Professional Documents
Culture Documents
V600R008C10
Issue 02
Date 2014-09-30
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Website: http://www.huawei.com
Email: support@huawei.com
Purpose
This document provides the basic concepts, configuration procedures, and configuration
examples in different application scenarios of the IP routing feature supported by the NE80E/
40E.
NOTICE
Note the following precautions:
l The encryption algorithms DES/3DES/SKIPJACK/RC2/RSA (RSA-1024 or lower)/MD2/
MD4/MD5 (in digital signature scenarios and password encryption)/SHA1 (in digital
signature scenarios) have a low security, which may bring security risks. If protocols allowed,
using more secure encryption algorithms, such as AES/RSA (RSA-2048 or higher)/SHA2/
HMAC-SHA2, is recommended.
l If the plain parameter is specified, the password will be saved in plaintext in the configuration
file, which has a high security risk. Therefore, specifying the cipher parameter is
recommended. To further improve device security, periodically change the password.
l Do not set both the start and end characters of a password to "%$%$." This causes the
password to be displayed directly in the configuration file.
Related Versions
The following table lists the product versions related to this document.
Intended Audience
This document is intended for:
l Commissioning Engineer
l Data Configuration Engineer
l Network Monitoring Engineer
l System Maintenance Engineer
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention Description
Convention Description
&<1-n> The parameter before the & sign can be repeated 1 to n times.
Change History
Changes between document issues are cumulative. The latest document issue contains all the
changes made in earlier issues.
Contents
1.8 Configuring an IPv6 Direct Route to Respond to L3VE Interface Status Changes After a Delay..............................26
1.9 Configuring the Association Between the IPv4 Direct Route and PW Status.............................................................28
1.10 Configuring the Association Between the IPv6 Direct Route and PW Status...........................................................31
1.11 Configuring the Association Between the IPv4 Direct Routes and IPSec Instance Status........................................33
1.12 Configuring a Device to Deactivate the IPv4 Network Segment Route That Corresponds to an L3VE Sub-interface
............................................................................................................................................................................................35
1.13 Configuring a Device to Deactivate the IPv6 Network Segment Route That Corresponds to an L3VE Sub-interface
............................................................................................................................................................................................38
1.14 Configuring AGGs to Load-Balance RNC-to-CSG Traffic.......................................................................................42
1.15 Configuring the Advertisement of IPv4 ARP Vlink Direct Routes on the Public Network......................................46
1.15.1 Before You Start......................................................................................................................................................46
1.15.2 Enabling the Advertisement of IPv4 ARP Vlink Direct Routes.............................................................................47
1.15.3 Checking the Configurations...................................................................................................................................48
1.16 Configuring the Advertisement of IPv6 NDP Vlink Direct Routes on the Public Network......................................49
1.16.1 Before You Start......................................................................................................................................................49
1.16.2 Enabling the Advertisement of IPv6 NDP Vlink Direct Routes.............................................................................50
1.16.3 Checking the Configurations...................................................................................................................................51
1.17 Maintaining the Route Management Module.............................................................................................................52
1.17.1 Configuring Thresholds for the Number of IPv4 Route Prefixes............................................................................52
1.17.2 Configuring Thresholds for the Number of IPv6 Route Prefixes............................................................................53
1.17.3 Configuring a Limit on the Number of IPv4 Public Route Prefixes.......................................................................54
1.17.4 Configuring a Limit on the Number of IPv6 Public Route Prefixes.......................................................................55
1.18 Configuration Example...............................................................................................................................................57
1.18.1 Example for Configuring Public Network IP FRR.................................................................................................57
1.18.2 Example for Configuring Public Network IPv6 FRR.............................................................................................60
1.18.3 Example for Configuring VRRP for Direct Routes.................................................................................................65
1.18.4 Example for Importing IPv4 ARP Vlink Direct Routes to BGP.............................................................................72
1.18.5 Example for Importing IPv6 NDP Vlink Direct Routes to BGP4+........................................................................79
3 RIP Configuration.....................................................................................................................155
3.1 Introduction................................................................................................................................................................157
3.1.1 Overview of RIP......................................................................................................................................................157
3.1.2 RIP Features Supported by the NE80E/40E............................................................................................................158
3.2 Configuring Basic RIP Functions...............................................................................................................................158
4 RIPng Configuration.................................................................................................................225
4.1 Introduction................................................................................................................................................................227
4.1.1 RIPng Overview......................................................................................................................................................227
4.1.2 RIPng Features Supported by the NE80E/40E........................................................................................................228
4.2 Configuring Basic RIPng Functions...........................................................................................................................228
4.2.1 Before You Start......................................................................................................................................................228
4.2.2 Enabling RIPng and Entering the RIPng View.......................................................................................................229
4.2.3 Enabling RIPng in the Interface View.....................................................................................................................229
4.2.4 Checking the Configurations...................................................................................................................................230
4.3 Configuring RIPng Route Attributes..........................................................................................................................232
4.3.1 Before You Start......................................................................................................................................................232
4.3.2 Configuring the RIPng Preference..........................................................................................................................233
4.3.3 Configuring Additional Metrics of an Interface......................................................................................................233
4.3.4 Configuring the Maximum Number of Equal-Cost Routes.....................................................................................234
4.3.5 Checking the Configurations...................................................................................................................................235
4.4 Configuring RIPng Route Summarization.................................................................................................................236
4.5 Configuring RIPng to Import External Routes...........................................................................................................236
4.6 Controlling the Advertising of RIPng Routing Information......................................................................................237
4.6.1 Before You Start......................................................................................................................................................237
4.6.2 Configuring RIPng to Advertise the Default Routes...............................................................................................238
4.6.3 Disabling Sending of RIPng Packets on an Interface..............................................................................................238
4.6.4 Configuring RIPng to Filter the Routes to be Sent..................................................................................................239
4.6.5 Checking the Configurations...................................................................................................................................241
4.7 Controlling the Receiving of RIPng Routing Information.........................................................................................242
4.7.1 Before You Start......................................................................................................................................................242
5 OSPF Configuration..................................................................................................................258
5.1 Introduction................................................................................................................................................................260
5.1.1 OSPF Overview.......................................................................................................................................................260
5.1.2 OSPF Features Supported by the NE80E/40E........................................................................................................263
5.2 Configuring Basic OSPF Functions...........................................................................................................................268
5.2.1 Before You Start......................................................................................................................................................268
5.2.2 Enabling OSPF........................................................................................................................................................269
5.2.3 (Optional) Creating OSPF Virtual Links.................................................................................................................271
5.2.4 (Optional) Configuring a Route Selection Rule on the router.................................................................................272
5.2.5 (Optional) Setting the OSPF Priority.......................................................................................................................272
5.2.6 (Optional) Restricting the Flooding of LSA Update Packets..................................................................................273
5.2.7 (Optional) Configuring the Maximum Number of Packet Retransmission Attempts.............................................274
5.2.8 (Optional) Setting an Interval at Which an LSA Packet Is Retransmitted to the Neighboring router....................275
5.2.9 (Optional) Configuring an Interface to Fill in a DD Packet with the Interface MTU.............................................275
5.2.10 Checking the Configurations.................................................................................................................................276
5.3 Configuring OSPF on the NBMA or P2MP Network................................................................................................277
5.3.1 Before You Start......................................................................................................................................................277
5.3.2 Configuring Network Types for OSPF Interfaces...................................................................................................279
5.3.3 Configuring NBMA Network Attributes.................................................................................................................280
5.3.4 Configuring P2MP Network Attributes...................................................................................................................281
5.3.5 Checking the Configurations...................................................................................................................................284
5.4 Configuring an OSPF Route Selection Rule..............................................................................................................285
5.4.1 Before You Start......................................................................................................................................................285
5.4.2 Setting the Interface Cost........................................................................................................................................286
6 OSPFv3 Configuration.............................................................................................................404
6.1 Introduction................................................................................................................................................................406
6.1.1 OSPFv3 Overview...................................................................................................................................................406
6.1.2 OSPFv3 Features Supported by NE80E/40E..........................................................................................................406
6.2 Configuring Basic OSPFv3 Functions.......................................................................................................................407
6.2.1 Before You Start......................................................................................................................................................407
6.2.2 Enabling OSPFv3....................................................................................................................................................407
6.2.3 Enabling OSPFv3 on an Interface...........................................................................................................................408
6.2.4 Entering the OSPFv3 Area View.............................................................................................................................409
6.2.5 Checking the Configurations...................................................................................................................................410
6.3 Establishing or Maintaining OSPFv3 Neighbor Relationship....................................................................................410
6.3.1 Before You Start......................................................................................................................................................410
6.3.2 Configuring the Interval for Sending Hello Packets...............................................................................................411
6.3.3 Configuring Dead Time of Neighbor Relationship.................................................................................................412
6.3.4 Configuring the Interval for Retransmitting LSAs to Neighboring Routers...........................................................412
6.3.5 Configuring the Delay for Transmitting LSAs on the Interface..............................................................................413
6.3.6 Checking the Configurations...................................................................................................................................414
6.4 Configuring OSPFv3 Areas........................................................................................................................................414
7 IS-IS Configuration...................................................................................................................493
7.1 Introduction................................................................................................................................................................496
7.1.1 Basic Concepts of IS-IS...........................................................................................................................................496
7.1.2 IS-IS Features Supported by the NE80E/40E..........................................................................................................497
7.2 Configuring Basic IPv4 IS-IS Functions....................................................................................................................504
7.2.1 Before You Start......................................................................................................................................................504
7.2.2 Creating IPv4 IS-IS Processes.................................................................................................................................505
7.11.3 (Optional) Disabling an Interface from Being Involved in IPv4 LFA Calculation...............................................569
7.11.4 Checking the Configurations.................................................................................................................................569
7.12 Configuring Basic IPv6 IS-IS Functions..................................................................................................................571
7.12.1 Before You Start....................................................................................................................................................571
7.12.2 Creating IPv6 IS-IS Processes...............................................................................................................................572
7.12.3 Configuring IPv6 IS-IS Interfaces.........................................................................................................................574
7.12.4 (Optional) Configuring the IPv6 IS-IS Interfaces.................................................................................................575
7.12.5 (Optional) Configuring IPv6 IS-IS Attributes for Interfaces on Different Types of Networks............................578
7.12.6 Checking the Configurations.................................................................................................................................581
7.13 Configuring IPv6 IS-IS Route Selection..................................................................................................................583
7.13.1 Before You Start....................................................................................................................................................583
7.13.2 Configuring IPv6 IS-IS Route Leaking.................................................................................................................584
7.13.3 Configuring Principles for Using Equal-Cost IPv6 IS-IS Routes.........................................................................589
7.13.4 Filtering IPv6 IS-IS Routes...................................................................................................................................590
7.13.5 Configuring an Overload Bit for an IPv6 IS-IS Device........................................................................................592
7.13.6 Configuring IS-IS to Generate IPv6 Default Routes.............................................................................................593
7.13.7 Checking the Configurations.................................................................................................................................594
7.14 Configuring IPv6 IS-IS Route Summarization.........................................................................................................597
7.15 Configuring IPv6 IS-IS to Interact with Other Routing Protocols...........................................................................598
7.15.1 Before You Start....................................................................................................................................................598
7.15.2 Configuring a Preference Value for IPv6 IS-IS.....................................................................................................599
7.15.3 Configuring IPv6 IS-IS to Import External Routes...............................................................................................600
7.15.4 Checking the Configurations.................................................................................................................................603
7.16 Configuring the IPv6 IS-IS Route Convergence Speed...........................................................................................606
7.16.1 Before You Start....................................................................................................................................................606
7.16.2 Configuring the Interval for Detecting IS-IS Neighboring Device Failures.........................................................607
7.16.3 Setting Flooding Parameters of SNPs and LSPs...................................................................................................609
7.16.4 Setting the SPF Calculation Interval.....................................................................................................................613
7.16.5 Configuring Convergence Priorities for IPv6 IS-IS Routes..................................................................................613
7.16.6 Checking the Configurations.................................................................................................................................615
7.17 Configuring Dynamic BFD for IPv6 IS-IS...............................................................................................................616
7.18 Configuring Multi-Topology for IPv6 IS-IS............................................................................................................619
7.18.1 Before You Start....................................................................................................................................................619
7.18.2 Enabling Multi-Topology for IPv6 IS-IS Processes..............................................................................................620
7.18.3 Enabling Multi-Topology for IPv6 IS-IS Interfaces..............................................................................................621
7.18.4 Checking the Configurations.................................................................................................................................622
7.19 Configuring IPv6 IS-IS Auto FRR...........................................................................................................................624
7.19.1 Before You Start....................................................................................................................................................624
7.19.2 Enabling IPv6 IS-IS Auto FRR.............................................................................................................................626
7.19.3 (Optional) Disabling an Interface from Participating in IPv6 LFA Calculation...................................................626
7.19.4 Checking the Configurations.................................................................................................................................627
8 BGP Configuration....................................................................................................................734
8.1 Introduction................................................................................................................................................................737
8.1.1 BGP Overview.........................................................................................................................................................737
8.1.2 BGP Features Supported by the NE80E/40E..........................................................................................................738
8.2 Configuring the Format of BGP 4-Byte AS Numbers...............................................................................................754
8.3 Configuring Basic BGP Functions.............................................................................................................................756
9 BGP4+ Configuration.............................................................................................................1045
9.1 Introduction..............................................................................................................................................................1047
9.1.1 BGP4+ Overview..................................................................................................................................................1047
9.1.2 BGP4+ Features Supported by the NE80E/40E....................................................................................................1047
9.2 Configuring Basic BGP4+ Functions.......................................................................................................................1048
9.2.1 Before You Start....................................................................................................................................................1048
9.2.2 Starting a BGP Process..........................................................................................................................................1048
9.2.3 Configuring an IPv6 Peer......................................................................................................................................1049
9.2.4 (Optional) Configuring the Local Interfaces Used for BGP4+ Connections........................................................1051
9.2.5 Checking the Configurations.................................................................................................................................1052
9.3 Configuring BGP4+ Route Attributes......................................................................................................................1052
9.3.1 Before You Start....................................................................................................................................................1052
9.3.2 Configuring the BGP4+ Preference.......................................................................................................................1054
9.3.3 Configuring BGP4+ Preferred Value for Routing Information.............................................................................1054
9.3.4 Configuring the Default Local_Pref Attribute of the Local Router......................................................................1055
9.3.5 Configuring the MED Attribute............................................................................................................................1055
9.3.6 Configuring the Next_Hop Attribute.....................................................................................................................1056
9.3.7 Configuring the AS_Path Attribute.......................................................................................................................1057
9.3.8 Configuring the BGP4+ Community Attribute.....................................................................................................1059
9.3.9 Checking the Configurations.................................................................................................................................1061
9.4 Controlling the Advertising and Receiving of BGP4+ Routing Information...........................................................1061
9.4.1 Before You Start....................................................................................................................................................1061
9.11.6 (Optional) Enabling the RR to Modify the Route Attributes Using the Export Policy.......................................1099
9.11.7 Checking the Configurations...............................................................................................................................1100
9.12 Configuring a BGP4+ Confederation.....................................................................................................................1101
9.12.1 Before You Start..................................................................................................................................................1101
9.12.2 Configuring a BGP4+ Confederation Attribute...................................................................................................1101
9.12.3 Checking the Configurations...............................................................................................................................1102
9.13 Configuring BGP4+ 6PE........................................................................................................................................1103
9.13.1 Before You Start..................................................................................................................................................1103
9.13.2 Configuring a 6PE Peer.......................................................................................................................................1104
9.13.3 (Optional) Enabling 6PE Routes Sharing the Explicit Null Label......................................................................1104
9.13.4 Checking the Configurations...............................................................................................................................1105
9.14 Configuring Inter-AS 6PE......................................................................................................................................1106
9.14.1 Before You Start..................................................................................................................................................1106
9.14.2 Configuring Inter-AS 6PE OptionB (with ASBRs as PEs).................................................................................1107
9.14.3 Configuring Inter-AS 6PE OptionB....................................................................................................................1108
9.14.4 Configuring Inter-AS 6PE OptionC....................................................................................................................1110
9.14.5 Checking the Configurations...............................................................................................................................1112
9.15 Configuring BGP4+ 6PE FRR...............................................................................................................................1113
9.15.1 Before You Start..................................................................................................................................................1113
9.15.2 Configuring BGP4+ 6PE Peers...........................................................................................................................1114
9.15.3 Enabling 6PE FRR...............................................................................................................................................1114
9.15.4 Checking the Configurations...............................................................................................................................1115
9.16 Configuring BGP4+ Security.................................................................................................................................1116
9.16.1 Before You Start..................................................................................................................................................1116
9.16.2 Configuring MD5 Authentication.......................................................................................................................1117
9.16.3 Configuring Keychain Authentication.................................................................................................................1118
9.16.4 Configuring Basic BGP4+ GTSM Functions......................................................................................................1119
9.16.5 Checking the Configurations...............................................................................................................................1120
9.17 Maintaining BGP4+................................................................................................................................................1120
9.17.1 Resetting BGP4+ Connections............................................................................................................................1120
9.17.2 Clearing BGP4+ Statistics...................................................................................................................................1121
9.18 Configuration Examples.........................................................................................................................................1122
9.18.1 Example for Configuring Basic BGP4+ Functions.............................................................................................1122
9.18.2 Example for Configuring a BGP4+ Route Reflection.........................................................................................1127
9.18.3 Example for Configuring BFD for BGP4+.........................................................................................................1132
9.18.4 Example for Configuring BGP4+ 6PE................................................................................................................1137
9.18.5 Example for Configuring Inter-AS 6PE OptionB (with ASBRs as PEs)............................................................1144
9.18.6 Example for Configuring Inter-AS 6PE OptionB...............................................................................................1151
9.18.7 Example for Configuring Inter-AS 6PE OptionC (Solution 1)...........................................................................1161
9.18.8 Example for Configuring Inter-AS 6PE OptionC (Solution 2)...........................................................................1173
9.18.9 Example for Configuring BGP4+ 6PE FRR........................................................................................................1184
A Glossary....................................................................................................................................1268
B Acronyms and Abbreviations...............................................................................................1272
This chapter describes IP routing, which functions as the basis for data communication networks.
1.1 Routing Management
To forward data, routers need to establish and refresh routing tables and forward packets
according to the information in routing tables.
1.2 Configuring IPv4 Multi-Topology
By configuring multi-topology on an IPv4 network, you can properly allocate network resources.
1.3 Configuring IPv6 Multi-Topology
By configuring multi-topology on an IPv6 network, you can properly allocate network resources.
1.4 Configuring Public Network IP FRR
Public network IP FRR is applicable to the services that are sensitive to packet loss and delay
on the public network.
1.5 Configuring Public Network IPv6 FRR
Public network IPv6 FRR is applicable to the services that are very sensitive to packet loss and
delay on the public network.
1.6 Configuring VRRP for Direct Routes
If VRRP for direct routes is configured on a master device of an IPv4 network, the master device
effectively diagnoses a link fault, improving the security of the IPv4 network.
1.7 Configuring an IPv4 Direct Route to Respond to L3VE Interface Status Changes After a
Delay
This section describes how to configure an IPv4 direct route to respond to Layer 3 Virtual
Ethernet (L3VE) interface status changes after a delay. During traffic switchback after an L3VE
interface recovers, this configuration can reduce traffic loss and improve network reliability.
1.8 Configuring an IPv6 Direct Route to Respond to L3VE Interface Status Changes After a
Delay
This section describes how to configure an IPv6 direct route to respond to Layer 3 Virtual
Ethernet (L3VE) interface status changes after a delay. During traffic switchback after an L3VE
interface recovers, this configuration can reduce traffic loss and improve network reliability.
1.9 Configuring the Association Between the IPv4 Direct Route and PW Status
This section describes how to configure the association between the IPv4 direct route and pseudo
wire (PW) status. During traffic switchback after the primary PW recovers, this configuration
can reduce traffic loss and improve network reliability.
1.10 Configuring the Association Between the IPv6 Direct Route and PW Status
This section describes how to configure the association between the IPv6 direct route and pseudo
wire (PW) status. During traffic switchback after the primary PW recovers, this configuration
can reduce traffic loss and improve network reliability.
1.11 Configuring the Association Between the IPv4 Direct Routes and IPSec Instance Status
The association between IPv4 direct routes and IP security (IPSec) instance status ensures that
data encrypted using IPSec can be transmitted to the correct radio network controller site gateway
(RSG).
1.12 Configuring a Device to Deactivate the IPv4 Network Segment Route That Corresponds
to an L3VE Sub-interface
To prevent a device from generating black-hole routes and ensure that local cell site gateways
(CSGs) can communicate, configure the device to deactivate the IPv4 network segment route
that corresponds to the Layer 3 virtual Ethernet (L3VE) sub-interface of the secondary pseudo
wire (PW).
1.13 Configuring a Device to Deactivate the IPv6 Network Segment Route That Corresponds
to an L3VE Sub-interface
To prevent a device from generating black-hole routes and ensure that local cell site gateways
(CSGs) can communicate, configure the device to deactivate the IPv6 network segment route
that corresponds to the Layer 3 virtual Ethernet (L3VE) sub-interface of the secondary pseudo
wire (PW).
1.15 Configuring the Advertisement of IPv4 ARP Vlink Direct Routes on the Public Network
Advertising IPv4 ARP Vlink direct routes on the public network allows precise control of data
traffic.
1.16 Configuring the Advertisement of IPv6 NDP Vlink Direct Routes on the Public Network
On an IPv6 public network, advertising IPv6 neighbor discover protocol (NDP) Vlink direct
routes allows precise control of data traffic.
Prerequisites
The following lists common commands for displaying information about the routing table.
Procedure
l For IPv4 routing table:
– Run the display ip routing-table command to check brief information about current
active routes.
– Run the display ip routing-table verbose command to check detailed information
about the IP routing table.
– Run the display ip routing-table ip-address [ mask | mask-length ] [ longer-match ]
[ verbose ] command to check the routes to a specified destination address.
– Run the display ip routing-table ip-address1 { mask1 | mask-length1 } ip-address2
{ mask2 | mask-length2 } [ verbose ] command to check the routes whose destination
addresses are within a specified address range.
– Run the display ip routing-table acl { acl-number | acl-name } [ verbose ] command
to check the routes filtered by a specified basic ACL.
– Run the display ip routing-table ip-prefix ip-prefix-name [ verbose ] command to
check the routes filtered by a specified IP prefix list.
– Run the display ip routing-table protocol protocol [ inactive | verbose ] command to
check the routes discovered by a specified protocol.
– Run the display ip routing-table statistics command to check statistics about the IP
routing table.
– Run the display ip routing-table vpn-instance vpn-instance-name command to check
brief information about the VPN routing table.
– Run the display ip routing-table vpn-instance vpn-instance-name verbose command
to check detailed information about the VPN routing table.
l For IPv6 routing table:
– Run the display ipv6 routing-table command to check brief information about current
active routes.
– Run the display ipv6 routing-table verbose command to check detailed information
about the IPv6 routing table.
----End
Context
The display commands can be run in all views.
Procedure
l Run the display rm interface [ interface-type interface-number ] command to check RM
information about a specified interface.
l Run the display rm ipv6 interface [ interface-type interface-number ] command to check
IPv6 RM information about a specified interface.
l Run the display rm interface vpn-instance vpn-instance-name command to check RM
information about the private network interface.
l Run the display rm ipv6 interface vpn-instance vpn-instance-name command to check
IPv6 RM information about the private network interface.
----End
Context
On traditional IP networks, after a forwarding device such as the router detects a fault on the
lower layer link, it takes the routing system several seconds to complete route convergence (to
re-select an available route).
A second-level convergence may interrupt the services that are extremely sensitive to packet
loss and delay. For example, Voice over IP (VoIP) service can tolerate a maximum of 50 ms of
network interruption.
Therefore, to prevent services from being seriously affected by link faults, the forwarding system
must be able to detect and rectify faults and restore the affected services immediately.
Fast Reroute (FRR) is applicable to the services that are sensitive to packet loss and delay. After
FRR is configured, when a fault is detected at the lower layer (physical layer or link layer), the
fault is reported to the upper layer routing system. Meanwhile, packets are forwarded over a
backup link. Therefore, the impact of link faults on services is minimized.
According to the application scope, FRR is classified into IP FRR and VPN FRR. IP FRR can
be further classified into public network IP FRR and VPN IP FRR.
For detailed introduction of FRR, see the HUAWEI NetEngine80E/40E Router Feature
Description- IP Route.
For detailed configuration of VPN IP FRR and VPN FRR, see the HUAWEI NetEngine80E/
40E Router Configuration Guide - VPN.
FRR can provide backup for direct, static, and dynamic routes (including OSPF, IS-IS, and BGP
routes) of NE80E/40Es.
Applicable Environment
On a traditional IP network, only one unicast topology exists, and only one unicast forwarding
table exists on the forwarding plane. Services to the same destination IPv4 address share the
same per-hop forwarding behavior. This means that various end-to-end services (for example,
voice and data services) share the same physical link. Some links may be heavily congested
while other links are relatively idle. A solution to this problem is to divide a physical network
into different logical topologies for different services. Such a solution is called multi-topology.
As shown in Figure 1-1, multi-topology is configured on the network; the base topology includes
all devices on the network; other topology instances (such as the green topology, red topology,
and blue topology) just include some devices because they bear their respective services. By
deploying services (for example, voice and data services) in different topology instances as
required, you can isolate network resources on a network.
base topology
green topology
red topology
blue topology
Pre-configuration Tasks
None.
Data Preparation
To configure IPv4 multi-topology, you need the following data.
No. Data
Context
Before configuring multi-topology on an IPv4 network, you need to create an IPv4 topology
instance.
Each topology instance is a subset of the base topology instance. Each topology instance bears
a type of services and maintains its own routing table and forwarding table.
Perform the following steps on the device where an IPv4 topology instance needs to be created:
Procedure
Step 1 Run:
system-view
Step 2 Run:
ip topology topology-name
Generally, "base" is the name of a base topology instance, and "multicast" is the name of a
multicast topology instance. A maximum of 32 IPv4 topology instances (including 1 base
topology instance, 1 multicast topology instance, and 30 unicast topology instances) can be
created.
You can set the maximum number of routes supported by a specified topology instance to prevent
a device from importing too many routes.
By default, the maximum number of routes supported by a topology instance is not set.
When a large number of routes exist on a device but only some important routes need to be
imported for a topology instance, you are recommended to run the routing-table limit command
to set the maximum number of routes supported by the topology instance.
----End
Context
Before configuring multi-topology on an IPv4 network, you need to create an IPv4 topology
instance. To add direct routes or IS-IS routes of an interface to the topology instance, you need
to bind the interface to the topology instance.
Perform the following steps on the interface where an IPv4 topology instance needs to be bound:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-name
Step 3 Run:
ip topology topology-name enable
Multi-topology is configured in the specified interface view, and the specified interface is bound
to the specified topology instance.
An interface can be bound to multiple topology instances, and multiple interfaces can be bound
to the same topology instance.
----End
Prerequisites
IPv4 multi-topology has been configured.
Procedure
l Run the display ip topology [ topology-name ] [ verbose ] command to check IPv4 multi-
topology information.
l Run the display ip routing-table topology topology-name [ verbose ] command to check
the routing table of IPv4 multi-topology.
----End
Example
Run the display ip topology topology-name verbose command after configuring IPv4 multi-
topology. If the following is displayed, it means that the configuration succeeds.
<HUAWEI> display ip topology red verbose
Topology Name : red
Topology ID : 0x0100
Maximum Routes Limit : 1000
Threshold Routes Limit : 50%
Interface:
GigabitEthernet1/0/0
GigabitEthernet1/0/1
Applicable Environment
On a traditional IP network, only one unicast topology exists, and only one unicast forwarding
table exists on the forwarding plane. Services to the same destination IPv6 address share the
same per-hop forwarding behavior. This means that various end-to-end services (for example,
voice and data services) share the same physical link. Some links may be heavily congested
while other links are relatively idle. A solution to this problem is to divide a physical network
into different logical topologies for different services. Such a solution is called multi-topology.
As shown in Figure 1-2, multi-topology is configured on the network; the base topology includes
all devices on the network; other topology instances (such as the green topology, red topology,
and blue topology) just include some devices because they bear their respective services. By
deploying services (for example, voice and data services) in different topology instances as
required, you can isolate network resources on a network.
base topology
green topology
red topology
blue topology
Pre-configuration Tasks
None.
Data Preparation
To configure IPv6 multi-topology, you need the following data.
No. Data
Context
Before configuring multi-topology on an IPv6 network, you need to create an IPv6 topology
instance.
Each topology instance is a subset of the base topology instance. Each topology instance bears
a type of services and maintains its own routing table and forwarding table.
Perform the following steps on the device where an IPv6 topology instance needs to be created:
Procedure
Step 1 Run:
system-view
Step 2 Run:
ipv6 topology topology-name
An IPv6 topology instance is created, and the IPv6 topology view is displayed.
Generally, "base" is the name of a base topology instance, and "multicast" is the name of a
multicast topology instance. A maximum of 32 IPv6 topology instances (including 1 base
topology instance, 1 multicast topology instance, and 30 unicast topology instances) can be
created.
The maximum number of routes supported by a specified IPv6 topology instance is set.
By default, the maximum number of routes supported by a topology instance is not set.
When a large number of routes exist on a device but only some important routes need to be
imported for a topology instance, you are recommended to run the routing-table limit command
to set the maximum number of routes supported by the topology instance.
----End
Context
Before configuring multi-topology on an IPv6 network, you need to create an IPv6 topology
instance. To add direct routes or IS-IS routes of an interface to the topology instance, you need
to bind the interface to the topology instance.
Perform the following steps on the interface where an IPv6 topology instance needs to be bound:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-name
Step 3 Run:
ipv6 topology topology-name enable
Multi-topology is configured in the specified interface view, and the specified interface is bound
to the specified topology instance.
An interface can be bound to multiple topology instances, and multiple interfaces can be bound
to the same topology instance.
----End
Prerequisites
IPv6 multi-topology has been configured.
Procedure
l Run the display ipv6 topology [ topology-name ] [ verbose ] command to check IPv6
multi-topology information.
l Run the display ipv6 routing-table topology topology-name [ verbose ] command to
check the routing table of IPv6 multi-topology.
----End
Example
Run the display ipv6 topology topology-name verbose command after configuring IPv6 multi-
topology. If the following is displayed, it means that the configuration succeeds.
<HUAWEI> display ipv6 topology red verbose
Topology Name : red
Topology ID : 0x0100
Maximum Routes Limit : 1000
Threshold Routes Limit : 50%
Interface:
GigabitEthernet1/0/0
GigabitEthernet1/0/1
Applicable Environment
Public network IP Fast Reroute (FRR) is applicable to the services that are sensitive to packet
loss and delay on the public network.
Pre-configuration Tasks
Before configuring public network IP FRR, complete the following tasks:
Data Preparation
To configure public network IP FRR, you need the following data.
No. Data
No. Data
Context
Perform the following steps on the router to which public network IP FRR is applied:
Procedure
Step 1 Run:
system-view
Step 2 Run:
route-policy route-policy-name { permit | deny } node node
The node of the route-policy is created and the route-policy view is displayed.
You can use the if-match command according to the description in (Optional) Configuring
the If-Match Clause.
If the matching condition is not set, IP FRR backs up outbound interfaces and next hops for all
routes in the routing table. In this manner, certain routes that do not need to be backed up are
also configured with backup information. Therefore, you need to correctly set the relationship
between routes to be backed up and backup routes. Using the matching condition to specify the
routes to be backed up is recommended.
Step 4 Run:
apply backup-interface interface-type interface-number
Step 5 Run:
apply backup-nexthop ip-address
NOTE
l If a backup next hop is specified, a backup outbound interface also needs to be specified.
l If a backup outbound interface is specified on a Point-to-Point (P2P) link, no backup next hop needs
to be specified.
l If a backup outbound interface is specified on a non-P2P link, a backup next hop also needs to be
specified.
----End
Context
Perform the following steps on the router to which public network IP FRR is applied:
Procedure
Step 1 Run:
system-view
IP FRR is enabled.
Before applying IP FRR, use this command to enable IP FRR. In this manner, the route-policy
used to specify backup outbound interfaces and backup next hops can take effect.
Only one route-policy can be applied at a time. If the ip frr command is run more than once,
the latest configuration overrides the previous one.
Step 3 (Optional) Enable the IP FRR poison reverse.
1. Run:
interface interface-type interface-number [.sub-interface-number]
In the load balancing scenario, poison reverse does not take effect.
----End
Prerequisites
Public network IP FRR has been configured.
Procedure
l Run the display route-policy [ route-policy-name ] command to check the route-policy.
l Run the display ip routing-table verbose command to check backup outbound interfaces
and backup next hops of all routes in the routing table.
l Run the display ip routing-table ip-address [ mask | mask-length ] [ longer-match ]
verbose command to check the backup outbound interface and the backup next hop of a
specified route in the routing table.
l Run the display ip routing-table ip-address1 { mask1 | mask-length1 } ip-address2
{ mask2 | mask-length2 } verbose command to check the backup outbound interfaces and
the backup next hops of the routes in the address range determined by ip-address1 and ip-
address2 in the routing table.
----End
Example
Run the display ip routing-table ip-address verbose command to view the backup outbound
interface and the backup next hop in the routing table. An example command output is as follows:
<HUAWEI> display ip routing-table 172.17.1.0 verbose
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : Public
Summary Count : 1
Destination: 172.17.1.0/24
Protocol: OSPF Process ID: 1
Preference: 10 Cost: 3
NextHop: 192.168.10.2 Neighbour: 0.0.0.0
State: Active Adv Age: 00h06m49s
Tag: 0 Priority: low
Label: NULL QoSInfo: 0x0
IndirectID: 0x0
RelayNextHop: 0.0.0.0 Interface: GigabitEthernet2/0/0
TunnelID: 0x0 Flags: D
BkNextHop: 192.168.20.2 BkInterface: GigabitEthernet3/0/0
BkLabel: NULL SecTunnelID: 0x0
BkPETunnelID: 0x0 BkPESecTunnelID: 0x0
BkIndirectID: 0x0
Applicable Environment
As networks develop, services such as audio, online video, and finance have more requirements
for real-time transmission. Generally, active/backup links are deployed to ensure service
stability.
However, in traditional forwarding modes, when there are multiple routes to the same
destination, the system selects the optimal route, and delivers it to the FIB table to guide data
forwarding. When the optimal route goes Down, the system can select another optimal route
and deliver the route to the Forwarding Information Base (FIB) table only after route
convergence is complete. Then the service can be recovered. This leads to a long-time service
interruption and cannot meet service requirements.
IPv6 Fast Reroute (FRR) can specify a backup next hop and a backup interface and set backup
forwarding information for IPv6 routes. When the active link becomes faulty, the system can
switch the traffic immediately to the backup link. This process is irrelevant to route convergence
and therefore services can be recovered in a short period of time.
Pre-configuration Tasks
Before configuring IPv6 FRR on the public network, complete the following tasks:
Data Preparation
Before configuring IPv6 FRR on the public network, you need the following data:
No. Data
Context
Perform the following steps on the router to which IPv6 FRR needs to be applied:
Procedure
Step 1 Run:
system-view
----End
Context
Perform the following steps on the router to which IPv6 FRR needs to be applied:
Procedure
Step 1 Run:
system-view
Before applying IPv6 FRR, you must use this command to enable IPv6 FRR. IPv6 FRR takes
effect only when route-policy route-policy-name configured in this command is configured with
a backup outbound interface and a backup next hop.
The Eth-Trunk interface view, Eth-Trunk sub-interface view, GE interface view, GE sub-
interface view, IP-Trunk interface view, and POS interface view are supported.
2. Run:
poison-reverse enable
Both poison reverse and BAS services cannot be configured on one interface.
Both poison reverse and inter-VLAN proxy ARP cannot be configured on one interface.
In the load balancing scenario, poison reverse does not take effect.
----End
Prerequisites
Public network IPv6 FRR has been configured.
Procedure
l Run the display route-policy [ route-policy-name command to check the route-policy
information.
l Run the following commands to check the backup outbound interface and the backup next
hop in the routing table.
– display ipv6 routing-table verbose
– display ipv6 routing-table ipv6-address [ prefix-length ] [ longer-match ] verbose
– display ipv6 routing-table ip-address1 [ prefix-length1 ] ip-address2 prefix-length2
verbose
----End
Example
Run the display ipv6 routing-table ipv6-address verbose command to view the backup
outbound interface and the backup next hop in the routing table. An example command output
is as follows:
Applicable Environment
As the Internet develops, the demand for higher reliability is increasing. To help LAN users
access the Internet at any time, the VRRP provides reliability for LAN hosts.
On an IP RAN enabled with VRRP, if a UPE recovers from a fault, its interface connected to
the RSG goes Up and generates a direct route, allowing a traffic switchback. As the UPE does
not learn the RSG's MAC address, the UPE fails to switch back some packets. To help prevent
the problem, the direct route has to be generated after the VRRP status changes to Master. If
VRRP for direct routes is configured, the UPE adjusts the direct route's cost based on the VRRP
status. This allows the UPE to perform a successful traffic switchback if recovering from a fault.
For detailed configurations of an IP RAN, see the section "IP RAN Configuration" in the
HUAWEI NetEngine80E/40E Router Configuration Guide - VPN.
Pre-configuration Tasks
Before configuring VRRP for direct routes, complete the following task:
l Configuring parameters for a data link layer protocol and IP addresses for interfaces to
ensure that the data link layer protocol on the interfaces is Up
Data Preparation
To configure VRRP for direct routes, you need the following data.
No. Data
Context
VRRP groups multiple routers to a virtual router. The virtual router uses a mechanism to switch
traffic to another router if a fault occurs on the current router, providing continuous and reliable
communication services.
VRRP works in master/backup mode to provide IP address backup. A virtual router (a VRRP
backup group) in master/backup mode consists of a master router and one or multiple backup
routers. The master and backup routers form a backup group. In master/backup mode, only one
VRRP backup group is set up. Routers in the VRRP backup group are prioritized. The router
with the highest priority functions as the master router and other routers function as backup
routers.
For detailed configurations of a VRRP backup group, see the section "VRRP Configuration" in
the HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
vrrp vrid virtual-router-id virtual-ip virtual-address
NOTE
If the first virtual IP address is assigned to a VRRP backup group, the system automatically
creates the VRRP backup group. If another virtual IP address is assigned to the VRRP backup
group, the system only adds the virtual IP address to the virtual IP address list for the VRRP
backup group.
On a network where a VRRP backup group is the gateway for multiple hosts, a default gateway
address saved on any host does not change even if the VRRP backup group's location changes.
To help hosts adapt to changes in the VRRP backup group's location, the VRRP backup group
is assigned multiple virtual IP addresses for different hosts. A maximum of 16 virtual IP
addresses is assigned to a VRRP backup group.
NOTE
The direct routes generated by the virtual IP addresses in a VRRP backup group can be imported by
OSPF, IS-IS and RIP. By default, this kind of route can be advertised by OSPF, IS-IS and RIP to the
neighboring devices. On actual networks, it is possible that there are a large number of routes generated
by the virtual IP addresses in a VRRP backup group; if all of the routes are imported and advertised to the
neighboring devices by OSPF, IS-IS and RIP, it will bring a heavy load to some devices on the networks
and affect the network performance. In this situation, you can use the vrrp virtual-ip route-advertise
disable command to disable OSPF, IS-IS and RIP from advertising the routes generated by the virtual IP
addresses in the VRRP backup group.
Step 4 Run:
vrrp vrid virtual-router-id priority priority-value
Step 5 Run:
vrrp vrid virtual-router-id timer advertise advertise-interval
By default, a VRRP Advertisement packet is sent every second. If multiple VRRP backup groups
are configured on a device, the interval can be increased to prevent frequent VRRP status
switchovers.
----End
Context
The VRRP status changes during a master/backup switchover. Associating an interface with a
VRRP backup group allows the cost of the direct route in the network segment to which the
interface belongs to change based on the VRRP status.
Perform the following steps on the interface to be associated with a VRRP backup group:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
direct-route track vrrp vrid virtual-router-id degrade-cost cost
l If the VRRP status becomes Backup, the direct route's cost increases by degrade-cost cost,
lowering the direct route's priority. The direct route will no longer be an optimal route.
l If the VRRP status becomes Master, the direct route's cost is set to 0, allowing the direct
route's priority to be the highest. The direct route will be an optimal route.
----End
Prerequisites
A VRRP backup group has been configured.
Procedure
l Run the display vrrp [ interface interface-type interface-number [ virtual-router-id ] ]
[ brief ] command to check the VRRP backup group status.
l Run the display ip routing-table [ verbose ] command to check the information about the
IPv4 routing table.
----End
Example
If a VRRP backup group is configured successfully, run the display vrrp command, and you
can view the VRRP backup group status. For example, the VRRP backup group status is Master.
<HUAWEI> display vrrp
GigabitEthernet2/0/0 | Virtual Router 1
State : Master
Virtual IP : 10.1.3.111
Master IP : 10.1.3.1
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 10 s
TimerConfig : 10 s
Auth Type : NONE
Virtual Mac : 0000-5e00-0102
Check TTL : YES
Config type : normal-vrrp
Create time : 2010-08-16 12:02:57
Last change time : 2010-08-17 10:27:11
Applicable Environment
As shown in Figure 1-3, an Layer 2 Virtual Private Network (L2VPN) connection is set up
between each access aggregation gateway (AGG) and the cell site gateway (CSG) through Layer
2 Virtual Ethernet (L2VE) interfaces, while BGP VPNv4 peer relationships are set up between
AGGs and radio network controller site gateways (RSGs) on an Layer 3 Virtual Private Network
(L3VPN). L3VE interfaces are configured on AGGs and VPN instances are bound to the L3VE
interfaces, so that the CSG can access the L3VPN. BGP is configured on AGGs to import direct
routes between the CSG and AGGs. These direct routes are converted to BGP VPNv4 routes
and advertised to RSGs.
Figure 1-3 Networking of a direct route responding to L3VE interface status changes after a
delay
AGG1 RSG1
CSG
Link A
Link B
NodeB RNC
AGG2 RSG2
L2VPN L3VPN
AGG1 is used as the master device in the preceding figure. In normal cases, RSGs select routes
advertised by AGG1 and traffic travels along Link A. If AGG1 or the CSG-AGG1 link fails,
traffic is switched over to Link B. After AGG1 or the CSG-AGG1 link recovers, the L3VE
interface on AGG1 goes from Down to Up, and AGG1 immediately generates a direct route
destined for the CSG and advertises the route to RSGs. Downstream traffic is then switched over
to Link A. However, AGG1 has not learned the MAC addresses of the base stations yet, so
downstream traffic will be lost.
After you configure a cost for a direct route and allow the direct route to restore its default cost
0 after a delay, when the L3VE interface on AGG1 goes from Down to Up, the cost of the direct
route between the CSG and AGG1 is modified to the configured cost. In this case, RSGs do not
select routes advertised by AGG1 and downstream traffic still travels along Link B. After the
configured delay expires, the cost of the direct route to the CSG is restored to the default value
0. Then, RSGs select routes advertised by AGG1 and downstream traffic is switched over to
Link A. At this time, AGG1 has learned the MAC addresses of the base stations, and downstream
traffic loss will be reduced.
Pre-configuration Tasks
Before you configure an IPv4 direct route to respond to L3VE interface status changes after a
delay, complete the following task:
l Configuring link-layer protocol parameters and IP addresses for interfaces to ensure that
the link layer protocol of each interface is Up
Data Preparation
To configure an IPv4 direct route to respond to L3VE interface status changes after a delay, you
need the following data.
No. Data
2 Delay before the direct route cost is restored to the default value 0
Procedure
Step 1 Run:
system-view
NOTE
The L2VPN can access the L3VPN only if the L2VE and L3VE interfaces are bound to the same VE group
and reside on the same board.
Step 4 Run:
quit
The direct route is configured to respond to L3VE interface status changes after a delay.
After you run the direct-route degrade-delay command on an L3VE interface, and the L3VE
interface goes from Down to Up, the cost of the L3VE interface's direct route to the CSG is
modified to the configured cost. After the configured delay-time expires, the direct route cost is
restored to the default value 0.
NOTE
The direct-route degrade-delay command, the direct-route track pw-state command, and the direct-
route track vrrp command cannot be all configured on one L3VE interface.
----End
output shows that the cost of the L3VE interface's direct route to the CSG is the configured cost.
After the configured delay-time expires, run the display ip routing-table vpn-instance vpn-
instance-name [ ip-address ] [ verbose ] command on the AGG. The command output shows
that the cost of the direct route to the L3VE interface is the default value 0.
Applicable Environment
As shown in Figure 1-4, an Layer 2 Virtual Private Network (L2VPN) connection is set up
between each access aggregation gateway (AGG) and the cell site gateway (CSG) through Layer
2 Virtual Ethernet (L2VE) interfaces, while BGP virtual private network version 4 (VPNv4)
peer relationships are set up between AGGs and radio network controller site gateways (RSGs)
on an Layer 3 Virtual Private Network (L3VPN). L3VE interfaces are configured on AGGs and
VPN instances are bound to the L3VE interfaces, so that the CSG can access the L3VPN. BGP
is configured on AGGs to import direct routes between the CSG and AGGs. These direct routes
are converted to BGP VPNv6 routes and advertised to RSGs.
Figure 1-4 Networking of an IPv6 direct route responding to L3VE interface status changes
after a delay
AGG1 RSG1
CSG
Link A
Link B
NodeB RNC
AGG2 RSG2
AGG1 is used as the master device in the preceding figure. In normal cases, RSGs select routes
advertised by AGG1 and traffic travels along LinkA. If AGG1 or the CSG-AGG1 link fails,
traffic is switched over to LinkB. After AGG1 or the CSG-AGG1 link recovers, the L3VE
interface on AGG1 goes from Down to Up, and AGG1 immediately generates an IPv6 direct
route destined for the CSG and advertises the route to RSGs. Downstream traffic is then switched
over to LinkA. However, AGG1 has not learned the MAC addresses of the base stations yet, so
downstream traffic will be lost.
After you configure a cost for an IPv6 direct route and allow the direct route to restore its default
cost 0 after a delay, when the L3VE interface on AGG1 goes from Down to Up, the cost of the
direct route between the CSG and AGG1 is modified to the configured cost. In this case, RSGs
do not select routes advertised by AGG1 and downstream traffic still travels along LinkB. After
the configured delay expires, the cost of the direct route to the CSG is restored to the default
value 0. Then, RSGs select routes advertised by AGG1 and downstream traffic is switched over
to LinkA. At this time, AGG1 has learned the MAC addresses of the base stations, and
downstream traffic loss will be reduced.
Pre-configuration Tasks
Before you configure an IPv6 direct route to respond to L3VE interface status changes after a
delay, complete the following task:
l Configuring link-layer protocol parameters and IPv6 addresses for interfaces to ensure that
the link layer protocol of each interface is Up
Data Preparation
To configure an IPv6 direct route to respond to L3VE interface status changes after a delay, you
need the following data.
No. Data
2 Delay before the direct route cost is restored to the default value 0
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface virtual-ethernet interface-number
Step 3 Run:
ve-group ve-group-id l3-access
NOTE
The L2VPN can access the L3VPN only if the L2VE and L3VE interfaces are bound to the same VE group
and reside on the same board.
Step 4 Run:
quit
Step 5 Run:
interface virtual-ethernet interface-number.subinterface-number
Step 6 Run:
ipv6 enable
Step 7 Run:
direct-route ipv6 degrade-delay delay-time degrade-cost cost
The direct route is configured to respond to L3VE interface status changes after a delay.
After you run the direct-route ipv6 degrade-delay command on an L3VE interface, and the
L3VE interface goes from Down to Up, the cost of the L3VE interface's direct route to the CSG
is modified to the configured cost. After the configured delay-time expires, the direct route cost
is restored to the default value 0.
NOTE
The direct-route ipv6 degrade-delay command and the direct-route ipv6 track pw-state command
cannot be all configured on one L3VE interface.
----End
Applicable Environment
As shown in Figure 1-5, PWs are set up between access aggregation gateways (AGGs) and the
cell site gateway (CSG), while BGP VPNv4 peer relationships are set up between AGGs and
radio network controller site gateways (RSGs). Layer 3 Virtual Ethernet (L3VE) interfaces are
configured on AGGs and VPN instances are bound to the L3VE interfaces, so that the CSG can
access the Layer 3 Virtual Private Network (L3VPN). BGP is configured on AGGs to import
direct routes between the CSG and AGGs. These direct routes are converted to BGP VPNv4
routes and advertised to RSGs.
Figure 1-5 Networking of the association between the direct route and PW status
AGG1 RSG1
CSG PW1
Link A
Link B
NodeB RNC
PW2
AGG2 RSG2
L2VPN L3VPN
PW
AGG1 is used as the master device in the preceding figure. In normal cases, RSGs select routes
advertised by AGG1 and traffic travels along Link A. If AGG1 or the CSG-AGG1 link fails,
traffic is switched over to Link B. After AGG1 or the CSG-AGG1 link recovers, the L3VE
interface on AGG1 goes from Down to Up, and AGG1 immediately generates a direct route
destined for the CSG and advertises the route to RSGs. Downstream traffic is then switched over
to Link A. However, AGG1 has not learned the MAC addresses of the base stations yet and PW1
is standing by, so downstream traffic will be lost.
After you configure the association between the direct route and PW status, when the L3VE
interface on AGG1 goes from Down to Up, the cost of the direct route between the CSG and
AGG1 increases. In this case, RSGs do not preferentially select routes advertised by AGG1 and
downstream traffic still travels along Link B. After PW1 between the CSG and AGG1 becomes
the primary PW, the cost of the direct route between the CSG and AGG1 is restored to the default
value 0. Then, RSGs preferentially select routes advertised by AGG1 and downstream traffic is
switched over to Link A. At this time, AGG1 has learned the MAC addresses of the base stations,
downstream traffic loss will be reduced after the configuration.
Pre-configuration Tasks
Before configuring the association between the IPv4 direct route and PW status, complete the
following tasks:
l Configuring link-layer protocol parameters and IP addresses for interfaces to ensure that
the link layer protocol of each interface is Up
Data Preparation
To configure the association between the IPv4 direct route and PW status, you need the following
data.
No. Data
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface virtual-ethernet interface-number
Step 3 Run:
ve-group ve-group-id l3-access
NOTE
The Layer 2 Virtual Private Network (L2VPN) can access the L3VPN only if the Layer 2 Virtual Ethernet
(L2VE) and L3VE interfaces are bound to the same VE group and reside on the same board.
Step 4 Run:
quit
Step 5 Run:
interface virtual-ethernet interface-number.subinterface-number
Step 6 Run:
direct-route track pw-state degrade-cost cost
After you run the direct-route track pw-state command on a L3VE interface, the system will
adjust the cost of the direct route to the L3VE interface based on the PW status. If the PW is
standby, the system modifies the direct route cost to the configured value cost. If the PW is
active, the system restores the direct route cost to the default value 0.
NOTE
The direct-route track pw-state command, the direct-route degrade-delay command, and the direct-
route track vrrp command cannot be simultaneously configured on one L3VE interface.
----End
output shows that the direct route to the L3VE interface has the configured cost. After a PW
becomes active, run the display ip routing-table vpn-instance vpn-instance-name [ ip-
address ] [ verbose ] command on an AGG. The command output shows that the direct route
to the L3VE interface has the default cost 0.
Applicable Environment
As shown in Figure 1-6, PWs are set up between access aggregation gateways (AGGs) and the
cell site gateway (CSG), while BGP Virtual Private Network version 6 (VPNv6) peer
relationships are set up between AGGs and radio network controller site gateways (RSGs). Layer
3 Virtual Ethernet (L3VE) interfaces are configured on AGGs and VPN instances are bound to
the L3VE interfaces, so that the CSG can access the Layer 3 Virtual Private Network (L3VPN).
BGP is configured on AGGs to import IPv6 direct routes between the CSG and AGGs. These
IPv6 direct routes are converted to BGP VPNv6 routes and advertised to RSGs.
Figure 1-6 Networking of the association between the IPv6 direct route and PW status
AGG1 RSG1
CSG PW1
Link A
Link B
NodeB RNC
PW2
AGG2 RSG2
AGG1 is used as the master device in the preceding figure. In normal cases, RSGs select routes
advertised by AGG1 and traffic travels along LinkA. If AGG1 or the CSG-AGG1 link fails,
traffic is switched over to LinkB. After AGG1 or the CSG-AGG1 link recovers, the L3VE
interface on AGG1 goes from Down to Up, and AGG1 immediately generates an IPv6 direct
route destined for the CSG and advertises the route to RSGs. Downstream traffic is then switched
over to LinkA. However, AGG1 has not learned the MAC addresses of the base stations yet and
PW1 is standing by, so downstream traffic will be lost.
After you configure the association between the IPv6 direct route and PW status, when the L3VE
interface on AGG1 goes from Down to Up, the cost of the IPv6 direct route between the CSG
and AGG1 increases. In this case, RSGs do not preferentially select routes advertised by AGG1
and downstream traffic still travels along LinkB. After PW1 between the CSG and AGG1
becomes the primary PW, the cost of the IPv6 direct route between the CSG and AGG1 is restored
to the default value 0. Then, RSGs preferentially select routes advertised by AGG1 and
downstream traffic is switched over to LinkA. At this time, AGG1 has learned the MAC
addresses of the base stations, downstream traffic loss will be reduced after the configuration.
Pre-configuration Tasks
Before configuring the association between the IPv6 direct route and PW status, complete the
following tasks:
l Configuring link-layer protocol parameters and IP addresses for interfaces to ensure that
the link layer protocol of each interface is Up
Data Preparation
To configure the association between the IPv6 direct route and PW status, you need the following
data.
No. Data
Procedure
Step 1 Run:
system-view
NOTE
The Layer 2 Virtual Private Network (L2VPN) can access the L3VPN only if the Layer 2 Virtual Ethernet
(L2VE) and L3VE interfaces are bound to the same VE group and reside on the same board.
Step 4 Run:
quit
Step 6 Run:
ipv6 enable
Step 7 Run:
direct-route ipv6 track pw-state degrade-cost cost
The association between the IPv6 direct route and PW status is configured.
After you run the direct-route ipv6 track pw-state command on a L3VE interface, the system
will adjust the cost of the IPv6 direct route to the L3VE interface based on the PW status. If the
PW is standby, the system modifies the IPv6 direct route cost to the configured value cost. If
the PW is active, the system restores the IPv6 direct route cost to the default value 0.
NOTE
The direct-route ipv6 track pw-state command and the direct-route ipv6 degrade-delay command
cannot be simultaneously configured on one L3VE interface.
----End
Usage Scenario
In an IP radio access network (IPRAN) scenario, some services require high security. To meet
such requirements, cell site gateways (CSGs) encrypt data of these services using IPSec. After
the data flows to RSGs (IPSec gateways) through an IPSec tunnel, the RSGs decrypt the data.
In most cases, carriers deploy master and backup RSGs and configure the same IP address for
the IPSec tunnel interfaces of the master and backup RSGs to improve network reliability.
Without the association between IPv4 direct routes and IPSec instance status, IPv4 direct routes
with the same prefix generated on the IPSec tunnel interfaces of the master and backup RSGs
share the same default cost (0). As a result, after receiving these routes from the master and
backup RSGs, CSGs cannot select an optimal one based on the cost.
With the association between IPv4 direct routes and IPSec instance status:
l If the IPSec instance status is master on an IPSec tunnel interface, the cost of the IPv4 direct
routes generated on the interface is 0.
l If the IPSec instance status is backup on an IPSec tunnel interface or the system cannot
detect the IPSec instance status, the cost of the IPv4 direct routes generated on the interface
is the cost configured on the interface.
After receiving the IPv4 direct routes with the same prefix from the master and backup RSGs,
CSGs can select an optimal one based on the cost. Therefore, the CSGs can transmit data
encrypted using IPSec to the correct RSG.
Pre-configuration Tasks
Before configuring the association between IPv4 direct routes and IPSec instance status,
configure link layer protocol parameters and IP addresses for interfaces and ensure that the link
layer protocol of each interface is Up.
Data Preparation
To complete the configuration, you need the following data:
No. Data
1 Cost for IPv4 direct routes generated on each IPSec tunnel interface
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface tunnel interface-number
Step 3 Run:
tunnel-protocol ipsec
Step 4 Run:
direct-route track ipsec-instance degrade-cost cost
The association between IPv4 direct routes and IPSec instance status is configured.
NOTE
If the IPSec tunnel interface uses the IP address of another interface, the association between the cost of
IPv4 direct routes and the IPSec instance status cannot be configured on this IPSec tunnel interface.
The cost of local IPv4 direct routes that are not to be advertised cannot be associated with the IPSec instance
status.
----End
Applicable Environment
To speed up end-to-end traffic switchovers when a primary PW fails in a Layer 2 virtual private
network (L2VPN) that accesses a Layer 3 virtual private network (L3VPN), the system keeps
the L3VE sub-interface of the secondary PW Up. This mechanism spares the L3VE sub-interface
from negotiation of the Up state during the primary/secondary PW switchover, reducing traffic
loss and accelerating route convergence, especially when many L3VE sub-interfaces exist.
However, when the L3VE sub-interface is Up, the system generates a network segment route
that corresponds to the L3VE sub-interface. The network segment route will be selected, because
a direct route has the highest priority. Because the connected PW is the secondary PW, the
network segment route becomes a black-hole route, and traffic cannot be forwarded between
the CSGs. To address this problem, configure the device to deactivate the IPv4 network segment
route that corresponds to the L3VE sub-interface.
As shown in Figure 1-7, PWs are set up between the access aggregation gateways (AGGs) and
CSGs, while Border Gateway Protocol (BGP) virtual private network version 4 (VPNv4) peer
relationships are set up between the AGGs and radio network controller site gateways (RSGs).
L3VE sub-interfaces are configured on the AGGs, and VPN instances are bound to the L3VE
sub-interfaces so that the CSGs can access the L3VPN. BGP is configured on the AGGs to import
direct routes between the CSGs and AGGs. These direct routes are converted to BGP VPNv4
routes and advertised to the RSGs.
NodeB PW2
BGP/MPLS IP VPN
PW4
RNC
PW3
NodeB CSG2 AGG2 RSG2
In most cases, if CSG1 needs to communicate with CSG2, CSG1 forwards data to AGG1 through
the primary PW (PW1). PW4 on AGG1 is the secondary PW, but the L3VE sub-interface is Up.
AGG1 generates and selects a network segment route because a direct route has a higher priority
than a BGP VPNv4 route learned from AGG2. However, AGG1 is not the master device of
CSG2 and does not have the Media Access Control (MAC) addresses stored on CSG2. To
forward the data, AGG1 sends an Address Resolution Protocol (ARP) request packet to CSG2.
CSG2 sends an ARP reply packet through the primary PW (PW3) because CSG2 does not
support the ARP dual sending function. The ARP reply packet reaches AGG2, instead of AGG1.
If the AGGs do not support ARP two-node hot backup, AGG2 does not back up its ARP entries
to AGG1 so that AGG1 cannot learn the MAC addresses stored on CSG2. The network segment
route from AGG1 to CSG2 becomes a black-hole route.
To address this problem, deactivate the network segment route that corresponds to the L3VE
sub-interface of the secondary PW by running the direct-route track pw-state deactive-
standby command on the L3VE sub-interface on AGG1 connecting to CSG2. When PW4 is the
secondary PW, AGG1 cannot generate the network segment route from CSG2 to its L3VE sub-
interface. In this situation, AGG1 selects the BGP VPNv4 route sent by AGG2. If CSG1 forwards
data to AGG1 through the primary PW (PW1), AGG1 forwards the data directly to AGG2.
AGG2 forwards the data to CSG2 through PW3. In this situation, no black-hole route exists.
If PW1 fails, PW2 becomes the primary PW of CSG1. If CSG1 needs to communicate with
CSG2, CSG1 forwards data to AGG2 through PW2. AGG2 then forwards the data to CSG2
through PW3. CSG2 forwards data destined for CSG1 to AGG2 through PW3. AGG2 forwards
the data to CSG1 through the primary PW (PW2). In this situation, data can be forwarded
between CSG1 and CSG2.
NOTE
Do not configure the direct-route track pw-state deactive-standby command, if the network meets one
of the following conditions where no black-hole route exists:
l The CSGs support the ARP dual sending function. CSG2 can reply to AGG1's ARP request packet
through PW3 and PW4. AGG1 can then learn the MAC addresses stored on CSG2 and forward data
to CSG2.
l The AGGs support ARP two-node hot backup. AGG1 can learn the MAC addresses stored on CSG2
from AGG2 and forward data to CSG2.
Pre-configuration Tasks
Before configuring a device to deactivate the IPv4 network segment route that corresponds to
an L3VE sub-interface, configure link-layer protocol parameters and IPv4 addresses for
interfaces to ensure that the link layer protocol of each interface is Up.
Data Preparation
None
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface virtual-ethernet interface-number
Step 3 Run:
ve-group ve-group-id l3-access
NOTE
The L2VPN can access the L3VPN only if the L2VE and L3VE interfaces are bound to the same VE group
and reside on the same board.
Step 4 Run:
quit
Step 5 Run:
interface virtual-ethernet interface-number.subinterface-number
Step 6 Run:
direct-route track pw-state deactive-standby
The device is configured to deactivate the IPv4 network segment route that corresponds to the
L3VE sub-interface of the secondary PW.
NOTE
The direct-route track pw-state deactive-standby command cannot be configured together with the
direct-route track pw-state degrade-cost, direct-route degrade-delay, or direct-route track vrrp
command on one L3VE sub-interface. If you configure any two of these commands, the latest configuration
overrides the previous one.
----End
After you configure the direct-route track pw-state deactive-standby command on an L3VE
sub-interface of the secondary PW, run the display ip routing-table vpn-instance command
on the AGG. The command output shows no IPv4 network segment route that corresponds to
the L3VE sub-interface of the secondary PW.
<HUAWEI> display ip routing-table vpn-instance vrf1
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vrf1
Destinations : 3 Routes : 3
Applicable Environment
To speed up end-to-end traffic switchovers when a primary PW fails in a Layer 2 virtual private
network (L2VPN) that accesses a Layer 3 virtual private network (L3VPN), the system keeps
the L3VE sub-interface of the secondary PW Up. This mechanism spares the L3VE sub-interface
from negotiation of the Up state during the primary/secondary PW switchover, reducing traffic
loss and accelerating route convergence, especially when many L3VE sub-interfaces exist.
However, when the L3VE sub-interface is Up, the system generates a network segment route.
The network segment route will be selected, because a direct route has the highest priority.
Because the connected PW is the secondary PW, the network segment route becomes a black-
hole route, and traffic cannot be forwarded between the CSGs. To address this problem,
configure the device to deactivate the IPv6 network segment route that corresponds to the L3VE
sub-interface.
As shown in Figure 1-8, PWs are set up between the access aggregation gateways (AGGs) and
CSGs, while Border Gateway Protocol (BGP) virtual private network version 6 (VPNv6) peer
relationships are set up between the AGGs and radio network controller site gateways (RSGs).
L3VE sub-interfaces are configured on the AGGs, and VPN instances are bound to the L3VE
sub-interfaces so that the CSGs can access the L3VPN. BGP is configured on the AGGs to import
direct routes between the CSGs and AGGs. These direct routes are converted to BGP VPNv6
routes and advertised to the RSGs.
NodeB PW2
BGP/MPLS IPv6 VPN
PW4
RNC
PW3
NodeB CSG2 AGG2 RSG2
Secondary PW NS packet
NA packet
In most cases, if CSG1 needs to communicate with CSG2, CSG1 forwards data to AGG1 through
the primary PW (PW1). PW4 on AGG1 is the secondary PW, but the L3VE sub-interface is Up.
AGG1 generates and selects a network segment route because a direct route has a higher priority
than a BGP VPNv6 route learned from AGG2. However, AGG1 is not the master device of
CSG2 and does not have the Media Access Control (MAC) addresses stored on CSG2. To
forward the data, AGG1 sends a Neighbor Solicitation (NS) packet to CSG2. CSG2 sends a
Neighbor Advertisement (NA) packet through the primary PW (PW3). The NA packet reaches
AGG2, instead of AGG1. AGG1 cannot learn the MAC addresses stored on CSG2 or forward
traffic to CSG2. The network segment route from AGG1 to CSG2 becomes a black-hole route.
To address this problem, deactivate the network segment route that corresponds to the L3VE
sub-interface of the secondary PW by running the direct-route ipv6 track pw-state deactive-
standby command on the L3VE sub-interface on AGG1 connecting to CSG2. When PW4 is the
secondary PW, AGG1 cannot generate the network segment route from CSG2 to its L3VE sub-
interface. In this situation, AGG1 selects the BGP VPNv6 route sent by AGG2. If CSG1 forwards
data to AGG1 through the primary PW (PW1), AGG1 forwards the data directly to AGG2.
AGG2 forwards the data to CSG2 through PW3. In this situation, no black-hole route exists.
If PW1 fails, PW2 becomes the primary PW of CSG1. If CSG1 needs to communicate with
CSG2, CSG1 forwards data to AGG2 through PW2. AGG2 then forwards the data to CSG2
through PW3. CSG2 forwards data destined for CSG1 to AGG2 through PW3. AGG2 forwards
the data to CSG1 through the primary PW (PW2). In this situation, data can be forwarded
between CSG1 and CSG2.
Pre-configuration Tasks
Before configuring a device to deactivate the IPv6 network segment route that corresponds to
an L3VE sub-interface, configure link-layer protocol parameters and IPv6 addresses for
interfaces to ensure that the link layer protocol of each interface is Up.
Data Preparation
None
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface virtual-ethernet interface-number
Step 3 Run:
ve-group ve-group-id l3-access
NOTE
The L2VPN can access the L3VPN only if the L2VE and L3VE interfaces are bound to the same VE group
and reside on the same board.
Step 4 Run:
quit
Step 5 Run:
interface virtual-ethernet interface-number.subinterface-number
Step 6 Run:
The device is configured to deactivate the IPv6 network segment route that corresponds to the
L3VE sub-interface of the secondary PW.
NOTE
The direct-route ipv6 track pw-state deactive-standby command cannot be configured together with
the direct-route ipv6 track pw-state or direct-route ipv6 degrade-delay command on one L3VE sub-
interface. If you configure any two of these commands, the latest configuration overrides the previous one.
----End
After you configure the direct-route ipv6 track pw-state deactive-standby command on an
L3VE sub-interface of the secondary PW, run the display ipv6 routing-table vpn-instance
command on the AGG. The command output shows no IPv6 network segment route that
corresponds to the L3VE sub-interface of the secondary PW.
<HUAWEI> display ipv6 routing-table vpn-instance vrf1
Routing Table : vrf1
Destinations : 2 Routes : 2
Usage Scenario
Figure 1-9 shows a typical networking for a Layer 2 Virtual Private Network (L2VPN) accessing
an Layer 3 Virtual Private Network (L3VPN). An L2VPN connection is set up between each
AGG and CSG, while a Border Gateway Protocol (BGP) VPNv4 peer relationship is set up
between each AGG and RNC site gateway (RSG) on the L3VPN; Layer 3 Virtual Ethernet
(L3VE) sub-interfaces are configured on each AGG, each L3VE sub-interface is bound to one
VPN instance, and the CSGs access the L3VPN through the L3VE sub-interfaces. To improve
network resource usage and reliability, carriers expect that AGG1 transmits RNC-to-CSG1 and
RNC-to-CSG2 traffic and that AGG2 transmits RNC-to-CSG3 and RNC-to-CSG4 traffic.
CSG1
NodeB
AGG1
RSG1
CSG2
NodeB
BGP/MPLS IP VPN
NodeB RNC
CSG3
RSG2
AGG2
NodeB
CSG4
Primary PW L2VE Sub-interface
Secondary PW L3VE Sub-interface
To meet the preceding requirements, perform the following steps on each AGG:
1. Configure the AGG to advertise Address Resolution Protocol (ARP) Vlink direct routes.
2. Configure a cost for ARP Vlink direct routes and routes to the directly connected network
segment on the L3VE sub-interface of the secondary pseudo wire (PW).
3. Configure a static route to each NodeB and allow the static route to inherit the cost of the
route to which the static route is iterated.
NOTE
After this configuration is complete, each static route is iterated to an ARP Vlink direct route that is
generated on an L3VE sub-interface, and the static route inherits the cost of the ARP Vlink direct route.
Because no cost is configured for ARP Vlink direct routes on the L3VE sub-interface of the primary PW,
the default cost 0 takes effect on these routes, and static routes inherit the cost 0 after they are iterated to
the ARP Vlink direct routes.
4. Import the static routes to the BGP routing table.
NOTE
After a static route is imported to the BGP routing table, the cost is changed to the BGP route Multi-Exit
discrimination (MED), but the value remains unchanged. The cost of the static route to one NodeB varies
with the AGG, so does the BGP route MED.
After the preceding configurations are complete, each AGG advertises the route destined for
each NodeB to its BGP VPNv4 peers (RSGs). The RSGs can receive two routes with the same
prefix (destined for the same NodeB) and select an optimal route with a smaller MED value
from the two routes. Consequently, RSGs select routes advertised by AGG1 as the primary routes
to CSG1 and CSG2 and routes advertised by AGG2 as the primary routes to CSG3 and CSG4.
The AGGs therefore load-balance RNC-to-CSG traffic.
Pre-configuration Tasks
Before configuring AGGs to load-balance RNC-to-CSG traffic, configure link-layer protocol
parameters and IP addresses for interfaces and ensure that the link layer protocol on each
interface is Up.
Data Preparation
To complete the configuration, you need the following data:
No. Data
1 Cost for ARP Vlink direct routes and routes to the directly connected network segment
on the L3VE sub-interface of the secondary PW
Procedure
Step 1 Configure the AGGs to advertise ARP Vlink direct routes.
1. Run:
system-view
quit
Step 2 Configure a cost for ARP Vlink direct routes and routes to the directly connected network
segment on the L3VE sub-interface of the secondary PW.
1. Run:
interface virtual-ethernet interface-number
NOTE
The L2VPN can access the L3VPN only if the Layer 2 Virtual Ethernet (L2VE) and L3VE interfaces
are bound to the same VE group and reside on the same board.
3. Run:
quit
A cost is configured for ARP Vlink direct routes and routes to the directly connected
network segment on the L3VE sub-interface of the secondary PW.
By default, the cost of ARP Vlink direct routes and routes to the directly connected network
segment on L3VE sub-interfaces is 0.
NOTE
l If both the direct-route cost and direct-route track pw-state commands are run, the cost of
routes to the directly connected network segment is calculated according to the following rules:
l If the PW is active, the cost is the value configured using the direct-route cost command.
l If the PW is standby or Down, the cost is the value configured using the direct-route cost
command plus that configured using the direct-route track pw-state command. If the
calculated cost is greater than the maximum value (4294967295), 4294967295 takes effect.
l If both the direct-route cost and direct-route track vrrp commands are run, the cost of routes
to the directly connected network segment is calculated according to the following rules:
l If the device is the master of the VRRP backup group, the cost is the value configured using
the direct-route cost command.
l If the device is a backup device of the VRRP backup group, the cost is the value configured
using the direct-route cost command plus that configured using the direct-route track
vrrp command. If the calculated cost is greater than the maximum value (4294967295),
4294967295 takes effect.
l If both the direct-route cost and direct-route track eth-trunk commands are run, the cost of
routes to the directly connected network segment is calculated according to the following rules:
l If the Eth-Trunk interface is master or the system cannot query the state of the Eth-Trunk
interface, the cost is the value configured using the direct-route cost command.
l If the Eth-Trunk interface is a backup interface, the cost is the value configured using the
direct-route cost command plus that configured using the direct-route track eth-trunk
command. If the calculated cost is greater than the maximum value (4294967295),
4294967295 takes effect.
l If both the direct-route cost and direct-route degrade-delay commands are run and the L3VE
sub-interface goes from Down to Up, the cost of routes to the directly connected network segment
is calculated according to the following rules:
l After the delay expires, the cost is the value configured using the direct-route cost command.
l Before the delay expires, the cost is the value configured using the direct-route cost
command plus that configured using the direct-route degrade-delay command. If the
calculated cost is greater than the maximum value (4294967295), 4294967295 takes effect.
6. Run:
quit
Step 3 Run:
ip route-static vpn-instance vpn-source-name destination-address { mask | mask-
length } nexthop-address [ preference preference | tag tag ] * inherit-cost
[ description text ]
A static route is configured for a specified VPN instance and allowed to inherit the cost of the
route to which the static route is iterated.
vpn-source-name specifies the VPN instance that is bound to the L3VE sub-interface, and
nexthop-address specifies the destination address of the route to which the static route is iterated.
If you run the import-route static command, some unneeded static routes may be imported to
the BGP routing table. To import a static route with a specific prefix and mask to the BGP routing
table, run the network command.
----End
Applicable Environment
IP packets are forwarded through a specified physical interface, but cannot be forwarded through
a VLANIF interface. If packets reach a VLANIF interface, the device obtains information about
the physical interfaces using IPv4 ARP and generates relevant routing entries. The routes
recorded by the routing entries are called IPv4 ARP Vlink direct routes.
In most cases, IPv4 ARP Vlink direct routes are used only to guide local traffic forwarding and
are not advertised. In this manner, the scale and stability of the routing table can be controlled.
In certain situations, however, different operations have to be performed on specific routes of
VLAN users (for example, different traffic export policies have to be applied to the specific
routes to direct remote traffic). IPv4 ARP Vlink direct routes need to be imported to the dynamic
routing protocol and advertised to the remote end.
As shown in Figure 1-10, Router D uses VLANIF interfaces to connect to Routers A, B, and C
at three sites. Router E only needs to communicate with Router B, but not with Router A or
Router C. You can configure Router D to advertise IPv4 ARP Vlink direct routes and configure
a route-policy on Router D to filter out routes to the network segment of the VLAN for which
the VLANIF interfaces are configured and filter out routes to Router A and Router C.
Figure 1-10 Networking diagram of advertising IPv4 ARP Vlink direct routes on the public
network
192.168.0.3/24
RouterA
RouterC
Pre-configuration Tasks
Before advertising IPv4 ARP Vlink direct routes on the public network, complete the following
task:
l Configuring parameters of a link layer protocol and assigning an IP address to each interface
to ensure that the link layer protocol on the interfaces is Up
Data Preparation
To advertise IPv4 ARP Vlink direct routes on the public network, you need the following data.
No. Data
Context
Before IPv4 ARP Vlink direct routes are advertised, a route-policy can be configured to filter
the advertised routes and only routes that match the route-policy can be advertised. In this
manner, data traffic can be precisely controlled.
Perform the following steps on the router on which IPv4 ARP Vlink direct routes need to be
advertised:
Procedure
Step 1 Run:
system-view
At present, apply clauses cannot be used to set routing attributes for routes that match the filtering rules.
----End
Follow-up Procedure
After advertising IPv4 ARP Vlink direct routes is enabled, IPv4 ARP Vlink direct routes can be
advertised only if they are imported to a dynamic routing protocol. Perform the following steps
on the router based on the type of the dynamic routing protocol:
l If RIP is used, run the import-route direct [ cost cost | route-policy route-policy-name ]
* command to import IPv4 ARP Vlink direct routes to RIP.
l If OSPF is used, run the import-route direct [ cost cost | route-policy route-policy-
name | tag tag | type type ] * command to import IPv4 ARP Vlink direct routes to OSPF.
l If IS-IS is used, run the import-route direct [ cost-type { external | internal } | cost
cost | tag tag | route-policy route-policy-name | [ level-1 | level-2 | level-1-2 ] ] * command
to import IPv4 ARP Vlink direct routes to IS-IS.
l If BGP is used, run the import-route direct [ med med | route-policy route-policy-
name ] * command to import IPv4 ARP Vlink direct routes to BGP.
Prerequisites
The advertisement of IPv4 ARP Vlink direct routes on the public network has been configured.
Procedure
l Run the display ip routing-table ip-address [ mask | mask-length ] [ longer-match ]
[ verbose ] command to check information about advertised IPv4 ARP Vlink direct routes
on the public network.
----End
Example
# Run the display ip routing-table ip-address mask-length verbose command to view detailed
information about the IPv4 ARP Vlink direct route 10.1.1.4/32.
<HUAWEI> display ip routing-table 10.1.1.4 32 verbose
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : Public
Summary Count : 1
Destination: 10.1.1.4/32
Protocol: Direct Process ID: 0
Preference: 0 Cost: 0
NextHop: 10.1.1.4 Neighbour: 0.0.0.0
State: Active Adv Age: 03h43m20s
Tag: 0 Priority: high
Label: NULL QoSInfo: 0x0
IndirectID: 0x0
RelayNextHop: 0.0.0.0 Interface: Vlanif10
TunnelID: 0x0 Flags: D
The command output shows that the route status is Active Adv, indicating that the route is active
and can be advertised.
Applicable Environment
IP packets are forwarded through a specified physical interface, but cannot be forwarded through
a VLANIF interface. If packets reach a VLANIF interface, the device obtains information about
the physical interfaces using IPv6 NDP and generates relevant routing entries. The routes
recorded by the routing entries are called IPv6 NDP Vlink direct routes.
In most cases, IPv6 NDP Vlink direct routes are used only to guide local traffic forwarding and
are not advertised. In this manner, the scale and stability of the routing table can be controlled.
In certain situations, however, different operations have to be performed on specific routes of
VLAN users (for example, different traffic export policies have to be applied to the specific
routes to direct remote traffic). In this case, some IPv6 NDP Vlink direct routes need to be
imported to the dynamic routing protocols and advertised to the remote end.
As shown in Figure 1-11, Router D uses VLANIF interfaces to connect to Routers A, B, and C
at three sites. Router E only needs to communicate with Router B, but not with Router A and
Router C. You can configure Router D to advertise IPv6 NDP Vlink direct routes and configure
a route-policy on Router D to filter out routes to the network segment of the VLAN for which
the VLANIF interfaces are configured and filter out routes to Router A and Router C.
Figure 1-11 Networking diagram of advertising IPv6 NDP Vlink direct routes on the public
network
RouterA
2001::3/64
2001::5/64
Pre-configuration Tasks
Before advertising IPv6 NDP Vlink direct routes on the public network, complete the following
task:
l Configuring parameters of a link layer protocol and assigning an IP address to each interface
to ensure that the link layer protocol on the interfaces is Up
Data Preparation
To advertise IPv6 NDP Vlink direct routes on the public network, you need the following data.
No. Data
Context
Before IPv6 NDP Vlink direct routes are advertised, a route-policy can be used to filter the
advertised routes and only routes that pass the filtering can be advertised. In this manner, data
traffic can be precisely controlled.
Perform the following steps on the router on which IPv6 NDP Vlink direct routes need to be
advertised:
Procedure
Step 1 Run:
system-view
Step 2 Run:
ipv6 nd vlink-direct-route advertise [ route-policy route-policy-name ]
If IPv6 NDP Vlink direct routes have to be advertised, you can specify the parameter route-
policy route-policy-name in the ipv6 nd vlink-direct-route advertise command to filter IPv4
ARP Vlink direct routes.
NOTE
At present, apply clauses cannot be used to set routing attributes for routes that match the filtering rules.
----End
Follow-up Procedure
After advertising IPv6 NDP Vlink direct routes is enabled, IPv6 NDP Vlink direct routes can
be advertised only if they are imported to dynamic routing protocols. Perform the following
steps on the router based on the type of the dynamic routing protocol:
l If RIPng is used, run the import-route direct [ cost cost | route-policy route-policy-
name ] * command to import IPv6 NDP Vlink direct routes to RIPng.
l If OSPFv3 is used, run the import-route direct [ cost cost | inherit-cost | route-policy
route-policy-name | tag tag | type type ] * command to import IPv6 NDP Vlink direct routes
to OSPFv3.
l If IS-IS is used, run the import-route direct [ cost-type { external | internal } | cost
cost | tag tag | route-policy route-policy-name | [ level-1 | level-2 | level-1-2 ] ] * command
to import IPv6 NDP Vlink direct routes to IS-IS.
l If BGP4+ is used, run the import-route direct [ med med | route-policy route-policy-
name ] * command to import IPv6 NDP Vlink direct routes to BGP4+.
Prerequisites
All configurations relevant to the advertisement of IPv6 NDP Vlink direct routes has been
configured.
Procedure
l Run the display ipv6 routing-table ipv6-address [ prefix-length ] [ longer-match ]
[ verbose ] command to check information about advertised IPv6 NDP Vlink direct routes
on the public network.
----End
Example
# Run the display ipv6 routing-table ipv6-address [ mask | mask-length ] verbose command
to view detailed information about the IPv6 NDP Vlink direct route 2001:db8:2000::4/128.
<HUAWEI> display ipv6 routing-table 2001:db8:2000::4 128 verbose
Routing Table :
Summary Count : 1
The command output shows that the route status is Active Adv, indicating that the route is active
and can be advertised.
Context
The number of IPv4 route prefixes that can be added to a routing table is limited. If the number
exceeds the limit, new prefixes cannot be added to the routing table, which may interrupt
services. To address this problem, configure an alarm threshold for the number of IPv4 route
prefixes.
An alarm is generated when the following conditions are met:
l The alarm function is enabled for the routing management (RM) module using the snmp-
agent trap enable feature-name rm command.
l The number of IPv4 route prefixes on the device exceeds the alarm threshold.
The alarm informs users that an abnormality may exist and to take corrective actions.
Procedure
Step 1 Run:
system-view
Two thresholds (one alarm threshold and one clear alarm threshold) are configured for the
number of IPv4 route prefixes on the device.
By default, the alarm threshold for IPv4 route prefixes is 80%, and the clear alarm threshold for
IPv4 route prefixes is 70%.
NOTE
When you configure upper-limit-value and lower-limit-value, note the following suggestions:
l Set a value less than or equal to 95 for upper-limit-value.
l lower-limit-value must be less than upper-limit-value. Set lower-limit-value to a value at least 10 less
than upper-limit-value to prevent alarms from being frequently generated and cleared due to route
flapping.
----End
Context
The number of IPv6 route prefixes that can be added to a routing table is limited. If the number
exceeds the limit, new prefixes cannot be added to the routing table, which may interrupt
services. To address this problem, configure an alarm threshold for the number of IPv6 route
prefixes.
An alarm is generated when the following conditions are met:
l The alarm function is enabled for the routing management (RM) module using the snmp-
agent trap enable feature-name rm command.
l The number of IPv6 route prefixes on the device exceeds the alarm threshold.
The alarm informs users that an abnormality may exist and to take corrective actions.
Procedure
Step 1 Run:
system-view
Two thresholds (one alarm threshold and one clear alarm threshold) are configured for the
number of IPv6 route prefixes on the device.
By default, the alarm threshold for IPv6 route prefixes is 80%, and the clear alarm threshold for
IPv6 route prefixes is 70%.
NOTE
When you configure upper-limit-value and lower-limit-value, note the following suggestions:
l Set a value less than or equal to 95 for upper-limit-value.
l lower-limit-value must be less than upper-limit-value. Set lower-limit-value to a value at least 10 less
than upper-limit-value to prevent alarms from being frequently generated and cleared due to route
flapping.
----End
Context
If the router imports a large number of routes, system performance may be affected when
processing services because the routes consume a lot of system resources. To improve system
security and reliability, configure a limit on the number of IPv4 public route prefixes. When the
number of IPv4 public route prefixes exceeds the limit, an alarm is generated, prompting you to
check whether unneeded IPv4 public route prefixes exist.
Procedure
Step 1 Run:
system-view
Additional IPv4 public route prefixes can still be added to the routing table until the number of
IPv4 public route prefixes reaches number. Subsequent route prefixes are discarded.
If you specify simply-alert in the command, additional IPv4 public route prefixes can still be
added to the routing table and only an alarm is generated after the number of IPv4 public route
prefixes exceeds number. However, when the total number of private and public route prefixes
reaches the limit on the number of unicast route prefixes specified in the PAF file, subsequent
IPv4 public route prefixes are discarded.
If you decrease alert-percent after the number of IPv4 public route prefixes exceeds number,
whether the routing table remains unchanged is determined by route-unchanged.
l If you specify route-unchanged in the command, the routing table remains unchanged.
l If you do not specify route-unchanged in the command, the system deletes the routes from
the routing table and re-adds routes.
By default, the system deletes the routes from the routing table and re-adds routes.
NOTE
After the number of IPv4 public route prefixes exceeds the limit, note the following rules:
l If you run the ip prefix-limit command to increase number or the undo ip prefix-limit command to
delete the limit, the router relearns IPv4 public route prefixes.
l Direct and static routes can still be added to the IP routing table.
l The snmp-agent trap enable feature-name rm command must have been run so that alarms can be
generated.
An interval is specified for the system to generate logs after the number of IPv4 public route
prefixes exceeds the limit.
By default, the system generates logs at an interval of 5s after the number of IPv4 public route
prefixes exceeds the limit.
You can run the command to set a larger value for the interval to decrease the frequency at which
these logs are generated.
----End
Context
If the router imports a large number of routes, system performance may be affected when
processing services because the routes consume a lot of system resources. To improve system
security and reliability, configure a limit on the number of IPv6 public route prefixes. When the
number of IPv6 public route prefixes exceeds the limit, an alarm is generated, prompting you to
check whether unneeded IPv6 public route prefixes exist.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ipv6 prefix-limit number { alert-percent [ route-unchanged ] | simply-alert }
alert-percent indicates the percentage of the maximum number of IPv6 public route prefixes
that is supported. If you specify alert-percent in the command, when the number of IPv6 public
route prefixes exceeds the value calculated by number x alert-percent/100, an alarm is generated.
Additional IPv6 public route prefixes can still be added to the routing table until the number of
IPv6 public route prefixes reaches number. Subsequent route prefixes are discarded.
If you specify simply-alert in the command, additional IPv6 public route prefixes can still be
added to the routing table and only an alarm is generated after the number of IPv6 public route
prefixes exceeds number. However, when the total number of private and public route prefixes
reaches the limit on the number of unicast route prefixes specified in the PAF file, subsequent
IPv6 public route prefixes are discarded.
If you decrease alert-percent after the number of IPv6 public route prefixes exceeds number,
whether the routing table remains unchanged is determined by route-unchanged.
l If you specify route-unchanged in the command, the routing table remains unchanged.
l If you do not specify route-unchanged in the command, the system deletes the routes from
the routing table and re-adds routes.
By default, the system deletes the routes from the routing table and re-adds routes.
NOTE
After the number of IPv6 public route prefixes exceeds the limit, note the following rules:
l If you run the ipv6 prefix-limit command to increase number or the undo ipv6 prefix-limit command
to delete the limit, the router relearns IPv6 public route prefixes.
l Direct and static routes can still be added to the IPv6 routing table.
l The snmp-agent trap enable feature-name rm command must have been run so that alarms can be
generated.
An interval is specified for the system to generate logs after the number of IPv6 public route
prefixes exceeds the limit.
By default, the system generates logs at an interval of 5s after the number of IPv6 public route
prefixes exceeds the limit.
You can run the command to set a larger value for the interval to decrease the frequency at which
these logs are generated.
----End
NOTE
Examples in this document use interface numbers and link types of the NE40E-X8. In real world situations,
the interface numbers and link types may be different from those used in this document.
Networking Requirements
As shown in Figure 1-12, it is required that link B functions as the backup of link A. In this
manner, if a fault occurs on link A, traffic can be rapidly switched to link B.
GE2/0/0 GE2/0/0
RouterA
192.167.10.1/24 192.167.11.1/24
GE1/0/0 Link A GE1/0/0
172.18.1.1/24 172.17.1.1/24
RouterT RouterC
GE3/0/0 Link B GE3/0/0
192.167.20.1/24 192.167.21.1/24
GE1/0/0 GE2/0/0
192.167.20.2/24 192.167.21.2/24
RouterB
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable basic OSPF functions on each router to allow them to learn routes from each other.
2. Set a greater cost for GE 3/0/0 of Router T and Router C so that OSPF prefers link A.
3. Configure a route-policy on Router T, configure the backup outbound interface and backup
next hop, and enable public network IP FRR to ensure that link B functions as the backup
of link A
Data Preparation
To complete the configuration, you need the following data:
Configuration procedure
1. Configure an IP address for each interface.
The configuration details are not described here.
2. Configure OSPF on Router T, Router A, Router B, and Router C.
The configuration details are not described here.
3. Set a cost on an OSPF interface.
# Set a cost on Gigabit Ethernet 3/0/0 of Router T so that OSPF prefers link A.
[RouterT] interface gigabitethernet 3/0/0
[RouterT-GigabitEthernet3/0/0] ospf cost 100
[RouterT-GigabitEthernet3/0/0] quit
# Set a greater cost on Gigabit Ethernet 3/0/0 of Router C so that OSPF prefers link A.
[RouterC] interface gigabitethernet 3/0/0
[RouterC-GigabitEthernet3/0/0] ospf cost 100
[RouterC-GigabitEthernet3/0/0] quit
4. Configure a route-policy.
# Configure a route-policy on Router T, configure the backup outbound interface and
backup next hop, and configure an if-match clause to limit the application scope.
[RouterT] ip ip-prefix frr1 permit 172.17.1.1 24
[RouterT] route-policy ip_frr_rp permit node 10
[RouterT-route-policy] if-match ip-prefix frr1
[RouterT-route-policy] apply backup-nexthop 192.167.20.2
[RouterT-route-policy] apply backup-interface gigabitethernet3/0/0
[RouterT-route-policy] quit
# Check information about the backup outbound interface and backup next hop on Router
T.
[RouterT] display ip routing-table 172.17.1.0 verbose
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : Public
Summary Count : 1
Destination: 172.17.1.0/24
Protocol: OSPF Process ID: 1
Preference: 10 Cost: 3
NextHop: 192.167.10.2 Neighbour: 0.0.0.0
State: Active Adv Age: 00h06m49s
Tag: 0 Priority: low
Label: NULL QoSInfo: 0x0
IndirectID: 0x0
RelayNextHop: 0.0.0.0 Interface: GigabitEthernet2/0/0
TunnelID: 0x0 Flags: D
BkNextHop: 192.167.20.2 BkInterface: GigabitEthernet3/0/0
BkLabel: NULL SecTunnelID: 0x0
BkPETunnelID: 0x0 BkPESecTunnelID: 0x0
BkIndirectID: 0x0
6. If IP FRR is not required, run the undo ip frr command to disable IP FRR.
[RouterT] undo ip frr
# After IP FRR is disabled, check information about the backup outbound interface and
backup next hop.
[RouterT] display ip routing-table 172.17.1.0 verbose
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : Public
Summary Count : 1
Destination: 172.17.1.0/24
Protocol: OSPF Process ID: 1
Preference: 10 Cost: 3
NextHop: 192.167.10.2 Neighbour: 0.0.0.0
State: Active Adv Age: 00h00m01s
Tag: 0 Priority: low
Label: NULL QoSInfo: 0x0
IndirectID: 0x0
RelayNextHop: 0.0.0.0 Interface: GigabitEthernet2/0/0
TunnelID: 0x0 Flags: D
Configuration Files
l Configuration file of Router T
#
sysname RouterT
#
ip frr route-policy ip_frr_rp
#
interface GigabitEthernet2/0/0
ip address 192.167.10.1 255.255.255.0
#
interface GigabitEthernet3/0/0
ip address 192.167.20.1 255.255.255.0
ospf cost 100
#
interface GigabitEthernet1/0/0
ip address 172.18.1.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 192.167.10.0 0.0.0.255
network 192.167.20.0 0.0.0.255
area 0.0.0.1
network 172.18.1.0 0.0.0.255
#
ip ip-prefix frr1 index 10 permit 172.17.1.0 24
#
route-policy ip_frr_rp permit node 10
if-match ip-prefix frrl
apply backup-nexthop 192.167.20.2
apply backup-interface GigabitEthernet3/0/0
#
return
Networking Requirements
As networks develop, services such as audio, online video, and finance have more requirements
for real-time transmission. Generally, both active and backup links are deployed to ensure service
stability. However, in traditional forwarding modes, link switchover depends on route
convergence, which takes a longer time and cannot meet service requirements. IPv6 FRR can
solve this problem.
As shown in Figure 1-13, two links are configured between Router T and the network
2001:db8:2::2/128 to back up each other. The carrier requires that link B function as the backup
of link A. In this way, after link A becomes faulty, traffic can be switched to link B immediately.
The requirement can be met by configuring IPv6 FRR on Router T.
Figure 1-13 Networking diagram for configuring public network IPv6 FRR
GE1/0/0 GE2/0/0
2001:db8:2000::2/64 2001:db8:2002::1/64
RouterA GE2/0/0
GE1/0/0 2001:db8:2002::2/64
2001:db8:2000::1/64 Link A Loopback1
2001:db8:2::2/128
RouterT
RouterC
GE2/0/0 Link B GE1/0/0
2001:db8:2001::1/64 2001:db8:2003::2/64
GE2/0/0 GE1/0/0
2001:db8:2001::2/64 2001:db8:2003::1/64
RouterB
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure dynamic routing protocols on each router so that they can learn routes from each
other. OSPFv3 is used in this example.
2. Set the costs for GE 2/0/0 on Router T and GE 1/0/0 on Router C to be greater than those
for GE 1/0/0 on Router T and GE 2/0/0 on Router C so that OSPFv3 preferentially selects
link A.
3. Configure a route policy on Router T, configure a backup next hop and a backup outbound
interface, and enable IPv6 FRR on the public network to allow link B to function as the
backup link for link A.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Assign an IPv6 address for each interface.
Assign an IPv6 address for each interface according to Figure 1-13. For details, see configuration
files.
# Configure Router T.
<RouterT> system-view
[RouterT] ospfv3 1
[RouterT-ospfv3-1] router-id 1.1.1.1
[RouterT-ospfv3-1] quit
[RouterT] interface GigabitEthernet 1/0/0
[RouterT-GigabitEthernet1/0/0] ospfv3 1 area 0
[RouterT-GigabitEthernet1/0/0] quit
[RouterT] interface GigabitEthernet 2/0/0
[RouterT-GigabitEthernet2/0/0] ospfv3 1 area 0
[RouterT-GigabitEthernet2/0/0] quit
# Configure Router A.
<RouterA> system-view
[RouterA] ospfv3 1
[RouterA-ospfv3-1] router-id 2.2.2.2
[RouterA-ospfv3-1] quit
[RouterA] interface GigabitEthernet 1/0/0
[RouterA-GigabitEthernet1/0/0] ospfv3 1 area 0
[RouterA-GigabitEthernet1/0/0] quit
[RouterA] interface GigabitEthernet 2/0/0
[RouterA-GigabitEthernet2/0/0] ospfv3 1 area 0
[RouterA-GigabitEthernet2/0/0] quit
# Configure Router B.
<RouterB> system-view
[RouterB] ospfv3 1
[RouterB-ospfv3-1] router-id 3.3.3.3
[RouterB-ospfv3-1] quit
[RouterB] interface GigabitEthernet 1/0/0
[RouterB-GigabitEthernet1/0/0] ospfv3 1 area 0
[RouterB-GigabitEthernet1/0/0] quit
[RouterB] interface GigabitEthernet 2/0/0
[RouterB-GigabitEthernet2/0/0] ospfv3 1 area 0
[RouterB-GigabitEthernet2/0/0] quit
# Configure Router C.
<RouterC> system-view
[RouterC] ospfv3 1
[RouterC-ospfv3-1] router-id 3.3.3.3
[RouterC-ospfv3-1] quit
[RouterC] interface GigabitEthernet 1/0/0
[RouterC-GigabitEthernet1/0/0] ospfv3 1 area 0
[RouterC-GigabitEthernet1/0/0] quit
[RouterC] interface GigabitEthernet 2/0/0
[RouterC-GigabitEthernet2/0/0] ospfv3 1 area 0
[RouterC-GigabitEthernet2/0/0] quit
[RouterC] interface LoopBack 1
[RouterC-LoopBack1] ospfv3 1 area 0
[RouterC-LoopBack1] quit
The cost for GE 1/0/0 on Router T and GE 2/0/0 on Router C use the default cost value 1 so that
OSPFv3 prefers Link A.
# Configure a route-policy on Router T and configure a backup next hop and a backup outbound
interface. Configure an if-match clause.
[RouterT] ip ipv6-prefix frr1 permit 2001:db8:2::2 128
[RouterT] route-policy ipv6_frr_rp permit node 10
[RouterT-route-policy] if-match ipv6 address prefix-list frr1
[RouterT-route-policy] apply ipv6 backup-nexthop 2001:db8:2001::2
[RouterT-route-policy] apply ipv6 backup-interface GigabitEthernet2/0/0
[RouterT-route-policy] quit
# View information about the backup outbound interface and the backup next hop on Router T.
[RouterT] display ipv6 routing-table 2001:db8:2::2 verbose
Routing Table :
Summary Count : 1
Step 6 If IPv6 FRR is not required, run the undo ipv6 frr command to disable the function.
[RouterT] undo ipv6 frr
# After IPv6 FRR is disabled, check information about the backup outbound interface and the
backup next hop.
[RouterT] display ipv6 routing-table 2001:db8:2::2 verbose
Routing Table :
Summary Count : 1
----End
Configuration Files
l Configuration file of Router T
#
sysname RouterT
#
ipv6
#
ipv6 frr route-policy ipv6_frr_rp
#
ospfv3 1
router-id 1.1.1.1
#
interface GigabitEthernet1/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:db8:2000::1/64
ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet2/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:db8:2001::1/64
ospfv3 1 area 0.0.0.0
ospfv3 cost 100
#
route-policy ipv6_frr_rp permit node 10
if-match ipv6 address prefix-list frr1
apply ipv6 backup-nexthop 2001:db8:2001::2
apply ipv6 backup-interface GigabitEthernet2/0/0
#
ip ipv6-prefix frr1 index 10 permit 2001:db8:2::2 128
#
return
router-id 3.3.3.3
#
interface GigabitEthernet1/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:db8:2003::1/64
ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet2/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:db8:2001::2/64
ospfv3 1 area 0.0.0.0
#
return
Networking Requirements
On the IP RAN shown in Figure 1-14, if UPE1 recovers from a fault, its interface connected to
the RSG goes Up and then a direct route is generated, allowing a traffic switchback. As UPE1
has not learned the RSG's MAC address, UPE1 fails to switch back some packets. To help prevent
the problem, the direct route has to be generated after the VRRP status changes to Master.
Devices run OSPF to communicate with each other. UPE1 and UPE2 form a VRRP backup
group, which functions as a default gateway for the RSG. UPE1 functions as the master and
UPE2 functions as the backup. UPE2 takes over services from UPE1 if UPE1 fails. UPE1's
interface connected to the RSG is associated with the VRRP backup group, enabling the cost of
the direct route to the network segment where the interface resides to change based on the VRRP
status. VRRP for direct routes works as follows:
l If the VRRP status becomes Backup, the direct route's cost increases, lowering the direct
route's priority level. The direct route will no longer be an optimal route.
l If the VRRP status becomes Master, the direct route's cost is set to 0, allowing the direct
route's priority to be the highest. The direct route will be an optimal route.
UPE1
GE1/0/0 GE2/0/0
GE1/0/0 GE1/0/0
VRRP RSG
CSG
GE2/0/0 GE2/0/0
NodeB RNC
GE1/0/0 GE2/0/0
UPE2
L2VPN L3VPN
GE 2/0/0 20.1.3.1/24
Loopback0 2.2.2.2/32
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
l VLAN ID
l ID and virtual IP address of a VRRP backup group
l Priority level of each device in a VRRP backup group
l Link cost of an interface associated with a VRRP backup group
Procedure
Step 1 Assign IP addresses to interfaces.
# Create VLAN 10 on the RSG and add GE 1/0/0 and GE 2/0/0 to VLAN 10.
<RSG> system-view
[RSG] interface gigabitethernet 1/0/0
[RSG-GigabitEthernet1/0/0] portswitch
[RSG-GigabitEthernet1/0/0] quit
[RSG] interface gigabitethernet 2/0/0
[RSG-GigabitEthernet2/0/0] portswitch
[RSG-GigabitEthernet2/0/0] quit
[RSG] vlan 10
[RSG-vlan10] port gigabitethernet 1/0/0
[RSG-vlan10] port gigabitethernet 2/0/0
# Assign IP addresses to physical interfaces. For detailed configurations, see configuration files
in this example.
Step 2 Configure OSPF to enable devices to communicate with each other. The details are not provided
here.
# Create backup group 1 on UPE1 and set the priority level of UPE1 to 120 so that UPE1 functions
as the master.
<UPE1> system-view
[UPE1] interface gigabitethernet 2/0/0
[UPE1-GigabitEthernet2/0/0] vrrp vrid 1 virtual-ip 20.1.3.111
[UPE1-GigabitEthernet2/0/0] vrrp vrid 1 priority 120
[UPE1-GigabitEthernet2/0/0] vrrp vrid 1 timer advertise 10
[UPE1-GigabitEthernet2/0/0] quit
# Create backup group 1 on UPE2 and set the priority level of UPE2 to 100 (the default value)
so that UPE2 functions as the backup.
<UPE2> system-view
[UPE2] interface gigabitethernet 2/0/0
[UPE2-GigabitEthernet2/0/0] vrrp vrid 1 virtual-ip 20.1.3.111
[UPE2-GigabitEthernet2/0/0] quit
# After the preceding configuration, run the display vrrp command on UPE1 and UPE2. You
can view that the VRRP status of UPE1 is Master and the VRRP status of UPE2 is Backup. The
command output on UPE1 and UPE2 is as follows:
[UPE1] display vrrp
GigabitEthernet2/0/0 | Virtual Router 1
State : Master
Virtual IP : 20.1.3.111
Master IP : 20.1.3.1
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 0
TimerRun : 10 s
TimerConfig : 10 s
Auth Type : NONE
Virtual Mac : 0000-5e00-0102
Check TTL : YES
Config type : normal-vrrp
Create time : 2010-08-16 12:02:57
Last change time : 2010-08-17 10:27:11
[UPE2] display vrrp
GigabitEthernet2/0/0 | Virtual Router 1
State : Backup
Virtual IP : 20.1.3.111
Master IP : 20.1.3.1
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0
TimerRun : 10 s
TimerConfig : 1 s
Auth Type : NONE
Virtual Mac : 0000-5e00-0102
Check TTL : YES
Config type : normal-vrrp
Create time : 2010-08-16 12:26:05
Last change time : 2010-08-17 10:24:09
# Run the display ip routing-table command on UPE1 and UPE2. You can view that a direct
route to the virtual IP address of the VRRP backup group exists in the UPE1's routing table and
an OSPF route to the virtual IP address of the VRRP backup group exists in the UPE2's routing
table. The command output on UPE1 and UPE2 is as follows:
[UPE1] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 10 Routes : 11
Step 6 Verify that UPE2 becomes the master if UPE1 fails and UPE1 preempts the master after it
recovers.
# Run the shutdown command on UPE1's GE 2/0/0 to simulate a fault.
[UPE1] interface gigabitethernet 2/0/0
[UPE1-GigabitEthernet2/0/0] shutdown
[UPE1-GigabitEthernet2/0/0] quit
# Run the display vrrp command on UPE2. You can view that the VRRP status is Master. This
indicates that after UPE1 fails, UPE2 is able to become the master.
[UPE2] display vrrp
GigabitEthernet2/0/0 | Virtual Router 1
State : Master
Virtual IP : 20.1.3.111
Master IP : 20.1.3.2
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 100
Preempt : YES Delay Time : 0
TimerRun : 1 s
TimerConfig : 1 s
Auth Type : NONE
Virtual Mac : 0000-5e00-0102
Check TTL : YES
Config type : normal-vrrp
Create time : 2010-08-16 12:26:05
Last change time : 2010-08-17 12:02:07
# Run the undo shutdown and display vrrp commands on UPE1's GE 2/0/0. You can view that
the VRRP status of UPE1 is Backup.
[UPE1] display vrrp
GigabitEthernet2/0/0 | Virtual Router 1
State : Backup
Virtual IP : 20.1.3.111
Master IP : 20.1.3.2
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 0
# Run the display ip routing-table command on UPE1 to view routing information. The cost
of the direct route to 20.1.3.0/24 is 10203040. 20.1.3.0/24 is the network segment where GE
2/0/0 resides.
[UPE1] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 9 Routes : 9
----End
Configuration Files
l Configuration file of the CSG
#
sysname CSG
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 20.1.1.1 255.255.255.0
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 20.1.2.1 255.255.255.0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 20.1.1.0 0.0.0.255
network 20.1.2.0 0.0.0.255
#
return
area 0.0.0.0
network 20.1.2.0 0.0.0.255
network 20.1.3.0 0.0.0.255
#
return
1.18.4 Example for Importing IPv4 ARP Vlink Direct Routes to BGP
By importing IPv4 ARP Vlink direct routes to BGP, you can enable the remote device to obtain
information about detailed routes in the VLAN, allowing precise control of data traffic.
Networking Requirements
As networks develop, the VLAN technology is widely used. If a user outside a VLAN needs to
communicate with users within the VLAN, advertising routes destined for the network segment
of the VLAN can achieve this purpose. When users outside the VLAN need to know the IPv4
ARP Vlink direct routes of the VLAN, and apply different traffic policies to routes of the VLAN
users, advertising the routes destined for the network segment of the VLAN cannot meet this
requirement. In this case, you can enable the function of IPv4 ARP Vlink direct route
advertisement.
As shown in Figure 1-15, Router C is connected to two VLAN sites through VLANIF interfaces.
Router D communicates with Router B, but not with Router A. To meet the communication
requirement, you can enable the function of IPv4 ARP Vlink direct route advertisement on
Router C, and use a route-policy to filter out the routes to the network segment of the VLAN
and the route to Router A.
Figure 1-15 Networking diagram of importing IPv4 ARP Vlink direct routes to BGP
GE1/0/0
20.1.1.3/24 AS100
RouterA
SwitchA RouterC RouterD
GE1/0/0 GE2/0/0 GE1/0/0 BGP
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANIF interfaces on Switch A and Router C and assign IP addresses to the
VLANIF interfaces, and ensure that Router A, Router B, Switch A, and Router C can
communicate with each other.
2. Enable BGP on Router C and Router D, ensuring that Router C and Router D are able to
advertise IP routes to each other.
3. Enable the function of IPv4 ARP Vlink direct route advertisement on Router C.
4. Configure a route-policy on Router C, allowing routes only from Router B to pass through.
5. Enable BGP on Router C to import direct routes, and use the route-policy to import routes
only from Router B.
6. Associate BGP with the route-policy on Router C to filter out the network segment route
of the VLAN so that Router D cannot learn the network segment route and can communicate
with VLAN users only based on IPv4 ARP Vlink direct routes.
Data Preparation
To complete the configuration, you need the following data:
l ID of the VLAN in which Switch A and Router C reside (the VLAN ID is 10 in this example)
l Router IDs and AS numbers of Routers C and D (router ID of Router C is 3.3.3.3 and router
ID of Router D is 4.4.4.4, and Routers C and D are in AS 100 in this example)
l Route-policy used to filter direct routes (the route-policy is policy1 in this example)
l Route-policy used to advertise BGP routes on Router C (the route-policy is policy2 in this
example)
Procedure
Step 1 Configure an IP address for each interface.
# Configure Router A.
<HUAWEI> system-view
# Configure Router B.
<HUAWEI> system-view
[HUAWEI] sysname RouterB
[RouterB] interface GigabitEthernet 1/0/0
[RouterB-GigabitEthernet1/0/0] undo shutdown
[RouterB-GigabitEthernet1/0/0] ip address 20.1.1.4 24
[RouterB-GigabitEthernet1/0/0] quit
# Configure Router C.
<HUAWEI> system-view
[HUAWEI] sysname RouterC
[RouterC] interface GigabitEthernet 2/0/0
[RouterC-GigabitEthernet2/0/0] undo shutdown
[RouterC-GigabitEthernet2/0/0] ip address 20.2.1.1 24
[RouterC-GigabitEthernet2/0/0] quit
# Configure Router D.
<HUAWEI> system-view
[HUAWEI] sysname RouterD
[RouterD] interface GigabitEthernet 1/0/0
[RouterD-GigabitEthernet1/0/0] undo shutdown
[RouterD-GigabitEthernet1/0/0] ip address 20.2.1.2 24
[RouterD-GigabitEthernet1/0/0] quit
Step 2 Configure basic VLAN functions. Create VLANIF 10 on Switch A and Router C and assign IP
addresses to the VLANIF interfaces.
# Configure Switch A.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface GigabitEthernet 1/0/0
[SwitchA-GigabitEthernet1/0/0] portswitch
[SwitchA-GigabitEthernet1/0/0] undo shutdown
[SwitchA-GigabitEthernet1/0/0] port link-type access
[SwitchA-GigabitEthernet1/0/0] port default vlan 10
[SwitchA-GigabitEthernet1/0/0] quit
[SwitchA] interface GigabitEthernet 2/0/0
[SwitchA-GigabitEthernet2/0/0] portswitch
[SwitchA-GigabitEthernet2/0/0] undo shutdown
[SwitchA-GigabitEthernet2/0/0] port link-type access
[SwitchA-GigabitEthernet2/0/0] port default vlan 10
[SwitchA-GigabitEthernet2/0/0] quit
[SwitchA] interface GigabitEthernet 3/0/0
[SwitchA-GigabitEthernet3/0/0] portswitch
[SwitchA-GigabitEthernet3/0/0] undo shutdown
[SwitchA-GigabitEthernet3/0/0] port link-type access
[SwitchA-GigabitEthernet3/0/0] port default vlan 10
[SwitchA-GigabitEthernet3/0/0] quit
[SwitchA] interface Vlanif 10
[SwitchA-Vlanif10] ip address 20.1.1.2 24
[SwitchA-Vlanif10] quit
# Configure Router C.
<HUAWEI> system-view
[HUAWEI] sysname RouterC
[RouterC] vlan 10
[RouterC-vlan10] quit
[RouterC] interface GigabitEthernet 1/0/0
[RouterC-GigabitEthernet1/0/0] portswitch
[RouterC-GigabitEthernet1/0/0] undo shutdown
[RouterC-GigabitEthernet1/0/0] port link-type access
[RouterC-GigabitEthernet1/0/0] port default vlan 10
[RouterC-GigabitEthernet1/0/0] quit
[RouterC] interface Vlanif 10
[RouterC-Vlanif10] ip address 20.1.1.1 24
[RouterC-Vlanif10] quit
# Configure Router C.
[RouterC] bgp 100
[RouterC-bgp] peer 20.2.1.2 as-number 100
[RouterC-bgp] quit
# Configure Router D.
[RouterD] bgp 100
[RouterD-bgp] peer 20.2.1.1 as-number 100
[RouterD-bgp] quit
Step 4 Configure BGP on Router C and import direct routes to BGP. Then view the routing tables of
Routers C and D.
# Configure Router C.
[RouterC] bgp 100
[RouterC-bgp] import-route direct
[RouterC-bgp] quit
You can see that Router D has not learned the two IPv4 ARP Vlink direct routes 20.1.1.3/32
and 20.1.1.4/32.
Step 5 Enable the function of IPv4 ARP Vlink direct route advertisement on Router C and configure
the route-policy policy1 to filter out the routes to the network segment of the VLAN and the
IPv4 ARP Vlink direct route from Router A, 20.1.1.3/32.
# Configure Router C.
[RouterC] ip ip-prefix prefix1 permit 20.1.1.4 32
[RouterC] route-policy policy1 permit node 10
[RouterC-route-policy] if-match ip-prefix prefix1
[RouterC-route-policy] quit
[RouterC] arp vlink-direct-route advertise route-policy policy1
You can see that Router D has learned the IPv4 ARP Vlink direct route 20.1.1.4/32, whereas
the route 20.1.1.3/32 has been filtered out.
Step 6 Use the route-policy policy2 to filter out the network segment route 20.1.1.0/24 on Router C
when BGP routes are advertised.
# Configure Router C.
[RouterC] ip ip-prefix prefix2 index 10 deny 20.1.1.0 24
[RouterC] ip ip-prefix prefix2 index 20 permit 0.0.0.0 0 less-equal 32
[RouterC] route-policy policy2 permit node 10
[RouterC-route-policy] if-match ip-prefix prefix2
[RouterC-route-policy] quit
[RouterC] bgp 100
[RouterC-bgp] peer 20.2.1.2 route-policy policy2 export
[RouterC-bgp] quit
[RouterC] quit
<RouterC> refresh bgp all export
You can find that the route 20.1.1.0/24 does not exist in the BGP routing table of Router D. As
a result, Router D can communicate with Router B, but cannot communicate with Router A.
----End
Configuration Files
l Configuration file of Switch A
# sysname switchA # vlan batch 10 # interface Vlanif10 ip address 20.1.1.2
255.255.255.0 # interface GigabitEthernet1/0/0 portswitch undo shutdown port
link-type access port default vlan 10 # interface GigabitEthernet2/0/0
portswitch undo shutdown port link-type access port default vlan 10 # interface
GigabitEthernet3/0/0 portswitch undo shutdown port link-type access port
default vlan 10 # return
undo shutdown
port link-type access
port default vlan 10
#
return
#
return
Networking Requirements
As networks develop, the VLAN technology is widely used. If a user outside a VLAN needs to
communicate with users within the VLAN, advertising routes destined for the network segment
of the VLAN can achieve this purpose. When users outside the VLAN need to know the IPv6
NDP Vlink direct routes of the VLAN, and apply different traffic policies to routes of the VLAN
users, advertising the routes destined for the network segment of the VLAN cannot meet this
requirement. In this case, you can enable the function of IPv6 NDP Vlink direct route
advertisement.
