link
BGP version 4, remote router ID 218.231.0.1
BGP state = Established, up for 00:13:58
Last read update 00:13:58, hold time is 90 seconds, keepalive interval is 30
seconds
Neighbor capabilities:
Route refresh: advertised and received
New ASN Capability: advertised
Address family IPv4 Unicast: received
IPv4 MPLS Label capability: received
Address family IPv4 Multicast: received
Address family VPNv4 Unicast: received
Address family IPv6 Unicast: advertised and received
IPv6 MPLS Label capability: received
9-3
9-4
BGP neighbor is 2002:9::2, remote The IP address is the peer BGP address of the TCP
AS 300, external link connection. The peer belongs to AS 300. It is an EBGP
connection.
BGP version 4, remote router ID BGP-4 is used. The peer BGP router ID is 218.231.0.1.
218.231.0.1
BGP state = Established, up for Neighbor relation state is Established. The session has been
00:13:58 established for 13 minutes 58 seconds.
hold time is 90 seconds, keepalive The hold time is 90 seconds, and the Keepalive interval is
interval is 30 s 30 seconds.
Route refresh: advertised and The neighbor supports enhanced router soft-reset.
received
All received 31 messages Totally 31 messages are received, among which there is
1 updates, 0 errs 1 open message, 1 update message and 29 keepalive
1 opens, 0 errs messages. There is no VPNV4 route update , no IPV4 route
29 keepalives update, no Notification message and no error message.
After last established received 29 Totally 29 messages are received since the neighbor
messages relationship was established last time, among which there is
1 updates, 0 errs 1 update message and 28 keepalive messages.
0 opens, 0 errs
28 keepalives
9-5
All sent 33 messages 5 updates, 1 Totally 33 messages are sent, among which there are 5
opens, 27 keepalives update messages, 1 open message and 27 keepalive
message.
After last established sent 31 Totally 31 messages are sent since the neighbor relationship
messages was established last time, among which there are 5 update
5 updates, 0 opens, 26 keepalives message, 0 open message and 26 keepalive messages.
For address family: IPv4 Unicast no Indicates that unicast IPv4 routes are described below. IPv4
activate unicast function is not activated.
All received nlri 0, unnlri 0, 0 accepted There is no NLRI message, no withdraw message and no
prefixes unicast prefix received.
All sent nlri 0, unnlri 0, 0 advertised here is no NLRI message, no withdraw message and no
prefixes unicast prefix sent.
Maximum limit 4294967295 The maximum limit is 4294967295s. The threshold to send
Threshold for warning message 75% warning messages is 75%.
For address family: IPv6 Unicast Indicates that unicast IPv6 routes are described below.
Med attribute sent to this neighbor MED attribute is sent to local device.
All received nlri 5, unnlri 0, 5 accepted There are 5 NLRI messages, no withdraw message and 5
prefixes unicast prefixes received.
All sent nlri 7, unnlri 6, 1 advertised There are 7 NLRI messages, 6 withdraw message and 1
prefixes unicast prefix received.
Maximum limit 4294967295 The maximum limit is 4294967295s. The threshold to send
Threshold for warning message 75% warning messages is 75%.
For address family: VPNv6 Unicast Indicates that unicast IPv6 routes are described below. IPv6
no activate unicast function is not activated.
For address family: IPv6 multicast no Indicates that multicast IPv6 routes are described below.
activate IPv6 multicast function is not activated.
Connections established 1 BGP neighbor relationship is established once with the peer.
Local host: 2002:9::1, Local port: Local IP host, including local IP address and TCP port
4331 number
Foreign host: 2002:9::2, Foreign port: Peer IP host, including peer IP address and TCP port number
179
The following is a sample output from the show bgp ipv6 unicast command:
9-6
A symbol "*" before a route entry indicates that the route is valid. A route marked with
the symbol ">" indicates that it is the optimal route. A route marked with the symbol "i"
indicates that it is an IGP route. A route marked with the symbol "e" indicates that it is
an EGP route. A route marked with the symbol "?" indicates that the origin of the route is
incomplete.
For a description of the sample output, refer to the following table:
Next-hop Indicates the next hop of the BGP route. A route with an
all-0s next hop indicates that the route is generated by the
local router itself.
Path Indicates the route origin, which can be one of "IGP", "EGP"
and "incomplete".
The following is a sample output from the show bgp ipv6 unicast summary command:
ZXR10# show bgp ipv6 unicast summary
Neighbor Ver As MsgRcvd MsgSend Up/Down State/Pfx
Rcd
2002:2::2 4 400 7 11 00:15:45 Connect
2002:8::2 4 500 0 0 00:00:00 0
2002:9::2 4 300 37 38 00:17:44 5
9-7
A complete alarm information record covers the alarm type, the alarm code, and the
additional information about the alarm. The alarm code indicates the essence of the
alarm and enables the alarm console to learn what the alarm is. An alarm may also carry
some additional information such as the alarm cause. For details about BGP alarms,
refer to the relevant alarm reference manual.
9-8
Configuration Thought
1. Enable BGP.
2. Specify neighbors.
3. Configure a route reflector group ID. Set the neighbors as route reflector clients.
4. Configure IGP to implement the interworking of routes in the AS200 (the configuration
is omitted). After the AS100 distributes route 1000::/64, the AS500 can learn the route.
Configuration Commands
S1 configuration:
S1(config)#router bgp 200
S1(config-bgp)#bgp router-id 1.1.1.1
S1(config-bgp)#neighbor 3fe6::1 remote-as 100
S1(config-bgp)#neighbor 2010::126 remote-as 200
S1(config-bgp)#address-family ipv6
S1(config-bgp-af-ipv6)#neighbor 3fe6::1 activate
S1(config-bgp-af-ipv6)#neighbor 2010::126 activate
S1(config-bgp-af-ipv6)#neighbor 2010::126 next-hop-self
S1(config-bgp-af-ipv6)#end
S2 configuration:
S2(config)#router bgp 200
S2(config-bgp)#bgp router-id 2.2.2.2
S2(config-bgp)#neighbor 6e22::1 remote-as 500
S2(config-bgp)#neighbor 3331::100 remote-as 200
S2(config-bgp)#address-family ipv6
S2(config-bgp-af-ipv6)#neighbor 6e22::1 activate
S2(config-bgp-af-ipv6)#neighbor 3331::100 activate
9-9
S3 configuration:
S3(config)#router bgp 200
S3(config-bgp)#bgp router-id 3.3.3.3
S3(config-bgp)#neighbor 2010::125 remote-as 200
S3(config-bgp)#neighbor 3331::101 remote-as 200
S3(config-bgp)#address-family ipv6
S3(config-bgp-af-ipv6)#neighbor 2010::125 activate
S3(config-bgp-af-ipv6)#neighbor 3331::101 activate
S3(config-bgp-af-ipv6)#neighbor 2010::125 route-reflector-client
S3(config-bgp-af-ipv6)#neighbor 3331::101 route-reflector-client
S3(config-bgp-af-ipv6)#end
9-10
Configuration Thought
1. Create a BGP4 instance.
2. Configure BGP4+ neighbors and routing policies.
3. Configure the redistribution command and enable neighbors to advertise routes.
Configuration Commands
S4 configuration:
S4(config)#router bgp 2
S4(config-bgp)#bgp router-id 4.4.4.4
S4(config-bgp)#neighbor 2001::1 remote-as 1
S4(config-bgp)#address-family ipv6
S4(config-bgp-af-ipv6)#neighbor 2001::1 activate
S4(config-bgp-af-ipv6)#redistribute static
S4(config-bgp-af-ipv6)#end
S1 configuration:
S1(config)#router bgp 1
S1(config-bgp)#bgp router-id 1.1.1.1
S1(config-bgp)#neighbor 2001::4 remote-as 2
S1(config-bgp)#neighbor 2003::2 remote-as 1
S1(config-bgp)#neighbor 2003::2 next-hop-self
S1(config-bgp)#address-family ipv6
S1(config-bgp-af-ipv6)#neighbor 2001::4 activate
S1(config-bgp-af-ipv6)#neighbor 2003::2 activate
S1(config-bgp-af-ipv6)#end
S2 configuration:
S2(config)#router bgp 1
S2(config-bgp)#bgp router-id 2.2.2.2
S2(config-bgp)#neighbor 2003::1 remote-as 1
S2(config-bgp)#neighbor 2003::1 next-hop-self
S2(config-bgp)#neighbor 2007::5 remote-as 3
S2(config-bgp)#neighbor 2007::5 ebgp-multihop
S2(config-bgp)#neighbor 2007::5 password hello
S2(config-bgp)#address-family ipv6
S2(config-bgp-af-ipv6)#neighbor 2003::1 activate
S2(config-bgp-af-ipv6)#neighbor 2007::5 activate
S2(config-bgp-af-ipv6)#end
S5 configuration:
S5(config)#router bgp 3
S5(config-bgp)#bgp router-id 5.5.5.5
S5(config-bgp)#neighbor 2005::2 remote-as 1
S5(config-bgp)#neighbor 2005::2 ebgp-multihop
S5(config-bgp)#neighbor 2005::2 password hello
9-11
S5(config-bgp)#address-family ipv6
S5(config-bgp-af-ipv6)#neighbor 2005::2 activate
S5(config-bgp-af-ipv6)#end
Configuration Verification
Run the command show bgp ipv6 unicast summary on S1 to check the adjacency, as shown
below:
S1(config)#show bgp ipv6 unicast summary
Neighbor Ver As MsgRcvd MsgSend Up/Down State/PfxRcd
2003::2 4 1 12 12 00:25:34 0
2001::4 4 2 14 14 00:28:06 4
Run the command show bgp ipv6 unicast on S1 to check the routing table, as shown below:
S1(config)#show bgp ipv6 unicast
Status codes: *valid, >best, i-internal
Origin codes: i-IGP, e-EGP, ?-incomplete
Network Next Hop Metric LocPrf RtPrf Path
*> 2004:1::/64 2001::4 2 ?
*> 2004:2::/64 2001::4 2 ?
*> 2004:3::/64 2001::4 2 ?
*> 2004:4::/64 2001::4 2 ?
Run the command show bgp ipv6 unicast summary on S2 to check the adjacency, as shown
below:
S2(config)#show bgp ipv6 unicast summary
Neighbor Ver As MsgRcvd MsgSend Up/Down State/PfxRcd
2003::1 4 1 12 12 00:25:34 4
2007::5 4 3 15 15 00:32:30 0
Run the command show bgp ipv6 unicast on S2 to check the routing table, as shown below:
S2(config)#show bgp ipv6 unicast
Status codes: *valid, >best, i-internal
Origin codes: i-IGP, e-EGP, ?-incomplete
Network Next Hop Metric LocPrf RtPrf Path
*> 2004:1::/64 2003::1/64 100 2 ?
*> 2004:2::/64 2003::1/64 100 2 ?
*> 2004:3::/64 2003::1/64 100 2 ?
*> 2004:4::/64 2003::1/64 100 2 ?
Run the command show bgp ipv6 unicast summary on S4 to check the adjacency, as shown
below:
S4(config)#show bgp ipv6 unicast summary
Neighbor Ver As MsgRcvd MsgSend Up/Down State/PfxRcd
2001::1 4 1 14 14 00:28:06 0
Run the command show bgp ipv6 unicast on S4 to check the routing table, as shown below:
9-12
Run the command show ip bgp summary on S5 to check the adjacency, as shown below:
S5(config)#show bgp ipv6 unicast summary
Neighbor Ver As MsgRcvd MsgSend Up/Down State/PfxRcd
2005::2 4 1 15 15 00:32:30 4
Run the command show bgp ipv6 unicast on S5 to check the routing table, as shown below:
S5(config)#show bgp ipv6 unicast
Status codes: *valid, >best, i-internal
Origin codes: i-IGP, e-EGP, ?-incomplete
Network Next Hop Metric LocPrf RtPrf Path
*> 2004:1::/64 2005::2/64 1 2 ?
*> 2004:2::/64 2005::2/64 1 2 ?
*> 2004:3::/64 2005::2/64 1 2 ?
*> 2004:4::/64 2005::2/64 1 2 ?
9-13
9-14
According to the requirements, the DSCP values of the packets of the two users sent
via the interface xgei-0/1/1/3 should be 7, the guaranteed bandwidth should be 100
M, and the maximum bandwidth should be 150 M.
10-1
l Configuration Thought
Configure two Committed Access Rates (CARs) in the downlink of the interface
xgei-0/1/1/3, match them with DSCP values 1 and 2 respectively, and set the DSCP
value of the permitted traffic to 7. Set the guaranteed bandwidth to 100 M, and set
the maximum bandwidth to 150 M.
l Configuration Commands
1. Enter the QoS configuration mode:
ZXR10(config)#pm-qos
ZXR10(config-qos)#
2. Configure QoS commands:
ZXR10(config-pm-qos)#conform-dscp 1 7 0 0
ZXR10(config-pm-qos)#conform-dscp 2 7 1 0
ZXR10(config-pm-qos)#trust-dscp xgei-0/1/1/1 enable
ZXR10(config-pm-qos)#trust-dscp xgei-0/1/1/2 enable
ZXR10(config-pm-qos)#traffic-shape xgei-0/1/1/3 queue 0
min-gua-datarate 100000 max-datarate-limit 150000
ZXR10(config-pm-qos)#traffic-shape xgei-0/1/1/3 queue
1 min-gua-datarate 100000 max-datarate-limit 150000
l Configuration Verification
Run the command show running-config pm-qos to check the CAR SET configured on
the interface:
10-2
! </pm-qos>
10-3
10-4
Multicast Address
An IPv6 address is of 128–bit long, divided by colons into eight bytes with four hex numbers
in each byte, such as FEDC:BA98:7654:3210:FEDC:BA98:7654:3210. An IPv6 multicast
address identifies a group of interfaces that belong to different nodes. A node can belong
to 0 or several multicast groups. A packet sent to a multicast address is received by all
interfaces identified by the multicast address.
According to RFC 4291, some IPv6 multicast addresses have been allocated permanently,
as described in Table 11-1.
11-1
RFC 3306 defines a mode to allocate IPv6 multicast addresses dynamically, that is, an IPv6
multicast address on the basis of unicast prefix. A such IPv6 multicast address includes the
unicast address prefix of its multicast source network. Global-unique multicast addresses
can be allocated in this way. The address structure is shown in Figure 11-1.
11-2
When IPv6 PIM sends a protocol message (such as PIM Hello, Join-Prune, Assert,
Bootstrap, Graft, Graft-Ack or State-refresh) of link-local range, the source IPv6
address of the message is the link-local address on the interface that sends
the message. When IPv6 PIM sends a protocol message (such as Register,
Register-Stop or C-RP Advertisement), the source IPv6 address of the message is
the global unicast address on the interface that sends the message.
IPv6 multicast does not support Multicast Source Discovery Protocol (MSDP). There
are two ways to receive multicast data from other IPv6 PIM domains.
a. One way is to obtain the multicast source addresses in other IPv6 PIM domains
directly through other modes (such as advertisement) and use IPv6 PIM-SSM to
initiate joins of specific source groups.
b. The other way is to use embedded Rendezvous Point (RP) mechanism. The
device can obtain the RP addresses in other IPv6 PIM domains through the IPv6
multicast addresses with embedded RP addresses, and initiate joins to the RPs
in other domains. To deliver inter-domain IPv6 multicast routing information, IPv6
MBGP can be used, which is similar to IPv4 MBGP.
8 ZXR10(config-mcast-ipv6)#multipath Multipath
11-3
Parameter Description
Parameter Description
11-4
At present, there are two versions of MLD. MLDv1 corresponds to IGMPv2, and it provides
the fast leaving mechanism of group members. MLDv2 corresponds to IGMPv3, and it
provides to receive or refuse to receive packets from designated multicast sources, thus
to support SSM.