As shown in Figure 1-16, Router C is connected to two VLAN sites through VLANIF interfaces.
Router D communicates with Router B, but not with Router A. You can enable the function of
IPv6 NDP Vlink direct route advertisement on Router C, and use a route-policy to filter out the
routes to the network segment of the VLAN and the route to Router A.
Figure 1-16 Networking diagram of importing IPv6 NDP Vlink direct routes to BGP4+
GE1/0/0
2001:db8:1::3/64 AS100
RouterA
SwitchA RouterC RouterD
GE1/0/0 GE2/0/0 GE1/0/0 BGP
GE2/0/0
GE3/0/0 GE1/0/0
VLANIF10 2001:db8:2::1/24
RouterB VLANIF10 2001:db8:2::2/24
2001:db8:1::2/64
2001:db8:1::1/64
GE1/0/0
2001:db8:1::4/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANIF interfaces on Switch A and Router C and assign IPv6 addresses to the
VLANIF interfaces, and ensure that Router A, Router B, Switch A, and Router C can
communicate with each other.
2. Enable BGP4+ on Router C and Router D, ensuring that Router C and Router D are able
to advertise IPv6 routes to each other.
3. Enable the function of IPv6 NDP Vlink direct route advertisement on Router C.
4. Configure a route-policy on Router C, allowing IPv6 routes only from Router B to pass
through.
5. Enable BGP4+ on Router C and import IPv6 direct routes to BGP4+, and use the route-
policy to import IPv6 routes only from Router B to BGP4+.
6. Associate BGP4+ with the route-policy on Router C to filter out the network segment route
of the VLAN so that Router D cannot learn the network segment route and can communicate
with VLAN users only based on IPv6 NDP Vlink direct routes.
Data Preparation
To complete the configuration, you need the following data:
l ID of the VLAN in which Switch A and Router C reside (the VLAN ID is 10 in this example)
l Router IDs and AS numbers of Routers C and D (router ID of Router C is 1.1.1.1 and router
ID of Router D is 2.2.2.2, and Routers C and D are in AS 100 in this example)
l Route-policy used to filter direct routes (the route-policy is policy1 in this example)
l Route-policy used to advertise BGP4+ routes on Router C (the route-policy is policy2 in
this example)
Procedure
Step 1 Configure an IP address for each interface.
# Configure Router A.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] ipv6
[RouterA] interface GigabitEthernet 1/0/0
[RouterA-GigabitEthernet1/0/0] undo shutdown
[RouterA-GigabitEthernet1/0/0] ipv6 enable
[RouterA-GigabitEthernet1/0/0] ipv6 address 2001:db8:1::3 64
[RouterA-GigabitEthernet1/0/0] quit
# Configure Router B.
<HUAWEI> system-view
[HUAWEI] sysname RouterB
[RouterB] ipv6
[RouterB] interface GigabitEthernet 1/0/0
[RouterB-GigabitEthernet1/0/0] undo shutdown
[RouterB-GigabitEthernet1/0/0] ipv6 enable
[RouterB-GigabitEthernet1/0/0] ipv6 address 2001:db8:1::4 64
[RouterB-GigabitEthernet1/0/0] quit
# Configure Router C.
<HUAWEI> system-view
[HUAWEI] sysname RouterC
[RouterC] ipv6
[RouterC] interface GigabitEthernet 2/0/0
[RouterC-GigabitEthernet2/0/0] undo shutdown
[RouterC-GigabitEthernet2/0/0] ipv6 enable
[RouterC-GigabitEthernet2/0/0] ipv6 address 2001:db8:2::1 64
[RouterC-GigabitEthernet2/0/0] quit
# Configure Router D.
<HUAWEI> system-view
Step 2 Configure basic VLAN functions. Create VLANIF 10 on Switch A and Router C and assign IP
addresses to the VLANIF interfaces.
# Configure Switch A.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] ipv6
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface GigabitEthernet 1/0/0
[SwitchA-GigabitEthernet1/0/0] portswitch
[SwitchA-GigabitEthernet1/0/0] undo shutdown
[SwitchA-GigabitEthernet1/0/0] port link-type access
[SwitchA-GigabitEthernet1/0/0] port default vlan 10
[SwitchA-GigabitEthernet1/0/0] quit
[SwitchA] interface GigabitEthernet 2/0/0
[SwitchA-GigabitEthernet2/0/0] portswitch
[SwitchA-GigabitEthernet2/0/0] undo shutdown
[SwitchA-GigabitEthernet2/0/0] port link-type access
[SwitchA-GigabitEthernet2/0/0] port default vlan 10
[SwitchA-GigabitEthernet2/0/0] quit
[SwitchA] interface GigabitEthernet 3/0/0
[SwitchA-GigabitEthernet3/0/0] portswitch
[SwitchA-GigabitEthernet3/0/0] undo shutdown
[SwitchA-GigabitEthernet3/0/0] port link-type access
[SwitchA-GigabitEthernet3/0/0] port default vlan 10
[SwitchA-GigabitEthernet3/0/0] quit
[SwitchA] interface Vlanif 10
[SwitchA-Vlanif10] ipv6 enable
[SwitchA-Vlanif10] ipv6 address 2001:db8:1::2 64
[SwitchA-Vlanif10] quit
# Configure Router C.
<HUAWEI> system-view
[HUAWEI] sysname RouterC
[RouterC] ipv6
[RouterC] vlan 10
[RouterC-vlan10] quit
[RouterC] interface GigabitEthernet 1/0/0
[RouterC-GigabitEthernet1/0/0] portswitch
[RouterC-GigabitEthernet1/0/0] undo shutdown
[RouterC-GigabitEthernet1/0/0] port link-type access
[RouterC-GigabitEthernet1/0/0] port default vlan 10
[RouterC-GigabitEthernet1/0/0] quit
[RouterC] interface Vlanif 10
[RouterC-Vlanif10] ipv6 enable
[RouterC-Vlanif10] ipv6 address 2001:db8:1::1 64
[RouterC-Vlanif10] quit
# Configure Router C.
[RouterC] bgp 100
[RouterC-bgp] router-id 1.1.1.1
[RouterC-bgp] peer 2001:db8:2::2 as-number 100
[RouterC-bgp] ipv6-family unicast
# Configure Router D.
[RouterD] bgp 100
[RouterD-bgp] router-id 2.2.2.2
[RouterD-bgp] peer 2001:db8:2::1 as-number 100
[RouterD-bgp] ipv6-family unicast
[RouterD-bgp-af-ipv6] peer 2001:db8:2::1 enable
[RouterD-bgp-af-ipv6] quit
[RouterD-bgp] quit
After the configuration is complete, run the display bgp ipv6 peer command to view statuses
of IPv6 IBGP peer relationships. The command output shows that the IBGP peer relationship
has been established between Router C and Router D. Use the display on Router D as an example.
[RouterD] display bgp ipv6 peer
Step 4 Configure BGP4+ on Router C and import direct routes to BGP4+. Then view the routing tables
of Routers C and D.
# Configure Router C.
[RouterC] bgp 100
[RouterC-bgp] ipv6-family unicast
[RouterC-bgp-af-ipv6] import-route direct
[RouterC-bgp-af-ipv6] quit
[RouterC-bgp] quit
You can see that Router D haven't learned the two IPv6 NDP Vlink direct routes
2001:db8:1::3/128 and 2001:db8:1::4/128.
Step 5 Enable the function of IPv6 NDP Vlink direct route advertisement on Router C and configure
the route-policy policy1 to filter out the routes to the network segment of the VLAN and the
IPv6 NDP Vlink direct route from Router A, 2001:db8:1::3/128.
# Configure Router C.
[RouterC] ip ipv6-prefix prefix1 permit 2001:db8:1::4 128
[RouterC] route-policy policy1 permit node 10
[RouterC-route-policy] if-match ipv6 address prefix-list prefix1
[RouterC-route-policy] quit
[RouterC] ipv6 nd vlink-direct-route advertise route-policy policy1
You can see that Router D has learned the IPv6 NDP Vlink direct route 2001:db8:1::4/128,
whereas the route 2001:db8:1::3/128 has been filtered out.
Step 6 Use the route-policy policy2 to filter out the network segment route 2001:db8:1::/64 on
Router C when BGP4+ routes are advertised.
# Configure Router C.
[RouterC] ip ipv6-prefix prefix2 index 10 deny 2001:db8:1:: 64
[RouterC] ip ip-prefix prefix2 index 20 permit :: 0 less-equal 128
[RouterC] route-policy policy2 permit node 10
[RouterC-route-policy] if-match ipv6 address prefix-list prefix2
[RouterC-route-policy] quit
[RouterC] bgp 100
[RouterC-bgp] ipv6-family unicast
[RouterC-bgp-af-ipv6] peer 2001:db8:2::2 route-policy policy2 export
[RouterC-bgp-af-ipv6] quit
[RouterC-bgp] quit
[RouterC] quit
You can see that the route 2001:db8:1::/64 does not exist in the BGP4+ routing table of
Router D. As a result, Router D can communicate with Router B, but cannot communicate with
Router A.
----End
Configuration Files
l Configuration file of Switch A
#
sysname switchA
#
ipv6
#
vlan batch 10
#
interface Vlanif10
ipv6 enable
ipv6 address 2001:db8:1::2/64
#
interface GigabitEthernet1/0/0
portswitch
undo shutdown
port link-type access
port default vlan 10
#
interface GigabitEthernet2/0/0
portswitch
undo shutdown
port link-type access
port default vlan 10
#
interface GigabitEthernet3/0/0
portswitch
undo shutdown
port link-type access
port default vlan 10
#
return
#
sysname RouterA
#
ipv6
#
interface GigabitEthernet1/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:db8:1::3/64
#
return
Static routes are commonly used on simple networks. Properly configuring and using static
routes improves network performance and ensures that enough bandwidth is available for
important services.
2.1 Introduction
On a simple network, you only need to configure static routes for the network to run properly.
2.4 Configuring BFD for IPv4 Static Routes on the Public Network
On an IPv4 network, configuring BFD for IPv4 static routes on the public network can speed
up route convergence and improve network reliability.
2.5 Configuring BFD for IPv6 Static Routes on the Public Network
On an IPv6 network, you can configure BFD for IPv6 static route on the public network to speed
up route convergence and improve network reliability.
2.8 Configuring IPv4 Static Routes to Inherit the Costs of Iterated Routes
This section describes how to configure IPv4 static routes to inherit the costs of iterated routes
and associate the priority of static routes with link status to improve network reliability.
2.9 Configuring IPv6 Static Routes to Inherit the Costs of Iterated Routes
This section describes how to configure IPv6 static routes to inherit the costs of iterated routes
and associate the priority of IPv6 static routes with link status to improve network reliability.
2.1 Introduction
On a simple network, you only need to configure static routes for the network to run properly.
On a simple network topology, you only need to configure static routes so that the network can
run properly. Properly using static routes improves the network performance and provides the
guaranteed bandwidth for important applications.
The disadvantage of static routes is that if a fault occurs on the network or the network topology
changes, static routes must be changed manually by the administrator.
An IPv4 static route is an IPv4 default route if its destination address is 0.0.0.0 and the mask
length is 0.
If the destination address of an IPv4 packet fails to match any entry in the routing table, the
router uses the IPv4 default route to forward the IPv4 packet.
The NE80E/40E supports ordinary static routes and the static routes associated with VPN
instances. The static routes associated with VPN instances are used to manage VPN routes . For
details of VPN instances, see the HUAWEI NetEngine80E/40E Router Feature Description -
VPN.
If the destination address of an IPv6 static route is ::/0 with the mask length being 0, this IPv6
static route is an IPv6 default route.
If the destination address of an IPv6 packet fails to match any entry in the routing table, the
router uses the IPv6 default route to forward the IPv6 packet.
NOTE
The main differences between IPv6 static routes and IPv4 static routes are their destination addresses and
next-hop addresses. The next-hop address of an IPv6 static route is an IPv6 address, whereas the next-hop
address of an IPv4 static route is an IPv4 address.
Default Route
Default routes are a special type of routes that are usually configured by network administrators.
Default routes can also be generated by dynamic routing protocols such as Open Shortest Path
First (OSPF) or Intermediate System-to-Intermediate System (IS-IS).
Default routes are used only when packets to be forwarded fail to match any entry in the routing
table. You can run the display ip routing-table command to check whether the default route is
configured.
If the destination address of a packet does not match any entry in the routing table, the router
uses the default route to forward the packet. If no default route exists, the packet is discarded,
and an Internet Control Message Protocol (ICMP) packet is sent to inform the originating host
that the destination host or network is unreachable.
After BFD for static route is configured, each static route can be bound to a BFD session.
l When the BFD session on the link of a static route detects that the link changes from Up
to Down, BFD reports the fault to the RM module, and then the RM module sets the route
to inactive. Subsequently, the route becomes unavailable and is deleted from the routing
table.
l When a BFD session is established on the link of a static route (the link changes from Down
to Up), BFD reports the success to the RM module, and then the RM module sets the route
to active. Subsequently, the route becomes available and is added to the IP routing table.
l If NQA detects a fault in the link, the system sets the static route to inactive. The route
becomes unavailable and is deleted from the IP routing table.
l If NQA finds that the link recovers, the system sets the static route to active. The route
becomes available and is added to the IP routing table.
Applicable Environment
When configuring an IPv4 static route, note the following:
same preference for these routes to implement load balancing. You can also set different
preferences to implement routing redundancy.
When the ip route-static command is run to configure a static route, a default route is
configured if the destination address and the mask are set to all 0s (0.0.0.0 0.0.0.0).
Pre-configuration Tasks
Before configuring an IPv4 static route, complete the following task:
l Configuring link layer protocol parameters and IP addresses for interfaces to ensure that
the link layer protocol status of the interfaces is Up
Data Preparation
To configure an IPv4 static route, you need the following data.
No. Data
Context
Perform the following steps on the router to be configured with a static route:
Procedure
Step 1 Run:
system-view
Step 2 Run:
ip route-static ip-address { mask | mask-length } { nexthop-address | interface-
type interface-number [ nexthop-address ] | vpn-instance vpn-instance-name nexthop-
address } [ preference preference | tag tag ] * [ description text ]
----End
Context
Perform the following steps on the routers that need to be configured with static routes and
change the default preference for static routes:
Procedure
Step 1 Run:
system-view
Step 2 Run:
ip route-static default-preference preference
When a static route is configured, the default preference is used if no preference is explicitly
specified for the static route. After a default preference is specified, the new default preference
is valid for subsequent rather than existing IPv4 static routes.
----End
Context
After static routes are configured, multiple static routes with the same prefix and preference but
different relay depths exist. After static route selection based on relay depths is configured, the
static route module selects the route with the smallest relay depth as the active route and delivers
it to the Forwarding Information Base (FIB) table. The other routes become inactive.
Perform the following steps on the router to be configured with static routes:
Procedure
Step 1 Run:
system-view
Step 2 Run:
ip route-static selection-rule relay-depth
----End
Context
Link connectivity directly affects the stability and availability of a network. Consequently,
detecting link status is an important part of network maintenance. If service traffic needs to be
forwarded along a specified path, you can detect the status of the path using a ping operation.
In this manner, you can monitor services at a very low cost.
With permanent advertisement of static routes, you can detect link connectivity by pinging the
destination addresses of static routes. After permanent advertisement of static routes is
configured, static routes always take effect regardless of the outbound interface status. In this
case, the system forwards ping packets along a specified path only, which helps detect the link
status of the specified path.
Perform the following steps on the router where IPv4 static routes need to be configured.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ip route-static ip-address { mask | mask-length } { nexthop-address | interface-
type interface-number [ nexthop-address ] | vpn-instance vpn-instance-name nexthop-
address } permanent
----End
Context
Before configuring multi-topology on a network, you need to create a topology instance. By
properly configuring static IPv4 routes in a simple topology instance, you can improve the
network performance and provide the guaranteed bandwidth for important services.
Perform the following steps on the router where static IPv4 routes need to be configured:
Procedure
Step 1 Run:
system-view
----End
Prerequisites
An IPv4 static route has been configured.
Procedure
l Run the display ip routing-table command to check brief information about the IPv4
routing table.
l Run the display ip routing-table verbose command to check detailed information about
the IPv4 routing table.
----End
Applicable Environment
On a small IPv6 network, you can implement network interconnection by configuring IPv6 static
routes. Compared with using dynamic routes, using static routes saves the bandwidth.
Pre-configuration Tasks
Before configuring an IPv6 static route, complete the following task:
l Configuring link layer protocol parameters and IP addresses for interfaces to ensure that
the link layer protocol status of the interfaces is Up
Data Preparation
To configure an IPv6 static route, you need the following data.
No. Data
Context
Perform the following steps on the router to be configured with static routes:
Procedure
Step 1 Run:
system-view
Step 2 Run:
ipv6 route-static dest-ipv6-address prefix-length { interface-type interface-
number | nexthop-ipv6-address } [ preference preference | tag tag ] *
[ description text ]
When configuring a static route, you need to specify either the outbound interface or the next-
hop address according to the actual situation. If the outbound interface is a Point-to-Point (P2P)
interface, you can simply specify the outbound interface. If the outbound interface is a non-P2P
interface, you must also specify the next-hop address in addition to specifying the outbound
interface.
If preference is not specified, the default preference is 60.
By default, no IPv6 static route is configured.
----End
Context
Perform the following steps on the router that needs to be configured with IPv6 static routes and
change the default priority for IPv6 static routes:
Procedure
Step 1 Run:
system-view
----End
Context
Before configuring multi-topology on a network, you need to create a topology instance. By
properly configuring static IPv6 routes in a simple topology instance, you can improve the
network performance and provide the guaranteed bandwidth for important services.
Perform the following steps on the router where static IPv6 routes need to be configured:
Procedure
Step 1 Run:
system-view
----End
Prerequisites
An IPv6 static route has been configured.
Procedure
l Run the display ipv6 routing-table command to check brief information about the IPv6
routing table.
l Run the display ipv6 routing-table verbose command to check detailed information about
the IPv6 routing table.
----End
Applicable Environment
BFD can quickly detect IPv4 forwarding failures, ensuring QoS for voice, video, and other video-
on-demand (VoD) services on an IPv4 network. With BFD, service providers can provide voice
over IP (VoIP) and other real-time services with high availability and scalability.
By binding IPv4 static routes to BFD sessions, you can use BFD sessions to provide link
detection for IPv4 static routes on the public network. A static route can be bound to a BFD
session.
Pre-configuration Tasks
Before configuring BFD for IPv4 static routes on the public network, complete the following
task:
l Configuring link layer protocol parameters and IP addresses for interfaces to ensure that
the link layer protocol status of the interfaces is Up
Data Preparation
To configure BFD for IPv4 static routes on the public network, you need the following data.
No. Data
Context
Perform the following steps on the router to be configured with a static route:
Procedure
Step 1 Run:
system-view
Step 2 Run:
ip route-static ip-address { mask | mask-length } { nexthop-address | interface-
type interface-number [ nexthop-address ] | vpn-instance vpn-instance-name nexthop-
address } [ preference preference | tag tag ] * [ description text ]
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
bfd
Step 3 Run:
quit
Step 4 Run the bfd bfd-name bind peer-ip peer-ip [ vpn-instance vpn-instance-name ] [ interface
interface-type interface-number ] [ source-ip source-ip ] command to configure a BFD session.
l When a BFD session is set up for the first time, you need to bind the peer IP address to it.
After the BFD session is set up, you cannot modify it.
l When the BFD configuration items are created, the system checks only the format of the IP
address rather than the correctness. The BFD session cannot be established if incorrect peer
IP address or source IP address is bound.
l When the IP address of the peer and the local interface are both specified, a single-hop link
is monitored. BFD monitors the route with the outbound interface specified and peer-ip as
the next-hop IP address specified. When only the IP address of the peer is specified, multi-
hop routes are monitored.
l When the BFD and URPF are used together, URPF checks the source IP address of the
received packets. Therefore, when creating a BFD binding, you need to specify the source
IP address of the BFD packet in case the BFD packet is incorrectly discarded.
NOTE
The local discriminator of the local device corresponds to the remote discriminator of the remote device,
and the remote discriminator of the local device corresponds to the local discriminator of the remote device.
The local discriminator of the local device must be the same as the remote discriminator of the remote
device. Otherwise, the session cannot be correctly set up. After the local and remote discriminators are
configured, they cannot be modified.
Step 6 Run:
commit
NOTE
When setting up a BFD session, you must run the commit command after configuring necessary
parameters, such as local and remote discriminators; otherwise, the session cannot be set up.
----End
Context
Perform the following steps on the router to bind a static route to a BFD session:
Procedure
Step 1 Run:
system-view
Step 2 Run:
ip route-static ip-address { mask | mask-length } { nexthop-address | interface-
type interface-number [ nexthop-address ] } [ preference preference | tag tag ] *
track bfd-session bfd-name [ description text ]
A BFD session is bound to the IPv4 static route on the public network.
NOTE
When binding a static route to a BFD session, ensure that the static route resides on the same link as the
BFD session.
----End
Prerequisites
BFD configurations for IPv4 static routes are complete.
Procedure
l Run the display bfd session { all | discriminator discr-value } [ verbose ] [ slot slot-
id ] command to check BFD session information.
l Run the display current-configuration | include bfd command to check the configuration
of BFD for static routes.
You can check information about a BFD session only after parameters for the BFD session
are set and the BFD session is established.
If BFD session negotiation succeeds, the status of the BFD session is displayed as Up. You
can also check that the BFD session is bound to the static route by running the display
current-configuration | include bfd command in the system view.
----End
Applicable Environment
IPv6 BFD can rapidly detect IPv6 forwarding failures, ensuring QoS for voice, video, and other
video-on-demand (VoD) services on an IPv6 network. With IPv6 BFD, service providers can
provide voice over IP (VoIP) and other real-time services with high availability and scalability.
By binding IPv6 static routes to BFD sessions, you can use BFD sessions to provide link
detection for IPv6 static routes on the public network. A static route can be bound to a BFD
session.
Pre-configuration Tasks
Before configuring BFD for IPv6 static routes on the public network, complete the following
task:
l Configuring link layer protocol parameters and IPv6 addresses for interfaces to ensure that
the link layer protocol status of the interfaces is Up
Data Preparation
To configure BFD for IPv6 static routes on the public network, you need the following data.
No. Data
Context
Perform the following steps on the router to be configured with static routes:
Procedure
Step 1 Run:
system-view
Step 2 Run:
ipv6 route-static dest-ipv6-address prefix-length { interface-type interface-
number | nexthop-ipv6-address } [ preference preference | tag tag ] *
[ description text ]
When configuring a static route, you need to specify either the outbound interface or the next-
hop address according to the actual situation. If the outbound interface is a Point-to-Point (P2P)
interface, you can simply specify the outbound interface. If the outbound interface is a non-P2P
interface, you must also specify the next-hop address in addition to specifying the outbound
interface.
----End
Procedure
Step 1 Run:
system-view
The local discriminator of the local device corresponds to the remote discriminator of the remote device,
and the remote discriminator of the local device corresponds to the local discriminator of the remote device.
The local discriminator of the local device must be the same as the remote discriminator of the remote
device. Otherwise, the session cannot be correctly set up. After the local and remote discriminators are
configured, they cannot be modified.
Step 6 Run:
commit
NOTE
When setting up a BFD session, you must run the commit command after configuring necessary
parameters, such as local and remote discriminators; otherwise, the session cannot be set up.
----End
Context
Perform the following steps on the router to bind a static route to a BFD session:
Procedure
Step 1 Run:
system-view
Step 2 Run:
ipv6 route-static dest-ipv6-address prefix-length { interface-type interface-
number [ nexthop-ipv6-address ] | nexthop-ipv6-address } [ preference preference ]
[ tag tag ] * [ track bfd-session bfd-name ] [ description text ]
The IPv6 static route on the public network is bound to a BFD session.
NOTE
When binding a static route to a BFD session, ensure that the static route resides on the same link as the
BFD session.
----End
Prerequisites
BFD for IPv6 static routes on the public network has been configured.
Procedure
l Run the display bfd session { all | discriminator discr-value } [ verbose ] [ slot slot-
id ] command to check BFD session information.
l Run the display current-configuration | include bfd command to check the configuration
of BFD for static routes.
You can view BFD session information only after BFD session parameters are set and a
BFD session is established.
If BFD session negotiation succeeds, you can view that the status of the BFD session is
Up. You can also view that static routes are bound to BFD sessions by running the display
current-configuration | include bfd command in the system view.
----End
in links. An NQA test instance is used to detect the link status to allow a fast link switchover
after a fault occurs in a link. This switchover helps prevent prolonged service interruptions.
Applicable Environment
In real world situations, the link status is monitored for network stability. If an active link fails,
traffic switches to a standby link to ensure non-stop traffic forwarding. The Address Resolution
Protocol (ARP) probe function and BFD are usually used to detect link faults. In addition, Interior
Gateway Protocol (IGP) convergence helps reveal link faults. In certain situations, the preceding
methods are unsuitable. For example:
l If only one link, not every link, on the network needs to be monitored, the ARP detection
is unsuitable.
l If any device on the network does not support BFD, BFD is unavailable.
l If either end of a link is a Layer 2 device, dynamic routing protocols cannot be deployed.
As a result, no IGP convergence occurs.
In these situations, NQA for static IPv4 routes can be configured to detect link faults. It can be
used to detect faults in links where Layer 2 devices reside and take effect even if only one of the
two communicating devices supports NQA.
If a fault occurs, an NQA test instance can immediately detect the fault and instruct the system
to delete the associated static route from the IP routing table. Traffic is then forwarded along
another path.
Pre-configuration Tasks
Before configuring NQA for static IPv4 routes, complete the following task:
l Configuring link layer protocol parameters and IP addresses for interfaces to ensure that
the link layer protocol on the interfaces is Up
Data Preparation
To configure NQA for static IPv4 routes, you need the following data.
No. Data
Context
NQA measures the performance of different protocols running on a network. With NQA, carriers
can collect the operation indicators of networks in real time. These indicators include total delay
of the Hypertext Transfer Protocol (HTTP), delay in the Transfer Control Protocol (TCP)
connection, delay in Domain Name Server (DNS) resolution, file transmission rate, delay in the
File Transfer Protocol (FTP) connection, and DNS resolution error ratio. To check these
performance indexes, you can create NQA test instances.
An NQA test is performed between a client and a server. The client is responsible for initiating
an NQA test. After test instances are configured on the client, NQA places these test instances
into test instance queues according to their operation types. After the test instances are started,
the data information about the protocol-related running status can be collected based on
information about the return packets.
An Internet Control Messages Protocol (ICMP) NQA test instance checks whether a route from
the NQA client to the destination is reachable. The ICMP NQA test performs a function similar
to the ping command but provides more detailed output:
The minimum interval at which an ICMP NQA test instance sends packets is once per second,
which ensures that NQA reports the test results to the system when a link fault is detected and
when the link fault is rectified. For details about NQA, see the chapter "NQA Configuration" in
the HUAWEI NetEngine80E/40E Router Configuration Guide - System Management.
Procedure
Step 1 Run:
system-view
Step 2 Run:
nqa test-instance admin-name test-name
An NQA test instance is created, and the test instance view is displayed.
Step 3 Run:
test-type icmp
Step 4 Run:
destination-address ipv4 ip-address
The interval for automatically performing an NQA test is set. By default, no interval is set, and
only one test is performed.
The number of probes to be sent each time is set for the NQA test instance. By default, three
probes are sent each time.
After probes are sent multiple times for the NQA test instance, you can estimate the network
quality more accurately based on the collected statistics.
Step 7 Run:
start
l To start an NQA test immediately, run the start now [ end { at [ yyyy/mm/dd ] hh:mm:ss |
delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ] command.
l To start an NQA test at a specified time, run the start at [ yyyy/mm/dd ] hh:mm:ss [ end
{ at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } | lifetime { seconds
second | hh:mm:ss } } ] command.
l To start an NQA test after a certain period of time, run the start delay { seconds second |
hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second | hh:mm:ss } |
lifetime { seconds second | hh:mm:ss } } ] command.
----End
Context
On a network with a simple topology, configuring static routes is usually adequate enough to
ensure the network is able to operate correctly. Static routes can also be configured on a router
that cannot run dynamic routing protocols to generate routes to the destination. Unlike dynamic
routing protocols, static routes do not have a dedicated detection mechanism. Static routes cannot
detect faults in the network, which means that traffic loss will likely occur at some point.
The NQA for static IPv4 routes feature allows static IPv4 routes to be associated with NQA test
instances. The ping function of NQA test instances is used to check the status of links through
which static routes pass. If a fault occurs in the link for a static route, the system deletes the static
route to force traffic transmitted based on this route to divert to another path.
Perform the following steps on the router that requires NQA for static IPv4 routes:
Procedure
Step 1 Run:
system-view
Step 2 Run:
ip route static ip-address { mask | mask-length } { nexthop-address | interface-
type interface-number [ nexthop-address ] } [ preference preference | tag tag ] *
track nqa admin-name test-name [ description text ]
NOTE
The destination address of an NQA test instance cannot be the destination address of an associated static
route.
If the static route associated with one NQA test instance is associated with another NQA test instance, the
association between the static route and the former NQA test instance is automatically removed.
----End
Prerequisites
NQA configurations for static IPv4 routes have been configured.
NOTE
NQA test results cannot be displayed automatically on the terminal. To check NQA test results, run the
display nqa results command. By default, the command output shows the results of the five most recent
tests.
Procedure
Step 1 Run the display current-configuration | include nqa command to check NQA configurations
for static IPv4 routes.
Step 2 Run the display nqa results [ test-instance admin-name test-name ] command to check NQA
test results.
----End
Example
After associating a static route to an NQA test instance, run the display current-
configuration | include nqa command in the system view to check whether the static route has
been associated with the NQA test instance. For example:
<HUAWEI> display current-configuration | include nqa
ip route-static 172.16.1.3 255.255.255.255 GigabitEthernet1/0/0 track nqa admin
icmp
nqa test-instance admin icmp
Run the display nqa results command. The test records are successfully queried if the following
information is displayed:
l testflag is active
l testtype is icmp
l The test is finished
l Completion:success
For example:
<HUAWEI> display nqa results test-instance admin icmp
NQA entry(admin, icmp) :testflag is active ,testtype is icmp
1 . Test 206 result The test is finished
Send operation times: 15 Receive response times: 15
Completion:success RTD OverThresholds number: 0
Attempts number:1 Drop operation number:0
Disconnect operation number:0 Operation timeout number:0
System busy operation number:0 Connection fail number:0
Operation sequence errors number:0 RTT Stats errors number:0
Destination ip address:172.16.1.2
Min/Max/Average Completion Time: 30/50/35
Sum/Square-Sum Completion Time: 530/19900
Last Good Probe Time: 2010-10-25 15:39:57.1
Lost packet ratio: 0 %
For an ICMP NQA test, the minimum, maximum, and average time for receiving ICMP Echo-
Reply packets are displayed as Min/Max/Average Completion Time. In addition, the NQA
test packet loss ratio is displayed, which helps provide a clear indication of the link status. In
the preceding example, the packet loss ratio is 0, indicating that the link works properly.
NOTE
If the frequency interval command is configured for an NQA test instance, testflag is active is displayed.
If the frequency interval command is not configured for an NQA test instance, the NQA test is performed
only once and testflag is inactive is displayed.
Applicable Environment
On a live IPv6 network, link status must be detected in real time so that a link switchover can
be performed immediately after a link fault occurs. ARP and BFD are usually used to detect link
faults. In addition, IGP convergence helps reveal link faults. However, the preceding solutions
are not applicable to certain scenarios.
l If only one link, not links of every user, on the network needs to be monitored, ARP
detection is not applicable.
l If any device on the network does not support BFD, BFD detection is not applicable.
l If either end of a link is a Layer 2 device, dynamic routing protocols cannot be deployed,
and therefore IGP convergence cannot be implemented.
NQA for static routes only requires one end to support NQA and can be used even if there are
Layer 2 devices.
When a link becomes faulty, an NQA test instance can immediately detect this fault and then
the static route associated with the NQA test instance is deleted from the IPv6 routing table.
Traffic is then forwarded through another link.
Pre-configuration Tasks
Before configuring NQA for IPv6 static routes, complete the following task:
l Configuring link layer protocol parameters and assigning IPv6 addresses to interfaces to
ensure that the status of the link layer protocol of the interfaces is Up
Data Preparation
Before configuring NQA for static IPv6 routes, you need the following data.
No. Data
4 IPv6 address or outbound interface for the static route next hop
Context
NQA measures the performance of different protocols running on a network. With NQA, carriers
can collect the operation indexes of networks in real time, for example, total delay of Hypertext
Transfer Protocol (HTTP), delay in Transfer Control Protocol (TCP) connections, delay in
Domain Name Server (DNS) resolution, file transmission rate, delay in File Transfer Protocol
(FTP) connections, and DNS resolution error ratio. To check these performance indexes, you
can create NQA test instances.
The two ends of an NQA test are called the NQA client and NQA server. The NQA client is
responsible for initiating an NQA test. After test instances are configured on the NQA client,
NQA schedules these test instances into test instance queues according to their operation types.
After the test instances are started, the data information about the protocol-related running status
can be collected according to the return packet.
An ICMP NQA test instance is used to check whether a route from the NQA client to the
destination is reachable. The ICMP test provides functions similar to the ping command except
that more information is output.
l By default, the output contains the results of the latest five tests.
l The output includes the average delay, the packet loss ratio, and the time the last packet is
correctly received.
An Internet Control Messages Protocol (ICMP) NQA test instance sends packets at a minimum
interval of 1 second. This ensures that NQA reports the test results to the system when a link
fault is detected and when the link fault is rectified. For details about NQA configurations, see
the section "NQA Configuration" in HUAWEI NetEngine80E/40E Router Configuration Guide
- SystemManagement.
Perform the following steps on the NQA client:
Procedure
Step 1 Run:
system-view
An NQA test instance is created, and the test instance view is displayed.
Step 3 Run:
test-type icmp
The interval for automatically performing an NQA test is set. By default, no automatic test
interval is set. The system performs the test only once.
Step 6 (Optional) Run:
probe-count number
The number of probes to be sent each time is set for the NQA test instance. By default, the
number is 3.
By sending probes multiple times for an NQA test instance, you can estimate the network quality
more accurately based on the collected statistics.
Step 7 Run:
start
An NQA test instance can be started immediately, at a specified time, or after a specified delay.
l Run the start now [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay { seconds second |
hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ] command to start the test instance
immediately.
l Run the start at [ yyyy/mm/dd ] hh:mm:ss [ end { at [ yyyy/mm/dd ] hh:mm:ss | delay
{ seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ] command to start
the test instance at a specified time.
l Run the start delay { seconds second | hh:mm:ss } [ end { at [ yyyy/mm/dd ] hh:mm:ss |
delay { seconds second | hh:mm:ss } | lifetime { seconds second | hh:mm:ss } } ] command
to start the test instance after a specified delay.
----End
Context
On a network with a simple topology, configuring static routes allows the network to work
properly. When the router fails to set up a route by using the dynamic routing protocol, you can
configure a static route. Unlike dynamic routing protocols, static routes do not have a dedicated
detection mechanism. Static routes cannot detect faults on the network, which probably causes
traffic loss.
NQA for IPv6 static routes enables a static route to be associated with an NQA test instance.
You can use the ping function of an NQA test instance to detect the status of links of the static
route. Then you can determine whether the associated static route is active and whether traffic
is interrupted.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ipv6 route-static dest-ipv6-address prefix-length { interface-type interface-
number [ nexthop-ipv6-address ] | nexthop-ipv6-address } [ preference preference |
tag tag ] * track nqa admin-name test-name [ description text ]
NOTE
The destination address of an NQA test instance cannot be the destination address of an associated static
route.
If the static route associated with one NQA test instance is associated with another NQA test instance, the
association between the static route and the former NQA test instance is removed.
----End
Prerequisites
NQA for static IPv6 routes has been configured.
NOTE
The NQA test result cannot be displayed automatically. You need to run the display nqa results command
to view the NQA test result. By default, the command output shows the results of the latest five tests.
Procedure
Step 1 Run the display current-configuration | include nqa command to check the configurations
about NQA for static IPv6 routes.
Step 2 Run the display nqa results [ test-instance admin-name test-name ] command to check the
NQA test result.
----End
Example
After configurations are complete, run the display current-configuration | include nqa
command in the system view to check whether a static IPv6 route is associated with the NQA
test instance. An example command output is as follows:
<HUAWEI> display current-configuration | include nqa
ipv6 route-static 2001:db8:3::4 128 2001:db8:3::3 track nqa admin1 test1
nqa test-instance admin1 test1
Run the display nqa results command. If the test is successful, the following information is
displayed:
l testflag is active
l testtype is icmp
l The test is finished
l Completion:success
An example command output is as follows:
<HUAWEI> display nqa results test-instance admin1 test1
For an ICMP NQA test, the minimum, maximum, and average time for receiving ICMP Echo-
Reply packets is displayed, that is, Min/Max/Average Completion Time. Lost packet ratio
is displayed, showing the link status. In this example, the packet loss ratio is 0%, indicating that
the link is running normally.
NOTE
If the frequency interval command is configured for an NQA test instance, testflag is active is displayed.
If the frequency interval command is not configured for an NQA test instance, the NQA test is performed
only once and testflag is inactive is displayed.
Applicable Environment
Static routes inheriting the costs of iterated routes mainly apply to a scenario in which the Layer
2 Virtual Private Network (L2VPN) accesses the Layer 3 Virtual Private Network (L3VPN). In
such a scenario, the direct route cost is usually controlled by Configuring an IPv4 direct route
to respond to L3VE interface status changes after a delay or by Configuring the association
between the IPv4 direct route and PW status. This will reduce downstream traffic loss during
the traffic switchback after the primary pseudo wire (PW) recovers.
However, on the network shown in Figure 2-1, the cell site gateway (CSG) is connected to
multiple base stations. These base stations usually use logical IP addresses to communicate with
access aggregation gateways (AGGs), so direct routes between base stations and AGGs cannot
be used to forward packets. In addition, AGGs do not have routes to the logical IP addresses of
the base stations. To address this problem, you must configure static routes on AGGs to forward
downstream traffic. As network administrators usually configure consecutive logical IP
addresses for base stations based on IP address planning, you must configure static routes to
specific base stations on AGGs. As shown in Figure 2-1, if the CSG-AGG1 link that bears the
primary PW recovers, AGG1 immediately advertises its static routes to radio network controller
site gateways (RSGs). RSGs then select these routes and downstream traffic is switched over to
Link A. However, AGG1 has not learned the MAC addresses of the base stations yet and the
primary PW is unavailable, so packets are dropped during the traffic switchback.
Figure 2-1 Networking of configuring static routes to inherit costs of iterated routes
Loopback0
1.1.1.1/32 AGG1 RSG1
NodeB
CSG PW1
Loopback0 Link A
1.1.1.2/32
Link B
NodeB RNC
PW2
To solve this problem, you can configure static routes to inherit costs of iterated routes. Because
static routes are iterated to direct routes and costs of direct routes are determined by PW status,
this configuration implements the association between static routes and PW status. On the
network shown in Figure 2-1, you can configure statics routes on AGG1 to inherit costs of
iterated routes. When the link that bears PW1 recovers:
l If PW1 is still standby, the direct route between AGG1 and CSG has a high cost. Because
the static routes on AGG1 inherit the direct route cost, the static routes also have high costs.
In this case, even if AGG1 advertises static routes to RSGs, RSGs do not preferentially
select these routes and downstream traffic still travels along Link B.
l If PW1 becomes active, the direct route between AGG1 and the CSG has the default cost
0. Because the static routes on AGG1 inherit the direct route cost, the static routes also have
the cost value 0. In this case, after AGG1 advertises static routes to RSGs, RSGs select
these routes and downstream traffic is switched over to Link A. At this time, AGG1 has
learned the MAC addresses of the base stations, and downstream traffic loss will be reduced.
Pre-configuration Tasks
Before configuring IPv4 static routes to inherit costs of iterated routes, complete the following
task:
l Configuring link-layer protocol parameters and IP addresses for interfaces to ensure that
the link layer protocol of each interface is Up
Procedure
Step 1 Run:
system-view
Step 2 Run:
ip route-static vpn-instance vpn-source-name destination-address { mask | mask-
length } nexthop-address [ recursive-lookup host-route ] [ preference preference |
tag tag ] * inherit-cost [ description text ]
A static route is configured for a specified VPN instance and the static route is configured to
inherit the iterated route cost.
vpn-source-name specifies the VPN instance that is bound to the Layer 3 Virtual Ethernet
(L3VE) interface. nexthop-address specifies the IP address of Node B interface connected to
the AGG.
NOTE
In an IP RAN scenario, you can configure static routes to inherit iterated route costs after Configuring an
IPv4 direct route to respond to L3VE interface status changes after a delay or Configuring the
association between the IPv4 direct route and PW status.
----End
Applicable Environment
IPv6 Static routes inheriting the costs of iterated routes mainly apply to a scenario in which the
Layer 2 Virtual Private Network (L2VPN) accesses the Layer 3 Virtual Private Network
(L3VPN). In such a scenario, the IPv6 direct route cost is usually controlled by Configuring an
IPv6 direct route to respond to L3VE interface status changes after a delay or by
Configuring the association between the IPv6 direct route and PW status. This will reduce
downstream traffic loss during the traffic switchback after the primary pseudo wire (PW)
recovers.
However, on the network shown in Figure 2-2, the cell site gateway (CSG) is connected to
multiple base stations. These base stations usually use logical IP addresses to communicate with
access aggregation gateways (AGGs), so IPv6 direct routes between base stations and AGGs
cannot be used to forward packets. In addition, AGGs do not have routes to the logical IP
addresses of the base stations. To address this problem, you must configure IPv6 static routes
on AGGs to forward downstream traffic. As network administrators usually configure
consecutive logical IP addresses for base stations based on IP address planning, you must
configure IPv6 static routes to specific base stations on AGGs. As shown in Figure 2-2, if the
CSG-AGG1 link that bears the primary PW recovers, AGG1 immediately advertises its IPv6
static routes to radio network controller site gateways (RSGs). RSGs then select these routes
and downstream traffic is switched over to LinkA. However, AGG1 has not learned the MAC
addresses of the base stations yet and the primary PW is unavailable, so packets are dropped
during the traffic switchback.
Figure 2-2 Networking of configuring IPv6 static routes to inherit costs of iterated routes
Loopback0
1::1/128 AGG1 RSG1
NodeB
CSG PW1
Link A
Loopback0
1::2/128 Link B
NodeB RNC
PW2
To solve this problem, you can configure IPv6 static routes to inherit costs of iterated routes.
Because IPv6 static routes are iterated to IPv6 direct routes and costs of IPv6 direct routes are
determined by PW status, this configuration implements the association between IPv6 static
routes and PW status. On the network shown in Figure 2-2, you can configure IPv6 statics routes
on AGG1 to inherit costs of iterated routes. When the link that bears PW1 recovers:
l If PW1 is still standby, the IPv6 direct route between AGG1 and CSG has a high cost.
Because the IPv6 static routes on AGG1 inherit the direct route cost, the IPv6 static routes
also have high costs. In this case, even if AGG1 advertises IPv6 static routes to RSGs,
RSGs do not preferentially select these routes and downstream traffic still travels along
LinkB.
l If PW1 becomes active, the IPv6 direct route between AGG1 and the CSG has the default
cost 0. Because the IPv6 static routes on AGG1 inherit the direct route cost, the IPv6 static
routes also have the cost value 0. In this case, after AGG1 advertises IPv6 static routes to
RSGs, RSGs select these routes and downstream traffic is switched over to LinkA. At this
time, AGG1 has learned the MAC addresses of the base stations, and downstream traffic
loss will be reduced.
Pre-configuration Tasks
Before configuring IPv6 static routes to inherit costs of iterated routes, complete the following
task:
l Configuring link-layer protocol parameters and IPv6 addresses for interfaces to ensure that
the link layer protocol of each interface is Up
Procedure
Step 1 Run:
system-view
Step 2 Run:
ipv6 route-static vpn-instance vpn-source-name destination-address { mask | mask-
length } nexthop-address [ preference preference | tag tag ] * inherit-cost
[ description text ]
An IPv6 static route is configured for a specified VPN instance and the IPv6 static route is
configured to inherit the iterated route cost.
vpn-source-name specifies the VPN instance that is bound to the Layer 3 Virtual Ethernet
(L3VE) interface. nexthop-address specifies the IP address of NodeB interface connected to the
AGG.
NOTE
In an IP RAN scenario, you can configure IPv6 static routes to inherit iterated route costs after Configuring
an IPv6 direct route to respond to L3VE interface status changes after a delay or Configuring the
association between the IPv6 direct route and PW status.
----End
NOTE
Examples in this document use interface numbers and link types of the NE40E-X8. In real world situations,
the interface numbers and link types may be different from those used in this document.
Networking Requirements
Figure 2-3 shows IP addresses and masks of interfaces and hosts. It is required to interconnect
any two hosts in Figure 2-3.
PC2
1.1.2.2/24
GE3/0/0
1.1.2.1/24
POS1/0/0 POS2/0/0
1.1.4.2/30 1.1.4.5/30
RouterB
RouterA RouterC
POS1/0/0 POS1/0/0
1.1.4.1/30 1.1.4.6/30
GE2/0/0 GE2/0/0
1.1.1.1/24 1.1.3.1/24
PC1 PC3
1.1.1.2/24 1.1.3.2/24
Because dynamic routing protocols cannot be configured on PC1, PC2 and PC3 in Figure 2-3,
so we configure static routes on the routers in this example.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure an IPv4 address for each interface on each router for interworking.
2. Configure an IPv4 static route and a default route to the destination address on each
router.
3. Configure an IPv4 default gateway on each host to make any two hosts communicate.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure an IP address for each interface.
The configuration details are not described here.
Step 2 Configure static routes.
# Configure an IPv4 default route on Router A.
[RouterA] ip route-static 0.0.0.0 0.0.0.0 1.1.4.2
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
interface GigabitEthernet2/0/0
ip address 1.1.1.1 255.255.255.0
#
interface Pos1/0/0
link-protocol ppp
ip address 1.1.4.1 255.255.255.252
#
ip route-static 0.0.0.0 0.0.0.0 1.1.4.2
#
return
return
Networking Requirements
As shown in Figure 2-4, the mask length of all the IPv6 addresses is 64 bits. It is required that
every two hosts or routers be interconnected.
PC2
2001:db8:2::2/64
GE3/0/0
2001:db8:2::1/64
POS1/0/0 POS2/0/0
RouterB
RouterA RouterC
POS1/0/0 POS1/0/0
GE2/0/0 GE2/0/0
2001:db8:1::1/64 2001:db8:3::1/64
PC1 PC3
2001:db8:1::2/64 2001:db8:3::2/64
Because dynamic routing protocols cannot be configured on PC1, PC2 and PC3 in Figure 2-4,
so we configure static routes on the routers in this example. Addresses of POS interfaces on the
routers are IPv6 link-local addresses.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure an IPv6 address for each GE interface on each router for interworking.
2. Configure an IPv6 static route and a default route to the destination address on each
router.
3. Configure an IPv6 default gateway on each host to make any two hosts communicate.
Data Preparation
To complete the configuration, you need the following data:
l Default route with the outbound interface being POS 1/0/0 of Router A
l Static route with the destination address and outbound interface being 2001:db8:1:: 64 and
POS 1/0/0 respectively of Router B
l Static route with the destination address and outbound interface being 2001:db8:3:: 64 and
POS 2/0/0 respectively of Router B
l Default route with the outbound interface being POS 1/0/0 of Router C
l Default gateway addresses of PC1, PC2, and PC3 being 2001:db8:1::1, 2001:db8:2::1, and
2001:db8:3::1 respectively
Procedure
Step 1 Configure an IPv6 address for each interface.
Configure IPv6 addresses for hosts according to the networking diagram, and set default gateway
addresses of PC1, PC2, and PC3 to 2001:db8:1::1, 2001:db8:2::1, and 2001:db8:3::1
respectively.
Destination : :: PrefixLength : 0
NextHop : FE80::E0:FCD5:A2BF:401 Preference : 60
Cost : 0 Protocol : Static
RelayNextHop : :: TunnelID : 0x0
Interface : Pos1/0/0 Flags : D
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
ipv6
#
interface GigabitEthernet2/0/0
ipv6 enable
ipv6 address 2001:db8:1::1/64
#
interface Pos1/0/0
link-protocol ppp
ipv6 enable
ipv6 address auto link-local
#
ipv6 route-static :: 0 Pos 1/0/0
#
return
#
interface GigabitEthernet3/0/0
ipv6 enable
ipv6 address 2001:db8:2::1/64
#
interface Pos1/0/0
link-protocol ppp
ipv6 enable
ipv6 address auto link-local
#
interface Pos2/0/0
link-protocol ppp
ipv6 enable
ipv6 address auto link-local
#
ipv6 route-static 2001:db8:1:: 64 Pos1/0/0
ipv6 route-static 2001:db8:3:: 64 Pos1/0/1
#
return
Networking Requirements
As shown in Figure 2-5:
l Router A is connected to Router B through Switch C.
l It is required that Router A can communicate with other routers and the network.
l a BFD session is configured between Router A and Router B to detect the link between the
two devices.
Figure 2-5 Networking diagram for configuring BFD for IPv4 static routes
Because the network topology is very simple, static routes can be configured to make RouterA
communicate with other Routers and the network. By binding BFD sessions to static routes,
BFD sessions can detect the link status, which provides the detection mechanism for static routes.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a BFD session between Router A and Router B to detect the link between the
two devices.
2. Configure a default static route from Router A to the external network and bind the default
static route to the BFD session.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure an IP address for each interface.
# On Router A, configure a default static route to the external network and bind it to a BFD
session named aa.
# Check the IP routing table of Router A. The command output shows that the static route exists
in the routing table.
[RouterA] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 3 Routes : 3
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 Static 60 0 RD 1.1.1.2 GigabitEthernet1/0/0
1.1.1.0/24 Direct 0 0 D 1.1.1.1 GigabitEthernet1/0/0
1.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet1/0/0
# Check the IP routing table of Router A. The command output shows that default route 0.0.0.0/0
does not exist. This is because the default static route is bound to a BFD session. When BFD
detects a link fault, BFD rapidly notifies that the bound static route becomes unavailable. If the
static route is not bound to a BFD session, the default route 0.0.0.0/0 will always exist in IP
routing table, this may cause traffic loss.
[RouterA] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 2 Routes : 2
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 Direct 0 0 D 1.1.1.1 GigabitEthernet1/0/0
1.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet1/0/0
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
bfd
#
interface GigabitEthernet1/0/0
ip address 1.1.1.1 255.255.255.0
#
bfd aa bind peer-ip 1.1.1.2
discriminator local 10
discriminator remote 20
commit
#
ip route-static 0.0.0.0 0.0.0.0 1.1.1.2 track bfd-session aa
#
return
Networking Requirements
As shown in Figure 2-6:
l Router A is connected to Router B through Switch C.
l It is required that Router A can communicate with other routers and the network.
l a BFD session is configured between Router A and Router B to detect the link between the
two devices.
Figure 2-6 Networking diagram for configuring BFD for IPv6 static routes
Because the network topology is very simple, static routes can be configured to make RouterA
communicate with other Routers and the network. By binding BFD sessions to static routes,
BFD sessions can detect the link status, which provides the detection mechanism for static routes.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a BFD session on Router A and Router B to detect the link between the two
devices.
2. Configure a default static route from Router A to the external network and bind the default
static route to a BFD session.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure an IPv6 address for each interface.
# On Router A, configure a default static route to the external network and bind it to a BFD
session named aa.
[RouterA] ipv6 route-static 0::0 0 2001:db8:1::2 track bfd-session aa
# Check the IP routing table of Router A. The command output shows that the static route exists
in the routing table.
[RouterA] display ipv6 routing-table
Routing Table : Public
Destinations : 5 Routes : 5
Destination : :: PrefixLength : 0
NextHop : 2001:db8:1::2 Preference : 60
Cost : 0 Protocol : Static
RelayNextHop : :: TunnelID : 0x0
Interface : GigabitEthernet 1/0/0 Flags : RD
# Check the IP routing table of Router A. The command output shows that default route 0::0/0
does not exist. This is because the default static route is bound to a BFD session. When BFD
detects a link fault, BFD rapidly notifies that the bound static route becomes unavailable. If the
static route is not bound to a BFD session, the default route 0.0.0.0/0 will always exist in IP
routing table, this may cause traffic loss.
[RouterA] display ipv6 routing-table
Routing Table : Public
Destinations : 1 Routes : 1
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
ipv6
#
bfd
#
interface GigabitEthernet 1/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:db8:1::1/64
#
bfd aa bind peer-ipv6 2001:db8:1::2
discriminator local 10
discriminator remote 20
commit
#
ipv6 route-static :: 0 2001:db8:1::2 track bfd-session aa
#
return
Networking Requirements
Static routes can be configured on networks with simple topologies or for Routers that cannot
generate routes to the destination through dynamic routing protocols. Unlike dynamic routing
protocols, static routes do not have a dedicated detection mechanism. After a fault occurs, the
corresponding static route cannot be automatically deleted from the IP routing table. The network
administrator must delete the corresponding static route to allow traffic to switch to an available
path. This dependence on the administrator delays the link switchover which is likely to interrupt
services for a comparatively long time. BFD for static routes can be deployed to monitor the
status of a link, but it requires that both ends of the link support BFD. If either end of the link
does not support BFD, you can configure NQA for static IPv4 routes to monitor the link status.
On the IP MAN shown in Figure 2-7, redundant links are used and the following requirements
are met:
l Router B and Router C are configured with static routes to the clients. Router B is the master
and Router C is the backup.
l Normally, traffic travels along the active link of Router B → Switch A.
l If a fault occurs in the active link, traffic switches to the standby link of Router C → Switch
B.
Figure 2-7 Networking diagram for configuring NQA for static IPv4
IP Network
RouterA
GE2/0/0
GE1/0/0 172.16.4.1/24
172.16.3.1/24
GE2/0/0 GE2/0/0
172.16.3.2/24 172.16.4.2/24
RouterB RouterC
/0
GE1/0/0 3/0 /24 GE1/0/0
172.16.1.1/24 17 GE3 GE 6.6.1 172.16.2.1/24
2.1 /0/ 2.1
6.5 0 17 VL
.1/ 17 AN
24 2.1 IF
6.5 20
VLANIF10 2 0 .2/ VLANIF10
IF /24 24
172.16.1.2/24 N
A .6. 2 172.16.2.2/24
L
V 16
2. ......
VLANIF30 17 VLANIF30
172.16.7.1/24 SwitchA SwitchB 172.16.8.1/24
...... ......
NOTE
In this example, Switch A and Switch B provide access services for users. On live networks, Optical Line
Terminals (OLTs), Digital Subscriber Line Access Multiplexers (DSLAMs), Multi-service Access Nodes
(MSANs), or x Digital Subscriber Line (xDSL) devices can also be used to provide access services for
users. The configuration is similar on Router A, Router B and Router C.
Configuration Roadmap
The configuration roadmap is as follows:
1. Establish an ICMP NQA test instance for the NQA client Router B and the tested device
Switch A to test whether the active link of Router B → Switch A works properly.
2. Configure static routes on Router B and Router C, and associate the static route on
Router B with the NQA test instance. If the NQA test instance detects a link fault, the
system deletes the static route from the IP routing table.
3. Configure a dynamic routing protocol on Router A, Router B, and Router C to allow them
to learn routes from each other.
4. Configure OSPF on Router B and Router C to import static routes, and set a higher cost
for the static route imported to Router C than that imported to Router B. After Router A
learns routes from Router B and Router C to the same destination, it prefers the route with
a lower cost along the path of Router B → Switch A.
Data Preparation
To complete the configuration, you need the following data:
l IP address of each interface
l Test type, administrator name, and name of an NQA test instance
l Test period and packet sending interval of the NQA test instance
l OSPF area ID (Area 0) where Router A, Router B, and Router C reside
Procedure
Step 1 Configure IP addresses. This example assumes that you know how to configure IP addresses so
that the configuration is not described here.
Step 2 Configure an NQA test instance on Router B to test the link between Router B and Switch A.
<RouterB> system-view
[RouterB] nqa test-instance aa bb
[RouterB-nqa-aa-bb] test-type icmp
[RouterB-nqa-aa-bb] destination-address ipv4 172.16.1.2
[RouterB-nqa-aa-bb] frequency 3
[RouterB-nqa-aa-bb] probe-count 1
[RouterB-nqa-aa-bb] start now
[RouterB-nqa-aa-bb] quit
Step 4 Configure a dynamic routing protocol on Router A, Router B, and Router C. This example uses
OSPF. For detailed instructions on configuring OSPF, see 5 OSPF Configuration.
Step 5 Configure OSPF on Router B and Router C to import static routes.
# Configure OSPF on Router B to import static routes, and set the cost of each imported static
route to 10.
[RouterB] ospf 1
[RouterB-ospf-1] import-route static cost 10
[RouterB-ospf-1] quit
# Configure OSPF on Router C to import static routes, and set the cost of each imported static
route to 20.
[RouterC] ospf 1
[RouterC-ospf-1] import-route static cost 20
[RouterC-ospf-1] quit
with the NQA test instance. Then run the display nqa results command to check whether the
NQA test instance has been established.
In this example, the information "Lost packet ratio: 0 %" is displayed, indicating that the link
works properly.
# Check the routing table on Router B. The routing table contains this static route.
[RouterB] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 13 Routes : 13
The routing table contains a route destined for 172.16.1.3/32 with the next hop of 172.16.3.2
and the cost of 10. Therefore, traffic travels along the path Router B → Switch A.
The information "Lost packet ratio: 100 %" is displayed, indicating that the link fails.
Because the static route is associated with the NQA test instance on Router B, after NQA detects
the link fault, it immediately notifies Router B that the associated static route is unavailable.
Router A cannot learn the route destined for 172.16.7.0/24 from Router B. Router A, however,
can learn another route destined for 172.16.7.0/24 from Router C. The next hop of the route is
172.16.4.2, and the cost is 20. Traffic switches to the link of Router C → Switch B.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
router id 1.1.1.1
#
interface GigabitEthernet1/0/0
undo shutdown
Networking Requirements
On a simple network or when the route to the destination cannot be established using dynamic
routing protocols, you can configure static routes. Unlike dynamic routing protocols, static routes
do not have a dedicated detection mechanism. After a fault occurs, static routes cannot detect
the fault, and the network administrator must delete the corresponding static route. This delays
the link switchover and probably interrupts services for a comparatively long time.
BFD for static routes is adaptable to link changes but both ends of the link must support BFD.
If either end of the link does not support BFD, you can configure NQA for IPv6 static routes.
When an NQA test instance detects a link fault, the static route associated with the NQA test
instance will be deleted from the IP routing table and the traffic is switched to a normal route to
prevent long-time service interruption.
As shown in Figure 2-8, the IP MAN of a company is configured with redundant backup links.
l Router B and Router C are configured with static routes. Router B is the master Router and
Router C is the backup Router.
l Normally, traffic is forwarded through the active link Router B→Switch A.
l When the active link becomes faulty, traffic is switched to the backup link Router C→
Switch B.
Figure 2-8 Networking for configuring NQA for static IPv6 routes
IP Network
RouterA
GE1/0/0 GE2/0/0
2001:db8:1::1/64 2001:db8:2::1/64
GE2/0/0
2001:db8:1::2/64
GE2/0/0
2001:db8:2::2/64
RouterB RouterC
...... ......
NOTE
In this diagram, Switch A and Switch B provide the access service for subscribers. In actual networking,
Optical Line Terminals (OLTs), Digital Subscriber Line Access Multiplexers (DSLAMs), Multi-service
Access Nodes (MSANs), or x Digital Subscriber Line (xDSL) can be used for user access. The
configurations on Router A, Router B, and Router C are the same.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure an ICMP NQA test instance on the NQA client Router B to test whether the
active link Router B→Switch A runs properly.
2. Configure static routes on Router B and Router C and associate the static route of Router
B with the configured NQA test instance. When a fault is detected on the link, the static
route associated with Router B is deleted from the IPv6 routing table.
3. Configure a dynamic routing protocol on Router A, Router B, and Router C so that they
can learn routes from each other.
4. Configure OSPFv3 on Router B and Router C to import static routes and set the cost to the
static route imported by Router C to be larger than the cost of the static route imported by
Router B. Router A learns the route to the same destination from Router B and Router C
and the link Router B→Switch A with lower cost will be selected.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure IPv6 addresses.
Configure IPv6 addresses for interfaces according to Figure 2-8. For details, see configuration
files.
Step 2 Configure an NQA test instance on Router B to test the link between Router B and Switch A.
<RouterB> system-view
[RouterB] nqa test-instance admin1 test1
[RouterB-nqa-admin1-test1] test-type icmp
[RouterB-nqa-admin1-test1] destination-address ipv6 2001:db8:3::2
[RouterB-nqa-admin1-test1] frequency 3
[RouterB-nqa-admin1-test1] probe-count 1
[RouterB-nqa-admin1-test1] start now
[RouterB-nqa-admin1-test1] quit
Configure a static IPv6 route on Router B and associate the static route with the configured NQA
test instance.
[RouterB] ipv6 route-static 2001:db8:7:: 64 GigabitEthernet 1/0/0 FE80:1::1 track
nqa admin1 test1
NOTE
The next hop address of the static IPv6 route configured on the local end should be the link-local address
of the peer end. Run the display ipv6 interface [ interface-type interface-number ] command to obtain the
address of the peer end of the link.
Step 4 Configure a dynamic routing protocol on Router A, Router B, and Router C. OSPFv3 is used in
this example. For details, see 6.2 Configuring Basic OSPFv3 Functions.
# Configure OSPFv3 on Router B to import static routes and set the route cost to 10.
[RouterB] ospfv3 1
[RouterB-ospfv3-1] import-route static cost 10
[RouterB-ospfv3-1] quit
# Configure OSPFv3 on Router C to import static routes and set the route cost to 20.
[RouterC] ospfv3 1
[RouterC-ospfv3-1] import-route static cost 20
[RouterC-ospfv3-1] quit
After the configuration is complete, run the display current-configuration | include nqa
command on Router B in the system view. The command output shows that the static IPv6 route
has been associated with the NQA test instance. Run the display nqa results command. The
command output shows that an NQA test instance has been created.
The command output shows "Lost packet ratio 0 %", indicating that the link status is normal.
# Display the routing table of Router B. The static route exists in the routing table.
[RouterB] display ipv6 routing-table 2001:db8:7::
Routing Table :
Summary Count : 1
A route to 2001:db8:7::/64 exists in the routing table, with the outbound interface GE 1/0/0 and
the cost 10. Traffic will be forwarded through the link Router B→Switch A.
The command output shows "Lost packet ratio is 100%", indicating that the link is faulty.
# Display the routing table of Router B. The static route is deleted. The route is an OSPFv3 route
learned from router A.
[RouterB] display ipv6 routing-table 2001:db8:7::
Routing Table :
Summary Count : 1
The static route is associated with the NQA test instance on Router B. After detecting a link
fault, NQA rapidly notifies Router B that the associated static route is unavailable. Router A
cannot learn the route to 2001:db8:7::/64 from Router B. However, Router A can learn the route
to 2001:db8:7::/64 from Router C. The outbound interface to 2001:db8:7::/64 is changed to GE
2/0/0 and the cost is 20. Traffic will be switched to Router C→Switch B.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
ipv6
#
ospfv3 1
router-id 1.1.1.1
#
interface GigabitEthernet1/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:db8:1::1/64
ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet2/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:db8:2::1/64
ospfv3 1 area 0.0.0.0
#
return
#
ospfv3 1
router-id 3.3.3.3
import-route static cost 20
#
interface GigabitEthernet1/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:db8:4::1/64
#
interface GigabitEthernet2/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:db8:2::2/64
ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet3/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:db8:6::1/64
#
ipv6 route-static 2001:db8:7:: 64 GigabitEthernet3/0/0 FE80:2::2
#
return
Networking Requirements
If service traffic needs to be forwarded along a specified path, you can detect links of the
forwarding path by pinging the destination addresses of static routes. In this manner, you can
monitor services at a very low cost.
As shown in Figure 2-9, EBGP peer relationships are established between Router A and
Router B, and between Router A and Router C by using static routes. There are two links (Link
A and Link B) between Router A and Router B. By configuring permanent advertisement of
static routes, you can make traffic be forwarded along only Link A regardless of the outbound
interface status and detect the status of Link A by periodically pinging the interface address of
Router B through the network monitoring system. This detects the status of BGP services.
Figure 2-9 Networking for configuring permanent advertisement of IPv4 static routes
Loopback0
2.2.2.2/32
POS1/0/0
40.1.1.2/24 RouterB
POS1/0/0
40.1.1.1/24 POS2/0/0
A
Link 30.1.1.1/24
RouterA
LinkB
POS2/0/0
POS2/0/0
30.1.1.2/24
AS100 20.1.1.1/24
POS1/0/0 RouterC
20.1.1.2/24
AS20
0
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure OSPF on devices in AS 200 to ensure that routes to the address of Loopback0
on Router B are advertised to Router C.
2. Establish EBGP peer relationships between Router A and Router B, and between Router
A and Router C.
3. On Router A, configure a static route whose destination address is the address of Loopback0
on Router B and outbound interface is POS 1/0/0 on Router A.
4. On Router A, configure permanent advertisement of the static route to the address of
Loopback0 on Router B. In this manner, when POS 1/0/0 on Router A becomes faulty, the
static route to the address of Loopback0 on Router B still takes effect.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure an IP address for each interface. This example assumes that you know the
configuration method and no details are provided here.
# Configure Router C.
[RouterC] ospf 1
[RouterC-ospf-1] area 0
[RouterC-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
[RouterC-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255
[RouterC-ospf-1-area-0.0.0.0] quit
[RouterC-ospf-1] quit
The preceding display shows that Router C has learned the OSPF route to 2.2.2.2/32.
Step 3 Configure EBGP connections and establish EBGP peer relationships between Router A and
Router B, and between Router A and Router C.
# Configure Router A.
[RouterA] bgp 100
[RouterA-bgp] peer 40.1.1.2 as-number 200
[RouterA-bgp] peer 20.1.1.2 as-number 200
[RouterA-bgp] quit
# Configure Router B.
[RouterB] bgp 200
[RouterB-bgp] peer 40.1.1.1 as-number 100
[RouterB-bgp] quit
# Configure Router C.
[RouterC] bgp 200
[RouterC-bgp] peer 20.1.1.1 as-number 100
[RouterC-bgp] network 20.1.1.0 255.255.255.0
[RouterC-bgp] import-route ospf 1
[RouterC-bgp] quit
# After the preceding configurations, check the EBGP connection status of Router A.
The preceding display shows that the status of BGP connections between Router A and
Router B, and between Router A and Router C is Established. This indicates that EBGP peer
relationships have been established.
The preceding display shows that Router A has learned the BGP route to 2.2.2.2/32.
Step 4 On Router A, configure a static route whose destination address is 2.2.2.2/32 and outbound
interface is POS 1/0/0.
[RouterA] ip route-static 2.2.2.2 32 pos1/0/0 40.1.1.2
The preceding display shows that the static route to 2.2.2.2/32 is preferred because the priority
of a static route is higher than that of a BGP route.
# Run the shutdown command on POS 1/0/0 of Router A to simulate a link fault.
[RouterA] interface pos 1/0/0
[RouterA-Pos1/0/0] shutdown
[RouterA-Pos1/0/0] quit
# After the preceding configurations, run the tracert command on Router A to check the
forwarding path of ping packets.
[RouterA] tracert 2.2.2.2
traceroute to 2.2.2.2(2.2.2.2), max hops: 30 ,packet length: 40,press CTRL_C t o
break
1 20.1.1.2 50 ms 30 ms 30 ms
2 30.1.1.1 < AS=200 > 50 ms 60 ms 60 ms
The command output shows that ping packets detour around Link B after Link A becomes faulty.
This indicates that the EBGP route to 2.2.2.2/32 is preferred after the static route to 2.2.2.2/32
becomes inactive. In this case, the status of Link A cannot be detected through a ping operation.
The preceding display shows that the static route to 2.2.2.2/32 is still valid and the EBGP route
to 2.2.2.2/32 is not preferred after the outbound interface of the static route becomes faulty.
# Run the ping command on Router A to check whether Router A can ping successfully
2.2.2.2/32.
[RouterA] ping 2.2.2.2
PING 2.2.2.2: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
The preceding command output shows that after permanent advertisement of static routes is
configured, ping packets are still forwarded along Link A but not Link B when Link A becomes
faulty, and the connectivity of Link A can be detected through a ping operation.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
interface Pos1/0/0
link-protocol ppp
shutdown
ip address 40.1.1.1 255.255.255.0
#
interface Pos2/0/0
link-protocol ppp
ip address 20.1.1.1 255.255.255.0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
bgp 100
peer 40.1.1.2 as-number 200
peer 20.1.1.2 as-number 200
#
ipv4-family unicast
undo synchronization
peer 40.1.1.2 enable
peer 20.1.1.2 enable
#
ip route-static 2.2.2.2 255.255.255.255 Pos1/0/0 40.1.1.2 permanent
#
return
3 RIP Configuration
RIP can advertise and receive routes to affect the selection of data forwarding paths, and can
provide the network management function. RIP is commonly used on small-scale networks.
3.1 Introduction
RIP is a dynamic routing protocol used on small-scale networks. It is an Interior Gateway
Protocol (IGP) and uses the distance-vector routing algorithm.
This section describes how to configure RIP GR to avoid incorrect route calculation and packet
loss after a RIP router restarts.
3.1 Introduction
RIP is a dynamic routing protocol used on small-scale networks. It is an Interior Gateway
Protocol (IGP) and uses the distance-vector routing algorithm.
The Routing Information Protocol (RIP) is a simple Interior Gateway Protocol (IGP). RIP is
mainly used on small-scale networks such as campus networks and simple regional networks.
RIP uses the distance-vector routing algorithm and exchanges routing information by using User
Datagram Protocol (UDP) packets through port 520.
RIP uses the hop count to measure the distance to the destination. The distance is called the
routing metric. In RIP, the hop count from a router to its directly connected network is 0, and
the hop count from a router to a network, which can be reached through another router, is 1. To
speed up route convergence, RIP defines the cost as an integer that ranges from 0 to 15. If the
hop count is equal to or exceeds 16, the destination network or host is unreachable because the
path is considered to have an infinite metric. It is this limitation to the hop count that makes RIP
inapplicable to large-scale networks.
To improve network performance and prevent routing loops, RIP supports both split horizon
and poison reverse.
l Split horizon is a method of preventing routing loops in a network and reducing bandwidth
consumption. The basic principle is simple: Information about the routing for a particular
packet is never sent back in the direction from which it was received.
l Poison reverse is that RIP sets the cost of the route learnt from an interface of a neighbor
to 16 (specifying the route as unreachable) and then sends the route from the interface back
to the neighbor. In this way, RIP can delete useless routes from the routing table of the
neighbor.
l RIPv1
l RIPv2
RIPv1 is a classful routing protocol, whereas RIPv2 is a classless routing protocol. In RIPv2,
address 224.0.0.9 is the multicast address of a RIP router.
l Uses multicast routes to send update packets. Only RIPv2 routers can receive protocol
packets. This reduces the resource consumption.
l Provides three authentication modes to enhance security: plain-text authentication, MD5
authentication and HMAC-SHA256 authentication.
For detailed configuration of a VPN instance, see the chapter "BGP MPLS IP VPN Configuration" in the
NE80E/40E Router Configuration Guide - VPN.
Applicable Environment
Configuring basic RIP functions allows you to enjoy certain RIP features.
Pre-configuration Tasks
Before configuring basic RIP functions, complete the following tasks:
Data Preparation
To configure basic RIP functions, you need the following data.
No. Data
1 RIP process ID
No. Data
Context
If you run RIP-related commands in the interface view before enabling RIP, the configurations
take effect only after RIP is enabled.
Procedure
Step 1 Run:
system-view
Step 2 Run:
rip [ process-id ]
RIP supports multi-instance. To associate RIP processes with VPN instances, you can run the
rip [ process-id ] vpn-instance vpn-instance-name command.
NOTE
For easy management and effective control, RIP supports multi-process and multi-instance. The multi-
process feature allows a set of interfaces to be associated with a specific RIP process and an interface can
be associated with only one RIP process. This ensures that the specific RIP process performs all the protocol
operations only on this set of interfaces. Therefore, multiple RIP processes can work on a single router and
each process is responsible for a unique set of interfaces. In addition, the routing data is independent
between RIP processes; however, routes can be imported between processes.
For the routers that support the VPN, each RIP process is associated with a specific VPN instance. In this
case, all the interfaces attached to the RIP process should be associated with the RIP-process-related VPN
instance.
----End
Context
By default, after RIP is enabled, it is disabled on all interfaces.
Perform the following steps on the router to be enabled with RIP.
Procedure
Step 1 Run:
system-view
NOTE
----End
Context
Perform the following steps on the RIP router.
Procedure
l Configuring the Global RIP Version Number
1. Run:
system-view
The RIP-1 protocol poses a security risk, and therefore the RIP-2 protocol is
recommended.
l Configuring the RIP Version Number for an Interface
1. Run:
system-view
The RIP version number of the packets received by the interface is specified.
NOTE
By default, an interface receives both RIPv1 and RIPv2 packets but sends only RIPv1 packets.
When configuring RIPv2 on an interface, you can specify the mode in which the interface sends
packets. If no RIP version number is configured in the interface view, the global RIP version
is used. The RIP version set on an interface takes precedence over the global RIP version.
The RIP-1 protocol poses a security risk, and therefore the RIP-2 protocol is recommended.
----End
Prerequisites
Basic RIP functions has been configured.
Procedure
l Run display rip [ process-id | vpn-instance vpn-instance-name ] command to check the
running status and configuration of RIP.
l Run display rip process-id route command to check all the RIP routes that are learned
from other routers.
l Run display default-parameter rip command to check the default RIP configuration.
l Run the display rip process-id statistics interface { all | interface-type interface-
number [ verbose | neighbor neighbor-ip-address ] } command to check statistics about
RIP interfaces.
----End
Example
Run the display rip [ process-id | vpn-instance vpn-instance-name ] command, and you can
view the running status and configuration of the enabled RIP process. The command output
shows that two VPN instances are running. The first VPN instance is a public network instance;
the second VPN instance is named VPN-Instance-1.
<HUAWEI> display rip
Public VPN-instance
RIP process : 1
RIP version : 1
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Host-route : Enabled
Maximum number of balanced paths : 32
Update time : 30 sec Age time : 180 sec
Garbage-collect time : 120 sec
Graceful restart : Disabled
BFD : Disabled
Silent interfaces : None
Verify-source : Enabled
Networks :
172.4.0.0
Configured peers : None
Number of routes in database : 4
Number of interfaces enabled : 3
Triggered updates sent : 3
Number of route changes : 6
Number of replies to queries : 1
Number of routes in ADV DB : 6
Private VPN-instance name : VPN-Instance-1
RIP process : 2
RIP version : 1
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Host-route : Enabled
Maximum number of balanced paths : 32
Update time : 30 sec Age time : 180 sec
Garbage-collect time : 120 sec
Graceful restart : Disabled
BFD : Disabled
Silent interfaces : None
Default-route : Disabled
Verify-source : Enabled
Networks :
192.4.5.0
Configured peers : None
Number of routes in database : 0
Number of interfaces enabled : 0
Triggered updates sent : 0
Number of route changes : 0
Number of replies to queries : 0
Number of routes in ADV DB : 6
Total count for 2 process :
Number of routes in database : 3
Number of interfaces enabled : 2
Number of routes sendable in a periodic update : 6
Number of routes sent in last periodic update : 4
Run the display rip process-id route command, and you can view all activated and inactivated
routes of the specified RIP process.
Run the display default-parameter rip command, and you can view the default RIP
configuration.
<HUAWEI> display default-parameter rip
--------------------------------------------
Protocol Level Default Configurations
--------------------------------------------
RIP version : 1
Preference : 100
Checkzero : Enabled
Default-cost : 0
Auto Summary : Enabled
Host-route : Enabled
Maximum Balanced Paths : 32
Update time : 30 sec Age time : 180 sec
Garbage-collect time : 120 sec
Default-route : Disabled
Verify-source : Enabled
Graceful restart : Disabled
--------------------------------------------
Interface Level Default Configurations
--------------------------------------------
Metricin : 0
Metricout : 1
Input Packet Processing : Enabled
Output Packet Processing: Enabled
Poison Reverse : Disabled
Replay Protect : Disabled
Split Horizon
For Broadcast and P2P Interfaces : Enabled
For NBMA Interfaces : Disabled
Packet Transmit Interval : 200 msecs
Packet Transmit Number : 50
RIP Protocol Version : RIPv1 Compatible (Non-Standard)
Run the display rip process-id statistics interface { all | interface-type interface-number
[ verbose | neighbor neighbor-ip-address ] } command, and you can view statistics about the
specified RIP interface.
<HUAWEI> display rip 1 statistics interface gigabitethernet1/0/0
GigabitEthernet1/0/0(10.0.0.11)
Statistical information Last min Last 5 min Total
------------------------------------------------------------------
Periodic updates sent 5 23 259
Triggered updates sent 5 30 408
Response packet sent 10 34 434
Response packet received 15 38 467
Response packet ignored 0 0 0
Request packet sent 1 3 8
Request packet received 4 20 40
Request packet ignored 0 0 0
Bad packets received 0 0 0
Routes received 0 0 0
Routes sent 0 0 0
Bad routes received 0 0 0
Packet authentication failed 0 0 0
Packet send failed 0 0 0
Applicable Environment
For complex networks, you can set RIP route attributes to change RIP routing policies. After
performing the configuration procedures in this section, you can:
Pre-configuration Tasks
Before configuring RIP route attributes, complete the following tasks:
l Configuring IP addresses for interfaces to ensure that neighboring nodes are reachable at
the network layer
l Configuring Basic RIP Functions
Data Preparation
To configure RIP route attributes, you need the following data.
No. Data
2 RIP preference
Context
The additional metric is added to the original metric of the RIP route.
l The rip metricin command is used to add an additional metric to an incoming route. After
this route is added to the routing table, its metric in the routing table changes.Running this
command affects route selection on the local device and other devices on the network.
l The rip metricout command is used to add an additional metric to an outgoing route. When
this route is advertised, an additional metric is added to this route, but the metric of the
route in the routing table does not change. Running this command does not affect route
selection on the local device or other devices on the network.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
You can specify the value of the metricin to be added to the RIP route that passes the filtering policy by
specifying value1 through an ACL or an IP prefix list. If a RIP route does not pass the filtering, its metric
is not incremented.
1. Run rip metricout { value | { acl-number | acl-name acl-name } value1 }, the metric
added to an outgoing route is set.
2. Run quit, return to the system view.
3. Run acl { [ number ] acl-number1 | name acl-name basic [ number acl-number2 ] }
[ match-order { auto | config } ], the basic ACL view is displayed.
4. Run rule [ rule-id ] { deny | permit } [ fragment-type fragment-type-name | source
{ source-ip-address source-wildcard | any } | time-range time-name | vpn-instance
vpn-instance-name ] *, a rule is configured for the basic ACL.
l Based on the named advanced ACL:
1. Run rip metricout { value | acl-name acl-name value1 }, the metric added to an
outgoing route is set.
2. Run quit, return to the system view.
3. Run acl name acl-name advance [ number acl-number2 ] [ match-order { auto |
config } ], the basic ACL view is displayed.
4. Run rule [ rule-id ] { deny | permit } protocol [ source { source-ip-address source-
wildcard | any } | time-range time-name ] *, a rule is configured for the basic ACL.
l Based on the IP prefix: rip metricout { value | ip-prefix ip-prefix-name value1 }
NOTE
You can specify the value of the metricout to be added to the RIP route that passes the filtering policy by
specifying value1 through an ACL or an IP prefix list. If a RIP route does not pass the filtering, its metric
is increased by 1.
----End
Context
Perform the following steps on the RIP router:
Procedure
Step 1 Run:
system-view
Step 2 Run:
rip [ process-id ]
Step 3 Run:
preference { preference | route-policy route-policy-name } *
----End
Context
Perform the following steps on the RIP router:
Procedure
Step 1 Run:
system-view
Step 2 Run:
rip [ process-id ]
Step 3 Run:
maximum load-balancing number
NOTE
When the number of equal-cost routes is greater than number specified in the maximum load-balancing
command, valid routes are selected for load balancing based on the following criteria:
1. Interface index: If routes have the same priorities, routes with higher interface index values are selected
for load balancing.
2. Next hop IP address: If routes have the same priorities and interface index values, routes with larger
IP address are selected for load balancing.
----End
Prerequisites
RIP route attributes has been configured.
Procedure
l Run display rip [ process-id | vpn-instance vpn-instance-name ] command to check the
running status and configuration of RIP.
l Run display rip process-id database command to check all activated routes in the RIP
database.
l Run display rip process-id route command to check all the RIP routes that are learned
from other routers.
----End
Example
Run the display rip process-id database command, and you can view information about the
database of the specified RIP process.
<HUAWEI> display rip 100 database
---------------------------------------------------
Advertisement State : [A] - Advertised
[I] - Not Advertised/Withdraw
---------------------------------------------------
10.0.0.0/8, cost 0, ClassfulSumm
10.1.1.0/24, cost 0, [A], Imported
10.10.10.0/24, cost 0, [A], Rip-interface
10.137.220.0/23, cost 1, [A], nexthop 10.10.10.2
Context
To access a device running a non-RIP protocol, an RIP-capable device needs to import routes
of the non-RIP protocol into the RIP network.
All the following commands can set the cost of the imported route, which are listed in descending
order of priorities.
Pre-configuration Tasks
Before configuring RIP to import external routes, complete the following tasks:
l Configuring IP addresses for interfaces to ensure that neighboring nodes are reachable at
the network layer
l Configuring Basic RIP Functions
Data Preparation
To configure RIP to import external routes, you need the following data.
No. Data
Procedure
Step 1 Run:
system-view
Step 2 Run:
rip [ process-id ]
If no cost is specified, this command can be used to set the default cost for the external routes
imported by RIP from other routing protocols.
Step 4 Run:
import-route bgp [ permit-ibgp ] [ cost { cost | transparent } | route-policy route-
policy-name ] * or import-route { { static | direct } | { { rip | ospf | isis }
[ process-id ] } } [ cost cost | route-policy route-policy-name ] *
NOTE
Import of IBGP routes in RIP process can lead to routing loops. Administrator should take care of routing
loops before configuring permit-ibgp.
----End
Applicable Environment
To meet the requirements of a network, you need to control the advertising of RIP routing
information accurately. After performing the configuration procedures in this section, you can:
Pre-configuration Tasks
Before configuring the router to control the advertising of RIP routing information, complete
the following tasks:
l Configuring IP addresses for interfaces to ensure that neighboring nodes are reachable at
the network layer
l Configuring Basic RIP Functions
Data Preparation
To control the advertising of RIP routing information, you need the following data.
No. Data
2 Number of the interface that is suppressed from sending RIP Update packets
Context
Perform the following steps on the RIP router:
Procedure
Step 1 Run:
system-view
RIP is configured to generate a default route only if route permitted by the route policy is present
as active in the routing table.
----End
Context
Perform the following steps on the RIP router:
Procedure
l Disable an interface from sending RIP Update packets in a RIP process (with a high
priority).
1. Run:
system-view
You can configure an interface as a silent interface so that it only receives RIP Update
packets to update its routing table.
NOTE
You can run the silent-interface all command to disable all RIP interfaces from sending RIP
Update packets.
The silent-interface command takes precedence over the rip output command configured in
the interface view. By default, an interface can both send and receive RIP Update packets.
l Disable an interface from sending RIP Update packets in the interface view (with a low
priority).
1. Run:
system-view
By running this command, you can specify whether to send RIP Update packets on
an interface. The silent-interface command takes precedence over the undo rip
output command. By default, an interface is allowed to send RIP Update packets.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
rip [ process-id ]
system. Then, configure another rule with a larger number in the same ACL and
specify the action deny in this rule to filter out unwanted routes.
l Based on the named advanced ACL:
1. Run filter-policy acl-name acl-name export [ protocol [ process-id ]| interface-type
interface-number ], the imported routes are filtered when being advertised.
2. Run quit, return to the system view.
3. Run acl name acl-name advance [ number acl-number2 ] [ match-order { auto |
config } ], the basic ACL view is displayed.
4. Run rule [ rule-id ] { deny | permit } protocol [ source { source-ip-address source-
wildcard | any } | time-range time-name ] *, a rule is configured for the basic ACL.
When a filtering policy of a routing protocol is used to filter routes:
– If the action specified in an ACL rule is permit, a route that matches the rule will
be received or advertised by the system.
– If the action specified in an ACL rule is deny, a route that matches the rule will not
be received or advertised by the system.
– If a route has not matched any ACL rules, the route will not be received or advertised
by the system.
– If an ACL does not contain any rules, all routes matching the route-policy that
references the ACL will not be received or advertised by the system.
– If the ACL referenced by the route-policy does not exist, all routes matching the
route-policy will be received or advertised by the system.
– In the configuration order, the system first matches a route with a rule that has a
smaller number and then matches the route with a rule with a larger number. Routes
can be filtered using a blacklist or a whitelist:
Route filtering using a blacklist: Configure a rule with a smaller number and specify
the action deny in this rule to filter out the unwanted routes. Then, configure another
rule with a larger number in the same ACL and specify the action permit in this rule
to receive or advertise the other routes.
Route filtering using a whitelist: Configure a rule with a smaller number and specify
the action permit in this rule to permit the routes to be received or advertised by the
system. Then, configure another rule with a larger number in the same ACL and
specify the action deny in this rule to filter out unwanted routes.
l Based on the IP prefix: filter-policy ip-prefix ip-prefix-name export [ protocol [ process-
id ]| interface-type interface-number ]
If the routing information to be advertised by RIP contains the routes imported from other routing
protocols, you can specify protocol to filter the specified routes. If protocol is not specified, all
the routing information to be advertised will be filtered, including the imported routes and local
RIP routes (directly connected routes).
NOTE
The Tag field in RIP is 16 bits in length, whereas the Tag field in other routing protocols is 32 bits in length.
If the routes of other routing protocols are imported and the tag is used in the routing policy, ensure that
the tag value does not exceed 65535. Otherwise, the routing policy becomes invalid or the matching result
is incorrect.
----End
Prerequisites
Controlling the advertising of RIP routing information has been configured.
Procedure
l Run the display rip [ process-id | vpn-instance vpn-instance-name ] command to check
the running status and configuration of RIP.
l Run the display rip process-id database command to check all activated routes in the RIP
database.
l Run the display rip process-id route command to check all the RIP routes that are learned
from other routers..
----End
Example
Run the display rip process-id database command, and you can view information about the
database of the specified RIP process.
<HUAWEI> display rip 100 database
---------------------------------------------------
Advertisement State : [A] - Advertised
[I] - Not Advertised/Withdraw
---------------------------------------------------
10.0.0.0/8, cost 0, ClassfulSumm
10.1.1.0/24, cost 0, [A], Imported
10.10.10.0/24, cost 0, [A], Rip-interface
10.137.220.0/23, cost 1, [A], nexthop 10.10.10.2
Applicable Environment
In practice, to meet the requirements of a complex network, it is required to control the receiving
of RIP routing information accurately. After performing configuration procedures in this section,
you can:
l Import external routes from various routing protocols and filter the imported routes.
Pre-configuration Tasks
Before configuring a router to control the receiving of RIP routing information, complete the
following tasks:
l Configuring IP addresses for interfaces to ensure that neighboring nodes are reachable at
the network layer
l Configuring Basic RIP Functions
Data Preparation
To control the receiving of RIP routing information, you need the following data.
No. Data
Context
By default, an interface is allowed to receive RIP Update packets.
Perform the following steps on the RIP router:
Procedure
Step 1 Run:
system-view
----End
Context
In certain situations, a router may receive a large number of host routes from the same network
segment. These routes are not required in route addressing, but consume many network
resources. You can configure the router to refuse to accept host routes by disabling RIP from
accepting host routes.
Procedure
Step 1 Run:
system-view
Step 2 Run:
rip [ process-id ]
Step 3 Run:
undo host-route
NOTE
undo host-route command will not be effective in RIP version 2. By default, RIP version 2 always supports
host-route.
----End
Context
The router can filter routing information. To filter the imported and advertised routes, you can
configure inbound and outbound routing policies by specifying ACLs and IP prefix lists.
You can also configure the router to receive RIP packets only from a specified neighbor.
Procedure
Step 1 Run:
system-view
Step 2 Run:
rip [ process-id ]
Step 3 Depending on type of desired filtering, run one of following commands to configure RIP to filter
the received routes:
l Based on the basic ACL:
1. Run filter-policy { acl-number | acl-name acl-name } import, the learned routing
information is filtered based on an ACL.
2. Run quit, return to the system view.
3. Run acl { [ number ] acl-number1 | name acl-name basic [ number acl-number2 ] }
[ match-order { auto | config } ], the basic ACL view is displayed.
4. Run rule [ rule-id ] { deny | permit } [ fragment-type fragment-type-name | source
{ source-ip-address source-wildcard | any } | time-range time-name | vpn-instance
vpn-instance-name ] *, a rule is configured for the basic ACL.
When a filtering policy of a routing protocol is used to filter routes:
– If the action specified in an ACL rule is permit, a route that matches the rule will
be received or advertised by the system.
– If the action specified in an ACL rule is deny, a route that matches the rule will not
be received or advertised by the system.
– If a route has not matched any ACL rules, the route will not be received or advertised
by the system.
– If an ACL does not contain any rules, all routes matching the route-policy that
references the ACL will not be received or advertised by the system.
– If the ACL referenced by the route-policy does not exist, all routes matching the
route-policy will be received or advertised by the system.
– In the configuration order, the system first matches a route with a rule that has a
smaller number and then matches the route with a rule with a larger number. Routes
can be filtered using a blacklist or a whitelist:
Route filtering using a blacklist: Configure a rule with a smaller number and specify
the action deny in this rule to filter out the unwanted routes. Then, configure another
rule with a larger number in the same ACL and specify the action permit in this rule
to receive or advertise the other routes.
Route filtering using a whitelist: Configure a rule with a smaller number and specify
the action permit in this rule to permit the routes to be received or advertised by the
system. Then, configure another rule with a larger number in the same ACL and
specify the action deny in this rule to filter out unwanted routes.
l Based on the named advanced ACL:
1. Run filter-policy acl-name acl-name import, the learned routing information is filtered
based on an ACL.
2. Run quit, return to the system view.
3. Run acl name acl-name advance [ number acl-number2 ] [ match-order { auto |
config } ], the basic ACL view is displayed.
----End
Procedure
l Run the display rip [ process-id | vpn-instance vpn-instance-name ] command to check
the running status and configuration of RIP.
l Run the display rip process-id database [ verbose ] command to check all activated RIP
routes in the database.
l Run the display rip process-id interface [ interface-type interface-number ] [ verbose ]
command to check information about the RIP interface.
l Run the display rip process-id neighbor [ verbose ] command to check information about
RIP neighbors.
l Run the display rip process-id route command to check all the RIP routes that are learned
from other routers.
----End
Example
Run the display rip process-id database command, and you can view information about the
database of the specified RIP process. For example:
<HUAWEI> display rip 100 database
---------------------------------------------------
Advertisement State : [A] - Advertised
[I] - Not Advertised/Withdraw
---------------------------------------------------
10.0.0.0/8, cost 0, ClassfulSumm
10.1.1.0/24, cost 0, [A], Imported
10.10.10.0/24, cost 0, [A], Rip-interface
10.137.220.0/23, cost 1, [A], nexthop 10.10.10.2
Applicable Environment
RIP-2 is a type of classless routing protocol. A RIP-2 packet carries subnet mask information.
Deploying a RIP-2 network saves IP addresses. For a network on which the IP addresses of
devices are not consecutive, only RIP-2 can be deployed, whereas RIP-1 cannot be deployed.
RIP-2 features include:
Pre-configuration Tasks
Before configuring RIP-2 features, complete the following tasks:
Data Preparation
To configure RIP-2 features, you need the following data.
No. Data
1 RIP-2 process ID
Context
Route summarization indicates that multiple subnet routes on the same natural network segment
are summarized into one route with the natural mask when being advertised to other network
segments. Therefore, route summarization reduces the network traffic and the size of the routing
table.
Route summarization is enabled for RIP-2 by default, but is invalid for RIP-1. To broadcast all
subnet routes, you can disable RIP-2 automatic route summarization.
NOTE
Route summarization is invalid when poison reverse is configured. When the summarized routes are sent
outside the natural network boundary, poison reverse in related views needs to be disabled.
Procedure
l Enable RIP-2 automatic route summarization
1. Run:
system-view
RIP-2 is configured.
4. Run:
summary [ always ]
– Enable the RIP-2 automatic route summarization when split horizon is disabled,
there is no need to configure always.
The summary command is used in the RIP view to enable classful network-based route
summarization.
l Configure RIP-2 to advertise the summary address
1. Run:
system-view
NOTE
----End
Context
RIP-2 supports the following authentication modes:
l Simple authentication
l MD5 authentication
l HMAC-SHA256 authentication
l Keychain authentication
In simple authentication mode, the unencrypted authentication key is sent in every RIP-2 packet.
Therefore, simple authentication does not guarantee security, and cannot meet the requirements
for high security.
NOTICE
When configuring an authentication password, select the ciphertext mode becasue the password
is saved in configuration files in plaintext if you select plaintext mode, which has a high risk.
To ensure device security, change the password periodically.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
The MD5 type must be specified if MD5 authentication is configured. The usual type supports private
standard authentication packets, and the nonstandard type supports IETF standard authentication packets.
----End
Result
The following section describes the changes in RIP neighbor relationships and data traffic
volume during the upgrade from RIP-1 to RIP-2 with authentication.
Scenario 1: Consider the security upgrade is required in the topology mentioned in Figure
3-1 which contains one P2P link. Security upgrade between Router A and Router B are
configured with default version.
interface1
interface2
Router A Router B
With default configuration the behavior of send and receive packets on the P2P link is similar.
interface1 on Router A: (Default version or version 1 compatible)
Send: Version 1
Receive: Version 1
Version 2 broadcast and multicast
The packet exchange between Router A and Router B is still version 1, so as above
configuration there will be no impact on packet flow.
l Step2: Configure same authentication on interface2 of Router B
interface1 on Router A: (Default version or version 1 compatible)
Send: Version 1
Receive: Version 1
Version 2 broadcast and multicast with authentication
The packet exchange between Router A and Router B is still version 1, so as above
configuration there will be no impact on packet flow.
l Step3: Configure version 2 broadcast on interface1 of Router A
interface1 on Router A: (Version 2 broadcast)
Send: Version 2 broadcast with authentication
Receive: Version 1
Version 2 broadcast and multicast with authentication
The packet exchange from Router A to Router B is version 2 broadcast with authentication.
Authentication was already configured on Router B also, so Router B will accept the packets
from Router A. The exchange from Router B to Router A is still version 1 (no
authentication). Router A is allowed to receive version 1 packets even in version 2 broadcast
mode.
l Step4: Configure version 2 broadcast on interface2 of Router B
interface1 on Router A: (Version 2 broadcast)
Send: Version 2 broadcast with authentication
Receive: Version 1
Version 2 broadcast and multicast with authentication
interface2 on Router B:
Send: Version 2 broadcast with authentication
Receive: Version 1
Version 2 broadcast and multicast with authentication
The packet exchange from Router A to Router B is version 2 multicast with authentication.
Authentication was already configured on Router B also, so Router B will accept the packets
from Router A. The exchange from Router B to Router A is version 2 broadcast with
authentication. Router A is allowed to receive version 2 broadcast packets even in version
2 mode.
l Step6: Configure version 2 on interface2 of Router B
interface1 on Router A: (Version 2)
Send: Version 2 multicast with authentication
Receive: Version 2 broadcast and multicast with authentication
On network, multicast protocol packets are advisable, since broadcast packets will be reached to
normal hosts also in that network.
Scenario2: Consider the security upgrade is required in the topology mentioned in Figure 3-2
which contains broadcast link with version 1 and version 1 compatible devices.
interface1 interface2
Router A Router B
interface3
Router C
NOTE
Assumed that there is no version is configured at process and all version configurations at interface level.
Receive: Version 1
Version 2 broadcast and multicast with authentication
At Router B, if undo rip version 1, then the version on that interface is default version or
version 1 compatible. The packets exchanged between devices are still version 1 packets,
then there may not have any issue.
l Step5: Undo rip version at Router C
interface2 on Router B: (Default version or version 1 compatible)
Send: Version 1
Receive: Version 1
Version 2 broadcast and multicast with authentication
At Router C, if undo rip version 1, then the version on that interface is default version, or
version 1 compatible. The packets exchanged between devices are still version 1 packets,
and then there may not have any issue.
l Step6: Configure rip version 2 broadcast at Router A
interface2 on Router B: (Default version or version 1 compatible)
Send: Version 1
Receive: Version 1
Version 2 broadcast and multicast with authentication
At Router A, if we configure rip version 2 broadcast, then the send version on that interface
is version 2 broadcast with authentication. Authentication on other devices was already
configured, so they will be able to receive version 2 broadcast updates from Router A. Other
devices will send version 1 updates (no authentication). Router A can receive these updates.
l Step7: Configure rip version 2 broadcast at Router C
interface2 on Router B: (Default version or version 1 compatible)
Send: Version 1
Receive: Version 1
Version 2 broadcast and multicast with authentication
At Router C, if we configure rip version 2 broadcast, then the send version on that interface
is version 2 broadcast with authentication. Authentication on other devices was already
configured, so they will be able to receive version 2 broadcast updates from Router C.
Router B will send version 1 updates (no authentication). Router A and Router C can receive
these updates.
l Step8: Configure rip version 2 broadcast at Router B
interface2 on Router B: (version 2 brooadcast)
Send: Version 2 broadcast with authentication
Receive: Version 1
Version 2 broadcast and multicast with authentication
At Router B, if we configure rip version 2 broadcast, then the send version on that interface
is version 2 broadcast with authentication. Authentication on other devices was already
configured, so they will be able to receive version 2 broadcast update from Router B. Other
devices also will send version 2 broadcast with authentication, so each device can receive
packets from other devices.
l Step9: Configure rip version 2 at Router A
interface2 on Router B: (version 2 brooadcast)
Send: Version 2 broadcast with authentication
Receive: Version 1
Version 2 broadcast and multicast with authentication
At Router A, if we configure rip version 2, then the send version on that interface is version
2 multicast with authentication. Authentication on other devices are already configured, so
they will be able to receive version 2 multicast updates from Router A. Other devices also
will send version 2 broadcast packets with authentication, so each device can receive
packets from other devices.
l Step10: Configure rip version 2 at Router C
interface2 on Router B: (version 2 brooadcast)
Send: Version 2 broadcast with authentication
Receive: Version 1
Version 2 broadcast and multicast with authentication
At Router C, if we configure rip version 2, then the send version on that interface is version
2 multicast with authentication. Authentication on other devices was already configured,
so they will be able to receive version 2 multicast updates from Router C. Router B will
send version 2 broadcast with authentication and Router A will send version 2 multicast
with authentication. So each device can receive packets from other devices.
l Step11: Configure rip version 2 at Router B
interface2 on Router B: (version 2)
Send: Version 2 multicast with authentication
Receive: Version 2 broadcast and multicast with authentication
At Router B, if we configure rip version 2, then the send version on that interface is version
2 multicast with authentication. Authentication on other devices was already configured,
so they will be able to receive version 2 multicast updates from Router B. Other devices
also will send version 2 multicast with authentication. So each device can receive packets
from other devices.
In this scenario, if we configure authentication on every device, this may cause protocol packets
drop if periodic update got triggered during authentication configuration in following cases.
In next periodic update, all RIP packets can be authenticated and received by all devices on
authenticated interfaces. There will be no traffic loss, since RIP will wait for 6 periodic updates
to consider the route as invalid. (With default timers are configured)
Prerequisites
RIP-2 features have been configured.
Procedure
l Run the display rip [ process-id | vpn-instance vpn-instance-name ] command to check
the running status and configuration of RIP.
l Run the display rip process-id database [ verbose ] command to check all activated RIP
routes in the database.
l Run the display rip process-id route command to check all the RIP routes that are learned
from other routers.
----End
Applicable Environment
On certain networks, you need to configure RIP features and optimize the performance of a RIP
network. After performing configuration procedures in this section, you can:
l Change the convergence speed of the RIP network by adjusting the values of RIP timers.
l Reduce the consumption of device resources and network bandwidth by adjusting the
number of packets to be sent by interfaces and the interval at which packets are sent.
l Configure split horizon or poison reverse to prevent routing loops.
l After the replay-protect function is enabled, neighbors can communicate after a RIP process
is restarted.
l Check the validity of packets and authenticate packets on a network demanding high
security.
l Run RIP on a link that does not support broadcast or multicast packets.
Pre-configuration Tasks
Before optimizing a RIP network, complete the following tasks:
l Configuring IP addresses for interfaces to ensure that neighboring nodes are reachable at
the network layer
l Configuring Basic RIP Functions
Data Preparation
To optimize a RIP network, you need the following data.
No. Data
1 Values of timers
2 Number of Update packets that an interface sends each time and interval for sending
an Update packet
No. Data
Context
RIP has three timers: Update timer, Age timer and Garbage-collect timer. Changing the values
of the three timers affects the RIP convergence speed. For details on timers, see corresponding
description in the chapter "RIP" in the HUAWEI NetEngine80E/40E Router Feature Description
- IP Routing.
Perform the following steps on the RIP router:
Procedure
Step 1 Run:
system-view
NOTE
By default, the Update timer is 30s; the Age timer is 180s; the Garbage-collect timer is four
times the Update timer, namely, 120s.
In practice, the Garbage-collect timer is not fixed. If the Update timer is set to 30s, the Garbage-
collect timer may range from 90s to 120s.
Before permanently deleting an unreachable route from the routing table, RIP advertises this
route (with the metric being set to 16) by periodically sending Update packets four times.
Subsequently, all the neighbors know that this route is unreachable. Because a route may not
always become unreachable at the beginning of an Update period, the Garbage-collect timer is
actually three or four times the Update timer.
----End
3.8.3 Setting the Interval for Sending Packets and the Maximum
Number of the Sent Packets
By setting the interval for sending RIP Update packets and the maximum number of Update
packets to be sent each time, you can effectively control the memory used by a Router to process
RIP Update packets.
Context
Perform the following steps on the RIP router:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
rip pkt-transmit { interval interval | number pkt-count } *
The interval for sending Update packets and the maximum number of packets sent each time
are set on the interface.
----End
Context
If both split horizon and poison reverse are configured, only poison reverse takes effect.
On Non-Broadcast Multi-Access (NBMA) networks such as frame relay (FR) and X.25
networks, if no sub-interface is configured, split horizon needs to be disabled to ensure that
routing information is transmitted correctly.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
----End
Context
If the Identification field in the last RIP packet sent before a RIP interface goes Down is X, after
the interface goes Up, the Identification field in the subsequent RIP packet sent by this interface
becomes 0. If the remote end does not receive the RIP packet with the Identification field being
0, subsequent RIP packets will be discarded until the remote end receives the RIP packet with
the Identification field being X+1. This leads to the unsynchronization and loss of RIP routing
information of both ends.
To solve this problem, you need to enable the replay-protect function so that RIP can obtain the
Identification field in the last RIP packet sent before the RIP interface goes Down and increase
the Identification field in the subsequent RIP packet by one.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
l rip authentication-mode md5 nonstandard
RIPv2 is configured to use MD5 authentication, and authentication packets use the
nonstandard packet format.
l rip authentication-mode hmac-sha256 { plain plain-text | [ cipher ] password-
key } key-id
Before running the rip replay-protect command, run the rip authentication-mode md5 nonstandard
command or the rip authentication-mode hmac-sha256 { plain plain-text | [ cipher ] password-key }
key-id in the RIP interface view to configure cryptographic authentication packets .
Step 4 Run:
rip replay-protect
NOTE
l For details of the Identification field in an IP packet, see Feature Description - IP Services.
l If you run the rip replay-protect command in the same view multiple times, only the last configuration
takes effect.
----End
Context
Perform the following steps on the RIP router:
Procedure
l Configuring the Zero Field Check for RIPv1 Packets
1. Run:
system-view
Certain fields in a RIPv1 packet must be 0s, and these fields are called zero fields.
RIPv1 checks the zero fields on receiving a packet. If the value of any zero field in a
RIPv1 packet is not 0, this packet is not processed.
As a RIPv2 packet does not contain any zero field, configuring the zero field check
is invalid in RIPv2.
l Configuring the Source Address Check for RIP Update Packets
1. Run:
system-view
When receiving a packet, RIP checks the source address of the packet. If the packet
fails in the check, it is not processed.
----End
Context
Generally, RIP sends packets by using broadcast or multicast addresses. If RIP needs to run on
the links that do not support the forwarding of broadcast or multicast packets, you need to
configure the devices at both ends of the link as each other's neighbor.
Procedure
Step 1 Run:
system-view
Step 2 Run:
rip [ process-id ]
Step 3 Run:
peer ip-address
----End
Context
In a network demanding higher security, you can enable GTSM to improve the security of the
RIP network. GTSM defends against attacks by checking the TTL value. If an attacker simulates
RIP unicast packets and keeps sending them to a router, an interface board on the router receives
the packets and directly sends them to the main control board for RIP processing, without
checking the validity of the packets. In this case, the router is busy processing these packets,
causing high usage of the CPU. GTSM protects the routers and enhances the system security by
checking whether the TTL value in the IP packet header is in a pre-defined range.
Procedure
Step 1 Run:
system-view
Step 2 Run:
rip valid-ttl-hops valid-ttl-hops-value [ vpn-instance vpn-instance-name ]
NOTE
The valid TTL range of the detected packets is [ 255 -valid-ttl-hops-value + 1, 255 ].
----End
Prerequisites
The RIP network optimization has been configured.
Procedure
l Run the display rip [ process-id | vpn-instance vpn-instance-name ] command to check
the running status and configuration of RIP.
l Run the display rip process-id database [ verbose ] command to check all activated RIP
routes in the database.
l Run the display rip process-id interface [ interface-type interface-number ] [ verbose ]
command to check information about the RIP interface.
l Run the display rip process-id neighbor [ verbose ] command to check information about
RIP neighbors.
l Run the display rip process-id route command to check all the RIP routes that are learned
from other routers.
----End
Example
Run the display rip process-id interface [ interface-type interface-number ] [ verbose ]
command, and you can view RIP information about the specified interface. The command output
shows that the interface status is Up.
<HUAWEI> display rip 1 interface GigabitEthernet1/0/0
------------------------------------------------------------------
Interface IP Address State Protocol MTU
------------------------------------------------------------------
GE 1/0/0 1.1.1.2 UP RIPv1 Compatible 500
Applicable Environment
To avoid traffic interruption and route flapping caused by master/slave switchover, you can
enable RIP graceful restart (GR). GR is a technology used to ensure normal traffic forwarding
and non-stop forwarding of key services during the restart of routing protocols.
After a RIP process is restarted through GR, the Restarter and the Helper re-establish the
neighbor relationship and update the routing table and forwarding table. This ensures non-stop
traffic forwarding and stabilizes the network topology. During RIP GR, except the neighbor of
the device where master/slave switchover occurs, other routers do not detect the route change.
NOTE
In practice, you can configure RIP GR on the device with two main control boards to prevent service
forwarding from being affected by the fault on one main control board.
Pre-configuration Tasks
Before configuring RIP GR, complete the following tasks:
l Configuring IP addresses for interfaces to ensure that neighboring nodes are reachable at
the network layer
l Configuring basic RIP functions, establish the neighbor relationship successfully
Data Preparation
To configure RIP GR, you need the following data
No. Data
1 RIP process ID
Context
Perform the following steps on the router to be enabled with GR:
Procedure
Step 1 Run:
system-view
RIP GR is enabled.
When most routers on a network do not support RIP GR, setting wait-time time to a larger value
is recommended. This ensures that the Restarter has enough time to learn correct routes.
----End
Follow-up Procedure
If the Restarter finishes GR within the GR period specified by period period, the Restarter
automatically exits from GR. Otherwise, the Restarter is forced to exit from GR.
Prerequisites
RIP GR has been configured.
Procedure
l Run the display rip process-id graceful-restart [ verbose ] command to check the status
of RIP GR.
----End
Example
Run the display rip 1 graceful-restart command, and you can view the GR configuration of
RIP process 1.
<HUAWEI> display rip 1 graceful-restart
Restart mode : Restarting
Restart status : In Progress - Waiting for updates
Last complete reason : None
Update progress summary:
------------------------
Restart capable peers : 0
Completed: 0 Inprogress: 0
Restart incapable peers: 1
Completed: 0 Inprogress: 1
Update period finishes in 293 seconds
Applicable Environment
Generally, RIP uses timers to receive and send Update messages to maintain neighbor
relationships. If a RIP device does not receive an Update message from a neighbor after the Age
timer expires, the RIP device will announce that this neighbor goes Down. The default value of
the Age timer is 180s. If a link fault occurs, RIP can detect this fault after 180s. If high-rate data
services are deployed on a network, a great deal of data will be lost during the aging time.
BFD provides millisecond-level fault detection. It can rapidly detect faults in protected links or
nodes and report them to RIP. This speeds up RIP processes's response to network topology
changes and achieves rapid RIP route convergence.
In BFD for RIP, BFD session establishment is triggered by RIP. When establishing a neighbor
relationship, RIP will send detection parameters of the neighbor to BFD. Then, a BFD session
will be established based on these detection parameters. If a link fault occurs, the local RIP
process will receive a neighbor unreachable message within seconds. Then, the local RIP device
will delete routing entries in which the neighbor relationship is Down and use the backup path
to transmit messages.
Either of the following methods can be used to configure BFD for RIP:
l Enable BFD in a RIP process: This method is recommended when BFD for RIP needs to
be enabled on most RIP interfaces.
l Enable BFD on RIP interfaces: This method is recommended when BFD for RIP needs
to be enabled on a small number of RIP interfaces.
Pre-configuration Tasks
Before configuring BFD for RIP, complete the following tasks:
l Assigning an IP address to each interface to ensure reachability between neighboring nodes
at the network layer
l Configuring Basic RIP Functions
Data Preparation
To complete the configuration, you need the following data.
No. Data
Procedure
l Enable BFD in a RIP process.
1. Run:
system-view
The values of BFD parameters used to establish the BFD session are set.
BFD parameter values are determined by the actual network situation and network
reliability requirement.
– If links have a high reliability requirement, reduce the interval at which BFD
packets are sent.
– If links have a low reliability requirement, increase the interval at which BFD
packets are sent.
Running the bfd all-interfaces command changes BFD session parameters on all RIP
interfaces. The default detection multiplier and interval at which BFD packets are sent
are recommended.
7. (Optional) Perform the following operations to prevent an interface in the RIP process
from establishing a BFD session:
– Run the quit command to return to the system view.
– Run the interface interface-type interface-number command to enter the view of
a specified interface.
– Run the rip bfd block command to prevent the interface from establishing a BFD
session.
l Enable BFD on RIP interfaces.
1. Run:
system-view
The values of BFD parameters used to establish the BFD session are set.
----End
Context
Establishing BFD sessions between RIP neighbors can rapidly detect faults on links and speed
up response of RIP to network topology changes. Static BFD implements the following
functions:
l One-arm BFD: If some devices on a network support BFD but some do not, configure one-
arm BFD to implement fault detection.
l Two-arm BFD: If all the devices on a network support BFD, configure two-arm BFD to
implement fault detection.
Static BFD must be enabled using a command and session parameters are also set using
commands.
Pre-configuration Tasks
Before configuring static BFD for RIP, complete the following tasks:
l Assigning an IP address to each interface to ensure IP connectivity
l Configuring basic RIP functions
Data Preparation
To complete the configuration, you need the following data:
No. Data
1 ID of a RIP process
Procedure
Step 1 Enable BFD globally.
1. Run:
system-view
If a peer IP address and a local interface are specified, BFD detects only a single-hop link,
that is, a route with the interface specified in the bfd command as the outbound interface
and with the peer IP address specified in the peer-ip command as the next-hop address.
2. Run:
discriminator local discr-value
If a peer IP address and a local interface are specified, BFD detects only a single-hop link,
that is, a route with the interface specified in the bfd command as the outbound interface
and with the peer IP address specified in the peer-ip command as the next-hop address.
2. Set discriminators.
l Run:
discriminator local discr-value
The local discriminator must be the remote discriminator of the device on the other end;
otherwise, a BFD session cannot be established. The local and remote discriminators cannot
be modified after being configured.
NOTE
local discr-value set on the local device is the same as that of remote discr-value set on the remote
device.remote discr-value set on the local device is the same as that of local discr-value set on the
remote device.
3. Run:
commit
----End
Applicable Environment
After performing configuration procedures in this section, you can bind RIP to a MIB.