12-1
Parameter Description
12-2
Parameter Description
The MLD function on ZXR10 5960 is on the basis of PIM interface. The MLD function will
be enabled automatically after PIM is enabled on an interface.
12-3
Parameter Description
Parameter Description
Parameter Description
By default, when a device receives an MLD leaving message, the group member will leave
the group if it does not receive any report message within (last member query interval *
2 + 1) seconds. If no option is configured in the command, it takes effect in all multicast
groups.
12-4
Users can set the timers related to the querier according to demand.
To configure MLD timers on the ZXR10 5960, perform the following steps:
Parameter Description
12-5
Parameter Description
Parameter Description
Parameter Description
Parameter Description
Command Function
ZXR10#show ipv6 mld groups{[vlan <interface-name>]|[<group-add Shows MLD group join information
ress>]}[detail] on an interface.
12-6
Command Function
ZXR10#show ipv6 mld packet-count [vlan <interface-name>] Shows statistics counts of MLD
protocol messages sent and
received.
ZXR10#clear ipv6 mld groups [vlan <interface-name>] Clears multicast groups that are
joined dynamically.
ZXR10#clear ipv6 mld packet-count [vlan <interface-name>] Clears statistics counts of MLD
protocol messages sent and
received.
The following is a sample output from the show ipv6 mld interface command:
ZXR10(config-mcast-ipv6)#show ipv6 mld inter vlan100
vlan100
Internet address is fe80::200:18ff:fe18:1800
MLD is enabled on interface
Current MLD version is 2
MLD query interval is 125 seconds and now in startup phase
MLD last member query interval is 1 seconds
MLD query max response time is 10 seconds
MLD querier timeout period is 255 seconds
MLD robustness variable is 2
MLD querier is
fe80::200:18ff:fe18:1800, never expire
Inbound MLD access group is not set
MLD immediate leave control is not set
The following is a sample output from the show ipv6 mld groups command:
ZXR10(config-mcast-ipv6-pim-if-vlanX)#show ipv6 mld groups
Group Address : ff80::1
Last Reporter : fe80::2ee:ffff:fe30:1000
Interface : vlan10
Uptime : 00:02:14
Expires : never
Last Reporter The address of the host that reports group member
information last time.
Interface Interface.
12-7
Configuration Thought
1. Configure addresses on the interfaces of the routers in interface configuration mode.
The address of S1 should be smaller than that of S2.
2. Enable multicast function by configuring ipv6 multicast-routing.
3. Enter PIM route mode and then enter the interfaces.
4. Enable PIM-SM in interface configuration mode.
Configuration Commands
S1 configuration:
S1(config)#interface vlan1
S1(config-if-vlan1)#ipv6 enable
S1(config-if-vlan1)#ipv6 address 100::1/64
S1(config-if-vlan1)#exit
S1(config)#ipv6 multicast-routing
S1(config-mcast-ipv6)#router pim
S1(config-mcast-ipv6-pim)#interface vlan1
S1(config-mcast-ipv6-pim-if-vlan1)#pimsm
S1(config-mcast-ipv6-pim-if-vlan1)#end
S2 configuration:
12-8
S2(config)#interface vlan2
S2(config-if-vlan2)#ipv6 enable
S2(config-if-vlan2)#ipv6 address 100::2/64
S2(config-if-vlan2)#exit
S2(config)#ipv6 multicast-routing
S2(config-mcast-ipv6)#router pim
S2(config-mcast-ipv6-pim)#interface vlan2
S2(config-mcast-ipv6-pim-if-vlan2)#pimsm
S2(config-mcast-ipv6-pim-if-vlan2)#end
Configuration Verification
Check and verify the configuration results as follows on S1:
S1#show ipv6 mld interface vlan1
vlan1
Internet address is 100::1
MLD is enabled on interface
Current MLD version is 2
MLD query interval is 125 seconds
MLD last member query interval is 1 seconds
MLD query max response time is 10 seconds
MLD querier timeout period is 255 seconds
MLD robustness variable is 2
MLD querier is fe80::2d0:d0ff:fe06:606,
expires timer:00:04:11
Inbound MLD access group is not set
MLD immediate leave control is not set
12-9
Configuration Thought
1. Configure addresses on the interfaces of the routers in interface configuration mode.
2. Enable multicast function by configuring ipv6 multicast-routing.
3. Enter PIM route mode and then enter the interfaces.
4. Enable PIM-SM in interface configuration mode.
5. Enter MLD route mode from multicast mode and then enter the interfaces.
6. Configure static group join on VLAN1 of S1.
7. Send MLD group join messages to S1 on the PC.
Configuration Commands
S1 configuration:
S1(config)#interface vlan1
S1(config-if-vlan1)#ipv6 enable
S1(config-if-vlan1)#ipv6 address 100::1/64
S1(config-if-vlan1)#exit
S1(config)#ipv6 multicast-routing
S1(config-mcast-ipv6)#router pim
S1(config-mcast-ipv6-pim)#interface vlan1
S1(config-mcast-ipv6-pim-if-vlan1)#pimsm
S1(config-mcast-ipv6-pim-if-vlan1)#end
S1#configure terminal
S1(config)#ipv6 multicast-routing
S1(config-mcast-ipv6)#router mld
S1(config-mcast-ipv6-mld)#interface vlan1
S1(config-mcast-ipv6-mld-if-vlan1)#static-group ffee::1 source 200::1
S1(config-mcas-ipv6-mld-if-vlan1)#end
Configuration Verification
View interface information on S1:
12-10
12-11
12-12
PIM-SM Principle
PIM-SM sends multicast packets by using a shared tree. A shared tree has a center point
that is responsible for sending packets to all the source-sending ends in the multicast
group. Each source-sending end sends packets to the center point along the shortest
path, and then takes the center point as the root point to distribute the packets to various
receiving ends of the group.
The group center point of the PIM-SM is called the RP. There may be several RPs in a
network, but there is only one RP in a multicast group.
A switch can obtain the location of the RP in two ways.
1. Configure the RP manually and statically on the switches running PIM-SM.
2. PIM-SMv2 obtains the location through the candidate RP advertisement. The
candidate RP with the lowest priority will become formal RPs.
In PIM-SM, some switches running PIM-SM are manually set to work as candidate
Bootstrap switch (BSR). The candidate BSR with the highest priority will be elected as
the formal BSR.
13-1
The BSR is responsible for collecting the candidate RP information on the multicast
switches in group to find out candidate RPs in the multicast domain. It notifies the
candidate RPs to all the PIM switches in the PIM domain in a unified way. Each PIM
switch, according to the similar Hash rules, elects the one with the highest priority as the
formal RP from the same candidate RP set. Candidate RPs are configured manually.
The switches running PIM-SM discover each other and maintain the neighbor relationship
by exchanging Hello messages. In the multi-access network, the Hello messages also
contain the priority information of switches. The DR is elected according to this parameter.
The multicast source or the first hop switch (the DR connecting to the source directly)
encapsulates a packet in a Register message, and then sends it to the RP through a unicast
switch. When receiving the Register message, the RP de-encapsulates the messages to
take out the packet, and then sends the packet to the receivers of the group along the
shared multicast tree.
Each host acting as a receiver joins the multicast group through the IGMP member report
message. The last hop switch (or the DP in the multi-access network) sends the received
Join message to the RP level by level. After receiving the Join message, the intermediate
switch checks whether it has already had the routes of the group. If it has, the intermediate
switch adds the downstream request switch to the shared multicast tree as a branch. If
not, it continues to send the Join message to the RP.
When the RP or the multicast switch connects to a receiver directly, it can switch to the
SPT from the shared tree. When the RP receives a Register message sent from a new
multicast source, the RP will return a Join message to the DR directly connecting to the
multicast source. Thus, the SPT from the source to the RP is constructed.
After a DR or a switch directly connecting to multicast members receives the first multicast
packet from the multicast group, or the received packets reaches a threshold, it can switch
to the SPT from the shared tree. Once the handover occurs, the switch will send a Prune
message to the upstream neighbor and request to leave the shared tree.