Pre-configuration Tasks
Before configuring the network management function in RIP, complete the following tasks:
l Configuring IP addresses for interfaces to ensure that neighboring nodes are reachable at
the network layer
l Configuring Basic RIP Functions
Data Preparation
None.
Context
Perform the following steps on the RIP router:
Procedure
Step 1 Run:
system-view
Step 2 Run:
rip mib-binding process-id
This command is used to bind a RIP process ID to MIBs and specify the ID of the RIP process
that accepts Simple Network Management Protocol (SNMP) requests.
----End
Prerequisites
The network management function in RIP has been configured.
Procedure
Step 1 Run the display current-configuration command to check the parameters that take effect on
the router.
----End
Context
NOTICE
The RIP neighbor relationship is deleted after you reset RIP connections with the reset rip
command. Exercise caution when running this command.
To reset RIP connections, run the following reset commands in the user view.
Procedure
l Run the reset rip process-id configuration command in the user view to reset the
parameters of the specified RIP process. When the RIP process starts, all parameters use
default values.
----End
Context
NOTICE
RIP information cannot be restored after it is cleared. Exercise caution when running the
commands.
To clear RIP information, run the following reset command in the user view.
Procedure
l Run the reset rip process-id statistics [ interface { all | interface-type interface-number
[ neighbor neighbor-ip-address ] } ] command in the user view to clear statistics about the
counter that is maintained by a specified RIP process.
----End
Examples in this document use interface numbers and link types of the NE40E-X8. In real world situations,
the interface numbers and link types may be different from those used in this document.
Networking Requirements
As shown in Figure 3-3, it is required that RIP be enabled on all interfaces of Router A, Router
B, Router C, and Router D and the routers interconnect with each other by using RIP-2.
Figure 3-3 Networking diagram for configuring the RIP version number
RouterC
POS2/0/0
172.16.1.2/24
POS2/0/0
POS1/0/0 172.16.1.1/24 POS3/0/0
192.168.1.1/24 10.1.1.2/24
POS1/0/0 POS3/0/0
RouterA 192.168.1.2/24 RouterB 10.1.1.1/24 RouterD
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure an IP address for each interface to ensure that neighboring nodes are reachable
at the network layer.
2. Enable RIP on each router and configure basic RIP functions.
3. Configure RIP-2 on each router and check information about classless routes.
Data Preparation
To complete the configuration, you need the following data:
l Network segment (192.168.1.0) to be enabled with RIP on Router A
l Network segments (192.168.1.0, 172.16.0.0, and 10.0.0.0) to be enabled with RIP on Router
B
l Network segment (172.16.0.0) to be enabled with RIP on Router C
l Network segment (10.0.0.0) to be enabled with RIP on Router D
l RIP-2 on Router A, Router B, Router C, and Router D
Procedure
Step 1 Configure an IP address for each interface.
The configuration details are not described here.
Step 2 Configure basic RIP functions.
# Configure Router A.
[RouterA] rip
[RouterA-rip-1] network 192.168.1.0
[RouterA-rip-1] quit
# Configure Router B.
[RouterB] rip
[RouterB-rip-1] network 192.168.1.0
[RouterB-rip-1] network 172.16.0.0
[RouterB-rip-1] network 10.0.0.0
[RouterB-rip-1] quit
# Configure Router C.
[RouterC] rip
[RouterC-rip-1] network 172.16.0.0
[RouterC-rip-1] quit
# Configure Router D.
[RouterD] rip
[RouterD-rip-1] network 10.0.0.0
[RouterD-rip-1] quit
The preceding display shows that the routes advertised by RIP-1 carry natural masks.
The preceding display shows that the routes advertised by RIPv2 carry subnet masks.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 192.168.1.1 255.255.255.0
#
rip 1
version 2
network 192.168.1.0
#
return
Networking Requirements
As shown in Figure 3-4, two RIP processes, RIP 100 and RIP 200, run on Router B. Router B
exchanges routing information with Router A and Router C through RIP 100 and RIP 200
respectively.
It is required that the two RIP processes of Router B import RIP routes from each other. The
cost of the routes imported from RIP 200 defaults to 3.
In addition, a filtering policy needs to be configured on Router B to filter out the route
192.168.4.0/24 imported from RIP 200 and prevent it from being advertised to Router A.
Figure 3-4 Networking diagram for configuring RIP to import external routes
GE2/0/0
192.168.0.1/24
POS1/0/0 POS1/0/0 GE2/0/0
192.168.1.1/24 192.168.2.2/24 192.168.3.1/24
POS1/0/0 POS2/0/0 GE3/0/0
RouterA 192.168.1.2/24 192.168.2.1/24 RouterC 192.168.4.1/24
RIP 100 RouterB RIP 200
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable RIP 100 and RIP 200 on each router and specify network segments.
2. Configure the two RIP processes on Router B to import routes from each other and set the
default cost of the routes imported from RIP 200 to 3.
3. Configure an ACL on Router B to filter the routes imported from RIP 200.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure an IP address for each interface.
# Enable two RIP processes, RIP 100 and RIP 200, on Router B.
[RouterB] rip 100
[RouterB-rip-100] network 192.168.1.0
[RouterB-rip-100] quit
[RouterB] rip 200
[RouterB-rip-200] network 192.168.2.0
[RouterB-rip-200] quit
# Check the routing table of Router A after the routes are imported. The routes to network
segments 192.168.2.0/24, 192.168.3.0/24, and 192.168.4.0/24 are imported to RIP.
[RouterA] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
# Configure an ACL on Router B and set a rule to deny the packets with the source address being
192.168.4.0/24.
[RouterB] acl 2000
[RouterB-acl-basic-2000] rule deny source 192.168.4.0 0.0.0.255
[RouterB-acl-basic-2000] rule permit
[RouterB-acl-basic-2000] quit
# Filter out the route 192.168.4.0/24 imported from RIP 200 on Router B according to the ACL
rule.
[RouterB] rip 100
[RouterB-rip-100] filter-policy 2000 export
# Check the routing table of Router A after the filtering. The route to 192.168.4.0/24 does not
exist in the routing table. This means that the route is filtered out.
[RouterA] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 9 Routes : 9
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.0.0/24 Direct 0 0 D 192.168.0.1 GigabitEthernet2/0/0
192.168.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.0.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/0
192.168.1.0/24 Direct 0 0 D 192.168.1.1 Pos1/0/0
192.168.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.1/32 Direct 0 0 D 127.0.0.1 Pos1/0/0
192.168.2.0/24 RIP 100 4 D 192.168.1.2 Pos1/0/0
192.168.3.0/24 RIP 100 4 D 192.168.1.2 Pos1/0/0
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 192.168.0.1 255.255.255.0
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
Networking Requirements
RIP detects neighbor status by sending Update packets periodically. By default, if receiving no
Update packets from its neighbor within six update intervals (180s), RIP considers its neighbor
Down. That is, RIP needs to take 180s to detect a link fault.
With the development of technologies, voice, video, and other VOD services are widely used.
These services are quite sensitive to packet loss and delay. Long-time fault detection will cause
packet loss. This cannot meet high reliability requirements of the carrier-class network. BFD
for RIP is used to resolve the problem. After BFD for RIP is configured, the link status can be
rapidly detected and fault detection can be completed in milliseconds. This speeds up RIP
convergence when the link status changes.
Because some devices on the network do not support BFD, One-Arm static BFD becomes very
important. One-Arm static BFD enables a device supporting BFD to create a BFD session with
another device that does not support BFD. It detects link faults quickly and accelerates network
convergence.
GE2/0/0 GE1/0/0
3.3.3.2/24 4.4.4.2/24
RouterC
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic RIP functions on each router to set up RIP neighbor relationships.
2. Enable global BFD on Router A. Enable One-Arm static BFD on the interface connecting
Router A and Router B.
Data Preparation
To complete the configuration, you need the following data:
l On Router A: RIP process ID (1), RIP version number (2), IP address of GE 1/0/0
(2.2.2.1/24), and IP address of GE 2/0/0 (3.3.3.1/24)
l On Router B: RIP process ID (1), RIP version number (2), IP address of GE 1/0/0
(2.2.2.2/24), IP address of GE 2/0/0 (4.4.4.1/24), IP address of GE3/0/0 3/0/0
(172.16.1.1/24)
l On Router C: RIP process ID (1), RIP version number (2), IP address of GE 1/0/0
(4.4.4.2/24), and IP address of GE 2/0/0 (3.3.3.2/24)
l On Router D: RIP process ID (1), RIP version number (2), and IP address of GE 1/0/0
(172.16.1.2/24)
l Local BFD discriminator on Router A (local1)
l Minimum interval at which Router A receives BFD control packets from Router B
Procedure
Step 1 Configure an IP address for each interface.
Configure IP addresses according to Figure 3-5 and Data Preparation. For details about the
configuration, see the configuration file.
Step 2 Configuring basic RIP functions.
# Configure Router A.
<RouterA> system-view
[RouterA] rip 1
[RouterA-rip-1] version 2
[RouterA-rip-1] network 2.0.0.0
[RouterA-rip-1] network 3.0.0.0
[RouterA-rip-1] quit
# Configure Router B.
<RouterB> system-view
[RouterB] rip 1
[RouterB-rip-1] version 2
[RouterB-rip-1] network 2.0.0.0
[RouterB-rip-1] network 4.0.0.0
[RouterB-rip-1] network 172.16.0.0
[RouterB-rip-1] quit
# Configure Router C.
<RouterC> system-view
[RouterC] rip 1
[RouterC-rip-1] version 2
[RouterC-rip-1] network 3.0.0.0
[RouterC-rip-1] network 4.0.0.0
[RouterC-rip-1] quit
# Configure Router D.
<RouterD> system-view
[RouterD] rip 1
[RouterD-rip-1] version 2
[RouterD-rip-1] network 172.16.0.0
[RouterD-rip-1] quit
# After the configurations are complete, run the display rip neighbor command, and you can
see that RIP neighbor relationships among Router A, Router B, and Router C have been
established. Take the display on Router A as an example.
# Run the display ip routing-table command, and you can see that routers have learned routes
from each other. Take the display on Router A as an example.
[RouterA] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 9
The routing table shows that the next-hop IP address of the route destined for 172.16.0.0/16 is
2.2.2.2, the outbound interface is GigabitEthernet 1/0/0, and traffic is transmitted along the
primary link Router A →Router B.
# After the configurations are completed, run the display bfd sessionall command on Router A
and you can see that a static BFD session is set up.
[RouterA] display bfd session all
----------------------------------------------------------------------------------
---------
NOTE
The routing table shows that the secondary link Router A → Router C → Router B starts to be
used after the primary link fails. The next-hop IP address of the route destined for 172.16.0.0/16
is 3.3.3.2 and the outbound interface is GE 2/0/0.
----End
Configuration files
l Configuration file of Router A
#
sysname RouterA
#
bfd
#
interface gigabitethernet1/0/0
undo shutdown
ip address 2.2.2.1 255.255.255.0
rip bfd static
#
interface gigabitethernet2/0/0
undo shutdown
ip address 3.3.3.1 255.255.255.0
#
rip 1
version 2
network 2.0.0.0
network 3.0.0.0
#
bfd 1 bind peer-ip 2.2.2.2 interface gigabitethernet1/0/0 one-arm-echo
discriminator local 1
min-echo-rx-interval 200
commit
#
return
Networking Requirements
A RIP device periodically sends Update packets to a neighbor to detect neighbor reachability.
By default, if a RIP device does not receive an Update packet from a neighbor within six Update
periods (180s), the RIP device will consider that the neighbor goes Down. This means that RIP
can detect a link fault only after 180s.
As technologies develop, voice, video, and other video on demand (VoD) services are widely
applied. These services are quite sensitive to packet loss and delay. Long-time fault detection
will cause a large amount of data to be lost. As a result, the requirement of carrier-class networks
for high reliability cannot be met. BFD for RIP can be deployed to address this problem. After
BFD for RIP is configured, link fault detection can be completed in milliseconds. This speeds
up RIP convergence when the link status changes.
On the network shown in Figure 3-6, active/standby links are deployed. Link Router A-
>Router B functions as the active link and link Router A->Router C->Router B functions as the
standby link. Normally, service traffic is transmitted along the active link. It is required that
faults in the active link be quickly detected and services be rapidly switched to the standby link.
BFD for RIP can be configured. BFD is used to detect the RIP neighbor relationship between
Router A and Router B. When the link between Router A and Router B fails, BFD can rapidly
detect the failure and report it to RIP. This allows service traffic to be quickly switched to the
standby link.
GE2/0/0 GE1/0/0
3.3.3.2/24 4.4.4.2/24
RouterC
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic RIP functions on each router to ensure that RIP neighbor relationships are
properly established.
2. Enable BFD globally.
3. Configure BFD on interfaces at both ends of the link between Routers A and B.
Data Preparation
To complete the configuration, you need the following data:
l Router A: RIP process ID (1), RIP version (2), IP address of GE 1/0/0 (2.2.2.1/24), and IP
address of GE 2/0/0 (3.3.3.1/24)
l Router B: RIP process ID (1), RIP version (2), IP address (2.2.2.2/24) of GE 1/0/0, IP
address (4.4.4.1/24) of GE 2/0/0, and IP address (172.16.1.1/24) of GE 3/0/0
l Router C: RIP process ID (1), RIP version (2), IP address (4.4.4.2/24) of GE 1/0/0, and IP
address (3.3.3.2/24) of GE 2/0/0
l Router D: RIP process ID (1), RIP version (2), and IP address (172.16.1.2/24) of GE 1/0/0
l Routers A and B: minimum interval (100 ms) at which BFD packets are sent or received
and local detection multiplier (10)
Procedure
Step 1 Configure an IP address for each interface.
As shown in Figure 3-6, configure an IP address for each interface based on Data
Preparation. For configuration details, see configuration files.
Step 2 Configure basic RIP functions.
# Configure Router A.
<RouterA> system-view
[RouterA] rip 1
[RouterA-rip-1] version 2
[RouterA-rip-1] network 2.0.0.0
[RouterA-rip-1] network 3.0.0.0
[RouterA-rip-1] quit
# Configure Router B.
<RouterB> system-view
[RouterB] rip 1
[RouterB-rip-1] version 2
[RouterB-rip-1] network 2.0.0.0
[RouterB-rip-1] network 4.0.0.0
[RouterB-rip-1] network 172.16.0.0
[RouterB-rip-1] quit
# Configure Router C.
<RouterC> system-view
[RouterC] rip 1
[RouterC-rip-1] version 2
[RouterC-rip-1] network 3.0.0.0
[RouterC-rip-1] network 4.0.0.0
[RouterC-rip-1] quit
# Configure Router D.
<RouterD> system-view
[RouterD] rip 1
[RouterD-rip-1] version 2
[RouterD-rip-1] network 172.16.0.0
[RouterD-rip-1] quit
# After completing the preceding operations, run the display rip neighbor command. The
command output shows that Routers A, B, and C have established neighbor relationships with
each other. In the following example, the display on Router A is used.
# Run the display ip routing-table command. The command output shows that the routers have
imported routes from each other. In the following example, the display on Router A is used.
[RouterA] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 9
The preceding command output shows that the next-hop address and outbound interface of the
route to destination 172.16.0.0/16 are 2.2.2.2 and GE 1/0/0 respectively, and traffic is transmitted
over the active link Router A->Router B.
Step 3 Configure BFD in RIP processes.
# Configure BFD on all interfaces of Router A.
[RouterA] bfd
[RouterA-bfd] quit
[RouterA] rip 1
[RouterA-rip-1] bfd all-interfaces enable
[RouterA-rip-1] bfd all-interfaces min-rx-interval 100 min-tx-interval 100 detect-
multiplier 10
[RouterA-rip-1] quit
The configuration of Router B is similar to that of Router A, and is not provided here.
# After completing the preceding operations, run the display rip bfd session command on
router A. The command output shows that routers A and B have established a BFD session and
the BFDState field value is displayed as Up. In the following example, the display on Router A
is used.
[RouterA] display rip 1 bfd session all
LocalIp :2.2.2.1 RemoteIp :2.2.2.2 BFDState :Up
TX :100 RX :100 Multiplier:10
BFD Local Dis:8192 Interface :GigabitEthernet1/0/0
DiagnosticInfo: No diagnostic information
NOTE
The link fault is simulated to check the configurations. In actual situations, the operation is not required.
[RouterB] interface gigabitethernet1/0/0
[RouterB-GigabitEthernet1/0/0] shutdown
# Check the information about the BFD session on Router A. The command output shows that
there is no BFD session between Routers A and B.
[RouterA] display rip 1 bfd session all
The preceding command output shows that the standby link Router A->Router C->Router B is
used after the active link fails, and the next-hop address and outbound interface of the route to
destination 172.16.0.0/16 are 3.3.3.2 and GE 2/0/0 respectively.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
bfd
#
interface gigabitethernet1/0/0
undo shutdown
ip address 2.2.2.1 255.255.255.0
#
interface gigabitethernet2/0/0
undo shutdown
ip address 3.3.3.1 255.255.255.0
#
rip 1
version 2
network 2.0.0.0
network 3.0.0.0
bfd all-interfaces enable
bfd all-interfaces min-tx-interval 100 min-rx-interval 100 detect-multiplier
10
#
return
undo shutdown
ip address 172.16.1.2 255.255.255.0
#
rip 1
version 2
network 172.16.0.0
#
return
4 RIPng Configuration
4.1 Introduction
RIPng is the extension of RIPv2 on IPv4 networks. Most RIP concepts apply to RIPng.
4.1 Introduction
RIPng is the extension of RIPv2 on IPv4 networks. Most RIP concepts apply to RIPng.
The Routing Information Protocol Next Generation (RIPng) protocol is an extension of RIPv2
that is applied to IPv4 networks. Most RIP-related concepts are applicable to RIPng.
Extension of RIP
For IPv6 applications, RIPng extends RIP as follows:
l UDP port number: In RIPng, UDP port number 521 is used to send and receive routing
information.
l Multicast group address: In RIPng, FF02::9 is used as the multicast group address of RIPng
routers.
l Prefix length: In RIPng, the prefix length of a destination address is 128 bits (the mask
length).
l Next-hop address: In RIPng, a next-hop address is a 128-bit IPv6 address.
l Source address: In RIPng, link-local address is used as the source address to send RIPng
Update packets.
RIPng employs the hop count to measure the distance to the destination. The distance is called
the routing metric. In RIPng, the hop count from the router to its directly connected network is
0, and the hop count from the router to a network, which can be reached through another
router, is 1. The hop count that is equal to or exceeds 16 is defined as infinity, indicating that
the destination network or host is unreachable.
By default, RIPng sends an Update packet every 30 seconds. If no Update packet is received
from a neighbor in 180 seconds, RIPng marks all the routes learned from the neighbor as
unreachable. If no Update packet is received from a neighbor in 300 seconds, RIPng deletes the
routes of the neighbor from the routing table.
To prevent routing loops, RIPng supports split horizon and poison reverse. In addition, RIPng
can import routes from other routing protocols.
Each router running RIPng manages a routing database, which contains routing entries to all
accessible destinations on a network. These routing entries contain the following information:
In the NE80E/40E, you can modify the routing policy of RIPng by configuring RIPng route
attributes. You can also control the advertising and receiving of RIPng routing information to
meet the requirements of a complex network. On certain networks, you can configure RIPng
features to optimize the RIPng network performance.
Applicable Environment
The configuration of basic RIPng functions involves the configuration of basic RIPng features.
After the configuration, the RIPng features are available.
During the RIPng configuration, you must enable RIPng in the system view first. If you run
RIPng-related commands in the interface view, these commands take effect only after RIPng is
enabled in the system view.
Pre-configuration Tasks
Before configuring basic RIPng functions, complete the following tasks:
Data Preparation
To configure basic RIPng functions, you need the following data.
No. Data
1 RIPng process ID
Context
Perform the following steps on the router to be enabled with RIPng:
Procedure
Step 1 Run:
system-view
----End
Context
Perform the following steps on the router to be enabled with RIPng:
Procedure
Step 1 Run:
system-view
NOTE
In the interface view, this command cannot be executed if IPv6 is not enabled.
This command is inapplicable to ATM interfaces.
If the router connects to other devices through multiple interfaces, repeatedly perform Step 2
and Step 3.
----End
Prerequisites
Basic RIPng functions has been configurede.
Procedure
l Run the display ripng [ process-id | vpn-instance vpn-instance-name ] command to check
the configuration of the RIPng process.
l Run the display ripng process-id route command to check all the RIPng routes that are
learned from other routers.
l Run the display default-parameter ripng command to check the default RIPng
configuration.
l Run the display ripng process-id statistics interface { all | interface-type interface-
number [ verbose | neighbor neighbor-ipv6-address ] } command to check statistics about
RIPng interfaces.
----End
Example
Run the display ripng [ process-id | vpn-instance vpn-instance-name ] command, and you can
view the configuration of the specified RIPng process.
<HUAWEI> display ripng 100
Public vpn-instance
Run the display ripng process-id route command, and you can view all activated and inactivated
RIPng routes of the specified RIPng process.
<HUAWEI> display ripng 100 route
Route Flags: R - RIPng
A - Aging, G - Garbage-collect
----------------------------------------------------------------
Run the display default-parameter ripng command, and you can view the default configuration
of the specified RIPng process.
<Router > display default-parameter ripng
--------------------------------------------------
Protocol Level Default Configurations
--------------------------------------------------
Preference : 100
Checkzero : Enabled
Default-cost : 0
Maximum Balanced Paths : 32
Update time : 30 sec Age time : 180 sec
Garbage-Collect time : 120 sec
--------------------------------------------------
Interface Level Default Configurations
--------------------------------------------------
Metricin : 0
Metricout : 1
Poison Reverse : Disabled
Split Horizon
For Broadcast and P2P Interfaces : Enabled
For NBMA Interfaces and LoopBack : Disabled
Default Route : Disabled
Packet Transmit Interval : 200 msecs
Packet Transmit Number : 30
Run the display ripng process-id statistics interface command, and you can view statistics
about the specified RIPng interface.
<HUAWEI> display ripng 1 statistics interface gigabitethernet 1/0/0
GigabitEthernet1/0/0(FE80::2E0:B9FF:FE7F:1A01)
Statistical information Last min Last 5 min Total
------------------------------------------------------------------
Periodic updates sent 5 23 259
Triggered updates sent 5 30 408
Response packet sent 10 34 434
Response packet received 15 38 467
Response packet ignored 0 0 0
Request packet sent 1 3 8
Request packet received 4 20 40
Request packet ignored 0 0 0
Applicable Environment
To meet the requirements of a complex network, you can change RIPng routing policies by
configuring RIPng route attributes. After performing configuration procedures in this section,
you can:
l Change the matching order of routing protocols by configuring the RIPng preference when
multiple routing protocols discover routes to the same destination.
l Affect route selection by changing the additional metric of a RIPng interface.
l Implement load balancing among multiple equal-cost routes.
Pre-configuration Tasks
Before configuring RIPng route attributes, complete the following tasks:
l Configuring IPv6 addresses for interfaces to ensure that neighboring nodes are reachable
at the network layer
l 3.2 Configuring Basic RIP Functions
Data Preparation
To configure RIPng route attributes, you need the following data.
No. Data
1 RIPng preference
Context
Each routing protocol has its preference, according to which a routing policy selects the optimal
route. The RIPng preference can be set manually. The greater the value is, the lower the
preference is.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ripng [ process-id ]
Step 3 Run:
preference { preference | route-policy route-policy-name } *
----End
Context
The additional route metric is the metric (hop count) to be added to the original metric of a RIPng
route.
l The ripng metricin command is used to configure a device to add an additional metric to
a received route before the device adds the route to its routing table, causing the metric of
the route in the routing table to change. Running this command affects route selection on
the device and other devices.
l The ripng metricout command is used to configure a device to add an additional metric
to a route before the device advertises the route, keeping the metric of the route in the
routing table unchanged. Running this command does not affect route selection on the local
device but will affect route selection of other devices.
You can specify the value of the metric to be added to the RIPng route that passes the filtering
policy by specifying value1 through an IPv6 ACL or an IPv6 prefix list. If a RIPng route does
not pass the filtering, its metric is increased by 1.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
ripng metricin value
Step 4 Run:
ripng metricout { value | { acl6-number | acl6-name acl6-name | ipv6-prefix ipv6-
prefix-name } value1 }
NOTE
If the router connects to other RIPng routers through multiple interfaces, repeatedly perform Step 2 to Step
4 until metrics of all links are set.
----End
Context
Perform the following steps on the RIPng router:
Procedure
Step 1 Run:
system-view
Step 2 Run:
ripng [ process-id ]
Step 3 Run:
maximum load-balancing number
NOTE
The range and default value of the maximum number of equal-cost routes may vary according to products
and protocols. You can change the range and default value after purchasing the license.
----End
Prerequisites
RIPng route attributes has been configured.
Procedure
l Run the display ripng [ process-id | vpn-instance vpn-instance-name ] command to check
the running status and configuration of RIPng.
l Run the display ripng process-id database command to check all activated routes in the
RIPng database.
l Run the display ripng process-id route command to check all the RIPng routes that are
learned from other routers.
----End
Example
# Display all the activated routes in the RIPng database.
<HUAWEI> display ripng 100 database
2001:DB8:8::8/128,
NULL0 cost 0, Imported
2001:DB8:10::/64,
via FE80::2E0:E6FF:FE1B:8242, Ethernet0/0/0, cost 1
2001:DB8:10::/64,
via FE80::2E0:E6FF:FE1B:8242, Ethernet0/0/1, cost 1
2001:DB8:10::/64,
via FE80::2E0:E6FF:FE1B:8142, Ethernet0/0/0, cost 1
2001:DB8:10::/64,
via FE80::2E0:E6FF:FE1B:8142, Ethernet0/0/1, cost 1
2001:DB8:12::/64,
Ethernet0/0/0 cost 0, RIPng-interface
# Display all the RIPng routes that are learned from other routers.
<HUAWEI> display ripng 100 route
Route Flags: R - RIPng
A - Aging, G - Garbage-collect
----------------------------------------------------------------
Context
This configuration is to configure the RIPng router to advertise the summarized IPv6 prefix
rather than specific routes on an interface.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
ripng summary-address ipv6-address prefix-length [ avoid-feedback ]
----End
Context
To access a device running a non-RIPng protocol, an RIPng-capable device needs to import
routes of the non-RIPng protocol into the RIPng network.
All the following commands can set the cost of the imported route, which are listed in descending
order of priorities.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ripng [ process-id ]
The default cost is set for the external routes imported by RIPng.
If no cost is specified, this command can be used to set the default cost for the external routes
imported by RIPng from other routing protocols.
Step 4 Run:
import-route { { ripng | isis | ospfv3 } process-id | bgp [ permit-ibgp ] | unr |
direct | static } [ [ cost cost | inherit-cost ] | route-policy route-policy-name ]
*
NOTE
Import of IBGP routes in RIPng process can lead to routing loops. Administrator should take care of routing
loops before configuring permit-ibgp.
----End
Applicable Environment
To meet the requirements of a complex network, you need to control the advertising of RIPng
routing information accurately. After performing configuration procedures in this section, you
can:
Pre-configuration Tasks
Before configuring the router to control the advertising of RIPng routing information, complete
the following tasks:
l Configuring IPv6 addresses for interfaces to ensure that neighboring nodes are reachable
at the network layer
l 3.2 Configuring Basic RIP Functions
Data Preparation
To control the advertising of RIPng routing information, you need the following data.
No. Data
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
ripng default-route { only | originate } [ cost cost ]
l only: advertises only IPv6 default routes (::/0) and suppresses the advertising of other routes.
l originate: advertises IPv6 default routes (::/0) and does not affect the advertising of other
routes.
A RIPng default route is forcibly advertised by using an Update packet through a specified
interface, regardless of whether this route exists in the IPv6 routing table.
----End
Context
When a device running RIPng is connected to a network running other routing protocols, you
can run the undo ripng output command on the interface that connects the device to the network
to prevent the interface from sending useless packets to the network.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
undo ripng output
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
ripng [ process-id ]
----End
Prerequisites
Controlling the advertising of RIPng routing information has been configured.
Procedure
l Run the display ripng process-id database command to check all activated routes in the
RIPng database.
l Run the display ripng process-id route command to check all the RIPng routes that are
learned from other routers.
----End
Example
# Display all the activated routes in the RIPng database.
<HUAWEI> display ripng 100 database
2001:DB8:8::8/128,
NULL0 cost 0, Imported
2001:DB8:10::/64,
via FE80::2E0:E6FF:FE1B:8242, Ethernet0/0/0, cost 1
2001:DB8:10::/64,
via FE80::2E0:E6FF:FE1B:8242, Ethernet0/0/1, cost 1
2001:DB8:10::/64,
via FE80::2E0:E6FF:FE1B:8142, Ethernet0/0/0, cost 1
2001:DB8:10::/64,
via FE80::2E0:E6FF:FE1B:8142, Ethernet0/0/1, cost 1
2001:DB8:12::/64,
Ethernet0/0/0 cost 0, RIPng-interface
# Display all the RIPng routes that are learned from other routers.
<HUAWEI> display ripng 100 route
Route Flags: R - RIPng
A - Aging, G - Garbage-collect
----------------------------------------------------------------
Applicable Environment
To meet the requirements of a complicated networking environment, you need to control the
receiving of RIPng routing information accurately. After performing configuration procedures
in this section, you can:
Pre-configuration Tasks
Before configuring the router to control the receiving of RIPng routing information, complete
the following tasks:
l Configuring IPv6 addresses for interfaces to ensure that neighboring nodes are reachable
at the network layer
l Configuring Basic RIPng Functions
Data Preparation
To control the receiving of RIPng routing information, you need the following data.
No. Data
Context
When a device running RIPng is connected to a network running other routing protocols, you
can run the undo ripng input command on the interface that connects the device to the network
to prevent the interface from receiving useless packets from the network.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
undo ripng input
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
ripng [ process-id ]
Step 3 Run:
l filter-policy { acl6-number | acl6-name acl6-name | } import
The imported routes are filtered based on the ACL.
Run any of the following commands as required:
– Configure a basic ACL:
1. Run:
quit
– If the ACL referenced by the route-policy does not exist, all routes matching the
route-policy will be received or advertised by the system.
– In the configuration order, the system first matches a route with a rule that has a
smaller number and then matches the route with a rule with a larger number.
Routes can be filtered using a blacklist or a whitelist:
Route filtering using a blacklist: Configure a rule with a smaller number and
specify the action deny in this rule to filter out the unwanted routes. Then,
configure another rule with a larger number in the same ACL and specify the
action permit in this rule to receive or advertise the other routes.
Route filtering using a whitelist: Configure a rule with a smaller number and
specify the action permit in this rule to permit the routes to be received or
advertised by the system. Then, configure another rule with a larger number in
the same ACL and specify the action deny in this rule to filter out unwanted
routes.
– Configure an advanced ACL:
1. Run:
quit
configure another rule with a larger number in the same ACL and specify the
action permit in this rule to receive or advertise the other routes.
Route filtering using a whitelist: Configure a rule with a smaller number and
specify the action permit in this rule to permit the routes to be received or
advertised by the system. Then, configure another rule with a larger number in
the same ACL and specify the action deny in this rule to filter out unwanted
routes.
l filter-policy ipv6-prefix ipv6-prefix-name import
The imported routes are filtered based on the prefix list.
l filter-policy route-policy route-policy-name import
The imported routes are filtered based on the route-policy.
RIPng can filter the received routes based on an IPv6 ACL, route-policy or an IPv6 prefix list.
Only the routes that meet the match conditions are added in the RIPng routing table.
----End
Prerequisites
Controlling the receiving of RIPng routing information has been configured.
Procedure
l Run the display ripng process-id database command to check all activated routes in the
RIPng database.
l Run the display ripng process-id route command to check all the RIPng routes that are
learned from other routers.
----End
Example
# Display all the activated routes in the RIPng database.
<HUAWEI> display ripng 100 database
2001:DB8:8::8/128,
NULL0 cost 0, Imported
2001:DB8:10::/64,
via FE80::2E0:E6FF:FE1B:8242, Ethernet0/0/0, cost 1
2001:DB8:10::/64,
via FE80::2E0:E6FF:FE1B:8242, Ethernet0/0/1, cost 1
2001:DB8:10::/64,
via FE80::2E0:E6FF:FE1B:8142, Ethernet0/0/0, cost 1
2001:DB8:10::/64,
via FE80::2E0:E6FF:FE1B:8142, Ethernet0/0/1, cost 1
2001:DB8:12::/64,
Ethernet0/0/0 cost 0, RIPng-interface
# Display all the RIPng routes that are learned from other routers.
Applicable Environment
On certain networks, you need to configure RIPng features and optimize the performance of a
RIPng network. After performing configuration procedures in this section, you can:
l Change the convergence speed of the RIPng network by adjusting RIPng timers.
l Configure split horizon and poison reverse to prevent routing loops.
Pre-configuration Tasks
Before optimizing a RIPng network, complete the following tasks:
l Configuring IPv6 addresses for interfaces to ensure that neighboring nodes are reachable
at the network layer
l Configuring Basic RIPng Functions
Data Preparation
To optimize a RIPng network, you need the following data.
No. Data
1 Values of timers
Context
NOTE
Route flapping occurs if the values of the four RIPng timers are set improperly. The relationship between
the values is as follows: update < age, update < garbage-collect. For example, if the update time is longer
than the aging time, and a RIPng route changes within the update time, the router cannot inform its neighbors
of the change on time.
By default, the Update timer is 30s; the Age timer is 180s; the Garbage-collect timer is 120s.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ripng [ process-id ]
Step 3 Run:
timers ripng update age garbage-collect
----End
4.8.3 Setting the Interval for Sending Update Packets and the
Maximum Number of Packets Sent Each Time
By setting the interval for sending packets and the maximum number of packets to be sent each
time, you can optimize the RIPng performance.
Context
Perform the following steps on the RIPng router:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
The interval for sending RIPng Update packets and the maximum number of packets sent each
time are set on the specified interface.
----End
Context
Split horizon is a method of preventing routing loops by preventing the router from advertising
a route back onto the interface from which the route is learned. On NBMA networks such as FR
networks and X.25 networks, if no sub-interface is configured, split horizon must be disabled
to ensure that routes are advertised correctly.
Poison reverse is another method of preventing routing loops by enabling the router to advertise
a route as unreachable back through the interface from which the route is learned.
If both split horizon and poison reverse are configured, only poison reverse takes effect.
Perform the following steps on the RIPng router:
Procedure
Step 1 Run:
system-view
----End
Context
Perform the following steps on the RIPng router:
Procedure
Step 1 Run:
system-view
----End
Prerequisites
Adjusting and optimizing the RIPng network performance has been configured.
Procedure
l Run the display ripng [ process-id | vpn-instance vpn-instance-name ] command to check
the configuration of the RIPng process.
l Run the display ripng process-id database [ verbose ] command to check all activated
routes in the RIPng database.
l Run the display ripng process-id interface [ interface-type interface-number ]
[ verbose ] command to check information about the RIPng interface.
l Run the display ripng process-id neighbor [ verbose ] command to check information
about RIPng neighbors.
l Run the display ripng process-id route command to check all the RIPng routes that are
learned from other routers.
----End
Applicable Environment
As networks develop rapidly, network security has become a major concern. If IPSec
authentication is configured on a RIPng network, the sent and received RIPng packets will be
authenticated, and those cannot pass authentication will be discarded. This can improve the
security of the RIPng network.
Pre-configuration Tasks
Before configuring IPSec authentication for RIPng, complete the following tasks:
Data Preparation
To configure IPSec authentication for RIPng, you need the following data.
No. Data
Context
If IPSec authentication is enabled in the RIPng view, all interfaces in the RIPng process will
perform IPSec authentication on the RIPng packets received or sent by the interfaces.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ripng [ process-id ]
Step 3 Run:
ipsec sa sa-name
----End
Context
This method is recommended if not all the interfaces in a RIPng process need to perform IPSec
authentication on packets.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
ripng ipsec sa sa-name
NOTE
The ripng ipsec sa command takes precedence over the ipsec sa command. If both commands are run in
respective views and different SA names are specified, only the configuration of the ripng ipsec sa
command takes effect.
----End
Prerequisites
After IPSec authentication is enabled in a RIPng process or on a RIPng interface, the
configuration takes effect immediately. There is no need to restart the RIPng process.
Procedure
l Run the display ripng process-id interface [ interface-type interface-number ]
[ verbose ] command to check the SA used in IPSec authentication.
l Run the display ripng process-id statistics interface { all | interface-type interface-
number [ verbose | neighbor neighbor-ipv6-address ] } command to check the number of
RIPng packets that failed authentication.
----End
Example
Run the display ripng interface command, and you can view the name of an SA used in IPSec
authentication on a RIPng interface.
<Router > display ripng 1 interface GigabitEthernet1/0/0 verbose
GigabitEthernet1/0/0
FE80::A0A:200:1
State : UP, Protocol : RIPNG, MTU : 1440
Metricin : 0
Metricout : 1
Default Route : Disabled
Poison Reverse : Disabled
Split Horizon : Enabled
Authentication : IPSEC (SA - sa1)
Run the display ripng statistics interface command, and you can view the number of RIPng
packets that failed authentication.
<Router > display ripng 1 statistics interface gigabitethernet 1/0/0
GigabitEthernet1/0/0(FE80::2E0:64FF:FE10:8142)
Statistical information Last min Last 5 min Total
------------------------------------------------------------------
Periodic updates sent 5 23 259
Triggered updates sent 5 30 408
Response packet sent 10 34 434
Response packet received 15 38 467
Response packet ignored 0 0 0
Request packet sent 1 3 8
Request packet received 4 20 40
Request packet ignored 0 0 0
Bad packets received 0 0 0
Routes received 0 0 0
Routes sent 0 0 0
Bad routes received 0 0 0
Packet send failed 0 0 0
Packet IPSEC6 Auth failed 0 0 2
Examples in this document use interface numbers and link types of the NE40E-X8. In real world situations,
the interface numbers and link types may be different from those used in this document.
Networking Requirements
As shown in Figure 4-1, the prefix length of all the IPv6 addresses is 64, and neighboring
routers are connected by using IPv6 link-local addresses.
It is required that all routers learn IPv6 routing information on the network through RIPng. In
addition, Router B is required to filter out the route imported from Router C (at 2001:DB8:3::/64)
so that this route is neither added to the routing table of Router B nor advertised to Router A.
Figure 4-1 Networking diagram for configuring RIPng to filter the received routes
GE2/0/0
2001:db8:1::1/64 GE2/0/0
POS1/0/0 POS2/0/0 2001:db8:2::1/64
POS1/0/0 POS1/0/0
RouterA RouterB RouterC GE3/0/0
2001:db8:3::1/64
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic RIPng functions on each router to ensure that the routers communicate
with each other.
2. Configure an ACL on Router B to filter the imported routes.
Data Preparation
To complete the configuration, you need the following data:
l RIPng process 1 to be enabled on each router
l ACL6 2000 to be configured on Router B to deny routes from network segment
2001:DB8:3::/64
Procedure
Step 1 Configure an IPv6 address for each interface.
The configurations details are not described here.
Step 2 Configure basic RIPng functions.
# Configure Router A.
[RouterA] ripng 1
[RouterA-ripng-1] quit
# Configure Router B.
[RouterB] ripng 1
[RouterB-ripng-1] quit
[RouterB] interface pos 1/0/0
[RouterB-Pos1/0/0] ripng 1 enable
[RouterB-Pos1/0/0] quit
[RouterB] interface pos 2/0/0
[RouterB-Pos2/0/0] ripng 1 enable
[RouterB-Pos2/0/0] quit
# Configure Router C.
[RouterC] ripng 1
[RouterC-ripng-1] quit
[RouterC] interface pos 1/0/0
[RouterC-Pos1/0/0] ripng 1 enable
[RouterC-Pos1/0/0] quit
[RouterC] interface gigabitethernet 2/0/0
[RouterC-GigabitEthernet2/0/0] ripng 1 enable
[RouterC-GigabitEthernet2/0/0] quit
[RouterC] interface gigabitethernet 3/0/0
[RouterC-GigabitEthernet3/0/0] ripng 1 enable
[RouterC-GigabitEthernet3/0/0] quit
# Check the RIPng routing table of Router B. The command output shows that the RIPng routing
table does not contain the route from network segment 2001:DB8:3::/64.
[RouterB] display ripng 1 route
Route Flags: A - Aging, G - Garbage-collect
----------------------------------------------------------------
Peer FE80::F54C:0:9FDB:1 on Pos2/0/0
Dest 2001:DB8:2::/64,
via FE80::F54C:0:9FDB:1, cost 1, tag 0, A, 14 Sec
Peer FE80::D472:0:3C23:1 on Pos1/0/0
Dest 2001:DB8:1::/64,
via FE80::D472:0:3C23:1, cost 1, tag 0, A, 25 Sec
[RouterA] display ripng 1 route
Route Flags: A - Aging, G - Garbage-collect
----------------------------------------------------------------
Peer FE80::476:0:3624:1 on Pos1/0/0
Dest 2001:DB8:2::/64,
via FE80::476:0:3624:1, cost 2, tag 0, A, 7 Sec
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
ipv6
#
interface GigabitEthernet2/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:DB8:1::1/64
ripng 1 enable
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ipv6 enable
ipv6 address auto link-local
ripng 1 enable
#
ripng 1
#
return
ipv6 enable
ipv6 address auto link-local
ripng 1 enable
#
ripng 1
filter-policy 2000 import
#
return
5 OSPF Configuration
OSPF, which is developed by the IETF, is a link-state IGP. OSPF is widely used in access
networks and MANs.
5.1 Introduction
By building OSPF networks, you can enable OSPF to discover and calculate routes in ASs.
OSPF is applicable to a large-scale network that consists of hundreds of routers.
5.2 Configuring Basic OSPF Functions
This section describes how to configure basic OSPF functions.
5.3 Configuring OSPF on the NBMA or P2MP Network
This section describes how to configure OSPF and modify attributes on the NBMA or point-to-
multipoint (P2MP) network to flexibly construct the OSPF network.
5.4 Configuring an OSPF Route Selection Rule
You can configure an OSPF route selection rule to meet requirements of complex networks.
5.5 Controlling OSPF Routing Information
You can control the advertising and receiving of OSPF routing information and import routes
of other protocols.
5.6 Configuring an OSPF Dynamic Hostname
Compared with router IDs, Open Shortest Path First (OSPF) dynamic hostnames are easier to
memorize. Therefore, using dynamic hostnames to identify routers can facilitate network
management.
5.7 Configuring an OSPF Stub Area
Configuring a non-backbone area as a stub area can reduce routing entries in the area in an AS
does not transmit routes learned from other areas in the AS or AS external routes. This reduces
bandwidth and storage resource consumption.
5.8 Configuring an NSSA
Configuring a non-backbone area on the border of an AS as an NSSA does not transmit routes
learned from other areas in the AS but external routes imported. This reduces bandwidth and
storage resource consumption on the router.
5.9 Configuring Local MT
By configuring local multicast topology (MT), you can create a proper routing table for multicast
traffic when multicast and an MPLS TE tunnel are configured on a network.
5.1 Introduction
By building OSPF networks, you can enable OSPF to discover and calculate routes in ASs.
OSPF is applicable to a large-scale network that consists of hundreds of routers.
Defined by the Internet Engineering Task Force (IETF), the Open Shortest Path First (OSPF)
protocol is an Interior Gateway Protocol (IGP) implemented on the basis of the link status.
NOTE
OSPF Features
OSPF has the following features:
l Wide applications
OSPF is applicable to networks of various sizes and even to the network consisting of
hundreds of routers.
l Fast convergence
Once the network topology changes, Update packets are transmitted to synchronize the link
state databases (LSDBs) of all the routers within the Autonomous System (AS).
l Loop-free
According to the collected link status, OSPF calculates routes with the shortest path tree
algorithm. This algorithm ensures the generation of loop-free routes.
l Area division
An AS can be divided into different areas to facilitate AS management. After the area
partition, an LSDB stores routing information only of the local area. The reduce of LSDB
size dramatically reduces memory and CPU usage. In addition, less bandwidth is consumed
because of the decrease in routing information transmitted within the AS.
l Equal-cost routes
OSPF supports multiple equal-cost routes to the same destination.
l Routing hierarchy
Four types of routing are available. They are listed in the descending order of priority: intra-
area routes, inter-area routes, Type 1 external routes, and Type 2 external routes.
l Authentication
Area-based and interface-based packet authentication guarantees the security of packet
interaction.
l Multicast
Multicast packets are transmitted only on certain types of links to reduce the interference
for some devices.
1. Based on the surrounding network topology, each OSPF device originates a Link State
Advertisement (LSA). The router then transmits Update packets containing the LSAs to
other OSPF devices.
2. Each OSPF device collects the LSAs from other devices, and all these LSAs compose the
LSDB. An LSA describes the network topology around a router, whereas an LSDB
describes the network topology of the whole AS.
3. OSPF devices transform the LSDB into a weighted directed map. The weighted directed
map reflects the topology of the entire network. All routers in the same area have the same
map.
4. According to the directed map, each router uses the Shortest Path First (SPF) algorithm to
calculate the shortest path tree, regarding itself as the root. The tree displays the routes to
each node in the AS.
Area Division
The number of routers increases with the unceasing expansion of the network scale. This leads
to a large LSDB on each router. As a result, the load of each router is very heavy. OSPF solves
this problem by dividing an AS into different areas. An area is regarded as a device group
logically. Each group is identified by an area ID. On the border of an area resides a router rather
than a link. A network segment (or a link) belongs to only one area. That is, the area to which
each OSPF interface belongs must be specified, as shown in Figure 5-1.
Area1 Area4
Area0
Area2 Area3
After area division, route aggregation can be performed on border routers to reduce the number
of LSAs advertised to other areas. Route aggregation also minimizes the influence caused by
changes in the topology.
Router Type
Routers are classified into the following types according to their locations in the AS:
l Internal routers
l Area border routers (ABRs)
l Backbone routers
l AS boundary routers (ASBRs)
Area1 Area4
Backbone
Internal Area0 Router
Router
l Broadcast: If the link layer protocol is Ethernet or FDDI, OSPF defaults the network type
to broadcast. In this type of networks, the following situations occur.
– Hello packets and packets from the Designated Router (DR) are sent in multicast mode
(224.0.0.5: indicates the reserved IP multicast addresses for OSPF devices).
– Link State Update (LSU) packets are sent to the DR in multicast mode (224.0.0.6:
indicates the reserved IP multicast address for the OSPF DR), and the DR forwards the
LSU packets to destination 224.0.0.5.
– Database Description (DD) packets, Link State Request (LSR) packets, and all
retransmission packets are sent in unicast mode.
– Link State Acknowledgement (LSAck) packets are usually sent in multicast mode
(224.0.0.5). When a router receives repeated LSAs, or the LSAs are deleted due to the
timeout of the maximum lifetime, LSAck packets are sent in unicast mode.
l Non-Broadcast Multi-Access (NBMA): If the link layer protocol is Frame Relay, ATM, or
X.25, OSPF defaults the network type to NBMA. In this type of networks, protocol packets,
such as Hello packets, DD packets, LSR packets, LSU packets, and LSAck packet, are
transmitted in unicast mode.
l Point-to-Multipoint (P2MP): A P2MP network must be forcibly changed from other
network types. In this type of networks, Hello packets are transmitted in multicast mode
(224.0.0.5); DD packets, LSR packets, LSU packets, and LSAck packets are transmitted
in unicast mode.
l Point-to-Point (P2P): If the link layer protocol is PPP, HDLC, or LAPB, OSPF defaults the
network type to P2P. In this type of networks, protocol packets, such as Hello packets, DD
packets, LSR packets, LSU packets, and LSAck packets, are transmitted in multicast mode
(224.0.0.5).
Multi-process
OSPF supports multi-process. More than one OSPF process can run on the same router because
processes are mutually independent. Route interaction between different OSPF processes is
similar to the interaction between different routing protocols.
A typical application of OSPF multi-process is to run OSPF between PEs and CEs in the VPN
where OSPF is also adopted in the backbone network. On the PEs, the two OSPF processes are
independent of each other.
Authentication
OSPF supports packet authentication. Only the OSPF packets that pass the authentication can
be received. If the packets fail to pass the authentication, the neighbor relationship cannot be
established.
l Backing up all OSPF data: After the switchover between the AMB and the SMB, OSPF
restores its normal work immediately.
l Backing up only the OSPF configuration: After the switchover between the AMB and the
SMB, OSPF performs graceful restart (GR), obtains the adjacency relationship from
neighbors, and synchronizes the LSDBs.
Smart-discover
Generally, routers periodically send Hello packets through interfaces that run OSPF, routers set
up and maintain the neighbor relationship, and elect the DR and the Backup Designated Router
(BDR) on the multi-access network (broadcast or NBMA) by exchanging Hello packets. When
establishing the neighbor relationship or electing the DR and the BDR on the multi-access
network, interfaces can send Hello packets only when the Hello timer expires. This affects the
speed for establishing the neighbor relationship and electing the DR and the BDR.
NOTE
l The interval for sending Hello packets on an interface depends on the interval for sending Hello packets
set on the interface.
l The default value of the interval for sending Hello packets varies with the network type.
l In broadcast and NBMA networks, the neighbor relationship can be established rapidly and
a DR and a BDR on the networks can be elected rapidly.
When the neighbor status becomes 2-way for the first time, or it returns to Init from the 2-
way or higher state as shown in Figure 5-3, the interface enabled with the Smart-discover
function sends Hello packets to the neighbor without waiting for the timeout of the Hello
timer when the interface finds that the status of the neighbor changes.
When the interface status of the DR and the BDR in the multi-access network changes, the
interface enabled with the Smart-discover function sends Hello packets to the network
segment and takes part in the DR or BDR election.
Attempt
(NBMA)
l On P2P and P2MP networks, the adjacency relationship can be established rapidly. The
principle is the same as that in broadcast and NBMA networks.
Local MT
When multicast and a MultiProtocol Label Switching (MPLS) Traffic Engineering (TE) tunnel
are deployed in a network simultaneously, services become unavailable because the multicast
function may be affected by the TE tunnel. This is because after the TE tunnel is enabled with
IGP Shortcut, the outgoing interface of the route calculated by IGP is not the actual physical
interface but a TE tunnel interface. According to the unicast route to the multicast source address,
a router sends a Join message through a TE tunnel interface. Routers spanned by the TE tunnel
cannot sense the Join message, and therefore multicast forwarding entries cannot be created.
The TE tunnel is unidirectional, so multicast data packets sent by the multicast source are sent
to the routers spanned by the TE tunnel through related physical interfaces. The routers, however,
do not have multicast forwarding entries. As a result, the multicast data packets are discarded.
Services therefore become unavailable.
When a network runs the OSPF protocol, you can enable OSPF local Multicast-Topology (MT)
to solve the problem of multicast traffic interruption caused by the conflict between multicast
and the TE tunnel. After local MT is enabled, multicast packets can be correctly forwarded. If
the outgoing interface of the calculated route is a TE tunnel interface of IGP-Shortcut type, a
router adds a route of the physical outgoing interface to the MIGP routing table. Multicast uses
routes in the MIGP routing table to forward packets.
NOTE
For details of local MT, refer to the chapter "IP Multicast Overview" in the HUAWEI NetEngine80E/
40E Router Feature Description - IP Multicast.
OSPF GR
When a router restarts or performs the active/standby switchover, it directly ages all routing
entries in the Forward Information Base (FIB) table. This results in route interruption. In
addition, neighboring routers remove this router from the neighbor list, and notify other
routers. This causes the re-calculation of SPF. If this router recovers within a few seconds, the
neighbor relationship becomes unstable. This results in route flapping.
After being enabled with OSPF Graceful Restart (GR), a router can ensure continuous packet
forwarding if it restarts just for abnormities. In such a case, route flapping is avoided during the
short restart of the router.
NOTE
Unless otherwise specified, "protocol restart" in this document refers to restarting OSPF in GR mode.
When a router restarts OSPF, the GR Restarter does not age the forwarding information. At the
same time, the GR Helper keeps the topology information or routes obtained from the GR
Restarter for a period. This ensures that traffic forwarding is not interrupted when protocol restart
occurs.
NOTE
For details of OSPF TE configurations, refer to the HUAWEI NetEngine80E/40E Router Configuration
Guide - MPLS.
The differences between IGP Shortcut and forwarding adjacency are as follows:
l If only forwarding adjacency is enabled, OSPF can reach the destination by using the LSP.
l If only IGP Shortcut is enabled, only the router enabled with IGP Shortcut can use the LSP.
NOTE
For detailed configuration of this feature, refer to the HUAWEI NetEngine80E/40E Router Configuration
Guide - MPLS.
In BGP MPLS VPN, many sites of one VPN can use OSPF as the internal routing protocol. The
sites, however, are handled as being from different ASs. In this way, the OSPF routes learned
on one site are transmitted as external routes to another site. This causes a heavy OSPF traffic
and some avoidable network management problems.
In the NE80E/40E implementation, you can configure domain IDs on a PE to differentiate the
VPNs where different sites reside. Different sites in one VPN consider each other as if they were
connected directly. Therefore, PEs exchange OSPF routing information as if they were directly
connected through a leased line. This improves network management and enhances the validity
of the OSPF application.
NOTE
For detailed configuration of this feature, refer to the HUAWEI NetEngine80E/40E Router Configuration
Guide - VPN.
Generally, BGP extended community attributes carry routing information over the MPLS VPN
backbone between BGP peers. OSPF running on the remote PE uses this information to generate
Type3 summary LSAs from PE to CE. These routes are considered as inter-area routes.
If a router, however, connects to PEs in its own area and establishes an intra-area route to a
particular destination, the VPN traffic always traverses the route rather than the backbone route.
This is because OSPF intra-area routes in the routing table have relatively higher priorities. To
prevent this, an unnumbered P2P sham link is configured between the PEs. This provides an
intra-area path with a lower cost to the PE.
NOTE
For configurations of OSPF sham links, refer to the HUAWEI NetEngine80E/40E Router Configuration
Guide - VPN.
OSPF-BGP
When a new router is connected to the network, or a router restarts, the network traffic may be
lost during BGP convergence. This is because the IGP route convergence is quicker than the
BGP route convergence.
If the backup link exists, OSPF-BGP linkage makes a router that restarts or a router that is
connected to the network start the stub router timer during the OSPF-BGP linkage. During the
set linkage period, the router acts as the stub router by increasing the metrics of the links in the
LSA generated by the router to 65535. Other OSPF devices are notified of not using the stub
router to forward data. This ensures that the router is not used as the spanned router. This avoids
traffic loss during traffic switchback because route convergence speed is slower than that of
OSPF.
GTSM
The Generalized TTL Security Mechanism (GTSM) refers to the generic TTL security protection
mechanism. GTSM protects services of the upper layer over the IP layer by checking whether
the TTL value in the IP header is in a pre-defined range. In applications, GTSM is designed to
protect the TCP/IP-based control plane (like routing protocols) from CPU-utilization attacks,
such as CPU overload attacks.
Applicable Environment
When OSPF is configured on multiple routers in the same area, most configuration data, such
as the timer, filter, and aggregation, must be planned uniformly in the area. Incorrect
configurations may cause neighboring routers to fail to send messages to each other or even
causing routing information congestion and self-loops.
The OSPF-relevant commands that are configured in the interface view take effect regardless
of whether OSPF is enabled. After OSPF is disabled, the OSPF-relevant commands also exist
on interfaces.
Pre-configuration Tasks
Before configuring basic OSPF functions, complete the following tasks:
Data Preparation
To configure basic OSPF functions, you need the following data.
No. Data
1 Router ID
2 OSPF process ID
Context
Before running OSPF on the router, specify a router ID for the router. The router ID is a 32-bit
unsigned integer, which identifies the router in the AS. To ensure OSPF stability, manually set
the router ID of each router during network planning.
This causes the link state database (LSDB) to unexpectedly grow. OSPF resolves this problem
by partitioning an AS into different areas. The area is regarded as a logical group and each group
is identified by an area ID. At the border of an area resides the router instead of a link. A network
segment (or a link) belongs to only one area. The area to which each OSPF interface belongs
must be specified.
There are two methods for enabling OSPF: creating an OSPF process and enabling OSPF on an
interface.
Procedure
l Create an OSPF process.
1. Run:
system-view
– The parameter process-id specifies the ID of an OSPF process. The default value
is 1.
The NE80E/40E supports OSPF multi-process. You can create different processes
for services of different types. The OSPF process ID is valid in the local area,
without affecting packet exchange with other Routers. Therefore, different
Routers can also exchange packets even though they have different process IDs.
– The parameter router-id router-id specifies the router ID of the Router.
By default, the system automatically selects an IP address of the interface as the
router ID. Assign a unique router ID for each device in an AS. Generally, you can
set the router ID to be the same as an interface IP address.
NOTE
The router ID of each OSPF process must be unique on the entire network. Otherwise,
routers cannot establish OSPF neighbor relationships, and the routing information is
incorrect.
If a router ID conflict occurs, perform either of the following operations:
l If the automatic recovery function is enabled and a router ID conflict occurs between
indirectly connected routers in one OSPF area, the system replaces the conflicted router
ID with a newly calculated one. The automatic recovery function takes effect on both
configured and automatically generated router IDs.
l The system can replace a router ID in a maximum of three attempts in case the router
ID conflict persists.
If the router ID is changed, a new router ID will take affect after the reset ospf
[ process-id ]process command is run.
– The parameter vpn-instance vpn-instance-name specifies the name of a virtual
private network (VPN) instance.
If a VPN instance is specified, the OSPF process belongs to the specified VPN
instance. Otherwise, the OSPF process belongs to public network instances.
The OSPF areas can be classified into a backbone area with the area ID of 0 and non-
backbone areas. The backbone area is responsible for forwarding inter-area routing
information. The routing information between the non-backbone areas must be
forwarded through the backbone area.
The description of an OSPF area helps identify special processes by the description
command.
4. Run:
network ip-address wildcard-mask [ description text ]
The network segments are configured to belong to the area. description is used to
configure a description for the specified OSPF network segment.
OSPF can run on an interface properly only when the following conditions are met:
– The mask length of the IP address of an interface is greater than or equal to that
specified by the network command.
NOTE
When the wildcard-mask parameter in the network command is specified as 0, if the IP
address of the interface and the IP address that is configured by the network address
command are the same, OSPF is enabled on the interface.
– The primary IP address of an interface is on the network segment specified by the
network command.
By default, OSPF uses a 32-bit host route to advertise the IP address of a loopback
interface. To advertise routes to the network segment of the loopback interface,
configure the network type as NBMA or broadcast in the interface view. For details,
see Configuring Network Types for OSPF Interfaces.
l Enable OSPF on an interface.
1. Run:
system-view
An area ID can be input in the format of a decimal integer or an IPv4 address, but
displayed in the format of IPv4 address.
----End
Context
After OSPF areas are defined, OSPF route updates between non-backbone areas are transmitted
through a backbone area. Therefore, OSPF requires that all non-backbone areas maintain the
connectivity with the backbone area and the backbone areas in different OSPF areas maintain
the connectivity with each other. In real world situations, this requirement may not be met
because of some restrictions. To resolve this problem, you can configure OSPF virtual links.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospf [ process-id ]
Step 3 Run:
area area-id
Step 4 Run:
vlink-peer router-id [ dead dead-interval | hello hello-interval | retransmit
retransmit-interval | smart-discover | trans-delay trans-delay-interval | [ simple
[ plain plain-text | [ cipher ] cipher-text ] | { md5 | hmac-md5 | hmac-sha256 }
----End
Follow-up Procedure
After virtual links are created, different default MTUs may be used on devices provided by
different vendors. To ensure consistency, the MTU is set to 0 by default when the interface sends
DD packets. For details, see Configuring an Interface to Fill in the DD Packet with the Actual
MTU.
Context
RFC 2328 and RFC 1583 define the route selection rule differently. After OSPF is enabled on
the router, specify a route selection rule based on the router configuration. The router complies
with the route selection rule defined in RFC 1583 by default. If the neighboring router complies
with the route selection rule defined in RFC 2328, configure the local router to comply with that
defined in RFC 2328. This allows all routers in the OSPF area to comply with the same route
selection rule.
Procedure
Step 1 Run:
system-view
The router is configured to comply with the route selection rule defined in RFC 2328, not RFC
1583.
By default, the router complies with route selection rule defined in RFC 1583.
----End
Context
The routing protocols may share and select the routing information because the router may run
multiple dynamic routing protocols at the same time. The system sets a priority for each routing
protocol. When multiple routing protocols are used to select routes, the route selected by the
routing protocol with a higher priority takes effect.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospf [ process-id ]
Step 3 Run:
preference [ ase ] { preference | route-policy route-policy-name } *
The default OSPF priority value is 10. When an ASE is specified, the default OSPF priority
value is 150.
----End
Context
When multiple neighboring routers are configured or a large number of LSA update packets are
flooded, the neighboring router may receive a large number of LSA update packets in a short
period. This keeps the neighboring router busy processing a burst of LSA update packets and
causes the neighboring router to unexpectedly discard Hello packets that are used to maintain
the OSPF neighbor relationships. As a result, the neighbor relationships are interrupted. After
the neighbor relationships are reestablished, more packets are to be exchanged. This intensifies
neighbor relationship interruption. To resolve this problem, you can restrict the flooding of LSA
update packets to maintain neighbor relationships.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospf [ process-id ]
Step 3 Run:
flooding-control [ number transmit-number | timer-interval transmit-interval ] *
By default, the number of LSA update packets to be flooded each time is 50, and the interval at
which LSA update packets are flooded is 30s.
After the flooding-control command is run, the flooding of LSA update packets is immediately
restricted.
If the flooding-control command is not run, the function of restricting the flooding of LSA
update packets automatically takes effect when the number of neighboring routers exceeds 256.
----End
Context
If no response is received when the maximum number of packet retransmission attempts is
reached, the neighbor relationship will be interrupted. By default, the retransmission mechanism
is disabled.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospf [ process-id ]
Step 3 Run:
retransmission-limit [ max-number ]
----End
Context
After sending an LSA packet to the neighboring router, the router waits for a response. If no
response is received within the set interval, the router retransmits the LSA packet to the
neighboring router.
Procedure
Step 1 Run:
system-view
----End
Context
The default maximum transmission unit (MTU) is 0.
After virtual links are created, different default MTUs may be used on devices provided by
different vendors. To ensure consistency, the MTU is set to 0 by default when the interface sends
DD packets.
NOTICE
Setting the MTU in a DD packet will have the neighbor relationship reestablished.
Procedure
Step 1 Run:
system-view
The interface is configured to fill in a DD packet with the interface MTU and check whether the
MTU in the DD packet from the neighboring router exceeds the MTU of the local router.
----End
Prerequisites
Basic OSPF functions have been configured.
Procedure
l Run the display ospf [ process-id ] peer command to check OSPF neighbor information.
l Run the display ospf [ process-id ] routing command to check OSPF routing table
information.
l Run the display ospf [ process-id ] lsdb command to check OSPF LSDB information.
----End
Example
Run the display ospf peer command. If the OSPF neighbor relationship is in the Full state, the
configuration succeeds.
<HUAWEI> display ospf peer
Neighbors
Run the display ospf routing command to view OSPF routing table information.
<HUAWEI> display ospf routing
OSPF Process 1 with Router ID 4.4.4.4
Routing Tables
Total Nets: 6
Intra Area: 2 Inter Area: 3 ASE: 1 NSSA: 0
Applicable Environment
As shown in Table 5-1, OSPF classifies networks into four types based on the types of link layer
protocols.
NOTE
Differentiated OSPF configurations that are applicable to the NBMA network and P2MP network are
provided in this section. The OSPF configurations not provided here are applicable to the four types of
networks.
Point-to-point On a P2P network, Hello packets, If the link layer protocol is PPP,
(P2P) DD packets, LSR packets, LSU HDLC, or Link Access Procedure
packets, and LSAck packets are Balanced (LAPB), OSPF regards
multicasted. the network as a P2P network by
default.
As shown in Table 5-1, OSPF sends packets in different manners on networks of different types.
Therefore, the difference between OSPF configurations on the networks lies in the packet
sending configurations.
Pre-configuration Tasks
Before configuring OSPF on the NBMA or P2MP network, complete the following tasks:
l Configuring IP addresses for interfaces to ensure that neighboring routers are reachable at
the network layer
l Configuring Basic OSPF Functions
Data Preparation
To configure OSPF on the NBMA or P2MP network, you need the following data.
No. Data
2 Network type
3 DR priority of an interface
No. Data
Context
By default, the physical interface type determines the network type.
The network types of the interfaces on both ends of a link must be the same; otherwise, the OSPF
neighbor relationship cannot be established. Only when the network type of one OSPF interface
is broadcast and the network type of the other OSPF interface is P2P, the two interfaces can still
set up the neighbor relationship; but cannot learn the OSPF routing information each other.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
ospf network-type { broadcast | nbma | p2mp | p2p [ peer-ip-ignore ] }
When the network type is configured for an interface, the original network type of the interface
is replaced.
The network type can be configured based on the real world situations.
l On an interface with the broadcast network type, if a router that does not support the multicast
address exists, change the network type of the interface to NBMA.
l On an interface with the NBMA network type, if the network is fully meshed or any two
routers are directly connected, change the network type of the interface to broadcast and do
not configure neighboring router information on the interface.
l On an interface with the NBMA network type, if the network is not fully meshed, change
the network type of the interface to P2MP. After that, two indirectly connected routers can
communicate through one router that can directly reach both the two routers. After the
network type of the interface is changed to P2MP, configuring neighboring router
information on the interface is unnecessary.
l If only two routers run OSPF on the same network segment, changing the network type of
the interface to P2P is recommended.
peer-ip-ignore is used to disable network segment check when IP address unnumbering is not
configured for a P2P interface changed from a broadcast interface and the interface tries to
establish an OSPF neighbor relationship. By default, if peer-ip-ignore is not specified in the
command, OSPF checks the network segment of the two ends during which an OSPF neighbor
relationship is to be established. Specifically, OSPF performs an AND operation on the local
subnet mask and the local IP address and on the local subnet mask and the remote IP address.
An OSPF neighbor relationship can be established only when the results on the two ends are the
same.
NOTE
OSPF cannot be configured on a null interface.
----End
Procedure
Step 1 (Optional) Set the network type to NBMA.
The NBMA network must be fully meshed. Any two routers on the NBMA network must be
directly reachable. In most cases, however, this requirement cannot be met. To resolve this
problem, run specific commands to forcibly change the network type to NBMA. For details, see
Configuring Network Types for OSPF Interfaces.
1. Run:
system-view
The interval at which Hello packets for polling are sent by an NBMA interface is set.
On the NBMA network, after the neighbor relationship becomes invalid, the router sends Hello
packets at an interval defined in the polling mechanism.
The interface with the network type of NBMA cannot broadcast Hello packets to discover
neighboring routers. Therefore, the IP address of a neighboring router must be configured on
the interface and whether the neighboring router can participate in DR election must be
determined on the interface.
1. Run:
quit
----End
Procedure
Step 1 Disable OSPF from checking the network mask.
The OSPF neighbor relationship cannot be established between the routers with different mask
lengths on the P2MP network. After OSPF is disabled from checking the network mask, the
OSPF neighbor relationship can be properly established.
1. Run:
system-view
A P2MP network is forcibly changed from another other type of network. For details, see
Configuring Network Types for OSPF Interfaces.
4. Run:
ospf p2mp-mask-ignore
OSPF is disabled from checking the network mask on the P2MP network.
Step 2 (Optional) Configure the router to filter the LSA packets to be sent.
When multiple links exist between two routers, you can configure the local router to filter the
LSA packets to be sent. This can reduce unnecessary LSA retransmission attempts and save
bandwidth resources.
1. Run:
quit
The local router is configured to filter the LSA packets to be sent on the P2MP
network.
b. Run:
quit
– If the ACL referenced by the route-policy does not exist, all routes matching
the route-policy will be received or advertised by the system.
– In the configuration order, the system first matches a route with a rule that has
a smaller number and then matches the route with a rule with a larger number.
Routes can be filtered using a blacklist or a whitelist:
Route filtering using a blacklist: Configure a rule with a smaller number and
specify the action deny in this rule to filter out the unwanted routes. Then,
configure another rule with a larger number in the same ACL and specify the
action permit in this rule to receive or advertise the other routes.
Route filtering using a whitelist: Configure a rule with a smaller number and
specify the action permit in this rule to permit the routes to be received or
advertised by the system. Then, configure another rule with a larger number in
the same ACL and specify the action deny in this rule to filter out unwanted
routes.
l Based on the advanced ACL:
a. filter-lsa-out peer ip-address { all | { summary acl acl-name | ase
acl acl-name | nssa acl acl-name } * }
The local router is configured to filter the LSA packets to be sent on the P2MP
network.
b. Run:
quit
configure another rule with a larger number in the same ACL and specify the
action permit in this rule to receive or advertise the other routes.
Route filtering using a whitelist: Configure a rule with a smaller number and
specify the action permit in this rule to permit the routes to be received or
advertised by the system. Then, configure another rule with a larger number in
the same ACL and specify the action deny in this rule to filter out unwanted
routes.
----End
Prerequisites
OSPF attributes on the NBMA network and P2MP network have been configured.
Procedure
l Run the either of the following command to check LSDB information.
– display ospf [ process-id ] lsdb [ brief ]
– display ospf [ process-id ] lsdb [ router | network | summary | asbr | ase | nssa |
opaque-link | opaque-area | opaque-as ] [ link-state-id ] [ originate-router
[ advertising-router-id ] | self-originate ] [ age { min-value min-age-value | max-
value max-age-value } * ]
l Run the display ospf [ process-id ] peer [ [ interface-type interface-number ] neighbor-
id | brief | last-nbr-down ] command to view neighbor information.
l Run the display ospf [ process-id ] nexthop command to check next hop information.
l Run the either of the following command to check routing table information.
– display ospf [ process-id ] routing [ ip-address [ mask | mask-length ] ] [ interface
interface-type interface-number ] [ nexthop nexthop-address ]
– display ospf [ process-id ] routing router-id [ router-id ]
l Run the display ospf [ process-id ] interface [ all | interface-typeinterface-number ]
[ verbose ] command to check interface information.
----End
Example
Run the display ospf interface command to view the network type of the interface and the
priority of the interface for DR election.
<HUAWEI> display ospf interface GigabitEthernet2/0/0
Interfaces
Applicable Environment
In real world situations, you can configure an OSPF route selection rule by setting OSPF route
attributes to meet the requirements of complex networks.
l Set the cost of an interface. The link connected to the interface with a smaller cost value
preferentially transmits routing information.
l Configure equal-cost routes to implement load balancing.
l Configure a stub router during the maintenance operations such as upgrade to ensure stable
data transmission through key routes.
l Suppress interfaces from sending or receiving packets to help select the optimal route.
l Configuring an OSPF interface to automatically adjust the link cost based on link quality
facilitates route selection control and improves network reliability.
Pre-configuration Tasks
Before configuring an OSPF route selection rule, complete the following tasks:
l Configuring IP addresses for interfaces to ensure that neighboring routers are reachable at
the network layer
l Configuring Basic OSPF Functions
Data Preparation
To configure an OSPF route selection rule, you need the following data.
No. Data
1 Interface cost
Context
After the OSPF interface costs are set, the interface with a smaller cost value preferentially
transmits routing information. This helps select the optimal route.
The OSPF interface cost can be set manually or calculated based on the interface bandwidth.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
ospf cost cost
The router generally transmits routing information using the link connected to the interface with
a smaller cost value.
If no interface cost is configured, the system automatically calculates the interface cost based
on the interface bandwidth. The calculation formula is as follows: Cost of the interface =
Bandwidth reference value/Interface bandwidth. The integer of the calculated result is the cost
of the interface. If the calculated result is smaller than 1, the cost value is 1. By default, the
bandwidth reference value is 100, in Mbit/s. Changing the bandwidth reference value can change
the cost of an interface.
1. Run:
system-view
----End
Context
If the destinations and costs of the multiple routes discovered by one routing protocol are the
same, load balancing can be implemented among the routes.
As shown in Figure 5-4, three routes between router A and router B that run OSPF have the
same costs. The three routes are equal-cost routes for load balancing.
IP Network
cos
=5 t=1
c os t 0
cost=10 cost=5
IP Network
RouterA RouterB
cos
t=8 t=7
cos
IP Network
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospf [ process-id ]
Step 3 Run:
maximum load-balancing number
When the number of equal-cost routes is greater than number specified in the maximum load-
balancing command, valid routes are selected for load balancing based on the following criteria:
1. Route preference: Routes with lower preferences are selected for load balancing. For details
about route preference configuration, see Step 4.
2. Interface index: If routes have the same priorities, routes with higher interface index values
are selected for load balancing.
3. Next hop IP address: If routes have the same priorities and interface index values, routes
with larger IP address are selected for load balancing.
NOTE
The maximum number of equal-cost routes is 32, by default, it is 32. The value range and default value of
the maximum number of equal-cost routes may vary according to the product. You can change the
maximum number and default number by purchasing a license.
When the number of equal-cost routes on the live network is greater than that specified in the
maximum load-balancing command, valid routes are randomly selected for load balancing. To
specify valid routes for load balancing, run the nexthop command to set the route preference.
Ensure that the preferences of valid routes to be used must be high.
The smaller the weight value, the higher the preference of the route. The default weight value
is 255, which indicates that load balancing is implemented regardless of the route preferences.
----End
Context
After a stub router is configured, the route on the stub router will not be preferentially selected.
After the route cost is set to the maximum value 65535, traffic generally bypasses the router.
This ensures an uninterrupted route on the router during maintenance operations such as upgrade.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospf [ process-id ]
Step 3 Run:
stub-router [ on-startup [ interval ] ]
If a router is configured as a stub router, the router keeps functioning as a stub router for 500s.
NOTE
The stub router configured in this manner is irrelevant to the router in the stub area.
----End
Context
Suppressing an interface from receiving and sending OSPF packets helps routing information
to bypass a specific router and enables the local router to reject routing information advertised
by another router. This ensures that an optimal route is provided.
For example, there are three routes between router A and router B, as shown in Figure 5-5. To
configure the route with the outbound interface of 1/0/1 to be the optimal route, suppress 1/0/0
and 1/0/2 from receiving and sending OSPF packets.
Figure 5-5 Networking diagram of suppressing an interface from receiving and sending OSPF
packets
IP Network
0
1 / 0/
P OS
POS1/0/1
IP Network
PO
S1
RouterA /0/ RouterB
2
IP Network
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospf [ process-id ]
Step 3 Run:
silent-interface { all | interface-typeinterface-number }
The same interface in different processes can be suppressed from sending and receiving OSPF
packets, but the silent-interface command is valid only for the OSPF interface in the local
process.
After an OSPF interface is configured to be in the silent state, the interface can still advertise its
direct routes. Hello packets on the interface, however, cannot be forwarded. Therefore, no
neighbor relationship can be established on the interface. This can enhance the networking
adaptability of OSPF and reduce system resource consumption.
----End
Context
A bit error refers to the deviation between a bit that is sent and the bit that is received. The bit
error rate (BER) refers to the number of bit errors divided by the total number of bits transferred
during a studied time interval. During data transmission, a high BER will degrade or even
interrupt services in extreme cases.
To prevent this problem, configure OSPF interfaces to automatically adjust link costs based on
link quality, so that unreliable links are not used by the optimal routes.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
ospf enable [ process-id ] area area-id
Step 4 Run:
link-quality low bit-error-threshold error-ratio trigger-coefficient trigger-power
resume-ratio recovery-coefficient recovery-power
The upper and lower thresholds for triggering link quality changes are set on the OSPF interface.
After you run this command, if the BER of the OSPF interface reaches or exceeds the upper
threshold, the link quality changes from good to low; if the BER of the OSPF interface reaches
or falls below the lower threshold, the link quality changes from low to good.
Step 5 Run:
ospf link-quality low incr-cost { cost | max-reachable }
The OSPF interface is configured to automatically adjust the link cost based on link quality.
NOTE
The cost parameter specifies the link cost adjustment value. After this parameter is specified:
l If the link quality changes from good to low, the link cost equals the original link cost plus the adjustment
value. The maximum link cost allowed is 65535.
l If the link quality changes from low to good, the orginal link cost applies.
----End
Prerequisites
All OSPF route selection configurations have been configured.
Procedure
l Run the display ospf [ process-id ] routing [ ip-address [ mask | mask-length ] ]
[ interface interface-type interface-number ] [ nexthop nexthop-address ] command to
check the OSPF routing table information.
l Run the display ospf [ process-id ] interface [ all | interface-type interface-number ]
[ verbose ] command to check OSPF interface information.
----End
Example
Run the display ospf [ process-id ] routing ip-address command to view the route convergence
priority.
<HUAWEI> display ospf routing 10.1.1.1
OSPF Process 1 with Router ID 1.1.1.1
Destination : 10.1.1.0/24
AdverRouter : 10.1.1.2 Area : 0.0.0.0
Cost : 1 Type : Transit
NextHop : 10.1.1.2 Interface : Ethernet1/0/0
Priority : Low Age : 00h02m43s
Applicable Environment
You can control the advertising and receiving of OSPF routing information and import routes
of other protocols.
Pre-configuration Tasks
Before controlling OSPF routing information, complete the following tasks:
l Configuring IP addresses for interfaces to ensure that neighboring routers are reachable at
the network layer
l Configuring Basic OSPF Functions
Data Preparation
To control OSPF routing information, you need the following data.
No. Data
1 Link cost
3 Name of the imported routing protocol, OSPF process ID, and default parameters
Context
To access a router running a non-OSPF protocol, an OSPF-capable router needs to import routes
of the non-OSPF protocol into the OSPF network.
OSPF provides loop-free intra-area routes and inter-area routes; however, OSPF cannot prevent
external routing loops. Therefore, exercise caution when configuring OSPF to import external
routes. For details, see "OSPF VPN" in the HUAWEI NetEngine80E/40E Router Feature
Description - IP Routing.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospf [ process-id ]
Step 3 Run:
import-route { limit limit-number | { bgp [ permit-ibgp ] | direct | unr | rip
[ process-id-rip ] | static | isis [ process-id-isis ] | ospf [ process-id-ospf ] }
[ cost cost | type type | tag tag | route-policy route-policy-name ] * }
The default values of parameters (the cost, number of routes, tag, and type) are set for imported
routes.
When OSPF imports external routes, you can set default values for some additional parameters,
such as the cost, number of routes to be imported, route tag, and route type. The route tag is used
to identify the protocol-related information. For example, it can be used to differentiate AS
numbers carried in BGP routes imported by OSPF.
By default, the cost of the external routes imported by OSPF is 1; a maximum of 2147483647
routes can be imported each time; the type of the imported external routes is Type 2; the default
tag value of the imported routes is 1.
NOTE
You can run one of the following commands to set the cost of the imported route. The following commands
are listed in descending order of priorities.
l Run the apply cost command to set the cost of a route.
l Run the import-route command to set the cost of the imported route.
l Run the default command to set the default cost of the imported route.
Routes imported using Step 3 can be advertised only when meeting filtering conditions.
2. Run:
quit
Routes imported using Step 3 can be advertised only when meeting filtering conditions.
2. Run:
quit
– If the action specified in an ACL rule is deny, a route that matches the rule will not
be received or advertised by the system.
– If a route has not matched any ACL rules, the route will not be received or advertised
by the system.
– If an ACL does not contain any rules, all routes matching the route-policy that
references the ACL will not be received or advertised by the system.
– If the ACL referenced by the route-policy does not exist, all routes matching the
route-policy will be received or advertised by the system.
– In the configuration order, the system first matches a route with a rule that has a
smaller number and then matches the route with a rule with a larger number. Routes
can be filtered using a blacklist or a whitelist:
Route filtering using a blacklist: Configure a rule with a smaller number and specify
the action deny in this rule to filter out the unwanted routes. Then, configure another
rule with a larger number in the same ACL and specify the action permit in this rule
to receive or advertise the other routes.
Route filtering using a whitelist: Configure a rule with a smaller number and specify
the action permit in this rule to permit the routes to be received or advertised by the
system. Then, configure another rule with a larger number in the same ACL and
specify the action deny in this rule to filter out unwanted routes.
l Based on the IP prefix:
Run:
filter-policy ip-prefix ip-prefix-name export [ protocol [ process-id ] ]
Routes imported using Step 3 can be advertised only when meeting filtering conditions.
l Based on the Route-Policy:
Run:
filter-policy route-policy route-policy-name export [ protocol [ process-id ] ]
Routes imported using Step 3 can be advertised only when meeting filtering conditions.
OSPF filters the imported routes. OSPF uses Type 5 LSAs to carry routes that meet the filtering
conditions and advertises these Type 5 LSAs.
You can specify the parameter protocol [ process-id ] to filter the routes of a certain routing
protocol or a certain OSPF process. If protocol [ process-id ] is not specified, OSPF filters all
imported routes.
The import-route command cannot be used to import the default route from another AS.
----End
Context
On the area border and AS border of an OSPF network generally reside multiple routers for next-
hop backup or traffic load balancing. A default route can be configured to reduce routing entries
and improve resource usage on the OSPF network.
Procedure
Step 1 Run:
system-view
To configure the parameter cost to specify the default cost of Type-3 summary LSAs, enable
VPN first.
Before advertising a default route, OSPF compares the preferences of default routes. Therefore,
if a static default route is configured on an OSPF device, to add the default route advertised by
OSPF to the current routing table, ensure that the preference of the configured static default route
is lower than that of the default route advertised by OSPF.
For details about how to configure the default route in the NSSA, see Configuring an NSSA.
----End
Context
Route summarization on a large-scale OSPF network efficiently reduces routing entries. This
minimizes system resource consumption and maintains the system performance. In addition, if
a specific link frequently alternates between Up and Down, the links not involved in the route
summarization will not be affected. This prevents route flapping and improves the network
stability.
Procedure
l Configure ABR route summarization.
1. Run:
system-view
You can specify to generate a black-hole route in the RM module by using generate-
null0-route, which is used to prevent routing loops.
l Configure ASBR route summarization.
1. Run:
system-view
OSPF is configured to refer to Type 5 LSAs that are translated from Type 7 LSAs
when it sets types and costs for summary routes on ASBRs.
You can specify to generate a black-hole route in the RM module by using generate-
null0-route, which is used to prevent routing loops.
NOTE
After route summarization is configured, the routing table on the local OSPF router remains the same.
The routing table on another OSPF router, however, contains only one summarized route, no specific
route. This summarized route is not removed until all specific routes are interrupted.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospf [ process-id ]
----End
Context
When multiple links exist between two routers, you can configure the local router to filter the
LSAs to be sent. This prevents unnecessary LSA transmission and saves bandwidth resources.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
– In the configuration order, the system first matches a route with a rule that has a
smaller number and then matches the route with a rule with a larger number. Routes
can be filtered using a blacklist or a whitelist:
Route filtering using a blacklist: Configure a rule with a smaller number and specify
the action deny in this rule to filter out the unwanted routes. Then, configure another
rule with a larger number in the same ACL and specify the action permit in this rule
to receive or advertise the other routes.
Route filtering using a whitelist: Configure a rule with a smaller number and specify
the action permit in this rule to permit the routes to be received or advertised by the
system. Then, configure another rule with a larger number in the same ACL and
specify the action deny in this rule to filter out unwanted routes.
l Based on the advanced ACL:
1. Run:
ospf filter-lsa-out { all | { summary [ acl acl-name ] | ase [ acl acl-
name ] | nssa [ acl acl-name ] } * }
Route filtering using a whitelist: Configure a rule with a smaller number and specify
the action permit in this rule to permit the routes to be received or advertised by the
system. Then, configure another rule with a larger number in the same ACL and
specify the action deny in this rule to filter out unwanted routes.
----End
Context
After filtering conditions are set for the incoming or outgoing Type 3 LSAs (Summary LSAs)
in an area, only the Type 3 LSAs that meet the filtering conditions can be received or advertised.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospf [ process-id ]
Step 3 Run:
area area-id
– If the action specified in an ACL rule is deny, a route that matches the rule will
not be received or advertised by the system.
– If a route has not matched any ACL rules, the route will not be received or
advertised by the system.
– If an ACL does not contain any rules, all routes matching the route-policy that
references the ACL will not be received or advertised by the system.
– If the ACL referenced by the route-policy does not exist, all routes matching the
route-policy will be received or advertised by the system.
– In the configuration order, the system first matches a route with a rule that has a
smaller number and then matches the route with a rule with a larger number.
Routes can be filtered using a blacklist or a whitelist:
Route filtering using a blacklist: Configure a rule with a smaller number and
specify the action deny in this rule to filter out the unwanted routes. Then,
configure another rule with a larger number in the same ACL and specify the
action permit in this rule to receive or advertise the other routes.
Route filtering using a whitelist: Configure a rule with a smaller number and
specify the action permit in this rule to permit the routes to be received or
advertised by the system. Then, configure another rule with a larger number in
the same ACL and specify the action deny in this rule to filter out unwanted
routes.
– Based on the IP prefix:
Run:
filter ip-prefix ip-prefix-name export
3. Run:
acl { [ number ] acl-number1 | name acl-name basic [ number acl-
number2 ] } [ match-order { auto | config } ]
– If the action specified in an ACL rule is permit, a route that matches the rule
will be received or advertised by the system.
– If the action specified in an ACL rule is deny, a route that matches the rule will
not be received or advertised by the system.
– If a route has not matched any ACL rules, the route will not be received or
advertised by the system.
– If an ACL does not contain any rules, all routes matching the route-policy that
references the ACL will not be received or advertised by the system.
– If the ACL referenced by the route-policy does not exist, all routes matching the
route-policy will be received or advertised by the system.
– In the configuration order, the system first matches a route with a rule that has a
smaller number and then matches the route with a rule with a larger number.
Routes can be filtered using a blacklist or a whitelist:
Route filtering using a blacklist: Configure a rule with a smaller number and
specify the action deny in this rule to filter out the unwanted routes. Then,
configure another rule with a larger number in the same ACL and specify the
action permit in this rule to receive or advertise the other routes.
Route filtering using a whitelist: Configure a rule with a smaller number and
specify the action permit in this rule to permit the routes to be received or
advertised by the system. Then, configure another rule with a larger number in
the same ACL and specify the action deny in this rule to filter out unwanted
routes.
– Based on the advanced ACL:
1. Run:
filter acl-name acl-name import
– If an ACL does not contain any rules, all routes matching the route-policy that
references the ACL will not be received or advertised by the system.
– If the ACL referenced by the route-policy does not exist, all routes matching the
route-policy will be received or advertised by the system.
– In the configuration order, the system first matches a route with a rule that has a
smaller number and then matches the route with a rule with a larger number.
Routes can be filtered using a blacklist or a whitelist:
Route filtering using a blacklist: Configure a rule with a smaller number and
specify the action deny in this rule to filter out the unwanted routes. Then,
configure another rule with a larger number in the same ACL and specify the
action permit in this rule to receive or advertise the other routes.
Route filtering using a whitelist: Configure a rule with a smaller number and
specify the action permit in this rule to permit the routes to be received or
advertised by the system. Then, configure another rule with a larger number in
the same ACL and specify the action deny in this rule to filter out unwanted
routes.
– Based on the IP prefix:
Run:
filter ip-prefix ip-prefix-name import
----End
Context
When concurrent links exist between two routers, you can enable the mesh-group function to
reduce the load on the links.
The neighboring router ID identifies each mesh group. Several concurrent links are added to a
mesh group. Flooding is implemented once in the group. You can add interfaces that meet the
following conditions to the same mesh group.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospf [ process-id ]
Step 3 Run:
mesh-group enable
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospf [ process-id ]
Step 3 Run:
lsdb-overflow-limit number
----End
Prerequisites
Controlling OSPF routing information has been configured.
Procedure
l Run either of the following commands to check routing table information.
– display ospf [ process-id ] routing [ ip-address [ mask | mask-length ] ] [ interface
interface-type interface-number ] [ nexthop nexthop-address ]
– display ospf [ process-id ] routing router-id [ router-id ]
----End
Example
Run the display ospf interface command to view the OSPF interface information.
<HUAWEI> display ospf interface GigabitEthernet2/0/0
Run the display ospf asbr-summary command to view summarization information about routes
imported by the local router.
<HUAWEI> display ospf asbr-summary
Applicable Environment
To facilitate network management, configure dynamic hostnames to identify routers. If you
configure a dynamic hostname for a router, the router generates a router information (RI) Opaque
LSA, from which you can check the mapping between the router ID and the dynamic hostname.
Pre-configuration Tasks
Before configuring a dynamic hostname, complete the following tasks:
l Configure an IP address for each interface to ensure that neighboring routers can use the
IP addresses to communicate with each other.
l Configure basic OSPF functions.
l Enable the Opaque LSA capability.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospf [ process-id ]
Step 3 Run:
opaque-capability enable
Step 4 Run:
hostname hostname
NOTE
If you specify hostname in this command, hostname is advertised as the dynamic hostname. If no
hostname is specified in this command, the device name specified in the sysname command is advertised
as the dynamic hostname.
----End
Run the display ospf hostname-table command to check information about OSPF dynamic
hostnames.
<HUAWEI> display ospf hostname-table
OSPF Process 1 with Router ID 1.2.3.4
Hostname table information
Area: 0.0.0.1
Router ID Hostname
1.2.3.4 RTR_BLR
10.1.1.1 RTR_SHANGHAI
255.255.255.254 RTR_BJI
Area: 0.0.0.2
Router ID Hostname
1.2.3.4 RTR_BLR
10.3.1.1 RTR_DELHI
AS-Scope
Router ID Hostname
10.2.1.1 RTR_SHENZHEN
255.255.255.254 RTR_BJI
Applicable Environment
The number of LSAs can be reduced by partitioning an AS into different areas. To reduce the
number of entries in the routing table and the number of LSAs to be transmitted in a non-
backbone area, configure the non-backbone area on the border of the AS as a stub area.
Configuring a stub area is optional. A stub area generally resides on the border of an AS. For
example, a non-backbone area with only one ABR can be configured as a stub area. In a stub
area, the number of entries in the routing table and the amount of routing information to be
transmitted greatly decrease.
Note the following points when configuring a stub area:
l The backbone area (Area 0) cannot be configured as a stub area.
l If an area needs to be configured as a stub area, all the routers in this area must be configured
with stub attributes using the stub command.
l An ASBR cannot exist in a stub area. External routes are not transmitted in the stub area.
l Virtual links cannot exist in the stub area.
Pre-configuration Tasks
Before configuring a stub area, complete the following tasks:
l Configuring IP addresses for interfaces to ensure that neighboring routers are reachable at
the network layer
l Configuring Basic OSPF Functions
Data Preparation
To configure a stub area, you need the following data.
No. Data
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospf [ process-id ]
Step 3 Run:
area area-id
Step 4 Run:
stub
NOTE
l All routers in a stub area must be configured with stub attributes using the stub command.
l Configuring or deleting stub attributes will update routing information in the area. Stub attributes can
be deleted or configured again only after the routing update is complete.
The ABR is prevented from sending Type 3 LSAs to the stub area.
To ensure the reachability of AS external routes, the ABR in the stub area generates a default
route and advertises the route to the non-ABR routers in the stub area.
----End
l display ospf [ process-id ] lsdb [ router | network | summary | asbr | ase | nssa | opaque-
link | opaque-area | opaque-as ] [ link-state-id ] [ originate-router [ advertising-router-
id ] | self-originate ] [ age { min-value min-age-value | max-value max-age-value } * ]
Run the display ospf [ process-id ] abr-asbr [ router-id ] command to check ASBR and ABR
information.
Applicable Environment
An NSSA is configured in the scenario where AS external routes are to be imported but not
forwarded to save system resources.
The NSSA is a new type of OSPF area. Neither the NSSA nor the stub area transmits routes
learned from other areas in the AS it resides. The stub area does not allow AS external routes to
be imported, whereas the NSSA allows AS external routes to be imported and forwarded in the
entire AS.
Type 7 LSAs are used to carry imported AS external routing information in the NSSA. Type 7
LSAs are generated by the ASBRs of NSSAs and flooded only in the NSSAs where ASBRs
reside. The ABR in an NSSA selects certain Type 7 LSAs from the received ones and translates
them into Type 5 LSAs to advertise AS external routing information to the other areas over the
OSPF network.
To configure an area as an NSSA, configure NSSA attributes on all the routers in this area.
Pre-configuration Tasks
Before configuring an NSSA, complete the following tasks:
l Configuring IP addresses for interfaces to ensure that neighboring routers are reachable at
the network layer
l Configuring Basic OSPF Functions
Data Preparation
To configure an NSSA, you need the following data.
No. Data
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospf [ process-id ]
Step 3 Run:
area area-id
Step 4 Run:
nssa [ { default-route-advertise | suppress-default-route } | flush-waiting-timer
interval-value | no-import-route | no-summary | set-n-bit | suppress-forwarding-
address | translator-always | translator-interval interval-value | zero-address-
forwarding | translator-strict ] *
NOTE
l All routers in the NSSA must be configured with NSSA attributes using the nssa command.
l Configuring or deleting NSSA attributes may trigger routing update in the area. A second configuration
of NSSA attributes can be implemented or canceled only after routing update is complete.
l The parameter default-route-advertise is used to advertise Type 7 LSAs carrying the default
route on the ABR or ASBR to the NSSA.
Type 7 LSAs carrying the default route will be generated regardless of whether the default
route 0.0.0.0 exists in the routing table on the ABR. On the ASBR, however, the default Type
7 LSA is generated only when the default route 0.0.0.0 exists in the routing table.
l When the area to which the ASBR belongs is configured as an NSSA, invalid Type 5 LSAs
from other routers in the area where LSAs are flooded will be reserved. These LSAs will be
deleted only when the aging time reaches 3600s. The router performance is affected because
the forwarding of a large number of LSAs consumes the memory resources. To resolve such
a problem, you can set the parameter flush-waiting-timer to the maximum value 3600s for
Type 5 LSAs so that the invalid Type 5 LSAs from other routers can be deleted in time.
NOTE
l When the LS age field value (aging time) in the header of an LSA reaches 3600s, the LSA is deleted.
l If an ASBR also functions as an ABR, flush-waiting-timer does not take effect. This prevents
Type 5 LSAs in the non-NSSAs from being deleted.
l If an ASBR also functions as an ABR, set the parameter no-import-route to prevent external
routes imported using the import-route command from being advertised to the NSSA.
l To reduce the number of LSAs that are transmitted to the NSSA, set the parameter no-
summary on an ABR. This prevents the ABR from transmitting Type 3 LSAs to the NSSA.
l After the parameter set-n-bit is configured, the router re-establishes neighbor relationships
with the neighboring routers in the NSSA.
l If multiple ABRs are deployed in the NSSA, the system automatically selects an ABR
(generally the router with the largest router ID) as a translator to translate Type 7 LSAs into
Type 5 LSAs. You can also configure the parameter translator-always on an ABR to specify
the ABR as an all-the-time translator. To specify two ABRs for load balancing, configure
the parameter translator-always on two ABRs to specify the ABRs as all-the-time
translators. This prevents LSA flooding caused by translator role changes.
l The parameter translator-interval is used to ensure uninterrupted services when translator
roles change. The interval-value value must be greater than the flooding period.
Step 5 (Optional)Run:
default-cost cost
To ensure the reachability of AS external routes, the ABR in the NSSA generates a default route
and advertises the route to the other routers in the NSSA.
Type 7 LSAs can be used to carry default route information to guide traffic to other ASs.
Multiple ABRs may be deployed in an NSSA. To prevent routing loops, ABRs do not calculate
the default routes advertised by each other.
----End
Applicable Environment
When multicast and an MPLS TE tunnel are configured and the TE tunnel is configured with
IGP Shortcut, the outbound interface of the route calculated by an IGP is not a physical interface
but a TE tunnel interface. The router uses the TE tunnel interface to send multicast Join messages
through a unicast route to the multicast source address. The router through which the TE tunnel
passes, however, cannot detect the multicast Join messages. As a result, multicast forwarding
entries will not be created.
To resolve this problem, enable local MT. After local MT is enabled, if the outbound interface
of the calculated route is a TE tunnel interface of the IGP Shortcut type, the route management
(RM) module creates a separate MIGP routing table for the multicast protocol, calculates the
physical outbound interface for the route, and adds the physical interface to the MIGP routing
table for multicast forwarding.
Configuring filtering conditions for local MT controls the number of routing entries in an MIGP
routing table and speeds up the MIGP routing table lookup.
Pre-configuration Tasks
Before configuring local MT, complete the following tasks:
l Configuring IP addresses for interfaces to ensure that neighboring routers are reachable at
the network layer
l Configuring Basic OSPF Functions
l Configuring a TE tunnel for the OSPF process
Data Preparation
To configure local MT, you need the following data.
No. Data
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospf [ process-id ]
Step 3 Run:
local-mt enable
Local MT is enabled.
NOTE
After an MIGP routing table is created, OSPF calculates routes. When an IGP Shortcut-capable
TE tunnel interface is calculated as the outbound interface, the router saves the physical interface
on which the tunnel interface is configured as the outbound interface in the MIGP routing table
for multicast packet forwarding.
To control the number of entries in the MIGP routing table and speed up the MIGP routing table
search, configure filtering conditions to allow only the matching routes to the multicast source
address to be added to the MIGP routing table.
Multiple routes to a non-multicast source address may be added to a MIGP routing table, causing
the number of entries to exceed the upper limit. Therefore, configure a routing policy before
enabling local MT is recommended.
----End
Run the following command to view information about the physical interface in the MIGP
routing table.
<HUAWEI> display ospf migp-routing
OSPF Process 1 with Router ID 3.3.3.3
MIGP Routing Tables
Total Nets: 4
Intra Area: 4 Inter Area: 0 ASE: 0 NSSA: 0
Applicable Environment
OSPF enables the router to periodically send Hello packets to a neighboring router for fault
detection. Detecting a fault takes more than 1s. As technologies develop, voice, video, and other
VOD services are widely used. These services are quite sensitive to packet loss and delays. When
traffic is transmitted at gigabit rates, long-time fault detection will cause packet loss. This cannot
meet high reliability requirements of the carrier-class network.
BFD for OSPF is introduced to resolve this problem. After BFD for OSPF is configured in a
specified process or on a specified interface, the link status can be rapidly detected and fault
detection can be completed in milliseconds. This speeds up OSPF convergence when the link
status changes.
Pre-configuration Tasks
Before configuring BFD for OSPF, complete the following task:
l Configuring IP addresses for interfaces to ensure that neighboring routers are reachable at
the network layer
l Configuring Basic OSPF Functions
Data Preparation
To configure BFD for OSPF, you need the following data.
No. Data
2 Type and number of the interface to be enabled with BFD for OSPF
Context
After BFD for OSPF is configured, when detecting a link fault, BFD rapidly notifies the
routers on both ends of the link of the fault, triggering rapid OSPF convergence. When the OSPF
neighbor relationship goes Down, the BFD session will be dynamically deleted.
Perform the following steps on the routers between which a BFD session is to be created.
Procedure
Step 1 Run:
system-view
Step 2 Run:
bfd
Step 3 Run:
quit
Step 4 Run:
ospf [ process-id ]
Step 5 Run:
bfd all-interfaces enable
BFD for OSPF is configured. The default parameter values are used to create a BFD session.
If all the interfaces in a certain process are configured with BFD and their neighbor relationships
are in the Full state, OSPF creates BFD sessions with default parameter values on all the
interfaces in the process.
You can skip this step. The default interval at which BFD packets are transmitted and the default
detection multiplier are recommended.
The parameters are configured based on the network status and network reliability requirements.
A short interval at which BFD packets are transmitted can be configured for a link that has a
higher requirement for reliability. A long interval at which BFD packets are transmitted can be
configured for a link that has a lower requirement for reliability.
NOTE
l Actual interval at which BFD packets are transmitted on the local router = Max { configured interval
transmit-interval at which BFD packets are transmitted on the local router, configured interval receive-
interval at which BFD packets are received on the peer router }
l Actual interval at which BFD packets are received on the local router = Max { configured interval transmit-
interval at which BFD packets are transmitted on the peer router, configured interval receive-interval at
which BFD packets are received on the local router }
l Actual time for detecting BFD packets = Actual interval at which BFD packets are received on the local
router x Configured detection multiplier multiplier-value on the peer router
For example:
l On the local router, the configured interval at which BFD packets are transmitted is 200 ms; the configured
interval at which BFD packets are received is 300 ms; the detection multiplier is 4.
l On the peer router, the configured interval at which BFD packets are transmitted is 100 ms; the interval at
which BFD packets are received is 600 ms; the detection multiplier is 5.
Then:
l On the local router, the actual interval at which BFD packets are transmitted is 600 ms calculated by using
the formula max {200 ms, 600 ms}; the interval at which BFD packets are received is 300 ms calculated by
using the formula max {100 ms, 300 ms}; the detection period is 1500 ms calculated by multiplying 300
ms by 5.
l On the peer router, the actual interval at which BFD packets are transmitted is 300 ms calculated by using
the formula max {100 ms, 300 ms}, the actual interval at which BFD packets are received is 600 ms calculated
by using the formula max {200 ms, 600 ms}, and the detection period is 2400 ms calculated by multiplying
600 ms by 4.
----End
Context
After BFD for OSPF is configured on a specified interface and the interface becomes faulty, the
router rapidly detects the fault and instructs OSPF to recalculate routes. This speeds up OSPF
convergence. When the OSPF neighbor relationship goes Down, the BFD session between OSPF
neighbors is dynamically deleted.
Procedure
Step 1 Run:
system-view
Step 2 Run:
bfd
Step 3 Run:
quit
Step 4 Run:
interface interface-type interface-number
Step 5 Run:
ospf bfd enable
BFD for OSPF is configured. The default parameter values are used to create a BFD session.
If all the interfaces in a certain process are configured with BFD and their neighbor relationships
are in the Full state, OSPF creates BFD sessions with default parameter values on specified
interfaces in the process.
NOTE
The priority of BFD for OSPF configured on an interface is higher than that of BFD for OSPF configured
for a process.
You can skip this step. The default interval at which BFD packets are transmitted and the default
detection multiplier are recommended.
The parameters are configured based on the network status and network reliability requirements.
A short interval at which BFD packets are transmitted can be configured for a link that has a
higher requirement for reliability. A long interval at which BFD packets are transmitted can be
configured for a link that has a lower requirement for reliability.
NOTE
l Actual interval at which BFD packets are transmitted on the local router = Max { configured interval
transmit-interval at which BFD packets are transmitted on the local router, configured interval receive-
interval at which BFD packets are received on the peer router }
l Actual interval at which BFD packets are received on the local router = Max { configured interval transmit-
interval at which BFD packets are transmitted on the peer router, configured interval receive-interval at
which BFD packets are received on the local router }
l Actual time for detecting BFD packets = Actual interval at which BFD packets are received on the local
router x Configured detection multiplier multiplier-value on the peer router
For example:
l On the local router, the configured interval at which BFD packets are transmitted is 200 ms; the configured
interval at which BFD packets are received is 300 ms; the detection multiplier is 4.
l On the peer router, the configured interval at which BFD packets are transmitted is 100 ms; the interval at
which BFD packets are received is 600 ms; the detection multiplier is 5.
Then:
l On the local router, the actual interval at which BFD packets are transmitted is 600 ms calculated by using
the formula max {200 ms, 600 ms}; the interval at which BFD packets are received is 300 ms calculated by
using the formula max {100 ms, 300 ms}; the detection period is 1500 ms calculated by multiplying 300
ms by 5.
l On the peer router, the actual interval at which BFD packets are transmitted is 300 ms calculated by using
the formula max {100 ms, 300 ms}, the actual interval at which BFD packets are received is 600 ms calculated
by using the formula max {200 ms, 600 ms}, and the detection period is 2400 ms calculated by multiplying
600 ms by 4.
----End
Prerequisites
All BFD for OSPF configurations have been configured.
Procedure
l Run the display ospf [ process-id ] bfd session interface-type interface-number [ router-
id ] or display ospf [ process-id ] bfd session { router-id | all } command to check
information about the BFD session between two OSPF neighbors.
----End
Example
If the BFD session is successfully created, information about BFD for OSPF shows that the BFD
session is Up on the local router.
<HUAWEI> display ospf bfd session all
Applicable Environment
With the development of networks, Voice over IP (VoIP) and on-line video services require
high-quality real-time transmission. Nevertheless, if an OSPF fault occurs, traffic can be
switched to a new link only after the following processes: fault detection at the millisecond level,
notifying the fault to the routing control plane at the millisecond level, generating and flooding
new topology information at the tens of milliseconds level, triggering SPF calculation at the tens
of milliseconds level, and notifying and installing a new route at the hundreds-of-milliseconds
level. As a result, it takes much more than 50 ms to recovery the link from the fault, which cannot
meet the requirement for real-time services on the network.
With OSPF IP FRR that calculates a backup link in advance, devices can fast switch traffic to
the backup link without interrupting traffic when the primary link becomes faulty. This protects
traffic and therefore greatly improves the reliability of OSPF networks.
OSPF IP FRR is applicable to the services that are sensitive to packet delay and packet loss.
Pre-configuration Tasks
Before configuring OSPF IP FRR, complete the following tasks:
l Configuring IP addresses for interfaces to ensure that neighboring routers are reachable at
the network layer
l Configuring Basic OSPF Functions
Data Preparation
To configure OSPF IP FRR, you need the following data.
No. Data
1 OSPF process ID
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] *
Step 3 Run:
frr
Step 4 Run:
loop-free-alternate
NOTE
OSPF can generate the loop-free backup link only when the OSPF IP FRR traffic protection inequality is
met.
The Loop-Free Alternates (LFA) algorithm is used to calculate the nexthop and outbound
interface for a backup link.
The nexthop and outbound interface of an OSPF loop-free backup link can be obtained using
either of the following methods:
l For a static backup link, after IP FRR is enabled using the ip frr command in the system
view or VPN instance view, configure a nexthop and an outbound interface for the static
backup link.
l For a dynamic backup link, after OSPF IP FRR is enabled using the loop-free-alternate
command, enable the device to use the LFA algorithm to calculate the nexthop and outbound
interface for the dynamic backup link.
By default, static backup links take preference over dynamic backup links during route selection.
However, static backup links are less flexible than dynamic backup links. If a link failure occurs,
static backup links cannot update automatically, but dynamic backup links can. Therefore, to
ensure automatic link updates, run the frr-priority static low command to enable dynamic
backup links to take preference over static backup links so that the LFA algorithm is used to
calculate the nexthop and outbound interface.
After OSPF IP FRR filtering policies are configured, only the OSPF backup routes that match
the filtering conditions can be delivered to the forwarding table. To protect the traffic over a
specific OSPF route, you can configure a filtering policy that matches the OSPF route to ensure
that the route can be added to the forwarding table. If this route fails, OSPF can fast switch the
traffic to a backup link.
----End
Context
During the configuration of OSPF IP FRR, the lower layer needs to fast respond to the link
change so that traffic can be rapidly switched to the backup link in the case of a link failure.
Bind BFD to the link status so that link faults can be detected rapidly. This ensures that traffic
is rapidly switched to the backup link in the case of link failures.
Binding OSPF IP FRR and BFD can configure in a specified process or on a specified interface.
The priority of BFD configured on an interface is higher than that of BFD configured in an OSPF
process. If BFD is enabled on an interface, a BFD session is established according to the BFD
parameters set on the interface.
Procedure
l Binding OSPF IP FRR and BFD in a specified process .
1. Run:
system-view
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
ospf frr block
----End
Prerequisites
All OSPF IP FRR configurations have been configured.
Procedure
l Run the display ospf [ process-id ] routing command to check information about the
primary and backup links after OSPF IP FRR is enabled.
----End
Example
View the routes to the specified OSPF device.
<HUAWEI> display ospf routing router-id 2.2.2.2
The preceding display shows that a backup route is generated on Router, including information
about the backup next hop: Backup NextHop is address of the backup next hop, Backup
Interface is outbound interface of the backup next hop, Backup Type is type of the backup next
hop.
Applicable Environment
To avoid traffic interruption and route flapping caused by the active/standby switchover, you
can enable OSPF GR.
After the OSPF process is restarted through Graceful Restart (GR), the Restarter and the Helper
reestablish the neighbor relationship, exchange routing information, synchronize the LSDB, and
update the routing table and forwarding table. These operations ensure the fast convergence of
OSPF and the stability the network topology.
NOTE
In practical applications, you can configure OSPF GR on the dual main control boards to avoid service
forwarding from being affected by the fault occurred on the main control board.
Pre-configuration Tasks
Before configuring OSPF GR, complete the following tasks:
l Configuring IP addresses for interfaces to ensure that neighboring routers are reachable at
the network layer
l Configuring Basic OSPF Functions
Data Preparation
To configure OSPF GR, you need the following data.
No. Data
Procedure
Step 1 Run:
system-view
NOTE
When enabling or disabling the opaque LSA function, OSPF process will go down in order to renegotiate
the new capability, which means that the traffic will be affected for few seconds.
Step 4 Run:
graceful-restart
After the graceful-restart command is run to enable GR for a router, the Helper function is also
enabled.
NOTE
ATN device can only be used as a GR Helper and not be used as a GR Restarter.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospf [ process-id ]
Step 3 Run:
graceful-restart [ { period period } | planned-only | partial ] *
l Set period, the GR period on the Restarter is set. By default, the restart time is 120 seconds.
l Set planned-only, the Restarter supports only the planned GR. By default, the Restarter
supports both the planned GR and unplanned GR.
l Set partial, the Restarter supports the partial GR. By default, the Restarter supports the totally
GR.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospf [ process-id ]
l Set ignore-external-lsa, the Helper does not check the LSAs outside the AS (AS-external LSA). By
default, the Helper checks the LSAs outside the AS.
l Set planned-only, the Helper supports only the planned GR. By default, the Helper supports both the
planned GR and unplanned GR.
l Set never, the router does not support the Helper mode.
----End
Prerequisites
The OSPF GR has been configured.
Procedure
l Run the display ospf [ process-id ] graceful-restart [ verbose ] command to check the
restart status of OSPF GR.
----End
Example
Run the display ospf graceful-restart command. If the OSPF GR configuration is displayed,
it means that the configuration succeeds. For example:
<HUAWEI> display ospf graceful-restart
Applicable Environment
In a network demanding high security, you can configure OSPF authentication and adopt the
GTSM mechanism to improve the security of the OSPF network.
The GTSM mechanism defends against attacks by checking the TTL value. If an attacker keeps
sending packets to a router by simulating real OSPF unicast packets, the router finds itself is the
destination of the packets after the interface board receives these packets. The router directly
sends the packets to the control plane for OSPF processing without checking the validity of the
packets. The router busies itself with processing these "valid" packets. As a result, the system
is busy, and the CPU is highly occupied.
The GTSM mechanism protects a router by checking whether the TTL value in the IP packet
header is in a pre-defined range to enhance the system security.
NOTE
Pre-configuration Tasks
Before improving the security of an OSPF network, complete the following tasks:
Data Preparation
To improve the security of an OSPF network, you need the following data.
No. Data
1 OSPF process ID
No. Data
Context
To apply GTSM functions, enable GTSM on the two ends of the OSPF connection.
The valid TTL range of the detected packets is [255 -hops + 1, 255].
GTSM checks the TTL value of only the packet that matches the GTSM policy. For the packets
that do not match the GTSM policy, you can set them as "pass" or "drop". If the GTSM default
action performed on the packet is set as "drop", you need to configure all the router connections
for GTSM. If the packets sent from a router do not match the GTSM policy, they are dropped.
The connection therefore cannot be established. This ensures security but reduces the ease of
use.
You can enable the log function to record the information that the packets are dropped. This is
convenient for fault location.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospf valid-ttl-hops hops [ vpn-instance vpn-instance-name ]
NOTE
Therefore, if the private network policy or the public network policy is configured only, it is
recommended to set the default action performed on the packets that do not match the GTSM
policy as pass. This prevents the OSPF packets of other processes from being discarded
incorrectly.
The default action performed on the packets that do not match the GTSM policy is set.
By default, the packets that do not match the GTSM policy can pass the filtering.
NOTE
If the default action is configured but the GTSM policy is not configured, GTSM does not take effect.
The log function is enabled on the specified board in the system view. The information that
GTSM drops packets is recorded in the log.
----End
Context
In area authentication, all the routers in an area must use the same area authentication mode and
password. For example, the authentication mode of all devices in Area 0 is simple authentication
and the password is abc.
The interface authentication mode is used among neighbor routers to set the authentication mode
and password. Its priority is higher than that of the area authentication mode.
NOTE
By default, authentication is not configured for OSPF area or interface. Configuring area authentication is
recommended to ensure system security.
Procedure
l Configuring the Area Authentication Mode
1. Run:
system-view
4. Run the following commands to configure the authentication mode of the OSPF area
as required:
– Run:
authentication-mode simple [ plain plain-text | [ cipher ] cipher-
text ]
Before using the Keychain authentication, you must run the keychain command to create
a keychain. Then, run the key-id, key-string, and algorithm commands to configure a key
ID, a password, and an authentication algorithm for this keychain. Otherwise, the OSPF
authentication will fail.
l Configuring the Interface Authentication Mode
1. Run:
system-view
– Run:
ospf authentication-mode keychain keychain-name
Before using the Keychain authentication, you must run the keychain command to create
a keychain. Then, run the key-id, key-string, and algorithm commands to configure a key
ID, a password, and an authentication algorithm for this keychain. Otherwise, the OSPF
authentication will fail.
The authentication mode and password of interfaces in the same network segment
must be consistent except the Keychain authentication mode. If the interfaces are in
different network segments, the authentication mode and password of the interfaces
can be different.
----End
Prerequisites
Improving Security of an OSPF Network has been configured.
Procedure
l Run the display gtsm statistics { slot-id | all } command to check the GTSM statistics.
l Run the display ospf [ process-id ] request-queue [ interface-type interface-number ]
[neighbor-id ] command to check the OSPF request queue.
l Run the display ospf [ process-id ] retrans-queue [ interface-type interface-number ]
[ neighbor-id ] command to check the OSPF retransmission queue.
l Run the display ospf [ process-id ] error [ lsa ] command to check the OSPF error
information.
----End
Example
Run the display gtsm statistics command. If the GTSM statistics on each slot, including the
total number of OSPF packets, the number of passed packets, and the number of dropped packets,
are displayed, it means that the configuration succeeds. For example:
<HUAWEI> display gtsm statistics all
GTSM Statistics Table
----------------------------------------------------------------
SlotId Protocol Total Counters Drop Counters Pass Counters
----------------------------------------------------------------
0 BGP 0 0 0
0 BGPv6 0 0 0
0 OSPF 0 0 0
0 LDP 0 0 0
0 OSPFv3 0 0 0
0 RIP 0 0 0
----------------------------------------------------------------
Applicable Environment
OSPF supports the network management function. You can bind OSPF MIB and a certain OSPF
process. In addition, OSPF also supports the trap function and the log function.
Pre-configuration Tasks
Before configuring the network management function of OSPF, complete the following tasks:
Data Preparation
To configure the network management function of OSPF, you need the following data.
No. Data
1 OSPF process ID
Context
When multiple OSPF processes are enabled, you can configure OSPF MIB to select the process
to be processed, that is, configure OSPF MIB to select the process to which it is bound.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospf mib-binding process-id
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
snmp-agent trap enable feature-name ospf { non-excessive all | [ trap-name
{ hwospfv2intraareadripaddressconflict | hwospfv2intraarearouteridconflict |
ospfifauthfailure | ospfifconfigerror | ospfifrxbadpacket | ospfifstatechange |
ospflsdbapproachingoverflow | ospflsdboverflow | ospfmaxagelsa |
ospfnbrrestarthelperstatuschange | ospfnbrstatechange |
ospfnssatranslatorstatuschange | ospforiginatelsa | ospfrestartstatuschange |
ospftxretransmit | ospfvirtifauthfailure | ospfvirtifconfigerror |
ospfvirtifrxbadpacket | ospfvirtifstatechange | ospfvirtiftxretransmit |
ospfvirtnbrrestarthelperstatuschange | ospfvirtnbrstatechange } ] }
To enable all non-excessive traps of OSPF module, you can run the non-excessiveall command;
to enable the traps of one or more events, you can specify type-name.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospf [ process-id ]
Step 3 Run:
enable log [ config | error | state | snmp-trap ]
----End
Prerequisites
The network management function of OSPF has been configured.
Procedure
l Run the display ospf [ process-id ] brief command to view information about the binding
of OSPF MIBs and OSPF processes.
l Run the display snmp-agent trap feature-name ospf all command to view all trap
messages of the OSPF module.
----End
Context
NOTICE
The OSPF neighbor relationship is deleted after you reset OSPF connections with the reset
ospf command. Exercise caution when running this command.
To reset OSPF connections, run the following reset ospf commands in the user view.
Procedure
l Run the reset ospf process command to Restart the OSPF process.
After the reset ospf process command is used to restart OSPF, the following situations
may occur:
– If the router ID is changed, a new router ID will take affect after the reset ospf
process command is run.
– Re-elect DR and BDR after the reset ospf process command is run.
l Run the reset ospf process flush-waiting-timer time command to clear invalid LSAs
within the set time before LSAs time out.
l Run the reset ospf [ process-id ] process [ graceful-restart ] command to Restart the OSPF
process in GR mode.
----End
Context
NOTICE
OSPF information cannot be restored after being cleared. Exercise caution when running this
command.
To clear the OSPF information, run the following reset ospf commands in the user view.
Procedure
l Run the reset ospf [ process-id ] counters [ neighbor [ interface-type interface-number ]
[ router-id ] ] command in the user view to clear OSPF counters.
l Run the reset ospf [ process-id ] redistribution command in the user view to clear the
routes imported by OSPF.
l Run the reset gtsm statistics { slot-id | all } command in the user view to clear the GTSM
statistics on the board.
----End
Follow-up Procedure
NOTE
This document takes interface numbers and link types of the NE40E-X8 as an example. In working
situations, the actual interface numbers and link types may be different from those used in this document.
Networking Requirements
As shown in Figure 5-6, all routers run OSPF, and the entire AS is partitioned into three areas.
Router A and Router B function as ABRs to forward routing information between areas.
After the configuration is complete, each router must learn the routes to all network segments
in the AS.
Area0
POS1/0/0
192.168.0.2/24
RouterA POS1/0/0 RouterB
POS2/0/0 192.168.0.1/24 POS2/0/0
192.168.1.1/24 192.168.2.1/24
POS1/0/0 POS1/0/0
192.168.1.2/24 192.168.2.2/24
RouterC RouterD
GE2/0/0 GE2/0/0
172.16.1.1/24 172.17.1.1/24
GE2/0/0 GE2/0/0
172.16.1.2/24 172.17.1.2/24
RouterE RouterF
Area1 Area2
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure an IP address for each interface. The configuration details are not provided here.
# Configure Router A.
[RouterA] router id 1.1.1.1
[RouterA] ospf
[RouterA-ospf-1] area 0
[RouterA-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.0.255
[RouterA-ospf-1-area-0.0.0.0] quit
[RouterA-ospf-1] area 1
[RouterA-ospf-1-area-0.0.0.1] network 192.168.1.0 0.0.0.255
[RouterA-ospf-1-area-0.0.0.1] quit
# Configure Router B.
[RouterB] router id 2.2.2.2
[RouterB] ospf
[RouterB-ospf-1] area 0
[RouterB-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.0.255
[RouterB-ospf-1-area-0.0.0.0] quit
[RouterB-ospf-1] area 2
[RouterB-ospf-1-area-0.0.0.2] network 192.168.2.0 0.0.0.255
[RouterB-ospf-1-area-0.0.0.2] quit
# Configure Router C.
[RouterC] router id 3.3.3.3
[RouterC] ospf
[RouterC-ospf-1] area 1
[RouterC-ospf-1-area-0.0.0.1] network 192.168.1.0 0.0.0.255
[RouterC-ospf-1-area-0.0.0.1] network 172.16.1.0 0.0.0.255
[RouterC-ospf-1-area-0.0.0.1] quit
# Configure Router D.
[RouterD] router id 4.4.4.4
[RouterD] ospf
[RouterD-ospf-1] area 2
[RouterD-ospf-1-area-0.0.0.2] network 192.168.2.0 0.0.0.255
[RouterD-ospf-1-area-0.0.0.2] network 172.17.1.0 0.0.0.255
[RouterD-ospf-1-area-0.0.0.2] quit
# Configure Router E.
[RouterE] router id 5.5.5.5
[RouterE] ospf
[RouterE-ospf-1] area 1
[RouterE-ospf-1-area-0.0.0.1] network 172.16.1.0 0.0.0.255
[RouterE-ospf-1-area-0.0.0.1] quit
# Configure Router F.
[RouterF] router id 6.6.6.6
[RouterF] ospf
[RouterF-ospf-1] area 2
[RouterF-ospf-1-area-0.0.0.2] network 172.17.1.0 0.0.0.255
[RouterF-ospf-1-area-0.0.0.2] quit
# Check the routing table on Router D and perform the ping operation to test the connectivity.
[RouterD] display ospf routing
OSPF Process 1 with Router ID 4.4.4.4
Routing Tables
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
router id 1.1.1.1
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 192.168.0.1 255.255.255.0
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ip address 192.168.1.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
area 0.0.0.1
network 192.168.1.0 0.0.0.255
#
return
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
area 0.0.0.2
network 192.168.2.0 0.0.0.255
#
return
Networking Requirements
As shown in Figure 5-7, Area 2 is not directly connected to the backbone area Area 0. Area 1
serves as a transit area to connect Area 2 and Area 0. A virtual link is configured between
Router A and Router B.
Area1
POS1/0/0 POS1/0/0
RouterA 192.168.1.1/24 192.168.1.2/24 RouterB
GE2/0/0 GE2/0/0
10.1.1.2/8 172.16.1.2/16
RouterC RouterD
Area0 Area2
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic OSPF functions on each router.
2. Configure a virtual link between Router A and Router B to connect a non-backbone area
to the backbone area.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Assign an IP address to each interface.
Configuring Basic OSPF Functionsshows how to configure basic OSPF functions. For details
about the configuration, see the configuration files.
Routing Tables
Total Nets: 2
Intra Area: 2 Inter Area: 0 ASE: 0 NSSA: 0
The routing table on Router A contains no route in Area 2 because Area 2 is not directly
connected to Area 0.
# Configure Router A.
[RouterA] ospf 1
[RouterA-ospf-1] area 1
[RouterA-ospf-1-area-0.0.0.1] vlink-peer 2.2.2.2
[RouterA-ospf-1-area-0.0.0.1] quit
# Configure Router B.
[RouterB] ospf 1
[RouterB-ospf-1] area 1
[RouterB-ospf-1-area-0.0.0.1] vlink-peer 1.1.1.1
[RouterB-ospf-1-area-0.0.0.1] quit
Routing Tables
Total Nets: 3
Intra Area: 2 Inter Area: 1 ASE: 0 NSSA: 0
After the virtual link is configured, the routing table on Router A contains routes in Area 2.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.1.1.1 255.0.0.0
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 192.168.1.1 255.255.255.0
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 10.0.0.0 0.255.255.255
area 0.0.0.1
network 192.168.1.0 0.0.0.255
vlink-peer 2.2.2.2
#
return
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.1.1.2 255.0.0.0
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 10.0.0.0 0.255.255.255
#
return
Networking Requirements
As shown in Figure 5-8, Router A has the highest priority (100) in the network and therefore is
elected as the DR. Router C has the second highest priority, and is elected as the BDR. The
priority of Router B is 0, and therefore Router B cannot be elected as the DR or BDR. The priority
of Router D is not configured and its default value is 1.
GE1/0/0 GE1/0/0
192.168.1.1/24 192.168.1.2/24
GE1/0/0 GE1/0/0
192.168.1.3/24 192.168.1.4/24
RouterC RouterD
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the router ID on each router, enable OSPF, and specify the network segment.
2. Check the DR/BDR status of each router with the default priority.
3. Configure the DR priority of the interface and check the DR/BDR status.
Data Preparation
To complete the configuration, you need the following data:
l The router ID of Router A is 1.1.1.1 and the DR priority is 100.
l The router ID of Router B is 2.2.2.2 and the DR priority is 0.
l The router ID of Router C is 3.3.3.3 and the DR priority is 2.
l The router ID of Router D is 4.4.4.4 and the DR priority is 1.
Procedure
Step 1 Configure an IP address for each interface.
This example assumes that you know the configuration method and no details are provided here.
Step 2 Configure basic OSPF functions.
# Configure Router A.
[RouterA] router id 1.1.1.1
[RouterA] ospf
[RouterA-ospf-1] area 0
[RouterA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[RouterA-ospf-1-area-0.0.0.0] quit
# Configure Router B.
[RouterB] router id 2.2.2.2
[RouterB] ospf
[RouterB-ospf-1] area 0
[RouterB-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[RouterB-ospf-1-area-0.0.0.0] quit
# Configure Router C.
[RouterC] router id 3.3.3.3
[RouterC] ospf
[RouterC-ospf-1] area 0
[RouterC-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[RouterC-ospf-1-area-0.0.0.0] quit
# Configure Router D.
[RouterD] router id 4.4.4.4
[RouterD] ospf
[RouterD-ospf-1] area 0
[RouterD-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[RouterD-ospf-1-area-0.0.0.0] quit
Authentication Sequence: [ 0 ]
Router ID: 3.3.3.3 Address: 192.168.1.3
State: Full Mode:Nbr is Master Priority: 1
DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0
Dead timer due in 37 sec
Retrans timer interval: 5
Neighbor is up for 00:04:06
Authentication Sequence: [ 0 ]
Router ID: 4.4.4.4 Address: 192.168.1.4
State: Full Mode:Nbr is Master Priority: 1
DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0
Dead timer due in 37 sec
Retrans timer interval: 5
Neighbor is up for 00:03:53
Authentication Sequence: [ 0 ]
# View the neighbor information of Router A. You can see the priority of DR and the neighbor
status. The Router D is the DR, and Router C is the BDR.
NOTE
When the priority is the same, the router with a higher router ID is elected as the DR. If a new router is
added after the DR/BDR election is complete, the new router cannot become the DR even if it has the
highest priority.
# Configure Router A.
[RouterA] interface GigabitEthernet 1/0/0
[RouterA-GigabitEthernet1/0/0] ospf dr-priority 100
[RouterA-GigabitEthernet1/0/0] quit
# Configure Router B.
[RouterB] interface GigabitEthernet 1/0/0
[RouterB-GigabitEthernet1/0/0] ospf dr-priority 0
[RouterB-GigabitEthernet1/0/0] quit
# Configure Router C.
[RouterC] interface GigabitEthernet 1/0/0
[RouterC-GigabitEthernet1/0/0] ospf dr-priority 2
[RouterC-GigabitEthernet1/0/0] quit
In the user view of each router, run the reset ospf1process command to restart the OSPF process.
If all neighbors are in the Full state, it indicates that Router A establishes the neighbor
relationship with its neighbor. If the neighbor stays "2-Way", it indicates both of them are not
the DR or BDR. Therefore, they need not exchange LSAs.
If the status of the OSPF interface is DROther, it indicates that it is neither DR nor BDR.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
router id 1.1.1.1
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 192.168.1.1 255.255.255.0
ospf dr-priority 100
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
return
#
return
Networking Requirements
As shown in Figure 5-9:
l Router A, Router B, Router C, Router D, and Router E are interconnected to each other
through OSPF.
l Router A, Router B, Router C, Router D, and Router E belong to Area 0.
l Load balancing is required to transmit the traffic of Router A to Router E through Router
C and Router D.
Area0
POS1/0/0 POS2/0/0
RouterB
POS1/0/0 POS1/0/0
GE4/0/0 POS2/0/0 POS2/0/0 GE4/0/0
RouterA POS1/0/0 POS2/0/0 RouterE
POS3/0/0 RouterC POS3/0/0
POS1/0/0 POS2/0/0
RouterD
POS2/0/0 192.168.1.2/
24
GE4/0/0 172.17.1.1/2
4
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
l For Router A, the router ID is 1.1.1.1, the OSPF process number is 1, and the network
segment of Area 0 is 10.1.1.0/24, 10.1.2.0/24, 10.1.3.0/24, and 172.16.1.0/24.
l For Router B, the router ID is 2.2.2.2, the OSPF process number is 1, and the network
segment of Area 0 is 10.1.1.0/8 and 192.168.0.0/8.
l For Router C, the router ID is 3.3.3.3, the OSPF process number is 1, and the network
segment of Area 0 is 10.1.2.0/8 and 192.168.1.0/8.
l For Router D, the router ID is 4.4.4.4, the OSPF process number is 1, and the network
segment of Area 0 is 10.1.3.0/8 and 192.168.2.0/8.
l For Router E, the router ID is 5.5.5.5, the OSPF process number is 1, and the network
segment of Area 0 is 192.168.0.0/24, 192.168.1.0/24, 192.168.2.0/24, and 172.17.1.0/24.
l The number of load balancing paths on Router A is 2.
l The weight values of the next hop routes from Router A to Router B, Router C, and Router
D are 2, 1, and 1 respectively.
Procedure
Step 1 Configure an IP address for each interface.
This example assumes that you know the configuration method and no details are provided here.
Step 2 Configure basic OSPF functions. This example assumes that you know the configuration method
and no details are provided here.
As displayed in the routing table, Router A has three valid next hops: 10.1.1.2 (Router B),
10.1.2.2 (Router C), and 10.1.3.2 (RouterD). This is because the default maximum number of
equal-cost routes is 6.
<RouterA> display ip routing-table
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 14
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Pos1/0/0
10.1.1.2/32 Direct 0 0 D 10.1.1.2 Pos1/0/0
10.1.2.0/24 Direct 0 0 D 10.1.2.1 Pos2/0/0
10.1.2.2/32 Direct 0 0 D 10.1.2.2 Pos2/0/0
10.1.3.0/24 Direct 0 0 D 10.1.2.1 Pos3/0/0
10.1.3.2/32 Direct 0 0 D 10.1.2.2 Pos3/0/0
192.168.0.0/24 OSPF 10 2 D 10.1.1.2 Pos1/0/0
192.168.1.0/24 OSPF 10 2 D 10.1.2.2 Pos2/0/0
192.168.2.0/24 OSPF 10 2 D 10.1.2.2 Pos3/0/0
172.17.1.0/24 OSPF 10 3 D 10.1.1.2 Pos1/0/0
OSPF 10 3 D 10.1.2.2 Pos2/0/0
OSPF 10 3 D 10.1.3.2 Pos3/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
NOTE
The maximum number of equal-cost routes varies with products and protocols. You can adjust the
maximum number by purchasing the License.
# View the routing table of Router A. As shown in the routing table, Router A has only two valid
next hops, 10.1.1.2 (Router B) and 10.1.2.2 (Router C). This is because the maximum number
of equal-cost routes is set to 2.
[RouterA] display ip routing-table
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Pos1/0/0
10.1.1.2/32 Direct 0 0 D 10.1.1.2 Pos1/0/0
10.1.2.0/24 Direct 0 0 D 10.1.2.1 Pos2/0/0
10.1.2.2/32 Direct 0 0 D 10.1.2.2 Pos2/0/0
10.1.3.0/24 Direct 0 0 D 10.1.2.1 Pos3/0/0
10.1.3.2/32 Direct 0 0 D 10.1.2.2 Pos3/0/0
192.168.0.0/24 OSPF 10 2 D 10.1.1.2 Pos1/0/0
192.168.1.0/24 OSPF 10 2 D 10.1.2.2 Pos2/0/0
192.168.2.0/24 OSPF 10 2 D 10.1.2.2 Pos3/0/0
172.17.1.0/24 OSPF 10 3 D 10.1.1.2 Pos1/0/0
OSPF 10 3 D 10.1.2.2 Pos2/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
As shown in the display, the priority of the route with the next hops being 10.1.2.2 and 10.1.3.2
is higher than that of the route with the next hop being 10.1.1.2. Therefore, Router A has only
two valid next hops, 10.1.2.2 (Router C) and 10.1.3.2 (Router D).
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
interface GigabitEthernet3/1/0
undo shutdown
ip address 172.16.1.1 255.255.255.0
#
interface pos1/0/0
link-protocol ppp
undo shutdown
ip address 10.1.1.1 255.255.255.0
#
interface pos2/0/0
link-protocol ppp
undo shutdown
ip address 10.1.2.1 255.255.255.0
#
interface pos3/0/0
link-protocol ppp
undo shutdown
ip address 10.1.3.1 255.255.255.0
#
ospf 1 router-id 1.1.1.1
maximum load-balancing 2
nexthop 10.1.1.2 weight 2
nexthop 10.1.2.2 weight 1
nexthop 10.1.3.2 weight 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
network 172.16.1.0 0.0.0.255
#
return
undo shutdown
ip address 172.17.1.1 255.255.255.0
#
interface pos1/0/0
link-protocol ppp
undo shutdown
ip address 192.168.0.2 255.255.255.0
#
interface pos2/0/0
link-protocol ppp
undo shutdown
ip address 192.168.1.2 255.255.255.0
#
interface pos3/0/0
link-protocol ppp
undo shutdown
ip address 192.168.2.2 255.255.255.0
#
ospf 1 router-id 5.5.5.5
area 0.0.0.0
network 192.168.0.0 0.0.0.255
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
network 172.17.1.0 0.0.0.255
#
return
Networking Requirements
A stub area does not allow AS external routes to be transmitted. This reduces bandwidth and
storage resource consumption on the router.
As shown in Figure 5-10, OSPF is enabled on all routers and the entire AS is partitioned into
three areas. Router A and Router B function as ABRs to forward inter-area routes; Router D
functions as an ASBR to import the external static route 200.0.0.0/8. To reduce the number of
LSAs advertised to Area 1 without affecting the route reachability, configure Area 1 as a stub
area and prevent Type 3 LSAs from being advertised to the stub area.
Area0
POS1/0/0
192.168.0.1/24
RouterA POS1/0/0 RouterB
192.168.0.2/24
POS2/0/0 POS2/0/0
192.168.1.1/24 192.168.2.1/24
POS1/0/0 POS1/0/0
192.168.1.2/24 192.168.2.2/24
RouterC RouterD
ASBR
Stub
Area1 Area2
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable OSPF and configure basic OSPF functions on each router.
2. Configure Router D to import the static route 200.0.0.0/8.
3. Configure Area 1 as a stub area.
4. Disable Router A from advertising Type 3 LSAs to the stub area.
Data Preparation
To complete the configuration, you need the following data:
l Router ID 1.1.1.1 of Router A; OSPF process ID 1; network segment 192.168.0.0/24 of
Area 0; network segment 192.168.1.0/24 of Area 1
l Router ID 2.2.2.2 of Router B; OSPF process ID 1; network segment 192.168.0.0/24 of
Area 0; network segment 192.168.2.0/24 of Area 2
l Router ID 3.3.3.3 of Router C; OSPF process ID 1; network segment 192.168.1.0/24 of
Area 1
l Router ID 4.4.4.4 of Router D; OSPF process ID 1; network segment 192.168.2.0/24 of
Area 2
Procedure
Step 1 Assign an IP address to each interface.
For details about the configuration, see the configuration files.
Step 2 Configure basic OSPF functions.
5.2 Configuring Basic OSPF Functions shows how to configure basic OSPF functions. For
details about the configuration, see the configuration files.
Step 3 Configure Router D to import the static route 200.0.0.0/8.
[RouterD] ip route-static 200.0.0.0 8 null 0
[RouterD] ospf
[RouterD-ospf-1] import-route static
[RouterD-ospf-1] quit
Total Nets: 4
Intra Area: 1 Inter Area: 2 ASE: 1 NSSA: 0
As Area 1 where Router C resides is a common area, you can find information about AS external
routes in the routing table.
Step 4 Configure Area 1 as a stub area.
# Configure Router A.
[RouterA] ospf
[RouterA-ospf-1] area 1
[RouterA-ospf-1-area-0.0.0.1] stub
[RouterA-ospf-1-area-0.0.0.1] quit
# Configure Router C.
[RouterC] ospf
[RouterC-ospf-1] area 1
[RouterC-ospf-1-area-0.0.0.1] stub
[RouterC-ospf-1-area-0.0.0.1] quit
NOTE
All routers in a stub area must be configured with stub attributes using the stub command.
[RouterC] display ospf routing
Total Nets: 4
Intra Area: 1 Inter Area: 3 ASE: 0 NSSA: 0
After Area 1 where Router C resides is configured as a stub area, a default route, not an AS
external route, exists in the routing table.
Step 5 Prevent Type 3 LSAs from being advertised to the stub area.
[RouterA] ospf
[RouterA-ospf-1] area 1
[RouterA-ospf-1-area-0.0.0.1] stub no-summary
[RouterA-ospf-1-area-0.0.0.1] quit
Total Nets: 2
Intra Area: 1 Inter Area: 1 ASE: 0 NSSA: 0
After Type 3 LSAs are prevented from being advertised to the stub area, the number of routing
entries on the router in the stub area is further reduced, and only the default route to somewhere
outside the stub area is reserved.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
router id 1.1.1.1
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 192.168.0.1 255.255.255.0
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ip address 192.168.1.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
area 0.0.0.1
network 192.168.1.0 0.0.0.255
stub no-summary
#
return
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 192.168.1.2 255.255.255.0
#
ospf 1
area 0.0.0.1
network 192.168.1.0 0.0.0.255
stub
#
return
Networking Requirements
Configuring a non-backbone area on the border of an AS as an NSSA does not transmit routes
learned from other areas in the AS but external routes imported. This reduces bandwidth and
storage resource consumption on the router.
As shown in Figure 5-11, OSPF is enabled on all routers and the entire AS is partitioned into
three areas. Router A and Router B function as ABRs to forward inter-area routes; Router D
functions as an ASBR to import the external static route 10.0.0.0/8. To import AS external routes
but reduce the number of LSAs advertised to Area 1 without affecting the route reachability,
configure Area 1 as an NSSA and configure Router A as an LSA translator in the NSSA.
RouterA
POS2/0/0 POS1/0/0
192.168.3.1/24 192.168.0.1/24
POS1/0/0
192.168.3.2/24 POS3/0/0 POS1/0/0
192.168.1.1/24 192.168.0.2/24
RouterD RouterC
ASBR
POS1/0/0
192.168.1.2/24 POS2/0/0
POS2/0/0 192.168.2.2/24
192.168.4.1/24
POS3/0/0 POS2/0/0
Area1 192.168.4.2/24
NSSA 192.168.2.1/24 Area0
RouterB
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Assign an IP address to each interface.
# Configure Router A.
[RouterA] router id 1.1.1.1
[RouterA] ospf 1
[RouterA-ospf-1] area 0
# Configure Router B.
[RouterB] router id 2.2.2.2
[RouterB] ospf 1
[RouterB-ospf-1] area 0
[RouterB-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[RouterB-ospf-1-area-0.0.0.0] quit
[RouterB-ospf-1] area 1
[RouterB-ospf-1-area-0.0.0.1] network 192.168.1.0 0.0.0.255
[RouterB-ospf-1-area-0.0.0.1] network 192.168.4.0 0.0.0.255
[RouterB-ospf-1-area-0.0.0.1] quit
# Configure Router C.
[RouterC] router id 3.3.3.3
[RouterC] ospf 1
[RouterC-ospf-1] area 0
[RouterC-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.0.255
[RouterC-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[RouterC-ospf-1-area-0.0.0.0] quit
# Configure Router D.
[RouterD] router id 4.4.4.4
[RouterD] ospf 1
[RouterD-ospf-1] area 1
[RouterD-ospf-1-area-0.0.0.1] network 192.168.3.0 0.0.0.255
[RouterD-ospf-1-area-0.0.0.1] network 192.168.4.0 0.0.0.255
[RouterD-ospf-1-area-0.0.0.1] quit
Total Nets: 6
Intra Area: 4 Inter Area: 2 ASE: 0 NSSA: 0
# Configure Router A.
[RouterA] ospf 1
[RouterA-ospf-1] area 1
[RouterA-ospf-1-area-0.0.0.1] nssa
[RouterA-ospf-1-area-0.0.0.1] quit
# Configure Router B.
[RouterB] ospf 1
[RouterB-ospf-1] area 1
[RouterB-ospf-1-area-0.0.0.1] nssa
[RouterB-ospf-1-area-0.0.0.1] quit
# Configure Router D.
[RouterD] ospf 1
[RouterD-ospf-1] area 1
[RouterD-ospf-1-area-0.0.0.1] nssa
[RouterD-ospf-1-area-0.0.0.1] quit
NOTE
All routers in the NSSA must be configured with NSSA attributes using the nssa command.
Total Nets: 8
Intra Area: 4 Inter Area: 2 ASE: 0 NSSA: 2
Total Nets: 7
Intra Area: 2 Inter Area: 4 ASE: 1 NSSA: 0
The command output shows that Router C has imported the AS external route and the router
with the router ID of 2.2.2.2 will advertise LSAs carrying information about the imported AS
external route in the NSSA. Router B functions as the LSA translator. OSPF selects the ABR
with a larger router ID as an LSA translator.
Total Nets: 7
Intra Area: 2 Inter Area: 4 ASE: 1 NSSA: 0
The command output shows that Router C has imported the AS external route and the router
with the router ID of 1.1.1.1 will advertise LSAs carrying information about the imported AS
external route in the NSSA. Router A functions as an LSA translator.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
router id 1.1.1.1
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 192.168.0.1 255.255.255.0
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ip address 192.168.3.1 255.255.255.0
#
interface Pos3/0/0
link-protocol ppp
undo shutdown
ip address 192.168.1.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
area 0.0.0.1
network 192.168.1.0 0.0.0.255
network 192.168.3.0 0.0.0.255
nssa default-route-advertise no-summary translator-always
#
return
#
sysname RouterD
#
router id 4.4.4.4
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 192.168.3.2 255.255.255.0
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ip address 192.168.4.1 255.255.255.0
#
ospf 1
import-route static
area 0.0.0.1
network 192.168.3.0 0.0.0.255
network 192.168.4.0 0.0.0.255
nssa
#
ip route-static 10.0.0.0 255.0.0.0 NULL0
#
return
Networking Requirements
When multicast and an MPLS TE tunnel are configured and the TE tunnel is configured with
IGP Shortcut, the outbound interface of the route calculated by an IGP is not a physical interface
but a TE tunnel interface. The router uses the TE tunnel interface to send multicast Join messages
through a unicast route to the multicast source address. The router through which the TE tunnel
passes, however, cannot detect the multicast Join messages. As a result, multicast forwarding
entries will not be created.
As shown in Figure 5-12, Router A, Router B, Router C, Router D, and Router E are running
OSPF. Router B and Router D set up an MPLS TE tunnel with the tunnel interface Tunnel 1/0/0,
and Router B is configured with IGP Shortcut. The outbound interface calculated by Router B
may be the TE tunnel interface, not the physical interface GE 2/0/0. Router B uses Tunnel 1/0/0
to send multicast Join messages through the unicast route to the multicast source address.
Therefore, Router C through which the TE tunnel passes cannot detect the multicast Join
messages, and generates no multicast forwarding entries.
To resolve the problem, enable local OSPF MT on Router B. After local OSPF MT is enabled,
if the outbound interface of the calculated route is a TE tunnel interface of the IGP Shortcut type,
the RM module creates a separate MIGP routing table for the multicast protocol, calculates the
physical outbound interface for the route, and adds the physical interface to the MIGP routing
table for multicast forwarding.
Client Server
172.16.1.2/24 192.168.3.2/24
GE1/0/0 GE2/0/0
172.16.1.1/24 192.168.3.1/24
RouterA RouterE
GE2/0/0 GE1/0/0
10.0.0.1/24 10.0.3.2/24
GE1/0/0 GE1/0/0
10.0.0.2/24 GE1/0/0 GE2/0/0 10.0.3.1/24
10.0.1.1/24 10.0.2.2/24
RouterB RouterD
GE2/0/0 GE2/0/0
10.0.1.2/24 RouterC 10.0.2.1/24
Tunnel1/0/0
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Router A 1.1.1.1/32
Router B 2.2.2.2/32
Router C 3.3.3.3/32
Router D 4.4.4.4/32
Router E 5.5.5.5/32
l The TE tunnel interface Tunnel 1/0/0 uses the IP address of Loopback 0 and runs the MPLS
TE protocol. The destination address of the TE tunnel is 4.4.4.4; the tunnel ID is 100; RSVP-
TE is used as a signaling protocol on the TE tunnel.
Procedure
Step 1 Assign an IP address to each interface.
For details about the configuration, see the configuration files.
Step 2 Configure basic OSPF functions.
5.2 Configuring Basic OSPF Functions shows how to configure basic OSPF functions. For
details about the configuration, see the configuration files.
Step 3 Configure PIM-SM.
# Enable PIM-SM on Router A.
[RouterA] multicast routing-enable
[RouterA] interface Gigabitethernet 2/0/0
[RouterA-GigabitEthernet2/0/0] pim sm
[RouterA-GigabitEthernet2/0/0] quit
[RouterA] interface Gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] pim sm
[RouterA-GigabitEthernet1/0/0] quit
NOTE
Enable PIM-SM on each router. The configurations on Router B, Router C, Router D, and Router E are similar
to those on Router A. The detailed configurations are not provided here.
The preceding command output shows information about the multicast routing table on
Router C.
# Configure Router B.
[RouterB] mpls lsr-id 2.2.2.2
[RouterB] mpls
[RouterB-mpls] mpls te
[RouterB-mpls] mpls rsvp-te
[RouterB-mpls] mpls te cspf
[RouterB-mpls] quit
[RouterB] interface Gigabitethernet 2/0/0
[RouterB-GigabitEthernet2/0/0] mpls
[RouterB-GigabitEthernet2/0/0] mpls te
[RouterB-GigabitEthernet2/0/0] mpls rsvp-te
[RouterB-GigabitEthernet2/0/0] quit
[RouterB] ospf 1
[RouterB-ospf-1] enable traffic-adjustment
[RouterB-ospf-1] opaque-capability enable
[RouterB-ospf-1] area 0.0.0.0
[RouterB-ospf-1-area-0.0.0.0] mpls-te enable
[RouterB-ospf-1-area-0.0.0.0] quit
# Configure Router C.
[RouterC] mpls lsr-id 3.3.3.3
[RouterC] mpls
[RouterC-mpls] mpls te
[RouterC-mpls] mpls rsvp-te
[RouterC-mpls] quit
[RouterC] interface Gigabitethernet 1/0/0
[RouterC-GigabitEthernet1/0/0] mpls
[RouterC-GigabitEthernet1/0/0] mpls te
[RouterC-GigabitEthernet1/0/0] mpls rsvp-te
[RouterC-GigabitEthernet1/0/0] quit
[RouterC] interface Gigabitethernet 2/0/0
[RouterC-GigabitEthernet2/0/0] mpls
[RouterC-GigabitEthernet2/0/0] mpls te
[RouterC-GigabitEthernet2/0/0] mpls rsvp-te
[RouterC-GigabitEthernet2/0/0] quit
[RouterC] ospf 1
[RouterC-ospf-1] opaque-capability enable
[RouterC-ospf-1] area 0.0.0.0
[RouterC-ospf-1-area-0.0.0.0] mpls-te enable
[RouterC-ospf-1-area-0.0.0.0] quit
# Configure Router D.
[RouterD] mpls lsr-id 4.4.4.4
[RouterD] mpls
[RouterD-mpls] mpls te
[RouterD-mpls] mpls rsvp-te
[RouterD-mpls] quit
[RouterD] interface Gigabitethernet 1/0/0
[RouterD-GigabitEthernet1/0/0] mpls
[RouterD-GigabitEthernet1/0/0] mpls te
[RouterD-GigabitEthernet1/0/0] mpls rsvp-te
[RouterD-GigabitEthernet1/0/0] quit
[RouterD] ospf 1
[RouterD-ospf-1] opaque-capability enable
[RouterD-ospf-1] area 0.0.0.0
# Check the OSPF routing table on Router B. Information shows that an MPLS TE tunnel has
been set up.
[RouterB] display ip routing-table
Routing Tables: Public
Destinations : 14 Routes : 14
No multicast routing entry is displayed in the multicast routing table on Router C, indicating
that multicast packets have been dropped.
The preceding command output shows information about the multicast routing table on
Router C.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
router id 1.1.1.1
#
multicast routing-enable
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.0.0.1 255.255.255.0
pim sm
igmp version 3
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 172.16.1.1 255.255.255.0
pim sm
igmp enable
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 172.16.1.0 0.0.0.255
network 10.0.0.0 0.0.0.255
#
return
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.0.1.1 255.255.255.0
pim sm
mpls
mpls te
mpls rsvp-te
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.0.2.2 255.255.255.0
pim sm
mpls
mpls te
mpls rsvp-te
#
interface LoopBack0
undo shutdown
ip address 3.3.3.3 255.255.255.255
#
return
#
sysname RouterE
#
router id 5.5.5.5
#
multicast routing-enable
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.0.3.2 255.255.255.0
pim sm
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 192.168.3.1 255.255.255.0
pim sm
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
pim sm
#
ospf 1
area 0.0.0.0
network 10.0.3.0 0.0.0.255
network 192.168.3.0 0.0.0.255
network 5.5.5.5 0.0.0.0
#
return
Networking Requirements
OSPF enables the router to periodically send Hello packets to a neighboring router for fault
detection. Detecting a fault takes more than 1s. With the development of technologies, voice,
video, and other VOD services are widely used. These services are quite sensitive to packet loss
and delays. When traffic is transmitted at gigabit rates, long-time fault detection will cause packet
loss. This cannot meet high reliability requirements of the carrier-class network. BFD for OSPF
is used to resolve the problem. After BFD for OSPF is configured, the link status can be rapidly
detected and fault detection can be completed in milliseconds. This speeds up OSPF convergence
when the link status changes.
For example, as shown in Figure 5-13, the primary link Router A -> Router B and the secondary
link Router A -> Router C -> Router B are deployed on the network. Traffic is transmitted on
the primary link normally. When the primary link becomes faulty, the Router is expected to
rapidly detect the fault and switch traffic to the secondary link.
You can configure BFD for OSPF to detect the OSPF neighbor relationship between Router A
and Router B. When the link between Router A and Router B fails, BFD can rapidly detect the
failure and report it to OSPF. Traffic is then switched to the secondary link.
GE1/0/0 GE2/0/0
1.1.1.2/24 2.2.2.1/24
RouterC
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Assign an IP address to each interface.
Figure 5-13 shows how to assign an IP address to each interface. For details about the
configuration, see the configuration files.
5.2 Configuring Basic OSPF Functions shows how to configure basic OSPF functions. For
details about the configuration, see the configuration files.
Neighbors
The preceding command output shows that Router A, Router B, and Router C have established
OSPF neighbor relationships.
Total Nets: 5
Intra Area: 5 Inter Area: 0 ASE: 0 NSSA: 0
The preceding command output shows that the next hop address of the route to 172.16.1.0/24
is 3.3.3.2, and service traffic is transmitted on the primary link from Router A to Router B.
Step 3 Configure BFD for OSPF, and set the intervals at which BFD packets are sent and received and
the local detection multiplier.
# Configure Router A.
[RouterA] bfd
[RouterA-bfd] quit
[RouterA] ospf
[RouterA-ospf-1] bfd all-interfaces enable
[RouterA-ospf-1] bfd all-interfaces min-tx-interval 500 min-rx-interval 500 detect-
multiplier 4
[RouterA-ospf-1] quit
# Configure Router B.
[RouterB] bfd
[RouterB-bfd] quit
[RouterB] ospf
[RouterB-ospf-1] bfd all-interfaces enable
[RouterB-ospf-1] bfd all-interfaces min-tx-interval 500 min-rx-interval 500 detect-
multiplier 4
[RouterB-ospf-1] quit
NeighborId:3.3.3.3 AreaId:0.0.0.0
Interface:GigabitEthernet1/0/0
BFDState:up rx :10 tx :10
NeighborId:2.2.2.2 AreaId:0.0.0.0
Interface:GigabitEthernet2/0/0
BFDState:up rx :10 tx :10
Multiplier:3 BFD Local Dis:8194 LocalIpAdd:3.3.3.1
RemoteIpAdd:3.3.3.2 Diagnostic Info:No diagnostic information
The preceding command output shows that the BFD session is Up.
# Run the shutdown command on GE 2/0/0 of Router B to simulate the primary link fault.
[RouterB] interface gigabitethernet 2/0/0
[RouterB-GigabitEthernet2/0/0] shutdown
Total Nets: 4
Intra Area: 4 Inter Area: 0 ASE: 0 NSSA: 0
The preceding command output shows that the secondary link of Router A -> Router C ->
Router B takes effect after the primary link fails, and the next hop address of the route to
172.16.1.0/24 is 1.1.1.2.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
router id 1.1.1.1
#
bfd
#
interface GigabitEthernet1/0/0
undo shutdown
Networking Requirements
When a fault occurs on the network, OSPF IP FRR can fast switch traffic to the backup link
without waiting for route convergence. This ensures uninterrupted traffic transmission.
5
=
GE1/0/1 GE1/0/3
st
co
10.1.1.1/24 10.3.1.2/24
cost = 4 cost = 55
GE1/0/2 GE1/0/1 GE1/0/2 GE1/0/1
RouterA 10.2.1.1/24 10.2.1.2/24 RouterC 10.4.1.1/24 10.4.1.2/24 RouterD
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
l Router ID (1.1.1.1), OSPF process ID (1), network segment addresses in Area 1 (10.1.1.0
and 10.2.1.0), and interface cost (as shown in Figure 5-14) of Router A
l Router ID (2.2.2.2), OSPF process ID (1), network segment addresses in Area 1 (10.1.1.0
and 10.3.1.0), and interface cost (as shown in Figure 5-14) of Router B
l Router ID (3.3.3.3), OSPF process ID (1), network segment addresses of Area 1 (10.2.1.0,
10.3.1.0, and 10.4.1.0), and interface cost (as shown in Figure 5-14) of Router C
l Router ID (4.4.4.4), OSPF process ID (1), network segment address in Area 1
(10.4.1.0),interface cost (as shown in Figure 5-14), and destination address of the imported
static route (172.16.1.1/32) of Router D
Procedure
Step 1 Configure an IP address and the cost for each interface. This example assumes that you know
the configuration method and no details are provided here.
# Configure Router A.
[RouterA] router id 1.1.1.1
[RouterA] ospf
[RouterA-ospf-1] area 1
[RouterA-ospf-1-area-0.0.0.1] network 10.1.1.0 0.0.0.255
[RouterA-ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255
# Configure Router B.
[RouterB] router id 2.2.2.2
[RouterB] ospf
[RouterB-ospf-1] area 1
[RouterB-ospf-1-area-0.0.0.1] network 10.3.1.0 0.0.0.255
[RouterB-ospf-1-area-0.0.0.1] network 10.1.1.0 0.0.0.255
# Configure Router C.
[RouterC] router id 3.3.3.3
[RouterC] ospf
[RouterC-ospf-1] area 1
[RouterC-ospf-1-area-0.0.0.1] network 10.3.1.0 0.0.0.255
[RouterC-ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255
[RouterC-ospf-1-area-0.0.0.1] network 10.4.1.0 0.0.0.255
# Configure Router D.
[RouterD] router id 4.4.4.4
[RouterD] ip route-static 172.16.1.1 255.255.255.255 NULL0
[RouterD] ospf
[RouterD-ospf-1] import-route static
[RouterD-ospf-1] area 1
[RouterD-ospf-1-area-0.0.0.1] network 10.4.1.0 0.0.0.255
# View information about the route from Router A to Router D. You can find that OSPF generates
a backup route because OSPF IP FRR is enabled.
<RouterA> display ospf routing router-id 4.4.4.4
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
router-id 1.1.1.1
#
interface GigabitEthernet1/0/1
undo shutdown
ip address 10.1.1.1 255.255.255.0
ospf cost 9
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.2.1.1 255.255.255.0
ospf cost 4
#
ospf 1
frr
frr-policy route route-policy abc
loop-free-alternate
area 0.0.0.1
network 10.1.1.0 0.0.0.255
network 10.2.1.0 0.0.0.255
#
return
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.4.1.1 255.255.255.0
ospf cost 55
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 10.3.1.2 255.255.255.0
ospf cost 5
#
ospf 1
area 0.0.0.1
network 10.3.1.0 0.0.0.255
network 10.2.1.0 0.0.0.255
network 10.4.1.0 0.0.0.255
#
return
Networking Requirements
As shown in Figure 5-15, Router A, Router B, and Router D are installed with the AMB and
SMB that back up each other. The routers interconnect by means of OSPF, and are enabled with
GR.
It is required that service forwarding be not interrupted when Router A restarts the OSPF process
in GR mode or performs the active/standby switchover.
Area1 Area2
POS1/0/0 POS1/0/0
10.1.1.1/24 RouterD RouterC 10.1.3.1/24
GE2/0/0
192.168.2.1/24
GE2/0/0
192.168.1.1/24
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure an IP address for each interface.
5.2 Configuring Basic OSPF Functions shows how to configure basic OSPF functions. For
details about the configuration, see the configuration files.
Step 3 (Optional) Enable forcible active/standby switchover on Router A and configure the SMB to
automatically synchronize information on the AMB.
# Perform the active/standby switchover on Router A. During the switchover, Router C can ping
through Router D, which indicates that service forwarding is not interrupted.Run the display
ospf peer command on Router D and Router B to check the OSPF neighbor relationship with
Router A. The statuses of the OSPF neighbor relationship are displayed as Full.
Neighbors
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
interface Pos1/0/0
link-protocol ppp
ip address 10.1.1.2 255.255.255.0
#
interface Pos2/0/0
link-protocol ppp
ip address 10.1.2.1 255.255.255.0
#
ospf 1
opaque-capability enable
graceful-restart
area 0.0.0.0
network 10.1.2.0 0.0.0.255
area 0.0.0.1
network 10.1.1.0 0.0.0.255
#
return
Network Requirements
As shown in Figure 5-16, all routers run BGP. An EBGP connection is established between
Router D and Router E. IBGP full connections are established between partial routers in AS 10,
and OSPF is used as an IGP protocol.
It is required to enable OSPF-BGP linkage on Router B so that the traffic from Router A to AS
20 is not interrupted after Router B restarts.
RouterC AS 20
POS2/0/0 POS1/0/0 RouterF
10.1.2.2/30 10.1.4.1/30
POS1/0/0
POS1/0/0 10.3.1.2/30
POS2/0/0
10.1.2.1/30 10.1.4.2/30 POS2/0/0
10.3.1.1/30
RouterA RouterD EBGP
POS3/0/0
RouterE
POS1/0/0 10.2.1.1/30
POS2/0/0 POS1/0/0
10.1.1.1/30 10.2.1.2/30
10.1.3.2/30
POS1/0/0 POS2/0/0
10.1.1.2/30 10.1.3.1/30
RouterB AS 10
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable OSPF on Router A, Router B, Router C, and Router D (except 10.2.1.1/30) and
specify the same area for all OSPF interfaces.
2. Establish IBGP full connections between Router A, Router B, Router C, and Router D
(except 10.2.1.1/30).
3. Set the OSPF cost on Router C.
4. Establish the EBGP connection between Router D and Router E.
5. Configure the OSPF routes and configure BGP to import directly connected routes on
Router D.
6. Configure BGP on Router E.
Data Preparation
To complete the configuration, you need the following data:
l The router ID of Router A is 1.1.1.1, the AS number is 10, the OSPF process number is 1,
and the network segments in Area 0 are 10.1.1.0/30 and 10.1.2.0/30.
l The router ID of Router B is 2.2.2.2, the AS number is 10, the OSPF process number is 1,
and the network segments in Area 0 are 10.1.1.0/30 and 10.1.3.0/30.
l The router ID of Router C is 3.3.3.3, the AS number is 10, the OSPF process number is 1,
and the network segments in Area 0 are 10.1.2.0/30 and 10.1.4.0/30.
l The router ID of Router D is 4.4.4.4, the AS number is 10, the OSPF process number is 1,
and the network segments in Area 0 are 10.1.3.0/30 and 10.1.4.0/30.
l The router ID of Router E is 5.5.5.5, and the AS number is 20.
Procedure
Step 1 Configure an IP address for each interface.
This example assumes that you know the configuration method and no details are provided here.
Step 2 Configure basic OSPF functions.
This example assumes that you know the configuration method and no details are provided here.
Step 3 Configure an IBGP full connection.
# Configure Router A.
<RouterA> system-view
[RouterA] interface LoopBack 0
[RouterA-LoopBack0] ip address 1.1.1.1 32
[RouterA-LoopBack0] quit
[RouterA] bgp 10
[RouterA-bgp] router-id 1.1.1.1
[RouterA-bgp] peer 2.2.2.2 as-number 10
[RouterA-bgp] peer 2.2.2.2 connect-interface LoopBack 0
[RouterA-bgp] peer 3.3.3.3 as-number 10
[RouterA-bgp] peer 3.3.3.3 connect-interface LoopBack 0
[RouterA-bgp] peer 4.4.4.4 as-number 10
[RouterA-bgp] peer 4.4.4.4 connect-interface LoopBack 0
[RouterA-bgp] quit
# Configure Router B.
<RouterB> system-view
[RouterB] interface LoopBack 0
[RouterB-LoopBack0] ip address 2.2.2.2 32
[RouterB-LoopBack0] quit
[RouterB] bgp 10
[RouterB-bgp] router-id 2.2.2.2
[RouterB-bgp] peer 1.1.1.1 as-number 10
[RouterB-bgp] peer 1.1.1.1 connect-interface LoopBack 0
[RouterB-bgp] peer 3.3.3.3 as-number 10
[RouterB-bgp] peer 3.3.3.3 connect-interface LoopBack 0
[RouterB-bgp] peer 4.4.4.4 as-number 10
[RouterB-bgp] peer 4.4.4.4 connect-interface LoopBack 0
[RouterB-bgp] quit
# Configure Router C.
<RouterC> system-view
[RouterC] interface LoopBack 0
[RouterC-LoopBack0] ip address 3.3.3.3 32
[RouterC-LoopBack0] quit
[RouterC] bgp 10
[RouterC-bgp] router-id 3.3.3.3
[RouterC-bgp] peer 1.1.1.1 as-number 10
[RouterC-bgp] peer 1.1.1.1 connect-interface LoopBack 0
[RouterC-bgp] peer 2.2.2.2 as-number 10
# Configure Router D.
<RouterD> system-view
[RouterD] interface LoopBack 0
[RouterD-LoopBack0] ip address 4.4.4.4 32
[RouterD-LoopBack0] quit
[RouterD] bgp 10
[RouterD-bgp] router-id 4.4.4.4
[RouterD-bgp] peer 1.1.1.1 as-number 10
[RouterD-bgp] peer 1.1.1.1 connect-interface LoopBack 0
[RouterD-bgp] peer 2.2.2.2 as-number 10
[RouterD-bgp] peer 2.2.2.2 connect-interface LoopBack 0
[RouterD-bgp] peer 3.3.3.3 as-number 10
[RouterD-bgp] peer 3.3.3.3 connect-interface LoopBack 0
[RouterD-bgp] quit
# Configure Router D.
[RouterD] bgp 10
[RouterD-bgp] peer 10.2.1.2 as-number 20
[RouterD-bgp] import-route direct
[RouterD-bgp] import-route ospf 1
[RouterD-bgp] quit
# Configure Router E.
[RouterE] bgp 20
[RouterE-bgp] peer 10.2.1.1 as-number 10
[RouterE-bgp] ipv4-family unicast
[RouterE-bgp-af-ipv4] network 10.3.1.0 30
[RouterE-bgp-af-ipv4] quit
NOTE
After the cost of OSPF on Router C is set to 2, Router A chooses only Router B as the intermediate router
to the network segment 10.2.1.0. Router C becomes the backup router of Router B.
# View the routing table of Router A. As shown in the routing table, the route to the network
segment 10.3.1.0 can be learned through BGP, and the outgoing interface is POS 1/0/0.
[RouterA] display ip routing-table
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 16 Routes : 17
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
2.2.2.2/32 OSPF 10 3 D 10.1.1.2 Pos1/0/0
4.4.4.0/24 IBGP 255 0 RD 4.4.4.4 Pos1/0/0
4.4.4.4/32 OSPF 10 3 D 10.1.1.2 Pos1/0/0
5.5.5.0/24 EBGP 255 0 RD 10.2.1.2 Pos1/0/0
10.1.1.0/30 Direct 0 0 D 10.1.1.1 Pos1/0/0
As shown in the routing table, Router B learns the route to the network segment 10.3.1.0 through
BGP, and the outgoing interface is POS 2/0/0. The routes to the network segments 10.1.2.0 and
10.1.4.0 respectively can be learned through OSPF. The costs of the two routes are 2.
Step 6 Enable OSPF-BGP linkage on Router B.
[RouterB] ospf 1
[RouterB-ospf-1] stub-router on-startup
[RouterB-ospf-1] quit
[RouterB] quit
NOTE
Confirm the action before you use the command because the command leads to the breakdown of the
network in a short time. In addition, when restarting a router, ensure that the configuration file of the
router is saved.
<RouterB> reboot
System will reboot! Continue?[Y/N] y
# View the routing table of Router A. As shown in the routing table, the route to the network
10.3.1.0 can be learned through BGP, and the outgoing interface is POS 2/0/0.
[RouterA] display ip routing-table
# View the routing table of Router B. As shown in the routing table, only OSPF routes exist in
the routing table temporarily and their costs are equal to or greater than 65535. This is because
IGP route convergence is faster than BGP route convergence.
[RouterB] display ip routing-table
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.1/32 OSPF 10 65536 D 10.1.1.1 Pos1/0/0
2.2.2.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0
4.4.4.4/32 OSPF 10 65536 D 10.1.3.2 Pos2/0/0
10.1.1.0/30 Direct 0 0 D 10.1.1.2 Pos1/0/0
10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/0
10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0
10.1.2.0/30 OSPF 10 65536 D 10.1.1.1 Pos1/0/0
10.1.3.0/30 Direct 0 0 D 10.1.3.1 Pos2/0/0
10.1.3.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
10.1.3.2/32 Direct 0 0 D 10.1.3.2 Pos2/0/0
10.1.4.0/30 OSPF 10 65536 D 10.1.3.2 Pos2/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
As shown in the routing table, after BGP route convergence on Router B is complete, the contents
of the routing information are the same as those before the router restarts.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
router id 1.1.1.1
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 10.1.1.1 255.255.255.252
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ip address 10.1.2.1 255.255.255.252
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
bgp 10
router-id 1.1.1.1
peer 2.2.2.2 as-number 10
peer 2.2.2.2 connect-interface LoopBack 0
peer 3.3.3.3 as-number 10
peer 3.3.3.3 connect-interface LoopBack 0
peer 4.4.4.4 as-number 10
peer 4.4.4.4 connect-interface LoopBack 0
#
ipv4-family unicast
undo synchronization
peer 2.2.2.2 enable
peer 3.3.3.3 enable
peer 4.4.4.4 enable
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.1.0 0.0.0.3
network 10.1.2.0 0.0.0.3
#
return
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ip address 10.1.3.1 255.255.255.252
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
bgp 10
router-id 2.2.2.2
peer 1.1.1.1 as-number 10
peer 1.1.1.1 connect-interface LoopBack 0
peer 3.3.3.3 as-number 10
peer 3.3.3.3 connect-interface LoopBack 0
peer 4.4.4.4 as-number 10
peer 4.4.4.4 connect-interface LoopBack 0
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
peer 3.3.3.3 enable
peer 4.4.4.4 enable
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.3
network 10.1.3.0 0.0.0.3
network 2.2.2.2 0.0.0.0
#
return
area 0.0.0.0
network 10.1.2.0 0.0.0.3
network 10.1.4.0 0.0.0.3
network 3.3.3.3 0.0.0.0
#
return
Networking Requirements
As shown on the network shown in Figure 5-17,routers run OSPF and GTSM is enabled on
Router A, Router B, and Router C.
RouterB
Virtual Link
POS1/0/0
192.168.1.2/24
Virtual Link
RouterC
Area1
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure OSPF.
2. Enable GTSM on each router and specify a valid TTL range for packets.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure an IP address for each interface. This example assumes that you know the
configuration method and no details are provided here.
5.2 Configuring Basic OSPF Functions shows how to configure basic OSPF functions. For
details about the configuration, see the configuration files.
# On Router A, set the maximum valid TTL range for packets from Router A to other routers is
255 to 255.
[RouterA] ospf valid-ttl-hops 1
# On Router B, set the maximum valid TTL range for packets from Router B to other routers is
254 to 255.
[RouterB] ospf valid-ttl-hops 2
# On Router C, set the maximum valid TTL range for packets from Router C to other routers is
254 to 255.
[RouterC] ospf valid-ttl-hops 2
# Check whether OSPF neighbor relationships between routers are successfully established.
Take the display on Router C as an example. The neighbor relationship is Full, indicating that
the neighbor relationship is successfully established.
[RouterC] display ospf peer
# On Router C, run the display gtsm statistics all command. You can view GTSM statistics on
Router C. The default behavior is pass, no illegal packets exist, and the number of discarded
packets is 0.
<RouterC> display gtsm statistics all
----End
Configuration files
l Configuration file of Router A
#
sysname RouterA
#
router id 1.1.1.1
#
interface GigabitEthernet3/0/0
undo shutdown
ip address 10.1.1.1 255.0.0.0
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 192.168.1.1 255.255.255.0
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ip address 192.168.2.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
area 0.0.0.1
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
vlink-peer 2.2.2.2
vlink-peer 3.3.3.3
#
ospf valid-ttl-hops 1
#
return
ospf valid-ttl-hops 3
#
return
6 OSPFv3 Configuration
By building Open Shortest Path First Version 3 (OSPFv3) networks, you can enable OSPFv3
to discover and calculate routes in ASs. OSPFv3 is applicable to a large-scale network that
consists of hundreds of routers.
6.1 Introduction
The OSPFv3 protocol, which is a link-state IGP, runs on IPv6 networks.
By configuring OSPFv3 GR, you can avoid inaccurate route calculation and packet loss after
an OSPFv3 device restarts.
6.1 Introduction
The OSPFv3 protocol, which is a link-state IGP, runs on IPv6 networks.
The Open Shortest Path First Version 3.0 (OSPFv3) supports the version 6 of the Internet
Protocol (IPv6). OSPFv3 conforms to RFC 2740 (OSPF for IPv6).
l 32-bit Router ID, Area ID, and Link State Advertisement (LSA) link-state ID
l Five types of packets such as Hello, Database Description (DD), Link State Request (LSR),
Link State Update (LSU), and Link State Acknowledgement (LSAck) packets
l Neighbor discovery and adjacency establishment mechanisms
l Flooding and aging mechanisms of LSAs
l LSA types
– If a router restarts because of abnormalities, you can enable OSPFv3 Graceful Restart
(GR) to avoid service interruption during the restart of the router.
Applicable Environment
Enable the OSPFv3 process and specify its router ID before configuring OSPFv3; otherwise,
other functions cannot take effect.
You must enable OSPFv3 and specify the interface and area ID before configuring other
functions. OSPFv3 configurations, however, are independent of interface-related features.
Pre-configuration Tasks
Before configuring basic OSPFv3 functions, complete the following tasks:
Data Preparation
To configure basic OSPFv3 functions, you need the following data.
No. Data
1 Router ID
2 OSPFv3 process ID
Context
OSPFv3 supports multiple processes. Multiple OSPFv3 processes running on one router are
differentiated by process IDs. OSPFv3 process ID is set when OSPFv3 is enabled and is only
locally valid. It does not affect the packet exchange with other routers.
In the format of an IPv4 address, a router ID is a 32-bit unsigned integer that uniquely identifies
a router within an AS. The router ID of OSPFv3 must be manually set. If no router ID is set,
OSPFv3 fails to run normally.
When manually setting the router ID, ensure that the router IDs of any two routers in an AS are
different. When multiple processes are enabled on a router, it is necessary to specify a unique
route ID for each process.
To ensure the stable running of OSPFv3, you need to allocate router IDs and set them in network
planning.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospfv3 [ process-id ] [ vpn-instance vpn-instance-name ]
Step 3 Run:
router-id router-id
A Router ID is set.
----End
Context
After enabling OSPFv3 in the system view, you need to enable OSPFv3 on the interface. Because
an interface has multiple instances, you need to specify which instance of the interface is enabled
in the OSPFv3 process when OSPFv3 is enabled on the interface. If no instance ID is specified,
the value defaults to 0. The same instance must be enabled on the interfaces between which the
neighbor relationship is set up.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
The area ID can be a decimal integer or in the IPv4 address format, but it is displayed in the IPv4
address format.
Step 4 (Optional) Run the ospfv3 network-type { broadcast | nbma | p2mp [ non-broadcast ] |
p2p } [ instance instance-id ] command to configure the network type of an interface.
When an interface supports multi-instances, you must specify the value of instance-id when
enabling OSPFv3 on the interface. If the value of instance-id is not specified, the default value
0 is adopted. In this case, the configured network type of an interface mismatches the actual
network type of the interface. This step is mandatory in such a case.
----End
Context
You must configure the devices in the same area based on the area. Otherwise, the neighbor
devices cannot exchange information with each other. The congestion of routing information or
routing loop is therefore caused.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospfv3 [ process-id ]
Step 3 Run:
area area-id
The area ID can be a decimal integer or in the IPv4 address format, but it is displayed in the IPv4
address format.
An OSPFv3 area cannot be deleted directly. Only after all the configurations in the area view
are removed and the status of the related interfaces in this area become Down, this area is
automatically removed.
----End
Prerequisites
The Basic OSPFv3 Functions has been configured.
Procedure
l Run the display ospfv3 [ process-id ] command to check the summary information about
the OSPFv3 process.
l Run the display ospfv3 [ process-id ] interface [ area area-id ] [ interface-type interface-
number ] command to check the OSPFv3 interface information.
l Run the commands as follow to check the LSDB information about OSPFv3:
– display ospfv3 [ process-id ] lsdb [ area area-id ] [ originate-router advertising-
router-id | self-originate ] [ { router | network | inter-router [ asbr-router asbr-
router-id ] | { inter-prefix | nssa } [ ipv6-address prefix-length ] | link | intra-prefix |
grace } [ link-state-id ] ]
– display ospfv3 [ process-id ] lsdb [ originate-router advertising-router-id | self-
originate ] external [ ipv6-address prefix-length ] [ link-state-id ]
l Run the display ospfv3 [ process-id ] [ area area-id ] peer [ interface-type interface-
number ] [ verbose ] command or display ospfv3 [ process-id ] [ area area-id ] peer
neighbor-id [ verbose ] command to check the information about the OSPFv3 neighbor.
l Run the commands as follow to check the OSPFv3 routing table:
– display ospfv3 [ process-id ] routing uninstalled
– display ospfv3 [ process-id ] routing [ abr-routes | asbr-routes | statistics
[ uninstalled ] | ipv6-address prefix-length | intra-routes | inter-routes | ase-routes |
nssa-routes ]
l Run the display ospfv3 [ process-id ] path command to check the paths to a destination
address.
l Run the display default-parameter ospfv3 command to check the default OSPFv3
configuration.
----End
Applicable Environment
In applications, establishing or maintaining the OSPFv3 neighbor relationship is a premise for
the construction of an OSPFv3 network. After the configuration in this section, you can:
l Adjust the convergence speed of the OSPFv3 network and network load posed by protocol
packets by modifying OSPFv3 timers.
l Enable OSPFv3 to be disconnected from its neighbor when the number of OSPFv3 packet
retransmissions exceeds the threshold by configuring Retransmission Limitation for
OSPFv3. This prevents non-stop packet retransmissions if the neighbor does not receive
packets.
l Speed up the convergence of an OSPFv3 network by adjusting the intervals for updating
and receiving LSAs.
Pre-configuration Tasks
Before establishing or maintaining the OSPFv3 neighbor relationship, complete the following
tasks:
Data Preparation
To establish or maintain the OSPFv3 neighbor relationship, you need the following data.
No. Data
Context
Hello packets are periodically sent to the neighbor router to detect and maintain the neighbor
relationship and to elect the DR and the BDR. RFC 2328 requires that the Hello timer values of
neighbors be consistent. The value of the Hello timer is inversely proportional to the route
convergence speed and network load.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
ospfv3 timer hello interval [ instance instance-id ]
----End
Context
If a router does not receive any Hello packet from its neighbor during a specified period, the
neighbor router is considered invalid. The specified period is called the dead time of the neighbor
relationship. The dead time must be at least four times the Hello interval on an interface.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
ospfv3 timer dead interval [ instance instance-id ]
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
ospfv3 timer retransmit interval [ instance instance-id ]
The value of seconds must be greater than the time taken to transmit a packet between two
routers.
NOTE
Do not set a value which is too small, for the interval between LSA retransmissions. Otherwise, unnecessary
retransmissions may occur.
----End
Context
The LSA ages out in the LSDB of a local router instead of in the transmission process. You need
to set the delay for an LSA before sending it. For a low-speed network, this configuration is
necessary.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
ospfv3 trans-delay interval [ instance instance-id ]
----End
Prerequisites
The Establishing or Maintaining OSPFv3 Neighbor Relationship has been configured.
Procedure
l Run the display ospfv3 [ process-id ] interface [ area area-id ] [ interface-type interface-
number ] command to check the OSPFv3 interface information.
----End
Applicable Environment
To reduce the number of LSAs in the network and enhance OSPFv3 extensibility, define OSPFv3
areas. For some non-backbone areas at the edge of ASs, you can define them as stub areas for
further reducing the size of the routing table and the number of LSAs.
The current NE80E/40E version does not support OSPFv3 NSSA areas.
Pre-configuration Tasks
Before configuring OSPFv3 area attributes, complete the following tasks:
Data Preparation
To configure OSPFv3 area attributes, you need the following data.
No. Data
Context
Perform the following steps on each router that runs OSPFv3 in the stub area:
Procedure
Step 1 Run:
system-view
The cost of the default route sent to the stub area is set.
By default, the cost of the default route sent to the stub area is 1.
This command is configured on the ABR of the stub area only to set the cost of the default route
to be sent to the stub area. This command does not need to be configured on other routers in the
stub area.
The parameter no-summary takes effect only when the stub command is configured on the
ABR. If this parameter is configured, the ABR only sends the summary-LSA of a default route
to the stub area without originating other summary-LSAs. The stub area without AS-external-
LSAs or Summary-LSAs is called a totally stub area.
----End
Context
After OSPFv3 areas are defined, OSPFv3 route update between non-backbone areas is
implemented through a backbone area. Then, OSPFv3 requires that all non-backbone areas
should maintain the connectivity with the backbone area and the backbone area should maintain
its own connectivity. In actual applications, this requirement may not be met because of some
restrictions. To solve this problem, you can configure OSPFv3 virtual links.
A virtual link must be configured at both ends of the link; otherwise, it does not take effect.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospfv3 [ process-id ]
Step 3 Run:
area area-id
Step 4 Run:
vlink-peer neighbor-id [ hello hello-interval | retransmit retransmit-interval |
trans-delay trans-delay-interval | dead dead-interval | { ipsec sa sa-name |
authentication-mode { hmac-sha256 key-id key-id { plain plain-text | [ cipher ]
cipher-text } | keychain keychain-name } } | instance instance-id ] *
----End
Prerequisites
The OSPFv3 Areas has been configured.
Procedure
l Run the commands as follow to check the LSDB information about OSPFv3:
– display ospfv3 [ process-id ] lsdb [ area area-id ] [ originate-router advertising-
router-id | self-originate ] [ { router | network | inter-router [ asbr-router asbr-
router-id ] | { inter-prefix | nssa } [ ipv6-address prefix-length ] | link | intra-prefix |
grace } [ link-state-id ] ]
– display ospfv3 [ process-id ] lsdb [ originate-router advertising-router-id | self-
originate ] external [ ipv6-address prefix-length ] [ link-state-id ]
l Run the commands as follow to check the OSPFv3 routing table:
– display ospfv3 [ process-id ] routing uninstalled
----End
Applicable Environment
An NSSA allows the transmission of Type 7 LSAs, which are generated by ASBRs in an NSSA.
The Type 7 LSAs converting into Type 5 LSAs in the NSSA and advertised to other areas.
Pre-configuration Tasks
Before configuring an OSPFv3 NSSA, complete the following tasks:
Data Preparation
To configure an OSPFv3 NSSA, you need the following data.
No. Data
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospfv3 [ process-id ]
Step 3 Run:
area area-id
Step 4 Run:
nssa [ default-route-advertise [ cost cost | type type | tag tag ] * | no-import-
route | no-summary | translator-always | translator-interval translator-interval |
set-n-bit ] *
----End
Follow-up Procedure
To connect routers to an NSSA, you need to run the nssa command to configure NSSA attributes
for the area to which the routers belong.
The area may be updated after NSSA attributes are configured or deleted. Therefore, the NSSA
attributes can be re-configured or deleted only after the last update of NSSA attributes is
complete.
Prerequisites
OSPFv3 NSSAs has been configured.
Procedure
l Run the display ospfv3 area command to check information about OSPFv3 areas.
l Run the commands as follow to check the OSPFv3 routing table.
– display ospfv3 [ process-id ] routing uninstalled
– display ospfv3 [ process-id ] routing [ abr-routes | asbr-routes | statistics
[ uninstalled ] | ipv6-address prefix-length | intra-routes | inter-routes | ase-routes |
nssa-routes ]
----End
Applicable Environment
In actual applications, to meet the requirements of a complicated networking environment, you
can change OSPFv3 routing policies by configuring OSPFv3 route attributes. Through the
following procedures, you can:
Pre-configuration Tasks
Before configuring OSPFv3 route attributes, complete the following tasks:
Data Preparation
To configure OSPFv3 route attributes, you need the following data.
No. Data
1 Link cost
Context
You can control route calculation by setting the link cost of OSPFv3 on different interfaces.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
ospfv3 cost cost [ instance instance-id ]
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospfv3 [ process-id ]
Step 3 Run:
maximum load-balancing number
When the number of equal-cost routes is greater than number specified in the maximum load-
balancing command, valid routes are selected for load balancing based on the following criteria:
1. Route preference: Routes with lower preferences are selected for load balancing. For details
about route preference configuration, see Step 4.
2. Interface index: If routes have the same priorities, routes with higher interface index values
are selected for load balancing.
3. Next hop IP address: If routes have the same priorities and interface index values, routes
with larger IP address are selected for load balancing.
To specify valid routes for load balancing, run the nexthop command to set the route preference.
Ensure that the preferences of valid routes to be used must be high.
The smaller the weight value, the higher the preference of the route. The default weight value
is 255, which indicates that load balancing is implemented regardless of the route preferences.
----End
Prerequisites
The OSPFv3 Route Attributes has been configured.
Procedure
l Run the display ospfv3[ process-id ] interface [ area area-id ] [ interface-type interface-
number ] command to check the OSPFv3 interface information.
l Run the commands as follow to check the LSDB information about OSPFv3:
– display ospfv3 [ process-id ] lsdb [ area area-id ] [ originate-router advertising-
router-id | self-originate ] [ { router | network | inter-router [ asbr-router asbr-
router-id ] | { inter-prefix | nssa } [ ipv6-address prefix-length ] | link | intra-prefix |
grace } [ link-state-id ] ]
– display ospfv3 [ process-id ] lsdb [ originate-router advertising-router-id | self-
originate ] external [ ipv6-address prefix-length ] [ link-state-id ]
l Run the commands as follow to check the OSPFv3 routing table:
– display ospfv3 [ process-id ] routing uninstalled
– display ospfv3 [ process-id ] routing [ abr-routes | asbr-routes | statistics
[ uninstalled ] | ipv6-address prefix-length | intra-routes | inter-routes | ase-routes |
nssa-routes ]
----End
Applicable Environment
Through the configuration in this section, you can control the advertising and receiving of
OSPFv3 routing information and configure OSPFv3 to import external routes.
Pre-configuration Tasks
Before controlling OSPFv3 routing information, complete the following tasks:
Data Preparation
To control OSPFv3 routing information, you need the following data.
No. Data
Context
If multiple continuous network segments exist in this area, use the abr-summary command to
summarize them into one network segment. In this way, the ABR only sends an LSA after
summarization. No LSA that belongs to the summarization network segment is separately
transmitted, therefore reducing the LSDB size of other areas.
When a large number of routes are imported, use the asbr-summary command to summarize
the imported routes and set the delay for advertising the summarized route. In this manner, the
summarized route advertised each time contains more valid routing information, and network
flapping caused by incorrect routing information is avoided.
Procedure
l Configure route summarization on an ABR.
Perform the following steps on the ABR that runs OSPFv3:
1. Run:
system-view
cost cost set the cost of a summarized route. By default, the cost of a summarized
route is the maximum cost among those of routes that are summarized. The value
ranges from 1 to 16777214.
1. Run:
system-view
cost cost specifies the cost of a summarized route. By default, the cost of a summarized
route is the maximum cost among those of routes that are summarized. The value
ranges from 1 to 16777214.
tag tag specifies the tag used to control route advertisement. The value of this
parameter ranges from 1 to 4294967295.
If not-advertise is specified in the command, the summarized IPv6 route that matches
a specified IPv6 prefix or prefix length is not advertised.
----End
Context
After receiving LSAs, OSPFv3 determines whether to add the calculated routes to the local
routing table according to the filtering policy.
Procedure
Step 1 Run:
system-view
rule with a larger number in the same ACL and specify the action permit in this rule
to receive or advertise the other routes.
Route filtering using a whitelist: Configure a rule with a smaller number and specify
the action permit in this rule to permit the routes to be received or advertised by the
system. Then, configure another rule with a larger number in the same ACL and
specify the action deny in this rule to filter out unwanted routes.
l Configure an advanced ACL:
1. Run:
filter-policy acl6-name acl6-name import
Run:
filter-policy ipv6-prefix ipv6-prefix-name import
Using the filter-policy command, you can only filter the routes calculated by OSPFv3. Routes
that do not pass the filtering are neither added to the OSPFv3 routing table nor advertised.
----End
Context
Because OSPFv3 is a link state-based routing protocol and cannot directly filter the advertised
LSAs, OSPFv3 must filter the routes when importing them. Then, only the routes that pass the
filtering can be advertised.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospfv3 [ process-id ]
Step 3 Run:
default { cost cost | tag tag | type type } *
Step 4 Run:
import-route protocol [ process-id ] [ { cost cost | inherit-cost } | type type |
tag tag | route-policy route-policy-name ] *
NOTE
1. Run:
filter-policy acl6-name acl6-name export [ protocol [ process-id ] ]
After you run the import-route command on an OSPFv3 device to import external routes, the
router becomes an ASBR.
You can configure OSPFv3 to filter a certain type of routing information by specifying the
protocol. If protocol is not specified, OSPFv3 filters all the imported routes.
NOTE
The filter-policy command takes effect only on the routes imported through the import-route command
by the ASBR, that is, filters the imported routes. The routes that are filtered out do not generate LSAs and
cannot be advertised by OSPFv3. If the import-route command is not configured to import other external
routes (including OSPFv3 devices in different processes), the filter-policy command does not takes effect.
----End
Context
After filtering conditions are set for the incoming or outgoing Type 3 LSAs (Inter-Area-Prefix
LSAs) in an area, only the Type 3 LSAs that meet the filtering conditions can be received or
advertised.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospfv3 [ process-id ]
Step 3 Run:
area area-id
----End
Prerequisites
Controlling OSPFv3 Routing Information has been configured.
Procedure
l Run the commands as follow to check the OSPFv3 route aggregation:
– display ospfv3 [ process-id ] abr-summary-list [ ipv6-address prefix-length ]
– display ospfv3 [ process-id ] asbr-summary [ ipv6-address prefix-length ]
[ verbose ]
l Run the commands as follow to check the LSDB information about OSPFv3:
– display ospfv3 [ process-id ] lsdb [ area area-id ] [ originate-router advertising-
router-id | self-originate ] [ { router | network | inter-router [ asbr-router asbr-
router-id ] | { inter-prefix | nssa } [ ipv6-address prefix-length ] | link | intra-prefix |
grace } [ link-state-id ] ]
– display ospfv3 [ process-id ] lsdb [ originate-router advertising-router-id | self-
originate ] external [ ipv6-address prefix-length ] [ link-state-id ]
l Run the commands as follow to check the OSPFv3 routing table:
– display ospfv3 [ process-id ] routing uninstalled
– display ospfv3 [ process-id ] routing [ abr-routes | asbr-routes | statistics
[ uninstalled ] | ipv6-address prefix-length | intra-routes | inter-routes | ase-routes |
nssa-routes ]
----End
Applicable Environment
By adjusting the OSPFv3 timer, you can change the convergence speed of an OSPFv3 network
and the network overload caused by protocol packets. On low-speed links, you need to consider
the delay in transmitting LSAs on the interface. By adjusting the SPF calculation interval, you
can mitigate resource consumption due to frequent network changes.
You can specify the DR priority of an interface to affect the DR/BDR election in a broadcast
network.
Pre-configuration Tasks
Before optimizing an OSPFv3 network, complete the configuration tasks:
Data Preparation
To optimize an OSPFv3 network, you need the following data.
No. Data
Context
Whenever the LSDB of OSPFv3 changes, the shortest path should be recalculated. Calculating
the shortest path each time the LSDB changes consumes enormous resources and lowers the
efficiency of a router.
Adjusting the SPF delay and hold interval can suppress frequent network changes to avoid
resource consumption.
Procedure
l Configure an SPF normal timer.
1. Run:
system-view
NOTE
An SPF normal timer and an SPF intelligent timer are mutually exclusive.
----End
Context
When a network is unstable, control the minimum interval for receiving the same LSA update.
To prevent unnecessary LSA updates caused by network changes, by default, set the interval for
receiving the same LSA update to 1000 ms.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospfv3 [ process-id ]
Step 3 Run:
lsa-arrival-interval arrival-interval
----End
Context
Setting the millisecond-level interval for generating the same LSA speeds up network
convergence. When a network becomes unstable, reduce the interval for generating the same
LSA by using an intelligent timer.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospfv3 [ process-id ]
Step 3 Run:
lsa-originate-interval intelligent-timer max-interval start-interval hold-interval
----End
Context
To prevent a router from advertising routes to the router on a certain network and from importing
the routes of other routers, you can suppress the interface on which OSPFv3 is enabled from
receiving and sending OSPFv3 packets.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospfv3 [ process-id ]
Step 3 Run:
silent-interface interface-type interface-number
----End
Follow-up Procedure
Different processes can suppress the same interface from sending and receiving OSPFv3 packets,
but the silent-interface command is valid only for the OSPFv3 interface on which the specified
process is enabled, and does not take effect on the interface of other processes.
After an OSPFv3 interface is set to be silent, the interface can still advertise its direct routes
through the Intra-Area-Prefix-LSA of the same router. No OSPFv3 neighbor relationship can
be set up on the interface. Therefore, the OSPFv3 adaptability is enhanced.
Context
The DR priority on a router interface qualifies the interface for the Designated Router (DR)
election. If the DR priority is 0, the router cannot be elected as a DR or Backup Designated
Router (BDR).
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
ospfv3 dr-priority priority [ instance instance-id ]
----End
Follow-up Procedure
After the DR priority is changed, you can re-elect a DR or BDR through the following methods,
which, however, will result in the interruption of the OSPFv3 neighbor relationship between
routers and therefore are used only when necessary.
l Running the shutdown and undo shutdown commands on the interface on which the
OSPFv3 neighbor relationship is set up.
Context
A stub router is used to control traffic. It notifies OSPFv3 devices not to forward data by the
stub router, but they can have a route to the stub router.
Procedure
Step 1 Run:
system-view
NOTE
There is no correlation between the stub router configured through this command and the router in the stub
area.
----End
Procedure
Step 1 Run:
system-view
After the command is used, the interface does not check the MTU field of a received DD packet.
----End
Prerequisites
Optimizing an OSPFv3 Network has been configured.
Procedure
l Run the display ospfv3[ process-id ] interface [ area area-id ] [ interface-type interface-
number ] command to check the OSPFv3 interface information.
l Run the commands as follow to check the LSDB information about OSPFv3:
– display ospfv3 [ process-id ] lsdb [ area area-id ] [ originate-router advertising-
router-id | self-originate ] [ { router | network | inter-router [ asbr-router asbr-
router-id ] | { inter-prefix | nssa } [ ipv6-address prefix-length ] | link | intra-prefix |
grace } [ link-state-id ] ]
– display ospfv3 [ process-id ] lsdb [ originate-router advertising-router-id | self-
originate ] external [ ipv6-address prefix-length ] [ link-state-id ]
l Run the commands as follow to check the OSPFv3 routing table:
– display ospfv3 [ process-id ] routing uninstalled
– display ospfv3 [ process-id ] routing [ abr-routes | asbr-routes | statistics
[ uninstalled ] | ipv6-address prefix-length | intra-routes | inter-routes | ase-routes |
nssa-routes ]
----End
Applicable Environment
To prevent route flapping and service interruption due to the restart of OSPFv3, you can enable
OSPFv3 GR.
After OSPFv3 restarts, the GR restarter and the GR helper keep the neighbor relationship,
exchange routing information, synchronize the database, and update the routing table and the
forwarding table. OSPFv3 fast convergence is therefore realized.
Pre-configuration Tasks
Before configuring OSPFv3 GR, complete the following task:
Data Preparation
To configure OSPFv3 GR, you need the following data.
No. Data
1 OSPFv3 process ID
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospfv3 process-id
Step 3 Run:
graceful-restart [ period period | ack-time time | retransmit-interval interval |
lsa-checking-ignore | planned-only ] *
OSPFv3 GR is enabled.
ack-time is optional. After ack-time is specified, the restarter can discover more neighbors in
the time period.
----End
Procedure
Step 1 Run:
system-view
----End
Prerequisites
OSPFv3 GR has been configured.
Procedure
l Run the display ospfv3 [ process-id ] graceful-restart-information command to check
the status of OSPFv3 GR.
----End
Example
Run the display ospfv3 graceful-restart-information command, and you can view that the
local router is enabled with GR.
<HUAWEI> display ospfv3 graceful-restart-information
Applicable Environment
To increase the convergence speed of OSPFv3 when the link status changes, you can configure
BFD on OSPFv3 links.
BFD keeps track of liveliness of network links and detects any faults in the links much faster
than the normal keep-alive protocols. When OSPFv3 is associated with BFD sessions, link
failures are notified immediately to OSPFv3 by BFD and OSPFv3 can take actions to perform
route calculation and converge in the new network topology.
Pre-configuration Tasks
Before configuring BFD in OSPFv3, complete the following task:
Data Preparation
To configure BFD for OSPFv3, you need the following data.
No. Data
1 OSPFv3 process ID
4 Detect Multiplier
Procedure
Step 1 Run:
system-view
Step 2 Run:
bfd
Step 3 Run:
quit
Step 4 Run:
ospfv3 process-id
Step 5 Run:
bfd all-interfaces enable
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospfv3 process-id
Step 3 Run:
bfd all-interfaces { min-transmit-interval min-transmit-value | min-receive-
interval min-receive-value | detect-multiplier detect-multiplier-value } *
You can skip this step. The default interval at which BFD packets are transmitted and the default
detection multiplier are recommended.
The parameters are configured based on the network status and network reliability requirements.
A short interval at which BFD packets are transmitted can be configured for a link that has a
higher requirement for reliability. A long interval at which BFD packets are transmitted can be
configured for a link that has a lower requirement for reliability.
NOTE
l Actual interval at which BFD packets are transmitted on the local devices = Max { configured interval
min-transmit-value at which BFD packets are transmitted, configured interval min-receive-value at
which BFD packets are received on the peer device }
l Actual interval at which BFD packets are received on the local devices = Max { configured interval
min-transmit-value at which BFD packets are transmitted on the peer device, configured interval min-
receive-value at which BFD packets are received on the local device }
l Actual time for detecting BFD packets = Actual interval at which BFD packets are received on the
local device x Configured detection multiplier detect-multiplier-value
For example:
l On the local device, the configured interval at which BFD packets are transmitted is 200 ms; the interval
at which BFD packets are received is set to 300 ms; the detection multiplier is 4.
l On the peer device, the configured interval at which BFD packets are transmitted is 100 ms; the interval
at which BFD packets are received is 600 ms; the detection multiplier is 5.
Then:
l On the local device, the actual interval at which BFD packets are transmitted is 600 ms calculated by
using the formula max {200 ms, 600 ms}; the interval at which BFD packets are received is 300 ms
calculated by using the formula max {100 ms, 300 ms}; the detection period is 1500 ms calculated by
multiplying 300 ms by 5.
l On the peer device, the actual interval at which BFD packets are transmitted is 300 ms calculated by
using the formula max {100 ms, 300 ms}, the actual interval at which BFD packets are received is 600
ms calculated by using the formula max {200 ms, 600 ms}, and the detection period is 2400 ms
calculated by multiplying 600 ms by 4.
----End
Procedure
Step 1 Run:
system-view
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
ospfv3 bfd { min-transmit-interval min-transmit-value | min-receive-interval min-
receive-value | detect-multiplier detect-multiplier-value } * [ instance instance-
id ]
You can skip this step. The default interval at which BFD packets are transmitted and the default
detection multiplier are recommended.
The parameters are configured based on the network status and network reliability requirements.
A short interval at which BFD packets are transmitted can be configured for a link that has a
higher requirement for reliability. A long interval at which BFD packets are transmitted can be
configured for a link that has a lower requirement for reliability.
NOTE
l Actual interval at which BFD packets are transmitted on the local devices = Max { configured interval
min-transmit-value at which BFD packets are transmitted, configured interval min-receive-value at
which BFD packets are received on the peer device }
l Actual interval at which BFD packets are received on the local devices = Max { configured interval
min-transmit-value at which BFD packets are transmitted on the peer device, configured interval min-
receive-value at which BFD packets are received on the local device }
l Actual time for detecting BFD packets = Actual interval at which BFD packets are received on the
local device x Configured detection multiplier detect-multiplier-value
For example:
l On the local device, the configured interval at which BFD packets are transmitted is 200 ms; the interval
at which BFD packets are received is set to 300 ms; the detection multiplier is 4.
l On the peer device, the configured interval at which BFD packets are transmitted is 100 ms; the interval
at which BFD packets are received is 600 ms; the detection multiplier is 5.
Then:
l On the local device, the actual interval at which BFD packets are transmitted is 600 ms calculated by
using the formula max {200 ms, 600 ms}; the interval at which BFD packets are received is 300 ms
calculated by using the formula max {100 ms, 300 ms}; the detection period is 1500 ms calculated by
multiplying 300 ms by 5.
l On the peer device, the actual interval at which BFD packets are transmitted is 300 ms calculated by
using the formula max {100 ms, 300 ms}, the actual interval at which BFD packets are received is 600
ms calculated by using the formula max {200 ms, 600 ms}, and the detection period is 2400 ms
calculated by multiplying 600 ms by 4.
----End
Prerequisites
The BFD is enabled and configured for OSPFv3.
Procedure
l Run the display ospfv3 [ process-id ] bfd session [ interface-type interface-number ]
[ neighbor-id ] [ verbose ] command to check the BFD session information.
----End
Applicable Environment
With the development of networks, Voice over IP (VoIP) and on-line video services require
high-quality real-time transmission. Nevertheless, if an OSPFv3 fault occurs, traffic can be
switched to a new link only after the following processes: fault detection at the millisecond level,
notifying the fault to the routing control plane at the millisecond level, generating and flooding
new topology information at the tens of milliseconds level, triggering SPF calculation at the tens
of milliseconds level, and notifying and installing a new route at the hundreds-of-milliseconds
level. As a result, it takes much more than 50 ms to recovery the link from the fault, which cannot
meet the requirement for real-time services on the network.
With OSPFv3 IP FRR that calculates a backup link in advance, devices can fast switch traffic
to the backup link without interrupting traffic when the primary link becomes faulty. This
protects traffic and therefore greatly improves the reliability of OSPFv3 networks.
OSPFv3 IP FRR is applicable to the services that are sensitive to packet delay and packet loss.
Pre-configuration Tasks
Before configuring OSPFv3 IP FRR, complete the following tasks:
l Configuring IP addresses for interfaces to ensure that neighboring routers are reachable at
the network layer
l Configuring Basic OSPFv3 Functions
Data Preparation
To configure OSPFv3 IP FRR, you need the following data.
No. Data
1 OSPFv3 process ID
Procedure
Step 1 Run:
system-view
Step 2 Run:
Step 3 Run:
frr
Step 4 Run:
loop-free-alternate
NOTE
OSPFv3 can generate the loop-free backup link only when the OSPFv3 IP FRR traffic protection inequality
is met.
After OSPFv3 IP FRR filtering policies are configured, only the OSPFv3 backup routes that
match the filtering conditions can be delivered to the forwarding table. To protect the traffic
over a specific OSPFv3 route, you can configure a filtering policy that matches the OSPFv3
route to ensure that the route can be added to the forwarding table. When this route becomes
faulty, OSPFv3 can fast switch the traffic to a backup link.
----End
Context
During the configuration of OSPFv3 IP FRR, the lower layer needs to fast respond to the link
change so that traffic can be rapidly switched to the backup link in the case of a link failure.
Bind BFD to the link status so that link faults can be detected rapidly. This ensures that traffic
is rapidly switched to the backup link in the case of link failures.
Binding OSPFv3 IP FRR and BFD can configure in a specified process or on a specified
interface. The priority of BFD configured on an interface is higher than that of BFD configured
in an OSPFv3 process. If BFD is enabled on an interface, a BFD session is established according
to the BFD parameters set on the interface.
Procedure
l Binding OSPFv3 IP FRR and BFD in a specified process .
1. Run:
system-view
2. Run:
bfd
----End
interface from being a part of a backup link and being burdened after FRR switches traffic to
the backup link.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
ospfv3 frr block
----End
Prerequisites
All OSPFv3 IP FRR configurations have been configured.
Procedure
l Run the display ospfv3 [ process-id ] routing verbose command to check information
about the primary and backup links after OSPFv3 IP FRR is enabled.
----End
Example
View the routes to the specified OSPFv3 device.
<HUAWEI> display ospfv3 routing verbose
The preceding display shows that a backup route is generated on device, including information
about the backup next hop: Backup NextHop is address of the backup next hop, Backup
Interface is outbound interface of the backup next hop, Backup Type is type of the backup next
hop.
Applicable Environment
OSPFv3 IPSec uses a complete set of IPSec mechanisms to authenticate sent and received
OSPFv3 packets, protecting devices against pseudo OSPFv3 packets.
Pre-configuration Tasks
Before configuring OSPFv3 IPSec, complete the following tasks:
Data Preparation
To configure OSPFv3 IPSec, you need the following data.
No. Data
1 Security protocol
5 AH security parameter indexes used for protecting incoming and outgoing traffic
6 ESP security parameter indexes used for protecting incoming and outgoing traffic
7 AH authentication key (in the format of a string) used for protecting incoming and
outgoing traffic
8 ESP authentication key (in the format of a string) used for protecting incoming and
outgoing traffic
9 AH authentication key (in the hexadecimal format) used for protecting incoming and
outgoing traffic
No. Data
10 ESP authentication key (in the hexadecimal format) used for protecting incoming and
outgoing traffic
11 ESP encapsulation key (in the hexadecimal format) used for protecting incoming and
outgoing traffic
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospfv3 [ process-id ]
Step 3 Run:
ipsec sa sa-name
An OSPFv3 process can be associated with multiple OSPFv3 areas. An SA applied in the
OSPFv3 process can be used in the associated areas.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospfv3 [ process-id ]
Step 3 Run:
area area-id
Step 4 Run:
ipsec sa sa-name
NOTE
The SA configured on an OSPFv3 area takes precedence over that configured in an OSPFv3 process.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
ospfv3 ipsec sa sa-name
NOTE
The SA configured on an OSPFv3 interface takes precedence over that configured in an OSPFv3 process
and an OSPFv3 area.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospfv3 [ process-id ]
Step 3 Run:
area area-id
An SA is configured to authenticate the packets sent and received on the Virtual Link.
NOTE
The SA configured on a virtual link takes precedence over that configured in an OSPFv3 process and
OSPFv3 area 0.
----End
Procedure
Step 1 Run:
system-view
NOTE
The SA configured on a sham link takes precedence over that configured in an OSPFv3 process and OSPFv3
area 0.
----End
Prerequisites
The OSPFv3 IPSec has been configured.
Perform the following steps on the router that runs OSPFv3.
Procedure
l Run the display ospfv3 [ process-id ] command to view the SA applied in a specified
process.
l Run the display ospfv3 [ process-id ] interface command to view the SA applied on a
specified interface.
l Run the display ospfv3 [ process-id ] area [ area-id ] command to view the SA applied
in a specified area.
l Run the display ospfv3 [ process-id ] vlink command to view the SA applied on the peer
end of a virtual link.
l Run the display ospfv3 [ process-id ] sham-link command to view the SA applied on the
peer end of a sham link.
----End
Example
Run the display ospfv3 command, and you can view the SA configured in an OSPFv3 process.
For example:
<HUAWEI> display ospfv3
Routing Process "OSPFv3 (1)" with ID 0.0.0.0
SPF schedule delay 5 secs, Hold time between SPFs 10 secs
Minimum LSA interval 5 secs, Minimum LSA arrival 1 secs
Stub router capability: enabled
Number of external LSA 0. Checksum Sum 0x0000
Number of AS-Scoped Unknown LSA 0
Number of FULL neighbors 0
Number of Exchange and Loading neighbors 0
Maximum ASE LS ID 1 and Unused list Count 0
Number of LSA originated 0
Number of LSA received 0
SPF Count : 0
Non Refresh LSA : 0
Non Full Nbr Count : 0
Number of areas in this router is 1
IP security association configured: sa1
Run the display ospfv3 area command, and you can view the SA configured in an OSPFv3
area. For example:
<HUAWEI> display ospfv3 area
OSPFv3 Process (1)
Area BACKBONE(0) Status: down
Number of interfaces in this area is 0
SPF algorithm executed 0 times
Number of LSA 0. Checksum Sum 0x0000
Number of Unknown LSA 0
Area Bdr Router count: 0
Area ASBdr Router count: 0
IP security association configured: sa1
Area 0.0.0.1 Status: up
Number of interfaces in this area is 1
SPF algorithm executed 3 times
Number of LSA 4. Checksum Sum 0x23AC8
Number of Unknown LSA 0
Area Bdr Router count: 0
Area ASBdr Router count: 1
IP security association configured: sa4
Run the display ospfv3 interface command, and you can view the SA configured in an OSPFv3
interface. For example:
<HUAWEI> display ospfv3 interface gigabitethernet 1/0/0
GigabitEthernet1/0/0 is up, line protocol is up
Interface ID 518
IPv6 Prefixes
FE80::1441:0:E213:1 (Link-Local Address)
2001:DB8:1::1
OSPFv3 Process (1), Area 0.0.0.1, Instance ID 0
Router ID 2.2.2.2, Network Type POINTOPOINT, Cost: 1562
Transmit Delay is 1 sec, State Point-To-Point, Priority 1
No designated router on this link
No backup designated router on this link
Timer interval configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:02
Neighbor Count is 1, Adjacent neighbor count is 1
IP security association configured: sa1
IP security association applied: sa1
Run the display ospfv3 vlink command, and you can view the SA configured on an OSPFv3
virtual link. For example:
<HUAWEI> display ospfv3 vlink
Virtual Link VLINK1 to router 1.1.1.1 is up
Transit area 0.0.0.1 via interface Pos1/0/0, instance ID 0
Local address 2001:DB8:1::1
Remote address 2001:DB8:1::13
Transmit Delay is 1 sec, State Point-To-Point,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:02
Adjacency state Full
IP security association configured: sa1
IP security association applied: sa1
Run the display ospfv3 sham-link command, and you can view the SA configured on an
OSPFv3 sham link. For example:
<HUAWEI> display ospfv3 sham-link
OSPFv3 Process (10)
Sham Link SHAM-LINK1 to router 0.0.0.0 is down
Area 0.0.0.1, via Interface *, Instance ID 0, cost 1
Source address 2001:DB8:1::1
Destination address 2001:DB8:2::2
Interface ID 0x80000002
Sham-Link Interface Events: 0
Sham-Link Interface LsaCount: 0
Sham-Link Interface Lsa Checksum: 0x0
Transmit Delay is 1 sec, State Down
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:00
Adjacency state Down
IP security association configured: sa1
IP security association applied: sa1
Usage Scenario
If an OSPFv3 network requires high security, you can configure OSPFv3 generalized TTL
security mechanism (GTSM) and an authentication mode to improve network security.
l During network attacks, attackers may simulate OSPFv3 unicast packets and continuously
send them to the router. If the packets are destined for the router, it directly forwards them
to the control plane for processing without validating them. As a result, the increased
processing workload on the control plane leads to high CPU usage. GTSM protects the
router against potential attacks and improves system security by checking whether the time
to live (TTL) value in each IP packet header is within a pre-defined range.
NOTE
OSPFv3 GTSM takes effect only on unicast packets and therefore applies to virtual links and sham
links.
l In OSPFv3 authentication, an authentication field is added to each OSPFv3 packet for
encryption. When a local device receives an OSPFv3 packet from a remote device, the local
device discards the packet if the authentication password carried in the packet is different
from the local one, which protects the local device against potential attacks. Therefore,
OSPFv3 authentication improves network security.
Pre-configuration Tasks
Before improving OSPFv3 network security, complete the following tasks:
l Configure an IP address for each interface to ensure that neighboring routers can use the
IP addresses to communicate with each other.
l Configure basic OSPFv3 functions.
Data Preparation
To complete the configuration, you need the following data:
No. Data
1 OSPFv3 process ID
Context
GTSM checks the time to live (TTL) values of only the packets that match a GTSM policy. You
can configure the router to allow the unmatched packets to pass through the filter or to be
discarded. If you configure the router to discard the unmatched packets, enable GTSM on
routers with which the router may communicate because the router discards all packets from
GTSM-incapable routers, and as a result, connections cannot be established.
In addition, you can configure the router to log discarded packets to facilitate future fault locating.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospfv3 valid-ttl-hops valid-ttl-hops-value [ vpn-instance vpn-instance name ]
The ospfv3 valid-ttl-hops command enables OSPFv3 GTSM and sets a TTL value. If you
specify vpn-instance in the command, the router checks the TTL values of packets only in this
VPN. Therefore, if you want to apply the configured TTL value to packets only in a VPN or the
public network, specify pass in the gtsm default-action command to prevent the OSPFv3
packets in other instances from being discarded incorrectly.
NOTE
The valid TTL value ranges from 255 – valid-ttl-hops-value + 1 to 255.
An action is configured for the router to perform on the packets that do not match the GTSM
policy.
By default, pass is executed on packets that do not match the GTSM policy.
NOTE
If an action is configured but a GTSM policy is not, GTSM does not take effect.
----End
OSPFv3 neighbor relationships cannot be established. This section describes how to configure
an authentication mode.
Context
OSPFv3 supports keychain and HMAC-SHA256 authentications. The following procedure uses
keychain authentication as an example.
Before you configure keychain authentication, run the keychain command to configure a
keychain, the key-id command to configure a key ID, the key-string command to configure a
password, and the algorithm command to configure an algorithm. If these commands are not
run, OSPFv3 authentication fails.
NOTE
By default, authentication is not configured for OSPF process, area or interface. Configuring authentication
is recommended to ensure system security.
Procedure
l Configure OSPFv3 area authentication.
1. Run:
system-view
NOTE
If you use OSPFv3 area authentication, the authentication and password configurations on all
routers in the same area must be the same.
l Configure OSPFv3 process authentication.
1. Run:
system-view
NOTE
----End
Prerequisites
Improvements on OSPFv3 network security have been made.
Procedure
l Run the display gtsm statistics { slot-id | all } command to check GTSM statistics.
----End
Example
Run the display gtsm statistics command. The command output shows GTSM statistics on all
boards, including the total number of OSPFv3 packets, number of received OSPFv3 packets,
and number of discarded OSPFv3 packets.
<HUAWEI> display gtsm statistics all
GTSM Statistics Table
----------------------------------------------------------------
SlotId Protocol Total Counters Drop Counters Pass Counters
----------------------------------------------------------------
0 BGP 0 0 0
0 BGPv6 0 0 0
0 OSPF 0 0 0
0 LDP 0 0 0
0 OSPFv3 0 0 0
0 RIP 0 0 0
----------------------------------------------------------------
Applicable Environment
OSPFv3 supports the network management function. You can bind OSPFv3 MIB and a certain
OSPFv3 process. In addition, OSPFv3 also supports the trap function and the log function.
Pre-configuration Tasks
Before configuring the network management function of OSPFv3, complete the following tasks:
l Configuring IP addresses for interfaces to make neighboring nodes reachable
l Configuring Basic OSPFv3 Functions
Data Preparation
None.
Context
When multiple OSPFv3 processes are enabled, you can configure OSPFv3 MIB to select the
process to be processed, that is, that is, configure OSPFv3 MIB to select the process to which it
is bound.
Procedure
Step 1 Run:
system-view
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
snmp-agent trap enable feature-name ospfv3 {non-excessive all | trap-name
{ authenticationsequencenumberwrap | ifconfigerror | ifrxbadpacket | ifstatechange
| lastauthenticationkeyexpiry | nbrrestarthelperstatuschange | nbrstatechange |
nssatranslatorstatuschange | restartstatuschange | virtifconfigerror |
virtifrxbadpacket | virtifstatechange | virtnbrrestarthelperstatuschange |
virtnbrstatechange } }
To enable all non-excessive traps of OSPFv3 module, you can run the non-excessive all
command; to enable the traps of one or more events, you can specify type-name.
----End
Prerequisites
The Network Management Function of OSPFv3 has been configured.
Procedure
l Run the display current-configuration command to check the configuration parameters
currently validated on the router.
l Run the display snmp-agent trap feature-name ospfv3 all command to view all trap
messages of the OSPFv3 module.
----End
Context
NOTICE
The OSPFv3 adjacency is removed when you reset the OSPFv3 connection by using the reset
ospfv3 command. Exercise caution when running this command.
After modifying the OSPFv3 routing policy or protocol, reset the OSPFv3 connection to validate
the modification. To reset OSPFv3 connections, run the following reset ospfv3 command in the
user view.
Procedure
l To validate the new configuration, run the following commands:
– reset ospfv3 { process-id | all } [ graceful-restart [ extend-period period ] ]
– reset ospfv3 { process-id | all } counters [ neighbor [ interface-type interface-
number ] [ router-id ] ]
----End
Follow-up Procedure
NOTE
This document takes interface numbers and link types of the NE40E-X8 as an example. In working
situations, the actual interface numbers and link types may be different from those used in this document.
Networking Requirements
As shown in Figure 6-1, all routers run OSPFv3. The entire autonomous system is divided into
three areas. Router B and Router C serve as ABRs to forward the inter-area routes.
It is required that Area 2 be configured as a stub area to decrease the LSAs advertised to this
area, without affecting route reachability.
Area0
POS1/0/0
RouterB 2001:DB8:1::1/64 RouterC
POS1/0/0
2001:DB8:1::2/64
POS2/0/0 POS2/0/0
2001:DB8:2::1/64 2001:DB8:3::1/64
POS2/0/0 POS2/0/0
2001:DB8:2::2/64 2001:DB8:3::2/64
RouterA RouterD
GE3/0/0
2001:DB8:4::1/64
Area2
Area1 Stub
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable basic OSPFv3 function on each router.
2. Configure Area 2 as a stub area and check the OSPFv3 routing table of Router D.
3. Configure Area 2 as a totally stub area and check the OSPFv3 routing table of Router D.
Data Preparation
To complete the configuration, you need the following data:
l Router ID of Router A as 1.1.1.1 of Area 1
l Router ID of Router B as 2.2.2.2 of Areas 0 and 1
l Router ID of Router C as 3.3.3.3 of Areas 0 and 2
l Router ID of Router D as 4.4.4.4 of Area 2
Procedure
Step 1 Assign an IPv6 address for each interface.
For configuration details, see "Configuration Files" in this section.
Step 2 Configure basic OSPFv3 functions.
# Configure Router A.
[RouterA] ipv6
[RouterA] ospfv3
[RouterA-ospfv3-1] router-id 1.1.1.1
[RouterA-ospfv3-1] quit
# Configure Router B.
[RouterB] ipv6
[RouterB] ospfv3
[RouterB-ospfv3-1] router-id 2.2.2.2
[RouterB-ospfv3-1] quit
[RouterB] interface pos1/0/0
[RouterB-Pos1/0/0] ospfv3 1 area 0
[RouterB-Pos1/0/0] quit
[RouterB] interface pos2/0/0
[RouterB-Pos2/0/0] ospfv3 1 area 1
[RouterB-Pos2/0/0] quit
# Configure Router C.
[RouterC] ipv6
[RouterC] ospfv3
[RouterC-ospfv3-1] router-id 3.3.3.3
[RouterC-ospfv3-1] quit
[RouterC] interface pos 1/0/0
[RouterC-Pos1/0/0] ospfv3 1 area 0
[RouterC-Pos1/0/0] quit
[RouterC] interface pos 2/0/0
[RouterC-Pos2/0/0] ospfv3 1 area 2
[RouterC-Pos2/0/0] quit
# Configure Router D.
[RouterD] ipv6
[RouterD] ospfv3
[RouterD-ospfv3-1] router-id 4.4.4.4
[RouterD-ospfv3-1] quit
[RouterD] interface pos 2/0/0
[RouterD-Pos2/0/0] ospfv3 1 area 2
[RouterD-Pos2/0/0] quit
# Configure the stub area of Router C, and set the cost of the default route advertised to the stub
area to 10.
[RouterC] ospfv3
[RouterC-ospfv3-1] area 2
[RouterC-ospfv3-1-area-0.0.0.2] stub
[RouterC-ospfv3-1-area-0.0.0.2] default-cost 10
[RouterC-ospfv3-1-area-0.0.0.2] quit
# Display the OSPFv3 routing table of Router D, and you can view a new default route in the
routing table. Its cost is the sum of the cost of the directly connected routes and the configured
cost.
[RouterD] display ospfv3 routing
Codes : E2 - Type 2 External, E1 - Type 1 External, IA - Inter-Area,
N - NSSA, U - Uninstalled, D - Denied by Import Policy
OSPFv3 Process (1)
OSPFv3 Process (1)
Destination Metric
Next-hop
IA ::/0 11
via FE80::1572:0:5EF4:1, Pos2/0/0
IA 2001:DB8:1::/64 2
via FE80::1572:0:5EF4:1, Pos2/0/0
IA 2001:DB8:2::/64 3
via FE80::1572:0:5EF4:1, Pos2/0/0
2001:DB8:3::/64 1
directly-connected, Pos2/0/0
IA 2001:DB8:4::/64 4
via FE80::1572:0:5EF4:1, Pos2/0/0
# Display the OSPFv3 routing table of Router D, and you can view that the entries in the routing
table decrease; other non-directly connected routes are suppressed; only the default route is
reserved.
[RouterD] display ospfv3 routing
Codes : E2 - Type 2 External, E1 - Type 1 External, IA - Inter-Area,
N - NSSA, U - Uninstalled, D - Denied by Import Policy
OSPFv3 Process (1)
OSPFv3 Process (1)
Destination Metric
Next-hop
IA ::/0 11
via FE80::1572:0:5EF4:1, Pos2/0/0
2001:DB8:3::/64 1
directly-connected, Pos2/0/0
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
ipv6
#
interface GigabitEthernet3/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:DB8:4::1/64
ospfv3 1 area 0.0.0.1
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ipv6 enable
ipv6 address 2001:DB8:2::2/64
ospfv3 1 area 0.0.0.1
#
ospfv3 1
router-id 1.1.1.1
#
return
router-id 2.2.2.2
#
return
Networking Requirements
In Figure 6-2, Router A has a DR priority of 100, which is the highest in the network, so it is
elected as the DR. Router C has the second highest priority, so it is elected as the BDR. The
priority of Router B is 0 so that it cannot be elected as the DR. Router D does not have a priority
and the priority is 1 by default.
GE1/0/0 GE1/0/0
2001:DB8::1/64 2001:DB8::2/64
GE1/0/0 GE1/0/0
2001:DB8::3/64 2001:DB8::4/64
RouterC RouterD
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the router ID on each router, enable OSPFv3, and specify the network segment.
2. Check the DR/BDR status with the default priority.
3. Configure the DR priority on the interface and check the DR/BDR status.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Assign an IPv6 address for each interface.
[RouterB] ipv6
[RouterB] ospfv3
[RouterB-ospfv3-1] router-id 2.2.2.2
[RouterB-ospfv3-1] quit
[RouterB] interface GigabitEthernet 1/0/0
[RouterB-GigabitEthernet1/0/0] ospfv3 1 area 0
[RouterB-GigabitEthernet1/0/0] quit
# Display the neighbors of Router A. You can view the DR priority (its default value is 1) and
the neighbor status. Router D is the DR and Router C is the BDR.
NOTE
The router with the greater router ID is the DR when routers have the same priority. If a certain Ethernet
interface of a router becomes a DR, the other broadcast interfaces of the router have the highest priority in
DR election. That is, the DR router is elected as the DR.
[RouterA] display ospfv3 peer
OSPFv3 Process (1)
OSPFv3 Area (0.0.0.0)
Neighbor ID Pri State Dead Time Interface Instance ID
2.2.2.2 1 2-Way/DROther 00:00:32 GE1/0/0 0
3.3.3.3 1 Full/Backup 00:00:36 GE1/0/0 0
4.4.4.4 1 Full/DR 00:00:38 GE1/0/0 0
# Display the neighbors of Router D, and you can view that all neighbors of Router D are in the
Full state.
[RouterD] display ospfv3 peer
OSPFv3 Process (1)
OSPFv3 Area (0.0.0.0)
Neighbor ID Pri State Dead Time Interface Instance ID
1.1.1.1 1 Full/DROther 00:00:32 GE1/0/0 0
2.2.2.2 1 Full/DROther 00:00:35 GE1/0/0 0
3.3.3.3 1 Full/Backup 00:00:30 GE1/0/0 0
[RouterB-GigabitEthernet1/0/0] quit
# Display the neighbors of Router A, and you can view that the DR priority is updated and the
DR and BDR remain unchanged.
[RouterA] display ospfv3 peer
OSPFv3 Process (1)
OSPFv3 Area (0.0.0.0)
Neighbor ID Pri State Dead Time Interface Instance ID
2.2.2.2 0 2-Way/DROther 00:00:34 GE1/0/0 0
3.3.3.3 2 Full/Backup 00:00:38 GE1/0/0 0
4.4.4.4 1 Full/DR 00:00:31 GE1/0/0 0
# Display the neighbors of Router D, and you can view that Router D remains as the DR.
[RouterD] display ospfv3 peer
OSPFv3 Process (1)
OSPFv3 Area (0.0.0.0)
Neighbor ID Pri State Dead Time Interface Instance ID
1.1.1.1 100 Full/DROther 00:00:36 GE1/0/0 0
2.2.2.2 0 Full/DROther 00:00:30 GE1/0/0 0
3.3.3.3 2 Full/Backup 00:00:36 GE1/0/0 0
# Display the neighbors of Router D, and you can view that Router A is the DR.
[RouterD] display ospfv3 peer
OSPFv3 Process (1)
OSPFv3 Area (0.0.0.0)
Neighbor ID Pri State Dead Time Interface Instance ID
1.1.1.1 100 Full/DR 00:00:39 GE1/0/0 0
2.2.2.2 0 2-Way/DROther 00:00:35 GE1/0/0 0
3.3.3.3 2 Full/Backup 00:00:39 GE1/0/0 0
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
ipv6
#
interface GigabitEthernet1/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:DB8::1/64
ospfv3 1 area 0.0.0.0
ospfv3 dr-priority 100
#
ospfv3 1
router-id 1.1.1.1
#
return
Networking Requirements
As shown in Figure 6-3, all the routers run OSPFv3, and the entire autonomous system is divided
into three areas. Both Router B and Router C serve as ABRs to forward routes between areas.
Area 2 is not connected to the backbone Area 0 directly. Area 1 is the transmit area that connects
Area 0 and Area 2.
It is required to configure a virtual link in Area 1 on Router B and Router C by the virtual link,
making the route from Router A to Router D reachable.
Area1
RouterB POS2/0/0 RouterC
2001:DB8:1::1/64
POS1/0/0
POS1/0/0 2001:DB8:1::2/64 POS2/0/0
2001:DB8:2::1/64 2001:DB8:3::1/64
POS1/0/0 POS1/0/0
2001:DB8:2::2/64 2001:DB8:3::2/64
RouterA RouterD
Area2 Area0
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Assign an IP address for each interface.
For configuration details, see "Configuration Files" in this section.
Step 2 Configure basic OSPFv3 functions.
# Enable OSPFv3 on Router A and set its Router ID to 1.1.1.1.
[RouterA] ipv6
[RouterA] ospfv3
[RouterA-ospfv3-1] router-id 1.1.1.1
[RouterA-ospfv3-1] quit
[RouterA] interface Pos 1/0/0
[RouterA-Pos1/0/0] ospfv3 1 area 2
[RouterA-Pos1/0/0] quit
# Display the OSPFv3 routing table of Router C, and you can find that there is no routing
information of Area 2 in the routing table.
[RouterC] display ospfv3 routing
OSPFv3 Process (1)
Destination Metric
Next-hop
2001:DB8:1::/64 1
directly-connected, Pos1/0/0
2001:DB8:3::/64 1
directly-connected, Pos2/0/0
# Configure Router B.
[RouterB] ospfv3
[RouterB-ospfv3-1] area 1
[RouterB-ospfv3-1-area-0.0.0.1] vlink-peer 3.3.3.3
[RouterB-ospfv3-1-area-0.0.0.1] quit
# Configure Router C.
[RouterC] ospfv3
[RouterC-ospfv3-1] area 1
[RouterC-ospfv3-1-area-0.0.0.1] vlink-peer 2.2.2.2
[RouterC-ospfv3-1-area-0.0.0.1] quit
NOTE
After a virtual link is configured, Area 2 is connected to Area 0 through the virtual link. So the route to
Area 2 is contained in the routing table of Router C.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
ipv6
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ipv6 enable
ipv6 address 2001:DB8:2::2/64
ospfv3 1 area 0.0.0.2
#
ospfv3 1
router-id 1.1.1.1
#
return
sysname RouterB
#
ipv6
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ipv6 enable
ipv6 address 2001:DB8:2::1/64
ospfv3 1 area 0.0.0.2
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ipv6 enable
ipv6 address 2001:DB8:1::1/64
ospfv3 1 area 0.0.0.1
#
ospfv3 1
router-id 2.2.2.2
area 0.0.0.1
vlink-peer 3.3.3.3
#
return
#
return
Networking Requirements
As shown in Figure 6-4, Router A, Router B, and Router C are in the same OSPFv3 area. They
are interconnected through OSPFv3 and provide GR.