In PIM-SM, there are the following types of messages.
l Hello message: The switch interfaces on which PIM-SM runs send Hello messages
periodically to the neighbor interfaces in the same segment to establish neighbor
relationship. Hello messages are also used for switches running MLD to elect the
DR.
l Register message: When receiving a multicast packet sent by a host in the local
network, the DR will encapsulate the packet in a Register message and send it to the
RP through unicast. The source address in the IP header of the Register message is
the address of the DR, and the destination address is the address of the RP.
l Register-Stop message: The RP unicasts a Register-Stop message to the sender of
the Register message to inform it stop sending Register messages.
l Join/Prune message: This message is forwarded in the direction to the source or
the RP. A Join message is used to construct a source tree or a shard tree. When a
receiver leaves a group, it sends a Prune message to prune the source tree or the
shard tree. This message contains the joining information and pruning information
13-2
of the multicast route entities. The Join message and the Prune message are in the
same packet. Either message can be null.
l Bootstrap message: A route needs to send Bootstrap messages on all interfaces
except the interface on which the Bootstrap message is received. This message is
generated on the BSR and forwarded by all switches.
l Assert message: When there are several switches on a multi-access network and a
multicast group packet is received on an egress interface of a switch, it is necessary
to use the Assert message to designate a forwarder.
l Candidate-RP-Advertisement: A candidate RP unicasts
Candidate-RP-Advertisement to the BSR periodically to advertise the set of group
addresses served by the Candidate RP.
13-3
13-4
Parameter Description
Parameter Description
13-5
Parameter Description
<priority> Priority, in the range of 0-255, with the default value of 192
Note:
By default, no static RP is configured.
Parameter Description
13-6
Parameter Description
In PIM-SM, a RP is the root of the RPT. It is responsible for sending multicast packets to
downstream multicast receiving members along the RPT. There should be only one formal
RP in each multicast group.
Usage descriptions of a candidate RP:
1. The default priority of a candidate RP is 192. The RP with the smallest priority value
will become the RP. If some candidate RPs have the same smallest priority value, the
hash values are compared. The candidate RP with the largest hash value will become
the RP. If the hash values are the same, IP addresses are compared. The candidate
RP with the largest IP addresses will become the RP.
2. It is recommended to configure a candidate RP on the loopback interface to reduce
the network oscillation due to physical interface up/down.
13-7
Parameter Description
infinity Infinity, making all sources of designated groups use the RPT
Note:
By default, the threshold to hand the RPT over to the SPT is 0.
Only the last hop DR and RP can hand over to the SPT on their own initiative. By default,
the handover begins when the RP receives the first Register message. For the last hop
DR, the policy of SPT handover can be configured by using single multicast group as the
control granularity. If the handover threshold of a group is set to infinity, handover will not
be performed. By default, as long as there is traffic, handover is performed.
The command parameters in Step 2 are described as follows:
Parameter Description
By default, an interface is not the border of the PIM domain. When the interface is set to
the border of the PIM domain, no BSR messages can pass the border in any direction.
This function divides the network into different areas of BSR messages effectively. Other
PIM messages can pass the domain border.
The following example shows how to configure a PIM domain border on vlan1.
13-8
ZXR10(config-mcast-ipv6)#router pim
ZXR10(config-mcast-ipv6-pim)#interface vlan1
ZXR10(config-mcast-ipv6-pim-if-vlan1)#bsr-border
ZXR10(config-mcast-ipv6-pim-if-vlan1)#exit
The intervals of sending Hello messages to PIM-SM neighbors can be set according to
demand.
The following example shows how to configure the intervals of sending PIM Hello
messages on vlan1.
ZXR10(config-mcast-ipv6)#router pim
ZXR10(config-mcast-ipv6-pim)#interface vlan1
ZXR10(config-mcast-ipv6-pim-if-vlan1)#hello-interval 25
ZXR10(config-mcast-ipv6-pim-if-vlan1)#exit
Parameter Description
The source addresses of the multicast packets encapsulated in Register messages will be
filtered according to the rules defined in an ACL.
The command parameter in Step 2 is described as follows:
Parameter Description
13-9
Command Function
ZXR10(config)#show ipv6 pim mroute [group <group-address>] Displays the IPv6 PIM-SM routing
table.
ZXR10#show ipv6 pim traffic [<interface-name>] Displays the IPv6 PIM-SM traffic
statistics information.
ZXR10#clear ipv6 pimsm traffic [<interface-name>] Clears the IPv6 PIM-SM traffic
statistics information.
Parameter Description
The following example shows the outputs of the show ipv6 pim mroute command:
ZXR10(config-mcast-ipv6-pim)#show ipv6 pim mroute
IPv6 PIM Multicast Routing Table
Flags: T- SPT-bit set,A- Forward,J- Join SPT,U- Upsend,S- PIM-SM,D- PIM-DM,
Macro state: Ind- Pim Include Macro,Exd- Pim Exclude Macro,
Jns- Pim Joins Macro,LAst- Pim Lost_assert Macro,
Imo- Pim Immediate_olist Macro,Ino- Pim Inherited_olist Macro,
Lcd- Pim Local_receiver_include Macro
Timers:Uptime/Expire(Upstream State)/KAT
(*, ff1e::1)
13-10
00:00:10/00:00:00(JOINED)/00:00:00
RP address: ::
Ind: 1/Jns: 0/LAst: 0/Imo: 1/Lcd: 1
Iif: NULL, RPF nbr: 0::0
Oif:
vlan30, LocalIn / ImoXG
The following example shows the outputs of the show ipv6 pim mroute summary command:
ZXR10#show ipv6 pim mroute summary
IPv6 PIM-SM Multicast Routing Table Summary
(*, G):6 , (S, G):0, (S, G, rpt):0, Register:0
(*, ff88::1) (JOINED), RP: 2002::20
(*, ff88::2) (JOINED), RP: 2002::20
(*, ff88::3) (JOINED), RP: 2002::20
(*, ff88::4) (JOINED), RP: 2002::20
(*, ff88::5) (JOINED), RP: 2002::20
(*, ff88::6) (JOINED), RP: 2002::20
The following example shows the outputs of the show ipv6 pim bsr command:
ZXR10(config)#show ipv6 pim bsr
No IPv6 PIM-SM Bootstrap information !
This system is a candidate BSR!
candidate BSR address: 2002::20,
priority: 100,
hash mask length: 30
This system is a candidate RP!
candidate RP address: 2001::20,priority:192
The outputs of the show ipv6 pim bsr command are described as follows:
candidate BSR address IPv6 address of the candidate BSR configured locally
13-11
hash mask length Mask length of the candidate BSR configured locally
The following example shows the outputs of the show ipv6 pim rp mapping command:
ZXR10(config)#show ipv6 pim rp mapping
ff02::/16
RP : ::
Protocol : L-Local
RPF : ,
Info source: Default
Expires :
ff10::/15
RP : ::
Protocol : NOUSED
RPF : ,
Info source: Default
Expires :
ff12::/16
RP : ::
Protocol : L-Local
RPF : ,
Info source: Default
Expires :
ff00::/8
RP : 2001::20
Protocol : SM
RPF : Local,2001::20
Info source: BSR From: 2002::20, Priority: 188
Expires : 00:02:18
The outputs of the show ipv6 pim rp mapping command are described as follows:
Group The address and mask of the broadcast group that selects
the RP.
Protocol Protocol.
13-12
Group Address and the mask of the broadcast group that selects
the RP.