After the OSPFv3 neighbor relationship is set up between Router A, Router B, and Router C,
the three routers exchanges routing information. When OSPFv3 on Router A restarts, Router A
synchronizes routing information with its neighbors through GR.
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Assign an IPv6 address for each interface.
[RouterA-ospfv3-100] quit
# Run the display ipv6 fib 6 command on Router A to display the forwarding information table
(FIB).
<RouterA> display ipv6 fib 1
FIB Table:
Total number of Routes : 2
Destination: 2001:DB8:1:: PrefixLength: 64
NextHop : 2001:DB8:1::1 Flag : U
Label : NULL Tunnel ID : 0
TimeStamp : Date- 25:6:2007, Time- 17:31:46 reference : 1
Interface : Pos1/0/0
Destination: 2001:DB8:2:: PrefixLength: 64
NextHop : FE80::200:1FF:FE00:200 Flag : DGU
Label : NULL Tunnel ID : 0
TimeStamp : Date- 26:6:2007, Time- 14:6:3 reference : 1
Interface : Pos1/0/0
# Run the display ipv6 fib 1 command on Router A to view the FIB.
<RouterA> display ipv6 fib 1
FIB Table:
Total number of Routes : 1
Destination: 2001:DB8:1:: PrefixLength : 64
NextHop : 2001:DB8:1::1 Flag : U
Label : NULL Tunnel ID : 0
TimeStamp : Date- 25:6:2007, Time- 17:31:46 reference : 1
Interface : Pos1/0/0
From the preceding display, you can find that the FIB on Router A changes and services are
affected.
# Run the display ipv6 fib 6 command on Router A to view the FIB and check whether GR
works normally. If GR works normally, the FIB does not change and services are not interrupted
when Router A restarts the OSPFv3 process in GR mode.
<RouterA> display ipv6 fib 1
FIB Table:
Total number of Routes : 2
Destination: 2001:DB8:1:: PrefixLength : 64
NextHop : 2001:DB8:1::1 Flag : U
Label : NULL Tunnel ID : 0
TimeStamp : Date- 25:6:2007, Time- 17:31:46 reference : 1
Interface : Ethernet3/2/0
Destination: 2001:DB8:2:: PrefixLength : 64
NextHop : FE80::200:1FF:FE00:200 Flag : DGU
Label : NULL Tunnel ID : 0
TimeStamp : Date- 26:6:2007, Time- 14:6:3 reference : 1
Interface : Ethernet3/2/0
From the preceding display, you can find that the FIB on Router A does not change and services
are not affected.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
ipv6
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ipv6 enable
ipv6 address 2001:DB8:1:1/64
ospfv3 100 area 0.0.0.0
#
ospfv3 100
router-id 1.1.1.1
graceful-restart
#
return
#
return
Networking Requirements
As shown in Figure 6-5, it is required as follows:
GE1/0/1 GE1/0/0
2001:DB8:3::3/64 2001:DB8:2::2/64
RouterC
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Assign an IPv6 address to each router interface.
# Configure Router A.
[RouterA] ipv6
[RouterA] ospfv3
[RouterA-ospfv3-1] router-id 1.1.1.1
[RouterA-ospfv3-1] quit
[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] ipv6 enable
[RouterA-GigabitEthernet1/0/0] ospfv3 1 area 0
[RouterA-GigabitEthernet1/0/0] quit
[RouterA] interface gigabitethernet 1/0/1
[RouterA-GigabitEthernet1/0/1] ipv6 enable
[RouterA-GigabitEthernet1/0/1] ospfv3 1 area 0.0.0.0
[RouterA-GigabitEthernet1/0/1] quit
# Configure Router B.
[RouterB] ipv6 enable
[RouterB] ospfv3 1
[RouterB-ospfv3-1] router-id 2.2.2.2
[RouterB-ospfv3-1] quit
[RouterB] interface gigabitethernet 1/0/0
[RouterB-GigabitEthernet1/0/0] ipv6 enable
[RouterB-GigabitEthernet1/0/0] ospfv3 1 area 0.0.0.0
[RouterB-GigabitEthernet1/0/0] quit
[RouterB] interface gigabitethernet 1/0/1
[RouterB-GigabitEthernet1/0/1] ipv6 enable
[RouterB-GigabitEthernet1/0/1] ospfv3 1 area 0.0.0.0
[RouterB-GigabitEthernet1/0/1] quit
[RouterB] interface gigabitethernet 1/0/2
[RouterB-GigabitEthernet1/0/2] ipv6 enable
[RouterB-GigabitEthernet1/0/2] ospfv3 1 area 0.0.0.0
# Configure Router C.
[RouterC] ospfv3 1
[RouterC-ospfv3-1] router-id 3.3.3.3
[RouterC-ospfv3-1] quit
[RouterC] interface gigabitethernet 1/0/0
[RouterC-GigabitEthernet1/0/0] ipv6 enable
[RouterC-GigabitEthernet1/0/0] ospfv3 1 area 0.0.0.0
[RouterC-GigabitEthernet1/0/0] quit
[RouterC] interface gigabitethernet 1/0/1
[RouterC-GigabitEthernet1/0/1] ipv6 enable
[RouterC-GigabitEthernet1/0/1] ospfv3 1 area 0.0.0.0
# After the preceding configurations are complete, run the display ospfv3 peer command. You
can view that the neighboring relationship is set up between Router A and Router B, and that
between Router B and Router C. Take the display of Router A as an example:
[RouterA] display ospfv3 peer verbose
OSPFv3 Process (1)
Neighbor 2.2.2.2 is Full, interface address FE80::E0:CE19:8142:1
In the area 0.0.0.0 via interface GE1/0/0
DR Priority is 1 DR is 2.2.2.2 BDR is 1.1.1.1
Options is 0x000013 (-|R|-|-|E|V6)
Dead timer due in 00:00:34
Neighbour is up for 01:30:52
# Display the information in the OSPFv3 routing table on Router A. You can view the routing
entries to Router B and Router C.
[RouterA] display ospfv3 routing
Codes : E2 - Type 2 External, E1 - Type 1 External, IA - Inter-Area,
N - NSSA, U - Uninstalled, D - Denied by Import Policy
OSPFv3 Process (1)
Destination Metric
Next-hop
2001:DB8:1::/64 1
directly connected, GigabitEthernet1/0/0
2001:DB8:2::/64 2
via FE80::E0:9C69:8142:2, GigabitEthernet1/0/1
via FE80::E0:CE19:8142:1, GigabitEthernet1/0/0
2001:DB8:3::/64 1
directly connected, GigabitEthernet1/0/1
2001:DB8:4::1/64 1
via FE80::E0:CE19:8142:1, GigabitEthernet1/0/0
As shown in the OSPFv3 routing table, the next hop address of the route to 2001:DB8:4::1/64
is GigabitEthernet1/0/0 and traffic is transmitted on the active link Router A → Router B.
# After the preceding configurations are complete, run the display ospfv3 bfd session command
on Router A or Router B. You can view that the status of the BFD session is Up.
# Run the shutdown command on GE 1/0/0 of Router B to simulate the active link failure.
[RouterB] interface gigabitethernet1/0/0
[RouterB-GigabitEthernet1/0/0] shutdown
# Display the routing table on Router A. The standby link Router A → Router C → Router B
takes effect after the active link fails. The next hop address of the route to 2001:DB8:4::1/64
becomes GigabitEthernet1/0/1.
<RouterA> display ospfv3 routing
Codes : E2 - Type 2 External, E1 - Type 1 External, IA - Inter-Area,
N - NSSA, U - Uninstalled, D - Denied by Import Policy
OSPFv3 Process (1)
Destination Metric
Next-hop
2001:DB8:1::/64 1
directly connected, GigabitEthernet1/0/0
2001:DB8:2::/64 2
via FE80::E0:9C69:8142:2, GigabitEthernet1/0/1
2001:DB8:3::/64 1
directly connected, GigabitEthernet1/0/1
2001:DB8:4::1/64 2
via FE80::E0:9C69:8142:2, GigabitEthernet1/0/1
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
ipv6
#
bfd
#
ospfv3 1
router-id 1.1.1.1
bfd all-interfaces enable
bfd all-interfaces min-transmit-interval 100 min-receive-interval 100 detect-
multiplier 4
#
interface gigabitethernet1/0/0
ipv6 enable
ipv6 address 2001:DB8:1::3/64
ospfv3 1 area 0.0.0.0
#
interface gigabitethernet1/0/1
ipv6 enable
ipv6 address 2001:DB8:3::1/64
ospfv3 1 area 0.0.0.0
#
return
sysname RouterC
#
ipv6
#
ospfv3 1
router-id 3.3.3.3
bfd all-interfaces enable
bfd all-interfaces min-transmit-interval 100 min-receive-interval 100 detect-
multiplier 4
#
interface gigabitethernet1/0/0
ipv6 enable
ipv6 address 2001:DB8:2::2/64
ospfv3 1 area 0.0.0.0
#
interface gigabitethernet1/0/1
ipv6 enable
ipv6 address 2001:DB8:3::3/64
ospfv3 1 area 0.0.0.0
#
return
Networking Requirements
As shown in Figure 6-6, RouterA and RouterB run Open Shortest Path First version 3 (OSPFv3)
and are reachable. If no authentication mechanism is configured, IP packets along the route
between RouterA and RouterB may be modified or faked, causing neighbor relationships
between RouterA and RouterB to be interrupted or incorrect routes to be imported.
To prevent such attacks, IPSec can be configured between RouterA and RouterB to protect
OSPFv3 packets during transmission. ESP is configured as the security protocol, and SHA-1 is
configured as the authentication algorithm.
RouterA RouterB
GE1/0/1 GE1/0/1
Internet
2001:DB8:100::1/64 2001:DB8:100::2/64
Configuration Roadmap
The configuration roadmap is as follows:
3. Configure an SA and apply a proposal to SA, define inbound and outbound parameters
which include SPI and keys.
4. Apply the SA to the OSPFv3 process to protect OSPFv3 packets between RouterA and
RouterB.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure OSPFv3 on RouterA and RouterB.
# Configure RouterA.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] ospfv3 1
[RouterA-ospfv3-1] router-id 1.1.1.1
[RouterA-ospfv3-1] area 1
[RouterA-ospfv3-1-area-0.0.0.1] quit
[RouterA-ospfv3-1] quit
# Configure RouterB.
<HUAWEI> system-view
[HUAWEI] sysname RouterB
[RouterB] ospfv3 1
[RouterB-ospfv3-1] router-id 2.2.2.2
[RouterB-ospfv3-1] area 1
[RouterB-ospfv3-1-area-0.0.0.1] quit
[RouterB-ospfv3-1] quit
# Configure RouterB.
[RouterB] interface gigabitethernet1/0/1
[RouterB-GigabitEthernet1/0/1] ipv6 enable
# Run the display ipsec proposal command on RouterA and RouterB to view configurations.
Use the display on RouterA as an example.
[RouterA] display ipsec proposal
Total IP security proposal number: 1
IP security proposal name: proposal1
encapsulation mode: transport
transform: esp-new
ESP protocol: authentication MD5-HMAC-96, not use encryption
Step 5 Configure SPIs and authentication keys in the string format on RouterA and RouterB.
# Run the display ipsec sa command on RouterA and RouterB to view configurations. Use the
display on RouterA as an example.
[RouterA] display ipsec sa
Total IP security association number: 1
IP security association name: sa1
Number of references: 1
proposal name: proposal1
inbound AH setting:
AH spi:
AH string-key:
AH authentication hex key:
inbound ESP setting:
ESP spi: 12345 (0x3039)
ESP string-key: b{br9\zi%X+/Y@:Y>Lw(L\v#
ESP encryption hex key:
ESP authentication hex key:
outbound AH setting:
AH spi:
AH string-key:
AH authentication hex key:
outbound ESP setting:
ESP spi: 12345 (0x3039)
ESP string-key: D0>GQf"}w2@X,k6.E\Z,z\{#
ESP encryption hex key:
ESP authentication hex key:
# Run the display ipsec statistics command to view statistics about incoming and outgoing
packets processed by IPSec and detailed information about dropped packets. If statistics about
incoming and outgoing packets processed by IPSec are displayed, the configuration succeeds.
For example:
[RouterA] display ipsec statistics
IPv6 security packet statistics:
input/output security packets: 184/19
input/output security bytes: 13216/1312
input/output dropped security packets: 0/0
dropped security packet detail:
memory process problem: 0
can't find SA: 0
queue is full: 0
authentication is failed: 0
wrong length: 0
replay packet: 0
too long packet: 0
invalid SA: 0
policy deny: 0
the normal packet statistics:
input/output dropped normal packets: 0/0
----End
Configuration Files
l Configuration file of RouterA
#
sysname RouterA
#
ipsec proposal proposal1
encapsulation-mode transport
esp authentication-algorithm sha1
undo esp encryption-algorithm
#
ipsec sa sa1
proposal proposal1
sa spi inbound esp 12345
sa string-key inbound esp %@%@%#%#b{br9\zi%X+/Y@:Y>Lw(L\v#%@%@%#%#
sa spi outbound esp 12345
sa string-key outbound esp %@%@%#%#D0>GQf"}w2@X,k6.E\Z,z\{#%@%@%#%#
#
ospfv3 1
router-id 1.1.1.1
ipsec sa sa1
area 0.0.0.1
#
interface GigabitEthernet1/0/1
undo shutdown
ipv6 enable
ipv6 address 2001:DB8:100::1/64
ospfv3 1 area 0.0.0.1
#
router-id 2.2.2.2
ipsec sa sa2
area 0.0.0.1
#
interface GigabitEthernet1/0/1
undo shutdown
ipv6 enable
ipv6 address 2001:DB8:100::2/64
ospfv3 1 area 0.0.0.1
#
7 IS-IS Configuration
This chapter describes the basic principle of IS-IS and procedures for configuring IS-IS, and
provides configuration examples.
7.1 Introduction
By building IS-IS networks, you can enable IS-IS to discover and calculate routes in ASs.
7.2 Configuring Basic IPv4 IS-IS Functions
This section describes the procedures for configuring basic IPv4 IS-IS functions, including the
procedures for configuring IS-IS processes and interfaces, to implement communication
between nodes on an IPv4 IS-IS network.
7.3 Establishing or Maintaining IS-IS Neighbor Relationships or Adjacencies
This section describes how to configure the parameters that affect the IS-IS neighbor
relationship.
7.4 Configuring IPv4 IS-IS Route Selection
Configuring IS-IS route selection can achieve refined control over route selection.
7.5 Configuring IPv4 IS-IS Route Summarization
To improve the route searching efficiency and simplify route management on a large-scale IS-
IS network, configure IS-IS route summarization to reduce the number of IS-IS routes in a
routing table.
7.6 Configuring IPv4 IS-IS to Interact with Other Routing Protocols
If other routing protocols are configured on an IS-IS network, you need to configure IS-IS to
interact with these protocols to ensure successful communication between them.
7.7 Configuring the IPv4 IS-IS Route Convergence Speed
Accelerating IS-IS route convergence can improve the fault location efficiency and improve the
network reliability.
7.8 Configuring Static BFD for IPv4 IS-IS
BFD can provide link failure detection featuring light load and high speed (at the millisecond
level). Static BFD can be configured to monitor IS-IS links.
7.9 Configuring Dynamic BFD for IPv4 IS-IS
Dynamic BFD for IPv4 IS-IS can accelerate IS-IS route convergence.
7.1 Introduction
By building IS-IS networks, you can enable IS-IS to discover and calculate routes in ASs.
IS-IS Areas
To support large-scale networks, the IS-IS adopts a two-level structure in a Routing Domain
(RD). A large RD is divided into one or more areas. The intra-area routes are managed by the
Level-1 routers, whereas the inter-area routes are managed by the Level-2 routers.
Figure 7-1 shows an IS-IS network. Its topology is similar to that of a multi-area OSPF network.
Area 1 is a backbone area. All routers in this area are Level-2 routers. The other four areas are
non-backbone areas. They are connected to Area 1 through Level-1-2 routers.
Area2 Area3
L1 L1/2
L1/2
L2
L2 Area1
L2 L2
Area5
Area4
L1/2
L1/2 L1
L1 L1 L1 L1
Figure 7-2 shows another type of IS-IS topology. The Level-1-2 routers are used to connect the
Level-1 and the Level-2 routers, and are used to establish the backbone network together with
the other Level-2 routers.The IS-IS backbone network does not refer to a specific area, in this
topology, no area is specified as a backbone area. All the Level-2 routers constitute an IS-IS
backbone network. The devices may belong to different areas, but the areas must be successive.
Area1
L1
L1
L2
Area2
L1/L2
L1/L2
Area4 L1
L2
L2 Area3
This type of networking shows differences between IS-IS and OSPF. For OSPF, the inter-area
routes are forwarded by the backbone area and the SPF algorithm is used in the same area. For
IS-IS, both Level-1 routers and Level-2 routers use the SPF algorithm to generate Shortest Path
Trees (SPTs).
Network Types
IS-IS supports only two network types, which can classify as follows according to physical links:
l Broadcast links such as Ethernet and Token-Ring.
l Point-to-point links such as PPP and HDLC.
NOTE
For a Non-Broadcast Multi-Access (NBMA) network such as ATM, you need to configure sub-interfaces
for it. The type of subnets cannot be Point-to-Multipoint (P2MP). IS-IS cannot run on P2MP networks.
l Multi-process
Multi-process allows a group of interfaces to be associated with a specific IS-IS process.
This ensures that the specific IS-IS process performs all the protocol-based operations only
on the group of interfaces. Multiple IS-IS processes can run on a single router and each
process is responsible for a unique group of interfaces.
l Multi-instance
After the VPN feature is enabled, multi-instance allows an IS-IS process to be associated
with a specific VPN instance so that all the interfaces of this IS-IS process will be associated
with the VPN instance.
IS-IS HSB
The router of a distributed architecture supports IS-IS HSB. In the IS-IS HSB process, IS-IS
backs up data from the active main board (AMB) to the standby main board (SMB). Whenever
the AMB fails, the SMB becomes active. This ensures uninterrupted running of IS-IS.
In the IS-IS HSB process, IS-IS configurations on the AMB and the SMB are consistent. After
a master/slave AMB/SMB switchover, IS-IS on the current AMB performs GR, obtains
adjacencies from its neighbors, and synchronizes its link state database (LSDB) with the LSDB
on the SMB. This prevents service interruption.
Local MT
When multicast and Multi-Protocol Label Switching (MPLS) TE tunnels are deployed on a
network, multicast may be affected by TE tunnels, which causes multicast services to become
unavailable.
This is because the outbound interface of a route calculated by an Interior Gateway Protocol
(IGP) may not be the actual physical interface but a TE tunnel interface after the TE tunnel is
enabled with IGP Shortcut. Based on the unicast route to the multicast source address, a
router sends a Join message through a TE tunnel interface. In this situation, routers spanned by
the TE tunnel cannot detect the Join message, so they do not create any multicast forwarding
entry. A TE tunnel is unidirectional, so multicast data packets sent by the multicast source are
sent to the routers spanned by the tunnel through physical interfaces. These routers discard the
multicast data packets, because they do not have any multicast forwarding entry. As a result,
services become unavailable.
To solve this problem, you can enable local MT to create a separate Multicast IGP (MIGP)
routing table for multicast packets.
NOTE
For details about local MT, see the IS-IS Local MT of "IS-IS" chapter in the HUAWEI NetEngine80E/
40E Router Feature Description-IP Routing.
IS-IS MT
IS-IS MT, a set of independent IP topologies, is an optional mechanism within IS-ISs used today
by many ISPs for IGP routing. This MT extension can be used for a variety of purposes, such
as an in-band management network "on top" of the original IGP topology, maintaining separate
IGP routing domains for isolated multicast or IPv6 islands within the backbone, or forcing a
subset of an address space to follow a different topology. Complying with RFC 5120, IS-IS MT
defines new type-length-values (TLVs) in IS-IS packets to transmit multi-topology information.
A physical network can be divided into different logical topologies as needed. Each logical
topology maintains its own routing table and uses the Shortest Path First (SPF) algorithm to
calculate routes. Traffic of different services (including traffic of different IP topologies) can be
forwarded along different paths. With logical topologies, IS-IS MT can help customers better
utilize network resources and reduce network construction costs.
For details about IS-IS MT, see the IS-IS MT of "IS-IS" chapter in the HUAWEI NetEngine80E/
40E Router Feature Description-IP Routing.
IS-IS GR
GR is a function used to restart a router gracefully. It ensures uninterrupted traffic forwarding
during the restart of a router in a short time.
If IS-IS restarts in a non-graceful mode, IS-IS sessions are reset and Link State Protocol Data
Units (LSPs) are regenerated and flooded. This triggers the SPF calculation in the entire area,
which causes route flapping and forwarding interruption in the area. The IETF defines IS-IS GR
in RFC 3847, in which the specifications of protocol restart with FIB tables reserved and
unreserved are stated.
NOTE
For details about IS-IS GR, see the "IS-IS" chapter in the HUAWEI NetEngine80E/40E Router Feature
Description-IP Routing.
IS-IS TE
IS-IS TE supports MPLS to set up and maintain the label switched paths (LSPs).
When establishing constraint-based routed (CR) LSPs, MPLS needs to learn the traffic attributes
of all the links in the local area. CR-LSPs can acquire the TE information of the links using IS-
IS.
NOTE
For details about IS-IS TE, see the HUAWEI NetEngine80E/40E Router Configuration Guide-MPLS.
All the other LSPs referred to in this chapter are link state protocol data units. Differentiate the two
acronyms.
Administrative Tag
The use of administrative tags simplifies management. Administrative tags can advertise IP
address prefixes in the IS-IS area to control routes. The administrative tag carries the
administrative information about an IP address prefix. It is used to control the routes of different
levels and routes imported from different areas, various routing protocols, multiple IS-IS
instances running on a router, and carrying of tags.
Each administrative tag is associated with certain attributes. If the prefix of the reachable IP
address to be advertised by IS-IS has this attribute, IS-IS adds the administrative tag to the
reachability TLV in the prefix. In this manner, the tag is advertised throughout the entire IS-IS
area.
The IS-IS fragment extension feature allows an IS-IS device to generate more LSP fragments.
To implement this feature, you can use the network manager to configure additional system IDs
for the router. Each system ID represents a virtual system, which can generate 256 LSP
fragments. With more additional system IDs (up to 50 virtual systems), an IS-IS device can
generate a maximum of 13056 LSP fragments.
It is a virtual system for generating extended LSP fragments. Each virtual system has a
unique additional system ID, and each extended LSP fragment carries an additional
system ID.
l Operating mode
An IS-IS device can run the LSP fragment extension feature in the following modes:
– Mode 1: The originating system sends a link to each virtual system. Then each virtual
system sends a link to the originating system. The virtual systems function as the
routers that are connected to the originating system on the network. This mode is used
when some routers on the network do not support the LSP fragment extension feature.
In this mode, only the routing information can be advertised in the LSPs of the virtual
systems.
– Mode 2: All the routers on the network can learn that the LSPs generated by the virtual
systems actually belong to the originating system. This mode is used when all the
routers on the network support the LSP fragment extension feature. In this mode, all
link state information can be advertised in the LSPs of the virtual systems.
The dynamic host name exchange mechanism also provides a service to associate a host name
with the designated intermediate system (DIS) on a broadcast network. Then LSPs of pseudo
nodes advertise this association in the form of a dynamic host name TLV.
It is easier to identify and memorize the host name than the system ID. After this function is
configured, the host name will display when display command is used.
On a large-scale IS-IS network, you can configure route summarization to reduce the number
of IS-IS routes in the routing table. This improves the usage of system resources and facilitates
route management.
IP network segments are not affected when a link frequently alternates between Up and Down
on an IP network segment. This prevents route flapping and improves the network stability.
Configuring IS-IS load balancing can evenly distribute traffic to each link. This increases the
bandwidth usage of each link and prevents network congestion caused by some overloaded links.
IS-IS load balancing, however, may affect traffic management because traffic will be randomly
forwarded in this mode.
IS-IS Preference
If there are redundant links on an IS-IS network, there may be multiple equal-cost routes.
The router allows you to configure preference values for equal-cost IS-IS routes so that only the
route with the highest preference will be used and the others will function as backups.
This facilitates traffic management, improves the network reliability, and avoids configuration
change.
In real world applications of NE80E/40Es, only I-SPF and PRC are used to calculate IS-IS routes.
l LSP fast flooding
Based on the RFC, when IS-IS receives LSPs from other routers and the LSPs are more
updated than those in its own LSDB, IS-IS uses a timer to flood out the LSPs in the LSDB
at specified intervals. Therefore, the LSDB synchronization is slow.
LSP fast flooding addresses the problem. When a router configured with this feature
receives one or more LSPs, it floods out the LSPs less than the specified number before
route calculation. This accelerates the LSDB synchronization and speeds up network
convergence to the great extent.
l Intelligent timer
Although the route calculation algorithm is improved, the long interval for triggering route
calculation also affects the convergence speed. Using a millisecond timer can shorten the
interval, however, excessive CPU resources will be consumed if the network topology
changes frequently. An SPF intelligent timer can quickly respond to certain emergent events
and also prevent excessive CPU resource consumption.
An IS-IS network running normally is stable. The network seldom changes frequently, and
an IS-IS device does not calculate routes frequently. Therefore, you can set a short interval
(in milliseconds) for triggering the route calculation for the first time. If the network
topology changes frequently, the value of the intelligent timer increases with the calculation
times, and the interval for route calculation becomes longer. This prevents excessive CPU
resource consumption.
The LSP generation intelligent timer is similar to the SPF intelligent timer. In IS-IS, when
the LSP generation timer expires, the system regenerates its own LSP according to the
current topology. In the original implementation mechanism, a timer with a fixed value is
used, which, however, cannot meet the requirements on fast convergence and low CPU
usage. Therefore, the LSP generation timer is designed as an intelligent timer so that it can
respond quickly to some emergent events (such as interface alternation between Up and
Down) to speed up network convergence. In addition, when the network changes
frequently, the value of the intelligent timer becomes greater automatically to prevent
excessive CPU resource consumption.
NOTE
Determine whether to configure intelligent timers based on actual network situations and
specifications of deployed routers.
BFD detects only one-hop links between IS-IS neighbors. This is because IS-IS establishes only one-hop
neighbors.
l Static BFD
To configure static BFD, use command lines to configure single-hop BFD parameters, such
as local and remote discriminators. Then configure the device to send BFD session setup
requests.
A static BFD session can only be established and released manually. A configuration error
will lead to a BFD failure. For example, if the configured local discriminator or remote
discriminator is incorrect, a BFD session will not work properly.
The NE80E/40E supports static IPv4 BFD for IS-IS.
l Dynamic BFD
Dynamic BFD refers to the dynamic establishment of BFD sessions using routing protocols.
When a new IS-IS neighbor relationship is set up, BFD is notified of the parameters of the
neighbor and the detection parameters (including source and destination IP addresses).
Then a BFD session will be established based on the received parameters of the neighbor.
Dynamic BFD is more flexible than static BFD.
Connection status between an IS-IS device and its neighbors can be monitored by
exchanging Hello packets at intervals. The sending interval is usually set to 10s, and a
neighbor is declared Down after at least three intervals (during which no response Hello
packet is received from the neighbor). It takes IS-IS some seconds to sense a Down
neighbor, resulting in loss of a large amount of high-speed data.
Dynamic BFD can provide link failure detection with light load and high speed (at the
millisecond level). Dynamic BFD does not take the place of the Hello mechanism of IS-
IS, but helps IS-IS to detect the faults on neighbors or links more quickly, and instruct IS-
IS to recalculate routes to correctly guide packet forwarding.
The NE80E/40E supports dynamic IPv4 and IPv6 BFD for IS-IS.
NOTE
For details about IS-IS GR, see the "IS-IS" chapter in the HUAWEI NetEngine80E/40E Router
Feature Description-IP Routing.
This mechanism has obvious defects. For example, when an adjacency is set up, the unstable
link status causes the loss of Complete Sequence Number Packets (CSNPs). As a result, the
LSDB fails to be synchronized during the update period of an LSP. If two or more links exist
between two routers, an adjacency can still be set up when one link is Down and the other is Up
in the same direction. The parameters of the other link, however, are also used in SPF calculation.
Therouter does not detect any fault of the link that is in the Down state and still tries to forward
packets over this link.
The three-way handshake mechanism addresses the problem on the unreliable P2P link. In three-
way handshake mode, the router regards the neighbor as Up only after confirming that the
neighbor receives the packet that it sends and then sets up an adjacency with the neighbor. In
addition, a 32-bit circuit ID is used in the three-way handshake mechanism, which is an extension
of the local 8-bit circuit ID that defines 255 P2P links.
Applicable Environment
To deploy IS-IS on an IPv4 network, configure basic IS-IS functions to implement
communication between different nodes on the network.
Other IS-IS functions can be configured only after basic IS-IS functions are configured.
Pre-configuration Tasks
Before configuring basic IPv4 IS-IS functions, complete the following tasks:
Data Preparation
To configure basic IPv4 IS-IS functions, you need the following data.
No. Data
1 IS-IS process ID
Context
To create an IPv4 IS-IS process, perform the following operations:
l Create an IS-IS process and configure the NET of a device.
l (Optional) Configure the level of a device.
The level of a device is Level-1-2 by default.
Configure the device level based on the network planning. If no device level is configured,
IS-IS establishes separate neighbor relationships for Level-1 and Level-2 devices and
maintains two identical LSDBs, consuming excessive system resources.
l (Optional) Configure IS-IS host name mapping.
After IS-IS host name mapping is configured, a host name but not the system ID of a device
will display by using display commands. This configuration improves the maintainability
on an IS-IS network.
l (Optional) Enable the output of the IS-IS adjacency status.
If the local terminal monitor is enabled and the output of the IS-IS adjacency status is
enabled, IS-IS adjacency changes will be output to the router until the output of the
adjacency status is disabled.
l (Optional) Enable IS-IS adjacency strict-check.
If both IPv4 and IPv6 are running on a network, and the IPv6 topology type of this network
is standard or compatible, enable IS-IS adjacency strict-check to ensure that an IS-IS
adjacency is established only when both IPv4 and IPv6 go Up. IS-IS adjacency strict-check
improves network reliability and prevents traffic losses.
Procedure
l Create an IS-IS process and configure the NET of a device.
1. Run:
system-view
The process-id parameter specifies the ID of an IS-IS process. The default value of
process-id is 1. To associate an IS-IS process with a VPN instance, run the isis process-
id vpn-instance vpn-instance-name command.
3. Run:
network-entity net
or
network-entity area area-id auto-systemid lsr-id
A NET is configured.
NOTICE
l An area ID is used to uniquely identify an area in the same IS-IS domain. All
routers in the same Level-1 area must share the same area ID, while routers in the
same Level-2 area can have different area IDs.
l The system ID must be unique in the whole area and backbone area.
l A maximum of three area IDs can be configured for an IS-IS process. Therefore,
a maximum of three NETs can be configured. When configuring multiple NETs,
ensure that they share the same system ID.
Configuring loopback interface addresses based on NETs is recommended to ensures
that a NET is unique on the network. If NETs are not unique, route flapping will easily
occur.
System ID used in IS-IS can be obtained in the following way: extend each part of the
IP address to 3 bits, add 0 to the front of any part that is shorter than 3 bits, divide the
extended address into three parts, with each part consisting of four decimal digits, and
the reconstructed address is the system ID.
4. (Optional) Run:
description
IS-IS dynamic host name mapping is configured. The system ID of the local device
is mapped to the specified host name.
The value of symbolic-name is contained in LSP packets and advertised to other IS-
IS devices.
On another IS-IS device displays the value of symbolic-name, but not the system ID,
of the local IS-IS device.
2. Run:
is-name map system-id symbolic-name
IS-IS static host name mapping is configured. The system ID of a peer IS-IS device
is mapped to the specified host name.
This command configuration takes effect only on the local IS-IS device. The value of
symbolic-name will not be added to LSP packets.
If dynamic host name mappings is configured on an IS-IS network, the mappings on
the network overwrite the mappings configured on the local router.
l (Optional) Enable the output of the IS-IS adjacency status.
1. Run:
log-peer-change
Context
The level of an IS-IS device and level of an interface determine the level of a neighbor
relationship. By default, Level-1 and Level-2 neighbor relationships are established between
two Level-1-2 devices. If only one level of neighbor relationships is required, you can configure
the level of an interface to prevent the establishment of the other level of neighbor relationships.
After IS-IS is enabled on an interface, the interface automatically sends Hello packets, attempting
to establish neighbor relationships. If a peer device is not an IS-IS device or an interface is not
expected to send Hello packets, suppress the interface. Then this interface only advertises routes
of the network segment where the interface resides, but does not send Hello packets. This
suppression improves the link bandwidth usage.
Procedure
l Configure an IS-IS interface.
1. Run:
system-view
After this command is run, the IS-IS device uses the specified interface to send Hello
packets and flood LSPs.
NOTE
NOTE
Changing the level of an IS-IS interface is valid only when the level of the IS-IS device is
Level-1-2. If the level of the IS-IS device is not a Level-1-2, the level of the IS-IS device
determines the level of the adjacency to be established.
l (Optional) Suppress an IS-IS interface.
1. Run:
isis silent [ advertise-zero-cost ]
A suppressed IS-IS interface does not send or receive IS-IS packets. The routes of the
network segment where the interface resides, however, can still be advertised to other
routers within the area.
Run:
isis delay-peer track last-peer-expired [ delay-time delay-interval ]
If a new delay-interval is configured and it is less than the remaining time of the ongoing
delay, the new delay-interval takes effect immediately; if the new delay-interval is greater
than the remaining time of the ongoing delay, the ongoing delay continues until the new
delay-interval takes effect at the next delay.
----End
Context
The costs of IS-IS interfaces can be determined in the following modes in descending order by
priority:
If none of the preceding configurations is performed, the default cost of an IS-IS interface is 10,
and the default cost style is narrow.
Procedure
l Configure the IS-IS cost type.
1. Run:
system-view
The cost range of an interface and a route received by the interface vary with the cost type.
– If the cost type is narrow, the cost of an interface ranges from 1 to 63. The maximum
cost of a route received by the interface is 1023.
– If the cost style is narrow-compatible or compatible, the cost of an interface ranges from
1 to 63. The cost of a received route is related to relax-spf-limit.
– If relax-spf-limit is not specified, the cost of a route works as follows:
If the cost of a route is not greater than 1023 and the cost of every interface that the
route passes through is smaller than or equal to 63, the cost of the route received by
the interface is the actual cost.
If the cost of a route is not greater than 1023 but the costs of all interfaces that the
route passes through are greater than 63, the IS-IS device can learn only the routes
to the network segment where the interface resides and the routes imported by the
interface. The cost of the route received by the interface is the actual cost. Subsequent
routes forwarded by the interface are discarded.
If the cost of a route is greater than 1023, the IS-IS device can learn only the interface
whose route cost exceeds 1023 for the first time. That is, the cost of each interface
before this interface is not greater than 63. The routes of the network segment where
the interface resides and the routes imported by the interface can all be learned. The
cost of the route is 1023. Subsequent routes forwarded by the interface are discarded.
– If relax-spf-limit is specified, the cost of a route works as follows:
There is no limit on costs of interfaces or route costs. The cost of a route received
by an interface is the actual cost.
– If the cost style is wide-compatible or wide, the cost of the interface ranges from 1 to
16777215. When the cost is 16777215, the neighbor TLV generated on the link cannot
be used for route calculation but for the transmission of TE information. The maximum
cost of a received route is 0xFFFFFFFF.
l Configure the cost of an IS-IS interface.
1. Run:
system-view
You can use the isis cost command to configure the cost of a specified interface.
l Configure the global IS-IS cost.
1. Run:
system-view
You can use the circuit-cost command to configure the costs of all interfaces at a time.
l Enable IS-IS to automatically calculate interface costs.
1. Run:
system-view
The configuration of the bandwidth reference value takes effect only when the cost type is
wide or wide-compatible. In this case, Cost of each interface = (Value of bandwidth-
reference/Interface bandwidth) x 10.
NOTE
The auto-cost enable command can be run on Eth-Trunk interfaces as same with on physical
interfaces. If the command is run on an Eth-Trunk interface, the bandwidth of the Eth-Trunk interface
is equal to the total bandwidth of all its member interfaces.
Table 7-1 Mapping between IS-IS interface costs and interface bandwidth
NOTE
To change the cost of a loopback interface, run the isis cost command only in the loopback interface
view.
----End
Context
The establishment modes of IS-IS neighbor relationships are different on a broadcast network
and on a P2P network. Different IS-IS attributes can be configured for interfaces on different
types of networks.
IS-IS is required to select a DIS on a broadcast network. Configure the DIS priorities of IS-IS
interfaces so that the interface with the highest priority will be selected as the DIS.
The network types of the IS-IS interfaces on both ends of a link must be the same; otherwise,
the IS-IS neighbor relationship cannot be established between the two interfaces. For example,
if the type of an interface on a peer device is P2P, you can configure the type of an interface on
the local device to P2P so that an IS-IS neighbor relationship can be established between the
two devices.
IS-IS on a P2P network is not required to select a DIS. Therefore, you do not need to configure
DIS priorities. To ensure the reliability of P2P links, configure IS-IS to use the three-way
handshake mode for IS-IS neighbor relationship establishment so that faults on a unidirectional
link can be detected.
Procedure
l Configure the DIS priority of an IS-IS interface.
1. Run:
system-view
The DIS priority is configured on the interface. The greater the value, the higher the
priority.
4. (Optional) Run:
isis dis-name symbolic-name
The name of the DIS is configured for easier maintenance and management.
l Configure the network type of an IS-IS interface.
1. Run:
system-view
The network type of an interface is determined by the physical type of the interface
by default.
When the network type of an IS-IS interface changes, interface configurations change
accordingly.
– After a broadcast interface is configured as a P2P interface using the isis circuit-
type p2p command, the default settings are restored for the interval for sending
Hello packets, the number of Hello packets that IS-IS fails to receive from a
neighbor before the neighbor is declared Down, interval for retransmitting LSPs
on a P2P link, and various IS-IS authentication modes. Consequently, other
configurations such as the DIS priority, DIS name, and interval for sending CSNPs
on a broadcast network become invalid.
– After the undo isis circuit-type command is run to restore the network type, the
default settings are restored for the interval for sending Hello packets, the number
of Hello packets that IS-IS fails to receive from a neighbor before the neighbor is
declared Down, interval for retransmitting LSPs on a P2P link, various IS-IS
authentication modes, DIS priority, and interval for sending CSNPs on a broadcast
network.
l Set the negotiation mode in which P2P neighbor relationships can be set up.
1. Run:
system-view
The isis ppp-negotiation command can only be used for the establishment of the
neighbor relationships on P2P links. In the case of a broadcast link, you can run the
isis circuit-type p2p command to set the link type to P2P, and then run the isis ppp-
negotiation command to set the negotiation mode for the establishment of the
neighbor relationship.
By default, the OSICP negotiation status of a PPP interface does not affect the status
of an IS-IS interface.
After this command is run, the OSICP negotiation status of a PPP interface affects the
status of an IS-IS interface. When PPP detects that the OSI network fails, the link
status of the IS-IS interface goes Down and the route to the network segment where
the interface resides is not advertised through LSPs.
l Configure the scale of the Hello packets sent on the IS-IS interface.
1. Run:
system-view
NOTE
Step 3 and Step 4 are mutually exclusive. Run the command as needed.
3. Run:
isis small-hello
The Hello packets without the padding field are configured to be sent on the interface.
4. Run:
isis padding-hello
The standard Hello packets without the padding field are configured to be sent on the
interface.
l Configure IS-IS not to check whether the IP addresses of received Hello packets are on the
same network segment.
1. Run:
system-view
IS-IS is configured not to check whether the IP addresses of received Hello packets
are on the same network segment.
----End
Prerequisites
Basic IPv4 IS-IS functions have been configured.
Procedure
Step 1 Run the display isis name-table [ process-id | vpn-instance vpn-instance-name ] command to
check the mapping from the name of the local device to the system ID.
Step 2 Run the display isis peer [ verbose ] [ process-id | vpn-instance vpn-instance-name ] command
to check information about IS-IS neighbors.
Step 3 Run the display isis interface [ verbose ] [ process-id | vpn-instance vpn-instance-name ]
command to check information about IS-IS interfaces.
Step 4 Run the display isis route [ process-id | vpn-instance vpn-instance-name ] [ ipv4 ] [ verbose |
[ level-1 | level-2 ] | ip-address [ mask | mask-length ] ] * command to check information about
IS-IS routes.
Step 5 Run the display isis cost interface interface-type interface-number to display costs of an
interface and how they are generated.
----End
Example
Run the display isis name-table command to view the mappings between host names and system
IDs.
<HUAWEI> display isis name-table
Run the display isis peer command. The command output shows the status of an IS-IS neighbor,
DeviceB. System Id is displayed as DeviceB.
<HUAWEI> display isis peer
Total Peer(s): 1
Run the display isis interface verbose command to view information about IS-IS interfaces.
The command output shows that the DIS status of a broadcast interface is Yes, the priority of
the DIS is 20, and the cost of the interface is 30, the configured delay for the IS-IS neighbor
relationship establishment is 100s, and that the delay has not been triggered yet.
<HUAWEI> display isis interface verbose
Run the display isis route command to view information about IS-IS routes. The command
output shows a route with the destination network segment of 12.1.1.0/24 and with the next-hop
address of 23.1.1.0/24.
<HUAWEI> display isis route
Applicable Environment
This section describes how to establish or maintain the IS-IS neighbor relationship, covering:
l Adjusting timers of various IS-IS packets, including Hello packets, CSNPs, and LSPs
l Adjusting parameters of LSPs
Pre-configuration Tasks
Before establishing or maintaining IS-IS neighbor relationships or adjacencies, complete the
following tasks:
Data Preparation
To establish or maintain IS-IS neighbor relationships or adjacencies, you need the following
data.
No. Data
2 LSP parameters
Context
Perform the following steps on the router that runs IS-IS.
Procedure
l Configuring the Interval for Sending Hello Packets
1. Run:
system-view
On a broadcast link, there are Level-1 and Level-2 Hello packets. For different types
of packets, you can set different intervals. If no level is specified, both the Level-1
timer and Level-2 timer are configured. On a P2P link, there is only one type of Hello
packets. Therefore, neither level-1 nor level-2 is required.
NOTE
If no level is specified, both the Level-1 timer and Level-2 timer are configured.
NOTE
IS-IS maintains neighbor relationships with neighbors through Hello packets. If the local
router does not receive any Hello packet from a neighbor within holding time, the local
router declares that the neighbor is invalid.
In IS-IS, the period during which the local router and its neighbor keep the neighbor
relationship is determined by the invalid number of Hello packets and the interval for
sending Hello packets.
l Configuring the Interval for Sending CSNPs
1. Run:
system-view
On a P2P link, if the local router does not receive the response within a period of time after
it sends an LSP, it considers that the LSP is lost or dropped. To ensure the reliable
transmission, the local router retransmits the LSP according to the retransmit-interval. By
default, the interval for retransmitting the LSP packet on the P2P link is 5 seconds.
count: specifies the maximum number of LSP packets to be sent within the period
specified by throttle-interval. The value ranges from 1 to 1000.
You can set the minimum interval for sending LSPs on an IS-IS interface, that is, the delay
between two consecutive LSPs. The value is also the interval for sending fragments of a
CSNP.
----End
Context
Perform the following steps on the router that runs IS-IS.
Procedure
l Configure the interval for refreshing LSPs
1. Run:
system-view
To synchronize all the LSPs in an area, the routers in the area periodically send all the
current LSPs.
By default, the LSP refreshment period is 900 seconds, and the maximum lifetime of an
LSP is 1200 seconds. When performing configurations, ensure that the LSP refresh interval
is 300 seconds shorter than the maximum LSP Keepalive time. In this way, new LSPs can
reach all routers in an area before existing LSPs expire.
NOTE
It is recommended to adjust the difference between the LSP refresh period and the maximum
Keepalive time of the LSP depending on the network scale.
l Configure the max lifetime of an LSP
1. Run:
system-view
When a router generates an LSP, it sets the max lifetime for the LSP. After the LSP is
received by other routers, its lifetime decreases as time passes. If a router does not receive
any updated LSP and the lifetime of this LSP decreases to 0, the lifetime of the LSP lasts
60s. If a new LSP is still not received, this LSP is deleted from the LSDB.
l Configure the intelligent timer used to generate LSPs
1. Run:
system-view
When using max-size, ensure that the value of the max-size of the generated LSP packet (or the
forwarded LSP packet) must be smaller than or equal to that of the received LSP packet.
The value of max-size set by using the lsp-length command must meet the following
conditions.
– The MTU value of an Ethernet interface must be greater than or equal to the sum of
max-size and 3.
– The MTU value of a P2P interface must be greater than or equal to the value of max-
size.
l Add an interface to a mesh group
1. Run:
system-view
On the Non Broadcast Multiple Access (NBMA) network, after receiving an LSP, the
interface of a router floods the LSP to the other interfaces. In a network with higher
connectivity and multiple P2P links, however, the flooding method causes repeated LSP
flooding and wastes bandwidth.
To avoid the preceding problem, you can configure several interfaces to form a mesh group.
The router in the mesh group does not flood the LSP received from an interface of the group
to the other interfaces of the group, but floods it to interfaces of other groups or interfaces
that do not belong to any group.
NOTE
In an ATM or FR network, IS-IS routers are connected through Virtual Circuits (VCs), and the
interface here is the logical P2P sub-interface.
l Configure LSP fragments extension
1. Run:
system-view
Prerequisites
Establishing or Maintaining IS-IS Neighbor Relationships or Adjacencies has been configured.
Procedure
l Run display isis interface [ [ verbose | traffic-eng ] * | tunnel ] [ process-id | vpn-
instance vpn-instance-name ] command to check information about the interface enabled
with IS-IS.
l Check the statistics of the IS-IS process:
– display isis statistics [ ipv6 ] [ topology topology-name | updated-lsp [ history ] ]
[ level-1 | level-2 | level-1-2 ] [ process-id | vpn-instance vpn-instance-name ]
– display isis statistics packet [ interface interface-type interface-number ]
– display isis process-id statistics [ level-1 | level-2 | level-1-2 | packet ]
----End
Example
On GE 1/0/0, set the interval for sending Hello packets to 15, the invalid number of Hello packets
to 10, the interval for sending Level-1 CSNPs to 123, and the minimum interval for sending
LSPs to 159. Run the display isis interface verbose command. The display is as follows:
<HUAWEI> display isis interface verbose
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
GE 1/0/0 001 Up Down 1497 L1/L2 No/No
Description : GigabitEthernet1/0/0 Interface
SNPA Address : 00e0-095b-4201
IP Address : 123.1.1.1
IPV6 Link Local Address :
IPV6 Global Address(es) :
Csnp Timer Value : L1 123 L2 10
Hello Timer Value : L1 15 L2 15
DIS Hello Timer Value : L1 5 L2 5
Hello Multiplier Value : L1 10 L2 10
LSP-Throttle Timer : L12 159
Cost : L1 10 L2 10
Ipv6 Cost : L1 10 L2 10
Priority : L1 64 L2 64
Retransmit Timer Value : L12 5
Bandwidth-Value : Low 100000000 High 0
Static Bfd : NO
Dynamic Bfd : NO
Fast-Sense Rpr : NO
Applicable Environment
After basic IPv4 IS-IS functions are configured, IS-IS routes will be generated, enabling
communication between different nodes on a network.
If multiple routes are available, a route discovered by IS-IS may not the optimal route. This does
not meet network planning requirements nor facilitates traffic management. Therefore, configure
IPv4 IS-IS route selection to implement refined control over route selection.
To implement refined control over IPv4 IS-IS route selection, perform the following operations:
l Configuring the IPv4 IS-IS Interfaces.
NOTE
Changing the IS-IS cost for an interface can achieve the function of controlling route selection, but
requires routes on the interface to be recalculated and reconverged when a network topology changes,
especially on a large-scale network. In addition, the configuration result may not meet your
expectation.
Therefore, the configuration of changing IS-IS costs has best to be finished when configuring basic
IS-IS functions.
l Configure IPv4 IS-IS route leaking.
l Configure principles for selecting equal-cost IPv4 IS-IS routes.
l Filter IPv4 IS-IS routes.
l Configure an overload bit for an IPv4 IS-IS device.
l Configuring IS-IS to Generate IPv4 Default Routes
l Configuring an IPv4 IS-IS Interface to Automatically Adjust the Link Cost
Pre-configuration Tasks
Before configuring IPv4 IS-IS route selection, complete the following tasks:
l Configuring IP addresses for interfaces to ensure that neighboring nodes are reachable at
the network layer
l Configuring Basic IPv4 IS-IS Functions
Data Preparation
To configure IPv4 IS-IS route selection, you need the following data.
No. Data
Context
If multiple Level-1-2 devices in a Level-1 area are connected to devices in the Level-2 area, a
Level-1 LSP sent by each Level-1-2 device carries an ATT flag bit of 1. This Level-1 area will
have multiple routes to the Level-2 area and to other Level-1 areas.
By default, routes in a Level-1 area can be leaked into the Level-2 area so that Level-1-2 and
Level-2 devices can learn about the topology of the entire network. Devices in a Level-1 area
are unaware of the entire network topology because they only maintain LSDBs in the local
Level-1 area. Therefore, a device in a Level-1 area can forward traffic to a Level-2 device only
through the nearest Level-1-2 device. The route used may not be the optimal route to the
destination.
To enable a device in a Level-1 area to select the optimal route, configure IPv4 IS-IS route
leaking so that specified routes in the Level-2 area can be leaked into the local Level-1 area.
Routes of services deployed only in the local Level-1 area do not need to be leaked into the
Level-2 area. A policy can be configured to leak only desired routes into the Level-2 area.
Procedure
l Specify routes in the Level-2 area and other Level-1 areas that can be leaked into the local
Level-1 area.
1. Run:
system-view
a. Run import-route isis level-2 into level-1 [ tag tag | filter-policy { acl-
number | acl-name acl-name } ] *, routes in the Level-2 area and other Level-1
areas that meet the specified conditions are leaked into the local Level-1 area.
b. Run quit, return to the system view.
c. Run acl { [ number ] acl-number1 | name acl-name basic [ number acl-
number2 ] } [ match-order { auto | config } ], the basic ACL view is
displayed.
d. Run rule [ rule-id ] { deny | permit } [ fragment-type fragment-type-
name | source { source-ip-address source-wildcard | any } | time-range time-
name | vpn-instance vpn-instance-name ] *, a rule is configured for the basic
ACL.
When a filtering policy of a routing protocol is used to filter routes:
– If the action specified in an ACL rule is permit, a route that matches the
rule will be received or advertised by the system.
– If the action specified in an ACL rule is deny, a route that matches the
rule will not be received or advertised by the system.
– If a route has not matched any ACL rules, the route will not be received
or advertised by the system.
– If an ACL does not contain any rules, all routes matching the route-
policy that references the ACL will not be received or advertised by the
system.
– If the ACL referenced by the route-policy does not exist, all routes
matching the route-policy will be received or advertised by the system.
– In the configuration order, the system first matches a route with a rule that
has a smaller number and then matches the route with a rule with a larger
number. Routes can be filtered using a blacklist or a whitelist:
Route filtering using a blacklist: Configure a rule with a smaller number
and specify the action deny in this rule to filter out the unwanted routes.
Then, configure another rule with a larger number in the same ACL and
specify the action permit in this rule to receive or advertise the other
routes.
Route filtering using a whitelist: Configure a rule with a smaller number
and specify the action permit in this rule to permit the routes to be received
or advertised by the system. Then, configure another rule with a larger
number in the same ACL and specify the action deny in this rule to filter
out unwanted routes.
– Based on the named advanced ACL:
a. Run import-route isis level-2 into level-1 [ tag tag | filter-policy acl-
name acl-name ] *, routes in the Level-2 area and other Level-1 areas that
meet the specified conditions are leaked into the local Level-1 area.
b. Run quit, return to the system view.
c. Run acl name acl-name advance [ number acl-number2 ] [ match-order
{ auto | config } ], the basic ACL view is displayed.
The command is run on the Level-1-2 device that is connected to an external area.
By default, routes in the Level-2 area are not leaked into Level-1 areas. After this command is
run, only routes that meet the specified conditions can be leaked into Level-1 areas.
l Configure routes in Level-1 areas to leak into the Level-2 area.
1. Run:
system-view
a. Run import-route isis level-1 into level-2 [ tag tag | filter-policy { acl-
number | acl-name acl-name } ] *, routes that meet the specified conditions
in Level-1 areas are leaked into the Level-2 area.
b. Run quit, return to the system view.
c. Run acl { [ number ] acl-number1 | name acl-name basic [ number acl-
number2 ] } [ match-order { auto | config } ], the basic ACL view is
displayed.
d. Run rule [ rule-id ] { deny | permit } [ fragment-type fragment-type-
name | source { source-ip-address source-wildcard | any } | time-range time-
name | vpn-instance vpn-instance-name ] *, a rule is configured for the basic
ACL.
When a filtering policy of a routing protocol is used to filter routes:
– If the action specified in an ACL rule is permit, a route that matches the
rule will be received or advertised by the system.
– If the action specified in an ACL rule is deny, a route that matches the
rule will not be received or advertised by the system.
– If a route has not matched any ACL rules, the route will not be received
or advertised by the system.
– If an ACL does not contain any rules, all routes matching the route-
policy that references the ACL will not be received or advertised by the
system.
– If the ACL referenced by the route-policy does not exist, all routes
matching the route-policy will be received or advertised by the system.
– In the configuration order, the system first matches a route with a rule that
has a smaller number and then matches the route with a rule with a larger
number. Routes can be filtered using a blacklist or a whitelist:
Route filtering using a blacklist: Configure a rule with a smaller number
and specify the action deny in this rule to filter out the unwanted routes.
Then, configure another rule with a larger number in the same ACL and
specify the action permit in this rule to receive or advertise the other
routes.
Route filtering using a whitelist: Configure a rule with a smaller number
and specify the action permit in this rule to permit the routes to be received
or advertised by the system. Then, configure another rule with a larger
number in the same ACL and specify the action deny in this rule to filter
out unwanted routes.
– Based on the named advanced ACL:
a. Run import-route isis level-1 into level-2 [ tag tag | filter-policy acl-
name acl-name ] *, routes that meet the specified conditions in Level-1 areas
are leaked into the Level-2 area.
b. Run quit, return to the system view.
c. Run acl name acl-name advance [ number acl-number2 ] [ match-order
{ auto | config } ], the basic ACL view is displayed.
The command is run on the Level-1-2 device that is connected to an external area.
By default, all routes in a Level-1 area are leaked into the Level-2 area. After this command is
run, only routes that meet the specified conditions can be leaked into the Level-2 area.
----End
Context
If there are redundant IS-IS links, multiple routes may have an equal cost. Choose either of the
following methods to use these equal-cost IS-IS routes:
l Configure load balancing for equal-cost IS-IS routes so that traffic will be evenly balanced
among these links.
This mechanism increases the link bandwidth usage and prevents network congestion
caused by link overload. However, this mechanism may make traffic management more
difficult because traffic will be randomly forwarded.
l Configure preference values for equal-cost IS-IS routes so that only the route with the
highest preference will be used and the others function as backups.
This configuration facilitates traffic management and improves the network reliability,
without the need to change original configurations.
Procedure
l Configure equal-cost IS-IS routes to work in load-balancing mode.
1. Run:
system-view
NOTE
When the number of equal-cost routes is greater than number specified in the maximum load-
balancing command, valid routes are selected for load balancing based on the following
criteria:
1. Route preference: Routes with lower preferences are selected for load balancing. For details
about route preference configuration, see Configure preference values for equal-cost IS-
IS routes.
2. Interface index: If routes have the same priorities, routes with higher interface index values
are selected for load balancing.
3. Next hop IP address: If routes have the same priorities and interface index values, routes
with larger IP address are selected for load balancing.
l Configure preference values for equal-cost IS-IS routes.
1. Run:
system-view
3. Run:
nexthop ip-address weight value
NOTE
A larger value of the value parameter indicates a higher preference. The default value of the
preference is 255.
----End
Context
Only routes in an IP routing table can be used to forward IP packets. An IS-IS route can take
effect only after this IS-IS route has been successfully added to an IP routing table.
If an IS-IS route does not need to be added to a routing table, specify conditions, such as a basic
ACL, IP prefix, and routing policy, to filter routes so that only IS-IS routes that meet the specified
conditions can add to an IP routing table. IS-IS routes that do not meet the specified conditions
cannot be added to the IP routing table and cannot be selected to forward IP packets.
Procedure
Step 1 Run:
system-view
Step 2 Run:
isis [ process-id ]
– If the action specified in an ACL rule is deny, a route that matches the rule will not
be received or advertised by the system.
– If a route has not matched any ACL rules, the route will not be received or advertised
by the system.
– If an ACL does not contain any rules, all routes matching the route-policy that
references the ACL will not be received or advertised by the system.
– If the ACL referenced by the route-policy does not exist, all routes matching the
route-policy will be received or advertised by the system.
– In the configuration order, the system first matches a route with a rule that has a
smaller number and then matches the route with a rule with a larger number. Routes
can be filtered using a blacklist or a whitelist:
Route filtering using a blacklist: Configure a rule with a smaller number and specify
the action deny in this rule to filter out the unwanted routes. Then, configure another
rule with a larger number in the same ACL and specify the action permit in this rule
to receive or advertise the other routes.
Route filtering using a whitelist: Configure a rule with a smaller number and specify
the action permit in this rule to permit the routes to be received or advertised by the
system. Then, configure another rule with a larger number in the same ACL and
specify the action deny in this rule to filter out unwanted routes.
l Based on the named advanced ACL:
1. Run filter-policy acl-name acl-name import, conditions for filtering IS-IS routes are
configured.
2. Run quit, return to the system view.
3. Run acl name acl-name advance [ number acl-number2 ] [ match-order { auto |
config } ], the basic ACL view is displayed.
4. Run rule [ rule-id ] { deny | permit } protocol [ source { source-ip-address source-
wildcard | any } | time-range time-name ] *, a rule is configured for the basic ACL.
When a filtering policy of a routing protocol is used to filter routes:
– If the action specified in an ACL rule is permit, a route that matches the rule will
be received or advertised by the system.
– If the action specified in an ACL rule is deny, a route that matches the rule will not
be received or advertised by the system.
– If a route has not matched any ACL rules, the route will not be received or advertised
by the system.
– If an ACL does not contain any rules, all routes matching the route-policy that
references the ACL will not be received or advertised by the system.
– If the ACL referenced by the route-policy does not exist, all routes matching the
route-policy will be received or advertised by the system.
– In the configuration order, the system first matches a route with a rule that has a
smaller number and then matches the route with a rule with a larger number. Routes
can be filtered using a blacklist or a whitelist:
Route filtering using a blacklist: Configure a rule with a smaller number and specify
the action deny in this rule to filter out the unwanted routes. Then, configure another
rule with a larger number in the same ACL and specify the action permit in this rule
to receive or advertise the other routes.
Route filtering using a whitelist: Configure a rule with a smaller number and specify
the action permit in this rule to permit the routes to be received or advertised by the
system. Then, configure another rule with a larger number in the same ACL and
specify the action deny in this rule to filter out unwanted routes.
l Based on the IP prefix: filter-policy ip-prefix ip-prefix-name import
l Based on the Route-Policy: filter-policy route-policy route-policy-name import
----End
Context
If an IS (for example, an IS to be upgraded or maintained) needs to be temporarily isolated,
configure the IS to enter the overload state so that no device will forward traffic to this IS.
IS-IS routes converge more quickly than BGP routes. To prevent blackhole routes on a network
where both IS-IS and BGP are configured, set an overload bit to instruct an IS to enter the
overload state during its start or restart. After BGP convergence is complete, cancel the overload
bit.
Procedure
Step 1 Run:
system-view
----End
Context
The destination address and mask of a default route are all 0s. If the destination address of a
packet does not match any entry in the routing table of a device, the device sends the packet
along the default route. If neither the default route nor the destination address of the packet exists
in the routing table, the device discards the packet and informs the source end that the destination
address or network is unreachable.
IS-IS can generate default routes using either of the following mode:
l Command-triggered default route generation mode
You can run the default-route-advertise command on a device so that the device adds a
default route to the LSP before sending the LSP to a neighbor. Therefore, the neighbor can
learn this default route.
l ATT bit 1-triggered default route generation mode
IS-IS defines that a Level-1-2 router sets the ATT bit to 1 in the LSP to be advertised to a
Level-1 area if the Level-1-2 router can reach more Level-1 areas through the Level-2 area
than through the Level-1 area. After a Level-1 router in the Level-1 area receives the LSP,
it generates a default route destined for the Level-1-2 router. Based on the network
requirements, you can configure whether the Level-1-2 router sets the ATT bit carried in
the LSP and whether a Level-1 router generates a default route after it receives the LSP
carrying ATT bit 1.
NOTE
Procedure
l Configure command-triggered default route generation mode.
1. Run:
system-view
– If the always parameter is specified, the ATT bit is set to 1. After receiving the
LSPs carrying the ATT bit 1, the Level-1 router generates a default route.
– If the never parameter is specified, the ATT bit is set to 0. After receiving the
LSPs carrying the ATT bit 0, the Level-1 router does not generate a default
route, which reduces the size of a routing table.
– To disable the Level-1 router from generating default routes even though it receives
the LSPs carrying ATT bit 1, run the attached-bit avoid-learning command.
----End
Context
A bit error refers to the deviation between a bit that is sent and the bit that is received. The bit
error rate (BER) refers to the number of bit errors divided by the total number of bits transferred
during a studied time interval. During data transmission, a high BER will degrade or even
interrupt services in extreme cases.
To prevent this problem, configure IS-IS interfaces to automatically adjust link costs based on
link quality, so that unreliable links are not used by the optimal routes.
Procedure
Step 1 Run:
system-view
The upper and lower thresholds for triggering link quality changes are set on the IS-IS interface.
After you run this command, if the BER of the IS-IS interface reaches or exceeds the upper
threshold, the link quality changes from good to low; if the BER of the IS-IS interface reaches
or falls below the lower threshold, the link quality changes from low to good.
Step 5 Run:
isis link-quality low incr-cost { cost | max-reachable }
The IS-IS interface is configured to automatically adjust the link cost based on link quality.
By default, an IS-IS interface does not have this function.
NOTE
The cost parameter specifies the link cost adjustment value. After this parameter is specified:
l If the link quality changes from good to low, the link cost equals the original link cost plus the adjustment
value. If the new link cost exceeds the maximum link cost allowed, the maximum link cost allowed applies:
l The maximum link cost is 63, if the cost type is narrow, narrow-compatible, or compatible.
l The maximum link cost is 16777214, if the cost type is wide or wide-compatible.
l If the link quality changes from low to good, the orginal link cost applies.
----End
Procedure
l Run the display isis route [ process-id | vpn-instance vpn-instance-name ] [ ipv4 ]
[ verbose | [ level-1 | level-2 ] | ip-address [ mask | mask-length ] ] * [ | count ] command
to check IS-IS routing information.
l Run the display isis lsdb [ { level-1 | level-2 } | verbose | { local | lsp-id | is-name symbolic-
name } ] * [ process-id | vpn-instance vpn-instance-name ] command to check information
in the IS-IS LSDB.
----End
Example
On a Level-1 device, run the display isis route command to check IS-IS routing information.
If the Level-1-2 device is enabled to leak IS-IS routes in the Level-2 area to Level-1 areas, the
output of the display isis route command is similar to the following information. For example,
the route 192.168.1.0/24 in the Level-2 area is displayed, and Up/Down is U.
<HUAWEI> display isis route
On the Level-1-2 device, run the display isis lsdb verbose command to check whether the
Level-1-2 device has leaked the route 192.168.1.0/24 to Level-1 areas.
Total LSP(s): 3
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
Run the display isis lsdb command to check whether an IS-IS device is in the overload state. If
an IS-IS device is in the overload state, the command output is similar to the following
information.
Total LSP(s): 3
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
Run the display isis route command to check IS-IS routing information. If equal-cost IS-IS
routes are configured to work in load-balancing mode, multiple next hops will be displayed in
the command output. For example, two next hops, 10.1.1.2 and 10.1.2.2, to the 172.17.1.0/24
network segment are displayed, and their route costs are both 30.
<HUAWEI> display isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
---------------------------------------------------------------------------
192.168.1.0/24 20 NULL Pos2/0/0 10.1.2.2 A/-/L/-
10.1.1.0/24 10 NULL Pos1/0/0 Direct D/-/L/-
172.16.1.0/24 10 NULL GE3/0/0 Direct D/-/L/-
172.17.1.0/24 30 NULL Pos1/0/0 10.1.1.2 A/-/L/-
Pos2/0/0 10.1.2.2
10.1.2.0/24 10 NULL Pos2/0/0 Direct D/-/L/-
192.168.0.0/24 20 NULL Pos1/0/0 10.1.1.2 A/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
Context
Route summarization is used to summarize routes with the same IP prefix into one route.
On a large-scale IS-IS network, route summarization can be configured to reduce the number
of IS-IS routes in a routing table. This summarization improves the usage of system resources
and facilitates route management.
If a link on an IP network segment that is summarized frequently alternates between Up and
Down states, IP network segments that are not summarized will not be affected, preventing route
flapping and improving the network stability.
Procedure
Step 1 Run:
system-view
Step 2 Run:
isis [ process-id ]
Step 3 Run:
summary ip-address mask [ avoid-feedback | generate_null0_route | tag tag |
[ level-1 | level-1-2 | level-2 ] ] *
The specified IS-IS routes are summarized into one IS-IS route.
NOTE
After route summarization is configured on an IS, the local routing table still contains all specific routes
before the summarization.
The routing tables on other ISs contain only the summary route, and the summary route is deleted only
after all its specific routes are deleted.
----End
Applicable Environment
If other routing protocols are configured on an IS-IS network, the following issues need to be
considered:
l Preference of IS-IS routes
If multiple routes to the same destination are discovered by different routing protocols
running on the same device, the route discovered by the protocol with the highest preference
is selected. For example, if both OSPF and IS-IS are configured, the route discovered by
OSPF is used because OSPF enjoys a higher preference than IS-IS by default.
Therefore, if you want the route discovered by IS-IS to be used, configure IS-IS to have
the highest preference.
l Communication between an IS-IS area and other areas
If other routing protocols are configured on an IS-IS network, you need to configure IS-IS
to interact with those routing protocols so that IS-IS areas can communicate with non-IS-
IS areas.
NOTE
The LSDBs of different IS-IS processes on a device are independent of each other. Therefore, each
IS-IS process on the device considers routes of the other IS-IS processes as external routes.
To ensure successful traffic forwarding, configure IS-IS to interact with other routing
protocols on a device where external routes are configured, for example, a Level-1-2 IS-
IS router. Available method is configuring IS-IS to import external routes. This mode
enables all devices in IS-IS areas to learn external routes, implementing refined control
over traffic forwarding.
To ensure successful forwarding of traffic destined for IS-IS areas, you must also enable
the other routing protocols to interact with IS-IS.
Pre-configuration Tasks
Before configuring IPv4 IS-IS to interact with other routing protocols, complete the following
tasks:
Data Preparation
To configure the IPv4 IS-IS route convergence speed, you need the following data.
No. Data
Context
If multiple routes to the same destination are discovered by different routing protocols running
on the same device, the route discovered by the protocol with the highest preference is selected.
For example, if both OSPF and IS-IS are configured on a network, the route discovered by OSPF
is used because OSPF has a higher preference than IS-IS by default.
To prefer a route discovered by IS-IS, configure a higher preference value for IS-IS. In addition,
a routing policy can be configured to increase the preferences of specified IS-IS routes, without
affecting route selection.
Procedure
l Configure the IS-IS preference value.
1. Run:
system-view
NOTE
The preference values are configured for the specified IS-IS routes.
NOTE
preference takes effect only for IS-IS routes that match the specified routing policy.
----End
Context
If IS-IS is configured on a Level-1-2 device to advertise a default route, all traffic in IS-IS routing
domains will be forwarded by this Level-1-2 device. This will burden this Level-1-2 device
because no external route can be learned on the devices in the IS-IS routing domains.
If multiple Level-1-2 devices are deployed, optimal routes to other routing domains need to be
selected. To ensure optimal routes are selected, all the other devices in the IS-IS routing domains
must learn all or some external routes.
Routing policies can be configured to import or advertise external routes that meet specified
conditions to the IS-IS routing domains.
Procedure
l Configure IS-IS to import external routes.
1. Run:
system-view
original cost value of the imported route, the source routes cannot be static.
NOTE
IS-IS will advertise all imported external routes to an IS-IS routing domain by default.
If only some imported external routes need to be advertised, run the filter-policy export
command to set a filtering policy.
If an IS-IS device has a small routing table capacity, run the import-route limit limit-
number [ threshold-alarm upper-limit upper-limit-value lower-limit lower-limit-value ]
{ level-1 | level-2 | level-1-2 } command to set the maximum number of external routes that
can be imported into an IS-IS routing domain.
l Configure IS-IS to advertise some external routes to an IS-IS routing domain.
1. Run:
system-view
After this command is run, only external routes that meet the specified conditions can be
advertised to the IS-IS routing domain.
----End
Procedure
l Run the display isis lsdb [ { level-1 | level-2 } | verbose | { local | lsp-id | is-name symbolic-
name } ] * [ process-id | vpn-instance vpn-instance-name ] command to check IS-IS LSDB
information.
----End
Example
Run the display isis lsdb verbose command on the device that generates a default route. The
command output shows that IS-IS has advertised a default route.
<HUAWEI> display isis lsdb verbose
Total LSP(s): 5
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
Run the display isis route command on the device that receives the default route. The command
output shows that the default route with a next-hop address of 20.1.1.2 has been imported into
the Level-2 IS-IS routing table.
<HUAWEI> display isis route
Run the display isis route command to view the IS-IS routing table. The command output shows
that the direct route 192.168.1.0/24 and OSPF route 14.1.1.1/32 have been imported into the
Level-2 IS-IS routing table.
<HUAWEI> display isis route
Run the display ip routing-table command to view the IP routing table. The command output
shows that the value of Preference of IPv4 IS-IS has been changed from its default value 15 to
20.
Applicable Environment
The procedure for implementing IS-IS is as follows:
l Establishment of neighboring relationships: establishes neighboring relationships by
exchanging Hello packets between two devices.
l LSP flooding: implements LSDB synchronization between devices in the same area.
l SPF calculation: uses the SPF algorithm to calculate IS-IS routes, and delivers the IS-IS
routes to the routing table.
To accelerate the IS-IS route convergence speed, configure the following parameters:
l Interval for detecting IS-IS neighboring device failures
l Flooding parameters of CSNPs and LSPs
l Interval for SPF calculation
You can also configure convergence priorities for IPv4 IS-IS routes so that key routes can be
converged by preference when a network topology changes. This minimizes adverse impacts on
key services.
Pre-configuration Tasks
Before configuring the IPv4 IS-IS route convergence speed, complete the following tasks:
Data Preparation
To configure the IPv4 IS-IS route convergence speed, you need the following data.
No. Data
1 Interval at which Hello packets are sent and the holding time of neighboring
devices
Context
Connection status between an IS-IS device and its neighboring devices can be monitored by
exchanging Hello packets at intervals. An IS-IS neighboring device is considered Down if the
IS-IS device does not receive any Hello packets from the neighboring device within the specified
period (called the holding time). A failure in an IS-IS neighboring device will trigger LSP
flooding and SPF calculation, after which IS-IS routes are reconverged.
To speed up fault detection, use the following methods to accelerate the speed of detecting IS-
IS neighboring device failures:
l Shorten the interval at which Hello packets are sent.
l Shorten the holding time of neighboring devices.
l Configuring Dynamic IPv4 BFD for IS-IS.
NOTE
Configuring IPv4 BFD for IS-IS is recommended because this method provides a faster fault detection
speed than the other two methods.
Procedure
l Set an interval at which Hello packets are sent.
1. Run:
system-view
3. Run:
isis timer hello hello-interval [ level-1 | level-2 ]
NOTE
A broadcast link can transmit both Level-1 and Level-2 Hello packets. You can set different
sending intervals for these two types of Hello packets. By default, both Level-1 and Level-2
Hello packets are sent.
A P2P link can transmit only one type of Hello packets. Therefore, there is no need to specify
the level-1 or level-2 parameter if a P2P link is used.
l Set the holding multiplier for neighboring devices.
1. Run:
system-view
NOTE
A broadcast link can transmit both Level-1 and Level-2 Hello packets. You can set different
sending intervals for these two types of Hello packets. By default, both Level-1 and Level-2
Hello packets are sent.
A P2P link can transmit only one type of Hello packets. Therefore, there is no need to specify
the level-1 or level-2 parameter if a P2P link is used.
----End
Context
SNPs consist of CSNPs and PSNPs. CSNPs carry summaries of all LSPs in LSDBs, ensuring
LSDB synchronization between neighboring routers. SNPs are processed differently on
broadcast links and P2P links.
l On a broadcast link, CSNPs are periodically sent by a DIS device. If a router detects that
its LSDB is not synchronized with that on its neighboring router, the router will send PSNPs
to apply for missing LSPs.
l On a P2P link, CSNPs are sent only during initial establishment of neighboring
relationships. If a request is acknowledged, a neighboring router will send a PSNP in
response to a CSNP. If a router detects that its LSDB is not synchronized with that on its
neighboring router, the router will also send PSNPs to apply for missing LSPs.
To speed up LSDB synchronization, modify the following parameters of SNPs and LSPs on the
NE80E/40E:
l Interval at which CSNPs are sent
l Intelligent timer controlling LSP generation
l Maximum length of LSPs
l Refresh interval of LSPs
l Maximum lifetime of LSPs
l Minimum interval at which LSPs are sent
l LSP fast flooding
l Interval at which LSPs are retransmitted over a P2P link
Procedure
l Set an interval at which CSNPs are sent.
1. Run:
system-view
The interval at which CSNPs are sent is set on the specified interface.
NOTE
or the IS-IS process is restarted, the delay decreases to the value specified by init-
interval.
If incr-interval is not specified, the delay in generating an LSP or LSP fragment for
the first time is determined by init-interval. From the second time on, the delay in
generating an LSP is determined by max-interval. After the delay remains at the value
specified by max-interval for three times or the IS-IS process is restarted, the delay
decreases to the value specified by init-interval.
NOTE
Ensure that the value of max-size for LSPs to be generated must be smaller than or equal to the
value of max-size for LSPs to be received.
The value of max-size in the lsp-length command must meet the following conditions.
– The MTU of an Ethernet interface must be greater than or equal to the sum of the
value of max-size and 3.
– The MTU of a P2P interface must be greater than or equal to the value of max-
size.
l Set the refresh interval for LSPs.
1. Run:
system-view
To synchronize all LSPs in the areas, IS-IS regularly transmits all the current LSPs to
neighbors.
By default, the LSP refresh interval is 900s, and the maximum lifetime of an LSP is
1200s. Ensure that the LSP refresh interval is more than 300s shorter than the
maximum LSP lifetime. This allows new LSPs to reach all routers in an area before
existing LSPs expire.
NOTE
The larger a network, the greater the deviation between the LSP refresh interval and the
maximum LSP lifetime.
l Set the maximum lifetime for LSPs.
1. Run:
system-view
When a router generates the system LSP, it fills in the maximum lifetime for this LSP.
After this LSP is received by other routers, the lifetime of the LSP is reduced gradually.
If the router does not receive any more update LSPs and the lifetime of the LSP is
reduced to 0, the LSP will be deleted from the LSDB 60s later if no more updated
LSPs are received.
l Set the minimum interval at which LSPs are sent.
1. Run:
system-view
The count parameter specifies the maximum number of LSPs that can be sent within
the interval specified by throttle-interval. The value of count is an integer ranging
from 1 to 1000.
l Enable LSP fast flooding.
1. Run:
system-view
2. Run:
isis [ process-id ]
You can specify lsp-count to flood a certain number of LSPs and specify interval to
flood LSPs at a certain interval. If the number of LSPs to be flooded exceeds the value
of lsp-count, a maximum of lsp-count number of LSPs are flooded each time in time
sequence at an interval specified by interval until all the LSPs are flooded.
When LSP fast flooding is enabled, Level-1 LSPs and Level-2 LSPs are fast flooded
by default if no level is specified.
l Set an interval at which LSPs are retransmitted over a P2P link.
1. Run:
system-view
The interval at which LSPs are retransmitted over a P2P link is set.
----End
Context
A network change always triggers IS-IS to perform SPF calculation. Frequent SPF calculation
will consume excessive CPU resources, affecting services.
To solve this problem, configure an intelligent timer to control the interval for SPF calculation.
For example, to speed up IS-IS route convergence, set the interval for SPF calculation to a small
value, and set the interval to a large value after the IS-IS network becomes stable.
Procedure
Step 1 Run:
system-view
Step 2 Run:
isis [ process-id ]
Step 3 Run:
timer spf max-interval [ init-interval [ incr-interval ] ]
----End
Context
By default, the convergence priority of 32-bit host routes is medium, and the convergence
priority of the other IS-IS routes is low.
The NE80E/40E allows you to configure the highest convergence priority for specific IS-IS
routes so that those IS-IS routes will be converged first when a network topology changes.
Procedure
Step 1 Run:
system-view
Step 2 Run:
isis [ process-id ]
Step 3 Run:
prefix-priority [ level-1 | level-2 ] { critical | high | medium } { ip-prefix
prefix-name | tag tag-value }
The application rules of the convergence priorities for IS-IS routes are as follows:
l Existing IS-IS routes are converged based on the priorities configured in the prefix-
priority command.
l New IS-IS routes are converged based on the priorities configured in the prefix-priority
command.
l If an IS-IS route conforms to the matching rules of multiple convergence priorities, the
highest convergence priority is used.
l The convergence priority of a Level-1 IS-IS route is higher than that of a Level-2 IS-IS route.
l If the route level is not specified, the configuration of the prefix-priority command takes
effect for both Level-1 and Level-2 IS-IS routes.
NOTE
----End
Procedure
l Run the display isis interface [ [ verbose | traffic-eng ] * | tunnel ] [ process-id | vpn-
instance vpn-instance-name ] command to check IS-IS packet information.
----End
Example
Run the display isis interface verbose command. The command output shows that GE 6/0/0
sends Hello packets at an interval of 15 s, the holding multiplier of neighboring devices is 10,
the sending interval for Level-1 CSNPs is 123 s, and the minimum sending interval for LSPs is
159 s.
<HUAWEI> display isis interface verbose
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
GE6/0/0 001 Up Down 1497 L1/L2 No/No
Description : GigabitEthernet1/0/0 Interface
SNPA Address : 00e0-095b-4201
IP Address : 123.1.1.1
IPV6 Link Local Address :
IPV6 Global Address(es) :
Csnp Timer Value : L1 123 L2 10
Hello Timer Value : L1 15 L2 15
DIS Hello Timer Value : L1 5 L2 5
Hello Multiplier Value : L1 10 L2 10
LSP-Throttle Timer : L12 159
Cost : L1 10 L2 10
Ipv6 Cost : L1 10 L2 10
Priority : L1 64 L2 64
Retransmit Timer Value : L12 5
Bandwidth-Value : Low 100000000 High 0
Static Bfd : NO
Dynamic Bfd : NO
Fast-Sense Rpr : NO
Run the display isis route verbose command. The command output shows that the convergence
priority of the route 10.10.10.0/24 imported by IS-IS is Critical.
<HUAWEI> display isis route verbose
Context
In a static BFD session scenario, you need to configure single-hop BFD parameters, such as
local and remote discriminators and then configure the device to send BFD session setup
requests.
A static BFD session can only be established and released manually. A configuration error will
lead to a BFD failure. For example, if a local or remote discriminator is incorrectly configured,
a BFD session will not work properly.
Pre-configuration Tasks
Before configuring static BFD for IPv4 IS-IS, complete the following tasks:
l Configuring Basic IPv4 IS-IS Functions.
Configuration Roadmap
The configuration roadmap is as follows:
No. Data
Procedure
l Enable BFD globally.
1. Run:
system-view
1. Run:
bfd bfd-name bind peer-ip ip-address [ interface interface-type interface-
number ]
NOTE
The local discriminator set using the local discr-value command on a device must be the same
as the remote discriminator set using the remote discr-value command on the device of the
other end.
3. Run:
commit
Context
Connection status between an IS-IS device and its neighbors can be monitored by exchanging
Hello packets at intervals. The minimum allowable sending interval is 3s, and a neighbor is
declared Down after at least three intervals during which no response Hello packet is received
from the neighbor. IS-IS takes more than one second to detect that a neighbor becomes Down,
resulting in loss of a large amount of high-speed data.
To solve this problem, BFD must be configured for IS-IS. BFD provides millisecond-level fault
detection. After detecting a link or node failure, BFD will notify IS-IS of the failure, accelerating
the IS-IS route convergence speed.
Dynamic BFD for IPv4 IS-IS implements dynamic setup of BFD sessions. When a new IS-IS
neighbor relationship is set up, BFD is notified of the neighbor parameters and the detection
parameters (including source and destination IP addresses). Then a BFD session will be
established based on the received neighbor parameters. Dynamic BFD is more flexible than
static BFD.
Pre-configuration Tasks
Before configuring dynamic BFD for IPv4 IS-IS, complete the following tasks:
l Configuring Basic IPv4 IS-IS Functions.
Configuration Roadmap
The configuration roadmap is as follows:
No. Data
You can use either of the following methods to enable dynamic BFD for IPv4 IS-IS:
l Enable dynamic BFD for specified IS-IS IPv4 processes. This method is recommended
if you need to enable dynamic BFD for IPv4 IS-IS on a large number of IS-IS interfaces.
l Enable dynamic BFD for specified IPv4 interfaces. This method is recommended if you
need to enable dynamic BFD for IPv4 IS-IS on a small number of IS-IS interfaces.
Procedure
l Enable dynamic BFD for an IS-IS IPv4 process.
1. Run:
system-view
After BFD is enabled globally and the neighbor status becomes Up, IS-IS adopts
default BFD parameters to establish BFD sessions on all interfaces.
6. (Optional) Run:
bfd all-interfaces { min-rx-interval receive-interval | min-tx-interval
transmit-interval | detect-multiplier multiplier-value | frr-binding } *
The parameters for establishing BFD sessions are set for all interfaces.
The command execution result is applicable to BFD session parameters on all IS-IS
interfaces.
7. Run:
quit
To disable the BFD function on an interface, run the isis bfd block command in the
interface view to disable the interface from establishing BFD sessions.
l Enable dynamic BFD on an IPv4 interface.
1. Run:
system-view
After BFD is configured globally and the neighbor status is Up (on a broadcast
network, DIS is in the Up state), default BFD parameters will be used to establish
BFD sessions on the specified interface.
6. (Optional) Run:
isis bfd { min-rx-interval receive-interval | min-tx-interval transmit-
interval | detect-multiplier multiplier-value | frr-binding } *
Run this command when BFD session parameters need to be configured for a specified
interface.
NOTE
The priority of BFD configured on an interface is higher than that of BFD configured for a
process. If BFD session parameters are configured for both a process and an interface, the
parameters on the interface will be used to establish a dynamic BFD session.
----End
Run the display isis [ process-id ] bfd interface command to view all the interfaces enabled
with BFD and the values of the BFD session parameters on these interfaces.
<HUAWEI> display isis bfd interface
BFD information of interface for ISIS(1)
-----------------------------------------
Interface BFD.State Min-Tx Min-Rx Mul
Pos1/0/0 enable 1000 1000 3
Total interfaces: 1 Total bfd enabled interfaces: 1
Applicable Environment
In traditional IP networks, there is only one unicast topology and one unicast forwarding table
on each device. In this case, service flows with the same destination IP address share the same
PHB. This means that various end-to-end services (for example, voice services and data services)
share the same physical links. As a result, some links may be heavily congested, whereas some
other links are relatively idle. Different types of services have different QoS requirements, which
cannot be met in the traditional unicast topology.
Multi-topology for IS-IS enables the operation of multiple independent logical topologies in an
IS-IS AS, and sets up an independent multicast topology for multicast services. In this manner,
the multicast topology is separated from the unicast topology.
Configuring multi-topology for IS-IS will help customers construct networks flexibly and reduce
cost for network construction.
Pre-configuration Tasks
Before configuring multi-topology for IPv4 IS-IS, complete the following tasks:
Data Preparation
To configure multi-topology for IPv4 IS-IS, you need the following data.
No. Data
Context
After enabling multi-topology for IS-IS, configure parameters, such as interface costs and
protocol priorities, for IS-IS topology instances.
The parameters configured in the IS-IS topology view are valid only for the specified IS-IS
topology instance. This allows you to configure different parameters for different IS-IS topology
instances.
Procedure
Step 1 Run:
system-view
Step 2 Run:
isis [ process-id ]
Step 3 Run:
cost-style { narrow | wide | wide-compatible }
The cost style for the packets received and sent by the router is set to wide or wide-
compatible.
Step 4 Run:
topology topology-name [ topology-id { multicast | topology-id } ]
The specified IS-IS process is associated with the specified topology instance, and the IS-IS
topology view is displayed.
Step 5 (Optional) Run the following commands to configure IS-IS parameters for IPv4 topology
instances.
l auto-cost enable
l bandwidth-reference value
l circuit-cost { cost | maximum } [ level-1 | level-2 ]
l circuit default-tag tag [ level-1 | level-2 ]
----End
Context
An IS-IS interface can be associated with different topology instances, and the parameters of
this IS-IS interface can vary with the topology instances. The commands for configuring the
parameters are as follows:
l Command that cancels the association between an IS-IS interface and an IPv4 base topology
l Command that suppresses IS-IS to advertise direct routes of an interface in a specified
topology
l Command that configures the cost of an interface in a specified topology instance
l Command that disables an interface from participating in LFA calculation so that the
interface will not be a backup interface
l Command that sets an administrative tag for an interface in a specified topology instance
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
isis topology topology-name
The association between the IS-IS interface and the IPv6 base topology is canceled.
IS-IS is disabled from advertising direct routes of the interface in the specified topology instance.
An administrative tag is set for the interface in the specified topology instance.
----End
Prerequisites
Multi-topology for IPv4 IS-IS has been configured.
Procedure
l Run the display isis peer [ verbose ] [ process-id | vpn-instance vpn-instance-name ]
command to check information about IS-IS neighbors.
----End
Example
Run the display isis peer verbose command. The command output shows that the neighbor
status in IS-IS topology instance 10 is Up.
<HUAWEI> display isis peer verbose
Total Peer(s): 2
Run the display isis route topology Red command. The command output shows the information
about routes of the IS-IS topology instance named Red.
<HUAWEI> display isis route topology Red
topology Red
------------
Run the display isis spf-tree topology Red command. The command output shows information
about the SPF tree of the IS-IS topology instance named Red.
<HUAWEI> display isis spf-tree topology Red
topology Red
------------
Applicable Environment
At present, the VoIP and on-line video services require high-quality real-time transmission.
Nevertheless, if an IS-IS fault occurs, multiple processes, including fault detection, LSP update,
LSP flooding, route calculation, and FIB entry delivery, must be performed to switch the traffic
to a new link. As a result, it takes much more than 50 ms to recover the link from the fault, which
cannot meet the requirement for real-time services on the network.
IS-IS Auto FRR ensures fast switchover of traffic to the backup link before the network
convergence, avoiding traffic interruption. This protects traffic and improves reliability of an
IS-IS network. The NE80E/40E supports IPv4 IS-IS Auto FRR.
IS-IS Auto FRR is suitable for IP services that require a low delay and low packet loss ratio.
Pre-configuration Tasks
Before configuring IS-IS Auto FRR, complete the following tasks:
l Configuring IP addresses for interfaces to make neighboring nodes reachable at the network
layer
l Configuring Basic IPv4 IS-IS Functions
l Configuring the link cost to ensure that the backup path is the sub-optimal route.
Data Preparation
To configure IS-IS Auto FRR, you need the following data.
No. Data
1 IS-IS process ID
Context
Perform the following steps on the router that needs the protection for the forwarded traffic:
Procedure
Step 1 Run:
system-view
Backup routes are filtered using a filtering policy. Only backup routes that have passed the
filtering policy are added to the routing table.
Step 5 Run:
loop-free-alternate [ level-1 | level-2 | level-1-2 ]
IS-IS Auto FRR is enabled and the loop-free backup route is created.
If the IS-IS level is not specified, IS-IS Auto FRR is enabled on Level-1 and Level-2 to create
the backup route.
For detailed information about IS-IS Auto FRR, refer to the HUAWEI NetEngine80E/40E
Router Feature Description - IP Routing.
NOTE
For detailed information about IS-IS Auto FRR, refer to the HUAWEI NetEngine80E/40E Router Feature
Description - IP Routing.
IS-IS can create the loop-free backup route only if the interface cost is in compliance with the traffic
protection inequality of IS-IS Auto FRR.
----End
Context
Perform the following steps on the IS-IS interface to be disabled from participating in the Loop-
Free Alternate (LFA) calculation:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
undo isis lfa-backup [ level-1 | level-2 | level-1-2 ]
----End
Prerequisites
All IS-IS Auto FRR configurations are complete.
Procedure
l Run the display isis route [ process-id | vpn-instance vpn-instance-name ] [ ipv4 ]
[ verbose | [ level-1 | level-2 ] | ip-address [ mask | mask-length ] ] * command to check
information about the primary link and backup link after IS-IS Auto FRR is enabled.
l Run the display isis spf-tree [ systemid systemid | dname dname ] [ [ level-1 | level-2 ] |
ipv6 | verbose ] * [ process-id | vpn-instance vpn-instance-name ] command to check the
traffic protection type of IS-IS Auto FRR.
----End
Example
Enable IS-IS Auto FRR, and then check and find information about the backup outbound
interface and the backup next hop of the route with the destination address as 100.1.1.0/24. The
following is the check result:
<HUAWEI> display isis route 100.1.1.1 verbose
Enable IS-IS Auto FRR, and then check and find the traffic protection type for the router with
the system ID as 0000.0000.0004. The following is the check result:
<HUAWEI> display isis spf-tree systemid 0000.0000.0004 verbose
(2) 0000.0000.0004.03
Cost : 10
Flags : Child
(2) 0000.0000.0004.03
Cost : 10
Flags : Child
Applicable Environment
To deploy IS-IS on an IPv6 network, configure basic IS-IS functions to implement
communication between different nodes on the network.
Other IS-IS functions can be configured only after basic IS-IS functions are configured.
Pre-configuration Tasks
Before configuring basic IPv6 IS-IS functions, complete the following tasks:
Data Preparation
To configure basic IPv6 IS-IS functions, you need the following data.
No. Data
1 IS-IS process ID
Context
To create an IPv6 IS-IS process, perform the following operations:
l Create an IS-IS process and configure the NET of a device.
l (Optional) Configure the level of a device.
The level of a device is level-1-2 by default.
Configure the device level based on the network planning. If no device level is configured,
IS-IS establishes separate neighbor relationships for Level-1 and Level-2 devices and
maintains two identical LSDBs, consuming excessive system resources.
l (Optional) Configure IS-IS host name mapping.
After IS-IS host name mapping is configured, a host name but not the system ID of a device
will display by using display commands. This configuration improves the maintainability
on an IS-IS network.
l (Optional) Enable the output of the IS-IS adjacency status.
If the local terminal monitor is enabled and the output of the IS-IS adjacency status is
enabled, IS-IS adjacency changes will be output to the router until the output of the
adjacency status is disabled.
l (Optional) Enable IS-IS adjacency strict-check.
If both IPv4 and IPv6 are running on a network, and the IPv6 topology type of this network
is standard or compatible, enable IS-IS adjacency strict-check to ensure that an IS-IS
adjacency is established only when both IPv4 and IPv6 go Up. IS-IS adjacency strict-check
improves network reliability and prevents traffic losses.
Procedure
l Create an IS-IS process and configure the NET of a device, enable IPv6 for the process.
1. Run:
system-view
The process-id parameter specifies the ID of an IS-IS process. The default value of
process-id is 1. To associate an IS-IS process with a VPN instance, run the isis process-
id vpn-instance vpn-instance-name command.
3. Run:
network-entity net
or
network-entity area area-id auto-systemid lsr-id
A NET is configured.
NOTICE
Configuring loopback interface addresses based on NETs is recommended to ensures
that a NET is unique on the network. If NETs are not unique, route flapping will easily
occur.
System ID used in IS-IS can be obtained in the following way: extend each part of the
IP address to 3 bits, add 0 to the front of any part that is shorter than 3 bits, divide the
extended address into three parts, with each part consisting of four decimal digits, and
the reconstructed address is the system ID.
Area addresses of NETs are checked when Level-1 IS-IS neighbor relationships are
being established, but not checked when Level-2 IS-IS neighbor relationships are
being established. Level-1 IS-IS neighbor relationships can be established only if area
addresses of NETs are the same.
4. Run:
ipv6 enable
IS-IS dynamic host name mapping is configured. The system ID of the local device
is mapped to the specified host name.
The value of symbolic-name is contained in LSP packets and advertised to other IS-
IS devices.
On another IS-IS device displays the value of symbolic-name, but not the system ID,
of the local IS-IS device.
2. Run:
is-name map system-id symbolic-name
IS-IS static host name mapping is configured. The system ID of a peer IS-IS device
is mapped to the specified host name.
This command configuration takes effect only on the local IS-IS device. The value of
symbolic-name will not be added to LSP packets.
----End
Context
The level of an IS-IS device and level of an interface together determine the level of a neighbor
relationship. By default, Level-1 and Level-2 neighbor relationships will be established between
two Level-1-2 devices. If only one level of neighbor relationships is required, you can configure
the level of an interface to prevent the establishment of the other level of neighbor relationships.
After IS-IS is enabled on an interface, the interface will automatically send Hello packets,
attempting to establish neighbor relationships. If a peer device is not an IS-IS device or if an
interface is not expected to send Hello packets, suppress the interface. Then this interface only
advertises routes of the network segment where the interface resides, but does not send Hello
packets. This suppression improves the link bandwidth usage.
Procedure
l Configure an IS-IS interface.
1. Run:
system-view
After this command is run, the IS-IS device uses the specified interface to send Hello
packets and flood LSPs.
NOTE
NOTE
Changing the level of an IS-IS interface is valid only when the level of the IS-IS device is
Level-1-2. If the level of the IS-IS device is not a Level-1-2, the level of the IS-IS device
determines the level of the adjacency to be established.
l (Optional) Suppress an IS-IS interface.
1. Run:
isis silent [ advertise-zero-cost ]
A suppressed IS-IS interface does not send or receive IS-IS packets. The routes of the
network segment where the interface resides, however, can still be advertised to other
routers within the area.
----End
Context
The costs of IS-IS interfaces can be determined in the following modes in descending order by
priority:
If none of the preceding configurations is performed, the default cost of an IS-IS interface is 10,
and the default cost style is narrow.
Procedure
l Configure the IS-IS cost type.
1. Run:
system-view
The cost range of an interface and a route received by the interface vary with the cost type.
– If the cost type is narrow, the cost of an interface ranges from 1 to 63. The maximum
cost of a route received by the interface is 1023.
– If the cost style is narrow-compatible or compatible, the cost of an interface ranges from
1 to 63. The cost of a received route is related to relax-spf-limit.
– If relax-spf-limit is not specified, the cost of a route works as follows:
If the cost of a route is not greater than 1023 and the cost of every interface that the
route passes through is smaller than or equal to 63, the cost of the route received by
the interface is the actual cost.
If the cost of a route is not greater than 1023 but the costs of all interfaces that the
route passes through are greater than 63, the IS-IS device can learn only the routes
to the network segment where the interface resides and the routes imported by the
interface. The cost of the route received by the interface is the actual cost. Subsequent
routes forwarded by the interface are discarded.
If the cost of a route is greater than 1023, the IS-IS device can learn only the interface
whose route cost exceeds 1023 for the first time. That is, the cost of each interface
before this interface is not greater than 63. The routes of the network segment where
the interface resides and the routes imported by the interface can all be learned. The
cost of the route is 1023. Subsequent routes forwarded by the interface are discarded.
– If relax-spf-limit is specified, the cost of a route works as follows:
There is no limit on costs of interfaces or route costs. The cost of a route received
by an interface is the actual cost.
– If the cost style is wide-compatible or wide, the cost of the interface ranges from 1 to
16777215. When the cost is 16777215, the neighbor TLV generated on the link cannot
be used for route calculation but for the transmission of TE information. The maximum
cost of a received route is 0xFFFFFFFF.
l Configure the cost of an IS-IS interface.
1. Run:
system-view
You can use the isis ipv6 cost command to configure the cost of a specified interface.
l Configure the global IS-IS cost.
1. Run:
system-view
You can use the ipv6 circuit-cost command to configure the costs of all interfaces at
a time.
l Enable IS-IS to automatically calculate interface costs.
1. Run:
system-view
4. Run:
ipv6 auto-cost enable
The auto-cost enable command can be run on Eth-Trunk interfaces as same with on physical
interfaces. If the command is run on an Eth-Trunk interface, the bandwidth of the Eth-Trunk interface
is equal to the total bandwidth of all its member interfaces.
Table 7-2 Mapping between IS-IS interface costs and interface bandwidth
NOTE
To change the cost of a loopback interface, run the isis ipv6 cost command only in the loopback
interface view.
----End
Context
The establishment modes of IS-IS neighbor relationships are different on a broadcast network
and on a P2P network. Different IS-IS attributes can be configured for interfaces on different
types of networks.
IS-IS is required to select a DIS on a broadcast network. Configure the DIS priorities of IS-IS
interfaces so that the interface with the highest priority will be selected as the DIS.
The network types of the IS-IS interfaces on both ends of a link must be the same; otherwise,
the IS-IS neighbor relationship cannot be established between the two interfaces. For example,
if the type of an interface on a peer device is P2P, you can configure the type of an interface on
the local device to P2P so that an IS-IS neighbor relationship can be established between the
two devices.
IS-IS on a P2P network is not required to select a DIS. Therefore, you do not need to configure
DIS priorities. To ensure the reliability of P2P links, configure IS-IS to use the three-way
handshake mode for IS-IS neighbor relationship establishment so that faults on a unidirectional
link can be detected.
Procedure
l Configure the DIS priority of an IS-IS interface.
1. Run:
system-view
The DIS priority is configured on the interface. The greater the value, the higher the
priority.
l Configure the network type of an IS-IS interface.
1. Run:
system-view
The network type of an interface is determined by the physical type of the interface
by default.
When the network type of an IS-IS interface changes, interface configurations change
accordingly.
– After a broadcast interface is configured as a P2P interface using the isis circuit-
type p2p command, the default settings are restored for the interval for sending
Hello packets, the number of Hello packets that IS-IS fails to receive from a
neighbor before the neighbor is declared Down, interval for retransmitting LSPs
The isis ppp-negotiation command can only be used for the establishment of the
neighbor relationships on P2P links. In the case of a broadcast link, you can run the
isis circuit-type p2p command to set the link type to P2P, and then run the isis ppp-
negotiation command to set the negotiation mode for the establishment of the
neighbor relationship.
l Configure OSICP negotiation check on PPP interfaces.
1. Run:
system-view
By default, the OSICP negotiation status of a PPP interface does not affect the status
of an IS-IS interface.
After this command is run, the OSICP negotiation status of a PPP interface affects the
status of an IS-IS interface. When PPP detects that the OSI network fails, the link
status of the IS-IS interface goes Down and the route to the network segment where
the interface resides is not advertised through LSPs.
l Configure IS-IS not to check whether the IP addresses of received Hello packets are on the
same network segment.
1. Run:
system-view
IS-IS is configured not to check whether the IP addresses of received Hello packets
are on the same network segment.
----End
Prerequisites
Basic IPv6 IS-IS functions have been configured.
Procedure
Step 1 Run the display isis name-table [ process-id | vpn-instance vpn-instance-name ] command to
check the mapping from the name of the local device to the system ID.
Step 2 Run the display isis peer [ verbose ] [ process-id | vpn-instance vpn-instance-name ] command
to check information about IS-IS neighbors.
Step 3 Run the display isis interface [ [ verbose | traffic-eng ] * | tunnel ] [ process-id | vpn-
instance vpn-instance-name ] command to check information about IS-IS interfaces.
Step 4 Run the display isis route [ process-id | vpn-instance vpn-instance-name ] ipv6 [ topology
topology-name ] [ verbose | [ level-1 | level-2 ] | ipv6-address [ prefix-length ] ] * [ | count ]
command to check information about IS-IS routes.
----End
Example
Run the display isis name-table command to view the mappings between host names and system
IDs.
<HUAWEI> display isis name-table
Run the display isis peer command. The command output shows the status of an IS-IS neighbor,
DeviceB. System Id is displayed as DeviceB.
<HUAWEI> display isis peer
Total Peer(s): 1
Run the display isis interface verbose command to view information about IS-IS interfaces.
The command output shows that the DIS status of a broadcast interface is Yes, the priority of
the DIS is 20, and the cost of the interface is 30.
<HUAWEI> display isis interface verbose
Run the display isis route command to view information about IS-IS IPv6 routes. The command
output shows a route with the destination network segment of 30:1::/64 and with the next-hop
address of 10:1::/64.
<HUAWEI> display isis route
-------------------------------------------------------------------------------
30:1::/64 Pos1/0/2 Direct 10 D/L/-
10:1::/64 Pos1/0/2 FE80::2002:0:7A20:2 20 A/-/-
Applicable Environment
After basic IPv6 IS-IS functions are configured, IS-IS routes will be generated, enabling
communication between different nodes on a network.
If multiple routes are available, a route discovered by IS-IS may not the optimal route. This does
not meet network planning requirements nor facilitates traffic management. Therefore, configure
IPv6 IS-IS route selection to implement refined control over route selection.
To implement refined control over IPv6 IS-IS route selection, perform the following operations:
l Configuring the IPv6 IS-IS Interfaces.
NOTE
Changing the IS-IS cost for an interface can achieve the function of controlling route selection, but
requires routes on the interface to be recalculated and reconverged when a network topology changes,
especially on a large-scale network. In addition, the configuration result may not meet your
expectation.
Therefore, the configuration of changing IS-IS costs has best to be finished when configuring basic
IS-IS functions.
l Configure IPv6 IS-IS route leaking.
l Configure principles for using equal-cost IPv6 IS-IS routes.
l Filter IPv6 IS-IS routes.
l Configure an overload bit for an IPv6 IS-IS device.
Pre-configuration Tasks
Before configuring IPv6 IS-IS route selection, complete the following tasks:
l Configuring the link layer protocol on interfaces.
l Configuring IP addresses for interfaces to ensure that neighboring nodes are reachable at
the network layer.
l Configuring Basic IPv6 IS-IS Functions.
Data Preparation
To configure the IPv6 IS-IS route selection, you need the following data.
No. Data
Context
If multiple Level-1-2 devices in a Level-1 area are connected to devices in the Level-2 area, a
Level-1 LSP sent by each Level-1-2 device carries an ATT flag bit of 1. This Level-1 area will
have multiple routes to the Level-2 area and to other Level-1 areas.
By default, routes in a Level-1 area can be leaked into the Level-2 area so that Level-1-2 and
Level-2 devices can learn about the topology of the entire network. Devices in a Level-1 area
are unaware of the entire network topology because they only maintain LSDBs in the local
Level-1 area. Therefore, a device in a Level-1 area can forward traffic to a Level-2 device only
through the nearest Level-1-2 device. The route used may not be the optimal route to the
destination.
To enable a device in a Level-1 area to select the optimal route, configure IPv6 IS-IS route
leaking so that specified routes in the Level-2 area can be leaked into the local Level-1 area.
Routes of services deployed only in the local Level-1 area do not need to be leaked into the
Level-2 area. A policy can be configured to leak only desired routes into the Level-2 area.
Procedure
l Configure routes in the Level-2 area to leak into Level-1 area.
1. Run:
system-view
a. Run
acl ipv6 name acl-name [ number acl-number2 ] [ match-order
{ auto | config } ]
NOTE
The command is run on the Level-1-2 device that is connected to an external area.
By default, routes in the Level-2 area are not leaked into Level-1 areas. After this command is
run, only routes that meet the specified conditions can be leaked into Level-1 areas.
l Configure routes in Level-1 areas to leak into the Level-2 area.
1. Run:
system-view
– If an ACL does not contain any rules, all routes matching the route-
policy that references the ACL will not be received or advertised by
the system.
– If the ACL referenced by the route-policy does not exist, all routes
matching the route-policy will be received or advertised by the
system.
– In the configuration order, the system first matches a route with a rule
that has a smaller number and then matches the route with a rule with
a larger number. Routes can be filtered using a blacklist or a whitelist:
Route filtering using a blacklist: Configure a rule with a smaller
number and specify the action deny in this rule to filter out the
unwanted routes. Then, configure another rule with a larger number in
the same ACL and specify the action permit in this rule to receive or
advertise the other routes.
Route filtering using a whitelist: Configure a rule with a smaller
number and specify the action permit in this rule to permit the routes
to be received or advertised by the system. Then, configure another
rule with a larger number in the same ACL and specify the action
deny in this rule to filter out unwanted routes.
– Configure an advanced ACL:
a. Run
acl ipv6 name acl-name [ number acl-number2 ] [ match-order
{ auto | config } ]
The command is run on the Level-1-2 device that is connected to an external area.
By default, all routes in a Level-1 area are leaked into the Level-2 area. After this command is
run, only routes that meet the specified conditions can be leaked into the Level-2 area.
----End
Context
If there are redundant IPv6 IS-IS links, multiple routes may have an equal cost. Configure the
equal-cost IPv6 IS-IS routes to work in load-balancing mode so that traffic will be evenly
balanced among these links.
This mechanism increases the link bandwidth usage and prevents network congestion caused
by link overload. However, this mechanism may make traffic management more difficult
because traffic will be randomly forwarded.
Procedure
Step 1 Run:
system-view
Step 2 Run:
isis [ process-id ]
Step 3 Run:
ipv6 maximum load-balancing number
NOTE
When the number of equal-cost routes is greater than number specified in the ipv6 maximum load-
balancing command, valid routes are selected for load balancing based on the following criteria:
1. Route preference: Routes with lower preferences are selected for load balancing.
2. Interface index: If routes have the same priorities, routes with higher interface index values are selected
for load balancing.
3. Next hop IP address: If routes have the same priorities and interface index values, routes with larger
IP address are selected for load balancing.
----End
Context
Only routes in an IP routing table can be used to forward IP packets. An IS-IS route can take
effect only after this IS-IS route has been successfully added to an IP routing table.
If an IS-IS route does not need to be added to a routing table, specify conditions, such as a basic
ACL, IPv6 prefix, and routing policy, to filter routes so that only IS-IS routes that meet the
specified conditions can add to an IP routing table. IS-IS routes that do not meet the specified
conditions cannot be added to the IP routing table and cannot be selected to forward IP packets.
Procedure
Step 1 Run:
system-view
Step 2 Run:
isis [ process-id ]
Step 3 Run:
l ipv6 filter-policy { acl6-number | acl6-name acl6-name } import
Conditions for filtering IS-IS routes are configured based on the ACL.
Run any of the following commands as required:
– Configure a basic ACL:
1. Run:
quit
quit
----End
Context
If an IS (for example, an IS to be upgraded or maintained) needs to be temporarily isolated,
configure the IS to enter the overload state so that no device will forward traffic to this IS.
IS-IS routes converge more quickly than BGP routes. To prevent blackhole routes on a network
where both IS-IS and BGP are configured, set an overload bit to instruct an IS to enter the
overload state during its start or restart. After BGP convergence is complete, cancel the overload
bit.
Procedure
Step 1 Run:
system-view
Step 2 Run:
isis [ process-id ]
Step 3 Run:
set-overload [ on-startup [ timeout1 | start-from-nbr system-id [ timeout1
[ timeout2 ] ] | wait-for-bgp [ timeout1 ] ] [ send-sa-bit [ timeout3 ] ] ]
[ allow { interlevel | external } * ]
----End
Context
The destination address and mask of a default route are all 0s. If the destination address of a
packet does not match any entry in the routing table of a device, the device sends the packet
along the default route. If neither the default route nor the destination address of the packet exists
in the routing table, the device discards the packet and informs the source end that the destination
address or network is unreachable.
IS-IS can generate default routes using either of the following mode:
l Command-triggered default route generation mode
You can run the default-route-advertise command on a device so that the device adds a
default route to the LSP before sending the LSP to a neighbor. Therefore, the neighbor can
learn this default route.
l ATT bit 1-triggered default route generation mode
IS-IS defines that a Level-1-2 router sets the ATT bit to 1 in the LSP to be advertised to a
Level-1 area if the Level-1-2 router can reach more Level-1 areas through the Level-2 area
than through the Level-1 area. After a Level-1 router in the Level-1 area receives the LSP,
it generates a default route destined for the Level-1-2 router. Based on the network
requirements, you can configure whether the Level-1-2 router sets the ATT bit carried in
the LSP and whether a Level-1 router generates a default route after it receives the LSP
carrying ATT bit 1.
NOTE
Procedure
l Configure command-triggered default route generation mode.
1. Run:
system-view
----End
Procedure
l Run the display isis route [ process-id | vpn-instance vpn-instance-name ] [ ipv6 ]
[ topology topology-name ] [ verbose | [ level-1 | level-2 ] | ipv6-address [ prefix-length ] ]
* [ | count ] command to check IS-IS routing information.
l Run the display isis lsdb [ { level-1 | level-2 } | verbose | { local | lsp-id | is-name symbolic-
name } ] * [ process-id | vpn-instance vpn-instance-name ] command to check information
in the IS-IS LSDB.
----End
Example
On a Level-1 device, run the display isis route command to check IS-IS routing information.
If the Level-1-2 device is enabled to leak IS-IS routes in the Level-2 area to Level-1 areas, the
output of the display isis route command is similar to the following information. For example,
the route 44:4::/64 in the Level-2 area is displayed, and Up/Down is U.
<HUAWEI> display isis route
On the Level-1-2 device, run the display isis lsdb verbose command to check whether the
Level-1-2 device has leaked the route 44:4::/64 to Level-1 areas.
<HUAWEI> display isis lsdb verbose
Total LSP(s): 3
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
Total LSP(s): 2
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
Run the display isis route command to check IS-IS routing information. If equal-cost IS-IS
routes are configured to work in load-balancing mode, multiple next hops will be displayed in
the command output. For example, two next hops, FE80::2E0:51FF:FE52:8100 and
FE80::2E0:FFFF:FE50:8200, to the 44:4::/64 network segment are displayed, and their route
costs are both 20.
<HUAWEI> display isis route
Context
Route summarization is used to summarize routes with the same IP prefix into one route.
On a large-scale IS-IS network, route summarization can be configured to reduce the number
of IS-IS routes in a routing table. This summarization improves the usage of system resources
and facilitates route management.
Procedure
Step 1 Run:
system-view
Step 2 Run:
isis [ process-id ]
Step 3 Run:
ipv6 summary ipv6-address prefix-length [ avoid-feedback | generate_null0_route |
tag tag | [ level-1 | level-1-2 | level-2 ] ] *
The specified IS-IS routes are summarized into one IS-IS route.
NOTE
After route summarization is configured on an IS, the local routing table still contains all specific routes
before the summarization.
The routing tables on other ISs contain only the summary route, and the summary route is deleted only
after all its specific routes are deleted.
----End
Applicable Environment
If other routing protocols are configured on an IS-IS network, the following issues need to be
considered:
l Preference of IS-IS routes
If multiple routes to the same destination are discovered by different routing protocols
running on the same device, the route discovered by the protocol with the highest preference
is selected. For example, if both OSPFv3 and IS-IS are configured, the route discovered
by OSPFv3 is used because OSPFv3 enjoys a higher preference than IS-IS by default.
Therefore, if you want the route discovered by IS-IS to be used, configure IS-IS to have
the highest preference.
l Communication between an IS-IS area and other areas
If other routing protocols are configured on an IS-IS network, you need to configure IS-IS
to interact with those routing protocols so that IS-IS areas can communicate with non-IS-
IS areas.
NOTE
The LSDBs of different IS-IS processes on a device are independent of each other. Therefore, each
IS-IS process on the device considers routes of the other IS-IS processes as external routes.
To ensure successful traffic forwarding, configure IS-IS to interact with other routing
protocols on a device where external routes are configured, for example, a Level-1-2 IS-
IS router. Available method is configuring IS-IS to import external routes. This mode
enables all devices in IS-IS areas to learn external routes, implementing refined control
over traffic forwarding.
To ensure successful forwarding of traffic destined for IS-IS areas, you must also enable
the other routing protocols to interact with IS-IS.
Pre-configuration Tasks
Before configuring IPv6 IS-IS to interact with other routing protocols, complete the following
tasks:
Data Preparation
To configure the IPv6 IS-IS to interact with other routing protocols, you need the following data.