The following example shows the outputs of the show ipv6 pim rp hash command:
ZXR10(config)#show ipv6 pim rp hash ff88::2
rp address: 2001::20
The outputs of the show ipv6 pim rp hash command are described as follows:
The following example shows the outputs of the show ipv6 pim interface command:
ZXR10#show ipv6 pim interface vlan1
Interface State Nbr Hello DR
Count Period Priority
vlan1 Up 1 30 1
Address: fe80::2e0:d0ff:fe21:203
DR : fe80::2e0:d0ff:fe21:205
The outputs of the show ipv6 pim interface command are described as follows:
The following example shows the outputs of the show ipv6 pim neighbor command:
ZXR10(config-mcast-ipv6-pim)#show ipv6 pim neighbor
Neighbor Address(es): fe80::200:20ff:fe15:800
Interface: vlan100
Uptime: 00:03:46
Expire: 00:01:29
DR Pri: 1
Attr: N/A
The outputs of the show ipv6 pim neighbor command are described as follows:
13-13
The following example shows the outputs of the show ipv6 pim nexthop command:
ZXR10(config)#show ipv6 pim nexthop
IPv6 PIM-SM Nexthop Table
Nexthop state: R- Nexthop to RP,S- Nexthop to Source,
O- Related with Unicast,U- No Unicast Route,
L- Local Route,C- Connect to Dest,
Nexthop:2001::20 (00:03:26)
Type:.R. . . .L.
Metric:0
Preference:0
Nexthop address:::(is Local)
Nexthop port:vlan1
Nexthop:2002::20 (00:03:26)
Type:. . . . .L.
Metric:0
Preference:0
Nexthop address:::(is Local)
Nexthop port:vlan1
The outputs of the show ipv6 pim nexthop command are described as follows:
The outputs of the show ipv6 pim traffic command are described as follows:
13-14
Register:0/0, Register-Stop:0/0
Bootstrap:0/0, C-RP-Ad:0/0
Assert:0/0, State-Refresh:0/0
Graft:0/0, Graft-Ack:0/0
Interface: vlan30
Hello:0/8, Join/Prune:0/0
Register:0/0, Register-Stop:0/0
Bootstrap:0/0, C-RP-Ad:0/0
Assert:0/0, State-Refresh:0/0
Graft:0/0, Graft-Ack:0/0
Total traffic in current PIM instance:
Total:10/70, Received error packet:0
Hello:10/70, Join/Prune:0/0
Register:0/0, Register-Stop:0/0
Bootstrap:0/0, C-RP-Ad:0/0
Assert:0/0, State-Refresh:0/0
Graft:0/0, Graft-Ack:0/0
The outputs of the show ipv6 pim traffic command are described as follows:
Parameter Description
13-15
Parameter Description
The following example shows the outputs of the clear ipv6 pim traffic command:
ZXR10#clear ipv6 pim traffic
ZXR10#show ipv6 pim traffic
IPv6 PIM-SM packet receive:
Interface Hel Reg Reg-st J/P Bst Ast
C-RP-Ad
loopback1 0 0 0 0 0 0
0
vlan1 0 0 0 0 0 0
0
vlan2 0 0 0 0 0 0
0
IPv6 PIM-SM packet send:
Interface Hel Reg Reg-st J/P Bst Ast
C-RP-Ad
loopback1 0 0 0 0 0 0
0
vlan1 0 0 0 0 0 0
0
vlan2 0 0 0 0 0 0
0
Total traffic in current IPv6 PIM-SM instance:
Summary_pkt Hel Reg Reg-st J/P Bst Ast
C-RP-Ad
13-16
RCV_type 0 0 0 0 0 0
0
SEND_type 0 0 0 0 0 0
0
pkt_rcv_all 0
pkt_rcv_error 0 pkt_rcv_ok_notpim 0
xg_Prune_rcv 0 sg_Prune_rcv 0
igmp_xglev_rcv 0 igmp_sginlev_rcv 0
pkt_send_all 0
data_rcv_all 0 wrong_data_rcv 0
data_send_all 0 wrong_data_send 0
Method
1. Configure related interfaces addresses.
2. Enter multicast configuration mode.
3. Enter PIM-SM configuration mode.
4. Set the loopback5 interface on S2 to CRP and BSR.
5. Enable PIM-SM on interfaces.
6. Configure a unicast route to the RP on S1. Configure a unicast route to the multicast
source on S2 (In this example, static route or IGP can be used).
Steps
S1 configuration:
S1(config)#ipv6 multicast-routing
13-17
S1(config-mcast-ipv6-pim)#router pim
S1(config-mcast-ipv6-pim)#interface vlan1
S1(config-mcast-ipv6-pim-if-vlan1)#pimsm
S1(config-mcast-ipv6-pim-if-vlan1)#exit
S1(config-mcast-ipv6-pim)#interface vlan2
S1(config-mcast-ipv6-pim-if-vlan2)#pimsm
S1(config-mcast-ipv6-pim-if-vlan2)#dr-priority 20
S1(config)#ipv6 route ::/0 199::2
S2 configuration:
S2(config)#ipv6 multicast-routing
S2(config-mcast-ipv6)#router pim
S2(config-mcast-ipv6-pim)#rp-candidate loopback5
S2(config-mcast-ipv6-pim)#bsr-candidate loopback5
S2(config-mcast-ipv6-pim)#interface vlan3
S2(config-mcast-ipv6-pim-if-vlan3)#pimsm
S2(config-mcast-ipv6-pim-if-vlan3)#exit
S2(config-mcast-ipv6-pim)#interface vlan2
S2(config-mcast-ipv6-pim-if-vlan2)#pimsm
S2(config-mcast-ipv6-pim-if-vlan2)#dr-priority 20
S2(config-mcast-ipv6-pim-if-vlan2)#end
S2#configure terminal
S2(config)#ipv6 route ::/0 199::1
Verification
Execute the show ip pim interface command on S1 to check the interface state, as shown
below.
S1(config)#show ipv6 pim interface
Interface State Nbr Hello DR
Count Period Priority
vlan1 Up 0 30 1
Address: fe80::2d0:d0ff:fe06:606
DR : fe80::2d0:d0ff:fe06:606
vlan2 Up 0 30 1
Address: fe80::2d0:d0ff:fe06:606
DR : fe80::2d0:d0ff:fe06:606
Execute the show ipv6 pim neighbor command on S1 to check the neighbor state, as shown
below.
13-18
Execute the show ip pim rp mapping command on S1 to check the RP state, as shown
below.
S1(config)#show ipv6 pim bsr
BSR address: 100::1
Uptime:00:00::40,BSR Priority :0,Hash mask length:30
Expires:00:01:30
No IPv6 PIM-SM candidate RP information!
Execute the show ipv6 pim mroute command on S2 to check IPv6 PIM multicast routing
table.
S2(config)#show ipv6 pim mroute
IPv6 PIM Multicast Routing Table
Flags: T- SPT-bit set,A- Forward,J- Join SPT,U- Upsend,S- PIM-SM,D- PIM-DM,
Macro state: Ind- Pim Include Macro,Exd- Pim Exclude Macro,
Jns- Pim Joins Macro,LAst- Pim Lost_assert Macro,
Imo- Pim Immediate_olist Macro,Ino- Pim Inherited_olist Macro,
Lcd- Pim Local_receiver_include Macro
Timers:Uptime/Expires(Upstream State)
(*, ff1e::1), 11:36:34/00:00:18(JOINED)/00:00:00, RP address: 100::1,
Ind: 1/Jns: 0/LAst: 0/Imo: 1/Lcd: 1
Iif: NULL, RPF nbr: 0::0
Oif:
vlan3, LocalIn / ImoXG
(198::2, ff1e::1), 00:00:18/00:00:42(JOINED)/00:03:21,
Reg:NO INFO; RP:100::1; RT:NULL;
Ind:0/Exd:0/Jns:0/LAst:0/Imo:0/Ino:1
Iif: vlan2, RPF nbr:fe80::259:28ff:fee0:801(S); AT
RPF nbr:0::0(D); 00:00:00(FORWARD);
Oif:
vlan3, InheritedFromXG / InoSGRpt / InoSG
13-19
13-20
Command Function
Parameter Description
14-1
Command Function
ZXR10#show ipv6 pim mroute [group <group-address>][source Shows IPv6 PIM-SM routing table.