No. Data
Context
If multiple routes to the same destination are discovered by different routing protocols running
on the same device, the route discovered by the protocol with the highest preference is selected.
For example, if both OSPFv3 and IS-IS are configured on a network, the route discovered by
OSPFv3 is used because OSPFv3 has a higher preference than IS-IS by default.
To prefer a route discovered by IS-IS, configure a higher preference value for IS-IS. In addition,
a routing policy can be configured to increase the preferences of specified IS-IS routes, without
affecting route selection.
Procedure
l Configure the IS-IS preference value.
1. Run:
system-view
NOTE
The preference values are configured for the specified IS-IS routes.
NOTE
preference takes effect only for IS-IS routes that match the specified routing policy.
----End
Context
If IS-IS is configured on a Level-1-2 device to advertise a default route, all traffic in IS-IS routing
domains will be forwarded by this Level-1-2 device. This will burden this Level-1-2 device
because no external route can be learned on the devices in the IS-IS routing domains.
If multiple Level-1-2 devices are deployed, optimal routes to other routing domains need to be
selected. To ensure optimal routes are selected, all the other devices in the IS-IS routing domains
must learn all or some external routes.
Routing policies can be configured to import or advertise external routes that meet specified
conditions to the IS-IS routing domains.
Procedure
l Configure IS-IS to import external routes.
1. Run:
system-view
original cost value of the imported route, the source routes cannot be static.
NOTE
IS-IS will advertise all imported external routes to an IS-IS routing domain by default.
If only some imported external routes need to be advertised, run the ipv6 filter-policy
export command to set a filtering policy.
If an IS-IS device has a small routing table capacity, run the ipv6 import-route limit limit-
number [ threshold-alarm upper-limit upper-limit-value lower-limit lower-limit-value ]
{ level-1 | level-2 | level-1-2 } command to set the maximum number of external routes that
can be imported into an IS-IS routing domain.
l (Optional) Configure IS-IS to advertise some external routes to an IS-IS routing domain.
1. Run:
system-view
When the rule command is run to configure rules for a named ACL, only
the source address range specified by source and the time period specified
by time-range are valid as the rules.
When a filtering policy of a routing protocol is used to filter routes:
– If the action specified in an ACL rule is permit, a route that matches
the rule will be received or advertised by the system.
– If the action specified in an ACL rule is deny, a route that matches the
rule will not be received or advertised by the system.
– If a route has not matched any ACL rules, the route will not be received
or advertised by the system.
– If an ACL does not contain any rules, all routes matching the route-
policy that references the ACL will not be received or advertised by
the system.
– If the ACL referenced by the route-policy does not exist, all routes
matching the route-policy will be received or advertised by the
system.
– In the configuration order, the system first matches a route with a rule
that has a smaller number and then matches the route with a rule with
a larger number. Routes can be filtered using a blacklist or a whitelist:
Route filtering using a blacklist: Configure a rule with a smaller
number and specify the action deny in this rule to filter out the
unwanted routes. Then, configure another rule with a larger number in
the same ACL and specify the action permit in this rule to receive or
advertise the other routes.
Route filtering using a whitelist: Configure a rule with a smaller
number and specify the action permit in this rule to permit the routes
to be received or advertised by the system. Then, configure another
rule with a larger number in the same ACL and specify the action
deny in this rule to filter out unwanted routes.
– Configure an advanced ACL:
a. Run
acl ipv6 name acl-name [ number acl-number2 ] [ match-order
{ auto | config } ]
– If an ACL does not contain any rules, all routes matching the route-
policy that references the ACL will not be received or advertised by
the system.
– If the ACL referenced by the route-policy does not exist, all routes
matching the route-policy will be received or advertised by the
system.
– In the configuration order, the system first matches a route with a rule
that has a smaller number and then matches the route with a rule with
a larger number. Routes can be filtered using a blacklist or a whitelist:
Route filtering using a blacklist: Configure a rule with a smaller
number and specify the action deny in this rule to filter out the
unwanted routes. Then, configure another rule with a larger number in
the same ACL and specify the action permit in this rule to receive or
advertise the other routes.
Route filtering using a whitelist: Configure a rule with a smaller
number and specify the action permit in this rule to permit the routes
to be received or advertised by the system. Then, configure another
rule with a larger number in the same ACL and specify the action
deny in this rule to filter out unwanted routes.
– ipv6 filter-policy ipv6-prefix ipv6-prefix-name export [ protocol [ process-id ] ]
IS-IS is configured to advertise specified external routes to the IS-IS routing
domain based on the prefix list.
– ipv6 filter-policy route-policy route-policy-name export [ protocol [ process-
id ] ]
IS-IS is configured to advertise specified external routes to the IS-IS routing
domain based on the route policy.
NOTE
After this command is run, only external routes that meet the specified conditions can be
advertised to the IS-IS routing domain.
----End
Procedure
l Run the display isis lsdb [ { level-1 | level-2 } | verbose | { local | lsp-id | is-name symbolic-
name } ] * [ process-id | vpn-instance vpn-instance-name ] command to check IS-IS LSDB
information.
l Run the display isis route [ process-id | vpn-instance vpn-instance-name ] [ ipv6 ]
[ topology topology-name ] [ verbose | [ level-1 | level-2 ] | ipv6-address [ prefix-length ] ]
* [ | count ] command to check IS-IS routing information.
Example
Run the display isis lsdb verbose command on the device that generates a default route. The
command output shows that IS-IS has advertised a default route.
<HUAWEI> display isis lsdb verbose
Total LSP(s): 5
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
Run the display isis route command on the device that receives the default route. The command
output shows that the default route ::/0 with a next-hop address of FE80::7D7E:0:22D7:1 has
been imported into the Level-2 IS-IS routing table.
<HUAWEI> display isis route
Run the display isis route command to view the IS-IS routing table. The command output shows
that the OSPFv3 route 44:4::/64 has been imported into the Level-2 IS-IS routing table.
<HUAWEI> display isis route
Run the display ipv6 routing-table command to view the IP routing table. The command output
shows that the value of Preference of IPv6 IS-IS has been changed from its default value 15 to
20.
<HUAWEI> display ipv6 routing-table
Routing Table : Public
Destinations : 10 Routes : 10
Destination : :: PrefixLength : 0
NextHop : FE80::7D7E:0:22D7:1 Preference : 20
Cost : 10 Protocol : ISIS-L2
RelayNextHop : :: TunnelID : 0x0
Interface : Pos1/0/0 Flags : D
Applicable Environment
The procedure for implementing IS-IS is as follows:
To accelerate the IS-IS route convergence speed, configure the following parameters:
l Interval for detecting IS-IS neighboring device failures.
l Flooding parameters of CSNPs and LSPs.
l Interval for SPF calculation.
You can also configure convergence priorities for IPv6 IS-IS routes so that key routes can be
converged by preference when a network topology changes. This minimizes adverse impacts on
key services.
Pre-configuration Tasks
Before configuring the IPv6 IS-IS route convergence speed, complete the following tasks:
Data Preparation
To configure the IPv6 IS-IS route convergence speed, you need the following data.
No. Data
1 Interval at which Hello packets are sent and the holding time of neighboring
devices
Context
Connection status between an IS-IS device and its neighboring devices can be monitored by
exchanging Hello packets at intervals. An IS-IS neighboring device is considered Down if the
IS-IS device does not receive any Hello packets from the neighboring device within the specified
period (called the holding time). A failure in an IS-IS neighboring device will trigger LSP
flooding and SPF calculation, after which IS-IS routes are reconverged.
To speed up fault detection, use the following methods to accelerate the speed of detecting IS-
IS neighboring device failures:
l Set an interval at which Hello packets are sent.
l Set the holding multiplier for neighboring devices.
l Configuring Dynamic IPv6 BFD for IS-IS.
NOTE
Configuring IPv6 BFD for IS-IS is recommended because this method provides a faster fault detection
speed than the other two methods.
Procedure
l Set an interval at which Hello packets are sent.
1. Run:
system-view
NOTE
A broadcast link can transmit both Level-1 and Level-2 Hello packets. You can set different
sending intervals for these two types of Hello packets. By default, both Level-1 and Level-2
Hello packets are sent.
A P2P link can transmit only one type of Hello packets. Therefore, there is no need to specify
the level-1 or level-2 parameter if a P2P link is used.
l Set the holding multiplier for neighboring devices.
1. Run:
system-view
----End
Context
SNPs consist of CSNPs and PSNPs. CSNPs carry summaries of all LSPs in LSDBs, ensuring
LSDB synchronization between neighboring routers. SNPs are processed differently on
broadcast links and P2P links.
l On a broadcast link, CSNPs are periodically sent by a DIS device. If a router detects that
its LSDB is not synchronized with that on its neighboring router, the router will send PSNPs
to apply for missing LSPs.
l On a P2P link, CSNPs are sent only during initial establishment of neighboring
relationships. If a request is acknowledged, a neighboring router will send a PSNP in
response to a CSNP. If a router detects that its LSDB is not synchronized with that on its
neighboring router, the router will also send PSNPs to apply for missing LSPs.
To speed up LSDB synchronization, modify the following parameters of SNPs and LSPs on the
NE80E/40E:
l Set an interval at which CSNPs are sent.
l Configure the intelligent timer controlling LSP generation.
l Set the maximum length for LSPs.
l Set the refresh interval for LSPs.
l Set the maximum lifetime for LSPs.
l Set the minimum interval at which LSPs are sent.
l Enable LSP fast flooding.
l Set an interval at which LSPs are retransmitted over a P2P link.
Procedure
l Set an interval at which CSNPs are sent.
1. Run:
system-view
The interval at which CSNPs are sent is set on the specified interface.
NOTE
1. Run:
system-view
NOTE
Ensure that the value of max-size for LSPs to be generated must be smaller than or equal to the
value of max-size for LSPs to be received.
The value of max-size in the lsp-length command must meet the following conditions.
– The MTU of an Ethernet interface must be greater than or equal to the sum of the
value of max-size and 3.
– The MTU of a P2P interface must be greater than or equal to the value of max-
size.
l Set the refresh interval for LSPs.
1. Run:
system-view
To synchronize all LSPs in the areas, IS-IS regularly transmits all the current LSPs to
neighbors.
By default, the LSP refresh interval is 900s, and the maximum lifetime of an LSP is
1200s. Ensure that the LSP refresh interval is more than 300s shorter than the
maximum LSP lifetime. This allows new LSPs to reach all routers in an area before
existing LSPs expire.
NOTE
The larger a network, the greater the deviation between the LSP refresh interval and the
maximum LSP lifetime.
l Set the maximum lifetime for LSPs.
1. Run:
system-view
When a router generates the system LSP, it fills in the maximum lifetime for this LSP.
After this LSP is received by other routers, the lifetime of the LSP is reduced gradually.
If the router does not receive any more update LSPs and the lifetime of the LSP is
reduced to 0, the LSP will be deleted from the LSDB 60s later if no more updated
LSPs are received.
l Set the minimum interval at which LSPs are sent.
1. Run:
system-view
The count parameter specifies the maximum number of LSPs that can be sent within
the interval specified by throttle-interval. The value of count is an integer ranging
from 1 to 1000.
l Enable LSP fast flooding.
1. Run:
system-view
Running the flash-flood command speeds up LSP flooding. The lsp-count parameter
specifies the number of LSPs flooded each time, which is applicable to all interfaces.
If the number of LSPs to be sent is greater than the value of lsp-count, lsp-count takes
effect. If the number of LSPs to be sent is smaller than the value of lsp-count, LSPs
of the actual number are sent. If a timer is configured and the configured timer does
not expire before the route calculation, the LSPs are flooded immediately when being
received; otherwise, the LSPs are sent when the timer expires.
When LSP fast flooding is enabled, Level-1 LSPs and Level-2 LSPs are fast flooded
by default if no level is specified.
l Set an interval at which LSPs are retransmitted over a P2P link.
1. Run:
system-view
The interval at which LSPs are retransmitted over a P2P link is set.
----End
Context
A network change always triggers IS-IS to perform SPF calculation. Frequent SPF calculation
will consume excessive CPU resources, affecting services.
To solve this problem, configure an intelligent timer to control the interval for SPF calculation.
For example, to speed up IS-IS route convergence, set the interval for SPF calculation to a small
value, and set the interval to a large value after the IS-IS network becomes stable.
Procedure
Step 1 Run:
system-view
Step 2 Run:
isis [ process-id ]
Step 3 Run:
timer spf max-interval [ init-interval [ incr-interval ] ]
----End
Context
By default, the convergence priority of 128-bit host routes is medium, and the convergence
priority of the other IS-IS routes is low.
The NE80E/40E allows you to configure the highest convergence priority for specific IS-IS
routes so that those IS-IS routes will be converged first when a network topology changes.
Procedure
Step 1 Run:
system-view
Step 2 Run:
isis [ process-id ]
Step 3 Run:
ipv6 prefix-priority [ level-1 | level-2 ] { critical | high | medium } { ipv6-
prefix prefix-name | tag tag-value }
The application rules of the convergence priorities for IS-IS routes are as follows:
l Existing IS-IS routes are converged based on the priorities configured in the ipv6 prefix-
priority command.
l New IS-IS routes are converged based on the priorities configured in the ipv6 prefix-
priority command.
l If an IS-IS route conforms to the matching rules of multiple convergence priorities, the
highest convergence priority is used.
l The convergence priority of a Level-1 IS-IS route is higher than that of a Level-2 IS-IS route.
l If the route level is not specified, the configuration of the prefix-priority command takes
effect for both Level-1 and Level-2 IS-IS routes.
NOTE
----End
Procedure
l Run the display isis interface [ [ verbose | traffic-eng ] * | tunnel ] [ process-id | vpn-
instance vpn-instance-name ] command to check IS-IS packet information.
l Run the display isis route [ process-id | vpn-instance vpn-instance-name ] ipv6
[ topology topology-name ] [ verbose | [ level-1 | level-2 ] | ipv6-address [ prefix-length ] ]
* command to check the preference of IS-IS routes.
----End
Example
Run the display isis interface verbose command. The command output shows that GE 6/0/0
sends Hello packets at an interval of 15 ms, the number of IS-IS Hello packets sent by the
neighbor before IS-IS should declare the neighbor is invalid is 3, the sending interval for Level-1
CSNPs is 123 ms, and the minimum sending interval for LSPs is 159 ms.
<HUAWEI> display isis interface verbose
Run the display isis route verbose command. The command output shows that the convergence
priority of the IS-IS route 13:1::/64 is Critical, and the convergence priority of the other IS-IS
routes is Low.
Context
The NE80E/40E supports dynamic BFD for IPv6 IS-IS, but not static BFD for IPv6 IS-IS.
Without BFD, connection status between an IS-IS device and its neighbors can be monitored
only by exchanging Hello packets at intervals. The minimum allowable sending interval is 3s,
and a neighbor is declared Down after at least three intervals during which no response Hello
packet is received from the neighbor. IS-IS takes more than one second to detect that a neighbor
becomes Down, resulting in loss of a large amount of high-speed data.
BFD provides millisecond-level fault detection. After detecting a link or node failure, BFD will
notify IS-IS of the failure. Traffic is rapidly switched to the backup link or node.
Pre-configuration Tasks
Before configuring dynamic BFD for IPv6 IS-IS, complete the following tasks:
l Configure IPv6 addresses for interfaces to ensure that neighbor nodes are reachable.
l Configure IPv6 IS-IS functions to ensure that each node is reachable at the network layer.
l Configuring Multi-Topology for IPv6 IS-IS.
Configuration Roadmap
The configuration roadmap is as follows:
No. Data
You can use either of the following methods to enable BFD for IPv6 IS-IS:
l Enable dynamic BFD for specified IS-IS IPv6 processes. This method is recommended
if you need to enable dynamic BFD for IPv6 IS-IS on a large number of IS-IS interfaces.
l Enable dynamic BFD for specified IPv6 interfaces. This method is recommended if you
need to enable dynamic BFD for IPv6 IS-IS on a small number of IS-IS interfaces.
Procedure
l Enable dynamic BFD for an IS-IS IPv6 process.
1. Run:
system-view
After BFD is enabled globally and the neighbor status is Up, default BFD parameters
will be used to establish BFD sessions on all interfaces.
6. (Optional) Run:
The parameters for establishing BFD sessions are set for all interfaces.
The command execution result is applicable to BFD session parameters on all IS-IS
interfaces.
7. Run:
quit
To disable the BFD function on an interface, run the isis ipv6 bfd block command in
the interface view to disable the interface from establishing BFD sessions.
l Enable dynamic BFD on an IS-IS IPv6 interface.
1. Run:
system-view
Run this command when BFD session parameters need to be configured for a specified
interface.
----End
l Run the display isis [ process-id ] ipv6 bfd interface command to check the configurations
of BFD for IPv6 IS-IS on the specified interface.
Run the display isis ipv6 bfd session command to view the status of an BFD session. An example
command output is as follows:
<HUAWEI> display isis 1 ipv6 bfd session all
IPv6 BFD session information for ISIS(1)
-----------------------------------
Peer System ID : 0000.0000.0003 Interface : \GE2/0/0
Type : L2
IPv6 BFD State : up TX : 100 RX : 100 Multiplier : 3
LocDis : 8184 Local IPv6 Address : FE80::1
RemDis : 8192 Peer IPv6 Address : FE80::2
Diag : No diagnostic information
Run the display isis [ process-id ] ipv6 bfd interface command to view all the interfaces enabled
with BFD and the values of the BFD session parameters on these interfaces.
<HUAWEI> display isis 1 ipv6 bfd interface
IPV6 BFD information of interface for ISIS(1)
---------------------------------------------
Interface BFD6.State Min-Tx Min-Rx Mul
Pos1/0/0 enable 1000 1000 10
Total interfaces: 1 Total IPv6 bfd enabled interfaces: 1
Applicable Environment
In traditional IPv6 networks, there is only one unicast topology and one unicast forwarding table
on each device. In this case, service flows with the same destination IP address share the same
PHB. This means that various end-to-end services (for example, voice services and data services)
share the same physical links. As a result, some links may be heavily congested, whereas some
other links are relatively idle. Different types of services have different QoS requirements, which
cannot be met in the traditional unicast topology.
Multi-topology for IS-IS enables the operation of multiple independent logical topologies in an
IS-IS AS, and sets up an independent multicast topology for multicast services. In this manner,
the multicast topology is separated from the unicast topology.
Configuring multi-topology for IS-IS will help customers construct networks flexibly and reduce
cost for network construction.
Pre-configuration Tasks
Before configuring multi-topology for IPv6 IS-IS, complete the following tasks:
Data Preparation
To configure multi-topology for IPv6 IS-IS, you need the following data.
No. Data
Context
After enabling multi-topology for IS-IS, configure parameters, such as interface costs and
protocol priorities, for IS-IS topology instances.
The parameters configured in the IS-IS topology view are valid only for the specified IS-IS
topology instance. This allows you to configure different parameters for different IS-IS topology
instances.
Procedure
Step 1 Run:
system-view
Step 2 Run:
isis [ process-id ]
Step 3 Run:
cost-style { narrow | wide | wide-compatible }
The cost style for the packets received and sent by the router is set to wide or wide-
compatible.
Step 4 Run:
ipv6 topology topology-name [ topology-id { multicast | topology-id } ]
The specified IS-IS process is associated with the specified topology instance, and the IPv6 IS-
IS topology view is displayed.
Step 5 (Optional) Run the following commands to configure IS-IS parameters for IPv6 topology
instances.
l auto-cost enable
l bandwidth-reference value
l circuit-cost { cost | maximum } [ level-1 | level-2 ]
l circuit default-tag tag [ level-1 | level-2 ]
l default-route-advertise [ always | match default | route-policy route-policy-name ]
[ [ cost cost ] | [ tag tag ] | [ level-1 | level-1-2 | level-2 ] ] * [ avoid-learning ]
l filter-policy { acl6-number | acl6-name acl6-name | ipv6-prefix ipv6-prefix-name | route-
policy route-policy-name } export [ protocol [ process-id ] ]
l filter-policy { acl6-number | acl6-name acl6-name | ipv6-prefix ipv6-prefix-name | route-
policy route-policy-name } import
l frr
l import-route protocol [ process-id ] [ cost cost ] [ tag tag ] [ route-policy route-policy-
name ] [ level-1 | level-2 | level-1-2 ]
l import-route { { ripng | isis | ospfv3 } [ process-id ] | bgp } inherit-cost [ tag tag | route-
policy route-policy-name | [ level-1 | level-2 | level-1-2 ] ]*
l import-route isis level-1 into level-2 [ filter-policy { acl6-number | acl6-name acl6-
name | ipv6-prefix ipv6-prefix-name | route-policy route-policy-name } ] [ tag tag ]
l import-route isis level-2 into level-1 [ tag tag | filter-policy { acl6-number | acl6-name
acl6-name | ipv6-prefix ipv6-prefix-name | route-policy route-policy-name } ] *
l maximum load-balancing number
l preference preference route-policy route-policy-name
l set-overload [ on-startup [ timeout1 | start-from-nbr system-id [ timeout1 [ timeout2 ] ] |
wait-for-bgp [ timeout1 ] ] [ send-sa-bit [ timeout3 ] ] ] [ allow { interlevel | external } * ]
l spf-priority priority-value
l summary ipv6-address mask [ avoid-feedback | generate_null0_route | tag tag |
[ level-1 | level-1-2 | level-2 ] ] *
----End
Context
An IS-IS interface can be associated with different topology instances, and the parameters of
this IS-IS interface can vary with the topology instances. The commands for configuring the
parameters are as follows:
l Command that cancels the association between an IS-IS interface and an IPv6 base topology
l Command that suppresses IS-IS to advertise direct routes of an interface in a specified
topology
l Command that configures the cost of an interface in a specified topology instance
l Command that disables an interface from participating in LFA calculation so that the
interface will not be a backup interface
l Command that sets an administrative tag for an interface in a specified topology instance
Procedure
Step 1 Run:
system-view
The association between the IS-IS interface and the IPv6 base topology is canceled.
Step 5 (Optional) Run:
isis [ ipv6 ] [ topology topology-name ] suppress-reachability [ level-1 |
level-1-2 | level-2 ]
IS-IS is disabled from advertising direct routes of the interface in the specified topology instance.
Step 6 (Optional) Run:
isis ipv6 [ topology topology-name ] cost { cost | maximum } [ level-1 | level-2 ]
An administrative tag is set for the interface in the specified topology instance.
----End
Prerequisites
Multi-topology for IPv6 IS-IS has been configured.
Procedure
l Run the display isis peer [ verbose ] [ process-id | vpn-instance vpn-instance-name ]
command to check information about IS-IS neighbors.
l Run the display isis route [ process-id | vpn-instance vpn-instance-name ] ipv6
[ topology topology-name ] [ verbose | [ level-1 | level-2 ] | ipv6-address [ prefix-length ] ]
* [ | count ] command to check information about IS-IS routes.
l Run the display isis spf-tree [ systemid systemid | dname dname ] [ [ level-1 | level-2 ] |
ipv6 | verbose ] * [ process-id | vpn-instance vpn-instance-name | ][ topology topology-
name ] command to check information about the SPF tree of IS-IS.
----End
Example
Run the display isis peer verbose command. The command output shows that the neighbor
status in IS-IS topology instance 10 is Up.
<HUAWEI> display isis peer verbose
Total Peer(s): 2
Run the display isis route ipv6 topology Red command. The command output shows the
information about routes of the IS-IS topology instance named Red.
<HUAWEI> display isis route ipv6 topology Red
Run the display isis spf-tree ipv6 topology Red command. The command output shows
information about the SPF tree of the IS-IS topology instance named Red.
Applicable Environment
As the network keeps developing, services such as Voice over IP (VoIP) and on-line video
services require high-quality real-time transmission. Nevertheless, if an IS-IS fault occurs, traffic
can be switched to a new link only after the following processes: fault detection, LSP update,
LSP flooding, route calculation, and FIB entry delivery. As a result, traffic is interrupted for
much more than 50 ms, which cannot meet the requirement for real-time services on the network.
With IPv6 IS-IS Auto FRR, devices can rapidly switch traffic from faulty links to backup links
without interrupting the traffic. This protects traffic and greatly improves the reliability of IS-
IS networks. The NE80E/40E supports IPv4 IS-IS Auto FRR.
IPv6 IS-IS Auto FRR is applicable to the services that are very sensitive to packet delay and
packet loss.
As shown in Figure 7-3, the link cost satisfies the traffic protection inequality, namely,
Distance_opt(B, D) < Distance_opt(B, A) + Distance_opt(A, D). In this inequality, Distance_opt
(X, Y) specifies the shortest path from node X to node Y. After IPv6 IS-IS Auto FRR is
configured, when the link between Router A and Router C becomes faulty, traffic forwarded by
Router A is rapidly switched to the backup link.
Figure 7-3 Networking diagram for IPv6 IS-IS Auto FRR (IP protecting IP)
RouterC
10 IS
-IS
=
st co
co st
-IS =
IS 10
RouterA RouterD
10
IS
-IS
=
st
co
co
st
-IS
=
IS
30
RouterB
Traffic in normal
Traffic in case of failure
Pre-configuration Tasks
Before configuring IPv6 IS-IS Auto FRR, complete the following tasks:
l Configuring IP addresses for interfaces to ensure that neighboring nodes are reachable at
the network layer
l Configuring IPv6 IS-IS.
l Setting costs for links to ensure that the primary link is the optimal path and the backup
link is the sub-optimal path.
Data Preparation
To configure IPv6 IS-IS Auto FRR, you need the following data.
No. Data
1 IS-IS process ID
Context
Perform the following steps on the router where traffic to be forwarded needs to be protected:
Procedure
Step 1 Run:
system-view
Step 2 Run:
isis [ process-id ]
Step 3 Run:
ipv6 frr
Step 4 Run:
loop-free-alternate [ level-1 | level-2 | level-1-2 ]
If no level is specified, IPv6 IS-IS Auto FRR is enabled in Level-1 and Level-2 areas to generate
backup routes.
For details of IS-IS Auto FRR, see the HUAWEI NetEngine80E/40E Router Feature Description
- IP Routing.
NOTE
IS-IS can generate loop-free backup routes only when the traffic protection inequality of IS-IS Auto FRR
is satisfied.
----End
Context
To disable an interface that is enabled with IPv6 IS-IS from participating in the Loop-Free
Alternate (LFA) calculation, you need to perform the following steps on this interface:
Procedure
Step 1 Run:
system-view
NOTE
----End
Prerequisites
IPv6 IS-IS Auto FRR has been configured.
Procedure
l Run the display isis route [ process-id | vpn-instance vpn-instance-name ] ipv6
[ verbose | [ level-1 | level-2 ] | ipv6-address [ prefix-length ] ] * command to check
information about the primary and backup links after IPv6 IS-IS Auto FRR is enabled.
l Run the display isis spf-tree [ systemid systemid | dname dname ] [ [ level-1 | level-2 ] |
ipv6 | verbose ] * [ process-id | vpn-instance vpn-instance-name ] command to check the
traffic protection type of IPv6 IS-IS Auto FRR.
----End
Example
Run the display isis route command, and you can view information about the outbound interface
and next hop of the backup route. The configuration result is as follows:
<HUAWEI> display isis route ipv6 3::3 verbose
Run the display isis spf-tree command, and you can view the traffic protection type of a specified
device. The configuration result is as follows:
<HUAWEI> display isis spf-tree systemid 0000.0000.0004 verbose ipv6
(2) >0000.0000.0001.02
Cost : 10
Flags : Parent
(3) >0000.0000.0001.00
Cost : 10
Flags : Parent
IPv4 Nexthops-MIGP : 0
IPv6 Nexthops : 2
(1) FE80::163 IF:GE0/0/1 NBR:0000.0000.0004.00
(B) FE80::536 IF:Pos0/0/0 NBR:0000.0000.0004.00
TYPE:PRIMARY PROTECT:LINK
(2) FE80::536 IF:Pos0/0/0 NBR:0000.0000.0004.00
(B) FE80::163 IF:GE0/0/1 NBR:0000.0000.0004.00
TYPE:PRIMARY PROTECT:LINK
Neighbors: 3 (Children:1 Parents:2 Others:0)
(1) >0000.0000.0001.02
Cost : 10
Flags : Parent
(2) 0000.0000.0004.02
Cost : 10
Flags : Child
(3) >0000.0000.0001.00
Cost : 10
Flags : Parent
Applicable Environment
If multicast and an MPLS TE tunnel are deployed in a network, multicast packets may be
forwarded through the TE tunnel. As a result, the routers spanned by the TE tunnel cannot detect
the transmission of multicast packets, and therefore the routers cannot create any multicast
forwarding entry. You can configure local MT function and enable IGP Shortcut on the TE
tunnel to avoid the preceding problem. In this manner, a correct MIGP routing table can be
created to guide the forwarding of multicast packets.
NOTE
Local MT can be configured only in the IS-IS process of the public network instance. In this case,
Forwarding Advertise cannot be configured.
Pre-configuration Tasks
Before configuring IS-IS local MT, complete the following tasks:
Data Preparation
To configure local MT, you need the following data.
No. Data
Context
Perform the following steps on the router that needs to forward multicast packets and is
configured with the TE tunnel enabled with IGP-Shortcut:
Procedure
Step 1 Run:
system-view
Step 2 Run:
isis [ process-id ]
Step 3 Run:
cost-style { compatible [ relax-spf-limit ] | wide | wide-compatible }
Step 4 Run:
traffic-eng
TE is configured.
Step 5 Run:
local-mt enable
Local MT is enabled.
----End
Context
After creating the MIGP routing table by Enabling Local MT, IS-IS performs route calculation.
When the outgoing interface of the next hop calculated is an interface of the TE tunnel enabled
with IGP Shortcut, a router uses the physical interface as the outgoing interface of the next hop
and saves it to the MIGP routing table.
To make the scale of the MIGP routing table reasonable and accelerate the speed for searching
the MIGP routing table, you can configure the filtering policy based on multicast source
addresses. Only the routes to multicast source addresses are added to the MIGP table.
NOTE
You can configure the routing policy before enabling local MT. This prevents the routes that are not sent
to the multicast source address from being added to the MIGP routing table.
Procedure
Step 1 Run:
system-view
Step 2 Run:
isis [ process-id ]
Step 3 Run:
local-mt filter-policy { acl { acl-number | acl-name } | ip-prefix ip-prefix-name }
– If the ACL referenced by the route-policy does not exist, all routes matching the
route-policy will be received or advertised by the system.
– In the configuration order, the system first matches a route with a rule that has a
smaller number and then matches the route with a rule with a larger number. Routes
can be filtered using a blacklist or a whitelist:
Route filtering using a blacklist: Configure a rule with a smaller number and specify
the action deny in this rule to filter out the unwanted routes. Then, configure another
rule with a larger number in the same ACL and specify the action permit in this rule
to receive or advertise the other routes.
Route filtering using a whitelist: Configure a rule with a smaller number and specify
the action permit in this rule to permit the routes to be received or advertised by the
system. Then, configure another rule with a larger number in the same ACL and
specify the action deny in this rule to filter out unwanted routes.
l Based on the named advanced ACL:
1. Run local-mt filter-policy acl acl-name, the local MT routing policy is configured.
2. Run quit, return to the system view.
3. Run acl name acl-name advance [ number acl-number2 ] [ match-order { auto |
config } ], the basic ACL view is displayed.
4. Run rule [ rule-id ] { deny | permit } protocol [ source { source-ip-address source-
wildcard | any } | time-range time-name ] *, a rule is configured for the basic ACL.
When a filtering policy of a routing protocol is used to filter routes:
– If the action specified in an ACL rule is permit, a route that matches the rule will
be received or advertised by the system.
– If the action specified in an ACL rule is deny, a route that matches the rule will not
be received or advertised by the system.
– If a route has not matched any ACL rules, the route will not be received or advertised
by the system.
– If an ACL does not contain any rules, all routes matching the route-policy that
references the ACL will not be received or advertised by the system.
– If the ACL referenced by the route-policy does not exist, all routes matching the
route-policy will be received or advertised by the system.
– In the configuration order, the system first matches a route with a rule that has a
smaller number and then matches the route with a rule with a larger number. Routes
can be filtered using a blacklist or a whitelist:
Route filtering using a blacklist: Configure a rule with a smaller number and specify
the action deny in this rule to filter out the unwanted routes. Then, configure another
rule with a larger number in the same ACL and specify the action permit in this rule
to receive or advertise the other routes.
Route filtering using a whitelist: Configure a rule with a smaller number and specify
the action permit in this rule to permit the routes to be received or advertised by the
system. Then, configure another rule with a larger number in the same ACL and
specify the action deny in this rule to filter out unwanted routes.
l Based on the IP prefix: local-mt filter-policy ip-prefix ip-prefix-name
----End
Prerequisites
Local MT has been configured.
Procedure
l Run display isis [ process-id ] migp-routing [ ip-address [ mask | mask-length ] |
{ level-1 | level-2 } | verbose ] * command to check the IS-IS MIGP routing table.
l Run display isis route [ process-id | vpn-instance vpn-instance-name ] [ ipv4 ]
[ verbose | [ level-1 | level-2 ] | ip-address [ mask | mask-length ] ] * command to check the
IS-IS routing information.
l Run display isis [ process-id ] spf-tree statistics [ [ level-1 | level-2 ] | ipv6 ] * [ vpn-
instance vpn-instance-name ] command to check the SPF tree of IS-IS.
l Check the statistics of the IS-IS process.
– display isis statistics [ level-1 | level-2 | level-1-2 ] [ process-id | vpn-instance vpn-
instance-name ]
– display isis statistics packet [ interface interface-type interface-number ]
– display isis process-id statistics [ level-1 | level-2 | level-1-2 | packet ]
----End
Example
Configure the MIGP routing table to allow only the routes to the destination 192.168.3.0/24 to
pass. Run the display isis migp-routing command. The display is as follows:
<HUAWEI> display isis migp-routing
MIGP Route information for ISIS(1)
----------------------------------
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
--------------------------------------------------------------------------------
192.168.3.0/24 40 NULL GE2/0/0 10.0.1.1 A/-
Flags: A-Added to MIGP, U-Up/Down Bit Set
Applicable Environment
The restart of an IS-IS router causes the temporary interruption of the network, because the
adjacency relationship between the router and its neighbor is torn down. The LSPs packets of
the router are deleted, which makes route calculation inaccurate. Packets are therefore lost.
You can configure IS-IS GR to solve this problem. After IS-IS GR is enabled, the router notifies
the neighbor of the restart status, and reestablishes the adjacency relationship with its neighbor
without interrupting the forwarding.
l When IS-IS restarts, the router can resend connection requests to its neighbor. The
adjacency relationship is not torn down.
l Before LSPs packets are generated, GR minimizes the interference caused by waiting for
the database synchronization.
l If the router starts for the first time, the router sets the overload bit in LSPs until the LSDB
synchronization is complete. This avoids route black holes.
Pre-configuration Tasks
Before configuring IS-IS GR, complete the following tasks:
Data Preparation
To configure IS-IS GR, you need the following data.
No. Data
1 ID of an IS-IS process
3 Whether to suppress the advertisement of the adjacency when the GR restarter restarts
Context
Perform the following steps on the router that runs IS-IS.
Procedure
Step 1 Run:
system-view
Step 2 Run:
isis [ process-id ]
Step 3 Run:
graceful-restart
IS-IS GR is enabled.
----End
Context
The router that starts for the first time does not maintain the forwarding status. If the router
restarts, the LSPs generated when the router runs last time may exist in the link state database
(LSDB) of other routers in the network.
The sequence number of an LSP fragment is reinitialized when the router starts. Therefore, the
router considers that the previously advertised LSP stored on other routers is newer than the LSP
generated locally after the router starts. This leads to the temporary black hole in the network,
which lasts until the normal LSDB synchronization process finishes. The router then regenerates
its LSPs and advertises the LSPs with the highest sequence number.
When this router starts, if the neighbor of the router suppresses the advertisement of the
adjacency until this router advertises the updated LSPs, the preceding case can therefore be
avoided.
Procedure
Step 1 Run:
system-view
Step 2 Run:
isis [ process-id ]
Step 3 Run:
graceful-restart no-impact-holdtime
The value of the T2 timer indicates the longest time during which the system waits for the LSDB
synchronization. Each Level-1 or Level-2 router maintains a T2 timer and disables it after the
LSDB synchronization among Level-1 or Level-2 routers ends. If LSDBs are not synchronized
yet when the T2 timer expires, the GR fails.
By default, the value of the T2 timer is 60 seconds. Keeping the default value is recommended.
The value of the T3 timer indicates the longest time that a GR lasts. A router disables the T3
timer after the LSDB synchronization ends in all areas. If LSDBs are not synchronized yet when
the T3 timer expires, the GR fails.
By default, the value of the T3 timer is 300 seconds. Keeping the default value is recommended.
During a GR, an IS-IS neighbor of the restarter sets the value of the T3 timer to the holdtime of
the neighbor relationship between them, which prevents routes from being recalculated on the
whole network due to a neighbor disconnection during the GR.
The GR restarter is configured to suppress the Suppress-Advertisement (SA) bit of the restart
TLV.
The SA bit determines whether a neighbor (GR helper) advertises the neighbor relationship with
the restarter. The helper suppresses the advertisement of the neighbor relationship with the
restarter until the helper receives a packet in which SA is set to 0. By default, the SA bit is not
suppressed.
----End
Prerequisites
IS-IS GR has been configured.
Procedure
Step 1 Run display isis graceful-restart status [ level-1 | level-2 ] [ process-id | vpn-instance vpn-
instance-name ] command to check the status of IS-IS GR.
----End
Example
Run the display isis graceful-restart status command, and you can find that IS-IS process 1
on the local router is enabled with GR and the default values of all GR parameters are used.
<HUAWEI> display isis graceful-restart status
Restart information for ISIS(1)
-------------------------------
IS-IS(1) Level-1 Restart Status
Restart Interval: 300
SA Bit Supported
Total Number of Interfaces = 1
Restart Status: RESTART COMPLETE
IS-IS(1) Level-2 Restart Status
Restart Interval: 300
SA Bit Supported
Total Number of Interfaces = 1
Restart Status: RESTART COMPLETE
Applicable Environment
In a network that has a high requirement for security, you can configure IS-IS authentication or
optional checksum to improve security of the IS-IS network.
l IS-IS authentication encapsulates authentication information into Hello packets, Link State
Protocol Data Units (LSPs), and Sequence Number Protocol Data Units (SNPs). After an
IS-IS device receives the packets, it checks whether the encapsulated authentication
information is correct. The IS-IS device only accepts the packets with correct authentication
information. The authentication mechanism enhances IS-IS network security. IS-IS
authentication consists of area authentication, routing domain authentication, and interface
authentication.
IS-IS authentication ensures that the data is correctly transmitted at the network layer.
l IS-IS optional checksum encapsulates checksum Type-Length-Values (TLVs) into SNPs
and Hello packets. After an IS-IS device receives the packets, it checks whether the
checksum TLVs are correct. The IS-IS device only accepts the packets with correct
checksum TLVs. The authentication mechanism enhances IS-IS network security.
IS-IS optional checksum ensures that the data is correctly transmitted at the link layer.
Pre-configuration Tasks
Before configuring IS-IS authentication, complete the following tasks:
Data Preparation
To configure IS-IS authentication, you need the following data.
No. Data
Context
By default, sent IS-IS packets are not encapsulated with authentication information, and received
packets are not authenticated. In order to avoid malicious text attack network, configuring IS-
IS authentication helps to improve the network security. Three IS-IS authentication modes and
the usage scenarios are as follows:
l Area authentication: Authentication passwords are encapsulated into IS-IS packets in
Level-1 areas. The receiver only accepts the packets that have been authenticated.
Therefore, you need to configure IS-IS area authentication to authenticate packets in
Level-1 areas.
l Routing domain authentication: Authentication passwords are encapsulated into IS-IS
packets in Level-2 areas. The receiver only accepts the packets that have been authenticated.
Therefore, you need to configure IS-IS routing domain authentication to authenticate
packets in Level-2 areas.
l Interface authentication: The authentication information is encapsulated into IS-IS Hello
packets. The neighboring can establish a neighbor relationship with the local router after
IS-IS Hello packets can be authenticated. Therefore, you need to configure interface
authentication to ensure validity and correctness of neighbor relationships.
NOTE
In configuring IS-IS authentication, the authentication modes and passwords of all devices in the same area
or routing domain must be consistent. Otherwise, IS-IS packets cannot be normally flooded.
An IS-IS neighbor relationship cannot be established if interface authentication fails. An IS-IS neighbor
relationship can be established regardless of whether IS-IS area or routing domain authentication succeeds.
When configuring an authentication password, select the ciphertext mode becasue the password is saved
in configuration files in plaintext if you select plaintext mode, which has a high risk. To ensure device
security, change the password periodically.
Procedure
l Configure IS-IS area authentication.
1. Run:
system-view
NOTICE
After the area-authentication-mode command is run, IS-IS does not process the
Level-1 LSPs in the local LSDB that fail to be authenticated or new Level-1 LSPs and
SNPs that fail to be authenticated but discards them after they age.
Characters @%@% are used as the prefix and suffix of existing passwords with
variable lengths. Therefore, characters @%@% cannot be configured together at the
beginning or end of a simple text password.
NOTICE
After the domain-authentication-mode command is run, IS-IS does not process the
Level-2 LSPs in the local LSDB that fail to be authenticated or new Level-2 LSPs and
SNPs that fail to be authenticated but discards them after they age.
Characters @%@% are used as the prefix and suffix of existing passwords with
variable lengths. Therefore, characters @%@% cannot be configured together at the
beginning or end of a simple text password.
1. Run:
system-view
The IS-IS authentication mode and password are configured on the interface.
NOTE
Characters @%@% are used as the prefix and suffix of existing passwords with variable
lengths. Therefore, characters @%@% cannot be configured together at the beginning or end
of a simple text password.
----End
Context
The optional checksum encapsulates optional checksum TLVs into the Complete Sequence
Numbers Protocol Data Units (CSNPs), Partial Sequence Number Protocol Data Units (PSNPs),
and Hello packets sent by IS-IS devices. When the peer device receives the encapsulated packets,
it checks whether TLVs carried in the packets are correct. If TLVs are not correct, the peer device
discards the packets for network security.
Procedure
Step 1 Run:
system-view
If MD5 authentication or Keychain authentication with valid MD5 authentication is configured on an IS-
IS interface or area, IS-IS devices send Hello packets and SNP packets carrying no checksum TLVs and
verify the checksum of the received packets.
----End
Prerequisites
Improving Security of an IS-IS Network has been configured.
Procedure
Step 1 Run display isis peer [ verbose ] [ process-id | vpn-instance vpn-instance-name ] command to
check information about the IS-IS neighbor.
----End
Example
On GE2/0/0, set the interface authentication mode to simple and password to 123. Neighbor
relationship can be established when authentication information on the two routers is consistent.
Run the display isis 1 peer verbose command. The display is as follows:
<HUAWEI> display isis peer 1 verbose
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
---------------------------------------------------------------------------------
0000.0000.0040 GE2/0/0 0000.0000.0040.04 Up 7s L1(L1L2) 64
Area Address(es) :10
Peer IP Address(es): 12.40.41.1
Uptime : 00:01:08
Adj Protocol : IPV4
Restart Capable : Yes
Suppressed Adj : NO
MT IDs supported : 0(UP)
Peer System Id : 0000.0000.0040
Context
NOTICE
The IS-IS data structure cannot be restored after you reset it. All the previous structure
information and the neighbor relationship are reset. Exercise caution when running this
command.
To clear the IS-IS data structure, run the following reset command in the user view.
Procedure
Step 1 Run reset isis all [ [ process-id | vpn-instance vpn-instance-name ] | graceful-restart ] *
command to reset the IS-IS data structure.
By default, the IS-IS data structure is not reset.
----End
Context
NOTICE
The specified IS-IS neighbor relationship is deleted after you reset a specified IS-IS neighbor
by using the reset isis peer command. Exercise caution when running this command.
After the IS-IS routing policy or the protocol changes, you can reset a specific IS-IS neighbor
to validate the new configuration.
To reset a specific IS-IS neighbor, run the following reset command in the user view.
Procedure
Step 1 Run reset isis peer system-id [ process-id | vpn-instance vpn-instance-name ] command to reset
a specific IS-IS neighbor.
----End
NOTE
This document takes interface numbers and link types of the NE40E-X8 as an example. In working
situations, the actual interface numbers and link types may be different from those used in this document.
Networking Requirements
As shown in Figure 7-4:
l Router A, Router B, Router C, and Router D belong to the same AS. IS-IS is enabled on
the routers to implement interconnection in the IP network.
l The area addresses of Router A, Router B, and Router C are all 10, and the area address of
Router D is 20.
l Router A and Router B are Level-1 routers, Router C is a Level-1-2 router. Router D is a
Level-2 router.
IS-IS
Area10 IS-IS
Area20
RouterA
L1 POS1/0/0 POS3/0/0 POS1/0/0 GE2/0/0
10.1.1.1/24 192.168.0.1/24 192.168.0.2/24 172.16.1.1/16
172.16.0.0/16
POS1/0/0 RouterC
10.1.1.2/24 POS2/0/0 RouterD
L1/2
10.1.2.1/24 L2
POS1/0/0
RouterB 10.1.2.2/24
L1
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable IS-IS on each router, configure the levels of routers, and specify an NET.
2. Set RouterA and RouterC to authenticate Hello packets in specified mode and with the
specified password.
3. Check the IS-IS database and the routing table of each router.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure an IP address for each interface.
This example assumes that you know the configuration method and no details are provided here,
for detailed configurations, see configuration files in this example.
# Configure Router A.
[RouterA] isis 1
[RouterA-isis-1] is-level level-1
[RouterA-isis-1] network-entity 10.0000.0000.0001.00
[RouterA-isis-1] quit
[RouterA] interface Pos 1/0/0
[RouterA-Pos1/0/0] isis enable 1
[RouterA-Pos1/0/0] quit
# Configure Router B.
[RouterB] isis 1
[RouterB-isis-1] is-level level-1
[RouterB-isis-1] network-entity 10.0000.0000.0002.00
[RouterB-isis-1] quit
[RouterB] interface Pos 1/0/0
[RouterB-Pos1/0/0] isis enable 1
[RouterB-Pos1/0/0] quit
# Configure Router C.
[RouterC] isis 1
[RouterC-isis-1] network-entity 10.0000.0000.0003.00
[RouterC-isis-1] quit
[RouterC] interface Pos 1/0/0
[RouterC-Pos1/0/0] isis enable 1
[RouterC-Pos1/0/0] quit
[RouterC] interface Pos 2/0/0
[RouterC-Pos2/0/0] isis enable 1
[RouterC-Pos2/0/0] quit
[RouterC] interface Pos 3/0/0
[RouterC-Pos3/0/0] isis enable 1
[RouterC-Pos3/0/0] quit
# Configure Router D.
[RouterD] isis 1
[RouterD-isis-1] is-level level-2
[RouterD-isis-1] network-entity 20.0000.0000.0004.00
[RouterD-isis-1] quit
[RouterD] interface gigabitethernet 2/0/0
[RouterD-GigabitEthernet2/0/0] isis enable 1
[RouterD-GigabitEthernet2/0/0] quit
[RouterD] interface Pos 1/0/0
[RouterD-Pos1/0/0] isis enable 1
[RouterD-Pos1/0/0] quit
Step 3 Configure the authentication mode and password for RouterA and RouterC to authenticate Hello
packets.
# Configure RouterA.
[RouterA] interface pos 1/0/0
[RouterA-Pos1/0/0] isis authentication-mode md5 huawei
# Configure RouterC.
[RouterC] interface pos 1/0/0
[RouterC-Pos1/0/0] isis authentication-mode md5 huawei
# Display the IS-IS routing information of each router. A default route must exist in the Level-1
routing table and the next hop is a Level-1-2 router. A Level-2 router must have all Level-1 and
Level-2 routes.
[RouterA] display isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------
10.1.1.0/24 10 NULL P1/0/0 Direct D/-/L/-
10.1.2.0/24 20 NULL P1/0/0 10.1.1.1 A/-/-/-
192.168.0.0/24 20 NULL P1/0/0 10.1.1.1 A/-/-/-
0.0.0.0/0 10 NULL P1/0/0 10.1.1.1 A/-/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
[RouterC] display isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------
10.1.1.0/24 10 NULL P1/0/0 Direct D/-/L/-
10.1.2.0/24 10 NULL P2/0/0 Direct D/-/L/-
192.168.0.0/24 10 NULL P3/0/0 Direct D/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------
10.1.1.0/24 10 NULL P1/0/0 Direct D/-/L/-
10.1.2.0/24 10 NULL P2/0/0 Direct D/-/L/-
192.168.0.0/24 10 NULL P3/0/0 Direct D/-/L/-
172.16.0.0/16 20 NULL P3/0/0 192.168.0.2 A/-/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
[RouterD] display isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
isis 1
is-level level-1
network-entity 10.0000.0000.0001.00
#
interface Pos1/0/0
link-protocol ppp
ip address 10.1.1.2 255.255.255.0
isis enable 1
isis authentication-mode md5 N`C55QK<`=/Q=^Q`MAF4<1!!
#
return
return
Networking Requirements
As shown in Figure 7-5:
l Router A, Router B, and Router C are connected through ATM links. IS-IS runs on the
three routers.
l Router A and Router B belong to area 10. Router C belongs to area 20.
l Router A is a Level-1 device, Router B is a Level-1-2 device, and Router C is a Level-2
device.
Configuration Roadmap
The configuration roadmap is as follows:
1. Set the type of the sub-interface to P2P when creating an ATM sub-interface, because IS-
IS does not support the NBMA network.
2. Enable IS-IS on each router, configure the level, and specify an NET.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure an ATM network.
# Configure Router A.
[RouterA] interface atm 1/0/0.1 p2p
[RouterA-Atm1/0/0.1] ip address 10.1.1.1 24
[RouterA-Atm1/0/0.1] pvc 2/2
[RouterA-atm-pvc-Atm1/0/0.1-2/2] map ip 10.1.1.2 broadcast
[RouterA-atm-pvc-Atm1/0/0.1-2/2] quit
[RouterA-Atm1/0/0.1] quit
# Configure Router B.
[RouterB] interface atm 1/0/0.1 p2p
[RouterB-Atm1/0/0.1] ip address 10.1.1.2 24
[RouterB-Atm1/0/0.1] pvc 2/2
[RouterB-atm-pvc-Atm1/0/0.1-2/2] map ip 10.1.1.1 broadcast
[RouterB-atm-pvc-Atm1/0/0.1-2/2] quit
[RouterB-Atm1/0/0.1] quit
[RouterB] interface atm 2/0/0.1 p2p
[RouterB-Atm2/0/0.1] ip address 10.1.2.1 24
[RouterB-Atm2/0/0.1] pvc 2/2
[RouterB-atm-pvc-Atm2/0/0.1-2/2] map ip 10.1.2.2 broadcast
[RouterB-atm-pvc-Atm2/0/0.1-2/2] quit
[RouterB-Atm2/0/0.1] quit
# Configure Router C.
[RouterC] interface atm 2/0/0.1 p2p
[RouterC-Atm2/0/0.1] ip address 10.1.2.2 24
[RouterC-Atm2/0/0.1] pvc 2/2
[RouterC-atm-pvc-Atm2/0/0.1-2/2] map ip 10.1.2.1 broadcast
[RouterC-atm-pvc-Atm2/0/0.1-2/2] quit
[RouterC-Atm2/0/0.1] quit
# Configure Router A.
[RouterA] isis 1
[RouterA-isis-1] is-level level-1
[RouterA-isis-1] network-entity 10.0000.0000.0001.00
[RouterA-isis-1] quit
[RouterA] interface atm 1/0/0.1 p2p
[RouterA-Atm1/0/0.1] isis enable 1
[RouterA-Atm1/0/0.1] quit
# Configure Router B.
[RouterB] isis 1
[RouterB-isis-1] network-entity 10.0000.0000.0002.00
[RouterB-isis-1] quit
[RouterB] interface atm 1/0/0.1 p2p
# Configure Router C.
[RouterC] isis 1
[RouterC-isis-1] is-level level-2
[RouterC-isis-1] network-entity 20.0000.0000.0003.00
[RouterC-isis-1] quit
[RouterC] interface atm 2/0/0.1 p2p
[RouterC-Atm2/0/0.1] isis enable 1
[RouterC-Atm2/0/0.1] quit
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
isis 1
is-level level-1
network-entity 10.0000.0000.0001.00
#
interface Atm1/0/0
#
interface Atm1/0/0.1 p2p
ip address 10.1.1.1 255.255.255.0
isis enable 1
pvc 2/2
map ip 10.1.1.2 broadcast
#
return
Networking Requirements
Figure 7-6 shows a networking example.
Network1
GE2/0/0
172.1.1.0/24
172.1.1.1/24
GE4/0/0 Area10
Network3 172.1.3.1/24
172.1.3.0/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable IS-IS on each router, configure the levels, and specify network entities.
2. Check the IS-IS routing table of Router A.
3. Configure Router B to summarize routes.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure an IP address for each interface.
Step 2 Configure basic IPv4 IS-IS functions.
# Configure Router A.
[RouterA] isis 1
[RouterA-isis-1] is-level level-2
[RouterA-isis-1] network-entity 20.0000.0000.0001.00
[RouterA-isis-1] quit
[RouterA] interface gigabitethernet 2/0/0
[RouterA-GigabitEthernet2/0/0] isis enable 1
[RouterA-GigabitEthernet2/0/0] quit
# Configure Router B.
[RouterB] isis 1
[RouterB-isis-1] network-entity 10.0000.0000.0002.00
[RouterB-isis-1] quit
[RouterB] interface gigabitethernet 2/0/0
[RouterB-GigabitEthernet2/0/0] isis enable 1
[RouterB-GigabitEthernet2/0/0] quit
[RouterB] interface gigabitethernet 1/0/0
[RouterB-GigabitEthernet1/0/0] isis enable 1
[RouterB-GigabitEthernet1/0/0] quit
# Configure Router C.
[RouterC] isis 1
[RouterC-isis-1] is-level level-1
[RouterC-isis-1] network-entity 10.0000.0000.0003.00
[RouterC-isis-1] quit
[RouterC] interface gigabitEthernet 1/0/0
[RouterC-GigabitEthernet1/0/0] isis enable 1
[RouterC-GigabitEthernet1/0/0] quit
The configurations of GE 2/0/0, GE 3/0/0, and GE 4/0/0 are similar to those of GE 1/0/0.
Step 3 Run the display isis route command to display the IS-IS routing table of routerRouter A.
[RouterA] display isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
----------------------------------------------------------------------------
172.1.1.0/24 30 NULL GE2/0/0 172.2.1.2 A/-/L/-
172.1.2.0/24 30 NULL GE2/0/0 172.2.1.2 A/-/L/-
172.1.3.0/24 30 NULL GE2/0/0 172.2.1.2 A/-/L/-
172.1.4.0/24 20 NULL GE2/0/0 172.2.1.2 A/-/L/-
172.2.1.0/24 10 NULL GE2/0/0 Direct D/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
isis 1
is-level level-2
network-entity 20.0000.0000.0001.00
#
interface GigabitEthernet2/0/0
ip address 172.2.1.1 255.255.255.0
isis enable 1
#
return
isis enable 1
#
interface GigabitEthernet2/0/0
ip address 172.1.1.1 255.255.255.0
isis enable 1
#
interface GigabitEthernet3/0/0
ip address 172.1.2.1 255.255.255.0
isis enable 1
#
interface GigabitEthernet4/0/0
ip address 172.1.3.1 255.255.255.0
isis enable 1
#
return
Networking Requirements
As shown in Figure 7-7:
l Router A, Router B, Router C, and Router D run IS-IS to implement interconnection in the
network.
l The four routers belong to area 10, and the network type is broadcast (Ethernet).
l Router A and Router B are Level-1-2 routers, Router C is a Level-1 router, and Router D
is a Level-2 router.
l The DIS priority of RouterA is 100.
l You can change the DIS priority of the interface to configure Router A as a Level-1-2 DIS.
GE1/0/0 GE1/0/0
10.1.1.1/24 10.1.1.2/24
GE1/0/0 GE1/0/0
10.1.1.3/24 10.1.1.4/24
RouterC RouterD
L1 L2
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable IS-IS on each router and specify the network entity to implement interconnection.
2. Check information about IS-IS interfaces on each router in the case of the default
preference.
3. Configure the DIS priority of each router.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure an IPv4 address for each interface.
This example assumes that you know the configuration method and no details are provided here.
# Configure Router B.
[RouterB] isis 1
[RouterB-isis-1] network-entity 10.0000.0000.0002.00
[RouterB-isis-1] quit
[RouterB] interface gigabitethernet 1/0/0
[RouterB-GigabitEthernet1/0/0] isis enable 1
[RouterB-GigabitEthernet1/0/0] quit
# Configure Router C.
[RouterC] isis 1
[RouterC-isis-1] network-entity 10.0000.0000.0003.00
[RouterC-isis-1] is-level level-1
[RouterC-isis-1] quit
[RouterC] interface gigabitethernet 1/0/0
[RouterC-GigabitEthernet1/0/0] isis enable 1
[RouterC-GigabitEthernet1/0/0] quit
# Configure Router D.
[RouterD] isis 1
[RouterD-isis-1] network-entity 10.0000.0000.0004.00
[RouterD-isis-1] is-level level-2
[RouterD-isis-1] quit
[RouterD] interface gigabitethernet 1/0/0
[RouterD-GigabitEthernet1/0/0] isis enable 1
[RouterD-GigabitEthernet1/0/0] quit
Total Peer(s): 4
NOTE
When the default DIS priority is used, the MAC address of the interface on Router B is the largest one
among those of Level-1 routers. Router B is therefore the DIS of the Level-1 area. The MAC address of
interface on Router D is the largest one among those of Level-2 routers. Router D is the DIS of the Level-2
area. The Level-1 and Level-2 pseudo nodes are 0000.0000.0002.01 and 0000.0000.0004.01 respectively.
Total Peer(s): 4
NOTE
After the DIS priority of the IS-IS interface changes, Router A becomes the DIS of the Level-1-2 area
instantly and its pseudo node is 0000.0000.0001.01.
Total Peer(s): 4
[RouterB] display isis interface
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
GE1/0/0 001 Up Down 1497 L1/L2 No/No
Total Peer(s): 2
[RouterD] display isis interface
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
GE1/0/0 001 Up Down 1497 L1/L2 No/No
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
isis 1
network-entity 10.0000.0000.0001.00
#
interface GigabitEthernet1/0/0
ip address 10.1.1.1 255.255.255.0
isis enable 1
isis dis-priority 100
#
return
isis 1
is-level level-2
network-entity 10.0000.0000.0004.00
#
interface GigabitEthernet1/0/0
ip address 10.1.1.4 255.255.255.0
isis enable 1
#
return
Networking Requirements
As shown in Figure 7-8:
Area10
POS1/0/0 POS2/0/0
RouterB
POS1/0/0 L2 POS1/0/0
GE3/0/0 GE3/0/0
POS2/0/0 POS2/0/0
RouterA RouterD
L2 L2
POS1/0/0 POS2/0/0
RouterC
L2
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Assign an IP address for each router.
This example assumes that you know the configuration method and no details are provided here.
For details about the configuration of basis IS-IS functions, see 7.24.1 Example for Configuring
Basic IS-IS Functions.
As shown in the routing table, when the maximum number of equal-cost routes for load balancing
is set to 1, the next hop to network segment 172.17.1.0 is 10.1.1.2. This is because the system
ID of Router B is small. IS-IS chooses the route with the next hop being 10.1.1.2 as the unique
optimal route.
As shown in the routing table, the default value is used when load balancing is canceled. The
two next hops of Router A, that is, 10.1.1.2 (that is, Router B) and 10.1.1.2 (that is, Router C),
are valid routes. This is because the default value of the maximum equal-cost routes is 3.
NOTE
For different products and different protocols, the maximum number of equal-cost routes is different. You
can adjust the maximum number by purchasing licenses.
If you do not perform load balancing through Router B and Router C, configure the preference
of the equal-cost routes and specify the next hop.
[RouterA] isis
[RouterA-isis-1] nexthop 10.1.2.2 weight 1
[RouterA-isis-1] quit
As shown in the routing table, because the preference (metric is 1) of next hop 10.1.2.2 (that is,
Router C) is higher than that of next hop 10.1.1.2 (that is, Router B), IS-IS chooses the route
with the next hop being 10.1.2.2 as the optimal route.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
isis 1
is-level level-2
network-entity 10.0000.0000.0001.00
nexthop 10.1.2.2 weight 1
#
interface GigabitEthernet3/0/0
ip address 172.16.1.1 255.255.255.0
isis enable 1
#
interface Pos1/0/0
link-protocol ppp
ip address 10.1.1.1 255.255.255.0
isis enable 1
#
interface Pos2/0/0
link-protocol ppp
ip address 10.1.2.1 255.255.255.0
isis enable 1
#
return
Networking Requirements
Figure 7-9 shows a networking example.
l Router A and Router B belong to the same AS, and the IS-IS neighbor relationship is
established between Router A and Router B. Router A is a non-BGP device in the AS.
l An EBGP connection is set up between Router B and Router C.
l IS-IS and BGP import routes of each other to implement interworking between devices in
the two ASs. A routing policy is configured to change the cost of a BGP route imported by
IS-IS so that a desired route will be selected.
Figure 7-9 Networking diagram for configuring IS-IS to interact with BGP
Loopback0 Loopback0
1.1.1.1/32 2.2.2.2/32
POS1/0/0 POS1/0/0 POS1/0/0
10.1.1.1/24 10.2.1.1/24 10.2.1.2/24
POS1/0/0
RouterA 10.1.1.2/24 RouterB RouterC
AS65009
AS65008
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure an IP address for each interface.
# Configure Router A.
[RouterA] isis 1
[RouterA-isis-1] network-entity 10.0000.0000.0001.00
[RouterA-isis-1] quit
[RouterA] interface pos 1/0/0
[RouterA-Pos1/0/0] isis enable 1
[RouterA-Pos1/0/0] quit
# Configure Router B.
[RouterB] isis 1
[RouterB-isis-1] network-entity 10.0000.0000.0002.00
[RouterB-isis-1] quit
[RouterB] interface pos 1/0/0
[RouterB-Pos1/0/0] isis enable 1
[RouterB-Pos1/0/0] quit
# Configure Router B.
[RouterB] bgp 65008
[RouterB-bgp] router-id 1.1.1.1
[RouterB-bgp] peer 10.2.1.2 as-number 65009
[RouterB-bgp] ipv4-family unicast
[RouterB-bgp-af-ipv4] network 10.2.1.0 255.255.255.0
# Configure Router C.
[RouterC] bgp 65009
[RouterC-bgp] router-id 2.2.2.2
[RouterC-bgp] peer 10.2.1.1 as-number 65008
[RouterC-bgp] ipv4-family unicast
[RouterC-bgp-af-ipv4] network 10.2.1.0 255.255.255.0
# Run the display ip routing-table command to display the routing table of Router A. The
command output shows that IS-IS has imported the BGP route 3.3.3.3/32.
[RouterA] display ip routing-table
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 6 Routes : 6
# On Router B, configure the AS_Path filter, and apply the filter in the RTC routing policy.
[RouterB] ip as-path-filter 1 permit 65009
[RouterB] route-policy RTC permit node 0
[RouterB-route-policy] if-match as-path-filter 1
[RouterB-route-policy] apply cost 20
[RouterB-route-policy] quit
# Run the display ip routing-table command to display the routing table of Router A. The
command output shows that the AS_Path filter has been applied and the cost of the imported
BGP route 3.3.3.3/32 has been changed from 74 to 94.
[RouterA] display ip routing-table
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 6 Routes : 6
# Run the display ip routing-table command to display the routing table of Router C. The
command output shows that BGP has imported the IS-IS route 10.1.1.0/24.
[RouterC] display ip routing-table
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 7 Routes : 7
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
isis 1
network-entity 10.0000.0000.0001.00
#
interface Pos1/0/0
link-protocol ppp
ip address 10.1.1.1 255.255.255.0
isis enable 1
#
return
#
ipv4-family unicast
undo synchronization
network 10.2.1.0 255.255.255.0
peer 10.2.1.2 enable
#
route-policy RTC permit node 0
if-match as-path-filter 1
apply cost 20
#
ip as-path-filter 1 permit 65009
#
return
Networking Requirements
In real-world situations, an IPv4/IPv6 topology has a shortcoming. When various end-to-end
services, such as voice and data services share the same physical links, either IPv4 or IPv6
packets are discarded on the shablue links, affecting transmission quality. To address this
problem, configure multi-topologies and create separate IPv4 and IPv6 routing tables.
As shown in Figure 7-10, Router A, Router C, and Router D support both IPv4 and IPv6, whereas
Router B supports only IPv4.
Without IS-IS multi-topologies, IPv6 packets cannot be sent from Router A to Loopback 1 on
Router C, because the calculated SPT passes through Router B that does not support IPv6.
To ensure IPv6 packet transmission, enable IS-IS multi-topologies and create separate IPv4 and
IPv6 routing tables.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure IPv4/IPv6 addresses for the interfaces on routers so that devices in different areas
can communicate.
2. Enable IPv6 as well as global IPv4 and IPv6 topologies on the routers supporting the IPv4/
IPv6 dual stack and enable a global IPv4 topology on Router B.
3. Configure basic IS-IS functions and link costs.
4. Create separate IPv4 and IPv6 topology instances on the routers supporting the IPv4/IPv6
dual stack and create an IPv4 topology instance on router B.
5. Associate the interfaces with specified topology instances.
Data Preparation
To complete the configuration, you need the following data:
l IP addresses of the interfaces on routers as shown in Figure 7-10, area ID (86), system ID
of Router A (0000.0000.0001), system ID of Router B (0000.0000.0002), system ID of
Router C (0000.0000.0003), system ID of Router D (0000.0000.0004), and level of all the
routers (Level-1).
l Cost of the link from Router D to Router A (6), cost of the link from Router A to Router
B (4), cost of the link from Router B to Router C (3), cost of the link from Router D to
Router C (14), default cost of Loopback 1 on Router D (0), and default costs of other links
(10).
l IPv4 topology instance blue for all routers and IPv6 topology instance red for Router A,
Router C, and Router D.
Procedure
Step 1 Configure IP addresses for the interfaces.
Configure an IPv4 address and a mask for each interface on Router B, and configure IPv4 as
well as IPv6 addresses and masks for each interface on Router A, Router C, and Router D based
on Figure 7-10. The detailed configurations are not provided here.
Step 2 Enable IPv6 as well as global IPv4 and IPv6 topologies on the routers supporting the IPv4/IPv6
dual stack and enable a global IPv4 topology on Router B.
The configurations on Router C and Router D are the same as that on router A.
For details about the configuration of basic IS-IS functions, see Configuring Basic IPv4 IS-IS
Functions.
The configuration of other link costs is the same as that of the link from Router A to Router B.
Step 4 Create an IPv4 topology instance red for each router and an IPv6 topology instance blue for
Router A, Router C, and Router D.
# Associate an IS-IS process with the IPv4 topology instance red and IPv6 topology instance
blue on Router A.
[RouterA] isis
[RouterA-isis-1] ipv6 enable topology ipv6
[RouterA-isis-1] cost-style wide
[RouterA-isis-1] topology red topology-id 10
[RouterA-isis-1-topology-red] quit
[RouterA-isis-1] ipv6 topology blue topology-id 20
[RouterA-isis-1-topology-blue] quit
[RouterA-isis-1] quit
The configurations on Router C and Router D are the same as that on Router A.
# Associate an IS-IS process with the IPv4 topology instance red on Router B.
[RouterB] isis
[RouterB-isis-1] cost-style wide
[RouterB-isis-1] topology red topology-id 10
[RouterB-isis-1-topology-red] quit
[RouterB-isis-1] quit
After the configuration is complete, run the display isis route command on the routers to view
information about the learned routes. The following example uses the display on Router D.
IPv6 routes are calculated only on the IPv6 topology. Therefore, the outbound interface of the
route from Router D to 2008::/64 is GE 2/0/0.
To make a comparison between the preceding routing information and the routing information
when an IPv4/IPv6 topology is deployed, run the following commands.
[RouterD] isis 1
[RouterD-isis-1] ipv6 enable
Configuration modifications on Router A and Router C are the same as that on Router D.
After the configuration is modified, run the display isis route command on the routers once
again to view information about the learned routes. The following example uses the display on
Router D.
The preceding output shows that the outbound interface of the route from Router D to 2008::/64
is GE 1/0/0. This is because in the SPF calculation when an IPv4/IPv6 topology is deployed, the
cost of the link passing through GE 1/0/0 to 2008::1/64 is smaller.
However, the tracert command output shows that IPv6 packets cannot reach the destination.
The preceding output shows that there is no outbound interface for the route from Router A to
2008::/64. This is because the link between Router A and Router B does not support IPv6 and
IPv6 packets from Router D are discarded.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
ip topology red
#
ipv6 topology blue
#
isis 1
cost-style wide
network-entity 86.0000.0000.0001.00
ipv6 enable topology ipv6
#
topology red topology-id 10
#
ipv6 topology blue topology-id 20
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 192.168.1.1 255.255.255.0
isis enable 1
isis cost 4
ip topology red enable
isis topology red
#
interface GigabitEthernet2/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:db8:1::1/64
isis ipv6 enable 1
ipv6 topology blue enable
isis ipv6 topology blue
#
return
ipv6 enable
ipv6 address 2008::1/64
isis ipv6 enable 1
#
return
Networking Requirements
As shown in Figure 7-11:
l Router A, Router B, Router C, Router D, and Router E run IS-IS, and they are Level-2
routers.
l A TE tunnel is established between Router B and Router D.
l IGP Shortcut is enabled on Router B.
GE1/0/0 GE2/0/0
172.16.1.1/24 192.168.3.1/24
RouterA Router-id Router-id
1.1.1.1 RouterE
5.5.5.5
GE2/0/0 GE1/0/0
10.0.0.1/24 10.0.3.3/24
GE1/0/0 GE1/0/0
10.0.0.2/24 RouterB RouterD 10.0.3.1/24
Router-id Tunnel1/0/0 Router-id
2.2.2.2 4.4.4.4
GE2/0/0 RouterC GE2/0/0
10.0.1.2/24 10.0.2.1/24
Router-id
Tunnel1/0/0 3.3.3.3 Join
Multicast
GE1/0/0 GE2/0/0 Packets
10.0.1.1/24 10.0.2.2/24
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
l IP address of each router interface is shown in Figure 7-11. The area address is 10, the
originating system ID is 0000.0000.0001 and is incremental, and the routers are Level-2
routers.
l Tunnel interface is TE tunnel 1/0/0, the tunnel interface borrows the IP address of Loopback
0, the tunnel encapsulation protocol is MPLS TE, the destination address is 4.4.4.4, the
tunnel ID is 100, and the tunnel signaling protocol is RSVP-TE.
Procedure
Step 1 Assign an IP address for each interface and enable IS-IS.
As shown in Figure 7-11, assign an IP address and the mask for each interface and enable IS-
IS. This example assumes that you know the configuration method and no details are provided
here.
Step 2 Configure PIM-SM.
# Enable multicast on all routers and enable PIM-SM on all interfaces except GigabitEthernet
1/0/0 on Router A. The configurations on Router B, Router C, Router D, and Router E are similar
to those on Router A and are not mentioned here.
[RouterA] multicast routing-enable
[RouterA] interface gigabitethernet 2/0/0
[RouterA-GigabitEthernet2/0/0] pim sm
[RouterA-GigabitEthernet2/0/0] quit
# Configure a C-BSR and a C-RP. Set the service range of the RP on Router D and specify the
locations of the C-BSR and the C-RP.
[RouterD] pim
[RouterD-pim] c-bsr gigabitethernet 1/0/0
[RouterD-pim] c-rp gigabitethernet 1/0/0
# Run the display multicast routing-table command to view the multicast routing table of a
router. The multicast routing table on Router C is as follows:
[RouterC] display multicast routing-table
Multicast routing table of VPN-Instance: public net
Total 1 entry
00001. (192.168.3.2, 224.31.31.31)
Uptime: 15:03:04
Upstream Interface: GigabitEthernet2/0/0
List of 1 downstream interface
1: GigabitEthernet1/0/0
# Configure Router C.
[RouterC] mpls lsr-id 3.3.3.3
[RouterC] mpls
[RouterC-mpls] mpls te
[RouterC-mpls] mpls rsvp-te
# Configure Router D.
[RouterD] mpls lsr-id 4.4.4.4
[RouterD] mpls
[RouterD-mpls] mpls te
[RouterD-mpls] mpls rsvp-te
[RouterD-mpls] mpls te cspf
[RouterD-mpls] quit
[RouterD] interface gigabitethernet 1/0/0
[RouterD-GigabitEthernet1/0/0] mpls
[RouterD-GigabitEthernet1/0/0] mpls te
[RouterD-GigabitEthernet1/0/0] mpls rsvp-te
[RouterD-GigabitEthernet1/0/0] quit
[RouterD] isis 1
[RouterD-isis-1] cost-style wide
[RouterD-isis-1] traffic-eng level-2
[RouterD-isis-1] quit
# View the routing table on Router B. You can find that IGP Shortcut is enabled.
[RouterB] display isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
--------------------------------------------------------------------------------
3.3.3.3/32 10 NULL GE2/0/0 10.0.1.1 A/-/-/-
172.16.1.0/24 20 NULL GE1/0/0 10.0.0.1 A/-/-/-
2.2.2.2/32 0 NULL Loop0 Direct D/-/L/-
192.168.3.0/24 25 NULL Tun1/0/0 2.2.2.2 A/S/-/-
5.5.5.5/32 15 NULL Tun1/0/0 2.2.2.2 A/S/-/-
10.0.0.0/24 10 NULL GE1/0/0 Direct D/-/L/-
10.0.1.0/24 10 NULL GE2/0/0 Direct D/-/L/-
4.4.4.4/32 5 NULL Tun1/0/0 2.2.2.2 A/S/-/-
No multicast routing entry is displayed. This indicates that the multicast packet is discarded.
# View the multicast routing table on Router C again. You can find that multicast routes are
displayed.
[RouterC] display multicast routing-table
Multicast routing table of VPN-Instance: public net
Total 1 entry
00001. (192.168.3.2, 224.31.31.31)
Uptime: 00:00:19
Upstream Interface: GigabitEthernet2/0/0
List of 1 downstream interface
1: GigabitEthernet1/0/0
The physical outgoing interface of the next hop of the route with the previous outgoing interface
being a TE tunnel interface is found in the MIGP routing table.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
router id 1.1.1.1
#
multicast routing-enable
#
isis 1
is-level level-2
cost-style wide
network-entity 10.0000.0000.0001.00
#
interface GigabitEthernet2/0/0
ip address 10.0.0.1 255.255.255.0
isis enable 1
pim sm
#
interface GigabitEthernet1/0/0
ip address 172.16.1.1 255.255.255.0
isis enable 1
igmp enable
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
return
C-RP LoopBack0
#
return
Networking Requirements
As shown in Figure 7-12:
l Router A, Router B, Router C, and Router D belong to the same AS. They are interconnected
through IS-IS in the IPv6 network.
l Router A, Router B, and Router C belong to area 10. Router D belongs to area 20.
l Router A and Router B are Level-1 routers. Router C is a Level-1-2 router. Router D is a
Level-2 router.
GE1/0/0
2001:db8:1::2/64 GE2/0/0
2001:db8:4::1/64
RouterA
GE3/0/0
L1
2001:db8:3::1/64
GE1/0/0
2001:db8:1::1/64
GE1/0/0
GE2/0/0 RouterC 2001:db8:3::2/64 RouterD
2001:db8:2::1/64 L1/L2 L2
IS-IS GE1/0/0
Area10 2001:db8:2::2/64
IS-IS
Area20
RouterB
L1
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Enable the capability of IPv6 forwarding, and configure IPv6 address for each interface. Take
the display on Router A as an example. The configurations of Router B, Router C and Router
D are similar to that of Router A. The detailed configurations are not mentioned here.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] ipv6
[RouterA] interface pos 1/0/0
# Configure Router A.
[RouterA] isis 1
[RouterA-isis-1] is-level level-1
[RouterA-isis-1] network-entity 10.0000.0000.0001.00
[RouterA-isis-1] ipv6 enable
[RouterA-isis-1] quit
[RouterA] interface pos 1/0/0
[RouterA-Pos1/0/0] isis ipv6 enable 1
[RouterA-Pos1/0/0] quit
# Configure Router B.
[RouterB] isis 1
[RouterB-isis-1] is-level level-1
[RouterB-isis-1] network-entity 10.0000.0000.0002.00
[RouterB-isis-1] ipv6 enable
[RouterB-isis-1] quit
[RouterB] interface pos 1/0/0
[RouterB-Pos1/0/0] isis ipv6 enable 1
[RouterB-Pos1/0/0] quit
# Configure Router C.
[RouterC] isis 1
[RouterC-isis-1] network-entity 10.0000.0000.0003.00
[RouterC-isis-1] ipv6 enable
[RouterC-isis-1] quit
[RouterC] interface pos 1/0/0
[RouterC-Pos1/0/0] isis ipv6 enable 1
[RouterC-Pos1/0/0] quit
[RouterC] interface pos 2/0/0
[RouterC-Pos2/0/0] isis ipv6 enable 1
[RouterC-Pos2/0/0] quit
[RouterC] interface pos 3/0/0
[RouterC-Pos3/0/0] isis ipv6 enable 1
[RouterC-Pos3/0/0] isis circuit-level level-2
[RouterC-Pos3/0/0] quit
# Configure Router D.
[RouterD] isis 1
[RouterD-isis-1] is-level level-2
[RouterD-isis-1] network-entity 20.0000.0000.0004.00
[RouterD-isis-1] ipv6 enable
[RouterD-isis-1] quit
[RouterD] interface pos 1/0/0
[RouterD-Pos1/0/0] isis ipv6 enable 1
[RouterD-Pos1/0/0] quit
[RouterD] interface gigabitethernet 2/0/0
[RouterD-GigabitEthernet2/0/0] isis ipv6 enable 1
[RouterD-GigabitEthernet2/0/0] quit
SOURCE 0000.0000.0002.00
NLPID IPV6
AREA ADDR 10
INTF ADDR V6 2001:db8:2::2
Topology Standard
NBR ID 0000.0000.0003.00 COST: 10
IPV6 2001:db8:2::/64 COST: 10
0000.0000.0003.00-00* 0x00000020 0x6b10 771 140 1/0/0
SOURCE 0000.0000.0003.00
NLPID IPV6
AREA ADDR 10
INTF ADDR V6 2001:db8:3::1
INTF ADDR V6 2001:db8:2::1
INTF ADDR V6 2001:db8:1::1
Topology Standard
NBR ID 0000.0000.0002.00 COST: 10
NBR ID 0000.0000.0001.00 COST: 10
IPV6 2001:db8:2::/64 COST: 10
IPV6 2001:db8:1::/64 COST: 10
Total LSP(s): 5
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
Level-2 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------
0000.0000.0003.00-00* 0x00000017 0x61b4 771 157 0/0/0
SOURCE 0000.0000.0003.00
NLPID IPV6
AREA ADDR 10
INTF ADDR V6 2001:db8:3::1
INTF ADDR V6 2001:db8:2::1
INTF ADDR V6 2001:db8:1::1
Topology Standard
NBR ID 0000.0000.0004.00 COST: 10
IPV6 2001:db8:3::/64 COST: 10
IPV6 2001:db8:2::/64 COST: 10
IPV6 2001:db8:1::/64 COST: 10
0000.0000.0004.00-00 0x0000000b 0x6dfa 1024 124 0/0/0
SOURCE 0000.0000.0004.00
NLPID IPV6
AREA ADDR 20
INTF ADDR V6 2001:db8:3::2
INTF ADDR V6 2001:db8:4::1
Topology Standard
NBR ID 0000.0000.0003.00 COST: 10
NBR ID 0000.0000.0005.00 COST: 10
IPV6 2001:db8:3::/64 COST: 10
IPV6 2001:db8:4::/64 COST: 10
Total LSP(s): 3
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
ipv6
#
isis 1
is-level level-1
network-entity 10.0000.0000.0001.00
#
#
isis 1
is-level level-2
network-entity 20.0000.0000.0004.00
#
ipv6 enable topology standard
#
interface GigabitEthernet2/0/0
ipv6 enable
ipv6 address 2001:db8:4::1/64
isis ipv6 enable 1
#
interface Pos1/0/0
link-protocol ppp
ipv6 enable
ipv6 address 2001:db8:3::2/64
isis ipv6 enable 1
#
return
Networking Requirements
As shown in Figure 7-13:
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To configure IS-IS fast convergence, you need the following data:
Procedure
Step 1 Configure an IP address for each interface.
This example assumes that you know the configuration method and no details are provided here.
Step 2 Configure basic IS-IS functions.
# Configure Router A.
[RouterA] isis 1
[RouterA-isis-1] is-level level-2
[RouterA-isis-1] network-entity 10.0000.0000.0001.00
[RouterA-isis-1] quit
[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] isis enable 1
[RouterA-GigabitEthernet1/0/0] quit
# Configure Router B.
[RouterB] isis 1
[RouterB-isis-1] is-level level-2
[RouterB-isis-1] network-entity 10.0000.0000.0002.00
[RouterB-isis-1] quit
[RouterB] interface gigabitethernet 1/0/0
[RouterB-GigabitEthernet1/0/0] isis enable 1
[RouterB-GigabitEthernet1/0/0] quit
# Configure Router B.
[RouterB] bfd
[RouterB-bfd] quit
[RouterB] bfd btoa bind peer-ip 10.1.1.1 interface gigabitethernet 1/0/0
[RouterB-bfd-session-btoa] discriminator local 2
[RouterB-bfd-session-btoa] discriminator remote 1
[RouterB-bfd-session-btoa] commit
[RouterB-bfd-session-btoa] quit
[RouterB] interface gigabitethernet 1/0/0
[RouterB-GigabitEthernet1/0/0] isis bfd static
[RouterB-GigabitEthernet1/0/0] quit
[RouterA-isis-1] quit
# Configure Router B.
[RouterB] isis 1
[RouterB-isis-1] flash-flood
[RouterB-isis-1] timer spf 1 20 100
[RouterB-isis-1] timer lsp-generation 1 1 120
[RouterB-isis-1] quit
NOTE
l In IS-IS, if LSDB changes, routes are calculated and then a new LSP is generated to report this change.
Frequent route calculations consume lots of system resources and degrade the system performance.
Delaying SPF calculation, generating a new LSP time, and LSP fast flooding improves the efficiency
in route calculation and reduces the consumption of system resources.
l Using the flash-flood command, you can enable LSP fast flooding to speed up the convergence of an
IS-IS network.
l Run the timer spf command to set the interval of the SPF calculation. By default, the interval is 5
seconds.
l Run the timer lsp-generation command to set the delay for generating an LSP. By default, the delay
is 2 seconds.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
bfd
#
isis 1
is-level level-2
timer lsp-generation 1 1 120 level-1
timer lsp-generation 1 1 120 level-2
flash-flood level-1
flash-flood level-2
network-entity 10.0000.0000.0001.00
timer spf 1 20 100
#
interface GigabitEthernet1/0/0
ip address 10.1.1.1 255.255.255.0
isis enable 1
isis bfd static
#
7.24.11 Example for Configuring IS-IS Auto FRR (IP protecting IP)
This part provides an example for fast switching services to the backup link in the case of IS-IS
link failures through IS-IS Auto FRR (IP protecting IP).
Networking Requirements
When a fault occurs on a network, IS-IS Auto FRR fast switches traffic to a backup link before
the route convergence. This prevents traffic interruption.
In Figure 7-14:
10
10.1.0.1/24 Link T 10
=
L12 GE3/0/0
st
GE1/0/0
co
RouterA 10.4.0.2/24 10.5.1.1/24
L12 cost = 10
co
st
10
GE2/0/0 = GE2/0/0
=
10.2.0.1/24 30
st
10.3.0.2/24
co
GE1/0/0 GE2/0/0
10.2.0.2/24 10.3.0.1/24
RouterB
L12
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable basic IS-IS functions on each router.
2. Set a larger link cost (in compliance with the traffic protection inequality of IS-IS Auto
FRR) on GE 2/0/0 of Router A, and ensure that Link T is preferentially selected.
3. Enable IS-IS Auto FRR on Router A that forwards the protected traffic.
Data Preparation
To complete the configuration, you need the following data:
l IP addresses of interfaces on each router
l NET of each router
l Level of each router
l Costs of interfaces on each router
Procedure
Step 1 Configure IP addresses for interfaces. The details are omitted.
Step 2 Configure basic IS-IS functions.
# Configure Router A.
[RouterA] isis 1
[RouterA-isis-1] is-level level-1-2
[RouterA-isis-1] network-entity 10.0000.0000.0001.00
[RouterA-isis-1] quit
[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] isis enable 1
[RouterA-GigabitEthernet1/0/0] quit
# Configure Router B.
[RouterB] isis 1
[RouterB-isis-1] is-level level-1-2
[RouterB-isis-1] network-entity 10.0000.0000.0002.00
[RouterB-isis-1] quit
[RouterB] interface gigabitethernet 1/0/0
[RouterB-GigabitEthernet1/0/0] isis enable 1
[RouterB-GigabitEthernet1/0/0] quit
[RouterB] interface gigabitethernet 2/0/0
[RouterB-GigabitEthernet2/0/0] isis enable 1
[RouterB-GigabitEthernet2/0/0] quit
# Configure Router C.
[RouterC] isis 1
[RouterC-isis-1] is-level level-1-2
[RouterC-isis-1] network-entity 10.0000.0000.0003.00
[RouterC-isis-1] quit
[RouterC] interface gigabitethernet 1/0/0
[RouterC-GigabitEthernet1/0/0] isis enable 1
[RouterC-GigabitEthernet1/0/0] quit
[RouterC] interface gigabitethernet 2/0/0
[RouterC-GigabitEthernet2/0/0] isis enable 1
[RouterC-GigabitEthernet2/0/0] quit
# Configure Router D.
[RouterD] isis 1
[RouterD-isis-1] is-level level-1-2
[RouterD-isis-1] network-entity 10.0000.0000.0004.00
[RouterD-isis-1] quit
[RouterD] interface gigabitethernet 1/0/0
[RouterD-GigabitEthernet1/0/0] isis enable 1
[RouterD-GigabitEthernet1/0/0] quit
[RouterD] interface gigabitethernet 2/0/0
[RouterD-GigabitEthernet2/0/0] isis enable 1
[RouterD-GigabitEthernet2/0/0] quit
Step 3 Set the cost of Gigabit Ethernet 2/0/0 on RouterA to 30, and then check routing information.
# Configure the cost of GE 2/0/0 on Router A to 30.
[RouterA] interface gigabitethernet 2/0/0
[RouterA-GigabitEthernet2/0/0] isis cost 30
[RouterA-GigabitEthernet2/0/0] quit
# Check information about the link from Router A to Router D. Link T has a lower cost, and
thereby IS-IS optimally selects Link T to send traffic that is forwarded by Router A.
<RouterA> display isis route 10.5.1.1 verbose
# Run the display fib 10.5.1.1 verbose command on Router A to check the forwarding entry
from Router A to Router D.
<RouterA> display fib 10.5.1.1 verbose
As shown in the command output, the traffic from Router A to Router D is only forwarded
through Link T.
Step 4 Enable IS-IS Auto FRR on Router A, and then check the routing information.
# Enable IS-IS Auto FRR on Router A.
[RouterA] isis
[RouterA-isis-1] frr
[RouterA-isis-1-frr]loop-free-alternate
# Check information about the link from Router A to Router D. You can find that IS-IS creates
a backup link because IS-IS Auto FRR is enabled.
<RouterA> display isis route 10.5.1.1 verbose
# Check the protection type for the traffic from Router A to Router D.
<RouterA> display isis spf-tree systemid 0000.0000.0004 verbose
(2) 0000.0000.0004.03
Cost : 10
Flags : Child
(2) 0000.0000.0004.03
Cost : 10
Flags : Child
As shown in the preceding command output, link-node dual protection is enabled from Router
A to Router D.
# Run the display fib 10.5.1.1 verbose command on Router A to check the backup forwarding
entry from Router A to Router D.
<RouterA> display fib 10.5.1.1 verbose
Route Entry Count: 1
Destination: 10.5.1.0 Mask : 255.255.255.0
Nexthop : 10.1.0.2 OutIf : GigabitEthernet1/0/0
LocalAddr : 10.1.0.1 LocalMask: 0.0.0.0
Flags : DGU Age : 6sec
ATIndex : 0 Slot : 0
LspFwdFlag : 0 LspToken : 0x0
InLabel : NULL OriginAs : 0
BGPNextHop : 0.0.0.0 PeerAs : 0
QosInfo : 0x0 OriginQos: 0x0
NexthopBak : 10.2.0.2 OutIfBak : GigabitEthernet2/0/0
LspTokenBak: 0x0 InLabelBak : NULL
LspToken_ForInLabelBak : 0x0
EntryRefCount : 0
VlanId : 0x0
LspType : 0 Label_ForLspTokenBak : 0
MplsMtu : 0 Gateway_ForLspTokenBak : 0
NextToken : 0 IfIndex_ForLspTokenBak : 0
Label_NextToken : 0 Label : 0
LspBfdState : 0
As shown in the command output, the master link from Router A to Router D is Link T, the
relevant backup link follows the route with GE 2/0/0 as the outbound interface and 10.2.0.2 as
the next hop.
# Run the shutdown command on GE 2/0/0 of Router C to make the link down.
[RouterC] interface gigabitethernet 2/0/0
[RouterC-GigabitEthernet2/0/0] shutdown
# Run the display fib 10.5.1.1 verbose command immediately on Router A to check information
about the route from Router A to Router D.
<RouterA> display fib 10.5.1.1 verbose
Route Entry Count: 1
Destination: 10.5.1.0 Mask : 255.255.255.0
Nexthop : 10.2.0.2 OutIf : GigabitEthernet2/0/0
LocalAddr : 10.2.0.1 LocalMask: 0.0.0.0
Flags : DGU Age : 124sec
ATIndex : 0 Slot : 0
LspFwdFlag : 0 LspToken : 0x0
InLabel : NULL OriginAs : 0
BGPNextHop : 0.0.0.0 PeerAs : 0
QosInfo : 0x0 OriginQos: 0x0
NexthopBak : 0.0.0.0 OutIfBak : [No Intf]
LspTokenBak: 0x0 InLabelBak : NULL
LspToken_ForInLabelBak : 0x0
EntryRefCount : 0
VlanId : 0x0
LspType : 0 Label_ForLspTokenBak : 0
MplsMtu : 0 Gateway_ForLspTokenBak : 0
NextToken : 0 IfIndex_ForLspTokenBak : 0
Label_NextToken : 0 Label : 0
LspBfdState : 0
As shown in the command output, the traffic forwarded by the Router A is switched to the backup
link, with GE 2/0/0 as the outbound interface and 10.2.0.2 as the next hop.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
isis 1
frr
loop-free-alternate level-1
loop-free-alternate level-2
network-entity 10.0000.0000.0001.00
#
interface gigabitethernet 1/0/0
ip address 10.1.0.1 255.255.255.0
isis enable 1
#
interface gigabitethernet 2/0/0
ip address 10.2.0.1 255.255.255.0
isis enable 1
isis cost 30
#
return
sysname RouterD
#
isis 1
network-entity 10.0000.0000.0004.00
#
interface gigabitethernet 1/0/0
ip address 10.4.0.2 255.255.255.0
isis enable 1
#
interface gigabitethernet 2/0/0
ip address 10.3.0.2 255.255.255.0
isis enable 1
#
interface gigabitethernet 3/0/0
ip address 10.5.1.1 255.255.255.0
isis enable 1
#
return
7.24.12 Example for Configuring IS-IS Auto FRR (TE protecting IP)
This part provides an example for fast switching services to the backup link in the case of IS-IS
link failures through IS-IS Auto FRR (TE protecting IP).
Networking Requirements
PE1 P1 P3 PE3
P5
Plane A
P2 P4
P6
Plane B Traffic in normal
Traffic in case of failure
Figure 7-15 is the simplified networking diagram of MPLS VPN double planes, and PEs are
dual-homed to the two planes. It is required that:
l IS-IS should be configured to implement IP connectivity between nodes.
l Traffic between P nodes at the core layer should be transmitted through the direct link when
no link fault occurs.
l The MPLS TE tunnel should be configured as the backup path so that traffic between P
nodes can be switched to the other plane when the link between P nodes fails.
l IS-IS Auto FRR should be configured so that service traffic between P nodes can be rapidly
switched to the TE tunnel when the direct link fails.
l Traffic between P nodes should be transmitted only between the P nodes at the core layer
to prevent traffic between P nodes from going back to PE nodes.
NOTE
In this configuration example, PE1 and PE3 are used for illustration, only three P nodes of each plane at
the core layer are illustrated, and only the MPLS TE tunnel between P1 and P3 is illustrated. In real-world
situations, there are far more PE nodes, P nodes, and MPLS TE tunnels.
Configuration Roadmap
The configuration roadmap is as follows:
1. Assign IP addresses to interfaces on each node, configure the loopback addresses that are
used as LSR IDs, and configure IS-IS to implement IP connectivity.
2. Configure an MPLS TE tunnel between P nodes as the backup path in Loop-Free Alternate
(LFA) calculation.
3. Enable forwarding adjacency and configure LDP over TE.
4. Enable IS-IS Auto FRR so that traffic can be rapidly switched in the case of a link fault.
5. Run the undo isis lfa-backup command on the interfaces that connect P nodes to PE nodes
to disable these interfaces from becoming the backup interfaces in LFA calculation and
prevent traffic between P nodes from going back to PE nodes.
Data Preparation
To complete the configuration, you need the following data.
P1 GE 1/0/0 GE 1/0/0 P2
10.1.1.1/30 10.1.1.2/30
P1 GE 2/0/0 GE 2/0/0 P3
10.1.2.1/30 10.1.2.2/30
P1 GE 3/0/0 GE 2/0/0 P5
10.1.3.1/30 10.1.3.2/30
P2 GE 2/0/0 GE 2/0/0 P4
10.1.4.1/30 10.1.4.2/30
P2 GE 3/0/0 GE 2/0/0 P6
10.1.5.1/30 10.1.5.2/30
P3 GE 1/0/0 GE 1/0/0 P4
10.1.6.1/30 10.1.6.2/30
P3 GE 3/0/0 GE 3/0/0 P5
10.1.7.1/30 10.1.7.2/30
P4 GE 3/0/0 GE 3/0/0 P6
10.1.8.1/30 10.1.8.2/30
P5 GE 1/0/0 GE 1/0/0 P6
10.1.9.1/30 10.1.9.2/30
P1 1.1.1.1/32
P2 2.2.2.2/32
P3 3.3.3.3/32
P4 4.4.4.4/32
P5 5.5.5.5/32
P6 6.6.6.6/32
PE1 7.7.7.7/32
PE3 8.8.8.8/32
Parameter Value
Parameter Value
IS-IS process ID 64
Level 2
Parameter Value
Tunnel ID 100
Tunnel metric value Smaller than the metric value of the primary
path and greater than the metric values of
other paths so that the tunnel can become the
backup path and LDP over TE can be
implemented
Procedure
Step 1 Configure IP addresses for interfaces.
Configure the IP address and mask for each interface according to Table 7-3 and Table 7-4.
This example assumes that you know the configuration method and no details are provided here.
Step 2 Configure IS-IS.
Configure IS-IS on all the PE and P nodes, and configure P1 and PE1. The configurations of
other nodes are similar to the configurations of P1 and PE1 and therefore are not mentioned here.
# Configure P1.
[P1] router id 1.1.1.1
[P1] isis 64
[P1-isis-64] network-entity 86.0010.0010.0100.1001.00
[P1-isis-64] is-level level-2
[P1-isis-64] cost-style wide
[P1-isis-64] is-name P1
[P1-isis-64] quit
[P1] interface loopback 0
[P1-LoopBack0] isis enable 64
[P1-LoopBack0] quit
[P1] interface gigabitethernet 1/0/0
[P1-GigabitEthernet1/0/0] isis enable 64
[P1-GigabitEthernet1/0/0] isis cost 5
[P1-GigabitEthernet1/0/0] quit
[P1] interface gigabitethernet 2/0/0
[P1-GigabitEthernet2/0/0] isis enable 64
[P1-GigabitEthernet2/0/0] isis cost 5
[P1-GigabitEthernet2/0/0] quit
[P1] interface gigabitethernet 3/0/0
[P1-GigabitEthernet3/0/0] isis enable 64
[P1-GigabitEthernet3/0/0] isis cost 5
[P1-GigabitEthernet3/0/0] quit
[P1] interface gigabitethernet 3/1/0
[P1-GigabitEthernet3/1/0] isis enable 64
[P1-GigabitEthernet3/1/0] isis cost 5
[P1-GigabitEthernet3/1/0] quit
# Configure PE1.
[PE1] router id 7.7.7.7
[PE1] isis 64
[PE1-isis-64] network-entity 86.0010.0070.0700.7007.00
[PE1-isis-64] is-level level-2
[PE1-isis-64] cost-style wide
[PE1-isis-64] is-name PE1
[PE1-isis-64] quit
[PE1] interface loopback 0
[PE1-LoopBack0] isis enable 64
[PE1-LoopBack0] quit
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] isis enable 64
[PE1-GigabitEthernet1/0/0] isis cost 5
[PE1-GigabitEthernet1/0/0] quit
[PE1] interface gigabitethernet 2/0/0
[PE1-GigabitEthernet2/0/0] isis enable 64
[PE1-GigabitEthernet2/0/0] isis cost 5
[PE1-GigabitEthernet2/0/0] quit
After the preceding configurations, run the display ip routing-table command on each node.
The command output shows that the nodes have learned routes from each other. For example,
when checking whether there are routes to the IP address of Loopback 0 on PE1, you can find
the following information:
Enable MPLS, MPLS TE, and RSVP-TE on the interfaces of P1, P2, P3, and P4, and enable
CSPF on the ingress of the tunnel.
Configure P1 and P2. The configuration of P3 is similar to that of P1, and the configuration of
P4 is similar to that of P2.
# Configure P1.
[P1] mpls lsr-id 1.1.1.1
[P1] mpls
[P1-mpls] mpls te
[P1-mpls] mpls rsvp-te
[P1-mpls] mpls te cspf
[P1-mpls] quit
[P1] interface gigabitethernet 1/0/0
[P1-GigabitEthernet1/0/0] mpls
[P1-GigabitEthernet1/0/0] mpls te
[P1-GigabitEthernet1/0/0] mpls rsvp-te
[P1-GigabitEthernet1/0/0] mpls te bandwidth max-reservable-bandwidth 200000
[P1-GigabitEthernet1/0/0] mpls te bandwidth bc0 200000
[P1-GigabitEthernet1/0/0] quit
# Configure P2.
[P2] mpls lsr-id 2.2.2.2
[P2] mpls
[P2-mpls] mpls te
[P2-mpls] mpls rsvp-te
[P2-mpls] quit
[P2] interface gigabitethernet 1/0/0
[P2-GigabitEthernet1/0/0] mpls
[P2-GigabitEthernet1/0/0] mpls te
[P2-GigabitEthernet1/0/0] mpls rsvp-te
[P2-GigabitEthernet1/0/0] mpls te bandwidth max-reservable-bandwidth 200000
[P2-GigabitEthernet1/0/0] mpls te bandwidth bc0 200000
[P2-GigabitEthernet1/0/0] quit
[P2] interface gigabitethernet 2/0/0
[P2-GigabitEthernet2/0/0] mpls
[P2-GigabitEthernet2/0/0] mpls te
[P2-GigabitEthernet2/0/0] mpls rsvp-te
[P2-GigabitEthernet2/0/0] mpls te bandwidth max-reservable-bandwidth 200000
[P2-GigabitEthernet2/0/0] mpls te bandwidth bc0 200000
[P2-GigabitEthernet2/0/0] quit
# On P1, configure an explicit path for the TE tunnel. The configuration of P3 is similar to that
of P1 and is not mentioned here.
[P1] explicit-path to_P3
[P1-explicit-path-to_p3] next hop 10.1.1.2
[P1-explicit-path-to_p3] next hop 10.1.4.2
[P1-explicit-path-to_p3] next hop 10.1.6.1
[P1-explicit-path-to_p3] next hop 3.3.3.3
[P1-explicit-path-to_p3] quit
# Configure a tunnel interface on P1. The configuration of P3 is similar to that of P1 and is not
mentioned here.
[P1] interface Tunnel1/0/0
[P1-Tunnel1/0/0] to_P3
[P1-Tunnel1/0/0] ip address unnumbered interface LoopBack0
[P1-Tunnel1/0/0] tunnel-protocol mpls te
[P1-Tunnel1/0/0] destination 3.3.3.3
[P1-Tunnel1/0/0] mpls te tunnel-id 100
[P1-Tunnel1/0/0] mpls te bandwidth ct0 200000
[P1-Tunnel1/0/0] mpls te path explicit-path to_P3
[P1-Tunnel1/0/0] mpls te commit
After the preceding configurations, run the display interface tunnel 1/0/0 command on P1 and
P3. The command output shows that the status of the tunnel interface is Up.
[P1] display interface tunnel 1/0/0
Tunnel1/0/0 current state : UP
Line protocol current state : UP
Last up time: 2009-09-29, 16:35:10
Description : to_P3
# Configure P1.
[P1] mpls ldp
[P1] interface gigabitethernet 2/0/0
[P1-GigabitEthernet2/0/0] mpls ldp
[P1-GigabitEthernet2/0/0] quit
[P1] interface gigabitethernet 3/0/0
[P1-GigabitEthernet3/0/0] mpls ldp
[P1-GigabitEthernet3/0/0] quit
[P1] interface gigabitethernet 3/1/0
[P1-GigabitEthernet3/1/0] mpls ldp
[P1-GigabitEthernet3/1/0] quit
[P1] mpls ldp remote-peer to_P3
[P1-mpls-ldp-remote-to_P3] remote-ip 3.3.3.3
[P1-mpls-ldp-remote-to_P3] quit
# Configure P3.
[P3] mpls ldp
[P3] interface gigabitethernet 2/0/0
[P3-GigabitEthernet2/0/0] mpls ldp
[P3-GigabitEthernet2/0/0] quit
[P3] interface gigabitethernet 3/0/0
[P3-GigabitEthernet3/0/0] mpls ldp
[P3-GigabitEthernet3/0/0] quit
[P3] interface gigabitethernet 3/1/0
[P3-GigabitEthernet3/1/0] mpls ldp
[P3-GigabitEthernet3/1/0] quit
# Configure P5.
[P5] mpls lsr-id 5.5.5.5
[P5] mpls
[P5-mpls] quit
[P5] mpls ldp
[P5-mpls-ldp] quit
[P5] interface gigabitethernet 2/0/0
[P5-GigabitEthernet2/0/0] mpls
[P5-GigabitEthernet2/0/0] mpls ldp
[P5-GigabitEthernet2/0/0] quit
[P5] interface gigabitethernet 3/0/0
[P5-GigabitEthernet3/0/0] mpls
[P5-GigabitEthernet3/0/0] mpls ldp
[P5-GigabitEthernet3/0/0] quit
# On the tunnel interface, enable forwarding adjacency and the IS-IS process, and adjust the
metric of the tunnel interface so that the tunnel interface can become the outbound interface of
the second best IS-IS route. Take the configuration of P1 as an example. The configuration of
P3 is similar to that of P1 and is not mentioned here.
[P1] interface tunnel 1/0/0
[P1-Tunnel1/0/0] mpls te igp advertise
[P1-Tunnel1/0/0] mpls te igp metric absolute 6
[P1-Tunnel1/0/0] mpls te commit
[P1-Tunnel1/0/0] isis enable 1
After the preceding configuration, run the display mpls ldp lsp command on PE1. The command
output shows that an LDP LSP is established. Take the display on PE1 as an example.
[PE1] display mpls ldp lsp 8.8.8.8 32
Enable IS-IS Auto FRR on P1 and P3, and disable the interfaces that connect P nodes to PE
nodes from becoming IS-IS LFA backup interfaces.
# Configure P1.
[P1] isis 64
[P1-isis-64] frr
[P1-isis-64-frr] loop-free-alternate level-2
[P1-isis-64-frr] quit
[P1-isis-64] quit
[P1] interface gigabitethernet3/1/0
[P1-GigabitEthernet3/1/0] undo isis lfa-backup
[P1-GigabitEthernet3/1/0] quit
# Configure P3.
[P3] isis 64
[P3-isis-64] frr
[P3-isis-64-frr] loop-free-alternate level-2
[P3-isis-64-frr] quit
[P3-isis-64] quit
[P3] interface gigabitethernet3/1/0
[P3-GigabitEthernet3/1/0] undo isis lfa-backup
[P3-GigabitEthernet3/1/0] quit
# Run the display fib 3.3.3.3 32 verbose command on P1 to view the FIB entry to P3.
[P1] display fib 3.3.3.3 32 verbose
Route Entry Count: 1
Destination: 3.3.3.3 Mask : 255.255.255.255
Nexthop : 10.1.2.2 OutIf : GE2/0/0
LocalAddr : 10.1.2.1 LocalMask: 0.0.0.0
Flags : DGU Age : 124sec
ATIndex : 0 Slot : 0
LspFwdFlag : 0 LspToken : 0x0
InLabel : NULL OriginAs : 0
BGPNextHop : 0.0.0.0 PeerAs : 0
QosInfo : 0x0 OriginQos: 0x0
NexthopBak : 10.1.1.2 OutIfBak : Tunnel1/0/0
LspTokenBak: 0x0 InLabelBak : NULL
LspToken_ForInLabelBak : 0x0
EntryRefCount : 0
VlanId : 0x0
LspType : 0 Label_ForLspTokenBak : 0
MplsMtu : 0 Gateway_ForLspTokenBak : 0
NextToken : 0 IfIndex_ForLspTokenBak : 0
Label_NextToken : 0 Label : 0
LspBfdState : 0
# Run the shutdown command on GE 2/0/0 of P1 or P3 to simulate a link fault. Take the
configuration of P1 as an example.
[P1] interface gigabitethernet 2/0/0
[P1-GigabitEthernet2/0/0] shutdown
# Run the display fib 3.3.3.3 32 verbose command on P1 to view the FIB entry to P3.
[P1] display fib 3.3.3.3 32 verbose
Route Entry Count: 1
Destination: 3.3.3.3 Mask : 255.255.255.255
Nexthop : 10.1.1.2 OutIf : Tunnel1/0/0
LocalAddr : 10.1.1.1 LocalMask: 0.0.0.0
Flags : DGU Age : 124sec
ATIndex : 0 Slot : 0
LspFwdFlag : 0 LspToken : 0x0
InLabel : NULL OriginAs : 0
BGPNextHop : 0.0.0.0 PeerAs : 0
QosInfo : 0x0 OriginQos: 0x0
NexthopBak : 0.0.0.0 OutIfBak : [No Intf]
LspTokenBak: 0x0 InLabelBak : NULL
LspToken_ForInLabelBak : 0x0
EntryRefCount : 0
VlanId : 0x0
LspType : 0 Label_ForLspTokenBak : 0
MplsMtu : 0 Gateway_ForLspTokenBak : 0
NextToken : 0 IfIndex_ForLspTokenBak : 0
Label_NextToken : 0 Label : 0
LspBfdState : 0
The command output shows that traffic from P1 to P3 has been switched to the backup link with
the outbound interface being Tunnel 1/0/0.
----End
Configuration Files
l Configuration file of P1
#
sysname P1
#
router id 1.1.1.1
#
mpls lsr-id 1.1.1.1
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
explicit-path to_p3
next hop 10.1.1.2
next hop 10.1.4.2
next hop 10.1.6.1
next hop 3.3.3.3
#
mpls ldp
#
mpls ldp remote-peer to_p3
remote-ip 3.3.3.3
undo remote-ip pwe3
#
isis 64
frr
loop-free-alternate level-2
is-level level-2
cost-style wide
network-entity 86.0010.0010.0100.1001.00
is-name P1
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
isis enable 64
#
interface Tunnel1/0/0
description toP3
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 3.3.3.3
mpls te tunnel-id 100
mpls te bandwidth ct0 200000
mpls te path explicit-path to_p3
mpls te igp advertise
mpls te igp metric absolute 6
mpls te commit
isis enable 64
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.1.1.1 255.255.255.252
isis enable 64
isis cost 5
mpls
mpls te
mpls rsvp-te
mpls te bandwidth max-reservable-bandwidth 200000
mpls te bandwidth bc0 200000
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.1.2.1 255.255.255.252
isis enable 64
isis cost 5
mpls
mpls ldp
#
interface GigabitEthernet3/0/0
undo shutdown
ip address 10.1.3.1 255.255.255.252
isis enable 64
isis cost 5
mpls
mpls ldp
#
interface GigabitEthernet3/1/0
undo shutdown
ip address 10.1.10.2 255.255.255.252
isis enable 64
isis cost 5
undo isis lfa-backup
mpls
mpls ldp
#
return
l Configuration file of P2
#
sysname P2
#
router id 2.2.2.2
#
mpls lsr-id 2.2.2.2
mpls
mpls te
mpls rsvp-te
#
mpls ldp
#
isis 64
is-level level-2
cost-style wide
network-entity 86.0010.0020.0200.2002.00
is-name P2
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
isis enable 64
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.1.1.2 255.255.255.252
isis enable 64
isis cost 5
mpls
mpls te
mpls rsvp-te
mpls te bandwidth max-reservable-bandwidth 200000
mpls te bandwidth bc0 200000
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.1.4.1 255.255.255.252
isis enable 64
isis cost 5
mpls
mpls te
mpls te bandwidth max-reservable-bandwidth 200000
mpls te bandwidth bc0 200000
mpls ldp
#
interface GigabitEthernet3/0/0
undo shutdown
ip address 10.1.5.1 255.255.255.252
isis enable 64
isis cost 5
mpls
mpls ldp
#
interface GigabitEthernet3/1/0
undo shutdown
ip address 10.1.11.2 255.255.255.252
isis enable 64
isis cost 5
mpls
mpls ldp
#
return
l Configuration file of P3
#
sysname P3
#
router id 3.3.3.3
#
mpls lsr-id 3.3.3.3
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
explicit-path to_p3
next hop 10.1.6.2
next hop 10.1.4.1
next hop 10.1.1.1
next hop 1.1.1.1
#
mpls ldp
#
mpls ldp remote-peer to_p1
remote-ip 1.1.1.1
undo remote-ip pwe3
#
isis 64
frr
loop-free-alternate level-2
is-level level-2
cost-style wide
network-entity 86.0010.0030.0300.3003.00
is-name P3
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
isis enable 64
#
interface Tunnel1/0/0
description toP1
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 1.1.1.1
mpls te tunnel-id 100
mpls te bandwidth ct0 200000
mpls te path explicit-path to_p1
mpls te igp advertise
mpls te igp metric absolute 6
mpls te commit
isis enable 64
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.1.6.1 255.255.255.252
isis enable 64
isis cost 5
mpls
mpls te
mpls rsvp-te
mpls te bandwidth max-reservable-bandwidth 200000
mpls te bandwidth bc0 200000
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.1.2.2 255.255.255.252
isis enable 64
isis cost 5
mpls
mpls ldp
#
interface GigabitEthernet3/0/0
undo shutdown
ip address 10.1.7.1 255.255.255.252
isis enable 64
isis cost 5
mpls
mpls ldp
#
interface GigabitEthernet3/1/0
undo shutdown
ip address 10.1.12.2 255.255.255.252
isis enable 64
isis cost 5
undo isis lfa-backup
mpls
mpls ldp
#
return
l Configuration file of P4
#
sysname P4
#
router id 4.4.4.4
#
mpls lsr-id 4.4.4.4
mpls
mpls te
mpls rsvp-te
#
mpls ldp
#
isis 64
is-level level-2
cost-style wide
network-entity 86.0010.0040.0400.4004.00
is-name P4
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
isis enable 64
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.1.6.2 255.255.255.252
isis enable 64
isis cost 5
mpls
mpls te
mpls rsvp-te
mpls te bandwidth max-reservable-bandwidth 200000
mpls te bandwidth bc0 200000
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.1.4.2 255.255.255.252
isis enable 64
isis cost 5
mpls
mpls te
mpls te bandwidth max-reservable-bandwidth 200000
mpls te bandwidth bc0 200000
mpls ldp
#
interface GigabitEthernet3/0/0
undo shutdown
ip address 10.1.8.1 255.255.255.252
isis enable 64
isis cost 5
mpls
mpls ldp
#
interface GigabitEthernet3/1/0
undo shutdown
ip address 10.1.13.2 255.255.255.252
isis enable 64
isis cost 5
mpls
mpls ldp
#
return
l Configuration file of P5
#
sysname P5
#
router id 5.5.5.5
#
mpls lsr-id 5.5.5.5
mpls
#
mpls ldp
#
isis 64
is-level level-2
cost-style wide
network-entity 86.0010.0050.0500.5005.00
is-name P5
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
isis enable 64
#
interface GigabitEthernet1/0/0
undo shutdown
l Configuration file of P6
#
sysname P6
#
router id 6.6.6.6
#
mpls lsr-id 6.6.6.6
mpls
#
mpls ldp
#
isis 64
is-level level-2
cost-style wide
network-entity 86.0010.0060.0600.6006.00
is-name P6
#
interface LoopBack0
ip address 6.6.6.6 255.255.255.255
isis enable 64
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.1.9.2 255.255.255.252
isis enable 64
isis cost 5
mpls
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.1.5.2 255.255.255.252
isis enable 64
isis cost 5
mpls
mpls ldp
#
interface GigabitEthernet3/0/0
undo shutdown
ip address 10.1.8.2 255.255.255.252
isis enable 64
isis cost 5
mpls
mpls ldp
#
return
isis enable 64
isis cost 5
mpls
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.1.13.1 255.255.255.252
isis enable 64
isis cost 5
mpls
mpls ldp
#
return
Networking Requirements
In the network shown in Figure 7-16, Router A, Router B, and Router C belong to the same AS.