<source-address>]
Parameter Description
The following example shows the outputs of the show ipv6 pim mroute command:
ZXR10(config)#show ipv6 pim mroute group ff33::1 source 198::2
IPv6 PIM Multicast Routing Table
Flags: T- SPT-bit set,A- Forward,J- Join SPT,U- Upsend,S- PIM-SM,D- PIM-DM,
Macro state: Ind- Pim Include Macro,Exd- Pim Exclude Macro,
Jns- Pim Joins Macro,LAst- Pim Lost_assert Macro,
Imo- Pim Immediate_olist Macro,Ino- Pim Inherited_olist Macro,
Lcd- Pim Local_receiver_include Macro
Timers:Uptime/Expires(Upstream State)
(198::2, ff33::1), 00:11:18/00:00:00(JOINED)/00:03:32,
Ind:1/Exd:0/Jns:0/LAst:0/Imo:1/Ino:1
Iif: vlan1, RPF nbr:0::0(S); AT
RPF nbr:0::0(D); 00:00:00(FORWARD);
Oif:
vlan2, LocalInSG / InoSG
14-2
Method
1. In interface mode, configure the interface address for both vlan1 and vlan2.
2. Enable the IP multicast function with the ipv6 multicast-routing command.
3. Enter the PIM-SM route configuration mode to configure the address range of SSM
groups.
4. Enter VLAN 1 and VLAN 2 to enable the PIM-SM protocol.
5. Enter MLD route configuration mode and then enter the interfaces to enable MLDv2.
6. Send dynamic group MLDv2 Join messages to specific receiving groups.
Steps
S1 configuration:
S1(config)#ipv6 multicast-routing
S1(config-mcast-ipv6)#router pim
S1(config-mcast-ipv6-pim)#interface vlan1
S1(config-mcast-ipv6-pim-if-vlan1)#pimsm
S1(config-mcast-ipv6-pim-if-vlan1)#exit
S1(config-mcast-ipv6-pim)#interface vlan2
S1(config-mcast-ipv6-pim-if-vlan2)#pimsm
S1(config-mcast-ipv6-pim-if-vlan2)#exit
S1(config-mcast-ipv6-pim)#ssm range default
S1(config-mcast-ipv6-pim)#exit
S1(config-mcast-ipv6)#router mld
S1(config-mcast-ipv6-mld)#interface vlan2
S1(config-mcast-ipv6-mld-if-vlan2)#version 2
Verification
Check the configuration information on S1, as shown below.
S1#show running-config multicast6
!<multicast 6>
ipv6 multicast-routing
router pim
ssm range default
interface vlan2
pimsm
$
interface vlan1
14-3
pimsm
$
$
router mld
interface vlan2
$
!<multicast 6>
14-4
15-1
l If the longest matching rule is used, the longest matching path is selected from the
three paths.
l If the three paths have the same subnet mask, the highest-priority path is selected.
l If the three paths have the same priority, the path is selected in the following order:
à Static multicast path
à MGGP path
à Unicast path
This optimal path is used as an RPF route. After an RPF route is determined,
corresponding RPF interfaces and RPF neighbors are also determined.
Parameter Description
Parameter Description
15-2
Parameter Description
Parameter Description
Command Function
ZXR10#show ipv6 multicast-static-route [group Displays the contents in the static multicast
<group-address>][source <source-address>] routing table.
ZXR10##show ipv6 multicast-static-route summary Displays the statistics on the contents in the static
multicast routing table.
Figure 15-1 Sample Networking Topology for the IPv6 Static Multicast
Configuration
l Configuration Flow
1. Configure the IP addresses.
2. Enter the multicast mode.
15-3
l Configuration Verification
15-4
16-1
matched tunnel entity according to the source address and destination address of
the packet. If the matched tunnel entity is found, the IPv4 header encapsulated is
removed, and the left IPv6 packet is handled according to the IPv6 packet receiving
flow.
ISATAP tunnel principle is shown in Figure 16-1.
16-2
Parameter descriptions:
Parameter Description
Method
To configure an ISATAP tunnel, it is necessary to enable IPv6 and bind the IPv4 address
of the switch at the source end of the tunnel. It is unnecessary to configure the destination
address. The configuration steps are described below:
1. Create an ISATAP tunnel. Configure an IPv6 address and enable IPv6. The IPv6
address on the ISATAP interface uses eui mode.
2. Enter tunnel configuration mode from global configuration mode, and then enter the
ISATAP tunnel interface to be configured.
3. Configure the tunnel mode and the source address.
4. Configure an IPv6 static route with the next hop being a tunnel.
16-3
Steps
S1 configuration:
S1(config)#interface vlan10
S1(config-if-vlan10)#ipv6 enable
S1(config-if-vlan10)#ipv6 address 1000::1/64
S1(config-if-vlan10)#no ipv6 nd suppress-ra
S1(config-if-vlan10)#exit
S1(config)#interface v6_tunnel1
S1(config-if-v6_tunnel1)#ipv6 enable
S1(config-if-v6_tunnel1)#ipv6 address 2000::/64 eui-64
S1(config-if-v6_tunnel1)#exit
S1(config)#ipv6-tunnel-config
S1(config-ipv6-tunnel)#interface v6_tunnel1
S1(config-ipv6-tunnel-if-v6_tunnel1)#tunnel mode ipv6ip isatap
S1(config-ipv6-tunnel-if-v6_tunnel1)#tunnel source ipv4 20.0.0.1
S1(config-ipv6-tunnel-if-v6_tunnel1)#exit
S1(config-ipv6-tunnel)#exit
S1(config)#ipv6 route 2000::/64 v6_tunnel1
Verification
Check the ISATAP configuration on S1, as shown below:
S1(config)#show running-config-interface v6_tunnel1
!<if-intf>
interface v6_tunnel1
ipv6 enable
ipv6 address 2000::/64 eui-64
$
!</if-intf>
!<ipv6-tunnel>
ipv6-tunnel-config
interface v6_tunnel1
tunnel mode ipv6ip isatap
tunnel source ipv4 20.0.0.1
$
$
!</ipv6-tunnel>
!<nd>
interface v6_tunnel1
ipv6 nd suppress-ra disable
$
!</nd>
!<ipv6-static-route>
ipv6 route 2000::/64 v6_tunnel1
16-4
!</ipv6-static-route>
Execute the show ipv6 interface brief v6_tunnel2 command on S1 to view the tunnel
interface information, as shown below:
S1(config)#show ipv6 inter brief v6_tunnel1
v6_tunnel1 [up/up]
fe80::5efe:1400:1
2000::5efe:1400:1/64 [EUI]
16-5
16-6
Strict RPF is an easier method to filter source address. It performs routing lookup by
source address and estimate whether the egress interface of return path is consistent
with the ingress interface of packets arriving. If they are consistent, the forwarding
will continue. If they are inconsistent, URPF ACL matching is considered to perform.
If URPF ACL matching is not performed, then the packets will be discarded directly.
Conversely, if URPF ACL matching is performed and the result is matched, the
forwarding will continue. If the result is nonmatched, the packets will be discarded.
Strict RPF is only suitable for route symmetry. That is, when the packets enter from
a direction, its entrance path is the same with its return path. However, the route
paths usually are asymmetric between ISPs. Meanwhile, if some BGP valid network
segment address are not advertised or accepted by ISP policy, sRPF just like an ACL
with incomplete configuration. Some valid data flow will be discarded because lack of
information in forwarding table of filter router.
17-1
Route still uses source IP address to look up route forwarding table. The packet is
permitted to forward when the route is found. However, the default route is ignored
to find in route forwarding table. Therefore, lnRPF is only suitable for dropping invalid
data flow through the default route. lnRPF has a explicit route for each valid route.
1 ZXR10(config)#ipv6 verify unicast source reachablevia {rx Enables IPv6 URPF function
| any} interface <interface-name>[ignore-default-route] on an interface.
2 ZXR10(config)#no ipv6 verify unicast source reachable-via Disables IPv6 URPF function
interface <interface-name> on an interface.
Parameter Description
rx Strict mode
Command Function
This example describes what will be displayed after show running-config urpf is used.
ZXR10(config)#show running-config urpf
! <URPF>
interface xgei-0/1/1/1
ip verify unicast source reachable-via rx
!
interface xgei-0/1/1/2
ip verify unicast source reachable-via any
-ignore-default-route
!