Network interconnection is implemented through IS-IS and the GR mechanism is provided.
After IS-IS adjacencies are set up between Router A, Router B, and Router C, the three routers
start to exchange routing information. When IS-IS on Router A restarts, Router A resends
connection requests to neighbors to synchronize the LSDB.
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure an IP address for each interface.
This example assumes that you know the configuration method and no details are provided here.
This example assumes that you know the configuration method and no details are provided here.
# Enable IS-IS GR on Router A and set the restart interval. The configurations of Router B and
Router C are the same as the configuration of Router A. Take the configuration of Router A as
an example.
[RouterA] isis 1
[RouterA-isis-1] graceful-restart
[RouterA-isis-1] graceful-restart interval 150
# Run the display fib command on Router A to view the Forwarding Information Base (FIB)
table.
<RouterA> display fib
FIB Table:
Total number of Routes : 6
Destination/Mask Nexthop Flag TimeStamp Interface TunnelID
127.0.0.1/32 127.0.0.1 HU t[21] InLoop0 0x0
127.0.0.0/8 127.0.0.1 U t[21] InLoop0 0x0
10.1.1.1/32 127.0.0.1 HU t[20678] InLoop0 0x0
10.1.1.0/24 10.1.1.1 U t[20678] GE1/0/0 0x0
10.1.1.2/32 10.1.1.2 HU t[20678] GE1/0/0 0x0
10.2.1.0/24 10.1.1.2 DGU t[79388] GE1/0/0 0x0
NOTE
A router restarts an IS-IS process in GR mode only when GR is enabled in the IS-IS process.
# Run the display fib command on Router A, and view the FIB table to check whether GR works
normally. If GR works normally, the FIB table does not change and the forwarding service is
not affected when Router A restarts the IS-IS process in GR mode.
<RouterA> display fib
FIB Table:
Total number of Routes : 6
Destination/Mask Nexthop Flag TimeStamp Interface TunnelID
127.0.0.1/32 127.0.0.1 HU t[21] InLoop0 0x0
127.0.0.0/8 127.0.0.1 U t[21] InLoop0 0x0
10.1.1.1/32 127.0.0.1 HU t[20678] InLoop0 0x0
10.1.1.0/24 10.1.1.1 U t[20678] GE1/0/0 0x0
10.1.1.2/32 10.1.1.2 HU t[20678] GE1/0/0 0x0
10.2.1.0/24 10.1.1.2 DGU t[79388] GE1/0/0 0x0
As shown in the display, the FIB table on Router A does not change and the forwarding service
is not affected.
# Run the display fib command on Router A immediately to view the FIB table.
<RouterA> display fib
FIB Table:
Total number of Routes : 5
Destination/Mask Nexthop Flag TimeStamp Interface TunnelID
127.0.0.1/32 127.0.0.1 HU t[21] InLoop0 0x0
127.0.0.0/8 127.0.0.1 U t[21] InLoop0 0x0
10.1.1.1/32 127.0.0.1 HU t[20678] InLoop0 0x0
10.1.1.0/24 10.1.1.1 U t[20678] GE1/0/0 0x0
10.1.1.2/32 10.1.1.2 HU t[20678] GE1/0/0 0x0
As shown in the display, Router A does not restart the IS-IS process in GR mode; the FIB table
changes; compared with the IS-IS process in GR mode, the route to network segment 10.2.1.0
does not exist; service forwarding is affected.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
isis 1
graceful-restart
graceful-restart interval 150
is-level level-1
network-entity 10.0000.0000.0001.00
#
interface GigabitEthernet 1/0/0
link-protocol ppp
ip address 10.1.1.1 255.255.255.0
isis enable 1
#
return
graceful-restart
graceful-restart interval 150
network-entity 10.0000.0000.0003.00
#
interface GigabitEthernet 1/0/0
link-protocol ppp
ip address 10.1.1.2 255.255.255.0
isis enable 1
#
interface GigabitEthernet 2/0/0
link-protocol ppp
ip address 10.2.1.1 255.255.255.0
isis enable 1
#
return
Networking Requirements
As show in Figure 7-17:
NOTE
BFD for IS-IS cannot be used to detect the multi-hops link between Router A and Router C, because the
IS-IS neighbor relationship cannot be established between Router A and Router C.
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
l IS-IS process ID
l Area addresses of Router A, Router B, and Router C
l Levels of Router A, Router B, and Router C
l Name of the BFD session set up between Router A and Router B and the peer IP address
to be detected
l Local and remote discriminators of the BFD session set up between Router A and Router
B
Procedure
Step 1 Configure an IP address for each interface.
This example assumes that you know the configuration method and no details are provided here.
# Configure Router A.
[RouterA] isis 1
[RouterA-isis-1] is-level level-2
[RouterA-isis-1] network-entity aa.1111.1111.1111.00
[RouterA-isis-1] quit
[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] isis enable 1
[RouterA-GigabitEthernet1/0/0] quit
# Configure Router B.
[RouterB] isis 1
[RouterB-isis-1] is-level level-2
[RouterB-isis-1] network-entity aa.2222.2222.2222.00
[RouterB-isis-1] quit
[RouterB] interface gigabitethernet 1/0/0
[RouterB-GigabitEthernet1/0/0] isis enable 1
[RouterB-GigabitEthernet1/0/0] quit
[RouterB] interface gigabitethernet 2/0/0
[RouterB-gigabitethernet2/0/0] isis enable 1
[RouterB-gigabitethernet2/0/0] quit
# Configure Router C.
[RouterC] isis 1
[RouterC-isis-1] is-level level-2
[RouterC-isis-1] network-entity aa.3333.3333.3333.00
[RouterC-isis-1] quit
[RouterC] interface gigabitethernet 1/0/0
[RouterC-gigabitethernet1/0/0] isis enable 1
[RouterC-gigabitethernet1/0/0] quit
After the preceding configurations, you can view that the neighbor relationship is established
between Router A and Router B.
[RouterA] display isis peer
Peer information for ISIS(1)
----------------------------
System Id Interface Circuit Id State HoldTime Type PRI
2222.2222.2222 GE1/0/0 2222.2222.2222.00 Up 23s L2
64
The IS-IS routing table of Router A has entries to Router B and Router C.
[RouterA] display isis route
After the preceding configurations, you can view that the status of the static BFD is YES when
the display isis interface verbose command is used on Router A or Router B.
# Configure Router B.
[RouterB] interface gigabitethernet 1/0/0
[RouterB-GigabitEthernet1/0/0] isis bfd static
[RouterB-GigabitEthernet1/0/0] quit
# On Router A, the following log information and debugging information are displayed. It
indicates that IS-IS deletes the neighbor relationship with Router B according to the fault
reported by BFD.
ISIS/4/PEER_DOWN_BFDDOWN/1880166931 UL/R "ISIS 1 neighbor
2222.2222.2222 is down on the interface GE1/0/0 because BFD node is Down.
ISIS/4/PEER_DOWN_BFDDOWN/1880166931 UL/R "ISIS 1 neighbor
2222.2222.2222 was Down on interface GE1/0/0
because the BFD node was down. The Hello packet was received at 11:32:10 last
time; the maximum interval for sending Hello packets was 9247;the local router sent
426 Hello
packets and received 61 packets;the type of the Hello packet was Lan Level-2."
Run the display isis route command or the display isis peer command on Router A, no
information is displayed. This indicates that the IS-IS neighbor relationship between Router A
and Router B is deleted.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
bfd
#
isis 1
is-level level-2
network-entity aa.1111.1111.1111.00
#
interface GigabitEthernet1/0/0
ip address 10.1.1.1 255.255.255.0
isis enable 1
isis bfd static
#
bfd atob bind peer-ip 10.1.1.2 interface GigabitEthernet1/0/0
discriminator local 1
discriminator remote 2
commit
#
return
Networking Requirements
As shown in Figure 7-18, it is required as follows:
l Traffic is transmitted on the active link Router A → Router B. The link Router A → Router
B → Router C acts as the standby link.
l Enable BFD of the interface on the link between Router A and Router B. When the link
between Router A and Router B fails, BFD can quickly detect the fault and notify IS-IS of
the fault; therefore, the traffic is transmitted on the standby link.
GE1/0/0 GE1/0/0
1.1.1.1/24 2.2.2.2/24
GE1/0/0 GE2/0/0
1.1.1.2/24 2.2.2.1/24
RouterC
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable IS-IS on each router and ensure the connectivity of the routers
2. Set the interface cost of IS-IS to control the route selection of the routers.
3. Enable global BFD.
4. Enable the BFD detection mechanism of the IS-IS process on Router A, Router B, and
Router C.
5. Enable the BFD detection mechanism of the interfaces on Router A and Router B.
Data Preparation
To complete the configuration, you need the following data:
l Process ID of IS-IS
l Area numbers of Router A, Router B, and Router C
l Interface cost of Router A, Router B and Router C
l Interface number and type number of BFD enabled on Router A and Router B
l Minimum interval for sending the BFD packets, minimum interval for receiving the BFD
packets, and local detection multiple on Router A and Router B
Procedure
Step 1 Assign an IP address to each interface.
# Configure Router B.
[RouterB] isis
[RouterB-isis-1] is-level level-2
[RouterB-isis-1] network-entity 10.0000.0000.0002.00
[RouterB-isis-1] quit
[RouterB] interface gigabitethernet 1/0/0
[RouterB-GigabitEthernet1/0/0] isis enable 1
[RouterB-GigabitEthernet1/0/0] quit
[RouterB] interface gigabitethernet 2/0/0
[RouterB-GigabitEthernet1/0/0] isis enable 1
[RouterB-GigabitEthernet1/0/0] quit
[RouterB] interface gigabitethernet 3/0/0
[RouterB-GigabitEthernet3/0/0] isis enable 1
[RouterB-GigabitEthernet3/0/0] quit
# Configure Router C.
[RouterC] isis
[RouterC-isis-1] is-level level-2
[RouterC-isis-1] network-entity 10.0000.0000.0003.00
[RouterC-isis-1] quit
[RouterC] interface gigabitethernet 1/0/0
[RouterC-GigabitEthernet1/0/0] isis enable 1
[RouterC-GigabitEthernet1/0/0] quit
[RouterC] interface gigabitethernet 2/0/0
[RouterC-GigabitEthernet2/0/0] isis enable 1
[RouterC-GigabitEthernet2/0/0] quit
# After the preceding configurations are complete, use the display isis peer command. You can
view that the neighboring relationship is set up between Router A and Router B, and that between
Router A and Router C. Take the configuration on Router A as an example:
[RouterA] display isis peer
Peer information for ISIS(1)
----------------------------
System Id Interface Circuit Id State HoldTime Type PRI
0000.0000.0002 GE2/0/0 0000.0000.0002.01 Up 9s L2 64
0000.0000.0003 GE1/0/0 0000.0000.0001.02 Up 21s L2 64
Total Peer(s): 2
# The routers have learnt routes of each other. Take the routing table of Router A as an example:
[RouterA] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 9
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 Direct 0 0 D 1.1.1.1 GigabitEthernet1/0/0
As shown in the routing table, the next hop address of the route to 172.16.1.0/24 is 3.3.3.2 and
traffic is transmitted on the active link from Router A to Router B.
# Configure Router A.
[RouterA] interface gigabitethernet 2/0/0
[RouterA-GigabitEthernet1/0/0] isis cost 5
[RouterA-GigabitEthernet1/0/0] quit
# Configure Router B.
[RouterB] interface gigabitethernet 2/0/0
[RouterB-GigabitEthernet1/0/0] isis cost 5
[RouterB-GigabitEthernet1/0/0] quit
# After the preceding configurations are complete, run the display isis bfd session all command
on Router A, Router B, or Router C. You can view that the status of BFD is Up.
From the preceding display, you can view that the status of the BFD session between Router A
and Router B and that between Router A and Router C are Up.
# Configure BFD on GE 2/0/0 of Router A, set the minimum interval for sending the packets
and the minimum interval for receiving the packets to 100 ms, and set the local detection time
multiple to 4.
[RouterA] interface gigabitethernet 2/0/0
[RouterA-GigabitEthernet2/0/0] isis bfd enable
[RouterA-GigabitEthernet2/0/0] isis bfd min-tx-interval 100 min-rx-interval 100
detect-multiplier 4
[RouterA-GigabitEthernet2/0/0] quit
# Configure BFD on GE 2/0/0 of Router B, set the minimum interval for sending the packets
and the minimum interval for receiving the packets to 100 ms, and set the local detection time
multiple to 4.
[RouterB] bfd
[RouterB-bfd] quit
[RouterB] interface gigabitethernet 2/0/0
[RouterB-GigabitEthernet2/0/0] isis bfd enable
[RouterB-GigabitEthernet2/0/0] isis bfd min-tx-interval 100 min-rx-interval 100
detect-multiplier 4
[RouterB-GigabitEthernet2/0/0] quit
# After the preceding configurations are complete, run the display isis bfd session all command
on Router A or Router B. You can view that the parameters of the BFD have taken effect. Take
the display of Router B as an example:
[RouterB] display isis bfd session all
BFD session information for ISIS(1)
-----------------------------------
Peer System ID : 0000.0000.0001 Interface : GE2/0/0
TX : 100 BFD State : up Peer IP Address : 3.3.3.1
RX : 100 LocDis : 8192 Local IP Address: 3.3.3.2
Multiplier : 4 RemDis : 8192 Type : L2
Diag : No diagnostic information
Peer System ID : 0000.0000.0003 Interface : GE1/0/0
TX : 100 BFD State : up Peer IP Address : 2.2.2.1
RX : 100 LocDis : 8192 Local IP Address: 2.2.2.2
Multiplier : 3 RemDis : 8193 Type : L2
Diag : No diagnostic information
Total BFD session(s): 2
# Run the shutdown command on GE 2/0/0 of Router B to simulate the active link failure.
[RouterB] interface gigabitethernet 2/0/0
[RouterB-GigabitEthernet2/0/0] shutdown
As shown in the routing table, the standby link Router A → Router C → Router B takes effect
after the active link fails. The next hop address of the route to 172.16.1.0/24 becomes 1.1.1.2.
# Run the display isis bfd session all command on Router A. You can view the status of the
BFD session is Up between Router A and Router C.
[RouterA] display isis bfd session all
BFD session information for ISIS(1)
-----------------------------------
Peer System ID : 0000.0000.0003 Interface : GE1/0/0
TX : 100 BFD State : up Peer IP Address : 1.1.1.2
RX : 100 LocDis : 8192 Local IP Address: 1.1.1.1
TX : 10 BFD State : up Peer IP Address : 1.1.1.2
RX : 10 LocDis : 8193 Local IP Address: 1.1.1.1
Multiplier : 3 RemDis : 8192 Type : L2
Diag : No diagnostic information
Total BFD session(s): 1
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
bfd
#
isis 1
is-level level-2
bfd all-interfaces enable
network-entity 10.0000.0000.0001.00
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 1.1.1.1 255.255.255.0
isis enable 1
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 3.3.3.1 255.255.255.0
isis enable 1
isis cost 5
isis bfd enable
isis bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier 4
#
return
is-level level-2
bfd all-interfaces enable
network-entity 10.0000.0000.0002.00
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 2.2.2.2 255.255.255.0
isis enable 1
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 3.3.3.2 255.255.255.0
isis enable 1
isis cost 5
isis bfd enable
isis bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier 4
#
interface GigabitEthernet3/0/0
undo shutdown
ip address 172.16.1.1 255.255.255.0
isis enable 1
#
return
Networking Requirements
Figure 7-19 shows an IS-IS IPv6 network. The primary path of traffic between Router S and
Router D is Router S-->Switch-->Router D, and the backup path is Router S-->Router N--
>Router D.
It is required to configure BFD for IPv6 IS-IS so that traffic between Router S and Router D can
be rapidly switched to the backup path when the primary path or Switch fails.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic IS-IS IPv6 functions on each router to ensure the IPv6 connectivity.
2. Adjust the IS-IS cost values of interfaces on each router so that the path Router S-->Switch--
>Router D becomes the primary path, and the path Router S-->Router N-->Router D
becomes the backup path.
3. Configure BFD globally on each router.
4. Enable BFD for IPv6 IS-IS in the IS-IS view of each router.
Data Preparation
To complete the configuration, you need the following data:
l IS-IS process ID
l IS-IS network entity title (NET)
l Level of each Router
l IS-IS cost value of each interface
l Interface to be enabled with BFD for IPv6 IS-IS
l Minimum interval for sending BFD packets, minimum interval for receiving BFD packets,
and local BFD detection multiplier
Procedure
Step 1 Enable IPv6 forwarding capability and configure an IPv6 address for each interface.
# The configurations of Router S are taken as an example. The configurations of other routers
are as the same as those of Router S and thus are not mentioned here.
<HUAWEI> system-view
[HUAWEI] sysname RouterS
[RouterS] ipv6
# Configure Router S.
[RouterS] isis 10
[RouterS-isis-10] is-level level-2
[RouterS-isis-10] network-entity 10.0000.0000.0001.00
[RouterS-isis-10] ipv6 enable
[RouterS-isis-10] quit
[RouterS] interface gigabitethernet 1/0/0
[RouterS-GigabitEthernet1/0/0] isis ipv6 enable 10
[RouterS-GigabitEthernet1/0/0] quit
[RouterS] interface gigabitethernet 2/0/0
[RouterS-GigabitEthernet2/0/0] isis ipv6 enable 10
[RouterS-GigabitEthernet2/0/0] quit
# Configure Router N.
[RouterN] isis 10
[RouterN-isis-10] is-level level-2
[RouterN-isis-10] network-entity 10.0000.0000.0002.00
[RouterN-isis-10] ipv6 enable
[RouterN-isis-10] quit
[RouterN] interface gigabitethernet 1/0/0
[RouterN-GigabitEthernet1/0/0] isis ipv6 enable 10
[RouterN-GigabitEthernet1/0/0] quit
[RouterN] interface gigabitethernet 2/0/0
[RouterN-GigabitEthernet2/0/0] isis ipv6 enable 10
[RouterN-GigabitEthernet2/0/0] quit
# Configure Router D.
[RouterD] isis 10
[RouterD-isis-10] is-level level-2
[RouterD-isis-10] network-entity 10.0000.0000.0003.00
[RouterD-isis-10] ipv6 enable
[RouterD-isis-10] quit
[RouterD] interface gigabitethernet 1/0/0
[RouterD-GigabitEthernet1/0/0] isis ipv6 enable 10
[RouterD-GigabitEthernet1/0/0] quit
[RouterD] interface gigabitethernet 2/0/0
[RouterD-GigabitEthernet2/0/0] isis ipv6 enable 10
[RouterD-GigabitEthernet2/0/0] quit
# After the preceding configurations, run the display ipv6 routing-table command. You can
view that routers have learned IPv6 routes from each other.
# Configure Router S.
[RouterS] interface gigabitethernet 1/0/0
[RouterS-GigabitEthernet1/0/0] isis ipv6 cost 1 level-2
[RouterS-GigabitEthernet1/0/0] quit
[RouterS] interface gigabitethernet 2/0/0
[RouterS-GigabitEthernet2/0/0] isis ipv6 cost 10 level-2
[RouterS-GigabitEthernet2/0/0] quit
# Configure Router N.
[RouterN] interface gigabitethernet 1/0/0
[RouterN-GigabitEthernet1/0/0] isis ipv6 cost 10 level-2
[RouterN-GigabitEthernet1/0/0] quit
# Configure Router D.
[RouterD] interface gigabitethernet 1/0/0
[RouterD-GigabitEthernet1/0/0] isis ipv6 cost 1 level-2
[RouterD-GigabitEthernet1/0/0] quit
[RouterD] interface gigabitethernet 2/0/0
[RouterD-GigabitEthernet2/0/0] isis ipv6 cost 10 level-2
[RouterD-GigabitEthernet2/0/0] quit
# On the Router S, Router N, and Router D, enable BFD for IPv6 IS-IS globally, set the minimum
interval for sending BFD packets to 150 ms and the minimum interval for receiving BFD packets
to 150 ms, and specify the local detection multiplier to 3.
# Configure Router S.
[RouterS] bfd
[RouterS-bfd] quit
[RouterS] isis 10
[RouterS-isis-10] ipv6 bfd all-interfaces enable
[RouterS-isis-10] ipv6 bfd all-interfaces min-tx-interval 150 min-rx-interval 150
[RouterS-isis-10] quit
# Configure Router N.
[RouterN] bfd
[RouterN-bfd] quit
[RouterN] isis 10
[RouterN-isis-10] ipv6 bfd all-interfaces enable
[RouterN-isis-10] ipv6 bfd all-interfaces min-tx-interval 150 min-rx-interval 150
[RouterN-isis-10] quit
# Configure Router D.
[RouterD] bfd
[RouterD-bfd] quit
[RouterD] isis 10
[RouterD-isis-10] ipv6 bfd all-interfaces enable
[RouterD-isis-10] ipv6 bfd all-interfaces min-tx-interval 150 min-rx-interval 150
[RouterD-isis-10] quit
# After the preceding configurations, run the display isis ipv6 bfd session all command on
Router S or Router D, and you can view that BFD detection parameters already take effect. Take
the display on Router S as an example.
[RouterS] display isis 10 ipv6 bfd session all
IPv6 BFD session information for ISIS(1)
-----------------------------------
Peer System ID : 0000.0000.0003 Interface : GE1/0/0 Type : L2
IPv6 BFD State : up TX : 150 RX : 150 Multiplier : 3
LocDis : 8184 Local IPv6 Address : FE80::E0:2F47:B107:1
RemDis : 8192 Peer IPv6 Address : FE80::E0:2F47:B103:1
Diag : No diagnostic information
# Run the shutdown command on Gigabit Ethernet 1/0/0 on Router D to simulate a primary
path failure.
[RouterD] interface gigabitethernet 1/0/0
[RouterD-GigabitEthernet1/0/0] shutdown
# Run the display ipv6 routing-table 2001:db8:4::1 120 command on Router S to view the
IPv6 routing table.
[RouterS] display ipv6 routing-table 2001:db8:4::1 120
Routing Table : Public
Summary Count 1
As shown in the IPv6 routing table, after the primary path fails, the backup path takes effect; the
next hop address of the route to 2001:db8:4::/120 becomes 2001:db8:2::2; the outbound interface
becomes Gigabit Ethernet 2/0/0; the route cost may also change.
# Run the display isis ipv6 bfd session all command on Router S, and you can view that there
is only one BFD session in the Up state between Router S and Router N.
[RouterS] display isis 10 ipv6 bfd session all
IPv6 BFD session information for ISIS(1)
-----------------------------------
Peer System ID : 0000.0000.0003 Interface : GE2/0/0 Type : L2
IPv6 BFD State : up TX : 150 RX : 150 Multiplier : 3
LocDis : 8184 Local IPv6 Address : FE80::C964:0:B8B6:1
RemDis : 8192 Peer IPv6 Address : FE80::C964:0:B203:1
Diag : No diagnostic information
----End
Configuration Files
l Configuration file of Router S
#
sysname RouterS
#
bfd
#
isis 10
is-level level-2
ipv6 bfd all-interfaces enable
ipv6 bfd all-interfaces min-tx-interval 150 min-rx-interval 150
network-entity 10.0000.0000.0001.00
#
ipv6 enable topology standard
#
#
interface GigabitEthernet1/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:db8:1::1/120
isis ipv6 enable 10
isis ipv6 cost 1
#
interface GigabitEthernet2/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:db8:2::1/120
isis ipv6 enable 10
isis ipv6 cost 10
#
return
network-entity 10.0000.0000.0003.00
#
ipv6 enable topology standard
#
#
interface GigabitEthernet1/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:db8:1::2/120
isis ipv6 enable 10
isis ipv6 cost 1
#
interface GigabitEthernet2/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:db8:3::2/120
isis ipv6 enable 10
isis ipv6 cost 10
#
return
8 BGP Configuration
BGP is used between ASs to transmit routing information on large-scale and complex networks.
8.1 Introduction
BGP is a dynamic routing protocol used between ASs.
8.7 Configuring a Device to Advertise BGP Supernet Unicast Routes to BGP Peers
This section describes how to configure a Border Gateway Protocol (BGP) device to advertise
BGP supernet unicast routes to BGP peers.
Deploying BGP RRs allows IBGP peers to communicate without establishing full-mesh
connections between them. Using BGP RRs simplifies network configurations and improves
route advertisement efficiency.
8.11 Configuring a BGP Confederation
BGP confederations can be configured on a large BGP network to reduce the number of IBGP
connections and simplify routing policy management, increasing route advertisement efficiency.
8.12 Configuring BGP Community Attributes
Community attributes are used to simplify routing policy management.
8.13 Configuring Prefix-based BGP ORF
Prefix-based BGP outbound route filtering (ORF) is used to enable a BGP device to send to its
BGP peer a set of routing policies that can be used by its peer to filter out unwanted routes during
route advertisement.
8.14 Configuring to Adjust the BGP Network Convergence Speed
You can adjust the BGP network convergence speed by adjusting BGP peer connection
parameters to adapt to changes on large-scale networks.
8.15 Configuring BGP Route Dampening
BGP route dampening can be configured to suppress unstable routes.
8.16 Configuring a BGP Device to Send a Default Route to Its Peer
After a BGP device is configured to send a default route to its peer, the BGP device sends a
default route with the local address as the next-hop address to a specified peer, regardless of
whether there are default routes in the local routing table. This greatly reduces the number of
routes on the network.
8.17 Configuring BGP Load Balancing
Configuring BGP load balancing better utilizes network resources and reduces network
congestion.
8.18 Configuring Path MTU Auto Discovery
Path MTU auto discovery allows BGP to discover the smallest MTU value on a path to ensure
that BGP messages satisfy the path MTU requirement. This function improves transmission
efficiency and BGP performance.
8.19 Configuring the BGP Next Hop Delayed Response
Configuring the BGP next hop delayed response can minimize traffic loss during route changes.
8.20 Configuring BFD for BGP
BFD for BGP speeds up fault detection and therefore increases the route convergence speed.
8.21 Configuring BGP Auto FRR
Border Gateway Protocol (BGP) Auto fast reroute (FRR), a protection measure against link
faults, applies to the network topology with both primary and backup links. It can be configured
for services that are sensitive to packet loss and delay.
8.22 Configuring BGP GR
BGP GR can be configured to avoid traffic interruption due to protocol restart.
8.23 Configuring BGP Security
Authentication can be implemented during the establishment of a TCP connection to enhance
BGP security.
8.24 Disabling the BGP-IPv4 Unicast Address Family
If you do not need to use BGP to transmit public IPv4 unicast routes, you can disable the BGP-
IPv4 unicast address family to reduce the consumption of system resources.
8.1 Introduction
BGP is a dynamic routing protocol used between ASs.
Background
When Internal Gateway Protocol (IGP) was first deployed, it was able to meet network
deployment requirements because networks were not as large as they now are. However,
increasing numbers of routes on large modern networks impose tough challenges on the
performance of devices. To solve this problem, ASs were introduced. One IGP runs within an
AS, and one Exterior Gateway Protocol (EGP) runs between ASs.
EGP, however, has the following shortcomings: It forwards routes without selecting optimal
routes and therefore cannot avoid loops. Therefore, EGP was replaced with BGP.
BGP overcomes these shortcomings and can advertise and maintain a large number of routes
more efficiently. BGP is deployed between ASs that may be under different technical
administrations. Therefore, BGP must have powerful routing control capabilities and can be
easily extended so that network security can be ensured.
BGP-1 (defined in RFC 1105), BGP-2 (defined in RFC 1163), and BGP-3 (defined in RFC 1267)
are three earlier-released versions of BGP. The current BGP version is BGP-4 defined in RFC
4271. As an exterior routing protocol on the Internet, BGP is widely used among Internet Service
Providers (ISPs).
NOTE
BGP Characteristics
Characteristics of BGP are as follows:
l Different from IGPs such as the Open Shortest Path First (OSPF) and Routing Information
Protocol (RIP), BGP is an EGP, which controls route advertisement and selects the optimal
route between ASs rather than discover or calculate routes.
l BGP uses the Transport Control Protocol (TCP) with port number 179 as the transport layer
protocol. The reliability of BGP is therefore enhanced.
l BGP supports Classless Inter-Domain Routing (CIDR).
l BGP transmits only the updated routes, saving the bandwidth used for route distribution.
Therefore, BGP is applicable to the Internet where a large number of routes are transmitted.
l BGP eliminates routing loops by adding AS_Path information to BGP routes.
l BGP provides multiple routing policies for flexible route selection and filtering.
l BGP can be easily extended and can adapt to the development of networks.
Related Terms
BGP is an inter-AS dynamic routing protocol and can be classified into IBGP and EBGP when
running on the router.
Figure 8-1 shows the relationships among AS, IBGP, and EBGP.
EBGP
AS65001
IBGP
EBGP
AS65002
IBGP
EBGP
EBGP
AS65003
BGP enables routes to be transmitted between ASs more efficiently and flexibly. Table 8-1
shows the BGP configuration outline.
Route Attributes
Based on route attributes, BGP routes are selected and the network administrator deploys routing
policies. Table 8-2 shows the main route attributes.
Local_Pref Determines the optimal route for See 8.4.4 Configuring a Default
the traffic that leaves an AS. Local_Pref Attribute for a
When the device running BGP Device.
receives multiple routes to the
same destination address but
with different next hops from
different IBGP peers, the route
with the highest Local_Pref is
selected as the optimal route.
Multi-Exit Determines the optimal route for See 8.4.5 Configuring MED
Discriminator (MED) the traffic that enters an AS. It is Attributes for BGP Routes.
similar to the metric used by an
IGP.
When the device running BGP
receives multiple routes to the
same destination address but
with different next hops from
different EBGP peers, the route
with the lowest MED is selected
as the optimal route.
AS_Path Records all ASs that a route See 8.4.7 Configuring AS_Path
passes through from the local Attributes for Routes.
end to the destination in the
distance-vector (DV) order.
AS_Path has the following
functions:
l Prevents routing loops
among ASs.
l Determines the selection of
the optimal route. (The BGP
route with the shortest
AS_Path is selected as the
optimal route.)
BGP selects routes by comparing the route attributes in the following sequence. When the optimal route
is selected based on the first route attribute, the subsequent attributes will be ignored.
Assume that load balancing is configured. If the preceding rules are the same and there are multiple
external routes with the same AS_Path, load balancing will be performed based on the number of
configured routes.
10. Prefers the route with the shortest Cluster_List.
NOTE
By default, Cluster_List takes precedence over Originator_ID during BGP route selection. To enable
Originator_ID to take precedence over Cluster_List during BGP route selection, run the bestroute
routerid-prior-clusterlist command.
11. Prefers the route advertised by the device with the smallest router ID.
NOTE
If routes carry the Originator_ID, the originator ID is substituted for the router ID during route
selection. The route with the smallest Originator_ID is preferred.
12. Prefers the route learned from the peer with the smallest address if the IP addresses of peers
are compared in the route selection process.
l When there are multiple active routes, the BGP speaker advertises only the optimal route
to its peer.
l The BGP speaker advertises only the preferred routes to its peer.
l The BGP speaker advertises the routes learned from EBGP peers to all BGP peers
(including EBGP and IBGP peers) except the peers that advertise these routes.
l The BGP speaker does not advertise the routes learned from IBGP peers to its IBGP peers.
l The BGP speaker advertises the routes learned from IBGP peers to its EBGP peers.
l The BGP speaker advertises all preferred BGP routes to the new peers when peer
relationships are established.
The NE80E/40E supports iteration-based BGP load balancing. If load balancing is configured
for a dependent route (assume that there are three next-hop addresses), BGP generates the same
number of next-hop addresses to forward packets. BGP load balancing based on iteration does
not need to be configured by using commands. This feature is permanently enabled on the
NE80E/40E.
BGP load balancing is different from IGP load balancing in the following implementation
methods:
l In IGPs, if there are different routes to the same destination address, an IGP calculates
metrics of these routes based on its own routing algorithm and performs load balancing
among the routes with the same metric.
l BGP does not have a routing algorithm, and therefore cannot determine whether to perform
load balancing among routes based on explicit metrics. However, BGP contains many route
attributes, which have different priorities in route selection principles. As a result, BGP
performs load balancing according to route selection principles. Specifically, load
balancing is performed according to the configured maximum number of equal-cost routes
only when all the routes have the same high preference.
NOTE
l By default, BGP performs load balancing only among the routes with the same AS_Path attribute. You
can use the bestroute as-path-ignore
command to configure BGP not to compare the AS_Path attribute of routes when performing load
balancing.
l BGP load balancing is also applicable between ASs in a confederation.
To reduce the number of routes exchanged between BGP peers, you can configure route
aggregation. To improve the efficiency of BGP route transmission, you can configure BGP
outbound route filtering (ORF).
In addition, BGP peers need to exchange BGP messages frequently. To improve the efficiency
of BGP message transmission, you can configure path maximum transmission unit (MTU) auto
discovery.
Table 8-4 shows solutions to suppressing route flapping and improving the efficiency of route
transmission.
Table 8-4 Solutions to suppressing route flapping and improving the efficiency of route
transmission
BGP timer To adjust BGP route Multiple timers are Keeping the default
modification convergence speed. used in maintaining values of timers is
BGP neighbor recommended because
relationships. The modifying the timer
timer values determine values may interrupt
the speed at which a BGP peer
fault on the network is relationships.
detected, and BGP peer
relationships are
established after the
fault is rectified.
BGP peer To adjust BGP route BGP peer tracking can Bidirectional
tracking convergence speed. speed up BGP route forwarding detection
convergence by (BFD) for BGP can
adjusting the interval also speed up fault
between peer detection and route
unreachability convergence.
discovery and However, BFD for
connection BGP needs to be
interruption. deployed on the entire
network and has poor
extensibility. If BFD
for BGP cannot be
deployed on the
network, BGP peer
tracking is
recommended because
it is simple to deploy
and has better
extensibility.
Next hop To speed up BGP route Next hop delayed The BGP next hop
delayed convergence and response allows a BGP delayed response is
response minimize traffic loss. peer to delay applicable only to the
responding to the next scenario where
hop unreachable event multiple links are
and to respond to this available between the
event only after the next hop and the
switched route is destination. If there is
available. Therefore, only one link between
the volume of traffic the next hop and the
lost during a route destination,
switchover is configuring the BGP
minimized. next hop delayed
response may increase
the volume of traffic
lost during a link
failure because link
switching is not
possible in this case.
BGP Auto fast To switch services After BGP Auto FRR is In most cases, BFD for
reroute (FRR) immediately in case of enabled on a router, the BGP and BGP Auto
a link failure. router selects the FRR are used together.
optimal route from the BGP Auto FRR takes
routes to the same effect based on the
destination network. In BFD detection result.
addition, the router
automatically adds
information about the
second optimal route to
the backup forwarding
entries of the optimal
route and delivers the
backup forwarding
entry to the forwarding
information base (FIB)
table.
When the active link
becomes faulty, the
system can switch the
traffic immediately to
the standby link. This
process is irrelevant to
route convergence.
Therefore, services are
interrupted only for a
short period of time.
Non-stop To ensure that the NSR ensures that route NSR is enabled by
routing (NSR) forwarding plane can processing is not default.
function properly even interrupted on the
if the control plane is control and forwarding
faulty. planes during a master/
slave MPU switchover
using the backup
mechanism of a related
protocol.
NSR does not depend
on or affect the remote
peer, and there is no
communication failure
arising from NSR.
AS_Path To discard routes You can specify upper If the upper limit is set
length carrying an AS_Path limits for the incoming too small, routes are
protection with its length and outgoing AS_Path lost.
exceeding the preset routes. A route is
upper limit. discarded if the
AS_Path length
exceeds the preset
upper limit.
To support multiple network layer protocols, the Internet Engineering Task Force (IETF) extends
BGP-4 to MP-BGP. RFC 2858 defines the MP-BGP standard.
The devices can communicate with each other, irrespective of whether they support MP-BGP.
BGP uses address families to distinguish different network layer protocols. For the values of
address families, refer to RFC 1700 (Assigned Numbers). Multiple MP-BGP extension
applications, such as VPN extensionIPv6 extension, can be configured in their respective address
family views.
NOTE
This chapter does not detail commands for specified applications in the MP-BGP address family view.
For configuration details in the BGP IPv6 address family view, see "BGP4+ configuration". For MP-BGP
applications in multicast, see "MP-BGP configuration" in HUAWEI NetEngine80E/40E Router
Configuration Guide-IP Multicast.
For configuration details in the BGP VPNv4 address family, BGP VPN instance address family, and BGP
Layer 2 Virtual Private Network (L2VPN) address family views, see HUAWEI NetEngine80E/40E Router
Configuration Guide-VPN.
Applicable Environment
By default, a BGP 4-byte AS number is displayed in dotted notation. To use integral 4-byte AS
numbers, perform this configuration task to display 4-byte AS numbers as integers.
NOTICE
Changing the format of 4-byte AS numbers will affect matching results of AS_Path regular
expressions and extended community attribute filters. Therefore, if the system is using an
AS_Path regular expression or an extended community attribute filter as an import or export
policy, you must reconfigure an AS_Path regular expression using the ip as-path-filter
command or an extended community attribute filter using the ip extcommunity-filter command
after changing the format of 4-byte AS numbers. This reconfiguration ensures that routes match
the import or export policy.
l If integral 4-byte AS numbers are configured, you must change 4-byte AS numbers in
AS_Path regular expressions and extended community attribute filters to integral 4-byte
AS numbers.
l If 4-byte AS numbers in dotted notation are configured, you must change 4-byte AS
numbers in AS_Path regular expressions and extended community attribute filters to 4-byte
AS numbers in dotted notation.
Procedure
Step 1 Run:
system-view
Step 2 Run:
as-notation plain
NOTE
After you run the as-notation plain command, BGP 4-byte AS numbers are displayed in integers in display
commands but are still displayed in dotted notation in the configuration file.
----End
l Run the display bgp peer [ [ ipv4-address ] verbose ] command to check the format of
BGP 4-byte AS numbers.
l Run the display bgp routing-table command to check the matching results of BGP routes
against AS_Path regular expressions.
# The following is an example before the as-notation plain command is run. In this example,
the 4-byte AS numbers are displayed in dotted notation (see 1.1 and 1.2 in the command output).
<HUAWEI> display bgp peer
# The following is an example after the as-notation plain command is run. In this example, 4-
byte AS numbers 1.1 and 1.2 have been changed to the integers 65537 and 65538.
<HUAWEI> display bgp peer
# The following is an example of running the display bgp routing-table command after the as-
notation plain command is run. In this example, the AS number in the AS_Path regular
expression is an integer (65537), and the corresponding information is displayed.
<HUAWEI> display bgp routing-table regular-expression ^65537
# The following is an example of running the display bgp routing-table command after the as-
notation plain command is run. In this example, the AS number in the AS_Path regular
expression is in dotted notation (1.1), and no corresponding information is displayed.
<HUAWEI> display bgp routing-table regular-expression ^1.1
This example shows that the AS number 65537 in the AS_Path list does not match the AS number
in the AS_Path regular expression.
Applicable Environment
BGP can be configured on a network to implement communication among ASs. This section
describes how to configure basic BGP functions.
Because BGP uses TCP connections, you need to specify the IP address of the peer when
configuring BGP. The BGP peer may not be the neighboring router. The BGP peer relationship
can also be established by using logical links. Loopback interface addresses are usually used to
establish BGP connections to enhance the stability of these connections.
NOTE
The commands in the BGP-IPv4 unicast address family view can be run in the BGP view. These commands
are described in the BGP-IPv4 unicast address family view in configuration files.
Pre-configuration Tasks
Before configuring basic BGP functions, complete the following task:
l Configuring link layer protocol parameters and IP addresses for interfaces to ensure that
the link layer protocol on the interfaces is Up
Data Preparation
To configure basic BGP functions, you need the following data.
No. Data
Context
Perform the following steps on the router where a BGP connection needs to be established:
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
BGP is enabled (the local AS number is specified), and the BGP view is displayed.
A router ID is set.
Configuring or changing the router ID of BGP causes the BGP peer relationship between
routers to be reset.
NOTE
To enhance network reliability, configuring a loopback interface address as the router ID is recommended.
If no router ID is set, BGP automatically selects the router ID in the system view as the router ID of BGP.
For the rule for selecting a router ID in the system view, see the router-id command .
----End
Context
Because BGP uses TCP connections, you need to specify IP addresses for peers when
configuring BGP. Two BGP peers are not necessarily neighbors of each other. Such BGP peers
establish a BGP peer relationship through a logical link. Using loopback interface addresses to
set up BGP peer relationships improves the stability of BGP connections, and therefore is
recommended.
IBGP peer relationships are established between devices within an AS. EBGP peer relationships
are established between devices in different ASs.
Procedure
l Configure an IBGP peer.
1. Run:
system-view
The IP address of a peer and the number of the AS where the peer resides are specified.
The number of the AS where the specified peer resides must be the same as that of
the local AS.
The IP address of the specified peer can be one of the following types:
The source interface and source address are specified for a TCP connection.
By default, BGP uses the physical interface that is directly connected to the peer as
the local interface of a TCP connection.
NOTE
When loopback interfaces are used to establish a BGP connection, run the peer connect-
interface command at both ends of the connection to ensure that the connection is correctly
established. If this command is run on only one end, the BGP connection may fail to be
established.
5. (Optional) Run:
peer ipv4-address description description-text
The IP address of a peer and the number of the AS where the peer resides are specified.
The number of the AS where the specified peer resides must be different from that of
the local AS.
The IP address of the specified peer can be one of the following types:
The source interface and source address are specified for establishing a TCP
connection.
By default, BGP uses the physical interface that is directly connected to the peer as
the local interface of a TCP connection.
NOTE
When loopback interfaces are used to establish a BGP connection, run the peer connect-
interface command at both ends of the connection to ensure that the connection is correctly
established. If this command is run on only one end, the BGP connection may fail to be
established.
5. (Optional) Run:
peer ipv4-address ebgp-max-hop [ hop-count ]
By default, a direct physical link must be available between EBGP peers. If such a
link does not exist, run the peer ebgp-max-hop command to allow EBGP peers to
establish a TCP connection over multiple hops.
If hop-count is not specified in the peer ebgp-max-hop command, 255 is used as the
maximum number of hops in EBGP connections.
NOTE
If loopback interfaces are used to establish an EBGP peer relationship, the peer ebgp-max-
hop command (hop-count ≥ 2) must be run. Otherwise, the peer relationship cannot be
established.
6. (Optional) Run:
peer ipv4-address description description-text
----End
Context
BGP itself cannot discover routes. Instead, it imports routes discovered by other protocols such
as an IGP or the static routing protocol into the BGP routing table. These imported routes are
then transmitted within an AS or between ASs.
BGP can import routes in either Import or Network mode:
l In Import mode, BGP imports routes by a specific routing protocol. RIP routes, OSPF
routes, IS-IS routes, static routes, or direct routes can be imported into the BGP routing
table.
l In Network mode, routes with the specified prefix and mask are imported into the BGP
routing table. Compared with the Import mode, the Network mode imports more specific
routes.
Procedure
l Configure BGP to import routes in Import mode.
1. Run:
system-view
NOTE
The process ID of a routing protocol needs to be specified if IS-IS, OSPF, or RIP routes are to
be imported.
5. (Optional) Run:
default-route imported
NOTE
l The destination address and mask specified in the network command must be consistent
with those of the corresponding entry in the local IP routing table. Otherwise, the specified
route cannot be advertised.
l When using the undo network command to clear the existing configuration, specify a
correct mask.
----End
Prerequisites
Basic BGP functions have been configured.
Procedure
l Run the display bgp peer [ verbose ] command to check information about all BGP peers.
l Run the display bgp peer ipv4-address { log-info | verbose } command to check log
information of a specified BGP peer.
l Run the display bgp routing-table [ ipv4-address [ mask | mask-length ] ] command to
check BGP routes.
----End
Example
# Run the display bgp peer command to view the BGP connection status.
<HUAWEI> display bgp peer
BGP local router ID : 2.2.2.2
Local AS number : 65009
Total number of peers : 3 Peers in established state : 3
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
9.1.1.2 4 65009 49 62 0 00:44:58 Established 0
9.1.3.2 4 65009 56 56 0 00:40:54 Established 0
200.1.1.2 4 65008 49 65 0 00:44:03 Established 1
# Run the display bgp routing-table 60.0.0.35 command to view a specified BGP route.
<HUAWEI> display bgp routing-table 60.0.0.35
Applicable Environment
BGP has many route attributes. You can change route selection results by configuring attributes
for routes. Route attributes are listed as follows:
l BGP preference
Setting the BGP preference can affect route selection between BGP routes and other routing
protocols' routes.
l Preferred values
After preferred values are set for BGP routes, the route with the greatest value is preferred
when multiple routes to the same destination exist in the BGP routing table.
l Local_Pref
The Local_Pref attribute has the same function as the preferred value of a route. If both of
them are configured for a BGP route, the preferred value takes precedence over the
Local_Pref attribute.
l Multi_Exit Discriminator (MED)
The MED attribute is used to determine the optimal route for traffic that enters an AS. The
route with the smallest MED value is selected as the optimal route if the other attributes of
the routes are the same.
l Next_Hop
BGP route selection can be flexibly controlled by changing Next_Hop attributes for routes.
l AS_Path
The AS_Path attribute is used to prevent rooting loops and control route selection.
l Accumulated Interior Gateway Protocol Metric (AIGP)
The AIGP attribute is used to select the optimal route in an AIGP administrative domain.
Pre-configuration Tasks
Before configuring BGP route attributes, complete the following tasks:
Data Preparation
To configure BGP route attributes, you need the following data.
No. Data
1 AS number
3 Local_Pref value
4 MED value
Context
Multiple dynamic routing protocols can be run on a device at the same time. In this case, there
is a problem of route sharing and selecting among routing protocols. To address this problem,
the system sets a default preference for each routing protocol. If different protocols have routes
to the same destination, the protocol with the highest preference is selected to forward IP packets.
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv4-family unicast
Step 4 Run:
preference { external internal local | route-policy route-policy-name }
Different preference values can be set for these three types of routes.
In addition, a routing policy can also be used to set the preferences for the routes that match the
policy. The routes that do not match the policy use the default preference.
NOTE
At present, the peer route-policy command cannot be used to set the BGP preference.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
peer { group-name | ipv4-address } preferred-value value
A preferred value is set for all the routes learned from a specified peer.
If there are multiple routes to the same address prefix, the route with the highest preferred value
is preferred.
----End
Context
The Local_Pref attribute is used to determine the optimal route for traffic that leaves an AS. If
a BGP device obtains multiple routes from different IBGP peers and these routes have different
next hops to the same destination, the BGP device will select the route with the greatest
Local_Pref value.
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv4-family unicast
Step 4 Run:
default local-preference preference
----End
Context
The MED attribute equals a metric used in an IGP, and is used to determine the optimal route
for traffic that enters an AS. If a BGP device obtains multiple routes from different EBGP peers
and these routes have different next hops to the same destination, the BGP device will select the
route with the smallest MED value.
Procedure
l Set the default MED value on a device.
1. Run:
system-view
NOTE
The default med command is valid only for routes imported using the import-route command
and BGP summarized routes on the local device.
l Compare the MED values of the routes from different ASs.
1. Run:
system-view
By default, the BGP device compares the MED values of only routes from different
peers in the same AS. This command enables the BGP device to compare the MED
values of routes from different ASs.
l Configure the deterministic-MED function.
1. Run:
system-view
2. Run:
bgp { as-number-plain | as-number-dot }
The system treats a BGP route as one with the maximum MED value if the route has
no MED value.
----End
Procedure
l Configure a device to change the next-hop address of a route when the device advertises
the route to an IBGP peer.
By default, a device does not change the next-hop address of a route learned from an EBGP
peer before forwarding the route to IBGP peers. The next-hop address of a route advertised
by an EBGP peer to this device is the address of the EBGP peer. After being forwarded to
IBGP peers, this route cannot become an active route because the next hop is unreachable.
The relevant ASBR must be configured to change the next-hop address of the route to the
ASBR's own IP address before the ASBR advertises the route to an IBGP peer. The route
is active on the IBGP peer if the next hop is reachable.
1. Run:
system-view
The device is configured to change the next-hop address of a route to the device's own
IP address before the device advertises the route to an IBGP peer.
By default, a device does not change the next-hop address of a route when advertising
the route to an IBGP peer.
NOTE
If BGP load balancing is configured, the local router changes the next-hop address of a route
to it's own IP address when advertising the route to IBGP peers or peer groups, regardless of
whether the peer next-hop-local command is used.
l Prevent a device from changing the next-hop address of a route imported from an IGP when
the device advertises the route to an IBGP peer.
Perform the following steps on a router that runs BGP and has imported IGP routes:
1. Run:
system-view
The device is prevented from changing the next-hop address of a route imported from
an IGP before advertising the route to an IBGP peer.
By default, a device changes the next-hop address of a route imported from an IGP to
the address of the interface connecting the device to its peer when advertising the route
to an IBGP peer.
l Prevent a device from changing the next-hop address of a route when the device advertises
the route to an EBGP peer.
1. Run:
system-view
The device is prevented from changing the next-hop address of a route when
advertising the route to an EBGP peer.
By default, provider edges (PEs) in different ASs set up EBGP peer relationships with
each other, and they do not change next-hop addresses of routes when advertising the
routes to their EBGP peers.
In the inter-AS VPN option C networking where route reflectors (RRs) are used, the
peer next-hop-invariable command needs to be run to prevent the RRs from changing
the next-hop address of a route when the RRs advertise the route to EBGP peers. This
ensures that the remote PE iterates a route to the BGP Label Switched Path (LSP)
destined for the local PE during traffic transmission.
l Configure routing-policy-based next hop iteration.
1. Run:
system-view
Next-hop iteration based on a specified routing policy can control the iterated next
hop based on specific conditions. If a route cannot match the specified routing policy,
the route cannot be iterated.
----End
Procedure
l Allow repeated local AS numbers.
BGP uses AS numbers to detect routing loops. In Hub and Spoke networking, if EBGP
runs between a Hub-PE and a Hub-CE, the route sent from the Hub-PE to the Hub-CE
carries the AS number of the Hub-PE. After the Hub-CE sends an Update message that
contains the AS number of the Hub-PE to the Hub-PE, the Hub-PE will deny it.
To ensure proper route transmission in Hub and Spoke networking, configure all the BGP
peers on the path, along which the Hub-CE advertises private network routes to the Spoke-
CE, to accept the routes in which the local AS number repeats once.
1. Run:
system-view
The peer fake-as command can be used to hide the actual AS number of a BGP device.
EBGP peers in other ASs will use the fake AS number of this BGP device to set up
EBGP peer relationships with this device.
NOTE
NOTICE
Exercise caution when running the peer substitute-as command, because improper use of
this command may cause routing loops.
1. Run:
system-view
A route advertised by a BGP device to its peer usually carries AS numbers. The AS numbers
may be public or private. Public AS numbers can be used on the Internet. They are assigned
and managed by the Internet Assigned Number Authority (IANA). Private AS numbers
cannot be advertised to the Internet, and they are used only within ASs. If private AS
numbers are advertised to the Internet, a routing loop may occur. To address this problem,
configure the device to delete private AS numbers from the AS_Path attribute.
1. Run:
system-view
3. Run:
ipv4-family unicast
The device is configured to delete private AS numbers (if any) from the AS-Path
attribute before sending update packets.
After the command without force is run, the device does not delete the private AS
numbers from the AS-Path attribute before sending update packets in either of the
following scenarios:
– The AS_Path of a route contains the AS number of the peer. In this case, deleting
the private AS numbers may lead to a routing loop.
– The AS_Path list contains both public network AS number and private AS number.
This list indicates that the route passes the public network. deleting the private AS
numbers may lead to forwarding error.
To enable the device to delete the private AS numbers from the AS-Path attribute
before sending update packets even in the preceding scenarios, specify force in the
command.
l Set the maximum number of AS numbers in the AS_Path attribute.
1. Run:
system-view
After the as-path-limit command is run on a device, the device checks whether the
number of AS numbers in the AS_Path attribute of a received route exceeds the
maximum value. If the number of AS numbers exceeds the maximum value, the route
is discarded. If the maximum number of AS numbers in the AS_Path attribute is too
small, routes whose number of AS numbers exceeding the maximum value will be
discarded.
l Prevent a BGP device from checking the first AS number contained in the AS_Path attribute
of an Update message received from an EBGP peer.
1. Run:
system-view
The BGP device is prevented from checking the first AS number contained in the
AS_Path attribute of an Update message received from an EBGP peer.
By default, a BGP device checks whether the first AS number contained in the
AS_Path attribute of an Update message received from an EBGP peer is the same as
the number of the AS where the EBGP peer resides. If the numbers are not the same,
the BGP device discards the Update message and closes the EBGP connection with
the EBGP peer.
NOTICE
Exercise caution when running the undo check-first-as command, because use of this
command increases the possibility of routing loops.
After the configuration is complete, run the refresh bgp command if you want to
check the received routes again.
----End
Prerequisites
The BGP route attribute configuration is complete.
Procedure
l Run the display bgp paths [ as-regular-expression ] command to check information about
AS_Path attributes of routes.
l Run the display bgp routing-table different-origin-as command to check information
about routes that have the same destination address but different source AS numbers.
l Run the display bgp routing-table regular-expression as-regular-expression command
to check information about routes matching a specified regular expression.
l Run the display bgp routing-table [ network [ { mask | mask-length } [ longer-
prefixes ] ] ] command to check routing information in a BGP routing table.
----End
Example
# Run the display bgp paths command to view information about AS_Path attributes of routes.
<HUAWEI> display bgp paths
# Run the display bgp routing-table 60.0.0.35 command to view information about a specified
BGP route.
<HUAWEI> display bgp routing-table 60.0.0.35
Applicable Environment
BGP is used to transmit routing information between ASs. Route advertisement directly affects
traffic forwarding.
There are usually a large number of routes in a BGP routing table. Transmitting a great deal of
routing information brings a heavy load to devices. Routes to be advertised need to be controlled
to address this problem. You can configure devices to advertise only routes that these devices
want to advertise or routes that their peers require.
Multiple routes to the same destination may exist and traverse different ASs. Routes to be
advertised need to be filtered in order to direct routes to specific ASs.
Filters can be used to filter routes to be advertised by BGP. BGP can filter routes to be advertised
to a specific peer or peer group.
Pre-configuration Tasks
Before configuring BGP to advertise routes, complete the following task:
Data Preparation
To configure BGP to advertise routes, you need the following data.
No. Data
6 Name and matching mode of a route-policy, and number of the route-policy's node
Context
BGP uses the following types of filters to filter routes:
l Access Control List(ACL)
l IP-Prefix List
l AS_Path filter
l Community filter
l Extcommunity filter
l Route-Policy
Procedure
l Configure an ACL.
An ACL is a series of sequential rules composed of permit and deny clauses. These rules
are described based on source addresses, destination addresses, and port numbers of
packets. ACL rules are used to classify packets. After ACL rules are applied to a device,
the device permits or denies packets based on the ACL rules.
During route matching, the system checks the entries by index number in ascending
order. If a route matches an entry, the route will not be matched with the next entry.
The NE80E/40E denies all unmatched routes by default. If all entries in an IPv4 prefix
list are in deny mode, all routes will be denied by the IPv4 prefix list. In this case, you
must define an entry permit 0.0.0.0 0 less-equal 32 after the entries in deny mode to
allow all the other IPv4 routes to by permitted by the IPv4 prefix list.
NOTE
If more than one IP prefix entry is defined, at least one entry should be set in permit mode.
l Configure an AS_Path filter.
An AS_Path filter is used to filter BGP routes based on the AS_Path attributes contained
in the BGP routes. If you do not want traffic to pass through an AS, configure an AS_Path
filter to filter out the traffic carrying the number of the AS. If the BGP routing table of each
device on a network is large, configuring an ACL or an IP prefix list to filter BGP routes
may be complicated and make it difficult to maintain new routes.
NOTE
If the AS_Path information of a summarized route is lost, the AS_Path filter cannot be used to filter
the summarized route, but can still be used to filter the specific routes from which the summarized
route is derived.
1. Run:
system-view
NOTE
For details on how to use AS_Path filters, see 8.25 Applying BGP AS_Path Regular
Expressions.
l Configure a community filter.
A BGP community attribute is used to identify a group of routes with the same properties.
Routes can be classified by community attribute. This facilitates route management.
Some AS internal routes may not need to be advertised to any other AS, whereas AS external
routes need to be advertised to other ASs. These AS external routes have different prefixes
(as a result, an IP prefix list is inapplicable) and may come from different ASs (as a result,
an AS_Path filter is inapplicable). You can set a community attribute value for these AS
internal routes and another community attribute value for these AS external routes on an
ASBR to control and filter these routes.
1. Run:
system-view
Similar to a BGP community filter, a BGP extcommunity filter is used to filter private
network routes.
1. Run:
system-view
A route-policy is used to match routes or route attributes, and to change route attributes
when specific conditions are met. As the preceding filters can be used as matching
conditions of a route-policy, the route-policy is powerful in functions and can be used
flexibly.
1. Run:
system-view
A node is configured for a route-policy, and the view of the route-policy is displayed.
When a route-policy is used to filter a route, the route is first matched with the node
with the smallest node value. For example, if two nodes are configured using the
route-policy route-policy-example permit node 10 and route-policy route-policy-
example deny node 20 commands, a route is first matched with the node configured
using the route-policy route-policy-example permit node 10 command.
NOTE
The NE80E/40E considers that each unmatched route fails to match the route-policy by default.
If more than one node is defined in a route-policy, at least one of them must be in permit mode.
3. (Optional) Perform the following operations as needed to configure if-match clauses
for current nodes of the route-policy.
if-match clauses are used to filter routes. If no if-match clause is specified, all routes
will match the node in the route-policy.
The if-match acl and if-match ip-prefix commands cannot be used together in the same
node of a route-policy, because the latest configuration will override the previous one.
– To match the AS_Path attribute of BGP routes, run the if-match as-path-filter
{ as-path-filter-number | as-path-filter-name } &<1-16> command.
– To match the community attribute of BGP routes, run either of the following
commands:
– if-match community-filter { basic-comm-filter-num [ whole-match ] | adv-
comm-filter-num }* &<1-16>
– if-match community-filter comm-filter-name [ whole-match ]
– To match the extended community attribute of BGP routes, run the if-match
extcommunity-filter { { basic-extcomm-filter-num | adv-extcomm-filter-num }
&<1-16> | basic-extcomm-filter-name | advanced-extcomm-filter-name }
command.
The operations in Step 3 can be performed in any order. A node may have multiple
if-match clauses or no if-match clause.
NOTE
The relationship between the if-match clauses in a node of a route-policy is "AND". A route
must match all the rules before the action defined by the apply clause is taken. For example,
if two if-match clauses (if-match acl 2003 and if-match as-path-filter 100) are defined in the
route-policy route-policy-example permit node 10 command, a route is considered to match
node 10 only when it matches the two if-match clauses.
4. (Optional) Perform the following operations as needed to configure apply clauses for
current nodes of the route-policy:
apply clauses can be used to set attributes for routes matching if-match clauses. If
this step is not performed, the attributes of routes matching if-match clauses keep
unchanged.
The apply comm-filter delete command deletes a specified community attribute from a
route. An instance of the ip community-filter command can specify only one community
attribute each time. To delete more than one community attribute, run the ip community-
filter command multiple times. If multiple community attributes are specified in one
community filter, none of them can be deleted. For more information, see the HUAWEI
NetEngine80E/40E Router Command Reference.
– To delete all community attributes from a BGP route, run the apply community
none command.
– To set community attributes for a BGP route, run the apply community
{ community-number | aa:nn | internet | no-advertise | no-export | no-export-
subconfed } &<1-32> [ additive ] command.
– To set an extended community attribute (route-target) for a route, run the apply
extcommunity { rt { as-number:nn | 4as-number:nn | ipv4-address:nn } }
&<1-16> [ additive ] command.
– To set the local preference for a BGP route, run the apply local-preference
preference command.
– To set the Origin attribute for a BGP route, run the apply origin { igp | egp { as-
number-plain | as-number-dot } | incomplete } command.
– To set a preferred value for a BGP route, run the apply preferred-value preferred-
value command.
– To set dampening parameters for an EBGP route, run the apply dampening half-
life-reach reuse suppress ceiling command.
The operations in Step 4 can be performed in any order. A node may have multiple
apply clauses or no apply clause.
----End
Procedure
l Configure a BGP device to advertise routes to all peers or peer groups.
You can configure a BGP device to filter routes to be advertised. Perform the following
steps on a BGP router:
1. Run:
system-view
specify the action permit in this rule to receive or advertise the other
routes.
Route filtering using a whitelist: Configure a rule with a smaller number
and specify the action permit in this rule to permit the routes to be received
or advertised by the system. Then, configure another rule with a larger
number in the same ACL and specify the action deny in this rule to filter
out unwanted routes.
– To filter routes based on an advanced ACL, perform the following steps:
a. Run filter-policy acl-name acl-name export [ protocol [ process-id ] ], the
advertised routes is filtered based on an ACL.
b. Run quit, return to the BGP view.
c. Run quit, return to the system view.
d. Run acl name acl-name advance [ number acl-number2 ] [ match-order
{ auto | config } ], the basic ACL view is displayed.
e. Run rule [ rule-id ] { deny | permit } protocol [ source { source-ip-address
source-wildcard | any } | time-range time-name ] *, a rule is configured for
the basic ACL.
When a filtering policy of a routing protocol is used to filter routes:
– If the action specified in an ACL rule is permit, a route that matches the
rule will be received or advertised by the system.
– If the action specified in an ACL rule is deny, a route that matches the
rule will not be received or advertised by the system.
– If a route has not matched any ACL rules, the route will not be received
or advertised by the system.
– If an ACL does not contain any rules, all routes matching the route-
policy that references the ACL will not be received or advertised by the
system.
– If the ACL referenced by the route-policy does not exist, all routes
matching the route-policy will be received or advertised by the system.
– In the configuration order, the system first matches a route with a rule that
has a smaller number and then matches the route with a rule with a larger
number. Routes can be filtered using a blacklist or a whitelist:
Route filtering using a blacklist: Configure a rule with a smaller number
and specify the action deny in this rule to filter out the unwanted routes.
Then, configure another rule with a larger number in the same ACL and
specify the action permit in this rule to receive or advertise the other
routes.
Route filtering using a whitelist: Configure a rule with a smaller number
and specify the action permit in this rule to permit the routes to be received
or advertised by the system. Then, configure another rule with a larger
number in the same ACL and specify the action deny in this rule to filter
out unwanted routes.
– To filter routes based on an IP prefix list, run the filter-policy ip-prefix ip-prefix-
name export [ protocol [ process-id ] ] command.
If protocol is specified, only routes discovered by a specific routing protocol are
filtered. If protocol is not specified, all the routes to be advertised are filtered, including
routes imported using the import-route (BGP) command and local routes advertised
using the network (BGP) command.
NOTE
If an ACL has been referenced in the filter-policy command but no VPN instance is specified
in the ACL rule, BGP will filter routes including public and private network routes in all address
families. If a VPN instance is specified in the ACL rule, only the data traffic from the VPN
instance will be filtered, and no route of this VPN instance will be filtered.
l Configure a BGP device to advertise routes to a specific peer or peer group.
You can configure a BGP device to filter routes to be advertised. Perform the following
steps on a BGP router:
1. Run:
system-view
– If an ACL does not contain any rules, all routes matching the route-
policy that references the ACL will not be received or advertised by the
system.
– If the ACL referenced by the route-policy does not exist, all routes
matching the route-policy will be received or advertised by the system.
– In the configuration order, the system first matches a route with a rule that
has a smaller number and then matches the route with a rule with a larger
number. Routes can be filtered using a blacklist or a whitelist:
Route filtering using a blacklist: Configure a rule with a smaller number
and specify the action deny in this rule to filter out the unwanted routes.
Then, configure another rule with a larger number in the same ACL and
specify the action permit in this rule to receive or advertise the other
routes.
Route filtering using a whitelist: Configure a rule with a smaller number
and specify the action permit in this rule to permit the routes to be received
or advertised by the system. Then, configure another rule with a larger
number in the same ACL and specify the action deny in this rule to filter
out unwanted routes.
– To filter routes based on an advanced ACL, perform the following steps:
a. Run peer { ipv4-address | group-name } filter-policy acl-name acl-name
export, the advertised routes is filtered based on an ACL.
b. Run quit, return to the BGP view.
c. Run quit, return to the system view.
d. Run acl name acl-name advance [ number acl-number2 ] [ match-order
{ auto | config } ], the basic ACL view is displayed.
e. Run rule [ rule-id ] { deny | permit } protocol [ source { source-ip-address
source-wildcard | any } | time-range time-name ] *, a rule is configured for
the basic ACL.
When a filtering policy of a routing protocol is used to filter routes:
– If the action specified in an ACL rule is permit, a route that matches the
rule will be received or advertised by the system.
– If the action specified in an ACL rule is deny, a route that matches the
rule will not be received or advertised by the system.
– If a route has not matched any ACL rules, the route will not be received
or advertised by the system.
– If an ACL does not contain any rules, all routes matching the route-
policy that references the ACL will not be received or advertised by the
system.
– If the ACL referenced by the route-policy does not exist, all routes
matching the route-policy will be received or advertised by the system.
– In the configuration order, the system first matches a route with a rule that
has a smaller number and then matches the route with a rule with a larger
number. Routes can be filtered using a blacklist or a whitelist:
Route filtering using a blacklist: Configure a rule with a smaller number
and specify the action deny in this rule to filter out the unwanted routes.
Then, configure another rule with a larger number in the same ACL and
specify the action permit in this rule to receive or advertise the other
routes.
Route filtering using a whitelist: Configure a rule with a smaller number
and specify the action permit in this rule to permit the routes to be received
or advertised by the system. Then, configure another rule with a larger
number in the same ACL and specify the action deny in this rule to filter
out unwanted routes.
– To filter routes based on an IP prefix list, run the peer { ipv4-address | group-
name } ip-prefix ip-prefix-name export command.
– To filter routes based on an AS_Path filter, run the peer { ipv4-address | group-
name } as-path-filter { as-path-filter-number | as-path-filter-name } export
command.
– To filter routes based on a route-policy, run the peer { ipv4-address | group-
name } route-policy route-policy-name export command.
A peer group and its members can use different export policies to filter routes. Each
peer can select its policy when advertising routes.
----End
Context
After changing a BGP import policy, you must reset BGP connections for the new import policy
to take effect, interrupting these BGP connections temporarily. BGP route-refresh allows the
system to refresh a BGP routing table dynamically without tearing down any BGP connection
if routing policies are changed.
l If a device's peer supports route-refresh, the refresh bgp command can be used on the
device to softly reset the BGP connection with the peer and update the BGP routing table.
l If a device's peer does not support route-refresh, the peer keep-all-routes command can
be used on the device to remain all routing updates received from the peer so that the device
can refresh its routing table without closing the connection with the peer.
Procedure
l If the device's peers support route-refresh, perform the following operations:
1. (Optional) Enable route-refresh.
a. Run:
system-view
Route-refresh is enabled.
If route-refresh is enabled on all BGP devices and the import policy of the local device
is changed, the local device sends a route-refresh message to peers or peer groups.
After receiving the message, the peers or peer groups resend routing information to
the local BGP device. This enables the local device to dynamically refresh its BGP
routing table and apply the new routing policy without closing any BGP connections.
2. Configure BGP soft reset.
a. Run the refresh bgp [ vpn-instance vpn-instance-name ipv4-family | vpnv4 |
vpn-target | l2vpn-ad ] { all | ipv4-address | group group-name | external |
internal } { export | import } command in the user view to softly reset the BGP
connections between the devices and its peers or peer groups.
external softly resets an EBGP connection, and internal softly resets an IBGP
connection.
export triggers outbound BGP soft reset, and import triggers inbound BGP soft reset.
l If the device's peers do not support route-refresh, perform the following operations:
– Configure the device to store all the routing updates received from its peers or peer
groups.
1. Run:
system-view
The device is configured to store all the routing updates received from its peers
or peer groups.
By default, the device stores only the routing updates that are received from peers or
peer groups and match a configured import policy.
After this command is used, all routing updates sent by a specified peer or peer group
are stored, regardless of whether an import policy is used. When the local routing
policy changes, the information can be used to regenerate BGP routes again.
NOTE
This command must be run on the local device and its peers. If the peer keep-all-routes
command is run on the device for the first time, the sessions between the device and its peers
are reestablished.
The peer keep-all-routes command does not need to be run on the router that supports route-
refresh. If the peer keep-all-routes command is run on the router, the sessions between the
router and its peers will not be reestablished but the refresh bgp command does not take effect
on the router.
----End
Prerequisites
The BGP route advertisement configurations have been configured.
Procedure
l Run the display ip as-path-filter [ as-path-filter-number | as-path-filter-name ] command
to check information about a configured AS_Path filter.
l Run the display ip community-filter [ basic-comm-filter-num | adv-comm-filter-num |
comm-filter-name ] command to check information about a configured community filter.
l Run the display ip extcommunity-filter [ extcomm-filter-number | extcomm-filter-name ]
command to check information about a configured extcommunity filter.
l Run the display bgp routing-table as-path-filter { as-path-filter-number | as-path-filter-
name } command to check information about routes matching a specified AS_Path filter.
l Run the display bgp routing-table community-filter { { community-filter-name | basic-
community-filter-number } [ whole-match ] | advanced-community-filter-number }
command to check information about routes matching a specified BGP community filter.
l Run the display bgp routing-table peer ipv4-address advertised-routes [ statistics ]
command to check information about routes advertised by a BGP device to its peers.
----End
Example
After an AS_Path filter is configured, run the display ip as-path-filter [ as-path-filter-
number | as-path-filter-name ] command in the system view to view information about the
configured AS_Path filter. Run the display bgp routing-table as-path-filter { as-path-filter-
number | as-path-filter-name } command to view information about routes matching a specified
AS_Path filter.
# View information about AS_Path filter 3.
<HUAWEI> display ip as-path-filter 3
ListID Mode Expression
3 deny [30]
3 permit .*
Applicable Environment
BGP is used to transmit routing information between ASs. Route reception directly affects traffic
forwarding.
The BGP device may receive routes to the same destination from different BGP peers. To control
traffic forwarding paths, the device needs to filter the received BGP routes.
The device may be attacked and receive a large number of routes from its BGP peers, consuming
lots of resources of the device. Therefore, the administrator must limit the resources to be
consumed based on networking planning and device capacities, no matter whether too many
BGP routes caused by malicious attacks or incorrect configurations.
Filters can be used to filter routes to be received by BGP. BGP can filter the routes received
from all peers or peer groups or only the routes received from a specific peer or peer group.
Pre-configuration Tasks
Before configuring BGP to receive routes, complete the following task:
Data Preparation
To configure BGP to receive routes, you need the following data.
No. Data
6 Name and matching mode of a route-policy, and number of the route-policy's node
Context
Filters are needed to filter routes to flexibly receive routes. Currently, six filters are available
for BGP:
l Access Control List(ACL)
l IP-Prefix List
l AS_Path filter
l Community filter
l Extcommunity filter
l Route-Policy
Procedure
l Configure an ACL.
An ACL is a series of sequential rules composed of permit and deny clauses. These rules
are described based on source addresses, destination addresses, and port numbers of
packets. ACL rules are used to classify packets. After ACL rules are applied to a device,
the device permits or denies packets based on the ACL rules.
For details on ACL configurations, see the HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services.
An ACL can be used as a matching condition of a route-policy or used in the filter-
policy { acl-number | acl-name acl-name } import command or the peer { group-name |
ipv4-address } filter-policy { acl-number | acl-name acl-name } import command.
l Configure an IP prefix list.
An IP prefix list is a type of filter used to filter routes based on destination addresses. An
IP prefix list is identified by its name. An IP prefix list can be used flexibly to implement
accurate filtering. For example, it can be used to filter a route or routes to a network segment.
If a large number of routes that do not have the same prefix need to be filtered, configuring
an IP prefix list to filter the routes is very complex.
An IP prefix list can be used as a matching condition of a route-policy or used in the filter-
policy ip-prefix ip-prefix-name import command or the peer { group-name | ipv4-
address } ip-prefix ip-prefix-name import command.
1. Run:
system-view
The mask length range can be specified as mask-length <= greater-equal-value <=
less-equal-value <= 32. If only greater-equal is specified, the prefix range is [greater-
equal-value, 32]. If only less-equal is specified, the prefix range is [mask-length, less-
equal-value].
An IPv4 prefix list is identified by its name, and each IP prefix list can contain multiple
entries. Each entry is identified by an index number, and can specify a matching range
in the form of a network prefix uniquely. An IPv4 prefix list named abcd is used as
an example.
#
ip ip-prefix abcd index 10 permit 1.0.0.0 8
ip ip-prefix abcd index 20 permit 2.0.0.0 8
During route matching, the system checks the entries by index number in ascending
order. If a route matches an entry, the route will not be matched with the next entry.
The NE80E/40E denies all unmatched routes by default. If all entries in an IPv4 prefix
list are in deny mode, all routes will be denied by the IPv4 prefix list. In this case, you
must define an entry permit 0.0.0.0 0 less-equal 32 after the entries in deny mode to
allow all the other IPv4 routes to by permitted by the IPv4 prefix list.
NOTE
If more than one IP prefix entry is defined, at least one entry should be set in permit mode.
l Configure an AS_Path filter.
An AS_Path filter is used to filter BGP routes based on the AS_Path attributes contained
in the BGP routes. If you do not want traffic to pass through an AS, configure an AS_Path
filter to filter out the traffic carrying the number of the AS. If the BGP routing table of each
device on a network is large, configuring an ACL or an IP prefix list to filter BGP routes
may be complicated and make it difficult to maintain new routes.
NOTE
If the AS_Path information of a summarized route is lost, the AS_Path filter cannot be used to filter
the summarized route, but can still be used to filter the specific routes from which the summarized
route is derived.
NOTE
For details on how to use AS_Path filters, see 8.25 Applying BGP AS_Path Regular
Expressions.
l Configure a community filter.
A BGP community attribute is used to identify a group of routes with the same properties.
Routes can be classified by community attribute. This facilitates route management.
Some AS internal routes may not need to be advertised to any other AS, whereas AS external
routes need to be advertised to other ASs. These AS external routes have different prefixes
(as a result, an IP prefix list is inapplicable) and may come from different ASs (as a result,
an AS_Path filter is inapplicable). You can set a community attribute value for these AS
internal routes and another community attribute value for these AS external routes on an
ASBR to control and filter these routes.
1. Run:
system-view
1. Run:
system-view
A route-policy is used to match routes or route attributes, and to change route attributes
when specific conditions are met. As the preceding filters can be used as matching
conditions of a route-policy, the route-policy is powerful in functions and can be used
flexibly.
1. Run:
system-view
A node is configured for a route-policy, and the view of the route-policy is displayed.
When a route-policy is used to filter a route, the route is first matched with the node
with the smallest node value. For example, if two nodes are configured using the
route-policy route-policy-example permit node 10 and route-policy route-policy-
example deny node 20 commands, a route is first matched with the node configured
using the route-policy route-policy-example permit node 10 command.
NOTE
The NE80E/40E considers that each unmatched route fails to match the route-policy by default.
If more than one node is defined in a route-policy, at least one of them must be in permit mode.
3. (Optional) Perform the following operations as needed to configure if-match clauses
for current nodes of the route-policy.
if-match clauses are used to filter routes. If no if-match clause is specified, all routes
will match the node in the route-policy.
The if-match acl and if-match ip-prefix commands cannot be used together in the same
node of a route-policy, because the latest configuration will override the previous one.
– To match the AS_Path attribute of BGP routes, run the if-match as-path-filter
{ as-path-filter-number | as-path-filter-name } &<1-16> command.
– To match the community attribute of BGP routes, run either of the following
commands:
– if-match community-filter { basic-comm-filter-num [ whole-match ] | adv-
comm-filter-num }* &<1-16>
– if-match community-filter comm-filter-name [ whole-match ]
– To match the extended community attribute of BGP routes, run the if-match
extcommunity-filter { { basic-extcomm-filter-num | adv-extcomm-filter-num }
&<1-16> | basic-extcomm-filter-name | advanced-extcomm-filter-name }
command.
The operations in Step 3 can be performed in any order. A node may have multiple
if-match clauses or no if-match clause.
NOTE
The relationship between the if-match clauses in a node of a route-policy is "AND". A route
must match all the rules before the action defined by the apply clause is taken. For example,
if two if-match clauses (if-match acl 2003 and if-match as-path-filter 100) are defined in the
route-policy route-policy-example permit node 10 command, a route is considered to match
node 10 only when it matches the two if-match clauses.
4. (Optional) Perform the following operations as needed to configure apply clauses for
current nodes of the route-policy:
apply clauses can be used to set attributes for routes matching if-match clauses. If
this step is not performed, the attributes of routes matching if-match clauses keep
unchanged.
NOTE
The apply comm-filter delete command deletes a specified community attribute from a
route. An instance of the ip community-filter command can specify only one community
attribute each time. To delete more than one community attribute, run the ip community-
filter command multiple times. If multiple community attributes are specified in one
community filter, none of them can be deleted. For more information, see the HUAWEI
NetEngine80E/40E Router Command Reference.
– To delete all community attributes from a BGP route, run the apply community
none command.
– To set community attributes for a BGP route, run the apply community
{ community-number | aa:nn | internet | no-advertise | no-export | no-export-
subconfed } &<1-32> [ additive ] command.
– To set an extended community attribute (route-target) for a route, run the apply
extcommunity { rt { as-number:nn | 4as-number:nn | ipv4-address:nn } }
&<1-16> [ additive ] command.
– To set the local preference for a BGP route, run the apply local-preference
preference command.
– To set the Origin attribute for a BGP route, run the apply origin { igp | egp { as-
number-plain | as-number-dot } | incomplete } command.
– To set a preferred value for a BGP route, run the apply preferred-value preferred-
value command.
– To set dampening parameters for an EBGP route, run the apply dampening half-
life-reach reuse suppress ceiling command.
The operations in Step 4 can be performed in any order. A node may have multiple
apply clauses or no apply clause.
----End
Procedure
l Configure BGP to receive routes from all its peers or peer groups.
You can configure a BGP device to filter received routes. Perform the following steps on
a BGP router:
1. Run:
system-view
If an ACL has been referenced in the filter-policy command but no VPN instance is specified
in any ACL rule, BGP will filter routes including public network routes and private network
routes in all address families. If a VPN instance is specified in an ACL rule, only the data traffic
from the VPN instance will be filtered, and no routes of this VPN instance will be filtered.
l Configure a BGP device to receive routes from a specific peer or peer group.
You can configure a BGP device to filter received routes. Perform the following steps on
a BGP router:
1. Run:
system-view
A peer group and its members can use different import policies when receiving routes.
This means that each member in a peer group can select its own policy to filter received
routes.
l Limit the number of the routes received from a peer or peer group.
When the router running BGP is attacked or network configuration errors occur, the
router receives a large number of routes from its neighbor. As a result, a large number of
resources of the router are consumed. Therefore, the administrator must limit the resources
used by the router based on network planning and the capacity of the router. BGP provides
peer-based route control to limit the number of routes to be sent by a neighbor. Therefore,
the preceding problem is addressed.
1. Run:
system-view
The number of routes that can be received from a peer or peer group is set.
The command provides the limit on the number of received routes based on peers.
You can configure specific parameters as required to control BGP after the number
of the routes received from a peer exceeds the threshold.
– alert-only: The peer relationship is kept. No route is received after the number of
received routes exceeds the threshold, and an alarm is generated and recorded in
the log.
– idle-forever: The peer relationship is interrupted. The router does not retry setting
up a connection. An alarm is generated and recorded in the log. In this case, run
the display bgp peer [ verbose ] command, and you can find that the status of the
peer is Idle. To restore the BGP connection, run the reset bgp command.
– idle-timeout: The peer relationship is interrupted. The router retries setting up a
connection after the timer expires. An alarm is generated and recorded in the log.
In this case, run the display bgp peer [ verbose ] command, and you can find that
the status of the peer is Idle. To restore the BGP connection before the timer
expires, run the reset bgp command.
– If none of the preceding parameters is set, the peer relationship is disconnected.
The router retries setting up a connection after 30 seconds. An alarm is generated
and recorded in the log.
NOTE
If the number of routes received by the local router exceeds the upper limit and the peer route-
limit command is used for the first time, the local router and its peer reestablish the peer relationship,
regardless of whether alert-only is set.
----End
Context
After changing a BGP import policy, you must reset BGP connections for the new import policy
to take effect, interrupting these BGP connections temporarily. BGP route-refresh allows the
system to refresh a BGP routing table dynamically without tearing down any BGP connection
if routing policies are changed.
l If a device's peer supports route-refresh, the refresh bgp command can be used on the
device to softly reset the BGP connection with the peer and update the BGP routing table.
l If a device's peer does not support route-refresh, the peer keep-all-routes command can
be used on the device to remain all routing updates received from the peer so that the device
can refresh its routing table without closing the connection with the peer.
Procedure
l If the device's peers support route-refresh, perform the following operations:
1. (Optional) Enable route-refresh.
a. Run:
system-view
Route-refresh is enabled.
If route-refresh is enabled on all BGP devices and the import policy of the local device
is changed, the local device sends a route-refresh message to peers or peer groups.
After receiving the message, the peers or peer groups resend routing information to
the local BGP device. This enables the local device to dynamically refresh its BGP
routing table and apply the new routing policy without closing any BGP connections.
2. Configure BGP soft reset.
a. Run the refresh bgp [ vpn-instance vpn-instance-name ipv4-family | vpnv4 |
vpn-target | l2vpn-ad ] { all | ipv4-address | group group-name | external |
internal } { export | import } command in the user view to softly reset the BGP
connections between the devices and its peers or peer groups.
external softly resets an EBGP connection, and internal softly resets an IBGP
connection.
export triggers outbound BGP soft reset, and import triggers inbound BGP soft reset.
l If the device's peers do not support route-refresh, perform the following operations:
– Configure the device to store all the routing updates received from its peers or peer
groups.
1. Run:
system-view
The device is configured to store all the routing updates received from its peers
or peer groups.
By default, the device stores only the routing updates that are received from peers or
peer groups and match a configured import policy.
After this command is used, all routing updates sent by a specified peer or peer group
are stored, regardless of whether an import policy is used. When the local routing
policy changes, the information can be used to regenerate BGP routes again.
NOTE
This command must be run on the local device and its peers. If the peer keep-all-routes
command is run on the device for the first time, the sessions between the device and its peers
are reestablished.
The peer keep-all-routes command does not need to be run on the router that supports route-
refresh. If the peer keep-all-routes command is run on the router, the sessions between the
router and its peers will not be reestablished but the refresh bgp command does not take effect
on the router.
----End
Prerequisites
The BGP route reception configurations have been configured.
Procedure
l Run the display ip as-path-filter [ as-path-filter-number | as-path-filter-name ] command
to check a configured AS_Path filter.
l Run the display ip community-filter [ basic-comm-filter-num | adv-comm-filter-num |
comm-filter-name ] command to check information about a configured community filter.
l Run the display ip extcommunity-filter [ extcomm-filter-number ] command to check
information about a configured extended community filter.
l Run the display bgp routing-table as-path-filter { as-path-filter-number | as-path-filter-
name } command to check information about routes matching a specified AS_Path filter.
l Run the display bgp routing-table community-filter { { community-filter-name | basic-
community-filter-number } [ whole-match ] | advanced-community-filter-number }
command to check information about routes matching a specified BGP community filter.
l Run the display bgp routing-table peer ipv4-address received-routes [ active ]
[ statistics ] command to check information about routes received by a BGP device from
its peers.
l Run the display bgp routing-table peer ipv4-address accepted-routes command to check
information about the routes that are received by a BGP device from a specified peer and
match the routing policy.
----End
Example
After an AS_Path filter is configured, run the display ip community-filter [ basic-comm-filter-
num | adv-comm-filter-num | comm-filter-name ] command in the system view to view
information about the configured AS_Path filter. Run the display bgp routing-table peer ipv4-
address accepted-routes command to view information about the routes that are received by a
BGP device from a specified peer and match the routing policy.
# View information about a configured community filter.
<HUAWEI> display ip community-filter
Named Community basic filter: aa (ListID = 200)
permit 100
Named Community basic filter: bb (ListID = 201)
permit 200
# View the routes matching the specified BGP community filter named aa.
<HUAWEI> display bgp routing-table community-filter aa
# View the routes that are received by a BGP device from its peer at 10.1.1.2 and match the
routing policy.
Applicable Environment
A BGP supernet route has the same destination address and next hop address or has a more
detailed destination address than the next hop address. Any route that meets one of the following
conditions is a BGP supernet route.
l If you perform bitwise AND operations on the destination address mask with the destination
address and next hop address, respectively, the calculated network addresses are the same,
and the destination address mask is greater than or equal to the next hop address mask.
l If you perform bitwise AND operations on the destination address mask with the destination
address and next hop address, respectively, the calculated network addresses are different.
However, if you perform bitwise AND operations on the next hop address mask with the
destination address and next hop address, respectively, the calculated network addresses
are the same.
When a BGP device receives a BGP supernet unicast route, the BGP device sets the route invalid
and does not advertise it to other BGP peers. If a Huawei device is connected to a non-Huawei
device and you want the Huawei device to advertise BGP supernet unicast routes that it receives
from the non-Huawei device to other BGP peers, configure the Huawei device to advertise BGP
supernet unicast routes to BGP peers.
Pre-configuration Tasks
Before you configure a BGP device to send BGP supernet unicast routes to BGP peers, configure
basic BGP functions.
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv4-family unicast
Step 4 Run:
supernet unicast advertise enable
The BGP device is enabled to advertise BGP supernet unicast routes to BGP peers.
----End
# Run the display bgp routing-table command to view received BGP supernet unicast routes.
<HUAWEI> display bgp routing-table
BGP Local router ID is 1.1.1.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
# Run the display bgp routing-table network command to view information about a specified
BGP supernet unicast route advertised to BGP peers.
<HUAWEI> display bgp routing-table 1.1.1.1
Applicable Environment
The BGP routing table of a device on a medium or large BGP network contains a large number
of routing entries. Storing the routing table consumes a large number of memory resources, and
transmitting and processing routing information consume lots of network resources. Configuring
route aggregation can reduce the size of a routing table, prevent specific routes from being
advertised, and minimize the impact of route flapping on network performance. BGP route
aggregation and routing policies enable BGP to effectively transmit and control routes.
BGP supports automatic and manual aggregation. Manual aggregation takes precedence over
automatic aggregation. When using manual aggregation, you can apply various routing policies
and set route attributes.
Pre-configuration Tasks
Before configuring BGP route aggregation, complete the following task:
Procedure
l Configure automatic route aggregation.
1. Run:
system-view
Local AS number : 10
Paths: 1 available, 1 best, 1 select
BGP routing table entry information of 192.168.0.0/16:
From: 10.2.1.2 (3.3.3.3)
Route Duration: 1d09h07m46s
Relay IP Nexthop: 10.2.1.2
Relay IP Out-interface: Ethernet3/0/1
Original nexthop: 10.2.1.2
Qos information : 0x0
AS-path 100, origin incomplete, pref-val 0, valid, external, best, select, pre
255
Aggregator: AS 100, Aggregator ID 3.3.3.3, Atomic-aggregate
Advertised to such 2 peers:
10.1.1.1
10.2.1.2
Applicable Environment
A BGP peer group consists of BGP peers that have the same update policies and configurations.
A large-scale BGP network has a large number of peers. Configuring and maintaining these
peers is difficult. To address this problem, configure a BGP peer group for BGP peers with the
same configurations. Configuring BGP peer groups simplifies peer management and improves
the route advertisement efficiency.
Based on the ASs where peers reside, peer groups are classified as follows:
l IBGP peer group: The peers of an IBGP peer group are in the same AS.
l Pure EBGP peer group: The peers of a pure EBGP peer group are in the same external AS.
l Mixed EBGP peer group: The peers of a mixed EBGP peer group are in different external
ASs.
If a function is configured on a peer and its peer group, the function configured on the peer takes
precedence over that configured on the peer group. After a peer group is created, peers can be
added to the peer group. If these peers are not configured separately, they will inherit the
configurations of the peer group. If a peer in a peer group has a specific configuration
requirement, the peer can be configured separately. The configuration of this peer will override
the configuration inherited by the peer from the peer group.
Pre-configuration Tasks
Before configuring BGP peer groups, complete the following task:
Data Preparation
To configure BGP peer groups, you need the following data.
No. Data
1 Type and name of a peer group, and IP addresses of peer group members
Procedure
Step 1 Run:
system-view
NOTE
You can repeat step 4 to add multiple peers to the peer group. If the local device has not established a peer
relationship with this peer, the device will attempt to establish a peer relationship with this peer, and set
the AS number of this peer to the AS number of the peer group.
When creating an IBGP peer group, you do not need to specify the AS number.
After configuring a peer group, you can configure BGP functions for the peer group. By default,
all peers in a peer group inherit the entire configuration of the peer group. The inherited
configuration can be overridden if you directly configure commands for the peer.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
group group-name external
Step 4 Run:
peer group-name as-number { as-number-plain | as-number-dot }
An AS number is set for the EBGP peer group. If peers already exist in a peer group, you can
neither change the AS number of the peer group nor delete the AS number of the peer group by
using the undo peer as-number command.
Step 5 Run:
peer ipv4-address group group-name
NOTE
You can repeat step 5 to add multiple peers to the peer group. If the local device has not established a peer
relationship with this peer, the device will attempt to establish a peer relationship with this peer, and set
the AS number of this peer to the AS number of the peer group.
After configuring a peer group, you can configure BGP functions for the peer group. By default,
all peers in a peer group inherit the entire configuration of the peer group. The inherited
configuration can be overridden if you directly configure commands for the peer.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
group group-name external
NOTE
You can repeat Steps 4 and 5 to add multiple peers to the peer group.
You need to specify an AS number for each peer in a mixed EBGP peer group.
After configuring a peer group, you can configure BGP functions for the peer group. By default,
all peers in a peer group inherit the entire configuration of the peer group. The inherited
configuration can be overridden if you directly configure commands for the peer.
----End
Prerequisites
The BGP peer group configurations have been configured.
Procedure
l Run the display bgp peer [ ipv4-address ] verbose command to check detailed information
about BGP peers.
l Run the display bgp group [ group-name ] command to check information about BGP
peer groups.
NOTE
This command is applied only to devices on which BGP peer groups are created.
If a peer group is specified in this command, detailed information about this peer group
will be displayed. If no peer group is specified in this command, information about all BGP
peer groups is displayed.
----End
Example
Run the display bgp group [ group-name ] command in the system view to view information
about a specified peer group.
# View information about a peer group named rr.
Applicable Environment
BGP uses the AS_Path attribute to prevent route loops, but it does not change the AS_Path
attribute of a route sent between IBGP peers within an AS. This may cause a route loop. To
prevent this problem, the BGP standard defines that a BGP device is prohibited from advertising
any route that received from another IBGP peer. Full-mesh connections then must be created
between IBGP peers to ensure the connectivity between them. If many IBGP peers exists, the
overhead will be large and the configuration workload will be heavy for establishing full-mesh
logical connections between routers. In addition, the network will be difficult to maintain.
Using BGP confederations or RRs can solve these problems. A BGP confederation consists of
several sub-ASs in an AS. Full-mesh logical connections need to be established and maintained
between IBGP peers in each sub-AS. To deploy RRs, you only need to configure the RR
functionality on routers and do not need to change configurations on other devices. In this regard,
deploying RRs is easier and more flexible than deploying confederations.
Pre-configuration Tasks
Before configuring a BGP RR, complete the following task:
l Configuring Basic BGP Functions
Data Preparation
To configure a BGP RR, you need the following data.
No. Data
Context
In an AS, one router serves as an RR, and the other routers serve as clients. IBGP peer
relationships are set up between the RR and clients. The RR reflects routes between clients, and
BGP connections do not need to be established between the clients. A BGP device that is neither
an RR nor a client is called a non-client. Non-clients and the RR must establish full-mesh
connections with each other.
After receiving IBGP routes, the RR selects optimal routes based on BGP route selection policies
and advertises learned routes to its clients and non-clients following the rules described below:
l After learning routes from non-clients, the RR advertises the routes to all clients.
l After learning routes from clients, the RR advertises the routes to all non-clients and clients.
In addition, the RR advertises learned EBGP routes to all non-clients and clients.
It is easy to configure an RR. The RR functionality only needs to be configured on one router.
Configurations on clients are not required.
Perform the following steps on the router that is running BGP and is to be specified as an RR:
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv4-family unicast
Step 4 Run:
peer { ipv4-address | group-name } reflect-client
reflect-client configured in an address family is valid only in this address family and cannot be
inherited by other address families. Configuring reflect-client in a specified address family is
recommended.
----End
Context
The RR usually advertises the routes learned from clients to all non-clients and clients. If full-
mesh logical connections have been established between all the clients of the RR, the clients are
capable of sending routes to each other without the help of the RR. Route reflection can be
disabled between clients to reduce the stress on the RR.
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv4-family unicast
Step 4 Run:
undo reflect between-clients
If the clients of an RR have established full-mesh connections with each other, the undo reflect
between-clients command can be used to disable route reflection between clients in order to
reduce the link cost. By default, route reflection is enabled between the clients of an RR.
----End
Context
A backup RR is usually deployed in an AS to prevent a fault on an RR from causing the clients
and non-clients unable to receive routing information. This backup RR improves network
reliability.
As shown in Figure 8-2, RR1 and RR2 are configured as backups for each other in AS 65000.
Clients 1, 2, and 3 are their clients. An IBGP peer relationship is set up between RR1 and RR2
so that each RR is the other RR's non-client.
RR1 RR2
IBGP
Cluster
Route loops may easily occur in this network. For example, when Client1 receives an updated
route from an EBGP peer, it uses IBGP to advertise this route to RR1 and RR2. Then the
following problems will happen in the same time:
l RR1 advertises it to its clients and non-client (RR2),
l RR2 advertises it to its clients and non-client (RR1).
As a result, a route loop occurs between RR1 and RR2.
To address this problem, configure all routers on the network shown in Figure 8-2 into the same
cluster and assign them the same cluster ID. After the configuration is complete, if Client1
receives an updated route from an EBGP peer, it uses IBGP to advertise this route to RR1 and
RR2.
l After receiving this route, RR1 reflects it to its clients and RR2 and adds the local cluster
ID to the front of the cluster list.
l After receiving the route reflected from RR1, RR2 checks the cluster list. After finding that
the local cluster ID is already on the cluster list, RR2 discards the route.
NOTE
Using a cluster list prevents route loops between RRs within an AS.
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv4-family unicast
Step 4 Run:
reflector cluster-id cluster-id
A cluster ID is configured.
If a cluster has multiple RRs, use this command to set the same cluster-id for these RRs to prevent
route loops.
NOTE
To ensure that a client can learn the routes reflected by an RR, the Cluster ID configured on the RR must
be different from the Cluster ID of the client (By default, the client uses its Router ID as the cluster ID). If
the Cluster ID is the same as the Cluster ID of the client, the client discards received routes.
----End
Context
Usually, BGP routes are delivered to the IP routing table on the router to guide traffic forwarding.
If the router does not need to forward traffic, disable BGP route delivery to the IP routing table
on the router.
BGP route delivery to the IP routing table is generally disabled on RRs. An RR transmits routes
and forwards traffic within an AS. If the RR is connected to many clients and non-clients, the
route transmission task will consume a lot of CPU resources of the RR and cause the RR unable
to implement traffic forwarding. To improve the efficiency of route transmission, disable BGP
route delivery to the IP routing table on the RR to make the RR dedicated to route transmission.
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
NOTE
The routing-table rib-only command and the active-route-advertise command are mutually exclusive.
----End
Context
According to RFC 4456, the route attributes on the RR cannot be modified using the export
policy. This is because it may cause route loops. By default, the RR is disabled from modifying
the route attributes using the export policy. But if you need to re-plan the network traffic, you
can enable the RR to modify the route attributes by using the export policy.
Procedure
Step 1 Run:
system-view
You can enable the RR to modify the route attributes of the BGP routes using the export policy.
By default, you can disable the RR from modifying the route attributes using the export policy.
After you enable the reflect change-path-attribute command on an RR, the configurations of
the RR attributes modified using the export policy takes effect immediately. Perform the
following operations:
l Run the apply as-path command to modify the AS_Path attributes of BGP routes.
l Run the apply comm-filter delete command to delete all community attributes from a BGP
route.
l Run the apply community command modifies the community attributes of BGP routes.
l Run the apply cost command to modify the cost of BGP routes, that is, to modify its
multi_exit discriminator (MED).
l Run the apply ip-address nexthop command to modify the next hop of the BGP routes.
l Run the apply local-preference command to modify the local preference of BGP routes.
l Run the apply origin command to modify the Origin attributes of BGP routes.
l Run the apply extcommunity command to modify the extended community attributes of
BGP routes.
NOTE
After the reflect change-path-attribute command is run on the RR, the peer route-policy export
command takes precedence over the peer next-hop-invariable and peer next-hop-local commands.
----End
Prerequisites
All BGP RR configurations have been configured.
Procedure
l Run the display bgp [ vpnv4 [ vpn-instance vpn-instance-name | all ] | vpn-target |
l2vpn | vpls ] peer [ ipv4-address ] verbose command to check detailed information about
BGP peers.
l Run the display bgp routing-table [ network [ { mask | mask-length } [ longer-
prefixes ] ] ] command to check information in a BGP routing table.
----End
Example
# After a BGP RR is configured, run the following command to view detailed information about
its peers.
<HUAWEI> display bgp peer 10.1.1.2 verbose
Update-group ID: 1
BGP current state: Established, Up for 00h01m24s
BGP current event: KATimerExpired
BGP last state: OpenConfirm
BGP Peer Up count: 1
Received total routes: 0
Received active routes total: 0
Advertised total routes: 0
Port: Local - 179 Remote - 50450
Configured: Connect-retry Time: 32 sec
Configured: Active Hold Time: 180 sec Keepalive Time:60 sec
Received : Active Hold Time: 180 sec
Negotiated: Active Hold Time: 180 sec Keepalive Time:60 sec
Peer optional capabilities:
Peer supports bgp multi-protocol extension
Peer supports bgp route refresh capability
Peer supports bgp 4-byte-as capability
Address family IPv4 Unicast: advertised and received
Received: Total 3 messages
Update messages 1
Open messages 1
KeepAlive messages 2
Notification messages 0
Refresh messages 0
Sent: Total 4 messages
Update messages 1
Open messages 2
KeepAlive messages 2
Notification messages 0
Refresh messages 0
Authentication type configured: None
Last keepalive received: 2012-03-06 19:17:37 UTC-08:00
Last keepalive sent : 2012-03-06 19:17:37 UTC-08:00
Last update received: 2012-03-06 19:17:43 UTC-08:00
Last update sent : 2012-03-06 19:17:37 UTC-08:00
Minimum route advertisement interval is 15 seconds
Optional capabilities:
Route refresh capability has been enabled
4-byte-as capability has been enabled
It's route-reflector-client
Peer Preferred Value: 0
Routing policy configured:
No routing policy is configured
NOTE
The message of It's route-reflector-client will be displayed in the command output only after the display
bgp peer ipv4-address verbose command is run on an RR.
Applicable Environment
A confederations can be used to reduce the number of IBGP connections in an AS. It divides an
AS into several sub-ASs. Full-mesh IBGP connections are established between devices in each
sub-AS, and full-mesh EBGP connections are established between devices in different sub-ASs,
Pre-configuration Tasks
Before configuring a BGP confederation, complete the following tasks:
l Configuring link layer protocol parameters for interfaces to ensure that the link layer
protocol on the interfaces is Up
l Configuring Basic BGP Functions
Procedure
l Configure a BGP confederation.
1. Run:
system-view
A confederation ID is set.
4. Run:
confederation peer-as { as-number-plain | as-number-dot } &<1-32>
The number of the sub-AS where other EBGP peers connected to the local AS reside
is set.
The confederation id and confederation peer-as commands must be run on all the
EBGP peers in the same confederation, and the same confederation ID must be set for
these EBGP peers.
NOTE
An old speaker that has a 2-byte AS number cannot be in the same confederation with a new
speaker that has a 4-byte AS number. Otherwise, a routing loop may occur. This is because the
AS4_Path attribute does not support confederations.
l Configure confederation compatibility.
Other routers may implement the confederation that does not comply with the RFC
standard. In such a situation, confederation compatibility must be configured. Perform the
following steps on a BGP device:
1. Run:
system-view
Applicable Environment
Community attributes are used to simplify routing policy application and facilitate network
maintenance. They allow a group of BGP devices in different ASs to share the same routing
policies. Before advertising a route with the community attribute to peers, a BGP device can
change the original community attribute of this route. Community attributes are route attributes,
which are transmitted between BGP peers, and the transmission is not restricted within an AS.
Pre-configuration Tasks
Before configuring BGP community attributes, complete the following task:
Data Preparation
To configure BGP Community attributes, you need the following data.
No. Data
Procedure
Step 1 Run:
system-view
Step 2 Run:
route-policy route-policy-name { permit | deny } node node
A node is configured for a routing policy, and the view of the routing policy is displayed.
Step 3 (Optional) Configure filtering conditions (if-match clauses) for a routing policy. Community
attributes can be added only to the routes that pass the filtering, and the community attributes
of only the routes that pass the filtering can be modified.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv4-family unicast
Step 4 Run:
peer { ipv4-address | group-name } route-policy route-policy-name export
NOTE
When configuring a BGP community, use a routing policy to define the community attribute, and apply
the routing policy to the routes to be advertised.
For details on routing policy configurations, see the chapter "Routing Policy Configuration."
Step 5 Run the following commands to advertise community attributes to the peer group.
l To configure the BGP device to send a standard community attribute to its peer or peer group,
run:
peer { ipv4-address | group-name } advertise-community
l To advertise an extended community attribute to a specified peer or peer group, perform the
following steps:
NOTE
After the peer advertise-ext-community command is enabled, BGP sends the routes with extended
community attribute to its peer or peer group. If the peer or peer group only want to receive the routes, but
not extended community attribute, you can configure the peer discard-ext-community command on the
peer or peer group to discard the extended community attribute from the received routing information.
----End
Prerequisites
The BGP community attribute configurations have been configured.
Procedure
l Run the display bgp routing-table network [ mask | mask-length ] command to check the
detailed information about BGP routes.
l Run the display bgp routing-table community [ community-number | aa:nn ] &<1-29>
[ internet | no-advertise | no-export | no-export-subconfed ] * [ whole-match ] command
to check information about the routes carrying specified BGP community attributes.
----End
Example
# Run the display bgp routing-table community command to view the routes carrying specified
BGP community attributes.
<HUAWEI> display bgp routing-table community
BGP Local router ID is 1.1.1.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Community
* 1.1.1.0/24 1.1.1.1 0 0 no-export
* 1.1.1.2/32 1.1.1.1 0 0 no-export
*> 192.168.10.0 10.2.1.2 0 0 no-export-
subconfed
*> 192.168.15.0 10.2.1.2 0 0 internet
*> 192.168.18.0 10.2.1.2 0 0 no-advertise
Applicable Environment
During routing information transmission between two devices, routing policies can be used on
receiving and sending devices to filter routes.
l If a routing policy is used to filter routing information received by the route receiving device
but no policy is used to filter routing information to be sent by the route sending device
and the route sending device sends a great deal of routing information, the route receiving
device will have to process a great deal of unwanted routing information. This consumes
a lot of network bandwidth resources.
l If routes to be advertised by the route sending device need to be filtered and the device has
many BGP peers, many export policies need to be configured on the device. This is
unhelpful for network planning and maintenance and consumes lots of memory resources.
To address these problems, prefix-based BGP ORF is used to implement on-demand BGP route
advertisement. A BGP device uses an export policy provided by a route receiving device to filter
routes before sending these routes. It is unnecessary for the local device to provide a separate
export policy for each BGP peer. As a result, the loads of the two communication devices,
network bandwidth consumption, and configuration workload are reduced.
NOTE
Pre-configuration Tasks
Before configuring prefix-based BGP ORF, complete the following tasks:
Data Preparation
To configure prefix-based BGP ORF, you need the following data.
No. Data
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv4-family unicast
Step 4 Run:
peer { group-name | ipv4-address } capability-advertise orf [ non-standard-
compatible ] ip-prefix { both | receive | send } [ standard-match ]
NOTE
Step 5 Run:
peer { group-name | ipv4-address } ip-prefix ip-prefix-name import
NOTE
This step is performed only on the receiving device. An IP prefix list specified by ip-prefix-name must
have been configured. Otherwise, route filtering cannot be implemented. For details on IPv4 prefix list
configurations, see 10.2.2 Configuring an IPv4 Prefix List.
----End
The display bgp peer ipv4-address orf ip-prefix command must be run only on devices that have
sent routing information.
Usage Scenario
BGP is used to transmit routing information on large-scale networks. Frequent network changes
affect the establishment and maintenance of BGP peer relationships and the BGP network
convergence speed.
BGP route dampening and triggered update suppress frequent route changes to an extent, but
cannot minimize the impact of network flapping on BGP connections.
To suppress BGP network flapping and speed up BGP network convergence, configure BGP
timers, disable rapid EBGP connection reset, enable BGP tracking and slow peer detection.
l ConnectRetry timer
A ConnectRetry timer is used to set an interval between BGP attempts to initiate TCP
connections. After BGP initiates a TCP connection, the ConnectRetry timer will be stopped
if the TCP connection is established successfully. If the first attempt to establish a TCP
connection fails, BGP tries again to establish the TCP connection after the ConnectRetry
timer expires.
You can accelerate or slow down the establishment of BGP peer relationships by changing
the BGP ConnectRetry interval. For example, if the ConnectRetry interval is reduced, BGP
will wait less time before retrying to establish a TCP connection when the previous attempt
fails, which speeds up TCP connection establishment. If a BGP peer flaps constantly, the
ConnectRetry interval can be increased to suppress route flapping caused by BGP peer
flapping, which speeds up route convergence.
l BGP Keepalive and hold timers
BGP uses Keepalive messages to maintain BGP peer relationships and monitor connection
status.
After establishing a BGP connection, two peers send Keepalive messages periodically to
each other to detect the BGP connection status. If the router does not receive any Keepalive
message or any other types of packets from the peer within the hold time, the router
considers the BGP connection interrupted and terminates the BGP connection.
l BGP MinRouteAdvertisementIntervalTimer
BGP does not periodically update a routing table. When BGP routes change, BGP updates
the changed BGP routes in the BGP routing table by sending Update messages. If a route
changes frequently, to prevent the router from sending Update messages upon every
change, set the interval at which Update messages are sent.
l Rapid EBGP connection reset
Rapid EBGP connection reset is enabled by default so that EBGP can quickly detect the
status of interfaces used to establish EBGP connections. If the interface status changes
frequently, disable rapid EBGP connection reset. After rapid EBGP connection reset is
disabled, direct EBPG sessions will not be reestablished and deleted as interface alternates
between Up and Down, which speeds up network convergence.
l BGP peer tracking
BGP peer tracking can speed up network convergence by adjusting the interval between
peer unreachability discovery and a connection interruption. BGP peer tracking is easy to
deploy and has good extensibility.
l Slow peer detection
After slow peer detection is configured on a device, the device identifies the slow BGP
peer (if any) and removes it from the update peer-group to prevent this slow peer from
affecting route advertisement to other peers in this update peer-group. Slow peer detection
speeds up BGP network convergence.
Pre-configuration Tasks
Before adjusting the BGP network convergence speed, configure basic BGP functions.
Data Preparation
To adjust the BGP network convergence speed, you need the following data.
No. Data
Context
After BGP initiates a TCP connection, the ConnectRetry timer will be stopped if the TCP
connection is established successfully. If the first attempt to establish a TCP connection fails,
BGP tries again to establish the TCP connection after the ConnectRetry timer expires.
l Setting a short ConnectRetry interval reduces the period BGP waits between attempts to
establish a TCP connection. This speeds up the establishment of the TCP connection.
l Setting a long connectRetry interval suppresses routing flapping caused by peer relationship
flapping.
A ConnectRetry timer can be configured either for all peers or peer groups, or for a specific peer
or peer group. A ConnectRetry timer configured for a specific peer takes precedence over that
configured for the peer group of this peer. In addition, a ConnectRetry timer configured for a
specific peer or peer group takes precedence over that configured for all peers or peer groups.
Procedure
l Configure a BGP ConnectRetry timer for all peers or peer groups.
1. Run:
system-view
1. Run:
system-view
The ConnectRetry timer configured for a peer or peer group takes precedence over
that configured for all peers or peer groups.
----End
Context
Keepalive messages are used by BGP to maintain peer relationships. After establishing a BGP
connection, two peers periodically send Keepalive messages to each other to detect BGP peer
relationship status. If a device receives no Keepalive message from its peer after the hold timer
expires, the device considers the BGP connection to be closed.
l If short Keepalive time and holdtime are set, BGP can detect a link fault quickly. This
speeds up BGP network convergence, but increases the number of Keepalive messages on
the network and loads of routers, and consumes more network bandwidth resources.
l If long Keepalive time and holdtime are set, the number of Keepalive messages on the
network is reduced. This reduces loads of routers. If the Keepalive time is too long, BGP
is unable to detect link status changes in a timely manner. This is unhelpful for
implementing rapid BGP network convergence and may cause many packets to be lost.
NOTICE
Changing timer values using the timer command or the peer timer command interrupts BGP
peer relationships between routers. Therefore, exercise caution before changing the value of a
timer.
Keepalive and hold timers can be configured either for all peers or peer groups, or for a specific
peer or peer group. Keepalive and hold timers configured for a specific peer take precedence
over those configured for the peer group of this peer. In addition, Keepalive and hold timers
configured for a specific peer or peer group take precedence over those configured for all peers
or peer groups.
Procedure
l Configure BGP timers for all peers or peer groups.
1. Run:
system-view
The proper maximum interval at which Keepalive messages are sent is one third the
holdtime and is not less than one second. If the holdtime is not set to 0, it is 3s at least.
By default, the keepalive-time value is 60s and the hold-time value is 180s.
NOTE
Setting the Keepalive time to 20s is recommended. If the Keepalive time is smaller than 20s,
sessions between peers may be closed.
When setting values of keepalive-time and hold-time, note the following points:
– The keepalive-time and hold-time values cannot be both set to 0. Otherwise, the
BGP timers become invalid, meaning that BGP will not send Keepalive messages
to detect connection status.
– The hold-time value cannot be much greater than the keepalive-time value. For
example, keepalive-time cannot be set to 1 while hold-time is set to 65535. If the
hold-time value is too large, BGP cannot detect connection status in time.
If the local device establishes BGP peer relationships with many devices, it needs to
process huge BGP messages. If hold-time negotiated among BGP peers is small, the
timer may expire before the local device processes the Keepalive messages sent from
other BGP peers. The peer relationships are then interrupted, and routes flap. To solve
the preceding problem, you can configure an appropriate value for min-holdtime min-
holdtime based on the CPU processing capability of the local device.
If the value of min-holdtime is changed, but the values of keepalive-time and hold-
time negotiated between two BGP peers remain unchanged, the established peer
relationship is not affected. Only when the local device attempts to re-establish a
relationship with a remote device, the value of min-holdtime configured on the local
device takes effect. The local device compares min-holdtime with hold-time sent from
the remote device. If the value of min-holdtime exceeds that of hold-time, hold-time
negotiation fails, and the peer relationship fails to be established.
NOTE
If min-holdtime is configured on the local device, and the value of hold-time sent from the
remote device is 0, hold-time negotiation between the two devices succeeds. The negotiated
value of hold-time is 0, and the peer relationship is established. The value 0 of hold-time
indicates that the peer relationship never expires.
l Configure timers for a specific peer or peer group.
1. Run:
system-view
The Keepalive and hold timer values are set for a specific peer or peer group.
For information about the relationship between the keepalive-time and hold-time
values, see Configure BGP timers for all peers or peer groups.
NOTE
Setting the Keepalive time to 20s is recommended. If the Keepalive time is smaller than 20s,
sessions between peers may be closed.
Timers set for a specific peer or peer group takes precedence over timers set for all
peers or peer groups.
----End
Context
BGP peers use update messages to exchange routing information. Update messages can be used
to advertise multiple reachable routes with the same attributes or withdraw multiple unreachable
routes.