17-2
! </URPF>
Parameter Description
rx Strict mode
Method
1. Configure interface IP address.
2. Configure strict URPF.
Steps
S1 configuration,
S1(config)#interface vlan10
S1(config-if-vlan10)#ipv6 enable
S1(config-if-vlan10)#ipv6 address 1:1::ad:ea/64
S1(config-if-vlan10)#exit
S1(config)#ip verify unicast source reachable-via rx interface xgei-0/1/1/1
Verification
Validate configuration result,
S1(config)#show running-config urpf
!<urpf>
interface xgei-0/1/1/1
ip verify unicast source reachable-via rx
!</urpf>
17-3
17-4
Command Function
Example
The following is a sample output from the ZXR10#show ipv6 pmtu command:
ZXR10#show ipv6 pmtu
MTU Since Timeout Dest Vrfname(Vpnid)
1300 19s 9m41s 3ffe:320e:1:211::2 zte
1400 27s 9m33s 3ffe:3000:1:211::2 zte
18-1
18-2
The window mechanism can greatly improve the network throughput. Congestion
mechanism and retransmission mechanism can solve the packet delay and retransmission
faults. The state machine and timers are key to TCP6 data transmission.
19-1
Parameter Description
19-2
Command Function
The following is a sample output from the show tcp6 brief command:
ZXR10#show tcp brief
TCB Index Local Address Foreign Address State
11 2001::1:23 2001::10:3183 ESTAB
10 2001::1:23 2001::10:3182 ESTAB
7 2001::1:23 2001::6:1380 ESTAB
10 2001::1:23 2001::10:3182 ESTAB The index of the current control block is 10.
l Local Address: Local address and the port.
l Foreign Address: Remote address and the
port.
l State: State of the TCP connection.
The following is a sample output from the show tcp6 config command:
ZXR10#show tcp6 config
IPv6 TCP SYNWAIT: 75
IPv6 TCP FINWAIT: 675
IPv6 TCP QUEUEMAX: 5
IPv6 TCP WINDOWSIZE: 65535
TCP FINWAIT: 675 TCP6 connection FIN packet timeout time. Unit:
second.
19-3
The following is a sample output from the show tcp6 statistics command:
ZXR10#show tcp6 statistics
Rcvd:0 Total
0 checksum error, 0 bad offset, 0 too short
0 packets (0 bytes) in sequence
0 dup packets (0 bytes)
0 partially dup packets (0 bytes)
0 out-of-order packets (0 bytes)
0 packets (0 bytes) with data after window
0 packets after close
0 window probe packets, 0 window update packets
0 dup ack packets, 0 ack packets with unsend data
0 ack packets (0 bytes)
Sent: 0 Total
0 control packets (including 0 retransmitted)
0 data packets (0 bytes)
0 data packets (0 bytes) retransmitted
0 ack only packets (0 delayed)
0 window probe packets, 0 window update packets
0 Connections initiated, 0 connections accepted, 0 connections established
0 Connections closed (including 0 dropped, 0 embryonic dropped)
0 Total rxmt timeout, 0 connections dropped in rxmt timeout
0 Keepalive timeout, 0 keepalive probe, 0 connections dropped in keepalive
19-4
The following is a sample output from the show tcp6 tcb <tcb-index> command:
ZXR10#show tcp6 tcb 3
Connection state is ESTAB
Local host: 2345:6:7:8:ffff:2:1:a, Local port: 23
Foreign host: 2345:6:7:8:fff:2:1:b, Foreign port: 39647
19-5
19-6
The UDP6 uses the source port (source IP address) and the destination port (destination IP
address) to establish a connection between two programs. It is a connectionless datagram
transmission mechanism. When you use the UDP6 protocol to transmit data, there is no
reply. The sender does not guarantee that the data is sent to the destination, and the
receiver only arranges the datagram according to the sequence field. If a datagram fails
to reach the destination, all data need to be retransmitted.
20-1
20-2
Figure 21-1 shows the relation among DHCPv6 clients, relays and a server.
21-1
DHCPv6 Principle
Each DHCPv6 client or server has a unique identifier, that is, a DHCP Unique Identifier
(DUID). There are several modes to generate DUIDs. The lengths of DUIDs are different.
Not each message needs to carry a DUID, so a DUID is contained in the option information.
Identity Association (IA) is an abstract concept used by DHCPv6 servers and clients to
identify, group and management multiple addresses. A network interface needs at lest
one IA to manage the IPv6 address information obtained on this interface. An IA must
be associated with a unique network interface. Different IAs are identified by IAIDs. The
IPv6 address information allocated by DHCPv6 is contained in IAs. An IA can carry the
information of several addresses.
DHCPv6 uses UDP to transport the protocol packets. The detection port on clients is
Port 546, and the detection port on servers and relays is Port 547. Clients always use
multicast packets to start interactions. DHCPv6 defines two multicast addresses. One is
the multicast address (FF05::1:3) of all local DHCP servers, and the other is the multicast
address (FF02::1:2) of all servers and relay agents.
There are the following types of standard DHCPv6 messages.
l Solicit message (1): A client uses Solicit messages to locate the position of a server.
l Advertise message (2): A server sends an Advertise message to reply a Solicit. An
Advertise message contains the allocated address and option information.
l Request message (3): A client sends a Request message to a specified server to
request an address and configuration information.
l Confirm message (4): A client sends Confirm messages to any reachable server to
check whether the current IPv6 address it obtained is suitable for the connected links.
l Renew message (5): A client uses Renew messages to extend the address lease
term and update other configuration information.
l Rebind message (6): If the renew message is not replied, a client will use a Rebind
message to extend the address lease term and update other configuration information.
l Reply message (7): A server uses Reply message to respond Request, Renew,
Rebind, Release, Decline and Information-request messages. A Reply message can
carry an address and configuration information. In an exception, a Reply message
also can carry the status code information of an error.
l Release message (8): When a client sends a Release message to a server that
allocates an address for this client, the client does not use the address (or addresses)
any longer.
l Decline message (9): When a client sends a Decline message to a server, the address
(or addresses) has (have) been used on a link (or links).
l Reconfigure message (10): A server can send a Reconfigure message to a client to
hint the configuration information that the client can update.
l Information-request message (11): A client sends an Information-request message to
a sever to request configuration information without requesting an IP address.
l Relay-forward message (12): A relay agent sends a Relay-forward message to a
server to replay information.
21-2
21-3
21-4
21-5
Parameter Description
<timeout> The time before releasing conflicted addresses for the IPv6
address pool. Range: 1-18000 minutes, default: 30 minutes.
21-6
Parameter Description
Parameter Description
<valid-lifetime> The valid life time of the address pool, in the unit of second,
in the range of 60-4294967295
<preferred-lifetime> The preferred life time of the address pool, in the unit of
second, in the range of 60-4294967295
21-7
21-8
Parameter Description
{normal | first | round-robin} Normal mode is to forward to all servers. First mode is
master/slave mode. Round-robin is load sharing mode. The
default mode is normal.
Parameter Description
Command Function
ZXR10#show ipv6 dhcp server user [interface Shows the client information on a DHCPv6
<interface-name>]|[summary] server.
ZXR10#show ipv6 dhcp relay user [interface Shows the client information on a DHCPv6
<interface-name>]|[summary] relay.
Parameter Description
The following is a sample output from the show ipv6 dhcp server user command:
ZXR10#show ipv6 dhcp server user
Client DUID: 0001000113CB5B3A002127A242AA
IA NA: IA ID 2720473344, T1 500, T2 800
Address: 100::2
preferred lifetime 1000 seconds, valid lifetime 1000 seconds
expires at 16:28:51 07/16/2010 (918 seconds)
21-9
IA ID IA identifier.
Configuration Thought
1. Enable IPv6 on the interface and configure an IPv6 address.
2. Configure an IPv6 address pool and configure related parameters such as the range
of the address pool.
3. Enable DHCPv6 globally.
4. Configure DHCPv6 pool. The DHCPv6 pool needs to bind to an IP pool. Configures
DNS, lease time and other parameters.
5. Configure DHCPv6 policy. The DHCPv6 policy is a policy option. Many priorities are
supported by a name for policy management.
6. Configure a DHCPv6 server. Configure server mode in DHCPv6 interface
configuration mode. Bind the policy.
21-10
Configuration Commands
Configuration on S1:
S1(config)#switchvlan-configuration
S1(config-swvlan)#interface xgei-0/1/1/1
S1(config-swvlan-if-xgei-0/1/1/1)#switchport access vlan 10
S1(config-swvlan-if-xgei-0/1/1/1)#exit
S1(config-swvlan)#exit
S1(config)#interface vlan10
S1(config-if-vlan10)#ipv6 enable
S1(config-if-vlan10)#ipv6 address 86::1:1/96
S1(config-if-vlan10)#exit
/*Enable DHCPv6*/
S1(config)#dhcp ipv6
S1(config-dhcpv6)#enable
/*Configure server mode in interface configuration mode and bind the policy*/
S1(config-dhcpv6)#interface vlan10
S1(config-dhcpv6-if-vlan10)#mode server
S1(config-dhcpv6-if-vlan10)#server policy zte
S1(config-dhcpv6-if-vlan10)#exit
Configuration Verification
Check the configuration of the IPv6 address pool on S1, as shown below.
21-11
After the PC user obtains an address through DHCPv6, check the user information on S1,
as shown below.
S1#show ipv6 dhcp server user
Client DUID: 000100014CFBF3DB001094000001
IA NA: IA ID 0, T1 500, T2 800
Address: 86::1:2
preferred lifetime 1000 seconds, valid lifetime 1000 seconds
expires at 11:08:11 12/07/2010 (995 seconds)
Client DUID: 000100014CFBF3DB001094000002
IA NA: IA ID 0, T1 500, T2 800
Address: 86::1:3
preferred lifetime 1000 seconds, valid lifetime 1000 seconds
expires at 11:08:10 12/07/2010 (994 seconds)
Client DUID: 000100014CFBF3DB001094000003
IA NA: IA ID 0, T1 500, T2 800
Address: 86::1:4
preferred lifetime 1000 seconds, valid lifetime 1000 seconds
expires at 11:08:10 12/07/2010 (994 seconds)
21-12
Configuration Thought
1. Configure an IPv6 address on the interface of the relay and enable DHCPv6.
2. Configure a relay server group on the relay. Bind the group in the relay policy.
3. Configure relay agent mode on the interface connected to the PC on the relay.
4. The configuration on the server is similar to that on the server in the "DHCPv6 Server
Configuration Instance". It is necessary to specify the IPv6 address of the relay
interface in the DHCPv6 policy.
5. Configure a static route to the network segment of the relay interface on the server.
Configuration Commands
Configuration on S1:
/*Configure an interface*/
S1(config)#switchvlan-configuration
S1(config-swvlan)#interface xgei-0/1/1/1
S1(config-swvlan-if-xgei-0/1/1/1)#switchport access vlan 10
S1(config-swvlan-if-xgei-0/1/1/1)#exit
S1(config-swvlan)#exit
S1(config-swvlan)#interface xgei-0/1/1/2
S1(config-swvlan-if-xgei-0/1/1/2)#switchport access vlan 20
21-13
S1(config-swvlan-if-xgei-0/1/1/2)#exit
S1(config-swvlan)#exit
S1(config)#interface vlan10
S1(config-if-vlan10)#ipv6 enable
S1(config-if-vlan10)#ipv6 address 86::1:1/96
S1(config-if-vlan10)#exit
S1(config)#interface vlan20
S1(config-if-vlan20)#ipv6 enable
S1(config-if-vlan20)#ipv6 add 87::1:1/96
S1(config-if-vlan20)#exit
/*Specify a server*/
S1(config-dhcpv6)#relay server group 1
S1(config-dhcp-server-group)#server 1 87::1:2
S1(config-dhcp-server-group)#exit
Configuration on S2:
/*Configure an interface*/
S2(config)#switchvlan-configuration
S2(config-swvlan)#interface xgei-0/1/1/2
S2(config-swvlan-if-xgei-0/1/1/2)#switchport access vlan 20
S2(config-swvlan-if-xgei-0/1/1/2)#exit
S2(config-swvlan)#exit
S2(config)#interface vlan20
S2(config-if-vlan20)#ipv6 address 87::1:2/96
S2(config-if-vlan20)#exit
21-14
/*Enable DHCPv6*/
S2(config)#dhcp ipv6
S2(config-dhcpv6)#enable
Configuration Verification
Check the DHCPv6 configuration on S1, as shown below.
S1#show running-config dhcpv6
! <dhcpv6>
dhcp ipv6
enable
relay policy 1
default server-group 1
$
relay server group 1
server 1 87::1:2
$
interface vlan10
mode relay
relay agent 86::1:1
relay policy 1
21-15
$
! </dhcpv6>
Check the configuration of the IPv6 address pool on S2, as shown below.
S2#show ipv6 addr-pool configure zte1
PoolName Lock Begin End Vrf Used Free Exclude
zte1 no 86::1:10 86::1:50 0 65 0
RangeTotal:1
After the PC user obtains an address through DHCPv6, check the user information on S2,
as shown below.
S2#show ipv6 dhcp server user
Client DUID: 000100014CFBF3DB001094000001
IA NA: IA ID 0, T1 5000 T2 8000
Address: 86::1:10
preferred lifetime 10000 seconds, valid lifetime 10000 seconds
expires at 13:18:21 12/08/2010 (9995 seconds)
Client DUID: 000100014CFBF3DB001094000002
IA NA: IA ID 0, T1 5000, T2 8000
Address: 86::1:11
preferred lifetime 10000 seconds, valid lifetime 10000 seconds
expires at 13:18:20 12/08/2010 (9994 seconds)
Client DUID: 000100014CFBF3DB001094000003
IA NA: IA ID 0, T1 5000, T2 8000
Address: 86::1:12
preferred lifetime 10000 seconds, valid lifetime 10000 seconds
21-16
21-17
21-18
II
III
IV
CAR
- Committed Access Rate
DHCP
- Dynamic Host Configuration Protocol
DIS
- Designate IS
DR
- Designated Router
DUID
- DHCP Unique Identifier
IA
- Identity Association
IBGP
- Interior Border Gateway Protocol
ICMP
- Internet Control Message Protocol
IETF
- Internet Engineering Task Force
IGMP
- Internet Group Management Protocol
IGP
- Interior Gateway Protocol
IP
- Internet Protocol
IPSec
- IP Security Protocol
IPv4
- Internet Protocol version 4
IPv6
- Internet Protocol Version 6
IPX
- Internetwork Packet Exchange protocol
IS-IS
- Intermediate System-to-Intermediate System
ISATAP
- Intra-Site Automatic Tunnel Addressing Protocol
ISO
- International Organization for Standardization
ISP
- Internet Service Provider
LAN
- Local Area Network
LSA
- Link State Advertisement
LSDB
- Link-state Database
LSP
- Link State Packet
LSU
- Link State Update
MBGP
- Multiprotocol Border Gateway Protocol
MD5
- Message Digest 5 Algorithm
MLD
- Multicast Listener Discovery
VI
MLDv2
- Multicast Listener Discovery Version 2
MSDP
- Multicast Source Discovery Protocol
MTU
- Maximum Transfer Unit
NBMA
- Non-Broadcast Multiple Access
NDP
- Neighbor Discovery Protocol
NSAP
- Network Service Access Point
OSI
- Open System Interconnection
OSPF
- Open Shortest Path First
PIM-SSM
- Protocol Independent Multicast-Source Specific Multicast
QoS
- Quality of Service
RFC
- Request For Comments
RIP
- Routing Information Protocol
RIPng
- Routing Information Protocol next generation
RP
- Rendezvous Point
RPF
- Reverse Path Forwarding
SPF
- Shortest Path First
SSM
- Source Specific Multicast
TCP/IP
- Transmission Control Protocol/Internet Protocol
TLV
- Tag, Length, Value
VII
TTL
- Time To Live
UDP
- User Datagram Protocol
URPF
- Unicast Reverse Path Forwarding
VIII