BGP does not periodically update a routing table. When BGP routes change, BGP updates the
changed BGP routes in the BGP routing table by sending Update messages. If a route changes
frequently, to prevent the router from sending Update messages upon every change, set the
interval at which Update messages are sent.
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
peer { ipv4-address | group-name } route-update-interval interval
A MinRouteAdvertisementIntervalTimer is configured.
By default, the interval at which Update messages are sent to IBGP peers is 15s, and the interval
at which Update messages are sent to EBGP peers is 30s.
ipv4-address specifies the address of a specific group. group-name specifies the name of a peer
group. The MinRouteAdvertisementIntervalTimer configured for a peer takes precedence over
the MinRouteAdvertisementIntervalTimer configured for a peer group.
----End
Context
In most cases, BGP routes do not have directly reachable next hops, and route iteration must be
used. When many BGP routes are iterated to one next hop and a non-critical iteration change
occurs on the next hop, such as a change of IGP metric or the number of load balancing routes,
an indirect next hop-enabled device can update forwarding entries rapidly. In this situation, BGP
does not need to update routes one by one, and you can configure the rate at which BGP updates
routes in response to non-critical iteration changes to allow the device to update BGP routes in
the IP routing table gradually. This configuration prevents BGP from occupying the CPU
resource of other protocols, reduces CPU loads, and ensures device reliability.
Pre-configuration Tasks
Before configuring the rate at which BGP updates routes in response to non-critical iteration
changes, configure basic BGP functions.
Data Preparation
To configure the rate at which BGP updates routes in response to non-critical iteration changes,
you need the following data.
No. Data
1 Interval at which BGP updates routes in response to non-critical iteration changes and
the number of routes that are updated during the interval
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv4-family unicast
Step 4 Run:
The rate at which BGP updates routes in response to non-critical iteration changes is configured.
By default, the rate at which BGP updates routes in response to non-critical iteration changes is
not configured.
NOTE
When many BGP routes are iterated to one next hop and a non-critical iteration change occurs on the next
hop, if the nexthop recursive-lookup non-critical-event route-update-timer command is configured,
the BGP route convergence is slowed down. Before BGP updates all routes associated with the next hop,
the IP routing table shows iteration information before the update. However, the forwarding entries have
been updated, and traffic is forwarded along the correct path.
The nexthop recursive-lookup non-critical-event route-update-timer command does not take effect to
critical iteration changes on a next hop, and for example, the reachability of the next hop changes due to
interface flapping.
----End
Context
Rapid EBGP connection reset is enabled by default. This allows BGP to immediately respond
to a fault on an interface and delete the direct EBGP sessions on the interface without waiting
for the hold timer to expire and implements rapid BGP network convergence.
NOTE
Rapid EBGP connection reset enables BGP to quickly respond to interface faults but does not enable BGP
to quickly respond to interface recovery. After the interface recovers, BGP uses its state machine to restore
relevant sessions.
If the status of an interface used to establish an EBGP connection changes frequently, the EBGP
session will be deleted and reestablished repeatedly, causing network flapping. Rapid EBGP
connection reset can be disabled in such a situation. BGP will delete direct EBGP sessions on
the interface until the hold timer expires. This suppresses BGP network flapping, helps to
implement rapid BGP network convergence, and reduces network bandwidth consumption.
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
undo ebgp-interface-sensitive
NOTE
Rapid EBGP connection reset is disabled in a situation where the status of an interface used to establish
an EBGP connection changes frequently. If the status of the interface becomes stable, run the ebgp-
interface-sensitive command to enable rapid EBGP connection reset to implement rapid BGP network
convergence.
----End
Context
BGP can be configured to detect peer relationship status changes in order to implement rapid
BGP convergence. BFD, however, needs to be configured on the entire network, and has poor
extensibility. If BFD cannot be deployed on a device to detect BGP peer relationship status,
BGP peer tracking can be enabled on the device to quickly detect link or peer unreachability,
implementing rapid network convergence.
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
peer { group-name | ipv4-address } tracking [ delay delay-time ]
BGP peer tracking is enabled on the device to detect the status of a specified peer.
ipv4-address specifies the address of a peer. group-name specifies the name of a peer group.
BGP peer tracking configured on a peer takes precedence over BGP peer tracking configured
on the peer group of this peer.
If delay-time is not specified, the default delay (0 seconds) is used. This means that a BGP device
tears down the connection with a peer immediately after detecting the peer unreachable.
A proper delay-time value can ensure network stability.
l If an IBGP peer relationship is established based on an IGP route, the delay-time values set
on BGP peers must be greater than the IGP route convergence time. Otherwise, if IGP route
flapping occurs, the BGP peer relationship will be interrupted before network convergence
is complete.
NOTE
IGP GR is configured and a BGP peer relationship is established based on an IGP route. If a device
becomes faulty and performs an active/standby switchover, the IGP will not delete routes received by
the device. As a result, the BGP peer relationship will not be interrupted, even through BGP peer
tracking does not take effect.
l If BGP peers have negotiated the GR capability and one of the peers performs an active/
standby switchover, the delay-time values on the BGP peers must be greater than the GR
time. Otherwise, the BGP peer relationship will be interrupted before the GR time expires.
As a result, GR becomes invalid.
----End
Prerequisites
Adjusting the BGP network convergence speed has been configured.
Procedure
l Run the display bgp peer [ verbose ] command to check information about BGP peers.
l Run the display bgp group [ group-name ] command to check information about BGP
peer groups.
----End
Example
Run the display bgp peer verbose command in the system view to view the configured
Keepalive timer, hold timer, MinRouteAdvertisementIntervalTimer, and BGP tracking function.
# View detailed information about BGP peers.
<HUAWEI> display bgp peer verbose
NOTE
"Tracking has been enabled, and the delay is 50s" is displayed only when the display bgp peer verbose
command is run on the router enabled with BGP tracking.
Applicable Environment
The main cause of route instability is route flapping. A route is considered to be flapping when
it repeatedly appears and then disappears in the routing table. BGP is generally applied to
complex networks where routes change frequently. Frequent route flapping consumes lots of
bandwidth and CPU resources and even seriously affects network operations.
BGP route dampening prevents frequent route flapping by using a penalty value to measure route
stability. When a route flaps for the first time, a penalty value is assigned to the route. Later,
each time the route flaps, the penalty value of the route increases by a specific value. The greater
the penalty value, the less stable the route. If the penalty value of a route exceeds the pre-defined
threshold, the route will not be advertised until the penalty value of the route reduces to the reuse
threshold.
Route dampening applies only to EBGP routes. IBGP routes, however, cannot be dampened.
Generally, IBGP routes include routes from the local AS, requiring that the forwarding tables
be the same. In addition, IGP fast convergence aims to achieve information synchronization. If
IBGP routes are dampened, dampening parameters vary on different devices, and the forwarding
tables are inconsistent.
Pre-configuration Tasks
Before configuring BGP route dampening, complete the following task:
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv4-family unicast
Step 4 Run:
dampening [ half-life-reach reuse suppress ceiling | route-policy route-policy-
name ] *
NOTE
When you configure BGP route dampening, the values of reuse, suppress, and ceiling should
meet the relationship of reuse<suppress<ceiling.
If routes are differentiated based on policies and the dampening command is run to reference
a route-policy, BGP can use different route dampening parameters to suppress different routes.
----End
l Run the display bgp routing-table dampening parameter command to check configured
BGP route dampening parameters.
# Run the display bgp routing-table flap-info command to view BGP route flapping statistics.
For example:
<HUAWEI> display bgp routing-table flap-info
BGP Local router ID is 20.20.200.201
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
# Run the display bgp routing-table dampened command to view dampened BGP routes. For
example:
<HUAWEI> display bgp routing-table dampened
BGP Local router ID is 223.1.41.102
Status codes: * - valid, > - best, d - damped
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
# Run the display bgp routing-table dampening parameter command to view configured BGP
route dampening parameters. For example:
<HUAWEI> display bgp routing-table dampening parameter
Maximum Suppress Time(in second) : 3973
Ceiling Value : 16000
Reuse Value : 750
HalfLife Time(in second) : 900
Suppress-Limit : 2000
Applicable Environment
The BGP routing table of a device on a medium or large BGP network contains a large number
of routing entries. Storing the routing table consumes a large number of memory resources, and
transmitting and processing routing information consume lots of network resources. If a device
needs to send multiple routes to its peer, the device can be configured to send only a default
route with the local address as the next-hop address to its peer, regardless of whether there are
default routes in the local routing table. This greatly reduces the number of routes on the network
and the consumption of memory resources on the peer and network resources.
Figure 8-3 Networking diagram for configuring a BGP device to send a default route to its peer
20.1.1.0/24
RouterA
192.168.2.2/24
20.2.1.0/24
192.168.2.1/24
RouterB
20.3.1.0/24
On the network shown in Figure 8-3, Router A and Router B have established a BGP peer
relationship. Router B has imported routes to network segments 20.1.1.0/24, 20.2.1.0/24, and
20.3.1.0/24 to its BGP routing table. Router A needs to learn these routes from Router B. To
reduce the consumption of memory resources of Router A and bandwidth used by Router B for
sending routing information to Router A, configure Router B to send a default route to its peer
(Router A) and use a routing policy to prevent all the routes to network segments 20.1.1.0/24,
20.2.1.0/24, and 20.3.1.0/24 from being sent to Router A. Then, Router A stores only one default
route but can still send traffic to the three network segments.
Pre-configuration Tasks
Before configuring a BGP device to send a default route to its peer, complete the following task:
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv4-family unicast
Step 4 Run:
peer { group-name | ipv4-address } default-route-advertise [ route-policy route-
policy-name ] [ conditional-route-match-all { ipv4-address1 { mask1 | mask-
length1 } } &<1-4> | conditional-route-match-any { ipv4-address2 { mask2 | mask-
length2 } } &<1-4> ]
If route-policy route-policy-name is set, the BGP device changes attributes of a default route
based on the specified route policy.
NOTE
After the peer default-route-advertise command is used on a device, the device sends a default route with
the local address as the next-hop address to a specified peer, regardless of whether there is a default route
in the routing table.
----End
# Run the display bgp routing-table command on a peer to view information about a received
BGP default route.
<HUAWEI> display bgp routing-table
Usage Scenario
On large networks, there may be multiple valid routes to the same destination. BGP, however,
advertises only the optimal route to its peers. This may result in unbalanced traffic on different
routes.
The following two methods can be used to address the problem of unbalanced traffic:
l Use BGP routing policies to allow traffic to be balanced. For example, use a routing policy
to modify the Local_Pref, AS_Path, Origin, and Multi_Exit Discriminator (MED) attributes
of BGP routes to direct traffic to different forwarding paths for load balancing. For details
on how to modify attributes of BGP routes, see Configuring BGP Route Attributes.
l Use multiple paths for load balancing. In this method, multiple equal-cost routes need to
be configured for traffic load balancing.
NOTE
Equal-cost BGP routes can be generated for traffic load balancing only when the first 9 route attributes
described in "Principles of Route Selection" in BGP Features Supported by the NE80E/40E are
the same, and the AS_Path attributes are also the same.
Pre-configuration Tasks
Before configuring BGP load balancing, configure basic BGP functions.
Data Preparation
To configure BGP load balancing, you need the following data.
No. Data
Procedure
l Set the number of BGP routes to be used for load balancing.
1. Run:
system-view
3. Run:
ipv4-family unicast
By default, the number of BGP routes to be used for load balancing is 1, meaning that
load balancing is not implemented.
– ebgp indicates that load balancing is implemented only among EBGP routes.
– ibgp indicates that load balancing is implemented only among IBGP routes.
– If neither ebgp nor ibgp is specified, both EBGP and IBGP routes participate in
load balancing, and the number of EBGP routes to be used for load balancing is
the same as the number of IBGP routes to be used for load balancing.
NOTE
The maximum load-balancing number command cannot be configured together with the
maximum load-balancing ebgp number or maximum load-balancing ibgp number
command.
When routes with the same destination addresses carry out load balancing on the public
network, the system determines the type of optimal routes first. If the optimal routes are IBGP
routes, only IBGP routes carry out load balancing. If the optimal routes are EBGP routes, only
EBGP routes carry out load balancing. This means that load balancing cannot be implemented
among IBGP and EBGP routes with the same destination address.
5. (Optional) Run:
maximum load-balancing [ ebgp | ibgp ] number
The device has been configured whether to change the next hop addresses of the routes
to be advertised to a local address.
If you run the maximum load-balancing number command, the device changes the
next hop addresses of the routes to be advertised to a local address no matter whether
the routes are used for load balancing.
If you run the maximum load-balancing [ ebgp | ibgp ] number command, the device
does not change the next hop addresses of the routes to be advertised to a local address
no matter whether the routes are used for load balancing.
6. (Optional) Run:
load-balancing as-path-ignore
The router is configured not to compare the AS_Path attributes of the routes to be used
for load balancing.
By default, the router compares the AS_Path attributes of the routes to be used for
load balancing.
NOTE
l If there are multiple routes to the same destination but these routes pass through different
ASs, load balancing cannot be implemented among these routes by default. To implement
load balancing among these routes, run the load-balancing as-path-ignore command.
After the load-balancing as-path-ignore command is run, the device no longer compares
the AS_Path attributes of the routes to be used for load balancing. Therefore, exercise
caution when using this command.
l The load-balancing as-path-ignore and bestroute as-path-ignore commands are
mutually exclusive.
7. (Optional) Run:
bestroute igp-metric-ignore
BGP labeled routes can be selected, regardless of their IGP metric values.
By default, BGP labeled routes with the same destination but different next-hop metric
values cannot balance traffic. To enable these routes to balance traffic, run the
bestroute igp-metric-ignore command. After this command is run, routes can be
selected to balance traffic, regardless of their IGP metric values. Exercise caution
when using this command.
l Set the maximum number of EBGP and IBGP routes to be used for load balancing.
This configuration is used in a VPN where a CE is dual-homed to two PEs. When the CE
and one PE belong to an AS and the CE and the other PE belong to a different AS, you can
set the number of EBGP and IBGP routes to be used for load balancing. This allows VPN
traffic to be balanced among EBGP and IBGP routes.
1. Run:
system-view
The maximum number of EBGP and IBGP routes is set for load balancing.
By default, the maximum number of EBGP and IBGP routes to be used for load
balancing is not set.
5. (Optional) Run:
maximum load-balancing eibgp number
The device has been configured whether to change the next hop addresses of the routes
to be advertised to a local address.
If you run the maximum load-balancing eibgp number command, the device changes
the next hop addresses of the routes to be advertised to a local address no matter
whether the routes are used for load balancing.
6. (Optional) Run:
load-balancing as-path-ignore
The router is configured not to compare the AS_Path attributes of the routes to be used
for load balancing.
By default, the router compares the AS_Path attributes of the routes to be used for
load balancing.
NOTE
l After the load-balancing as-path-ignore command is run, the router no longer compares
the AS_Path attributes of the routes to be used for load balancing. Therefore, exercise
caution when using this command.
l The load-balancing as-path-ignore and bestroute as-path-ignore commands are
mutually exclusive.
l Set the maximum number of labeled BGP routes for load balancing.
Load balancing among labeled BGP routes is applicable to BGP LSP scenarios, such as
inter-AS VPN Option C and seamless MPLS scenarios. After load balancing is configured
among labeled BGP routes on the ingress of a BGP LSP, they can load-balance traffic as
long as equal-cost labeled BGP routes exist, which improves network bandwidth utilization.
1. Run:
system-view
The maximum number of labeled BGP routes is set for load balancing.
By default, the maximum number of labeled BGP routes for load balancing is 1.
5. (Optional) Run:
bestroute igp-metric-ignore
BGP labeled routes can be selected, regardless of their IGP metric values.
By default, BGP labeled routes with the same destination but different next-hop metric
values cannot balance traffic. To enable these routes to balance traffic, run the
bestroute igp-metric-ignore command. After this command is run, routes can be
selected to balance traffic, regardless of their IGP metric values. Exercise caution
when using this command.
----End
Exception Handling
After the maximum load-balancing number command is run on a device, the device changes
the next hop addresses of the routes received from EBGP peers to the IP address used by the
device to establish a peer relationship with an IBGP peer. Then the device advertises the routes
to the IBGP peer. In Figure 8-4, Router B is an EBGP peer of Router A and Router D, and
Router B and Router C are IBGP peers.
AS 100 AS 200
1.1.1.9/32 10.1.1.1/30
10.1.1.2/30
RouterA
10.1.2.1/30
10.1.2.2/30
AS 300
10.1.3.2/30 RouterB RouterC
10.1.3.1/30
4.4.4.9/32
RouterD
If the maximum load-balancing number command is not run Router B, Router B does not
change the next hop addresses of routes received from Router A and Router D before advertising
the routes to Router C. The command output on Router C is used as an example.
After the maximum load-balancing number command is run on Router B, Router B changes
the next hop addresses of the routes received from Router A and Router D to 10.1.2.1 used by
Router B to establish an IBGP peer relationship with Router C. Then Router B advertises the
routes to Router C. The command output on Router C is used as an example.
<RouterC> display bgp routing-table
The next hop address change may lead to the change of the link along which data packets are
forwarded. In Figure 8-4, if you want to keep the next hop addresses of the routes received from
Router D before Router B sends them to Router C, configure import and export routing policies
on Router B.
First, configure an import routing policy on Router B to apply a community attribute to routes
received from Router D. Second, configure an export routing policy with the community attribute
set in the import routing policy as the filtering condition on Router B. If a route matches the
filtering condition, Router B changes the next hop address of the route back to the IP address
used by Router D to establish an EBGP peer relationship with Router B. Then, Router B
advertises the route to Router C. Detailed configurations are as follows:
bgp 200
ipv4-family unicast
peer 10.1.2.2 route-policy out export
peer 10.1.3.2 route-policy in import
#
route-policy in permit node 10
if-match ip next-hop ip-prefix prefix1
apply community 1:1
#
route-policy in permit node 20
#
route-policy out permit node 10
if-match community-filter filter1
apply ip-address next-hop 10.1.3.2
#
route-policy out permit node 20
#
After the preceding configurations, Router B changes the next hop addresses of the routes
received from Router D back to the IP address (10.1.3.2) used by Router D to establish an EBGP
peer relationship with Router B. Then, Router B advertises the route to Router C. The command
output on Router C is used as an example.
<RouterC> display bgp routing-table
Applicable Environment
The link-layer MTUs of different networks that a communication path traverses vary from each
other. The smallest MTU on the path is the most important factor that influences the
communication between the two ends of the path and is called the path MTU.
The path MTU varies with the selected route and therefore may change. In addition, path MTUs
in the inbound and outbound directions may be inconsistent. The path MTU auto discovery
function is used to find the smallest MTU on the path from the source to the destination. The
path MTU will be used as a basis for IP datagram fragmentation when TCP is used to transmit
BGP messages.
As shown in Figure 8-5, a BGP peer relationship is set up between Router A and Router D. BGP
messages are encapsulated into TCP data packets for transmission. The default maximum
segment size (MSS) is 536. Therefore, Router A sends TCP data packets of the default MSS of
536 to Router D. As a result, a lot of BGP messages are sliced and packed into different packets,
and the number of ACK packets corresponding to these messages increases, leading to a low
transmission efficiency. Path MTU auto discovery solves this problem. As shown in Figure
8-5, the path MTU between Router A and Router D is 1496. To speed up BGP message
transmission and improve BGP performance, configure path MTU auto discovery between
Router A and Router D to allow BGP messages to be transmitted based on the MSS of 1496.
Pre-configuration Tasks
Before configuring path MTU auto discovery, complete the following task:
Data Preparation
To configure path MTU auto discovery, you need the following data.
No. Data
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
peer { group-name | ipv4-address } path-mtu auto-discovery
After the command is run, a BGP peer learns the path MTU, preventing BGP messages to be
fragmented during transmission.
NOTE
The transmit and receive paths between two BGP peers may be different. Therefore, running this command
on both ends is recommended. It makes both peers exchange messages based on the path MTU.
Step 4 Run:
quit
Step 5 Run:
tcp timer pathmtu-age age-time
----End
l Run the display bgp peer [ ipv4-address ] verbose command to check whether path MTU
auto discovery has been successfully configured.
# After configuring path MTU auto discovery, view detailed information about the BGP peer at
10.1.1.2.
<HUAWEI> display bgp peer 10.1.1.2 verbose
NOTE
The message of Path MTU discovery has been configured will be displayed only after the display bgp
peer ipv4-address verbose command is run on the router where path MTU auto discovery has been enabled.
Context
Configuring the BGP next hop delayed response can speed up BGP route convergence and
minimize traffic loss.
As shown in Figure 8-6, PE1, PE2, and PE3 are the clients of the RR. CE2 is dual-homed to
PE1 and PE2. PE1 and PE2 advertise their routes to CE2 to the RR. The RR advertises the route
from PE1 to PE3. PE3 has a route to CE2 only and advertises this route to CE1. After the route
exchange, CE1 and CE2 can communicate. If PE1 fails, PE3 detects that the next hop is
unreachable and instructs CE1 to delete the route to CE2. Traffic is interrupted. After BGP route
convergence is complete, the RR selects the route advertised by PE2 and sends a route update
message to PE3. PE3 then advertises this route to CE1, and traffic forwarding is restored to the
normal state. A high volume of traffic will be lost during traffic interruption because BGP route
convergence is rather slow.
If the BGP next hop delayed response is enabled on PE3, PE3 does not reselect a route or instruct
CE1 to delete the route to CE2 immediately after detecting that the route to PE1 is unreachable.
After BGP convergence is complete, the RR selects the route advertised by PE2 and sends the
route to PE3. PE3 then reselects a route and sends a route update message to CE1. Traffic
forwarding is restored to the normal state. After the BGP next hop delayed response is enabled
on PE3, PE3 does not need to delete the route or instruct CE1 to delete the route. This delayed
response speeds up BGP route convergence and minimizes traffic loss.
Figure 8-6 Networking diagram for configuring the BGP next hop delayed response
CE2
RR PE2
The BGP next hop delayed response applies to a scenario where the next hop has multiple links
to reach the same destination. If there is only one link between the next hop and the destination,
configuring the BGP next hop delayed response may cause heavier traffic loss when the link
fails because link switching is impossible.
Pre-configuration Tasks
Before configuring the BGP next hop delayed response, complete the following task:
l Configuring Basic BGP Functions
Data Preparation
To configure the BGP next hop delayed response, you need the following data.
No. Data
Procedure
Step 1 Run:
system-view
l Urgent iteration result change: The iterated next hop is changed, and BGP route reachability
is also changed. For example, if a fault occurs on a network, a device finds no next-hop route
or tunnel to which a BGP route is iterated. As a result, traffic is interrupted.
l Non-urgent iteration result change: The iterated next hop is changed, and BGP route
reachability is not affected. For example, after the interface or type of a tunnel to which the
next hop of a BGP route is iterated is changed, traffic keeps traveling over the BGP route.
Run either of the following commands to set a delay time after which a device responds to a
BGP next hop change:
l To enable a device to delay responses to all next hop changes, run:
nexthop recursive-lookup delay [ delay-time ]
The preceding commands can be run separately or simultaneously The nexthop recursive-
lookup non-critical-event delay command takes precedence over the nexthop recursive-
lookup delay command if both commands are run.
The delay time specified in the nexthop recursive-lookup non-critical-event delay command
must be greater than or equal to that specified in the nexthop recursive-lookup delay command
if both commands are run.
----End
Usage Scenario
As technologies develop, voice and video services are widely applied. These services are
sensitive to the packet loss and delay. BGP periodically sends Keepalive packets to its peers to
detect the status of its peers. The detection mechanism, however, takes more than one second.
When the data transmission rate reaches the level of Gbit/s, such slow detection will cause a
large amount of data to be lost. As a result, the requirement for high reliability of carrier-class
networks cannot be met.
BFD for BGP can be used to reduce packet loss and delay. BFD for BGP detects faults on links
between BGP peers within 50 milliseconds. The fast detection speed ensures fast BGP route
convergence and minimizes traffic loss.
Pre-configuration Tasks
Before configuring BFD for BGP, configure basic BGP functions.
Data Preparation
To configure BFD for BGP, you need the following data.
No. Data
1 IP address of the BGP peer or name of the peer group for which BFD needs to be
configured
2 BFD parameters, including the minimum and maximum intervals for receiving BFD
packets, Wait-to-Restore (WTR) time of a BFD session, and the detection multiplier
Procedure
Step 1 Run:
system-view
Step 2 Run:
bfd
Step 3 Run:
quit
Step 4 Run:
bgp { as-number-plain | as-number-dot }
NOTE
BFD for BGP can be configured for the VPN in this view. To configure BFD for BGP for the public
network, skip this step.
NOTE
The BFD parameters of peers take precedence over those of peer groups. If BFD parameters are configured
on peers, they will be used in BFD session establishment.
The default interval for transmitting BFD packets and the default detection multiplier are
recommended. When changing the default values, pay attention to the network status and the
network reliability requirement. A short interval for transmitting BFD packets can be configured
for a link that has a higher reliability requirement. A long interval for transmitting BFD packets
can be configured for a link that has a lower reliability requirement.
NOTE
There are three formulas: Actual interval for the local device to send BFD packets = max {Locally
configured interval for transmitting BFD packets, Remotely configured interval for receiving BFD
packets}, Actual interval for the local device to receive BFD packets = max {Remotely configured interval
for transmitting BFD packets, Locally configured interval for receiving BFD packets}, and Local detection
period = Actual interval for receiving BFD packets x Remotely configured BFD detection multiplier.
For example:
l On the local device, the configured interval for transmitting BFD packets is 200 ms, the interval for
receiving BFD packets is 300 ms, and the detection multiplier is 4.
l On the peer device, the configured interval for transmitting BFD packets is 100 ms, the interval for
receiving BFD packets is 600 ms, and the detection multiplier is 5.
Then:
l On the local device, the actual interval for transmitting BFD packets is 600 ms calculated by using the
formula max {200 ms, 600 ms}; the interval for receiving BFD packets is 300 ms calculated by using
the formula max {100 ms, 300 ms}; the detection period is 1500 ms calculated by multiplying 300 ms
by 5.
l On the peer device, the actual interval for transmitting BFD packets is 300 ms calculated by using the
formula max {100 ms, 300 ms}; the interval for receiving BFD packets is 600 ms calculated by using
the formula max {200 ms, 600 ms}; the detection period is 2400 ms calculated by multiplying 600 ms
by 4.
wtr wtr-value can be specified in the command to suppress frequent BFD and BGP session
flapping caused by link flapping. If a BFD session over a link goes Down, it does not go Up
immediately after the link recovers. Instead, the BFD session waits for the WTR timer to expire
before going Up. If the link fails again before the WTR timer expires, BFD does not send a link
fault message to BGP, and the BGP session status is stabilized.
The default value of wtr-value is 0, which means that the WTR timer will not be started.
Step 7 Run:
peer { group-name | ipv4-address } bfd enable [ single-hop-prefer ]
BFD is enabled for the peer or peer group, and a BFD session is established using default
parameters.
After BFD is enabled for a peer group, BFD sessions will be created on the peers that belong to
this peer group and are not configured with the peer bfd block command.
A peer is prevented from inheriting the BFD function of the peer group to which it belongs.
If a peer joins a peer group enabled with BFD, the peer inherits the BFD configuration of the
group and creates a BFD session. To prevent the peer from inheriting the BFD function of the
peer group, perform this step.
NOTE
The peer bfd block command and the peer bfd enable command are mutually exclusive. After the peer
bfd block command is run, the BFD session is automatically deleted.
----End
l Run the display bgp bfd session { [ vpnv4 vpn-instance vpn-instance-name ] peer ipv4-
address | all } command to check information about the BFD session between BGP peers.
Applicable Environment
As networks evolve continuously, voice, on-line video, and financial services raise increasingly
high requirements for real-time performance. Usually, primary and backup links are deployed
on a network to ensure the stability of these services.
In a traditional forwarding mode, the router selects an optimal route out of several routes destined
for the same network and delivers the optimal route to the FIB table for data forwarding. If the
optimal route fails, the router can reselect an optimal route only after routes are converged.
During this period, services are interrupted. After the router delivers the reselected optimal route
to the FIB table, services are restored. Service interruption in this mode lasts a long time, which
cannot meet service requirements.
After BGP Auto FRR is enabled on the router, the router selects an optimal route from the routes
destined for the same network. In addition, the router automatically adds information about the
second optimal route to the backup forwarding entries of the optimal route and delivers the
backup forwarding entries to the FIB table. If the primary link fails, the router switches traffic
to the backup link immediately. The switchover completes within sub-seconds because it does
not depend on route convergence.
Pre-configuration Tasks
Before configuring BGP Auto FRR, configure basic BGP Functions.
Data Preparation
To configure BGP Auto FRR, you need the following data.
No. Data
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv4-family unicast
Step 4 Run:
auto-frr
NOTE
On a network with both primary and backup links, the router may also use IP FRR for link protection. BGP
Auto FRR takes effect on a BGP route only when the route fails to match the routing policy specified in
the ip frr command run in the system view because IP FRR takes precedence over BGP Auto FRR.
In a BGP Auto FRR scenario, if the device on which FRR is configured completes refreshing
forwarding entries before the intermediate device on the primary path does after the primary
path recovers, traffic may be lost after it switches back to the primary path. The severity of packet
loss is proportional to the number of routes stored on the intermediate device. To solve this
problem, perform any of the following operations to prevent path-switchover-triggered packet
loss:
l In the BGP view of the intermediate device on the primary path, run:
out-delay delay-value
A delay for sending Update packets to all BGP peers is configured. An appropriate delay
ensures that traffic switches back to the primary path after the intermediate device on the
primary path completes refreshing forwarding entries.
The delay-value value is an integer ranging from 0 to 3600, in seconds. The default delay-
value value is 0, indicating that the intermediate device on the primary path sends Update
packets without a delay. The delay-value value is inversely proportional to the route
convergence performance of the device on which FRR is configured.
l In the BGP view or BGP-IPv4 unicast address family view of the intermediate device on the
primary path, run:
peer { group-name | ipv4-address } out-delay delay-value
A delay for sending Update packets is configured. An appropriate delay ensures that traffic
switches back to the primary path after the intermediate device on the primary path completes
refreshing forwarding entries.
The delay-value value is an integer ranging from 0 to 3600, in seconds. The default delay-
value value is 0, indicating that the intermediate device on the primary path sends Update
packets without a delay. The delay-value value is inversely proportional to the route
convergence performance of the device on which FRR is configured.
l In the BGP view or BGP-IPv4 unicast address family view of the device on which FRR is
configured, run:
route-select delay delay-value
A delay for selecting a route to the intermediate device on the primary path is configured.
An appropriate delay ensures that traffic switches back to the primary path after the
intermediate device completes refreshing forwarding entries.
The delay-value value is an integer ranging from 0 to 3600, in seconds. The default delay-
value value is 0, indicating that the device on which FRR is configured selects a route to the
intermediate device on the primary path without a delay.
----End
# Run the display ip routing-table ip-address mask-length verbose command. The command
output shows that there are two next hops destined for 4.4.4.4/32 and that 10.2.1.2 is the backup
next hop.
<HUAWEI> display ip routing-table 4.4.4.4 32 verbose
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : Public
Summary Count : 1
Destination: 4.4.4.4/32
Protocol: EBGP Process ID: 0
Preference: 255 Cost: 80
NextHop: 10.1.1.2 Neighbour: 10.1.1.2
State: Active Adv Age: 00h05m41s
Tag: 0 Priority: low
Label: NULL QoSInfo: 0x0
IndirectID: 0x2
RelayNextHop: 0.0.0.0 Interface: Pos1/0/0
TunnelID: 0x0 Flags: D
BkNextHop: 10.2.1.2 BkInterface: Pos1/0/1
BkLabel: NULL SecTunnelID: 0x0
BkPETunnelID: 0x0 BkPESecTunnelID: 0x0
BkIndirectID: 0x1
Applicable Environment
BGP restart causes peer relationship reestablishment and traffic interruption. After GR is
enabled, traffic interruption can be prevented in the event of BGP restart.
Pre-configuration Tasks
Before configuring BGP GR, complete the following task:
Data Preparation
To configure BGP GR, you need the following data.
No. Data
1 BGP AS number
Context
A GR-capable device can establish GR sessions with a GR-capable neighbor. By controlling the
session negotiation mechanism of BGP, the GR restarter and the GR helper can understand each
other's GR capability. When detecting the restart of the GR restarter, the GR helper does not
delete the routing and forwarding entries related to the GR restarter, but waits to re-establish a
BGP connection with the GR restarter. After establishing a new BGP connection, the GR
restarter and the GR helper update BGP routes.
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
graceful-restart
BGP GR is enabled.
Currently, BGP does not support dynamic capability negotiation. Therefore, each time a new
BGP capability is enabled on a router, the BGP speaker tears down existing sessions with its
peer and renegotiates BGP capabilities. This process will interrupt ongoing services. To prevent
the service interruptions, run the graceful-restart peer-reset command to enable the router to
reset a BGP session in GR mode. Then, the router will not delete routing entries for existing
sessions when a new BGP capability is enabled.
----End
Context
GR time is the period of time during which the GR helper retains the forwarding information
after having found the GR restarter Down. If the GR helper finds that the GR restarter goes
Down, the GR helper keeps the topology information or routes learned from the GR restarter
till the GR time expires.
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
graceful-restart timer restart time
The maximum period of time used for reestablishing a BGP session is set.
The restart period of the router is the maximum waiting period from the time when the GR helper
discovers that the GR restarter restarts to the time when the BGP session is reestablished. By
default, the restart period is 150 seconds.
NOTE
Step 4 Run:
graceful-restart timer wait-for-rib time
The length of time the GR restarter and GR helper wait for End-of-RIB messages is set.
By default, the time for waiting for End-Of-RIB messages is 600s.
NOTE
You can adjust BGP GR session parameter values as needed, but default values are recommended.
----End
Prerequisites
The BGP GR configurations have been configured.
Procedure
l Run the display bgp peer verbose command to check the BGP GR status.
----End
Example
# Run the display bgp peer ipv4-address verbose command to view the BGP GR status. For
example:
<HUAWEI> display bgp peer 10.1.3.2 verbose
BGP Peer is 10.1.3.2, remote AS 65009
Type: IBGP link
BGP version 4, Remote router ID 3.3.3.3
Update-group ID: 1
BGP current state: Established, Up for 00h00m44s
BGP current event: RecvUpdate
BGP last state: OpenConfirm
BGP Peer Up count: 2
Received total routes: 0
Received active routes total: 0
Advertised total routes: 1
Port: Local - 179 Remote - 52510
Configured: Active Hold Time: 180 sec Keepalive Time:60 sec
Received : Active Hold Time: 180 sec
Negotiated: Active Hold Time: 180 sec Keepalive Time:60 sec
Peer optional capabilities:
Peer supports bgp multi-protocol extension
Peer supports bgp route refresh capability
Peer supports bgp 4-byte-as capability
Graceful Restart Capability: advertised and received
Restart Timer Value received from Peer: 150 seconds
Address families preserved for peer in GR:
IPv4 Unicast (was preserved)
Address family IPv4 Unicast: advertised and received
Received: Total 3 messages
Update messages 1
Open messages 1
KeepAlive messages 1
Notification messages 0
Refresh messages 0
Sent: Total 5 messages
Update messages 2
Open messages 2
KeepAlive messages 1
Notification messages 0
Refresh messages 0
Authentication type configured: None
Last keepalive received: 2012-03-06 19:17:37 UTC-8:00
Last keepalive sent : 2012-03-06 19:17:37 UTC-8:00
Last update received: 2012-03-06 19:17:43 UTC-8:00
Last update sent : 2012-03-06 19:17:37 UTC-8:00
Minimum route advertisement interval is 15 seconds
Optional capabilities:
Route refresh capability has been enabled
4-byte-as capability has been enabled
Peer Preferred Value: 0
Routing policy configured:
No routing policy is configured
Applicable Environment
Message digest 5 (MD5) authentication, keychain authentication, or Generalized TTL Security
Mechanism (GTSM) can be configured on a BGP network to enhance BGP security.
NOTE
By default, authentication is not configured for BGP. Configuring authentication is recommended to ensure
system security.
l MD5 authentication
BGP uses TCP as the transport protocol and considers a packet valid as long as the source
address, destination address, source port, destination port, and TCP sequence number of
the packet are correct. Most parameters in a packet can be easily obtained by attackers. To
protect BGP against attacks, MD5 authentication can be used during TCP connection
establishment between BGP peers to reduce the possibility of attacks.
To prevent the MD5 password set on a BGP peer from being decrypted, you need to update
the MD5 password periodically.
l Keychain authentication
A keychain consists of multiple authentication keys, each of which contains an ID and a
password. Each key has a lifecycle. Based on the life cycle of a key, you can dynamically
select different authentication keys from the keychain. After keychains with the same rules
are configured on the two ends of a BGP connection, the keychains can dynamically select
authentication keys to enhance BGP attack defense.
l BGP GTSM
The Generalized TTL Security Mechanism (GTSM) is used to prevent attacks by using the
TTL detection. If an attack simulates BGP packets and sends a large number of packets to
a router, an interface through which the router receives the packets directly sends the
packets to BGP of the control layer, without checking the validity of the packets. In this
manner, routers on the control layer process the packets as valid packets. As a result, the
system becomes busy, and Central Processing Unit (CPU) usage is high.
In this case, you can configure GTSM to solve the preceding problem. After GTSM is
configured on a router, the router checks whether the TTL value in the IP header of a packet
is in the pre-defined range after receiving the packet. If yes, the router forwards the packet;
if not, the router discards the packet. This enhances the security of the system.
NOTE
Pre-configuration Tasks
Before configuring BGP security, complete the following task:
l Configuring Basic BGP Functions
Data Preparation
To configure BGP security, you need the following data.
No. Data
Procedure
Step 1 Run:
system-view
NOTE
When configuring an authentication password, select the ciphertext mode because the password is saved
in configuration files in plaintext if you select simple mode, which has a high risk. To ensure device security,
change the password periodically.
The peer password command run in the BGP view is also applicable to the BGP-VPNv4 address family
view, because both BGP and BGP-VPNv4 use the same TCP connection.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
peer { ipv4-address | group-name } keychain keychain-name
Keychain authentication needs to be configured on two devices that establish a BGP peer
relationship. The encryption algorithms and passwords for keychain authentication on both peers
must be the same. This allows the peers to establish a TCP connection to exchange BGP packets.
Before configuring BGP keychain authentication, ensure that the keychain specified by
keychain-name has been configured. Otherwise, no TCP connection can be set up between two
BGP peers.
NOTE
l The peer keychain command run in the BGP view is also applicable to the BGP-VPNv4 address family
view, because both BGP and BGP-VPNv4 use the same TCP connection.
l BGP MD5 authentication and BGP keychain authentication are mutually exclusive.
----End
Procedure
l Adjust GTSM.
Perform the following steps on two devices that establish a BGP peer relationship:
1. Run:
system-view
The valid TTL range of a checked packet is [255 - hops + 1, 255]. For example, the
hops value is 1 for an EBGP direct route. This means that the valid TTL of the EBGP
direct routes is 255. By default, the hops value is 255. This means that the valid TTL
range is [ 1, 255 ].
NOTE
l The configuration in the BGP view is also valid for the VPNv4 extension of MP-BGP. This
is because they use the same TCP connection.
l GSTM is exclusive with EBGP-MAX-HOP; therefore, you can enable only one of them
on the same peer or the peer group.
An interface board of a BGP device enabled with GTSM checks the TTL values in all
received BGP packets. In actual networking, packets with the TTL values out of a
specified range are either allowed to pass or discarded by GTSM. When the default
action of GTSM is drop, an appropriate TTL value range needs to be set based on the
network topology. Packets with the TTL values out of the range will be discarded.
This prevents bogus BGP packets from consuming CPU resources.
l Set the GTSM default action.
1. Run:
system-view
The default action to be taken on the packets that do not match a GTSM policy is
Drop.
By default, the action to be taken on the packets that do not match the GTSM policy
is pass
NOTE
If the default action is configured but no GTSM policy is configured, GTSM does not take
effect.
----End
Prerequisites
The BGP security configurations have been configured.
Procedure
l Run the display bgp peer [ ipv4-address ] verbose command to check detailed information
about MD5 and keychain authentication on BGP peers.
l Run the display bgp peer verbose command to check whether the GTSM function is
enabled on BGP peers and check the configured maximum valid TTL value.
l Run the display gtsm statistics { slot-id | all } command to check GTSM statistics on a
specified board or all boards, including the total number of packets, the number of passed
packets, and the number of dropped packets.
----End
Example
# Run the display bgp peer ipv4-address verbose command to view detailed information about
MD5 authentication on BGP peers. For example:
<HUAWEI> display bgp peer 10.1.1.2 verbose
KeepAlive messages 3
Notification messages 0
Refresh messages 0
Sent: Total 4 messages
Update messages 1
Open messages 1
KeepAlive messages 3
Notification messages 0
Refresh messages 0
Authentication type configured: MD5
Last keepalive received: 2012-03-06 19:17:37 UTC-8:00
Last keepalive sent : 2012-03-06 19:17:37 UTC-8:00
Last update received: 2012-03-06 19:17:43 UTC-8:00
Last update sent : 2012-03-06 19:17:37 UTC-8:00
Minimum route advertisement interval is 30 seconds
Optional capabilities:
Route refresh capability has been enabled
4-byte-as capability has been enabled
Peer Preferred Value: 0
Routing policy configured:
No routing policy is configured
# Run the display bgp peer ipv4-address verbose command to view detailed information about
keychain authentication on BGP peers. For example:
<HUAWEI> display bgp peer 10.1.1.2 verbose
BGP Peer is 10.1.1.1, remote AS 65009
Type: EBGP link
BGP version 4, Remote router ID 2.2.2.2
Update-group ID: 1
BGP current state: Idle
BGP current event: Stop
BGP last state: Active
BGP Peer Up count: 4
Received: Total 0 messages
Update messages 1
Open messages 1
KeepAlive messages 1
Notification messages 0
Refresh messages 0
Sent: Total 0 messages
Update messages 1
Open messages 1
KeepAlive messages 1
Notification messages 0
Refresh messages 0
Authentication type configured: Keychain(key)
Last keepalive received: 2012-03-06 19:17:37 UTC-8:00
Last keepalive sent : 2012-03-06 19:17:37 UTC-8:00
Last update received: 2012-03-06 19:17:43 UTC-8:00
Last update sent : 2012-03-06 19:17:37 UTC-8:00
Minimum route advertisement interval is 30 seconds
Optional capabilities:
Route refresh capability has been enabled
4-byte-as capability has been enabled
Peer Preferred Value: 0
Routing policy configured:
No routing policy is configured
# Run the display bgp peer ipv4-address verbose command to view whether the GTSM function
is enabled on BGP peers and view the configured maximum number of valid hops. For example:
<HUAWEI> display bgp peer 10.1.1.2 verbose
Update-group ID: 2
BGP current state: Established, Up for 00h02m00s
BGP current event: KATimerExpired
BGP last state: OpenConfirm
BGP Peer Up count: 4
Received total routes: 1
Received active routes total: 1
Advertised total routes: 0
Port: Local - 50505 Remote - 179
Configured: Active Hold Time: 180 sec Keepalive Time:60 sec
Received : Active Hold Time: 180 sec
Negotiated: Active Hold Time: 180 sec Keepalive Time:60 sec
Peer optional capabilities:
Peer supports bgp multi-protocol extension
Peer supports bgp route refresh capability
Peer supports bgp 4-byte-as capability
Address family IPv4 Unicast: advertised and received
Received: Total 5 messages
Update messages 1
Open messages 1
KeepAlive messages 3
Notification messages 0
Refresh messages 0
Sent: Total 4 messages
Update messages 1
Open messages 1
KeepAlive messages 3
Notification messages 0
Refresh messages 0
Authentication type configured: None
Last keepalive received: 2012-03-06 19:17:37 UTC-8:00
Last keepalive sent : 2012-03-06 19:17:37 UTC-8:00
Last update received: 2012-03-06 19:17:43 UTC-8:00
Last update sent : 2012-03-06 19:17:37 UTC-8:00
Minimum route advertisement interval is 30 seconds
Optional capabilities:
Route refresh capability has been enabled
4-byte-as capability has been enabled
GTSM has been enabled, valid-ttl-hops: 210
Peer Preferred Value: 0
Routing policy configured:
No routing policy is configured
# Run the display gtsm statistics all command to view GTSM statistics on all boards, including
the total number of packets, the number of passed packets, and the number of dropped packets.
For example:
<HUAWEI> display gtsm statistics all
GTSM Statistics Table
----------------------------------------------------------------
SlotId Protocol Total Counters Drop Counters Pass Counters
----------------------------------------------------------------
0 BGP 0 0 0
0 BGPv6 0 0 0
0 OSPF 0 0 0
0 LDP 0 0 0
0 OSPFv3 0 0 0
0 RIP 0 0 0
1 BGP 0 0 0
1 BGPv6 0 0 0
1 OSPF 0 0 0
1 LDP 0 0 0
1 OSPFv3 0 0 0
1 RIP 0 0 0
----------------------------------------------------------------
Applicable Environment
By default, peers in the BGP-IPv4 unicast address family are automatically enabled. After you
configure the peer as-number command in the BGP view, the peer enable command is
automatically configured in the BGP-IPv4 unicast address family view. Peers in other address
family views must be manually enabled.
When you do not need to use BGP to transmit public IPv4 unicast routes, disable the BGP-IPv4
unicast address family. For example, in an IP RAN scenario, BGP is used only to transmit VPNv4
routes rather than public IPv4 unicast routes between superstratum Provider Edges (SPEs) and
underlayer Provider Edges (UPEs). To reduce the consumption of system resources, you can
disable the BGP-IPv4 unicast address family. In addition, one SPE is connected to multiple UPEs
in most cases, and it is complex to disable the BGP-IPv4 unicast address family on all UPEs one
by one. To address this problem, disable the BGP-IPv4 unicast address family in the BGP view.
Pre-configuration Task
Before you disable the BGP-IPv4 unicast address family, configure link-layer protocol
parameters and IP addresses for interfaces to ensure that the link layer protocol of each interface
is Up.
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
undo default ipv4-unicast
NOTE
----End
AS_Path Components
An AS_Path consists of one or more AS_Path components. The components are expressed using
binary numbers, parentheses "( )", brackets "[ ]", braces "{ }", and spaces. The AS_Path
components are as follows:
l AS_Sequence: records in reverse order all the numbers of the ASs through which a route
passes from the local device to the destination.
l AS_Set: records without an order all the numbers of the ASs through which a route passes
from the local device to the destination. In most cases, AS_Set is used after route
summarization because BGP speakers do not know the actual sequence of ASs through
which the specific routes pass. During route selection, a router considers that AS_Set carries
only one AS number regardless of the actual number of ASs.
l AS_Confed_Sequence: records in reverse order all the numbers of the sub-ASs within a
BGP confederation through which a route passes from the local device to the destination.
l AS_Confed_Set: records without an order all the numbers of the sub-ASs within a BGP
confederation through which a route passes from the local device to the destination.
Figure 8-7 shows the complete format of an AS_Path in a BGP routing table.
AS_Confed_Sequence AS_Set
AS_Confed_Set AS_Sequence
+ Matches AS_Paths with 1 or 65+ matches AS_Paths that begin with 6 and include
more sequences of the one 5 or consecutive 5s.
character before the plus "+". l AS_Path examples that 65+ matches: 65, 655,
6559, 65259, and 65529
l AS_Path examples that 65+ does not match: 56,
556, 5669, 55269, 56259, and 56259
[xyz] Matches AS_Paths with any [896] matches AS_Paths with 8, 9, or 6, such as 6,
character in the brackets "[ ]". 8, 9, 18, 89, 96, 109, 9986, 65001, 1.6, and 8.9.
[^xyz] Matches AS_Paths with any [^896] matches AS_Paths with any character except
character except those in the 8, 9, and 6.
brackets "[ ]". l AS_Path examples that [^896] matches: 3, 18,
109, 9867, 65001, 1.6, and 8.9.
l AS_Path examples that [^896] does not match:
6, 8, 9, 89, 96, 698, 986, 9986, and 66899.
[a-z] Matches AS_Paths with any [2-4] matches 2, 3, and 4, and [0-9] matches numbers
character within the range from 0 to 9.
specified in the brackets "[ ]". NOTE
The characters in the brackets "[ ]" can only be numbers
from 0 to 9. To match AS_Paths within the range from 735
to 907, use (73[5-9]|7[4-9][0-9]|8[0-9][0-9]|90[0-7]).
Multiple rules (permit or deny) can be specified in a filter. The relationship between theses rules
is "OR", which means that if a route meets one of the matching rules, the route matches the
AS_Path filter. The following part demonstrates the functions of AS_Path filters in different
scenarios.
AS 65011
Router C
1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
2.2.2.8/32
Before an AS_Path filter is configured on Router A, the BGP routing table on Router A is as
follows:
[RouterA] display bgp routing-table
Case 1: Configure an AS_Path filter named s1 and allow Router A to accept only routes that
originate in AS 300.
[RouterA] ip as-path-filter s1 permit _300
[RouterA] display bgp routing-table as-path-filter s1
300i
* 10.1.2.2 0 65011 65101
300i
The preceding command output shows that the BGP routing table contains only routes that
originate in AS 300.
Case 2: Configure an AS_Path filter named s2 and allow Router A to accept all routes except
those that originate in AS 300.
[RouterA] ip as-path-filter s2 deny _300
[RouterA] ip as-path-filter s2 permit .*
[RouterA] display bgp routing-table as-path-filter s2
The preceding command output shows that the BGP routing table contains all routes except
those that originate in AS 300.
Case 3: Configure an AS_Path filter named s3 and allow Router A to discard routes that pass
through AS 65101.
[RouterA] ip as-path-filter s3 deny _65101_
[RouterA] ip as-path-filter s3 permit .*
[RouterA] display bgp routing-table as-path-filter s3
The preceding command output shows that the BGP routing table contains all routes except
those that pass through AS 65101.
Case 4: Configure an AS_Path filter named s4 and allow Router A to discard routes that pass
through intermediate AS 65101.
[RouterA] ip as-path-filter s4 deny ._65101_.
[RouterA] ip as-path-filter s4 permit .*
[RouterA] display bgp routing-table as-path-filter s4
The preceding command output shows that the BGP routing table contains all routes except
those that pass through intermediate AS 65101.
Case 5: Configure an AS_Path filter named s5 and allow Router A to accept only locally
generated routes.
[RouterA] ip as-path-filter s5 permit ^$
[RouterA] display bgp routing-table as-path-filter s5
The preceding command output shows that the BGP routing table contains only locally generated
routes.
Case 6: Configure an AS_Path filter named s6 and allow Router A to accept routes that originate
in AS 300 and pass through AS 65001.
[RouterA] ip as-path-filter s6 permit _65001 .+ 300$
[RouterA] display bgp routing-table as-path-filter s6
The preceding command output shows that the BGP routing table contains only one route that
originates in AS 300 and passes through AS 65001.
Case 7: Configure an AS_Path filter named s7 and allow Router A to discard routes that pass
through AS 65011.
[RouterA] ip as-path-filter s7 deny 65011
[RouterA] ip as-path-filter s7 permit .*
[RouterA] display bgp routing-table as-path-filter s7
The preceding command output shows that the BGP routing table contains all routes except
those that pass through AS 65011.
Case 8: Configure an AS_Path filter named s8 and allow Router A to accept only the routes
carrying an AS_Sequence with 65011 and an AS_Set with 65101.
[RouterA] ip as-path-filter s8 permit .*65011.*\{.*65101.*\}
[RouterA] display bgp routing-table as-path-filter s8
The preceding command output shows that the BGP routing table contains only one route
destined for 2.2.2.0/27 with 10.1.2.2 as the next hop.
Case 9: Configure an AS_Path filter named s9 and allow Router A to accept only the routes
carrying an AS_Sequence with 65011 and an AS_Set with 65101 and the routes carrying an
AS_Sequence with 300.
[RouterA] ip as-path-filter s9 permit .*65011.*\{.*65101.*\}
[RouterA] ip as-path-filter s9 permit 300
[RouterA] display bgp routing-table as-path-filter s9
The preceding command output shows that the BGP routing table contains only the routes
carrying an AS_Sequence with 65011 and an AS_Set with 65101 and the routes carrying an
AS_Sequence with 300. In this case, the ip as-path-filter s9 permit .*65011.*\{.*65101.*\} and
ip as-path-filters9 permit 300 commands can be replaced with the ip as-path-filter s9
permit .*65011.*\{.*65101.*\}|300 command.
[RouterA] ip as-path-filter s9 permit .*65011.*\{.*65101.*\}|300
[RouterA] display bgp routing-table as-path-filter s9
AS 200 2.2.2.7/32
AS 65011
Router C
1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
2.2.2.8/32
Before an AS_Path filter is configured on Router A, the BGP routing table on Router A is as
follows:
[RouterA] display bgp routing-table
Case 10: Configure an AS_Path filter named s10 and allow Router A to discard routes advertised
by peers in AS 65011.
[RouterA] ip as-path-filter s10 deny \(65011_
[RouterA] ip as-path-filter s10 permit .*
[RouterA] display bgp routing-table as-path-filter s10
The preceding command output shows that the BGP routing table contains all routes except
those advertised by peers in AS 65011.
Case 11: Configure an AS_Path filter named s11 and allow Router A to discard routes that
originate in AS 65101.
[RouterA] ip as-path-filter s11 deny _65101\)
[RouterA] ip as-path-filter s11 permit .*
[RouterA] display bgp routing-table as-path-filter s11
The preceding command output shows that the BGP routing table contains all routes except
those that originate in AS 65101.
Case 12: Configure an AS_Path filter named s12 and allow Router B to accept only routes
carrying an AS_Confed_Set with 65101.
[RouterB] ip as-path-filter s12 permit \[.*65101.*\]
[RouterB] display bgp routing-table as-path-filter s12
The preceding command output shows that the BGP routing table contains only the route
carrying an AS_Confed_Set with 65101.
Case 13: Configure an AS_Path filter named s13 and allow Router B to accept only routes
carrying an AS_Confed_Set in which 65011 is the rightmost AS number.
[RouterB] ip as-path-filter s13 permit _65011\]
[RouterB] display bgp routing-table as-path-filter s13
The preceding command output shows that the BGP routing table contains no routes. Although
the route to 2.2.2.0/27 carries an AS_Confed_Set with 65011, 65011 is not the rightmost AS
number. As a result, this route is also discarded.
Context
If an error occurs on a BGP peer connection, BGP generates an error code and subcode. If the
error occurs on the local device, the local device changes its local state machine to disconnect
its BGP peer and sends a BGP Notification message to its BGP peer. After the BGP peer receives
the Notification message, the BGP peer records the error code and subcode carried in the message
and changes its state machine.
By default, BGP records peer status changes and event information in the system log files. The
record includes: BGP error codes and subcodes, BGP state machine changes, and whether BGP
Notification messages are sent. The system log files serve as a reference to locate network
connectivity faults.
If you do not want BGP to record peer status changes or event information, run the undo peer
log-change command. After you run the undo peer log-change command, BGP records only
the last peer status change in the log file. You can run the display bgp peer loginfo command
to view this log.
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp as-number
Step 3 Run:
ipv4-family unicast
Step 4 Run:
peer { ipv4-address | group-name } log-change
----End
Context
NOTICE
The BGP peer relationship is interrupted after you reset BGP connections with the reset bgp
command. Exercise cautions when running this command.
To reset a BGP session in GR mode, run the reset bgp command with the graceful parameter
specified and run the graceful-restart peer-reset command. If the graceful parameter is not
specified in the reset bgp command or if the graceful-restart peer-reset command is not run,
the GR reset mode does not take effect, so that routing entries will be deleted for existing sessions,
interrupting services. The services will be restored after the BGP peer relationship is
reestablished.
When the BGP routing policy on the router that does not support Route-refresh changes, you
need to reset BGP connections to validate the configuration. To reset BGP connections, run the
following reset commands in the user view.
Procedure
l To validate the new configurations, run the reset bgp all [ graceful ] command in the user
view to reset all BGP connections.
l To validate the new configurations, run the reset bgp { as-number-plain | as-number-
dot } [ graceful ] command in the user view to reset the BGP connection between the
specified AS.
l To validate the new configurations, run the reset bgp ipv4-address [ graceful ] command
in the user view to reset the BGP connection between a specified peer.
l To validate the new configurations, run the reset bgp external [ graceful ] command in
the user view to reset all the EBGP connections.
l To validate the new configurations, run the reset bgp group group-name [ graceful ]
command in the user view to reset the BGP connection with the specified peer-groups.
l To validate the new configurations, run the reset bgp internal [ graceful ] command in
the user view to reset all IBGP connections.
----End
Context
NOTICE
BGP statistics cannot be restored after being cleared. Exercise caution when running this
command.
Procedure
l Run the reset bgp flap-info [ regexp as-path-regexp | as-path-filter | ipv4-address
[ mask | mask-length ] ] command in the user view to clear the statistics of flapped routes.
l Run the reset bgp dampening [ ipv4-address [ mask | mask-length ] ] command in the user
view to clear the dampened routes and advertise the suppressed routes.
l Run the reset bgp ipv4-address flap-info command in the user view to clear the statistics
of route flapping.
l Run the reset ip bgp-accounting inbound interface [ interface-type interface-number ]
command in the user view to clear the statistics of BGP accounting.
----End
Figure 8-10 shows the route processing on the BGP router. BGP routes can be imported from
other protocols or learned from BGP peers. Route summarization can be configured to reduce
the routing table size before routes are selected, advertised, and delivered to the IP routing table.
1 2
Direct Routing 3 4 5 2
Static policy
IGP BGP
Route Route Export
routing BGP
summarization selection policy
table peers
2
BGP 入口
Import
peers 策略
policy
6
Routes learned from BGP peers
IP routing
table
No. Remarks
1 BGP can import direct routes, static routes, user network routes, and IGP routes based
on the import-route (BGP) or network command configuration.
No. Remarks
2 BGP can use routing polices when importing routes from other protocols, receiving
routes from BGP peers, or advertising routes to BGP peers. Routing polices can be
used to filter routes or modify route attributes.
3 BGP supports automatic and manual summarization. Multiple routing policies can be
used during manual summarization.
4 BGP selects routes based on strict route selection rules, which is the key point to be
discussed in the following part.
5 BGP adds the optimal route to the BGP routing table and advertises it to BGP peers.
6 BGP adds the routes learned from peers and the optimal route in the BGP routing table
to the IP routing table for traffic forwarding.
Yes
Are router IDs The route with the smallest router ID
the same? No is preferred.
Yes
Are peer addresses The route with the smallest peer The optimal
the same? No address is preferred. route is selected.
BGP selects routes by comparing route attributes in a fixed order. When a route attribute is a
sufficient condition for determining the optimal route, BGP does not compare the other
attributes; If BGP fails to select the optimal route after comparing all route attributes, the route
that was first received is selected as the optimal route.Table 8-10 lists the abbreviated alias,
route selection rules, and remarks of each matching item. Table 8-10 shows that the route priority
is directly proportional to the PreVal or Local_Pref value and inversely proportional to the rest
of the attribute values or lengths. In addition, the first column can be summarized as a character
string (PPAAA OMTCC RA), which helps memorize the matching sequence.
P PrefVal The route with the largest PrefVal is Huawei-specific and valid
PreVal value is preferred. only on the device where it is
The default value is 0. configured.
P Local_Pref The route with the largest To modify the default Local_Pref
Local_Pref value is value of BGP routes, run the default
preferred. local-preference command.
The default value is 100.
R Router ID The route with the If routes carry the Originator_ID, the
smallest router ID is originator ID is substituted for the
preferred. router ID during route selection. The
route with the smallest Originator_ID
is preferred.
l All the routes are EBGP or IBGP routes. After the maximum load-balancing eibgp
command is run, BGP ignores this limitation when selecting the optimal VPN route.
l The costs of the IGP routes to which the BGP routes are iterated within an AS are the same.
After the maximum load-balancing eibgp command is run, BGP ignores this limitation
when selecting the optimal VPN route.
In addition, BGP labeled routes and non-labeled routes cannot load-balance traffic even if they
meet the preceding conditions.
The following example describes how to check BGP route attributes in the display bgp routing-
table command output.
<HUAWEI> display bgp routing-table
Item Description
BGP Local
router ID is
1.1.1.2 Router ID: 1.1.1.2, in the same format as an IPv4 address
Item Description
MED MED value of a BGP route, similar to the cost of IGP routes
LocPrf Local_Pref
Item Description
PrefVal PrefVal
Information about Next_Hop, MED, Local_Pref, PrefVal, AS_Path, and Origin can be displayed
using the display bgp routing-table command. To check information about the route type,
AIGP, peer type, IGP cost, Cluster_List, router ID, and peer IP address, run the display bgp
routing-table network command.
<HUAWEI> display bgp routing-table 10.1.1.1
Item Description
BGP local router Router ID of the local device, in the same format as an IPv4 address.
ID
From IP address of the device that advertised the route. In this example,
10.1.3.1 is the IP address of the interface used by the peer to establish
the BGP peer relationship (peer IP address), and 192.168.2.3 is the
router ID of the peer.
Relay IP Nexthop IP address of the route to which the BGP route is iterated.
Relay IP Out- Outbound interface of the route to which the BGP route is iterated.
Interface
Item Description
MED MED value of a BGP route, similar to the cost of IGP routes.
localpref Local_Pref
pref-val PrefVal
AIGP AIGP
Not advertised to The route has not advertised to any peer yet.
any peer yet
The route 10.0.0.0/8 was manually summarized using the aggregate command. Therefore,
Aggregated route is displayed in the command output. The route type varies as follows:
l If the route is automatically summarized using the summary automatic command,
Summary automatic route will be displayed.
l If the route is imported using the network command, Network route will be displayed.
l If the route is imported using the import-route command, Imported route will be
displayed.
In the following example, an RR and a cluster are configured. Therefore, the Cluster_List
attribute is displayed in the display bgp routing-table network [ { mask | mask-length } [ longer-
prefixes ] ] command output.
<HUAWEI> display bgp routing-table 10.2.1.0
Next_Hop
BGP ignores routes with an unreachable next hop address during BGP route selection.
Unlike the Next_Hop attribute in an IGP, the Next_Hop attribute in BGP is not necessarily the
IP address of a neighboring device. In most cases, the Next_Hop attribute in BGP complies with
the following rules:
l When advertising a route to an EBGP peer, a BGP speaker sets the Next_Hop of the route
to the address of the local interface through which the BGP peer relationship is established.
l When advertising a locally generated route to an IBGP peer, a BGP speaker sets the
Next_Hop of the route to the address of the local interface through which the BGP peer
relationship is established.
l When advertising a route learned from an EBGP peer to an IBGP peer, the BGP speaker
does not modify the Next_Hop of the route.
Unreachable next hop tunnel Routes fail to be iterated to Configure a tunnel policy or
tunnels. a tunnel selector to ensure
that the routes can be iterated
to tunnels.
The following example shows how to obtain a reachable next hop IP address. In Figure 8-12,
an IBGP peer relationship is established between Router A and Router B, and an EBGP peer
relationship is established between Router B and Router C. Router A imports the route 1.1.1.9/32,
and Router C imports the route 3.3.3.9/32.
1.1.1.9/32 3.3.3.9/32
10.1.1.1/30 10.1.2.1/30
10.1.1.2/30 10.1.2.2/30
Router A Router B Router C
AS 300 AS 65001
The preceding command output shows that no asterisk (*) is in front of the route 3.3.3.9/32,
which indicates that the route is invalid.
The preceding command output shows that the next hop IP address (10.1.2.1) of the route
3.3.3.9/32 is not in the IP routing table, which indicates that the route is not selected due to the
unreachable next hop IP address. The following solutions can address this issue:
l Configure a static route destined for 10.1.2.1/30 on Router A.
l Configure an IGP on Router B and Router C and configure BGP to import the route 10.1.2.1
on Router B. This solution is not applicable to this specific scenario because Router B and
Router C are located in different ASs.
l Run the import-route direct command on Router B. This solution is not optimal because
unnecessary routes may be imported.
l Run the network 10.1.2.0 30 command on Router B to advertise the route 10.1.2.0/30 to
Router A.
l Run the peer 10.1.1.1 next-hop-local command on Router B to configure Router B to
modify the Next_Hop of the route 3.3.3.9/32 before advertising the route to Router A.
In this example, the network 10.1.2.0 30 command is configured on Router B. After the
command is configured, check the BGP routing table of Router A.
[RouterA] display bgp routing-table
The preceding command output shows that both * and > are in front of the route 3.3.3.9/32,
which indicates that the route is valid and optimal.
PrefVal
BGP prefers the route with the largest PreVal value during BGP route selection.
PrefVal is Huawei-specific and valid only on the device where it is configured. The PreVal
attribute is set by customers. Therefore, BGP first compares the PreVal values during route
selection.
To configure a PreVal value for the routes learned from a peer or peer group, run the peer
{ group-name | ipv4-address } preferred-value value command.
If multiple routes are available to the same destination, the route with the largest PreVal value
is selected as the optimal route. By default, the PreVal of the routes learned from BGP peers is
0.
Run the peer { group-name | ipv4-address } This method sets a PreVal value for the routes
preferred-value value command. learned from a peer or peer group.
Configure an import policy and run the apply This method sets different PreVal values for
preferred-value preferred-value command different routes learned from a peer or peer
to configure an apply clause for the policy. group.
NOTE
If both the methods are used, the method with the
import policy takes effect if routes match the
conditions specified in the peer preferred-value
command and the import policy.
The following example shows how the PreVal value is used during route selection. In Figure
8-13, both ISP1 and ISP2 advertise the routes 10.11.0.0/16 and 10.22.0.0/16 to AS 65001.
Internet
10.11.0.0/16
10.22.0.0/16
AS 100
10.1.1.1/30 10.1.4.1/30
ISP2
ISP1 EBGP IBGP AS 200
10.1.1.2/30 10.1.4.2/30
AS 300
10.1.2.2/30 10.1.3.2/30
EBGP EBGP
10.1.2.1/30 10.1.3.1/30
RouterA
Client Network
AS 65001
Scenario 1: When no PreVal value is configured on Router A, check the BGP routing table of
Router A.
[RouterA] display bgp routing-table
The BGP routing table of Router A shows that Router A receives the routes 10.11.0.0/16 and
10.22.0.0/16 from ISP1 and ISP2. Check the information about the route 10.11.0.0/16 on
Router A.
[RouterA] display bgp routing-table 10.11.0.0
The preceding command output shows that the AS_Path of the route learned from ISP2 is shorter
than that of the route learned from ISP1. Therefore, the route learned from ISP2 is selected as
the optimal route. Table 8-17 shows the route attribute comparison of the routes 10.11.0.0/16
learned from ISP1 and ISP2.
Table 8-17 Route attribute comparison of the route learned from ISP1 and that learned from
ISP2
Route type Learned from a peer Learned from a peer The same.
Scenario 2: The administrator of AS 65001 requires that ISP1 be active and ISP2 be backup for
the traffic to 10.11.0.0/16 and 10.22.0.0/16.
To meet the preceding requirements, run the peer { group-name | ipv4-address } preferred-
value value command on Router A to increase the PrefVal values of the routes learned from
ISP1. This configuration ensures that the routes learned from ISP1 are selected as the optimal
routes. Detailed configurations are as follows:
bgp 65001
#
ipv4-family unicast
peer 10.1.2.2 preferred-value 120 //Set the PrefVal of the routes
learned from AS 300 to 120.
Run the display bgp routing-table [ ip-address ] command to check the configurations.
The preceding command output shows that Router A selects the routes learned from ISP1.
# Display detailed information about the route 10.11.0.0/16 or 10.22.0.0/16 on Router A. The
route 10.11.0.0/16 is used as an example.
[RouterA] display bgp routing-table 10.11.0.0
The preceding command output shows that the PrefVal value of the route learned from ISP1 is
greater than that of the route learned from ISP2 and that the route learned from ISP1 is selected
as the optimal route.
l For the traffic destined to 10.11.0.0/16, ISP1 is active and ISP2 is backup.
l For the traffic destined to 10.22.0.0/16, ISP2 is active and ISP1 is backup.
To meet the preceding requirements, ensure that Router A selects the route 10.11.0.0/16 learned
from ISP1 and the route 10.22.0.0/16 learned from ISP2. In this situation, the peer preferred-
value command can no longer be used because different PrefVal values are required for the
routes learned from the same ISP. To allow different PrefVal values for the routes learned from
the same ISP, configure import policies. Detailed configurations are as follows:
#
bgp 65001
#
ipv4-family unicast
peer 10.1.2.2 route-policy for_isp1_in import //Apply import policy named
for_isp1_in to the routes learned from 10.1.2.2 and use for_isp1_in to modify the
PrefVal value.
peer 10.1.3.2 route-policy for_isp2_in import //Apply import policy named
for_isp2_in to the routes learned from 10.1.3.2 and use for_isp2_in to modify the
PrefVal value.
#
route-policy for_isp1_in permit node 10 //Define the first node of
for_isp1_in and set the PrefVal value of the route 10.11.0.0/16 to 80.
if-match ip-prefix for_isp1
apply preferred-value 80
#
route-policy for_isp1_in permit node 20 //Define the second node of
for_isp1_in and allow for_isp1_in to permit all routes.
#
route-policy for_isp2_in permit node 10 //Define the first node of
for_isp2_in and set the PrefVal value of the route 10.22.0.0/16 to 120.
if-match ip-prefix for_isp2
apply preferred-value 120
#
route-policy for_isp2_in permit node 20 //Define the second node of
for_isp2_in and allow for_isp2_in to permit all routes.
#
ip ip-prefix for_isp1 index 10 permit 10.11.0.0 16 //Configure an IP prefix
list to match the route 10.11.0.0/16.
ip ip-prefix for_isp2 index 10 permit 10.22.0.0 16 //Configure an IP prefix
list to match the route 10.22.0.0/16.
#
Run the display bgp routing-table [ ip-address ] command to check the configurations.
* 10.1.3.2 0 200?
*> 10.22.0.0/16 10.1.3.2 120 200?
* 10.1.2.2 0 300 100?
The preceding command output shows that Router A selects the route 10.11.0.0/16 learned from
ISP1 and the route 10.22.0.0/16 learned from ISP2.
The preceding command output shows that two routes 10.22.0.0/16 are available in the BGP
routing table of Router A and that the route with the next hop address 10.1.3.2 is selected because
its PrefVal (120) is greater than the PrefVal (0) of the route with next hop address 10.1.2.2. The
PrefVal value is sufficient enough to determine the optimal route, and therefore, Router A does
not compare other route attributes.
The preceding examples show that PrefVal values can be configured as required to control the
traffic forwarding path.
Local_Pref
BGP prefers the route with the highest Local_Pref during BGP route selection.
The Local_Pref attribute is used to determine the optimal route when traffic leaves an AS. The
Local_Pref attribute is available only to IBGP peers and is not advertised to other ASs.
Run the default local-preference command. This method sets a default Local_Pref for the
routes that the local device advertises to IBGP
peers.
Configure an import or export policy and run This method sets different Local_Pref values
the apply local-preference command to for different routes that the local device
configure an apply clause for the policy. advertises to IBGP peers.
NOTE
If both the methods are used, the method with the
import policy takes effect if routes match the
conditions specified in the apply local-
preference command and the policy.
The following example shows how the Local_Pref value is used during route selection. In Figure
8-14, both ISP1 and ISP2 advertise the routes 10.11.0.0/16 and 10.22.0.0/16 to AS 65001.
Internet
10.11.0.0/16
10.22.0.0/16
ISP1 ISP2
AS 100 AS 200
10.1.1.1/30 10.1.2.1/30
EBGP EBGP
Client Network
AS 65001
10.1.1.2/30 10.1.2.2/30
10.1.3.1/30
RouterA RouterB
IBGP 10.1.3.2/30
10.1.4.1/30 10.1.5.1/30
IBGP IBGP
10.1.4.2/30 10.1.5.2/30
RouterC
Scenario 1: When no Local_Pref value is configured on Router A and Router B, check the BGP
routing tables of Router A and Router B.
[RouterA] display bgp routing-table
The BGP routing table of Router A shows that Router A receives the routes 10.11.0.0/16 and
10.22.0.0/16 from ISP1 and Router B. Check the information about the route 10.11.0.0/16 on
Router A.
[RouterA] display bgp routing-table 10.11.0.0
The preceding command output shows that the route learned from ISP1 is selected as the optimal
route because it is an EBGP route and the route learned from Router B is an IBGP route. Table
8-19 shows the route attribute comparison of the routes 10.11.0.0/16 learned from ISP1 and
Router B.
Table 8-19 Route attribute comparison of the routes 10.11.0.0/16 learned from ISP1 and
Router B
Route type Learned from a peer Learned from a peer The same.
The route selection process on Router B is the same as that on Router A. Then, Router A and
Router B advertise the optimal routes to Router C. Check the routing table of Router C.
[RouterC] display bgp routing-table
The preceding command output shows that Router C selects the routes advertised by Router B.
Check the reason why the routes learned from Router A are not selected on Router C. The route
10.11.0.0/16 is used as an example.
[RouterC] display bgp routing-table 10.11.0.0
The preceding command output shows that Router C selects the route 10.11.0.0/16 learned from
Router B because the router ID (192.168.2.2) of Router B is smaller than that (192.168.2.3) of
Router A. Table 8-20 shows the route attribute comparison of the routes 10.11.0.0/16 learned
from Router A and Router B.
Table 8-20 Route attribute comparison of the routes 10.11.0.0/16 learned from Router A and
Router B
Route type Learned from a peer Learned from a peer The same.
Scenario 2: The administrator of AS 65001 requires that ISP1 be active and ISP2 be backup for
the traffic to 10.11.0.0/16 and 10.22.0.0/16.
To meet the preceding requirements, run the default local-preference command on Router A
to increase the Local_Pref values of the routes learned from Router A. This configuration ensures
that the routes learned from ISP1 are selected as the optimal routes. Detailed configurations are
as follows:
#
bgp 65001
#
ipv4-family unicast
default local-preference 120 //Set the Local_Pref of the routes
to be advertised to 120.
#
Run the display bgp routing-table [ ip-address ] command to check the configurations.
The preceding command output shows that Router A selects the routes learned from ISP1.
The preceding command output shows that Router B selects the routes learned from Router A.
Router B does not advertise the routes learned from ISP2 to its IBGP peers because those routes
are not selected.
# Display detailed information about the route 10.11.0.0/16 or 10.22.0.0/16 on Router B. The
route 10.11.0.0/16 is used as an example.
[RouterB] display bgp routing-table 10.11.0.0
The preceding command output shows that the Local_Pref value of the route learned from
Router A is greater than that of the route learned from ISP2 and that the route learned from
Router A is selected as the optimal route. Table 8-21 shows the route attribute comparison of
the routes 10.11.0.0/16 learned from Router A and ISP2.
Table 8-21 Route attribute comparison of the routes 10.11.0.0/16 learned from Router A and
ISP2
Router C selects the routes advertised by ISP1 because Router B did not advertise the routes
learned from ISP2 to Router C.
To meet the preceding requirements, ensure that AS 65001 selects the route 10.11.0.0/16 learned
from Router A and the route 10.22.0.0/16 learned from Router B. Detailed configurations are
as follows:
Internet
10.11.0.0/16
10.22.0.0/16
ISP1 ISP2
AS 100 AS 200
To: 11.0.0.0/8
RouterA RouterB
To: 22.0.0.0/8
To: 11.0.0.0/8 IBGP To: 22.0.0.0/8
IBGP IBGP
RouterC
Best route
In this situation, different Local_Pref values are required for the routes learned from the same
ISP. To configure different Local_Pref values for the routes learned from the same ISP, configure
route-policies. Detailed configurations are as follows:
l Configurations on Router A
#
bgp 65001
#
ipv4-family unicast
peer 10.1.1.1 route-policy rp1 import //Apply import policy
named rp1 to the routes learned from 10.1.1.1 and use rp1 to modify the
Local_Pref.
#
route-policy rp1 permit node 10 //Define the first node
of rp1 and set the Local_Pref value of the route 10.11.0.0/16 to 80.
if-match ip-prefix reducepref
apply local-preference 80
#
route-policy rp1 permit node 20 //Define the second
node of rp1 and set the Local_Pref value of the route 10.22.0.0/16 to 120.
if-match ip-prefix addpref
apply local-preference 120
#
route-policy rp1 permit node 30 //Define the third node
of rp1 and allow rp1 to permit all routes.
#
ip ip-prefix addpref index 10 permit 10.11.0.0 16 //Configure an IP
prefix list to match the route 10.11.0.0/16.
ip ip-prefix reducepref index 10 permit 10.22.0.0 16 //Configure an IP
prefix list to match the route 10.22.0.0/16.
#
l Configurations on Router B
bgp 65001
#
ipv4-family unicast
peer 10.1.2.1 route-policy rp2 import //Apply import policy
named rp2 to the routes learned from 10.1.1.1 and use rp2 to modify the
Local_Pref.
#
route-policy rp2 permit node 10 //Define the first node
of rp2 and set the Local_Pref value of the route 10.22.0.0/16 to 200.
if-match ip-prefix addpref
apply local-preference 200
#
route-policy rp2 permit node 20 //Define the second
node of rp2 and set the Local_Pref value of the route 10.11.0.0/16 to 60.
if-match ip-prefix reducepref
apply local-preference 60
#
route-policy rp2 permit node 30 //Define the third node
of rp2 and allow rp2 to permit all routes.
#
ip ip-prefix addpref index 10 permit 10.22.0.0 16 //Configure an IP
prefix list to match the route 10.22.0.0/16.
ip ip-prefix reducepref index 10 permit 10.11.0.0 16 //Configure an IP
prefix list to match the route 10.11.0.0/16.
#
Run the display bgp routing-table [ ip-address ] command to check the configurations.
# Display the routing table of Router A.
[RouterA] display bgp routing-table
The preceding command output shows that two routes 10.22.0.0/16 are available in the BGP
routing table of Router A and that the route with next hop address 10.1.2.1 is selected because
its Local_Pref (200) is greater than the Local_Pref (80) of the route with next hop address
10.1.1.1.
Table 8-22 shows the route attribute comparison of the routes 10.22.0.0/16 learned from ISP1
and Router B.
Table 8-22 Route attribute comparison of the routes 10.22.0.0/16 learned from ISP1 and
Router B.
The route with next hop address 10.1.1.1 is not optimal, and therefore, it is not advertised to
Router B and Router C. In addition, the route 10.11.0.0/16 with next hop address 10.1.2.1 is not
optimal on Router B, and therefore, Router B does not advertise this route to Router A and
Router C. As a result, only one route 10.11.0.0/16 with next hop address 10.1.1.1 is available in
the BGP routing table of Router A.
# Display the routing table of Router B.
[RouterB] display bgp routing-table
The preceding command output shows that two routes 10.11.0.0/16 are available in the BGP
routing table of Router B and that the route with next hop address 10.1.1.1 is selected because
its Local_Pref (120) is greater than the Local_Pref (60) of the route with next hop address
10.1.2.1. The route with next hop address 10.1.2.1 is not advertised to Router A and Router C
because it is not optimal.
The preceding command output shows that the next hop address of the route 10.11.0.0/16 is
10.1.1.1 and that the next hop address of the route 10.22.0.0/16 is 10.1.2.1.
Scenario 4: The requirements of the administrator of AS 65001 are as follows:
l ISP1 is active and ISP2 is backup for the traffic from Router A and Router C to 10.11.0.0/16
and 10.22.0.0/16.
l ISP2 is active and ISP1 is backup for the traffic from Router B to 10.11.0.0/16 and
10.22.0.0/16.
To meet the preceding requirements, ensure that Router A and Router C select the routes learned
from ISP1. Detailed configurations are as follows:
Internet
10.11.0.0/16
10.22.0.0/16
ISP1 ISP2
AS 100 AS 200
To: To:
10.11.0.0/16 EBGP EBGP
10.11.0.0/16
10.22.0.0/16 10.22.0.0/16
Client Network
AS 65001
IBGP
RouterA RouterB
To:
11.0.0.0/8
22.0.0.0/8
IBGP IBGP
RouterC
Best route
ipv4-family unicast
default local-preference 120 //Set the Local_Pref of the routes
to be advertised to 120.
Run the display bgp routing-table [ ip-address ] command to check the configurations.
The preceding command output shows that Router B selects the routes learned from ISP1.
The preceding command output shows that Router B selects the routes learned from ISP2.
The preceding command output shows that Router C selects the routes learned from ISP1.
# Display detailed information about the route 10.11.0.0/16 or 10.22.0.0/16 on Router C. The
route 10.11.0.0/16 is used as an example.
[RouterC] display bgp routing-table 10.11.0.0
The preceding command output shows that Router C selects the routes learned from ISP1
because the Local_Pref of the routes learned from ISP1 is greater than that of the route learned
from ISP2.
The preceding examples show that the modification of the Local_Pref values affects not only
BGP route advertisement but also BGP route selection with an AS. We can configure Local_Pref
values as required to control the forwarding path of the traffic that leaves an AS.
Route Type
BGP prefers locally imported routes to the routes learned from peers during BGP route selection.
BGP routes can be locally imported or learned from peers. The locally imported routes take
precedence over the routes learned from peers during BGP route selection. It is unusual for
locally imported routes and the routes learned from peers to carry the same destination IP address
and coexist in the routing table. Generally, locally imported routes can be the routes imported
using the network or import-route command and the automatically and manually summarized
routes. Precedences of these routes are described as follows:
In Figure 8-17, Router A and Router B are EBGP peers, and Router B, Router C, and Router D
are IBGP peers.
AS 100 AS 65001
Router A Router B Router D
10.1.1.1/30 10.1.1.2/30 10.1.3.1/30
IBGP 10.1.3.2/30
10.1.2.1/30 10.1.4.1/30
IBGP IBGP
Router C
10.1.2.2/30 10.1.4.2/30
Run the display bgp routing-table [ ip-address ] command to check the configurations.
The preceding command output shows that three routes 10.1.4.0/30 are available in the routing
table. The route with the next hop address 10.1.4.2 is learned from a peer (Router C). Therefore,
BGP first excludes this route from route selection.
[RouterD] display bgp routing-table 10.1.4.0 30
The preceding command output shows that the route imported using the network command is
selected as the optimal route.
The configurations on Router B are as follows:
bgp 65001
#
ipv4-family unicast
summary automatic
aggregate 10.0.0.0 255.0.0.0
import-route direct
#
Run the display bgp routing-table [ ip-address ] command to check the configurations.
The preceding command output shows that two summarized routes 10.0.0.0 are available in the
routing table.
[RouterB] display bgp routing-table 10.0.0.0
The preceding command output shows that the route generated using the aggregate command
is selected as the optimal route.
AIGP
BGP prefers the route with the smallest AIGP value during BGP route selection.
The Accumulated Interior Gateway Protocol Metric (AIGP) attribute is an optional non-
transitive Border Gateway Protocol (BGP) path attribute. After the AIGP attribute is configured
in an AIGP administrative domain, BGP selects paths based on costs in the same manner as an
IGP, and all devices in the domain forward data along the optimal routes. During BGP route
selection, the AIGP attribute is used as follows:
l The priority of a route that carries the AIGP attribute is higher than the priority of a route
that does not carry the AIGP attribute.
l If two BGP routes both carry the AIGP attribute, the device selects the BGP route whose
AIGP value plus the cost of the IGP route to which the BGP route is iterated is smaller.
The AIGP attribute can be added to routes only through route-policies. You can configure an
apply clause for a route-policy using the apply aigp { cost | inherit-cost } command to modify
the AIGP value during BGP route import, acceptance, or advertisement. If no AIGP value is
configured, the IGP routes imported by BGP do not carry the AIGP attribute.
In Figure 8-18, OSPF runs in AS 65002, an EBGP peer relationship is established between
Router A and Router E and between Router B and Router E. Router A and Router B are
configured to import OSPF routes in AS 65002 and advertise the routes to AS 65001.
AS 65001
Router E
10.1.1.1/30 10.1.3.1/30
EBGP EBGP
10.1.1.2/30 10.1.3.2/30
Router A Router B
10.1.2.1/30 10.1.5.1/30
AS 65002
10.1.2.2/30 10.1.5.2/30
10.1.4.1/30
Router C 10.1.4.2/30 Router D
Run the display bgp routing-table [ ip-address ] command on Router E to check the
configurations. The route 10.1.4.0/30 is used in this example.
The command output shows that Router E selects the route learned from Router A because the
AIGP attribute has not been configured and the router ID of Router A is smaller than that of
Router B. To change the route selection on Router E, perform the following operations to
configure the AIGP attribute.
Configurations on Router A:
#
bgp 65002
#
ipv4-family unicast
import-route ospf 1 route-policy aigp_policy //Apply route-policy named
aigp_policy to locally imported OSPF routes and use aigp_policy to modify the AIGP
value.
peer 10.1.1.1 aigp //Enable AIGP on the local
device and the peer 10.1.1.1.
#
route-policy aigp_policy permit node 10 //Define the first node of
aigp_policy and set the AIGP value of the route 10.1.4.0/30 to 10.
if-match ip-prefix prefix1
apply aigp 10
#
Configurations on Router B:
bgp 65002
peer 10.1.3.1 as-number 65001
#
ipv4-family unicast
import-route ospf 1 route-policy aigp_policy1 //Apply route-policy named
aigp_policy1 to locally imported OSPF routes and use aigp_policy1 to modify the
AIGP value.
peer 10.1.3.1 aigp //Enable AIGP on the local
device and the peer 10.1.3.1.
#
route-policy aigp_policy1 permit node 10 //Define the first node of
aigp_policy1 and set the AIGP value of the route 10.1.4.0/30 to 5.
if-match ip-prefix prefix2
apply aigp 5
#
route-policy aigp_policy1 permit node 20 //Define the second node of
aigp_policy1 and allow aigp_policy1 to permit all routes.
#
ip ip-prefix prefix2 index 10 permit 10.1.4.0 30 //Configure IP prefix list
named prefix2 to match the route 10.1.4.0/30.
#
Configurations on Router E:
#
bgp 65001
#
ipv4-family unicast
peer 10.1.1.2 aigp //Enable AIGP on the local
device and the peer 10.1.1.2.
peer 10.1.3.2 aigp //Enable AIGP on the local
device and the peer 10.1.3.2.
#
Run the display bgp routing-table [ ip-address ] command on Router E to check the
configurations.
# Display the routing table of Router E.
[RouterE] display bgp routing-table
The preceding command output shows that Router E selects the route 10.1.4.0/30 learned from
Router B because its AIGP value is smaller than that of the route learned from Router A.
Table 8-23 shows the attribute comparison of the routes 10.1.4.0/30 learned from Router A and
Router B.
Table 8-23 Attribute comparison of the routes 10.1.4.0/30 learned from Router A and Router
B.
Route type Learned from a peer Learned from a peer The same.
AS_Path
BGP prefers the route with the shortest AS_Path length (the number of included ASs) during
BGP route selection.
l AS_Sequence: records in reverse order all the ASs through which a route passes from the
local device to the destination.
l AS_Set: records in random order all the ASs through which a route passes from the local
device to the destination. The AS_Set attribute is used in route summarization scenarios.
l AS_Confed_Sequence: records in reverse order all the sub-ASs within a BGP confederation
through which a route passes from the local device to the destination.
l AS_Confed_Set: records in random order all the sub-ASs within a BGP confederation
through which a route passes from the local device to the destination.
Item Description
bestroute as-path-ignore After the command is configured, BGP does not compare
the AS_Path attribute during route selection.
apply as-path The command can be run to configure an apply clause for a
route-policy so that the ASs in the AS_Path of the route that
matches the route-policy are cleared or replaced, or new ASs
are added.
NOTE
The configuration of the apply as-path command may change the
traffic forwarding path, or cause routing loops or route selection
errors. Therefore, exercise caution when configuring the command.
Item Description
peer fake-as After the command is configured, BGP can use a fake AS
number to set up a BGP peer relationship.
If the local device uses the actual AS number to establish an
EBGP peer relationship with a remote device, the actual AS
number is carried in the AS_Path of the route sent to the
remote device. If the local device uses the fake AS number
to establish the EBGP peer relationship, the fake AS number
is carried in the AS_Path of the route sent to the remote
device.
During BGP route selection, BGP compares the AS_Path length by calculating the number of
ASs included in the AS_Sequence if AS_Sequence is carried in a route. If both AS_Sequence
and AS_Set are carried in the route, BGP considers the AS_Path length to be the number of ASs
included in the AS_Sequence plus 1.
On B: peer C public-as-only
ISP1 ISP2
AS 65001 AS 100 AS 200
10.0.0.0/8
Router A Router B Router C
Update Update
10.0.0.0/8 10.0.0.0/8
AS_Path: 65001 AS_Path: 100
In Figure 8-19, Router A advertises the route 10.0.0.0/8 to Router D through ISP1 and ISP2.
After receiving this route, Router D checks its AS_Path. This AS_Path carries AS 65001, which
is the same as the AS of Router D. As a result, Router D discards this route.
To address this problem, run the peer public-as-only command on Router B so that Router B
deletes AS 65001 before adding AS 100 (public AS) to the AS_Path and forwarding the route
to Router C.
In the following situations, after the peer public-as-only command is configured, BGP does not
delete any private AS number from the AS_Path:
l The AS_Path of a route carries the AS number of the remote peer. In this case, deleting
private AS numbers may lead to a routing loop.
l The AS_Path carries both public and private AS numbers, which indicates that the route
has passed through the public network. In this case, deleting private AS numbers may lead
to incorrect traffic forwarding.
The preceding limitations also apply to confederation scenarios.
Adding AS Numbers
In Figure 8-20, AS 65005 imports three routes and advertises them to AS 65001 through two
paths.
Figure 8-20 Networking in which new AS numbers are added to the AS_Path
AS 65002
AS 65004
10.1.2.2/30
10.1.1.2/30 10.1.2.1/30 10.1.4.1/3
Router B Router D
10.1
10.1.1.1/30
10.1.5.2
10.1.3.1/30 Router C
10.1.3.2/30 10.1.5.1/30
AS 65003
Run the display bgp routing-table [ ip-address ] command to check the configurations.
# Display the routing table of Router A.
[RouterA] display bgp routing-table
The preceding command output shows that Router A selects the route learned from Router C
because this route has a shorter AS_Path length than that learned from Router B. To enable
Router A to select the route learned from Router B, configure Router B to reduce the AS_Path
length of the route or configure Router C to increase the AS_Path length of the route. In the
following example, Router C is configured to increase the AS_Path length of the route. The
detailed configurations on Router C are as follows:
#
bgp 65003
#
ipv4-family unicast
undo synchronization
peer 10.1.3.1 route-policy add_asn export //Apply export policy named
add_asn to routes to be advertised to 10.1.3.1.
#
route-policy add_asn permit node 10 //Define the first node of
add_asn.
if-match ip-prefix prefix1 //Configure IP prefix list
named prefix1.
apply as-path 65003 65003 65003 additive //Add 65003, 65003, 65003
to the AS_Path of the route that matches prefix1.
#
route-policy add_asn permit node 20 //Define the second node of
add_asn to permit all other routes.
#
ip ip-prefix prefix1 index 10 permit 172.16.1.0 24 //Define the first index of
prefix1 to match the route 172.16.1.0/24.
ip ip-prefix prefix1 index 20 permit 172.16.2.0 24 //Define the second index
of prefix1 to match the route 172.16.2.0/24.
ip ip-prefix prefix1 index 30 permit 172.16.3.0 24 //Define the third index of
prefix1 to match the route 172.16.3.0/24.
#
Run the display bgp routing-table [ ip-address ] command to check the configurations.
The preceding command output shows that the AS_Path length of the route learned from
Router B is shorter than that of the route learned from Router C and that the route learned from
Router B is selected as the optimal route. Table 8-25 shows the attribute comparison of the
routes 172.16.1.0 learned from Router B and Router C.
Table 8-25 Attribute comparison of the routes 172.16.1.0 learned from Router B and Router C
Route type Learned from a peer Learned from a peer The same.
AS_Path 65002 65004 65005 65003 65003 65003 The route learned
65003 65005 from Router B is
optimal.
Replacing AS Numbers
When the apply as-path command is configured, if overwrite is specified in the command, the
device will replace the AS numbers in the original AS_Path attribute to achieve the following
goals:
l Hide the actual path information.
l Prevent a route from being discarded by replacing the AS_Path of the route with a shorter
one if the as-path-limit command is configured on the device that receives this route.
l Reduce the AS_Path length.
AS number replacement can also be used for the purpose of load balancing. For example in
Figure 8-20, the apply as-path 65002 65004 65005 overwrite command can be configured on
Router A to replace the AS_Path of the route learned from Router C so that the route has the
same AS_Path as that of the route learned from Router B, and the two routes are used to load-
balance traffic. Detailed configurations on Router A are as follows:
#
bgp 65001
#
ipv4-family unicast
undo synchronization
peer 10.1.3.2 route-policy replace_asn import //Apply export policy named
Run the display bgp routing-table [ ip-address ] command to check the configurations.
The preceding command output shows that the AS_Path of the route received from AS 65003
has been replaced, after which the routes received from AS 65002 and AS 65003 have the same
AS_Path. Run the maximum load-balancing 2 command on Router A to set the maximum
number of routes for load balancing to 2. Then, check the detailed route information. The route
172.16.1.0/24 is used in the following example:
[RouterA] display bgp routing-table 172.16.1.0
The preceding command output shows that the route learned from Router B is optimal and is
used along with the route learned from Router C (not optimal) for load balancing. Check the
information about the route 172.16.1.0/24 in the IP routing table.
[RouterA] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 9 Routes : 12
The preceding command output shows that BGP has delivered the two routes with the same
route prefix to the IP routing table for load balancing.
Origin
The Origin attribute indicates how routes become BGP routes.
Three types of Origin attributes are available:
l IGP: indicates that routes are added to the BGP routing table using the network command.
IGP has the highest priority.
l EGP: indicates that routes are learned through the EGP protocol. EGP has the second
highest priority.
NOTE
The NE80E/40E can receive and send BGP routes with EGP as the Origin. However, the NE80E/
40E does not support the EGP protocol; therefore, to set the Origin of routes to EGP, you need to
run the apply origin { egp { as-number-plain | as-number-dot } | igp | incomplete } command to
configure an apply clause for a route-policy.
l Incomplete: indicates that routes are added to the BGP routing table using the import-
route command. Incomplete has the lowest priority.
The routes imported using the network command are more specific than those imported using
the import-route command. Therefore, IGP takes precedence over Incomplete in route
selection. In Figure 8-21, Router A and Router B are EBGP peers, and Router B, Router C, and
Router D are IBGP peers.
AS 100 AS 65001
Router A Router B Router D
10.1.1.1/30 10.1.1.2/30 10.1.3.1/30
IBGP 10.1.3.2/30
10.1.2.1/30 10.1.4.1/30
IBGP IBGP
Router C
10.1.2.2/30 10.1.4.2/30
Run the display bgp routing-table [ ip-address ] command to check the configurations.
The preceding command output shows that two active routes 10.1.4.0/30 are available in the
routing table.
[RouterB] display bgp routing-table 10.1.4.0
The preceding command output shows that the route learned from Router D is selected because
it is imported using the network command and its Origin priority is higher than that of the route
learned from Router C. Table 8-26 describes the attribute comparison of the routes learned from
Router C and Router D.
Table 8-26 Attribute comparison of the routes learned from Router C and Router D
Route type Learned from a peer Learned from a peer The same.
The Origin attribute can be modified using a route-policy. In the following example, a route-
policy is configured on Router B to modify the Origin attribute, and the detailed configurations
are as follows:
#
bgp 65001
#
ipv4-family unicast
peer 10.1.3.2 route-policy for_d import //Apply import policy named
for_d to the routes learned from 10.1.3.2 and use for_d to modify the Origin
value.
#
route-policy for_d permit node 10 //Define the route-policy
named for_d.
apply origin incomplete //Set the Origin type to
Incomplete.
Run the display bgp routing-table [ ip-address ] command to check the configurations.
# Display the routing table of Router B.
[RouterB] display bgp routing-table
The preceding command output shows that the route learned from Router C becomes the optimal
route.
[RouterB] display bgp routing-table 10.1.4.0
The preceding command output shows that the route learned from Router C becomes the optimal
route because it has a smaller router ID than the route learned from Router D. Table 8-27 shows
the attribute comparison of the routes learned from Router C and Router D.
Table 8-27 Attribute comparison of the routes learned from Router C and Router D
Route type Learned from a peer Learned from a peer The same.
MED
MED attributes of routes can be configured as required to control traffic forwarding path for the
purpose of load balancing.
The MED attribute is transmitted only within an AS or between two neighboring ASs. The AS
that receives the MED attribute does not advertise it to a third AS.
Similar to the cost used by an IGP, the MED is used to determine the optimal route when traffic
enters an AS. When a BGP peer learns multiple routes that have the same destination address
but different next hop addresses from EBGP peers, the route with the smallest MED value is
selected as the optimal route if all the other attributes are the same.
Table 8-28 lists two methods used to modify the MED value.
Run the default med command. This method sets a default MED for all the
routes that the local device advertises to its
BGP peers. The default med command takes
effect only with the routes imported locally
using the import-route command and BGP
summarized routes.
Configure an import or export policy and run This method sets different MED values for
the apply cost command to configure an different routes advertised by the local device
apply clause for the policy. to its EBGP peers.
Configure an export policy and run the apply This method enables a device to set MED
cost-type internal command to configure an values for the BGP routes that are learned
apply clause for the export policy. from IBGP peers and to be advertised to
EBGP peers and match the export policy to
the costs of the IGP routes to which the BGP
routes are iterated.
The major points about MED attributes that require consideration are as follows:
l If routes are received from different ASs, traffic will be sent to different ASs. In addition,
BGP selects the optimal route only from the routes destined for the same address. Therefore,
BGP only compares the MEDs of routes that are from the same AS (excluding confederation
sub-ASs). MEDs of two routes are compared only if the leftmost AS number in the
AS_Sequence (excluding AS_Confed_Sequence) of one route is the same as its counterpart
in the other route.
l If the compare-different-as-med command is run, BGP compares MEDs of routes even
when the routes are received from peers in different ASs. Do not run this command unless
the ASs use the same IGP and route selection mode. Otherwise, a routing loop may occur.
l If a route does not carry MED, BGP uses the default value (0) as the MED of the route
during route selection. If the bestroute med-none-as-maximum command is run, BGP
considers the largest MED value (4294967295) to be the MED of the route.
l After the bestroute med-confederation command is configured, BGP compares the MEDs
of routes only when the AS_Path attributes of the routes carry no external AS numbers
(ASs that do not belong to the confederation) and the leftmost AS numbers in each
AS_Confed_Sequence are the same.
l After the deterministic-med command is configured, routes will not be selected in the
same sequence they are received.
In Figure 8-22, ISP1 and ISP2 can learn the route 1.1.1.9/32 from Router C or Router D.
Internet
ISP1 ISP2
AS 100 AS 200
10
Router A Router B
0
.1
/3
.3
.1
.1
.4
10.1.1.1/30 /3 10.1.2.1/30
.1
0
10
EBGP EBGP
10
.1
.3
0
/3
.
Client Network 2/30
.2
.4
.1
10.1.5.1/30
Router C Router D
IBGP 10.1.5.2/30
10.1.6.1/30 10.1.7.1/30
Router E
Scenario 1: Check the BGP routing tables of Router A and Router B before Router C and
Router D are configured to modify the MED of the route 1.1.1.9/32.
[RouterA] display bgp routing-table
The preceding command output shows that both ISP1 and ISP2 select the route learned from
Router C as the optimal route. As a result, Router C and Router D cannot load-balance the traffic
from ISP1 or ISP2 to 1.1.1.1/32.
Run the display bgp routing-table ip-address command on Router B to check the reason why
Router B chooses the route learned from Router C.
[RouterB] display bgp routing-table 1.1.1.9
The preceding command output shows that Router B selects the route learned from Router C
because the router ID (10.1.1.2) of Router C is smaller than that (10.1.2.2) of Router D. Table
8-29 describes the attribute comparison of the routes learned from Router C and Router D.
Table 8-29 Attribute comparison of the routes learned from Router C and Router D
Route type Learned from a peer Learned from a peer The same.
To meet the preceding requirements, ensure that ISP1 selects the route learned from Router C
and that ISP2 selects the route learned from Router D. Figure 8-23 shows the networking in
which MED is used to control route selection.
Internet
ISP1 ISP2
AS 100 AS 200
Router A Router B
Client Network
AS 65001
Router C Router D
IBGP
Router E
Configure route-policies to set different MED values for the routes learned from different peers.
Detailed configurations are as follows:
l Configurations on Router C:
#
bgp 65001
#
ipv4-family unicast
undo synchronization
peer 10.1.4.1 route-policy addmed100 export //Apply export policy
named addmed100 to the routes to be advertised to 10.1.4.1 and use addmed100
to modify the MED value.
#
route-policy addmed100 permit node 10 //Define the first node
of addmed100 and set the MED of the route 1.1.1.9/32 to 100.
if-match ip-prefix p1
apply cost 100
#
route-policy addmed100 permit node 20 //Define the second node
of addmed100 to allow addmed100 to permit all other routes.
#
ip ip-prefix p1 index 10 permit 1.1.1.9 32 //Configure an IP prefix
list to match the route 1.1.1.9/32.
l Configurations on Router D:
NOTE
The following configurations are intended to ensure that Router A selects the route learned from
Router C. However, Router A has already selected the route learned from Router C because the router
ID of Router C is smaller than that of Router D. Therefore, the following configurations on Router
D are optional.
#
bgp 65001
#
ipv4-family unicast
undo synchronization
peer 10.1.3.1 route-policy addmed200 export //Apply export policy
named addmed200 to the routes to be advertised to 10.1.3.1 and use addmed200
to modify the MED value.
#
route-policy addmed200 permit node 10 //Define the first node
of addmed200 and set the MED of the route 1.1.1.9/32 to 200.
if-match ip-prefix p1
apply cost 200
#
route-policy addmed200 permit node 20 //Define the second node
of addmed200 to allow addmed200 to permit all other routes.
#
ip ip-prefix p1 index 10 permit 1.1.1.9 32 //Configure an IP prefix
list to match the route 1.1.1.9/32.
Run the display bgp routing-table [ ip-address ] command to check the configurations. Use
Router B as an example.
The preceding command output shows that two routes 1.1.1.9/32 are available in the BGP routing
table of Router B and that only the route with next hop address 10.1.2.2 is selected as the optimal
route.
Table 8-30 describes the attribute comparison of the routes learned from Router C and Router
D.
Table 8-30 Attribute comparison of the routes learned from Router C and Router D
Route type Learned from a peer Learned from a peer The same.
Figure 8-23 shows that the route learned from Router D does not carry the MED value. During
route selection, BGP uses the default value (0) as the MED of the route. Therefore, this route is
selected as the optimal route. To change the route selection result on Router B, run the bestroute
med-none-as-maximum command on Router B. Detailed configurations are as follows:
[RouterB] display bgp routing-table
The preceding command output shows that two routes 1.1.1.9/32 are available in the BGP routing
table of Router B. The MED of the route with the next hop address 10.1.4.2 is 100, and the MED
of the route with the next hop address 10.1.2.2 is considered as 4294967295 because it carries
no MED. Therefore, the route with the next hop address 10.1.4.2 is selected as the optimal route.
In addition, BGP selects routes in the same sequence they are received. Therefore, the route
selection result is relevant to the sequence in which the routes are received. For example, the
following three BGP routes are available on a device:
l Route A1: AS_Path { 65001 200 }, med 100, igp cost 13, internal, Router id 4.4.4.4
l Route A2: AS_Path { 65001 100 }, med 150, igp cost 11, internal, Router id 5.5.5.5
l Route B: AS_Path { 65002 300 }, med 0, igp cost 12, internal, Router id 6.6.6.6
If the compare-different-as-med (BGP) command is run, route B is the optimal route,
regardless of the sequence in which the routes are received. If the compare-different-as-med
(BGP) command is not configured, BGP does not compare the MED values of routes learned
from different ASs. The route selection is described in the following cases:
l Case 1: Route A1 is received first, followed by route B, and then route A2.
– BGP first compares route A1 and route B. The leftmost AS number in the AS_Path of
route A1 is 65001, which is different from its counterpart in route B (65002). Therefore,
BGP does not compare the MED values, and prefers route B to route A1 because the
IGP cost (12) of route B is smaller than that of route A1 (13).
– BGP then compares route A2 and route B. The leftmost AS number in the AS_Path of
route A2 is 65001, which is different from its counterpart in route B (65002). Therefore,
BGP does not compare the MED values, and selects route A2 as the optimal route
because its IGP cost (11) is smaller than that of route B (12).
l Case 2: Route A2 is received first, followed by route B, and then route A1.
– BGP then compares route A2 and route B. The leftmost AS number in the AS_Path of
route A2 is 65001, which is different from its counterpart in route B (65002). Therefore,
BGP does not compare the MED values and prefers route A2 to route B because the
IGP cost (11) of route A2 is smaller than that of route B (12).
– BGP then compares route A1 and route A2. The leftmost AS number in the AS_Path
of route A1 is the same as its counterpart in route A2 (65001). In this situation, BGP
selects route A1 as the optimal route because its MED value (100) is smaller than that
of route A2 (150).
l Case 3: If the deterministic-med command is run, BGP groups the routes that are learned
from different ASs but are destined for the same network segment based on the leftmost
AS number in the AS_Path, selects one optimal route from each group, and then compares
the optimal routes of all the groups. Detailed steps are as follows:
– BGP first compares route A1 and route A2. The leftmost AS number in the AS_Path of
route A1 is the same as its counterpart in route A2 (65001). In this situation, BGP selects
route A1 as the optimal route because its MED value (100) is smaller than that of route
A2 (150).
– BGP then compares route A1 and route B. The leftmost AS number in the AS_Path of
route A1 is 65001, which is different from its counterpart in route B (65002). Therefore,
BGP does not compare the MED values and selects route B as the optimal route because
the IGP cost (12) of route B is smaller than that of route A1 (13).
Case 1 and case 2 show that the route selection result is relevant to the sequence in which routes
are received if the deterministic-med is not configured. Case 3 shows that the route selection
result is irrelevant to the sequence in which routes are received if the deterministic-med is
configured.
Peer Type
When IBGP routes (routes learned from IBGP peers) and EBGP routes (routes learned from
EBGP peers) are available, BGP preferentially selects EBGP routes.
When one EBGP route and multiple IBGP routes are available, BGP selects the optimal route
based on the peer type. If no EBGP route is available or multiple EBGP routes are available,
BGP is unable to select the optimal route based on the peer type.
When multiple egress devices reside on a carrier network and receive routes from the Internet,
the egress devices select the optimal route based on the peer type in most cases. In Figure
8-24, all devices reside in the same AS, Router A and Router B function as egress devices and
are IBGP peers of all devices in the AS. In addition, Router A and Router B receive routes from
the Internet and advertise EBGP routes to all their IBGP peers. Therefore, Router A and
Router B have an IBGP route and an EBGP route, and the two routes have the same AS_Path.
In this situation, Router A and Router B select the EBGP route as the optimal route.
Internet
EBGP EBGP
Router A Router B
IBGP
The EBGP route is selected as the optimal route, which prevents the traffic that leaves Router
A or Router B for the Internet from being forwarded to the other egress device.
IGP Cost
BGP prefers the route with the smallest IGP cost during BGP route selection.
This rule helps BGP to choose the route with the smallest cost to its iterated next hop address
quickly. If the bestroute igp-metric-ignore command is configured, BGP does not compare
the IGP cost. In Figure 8-25, OSPF runs in AS 65001, an EBGP peer relationship is established
between Router E and Router A and between Router E and Router B, and an IBGP peer
relationship is established between Router A and Router C, between Router A and Router D,
between Router B and Router C, and between Router B and Router D; Router E is configured
to import routes (1.1.1.9/32 for example) from AS 100 to BGP.
ISP
AS 100
1.1.1.9/32
10.1.5.2/30 10.1.6.2/30
10.1.4.1/30
RouterA 10.1.4.2/30 RouterB
10.1.3.2/30 10.1.3.2/30
AS 65001
10.1.3.1/30 10.1.3.1/30
10.1.2.1/30
RouterC 10.1.2.2/30 RouterD
Run the display bgp routing-table [ ip-address ] command on Router C and Router D to check
the configurations. Router C is used as an example.
# Display the routing table of Router C.
[RouterC] display bgp routing-table
The preceding command output shows that two routes 1.1.1.9/32 are available in the routing
table of Router C and that Router C selects the route learned from Router A.
[RouterC] display bgp routing-table 1.1.1.9
The preceding command output shows that the route with next hop address 10.1.6.2 is ignored
because its IGP cost is larger than that of the other route. Table 8-31 describes the attribute
comparison of the routes learned from Router A and Router B.
Table 8-31 Attribute comparison of the routes learned from Router A and Router B.
Route type Learned from a peer Learned from a peer The same.
Cluster_List
BGP prefers the route with the shortest Cluster_List length during BGP route selection.
An RR and its clients form a cluster. In an AS, each RR is uniquely identified by a Cluster_ID.
Similar to an AS_Path, a Cluster_List is composed of a series of Cluster_IDs and is generated
by an RR. The Cluster_List records all the RRs through which a route passes.
l Before an RR reflects a route between its clients or between its clients and non-clients, the
RR adds the local Cluster_ID to the leftmost position of the Cluster_List. If a route does
not carry any Cluster_List, the RR creates one for the route.
l After the RR receives an updated route, it checks the Cluster_List of the route. If the RR
finds that its cluster ID is included in the Cluster_List, the RR discards the route. If its
cluster ID is not included in the Cluster_List, the RR adds its cluster ID to the Cluster_List
and then reflects the route.
The following example shows how Cluster_List is used in BGP route selection. In Figure
8-26, an IBGP peer relationship is established between each two neighboring devices in AS
65001. Router B functions as a level-1 RR, and Router D is its client. Router D functions as a
level-2 RR, and Router E is its client. Router C functions as an RR, and Router E is its client.
Router E is configured to import the route 1.1.1.9/32 to BGP.
Cluster 2 Cluster 1
RR2 RR1
10.1.2.1/30 10.1.2.2/30
10.1.1.2/30 10.1.4.1/30
Router B Router D
10.1.1.1/30
10.1.4.2/30
AS 65001
Router A Router E
10.1.5.2/30
10.1.3.1/30
Router C
10.1.3.2/30 10.1.5.1/30
RR3 BGP Upd
Cluster3
Run the display bgp routing-table [ ip-address ] command on Router A to check the
configurations.
# Display the routing table of Router A.
The preceding command output shows that two routes 1.1.1.9/32 are available in the routing
table of Router C and that Router A selects the route learned from Router C.
[RouterA] display bgp routing-table 1.1.1.9
The preceding command output shows that the route learned from Router B is ignored because
its Cluster_List is longer than that of the route learned from Router C. Table 8-32 describes
attribute comparison of the routes learned from Router B and Router C.
Table 8-32 Attribute comparison of the routes learned from Router B and Router C
Route type Learned from a peer Learned from a peer The same.
In most cases, BGP does not advertise the routes learned from an AS to the AS again. When
RRs are deployed, such routes may be advertised to the AS again although routing loops may
occur. Using the Cluster_List attribute can prevent such routing loops.
Originator_ID
If routes carry the Originator_ID, the originator ID is substituted for the router ID during route
selection. The route with the smallest Originator_ID is preferred.
The Originator_ID attribute is four bytes long and is generated by an RR. It carries the router
ID of the route originator in the local AS.
l When a route is reflected by an RR for the first time, the RR adds the Originator_ID to this
route. If a route already carries the Originator_ID attribute, the RR does not create a new
one.
l After receiving the route, a BGP speaker checks whether the Originator_ID is the same as
its router ID. If Originator_ID is the same as its router ID, the BGP speaker discards this
route.
The following example shows how Originator_ID is used during BGP route selection. In Figure
8-27, an IBGP peer relationship is established between each two neighboring devices in AS
65001. The router IDs of Router B and Router C are 2.2.2.9 and 3.3.3.9, respectively, and they
function as RRs. Router D is a client of Router B, and Router E is a client of Router C. Router
D and Router E are configured to import the route 10.1.4.0/30 to BGP.
Cluster 2
RR2
10.1.2.1/30 10.1.2.2/30
10.1.1.2/30 10.1.4.2/30
Router B Router D
10.1.1.1/30
10.1.4.1/30
AS 65001
Router A Router E
10.1.5.2/30
10.1.3.1/30
RouterC
10.1.3.2/30 10.1.5.1/30
RR3 BGP Upda
Cluster 3
Run the display bgp routing-table [ ip-address ] command on Router A to check the
configurations.
# Display the routing table of Router A.
[RouterA] display bgp routing-table
The preceding command output shows that two routes 10.1.4.0/30 are available in the routing
table of Router A and that Router A selects the route learned from Router C.
[RouterA] display bgp routing-table 1.1.1.9
The preceding command output shows that the route learned from Router B is not selected due
to a router ID issue. In fact, the router ID of Router B is 2.2.2.9, smaller than that (3.3.3.9) of
Router C. The route learned from Router B should be selected if the router IDs are used to
determine the optimal route. However, the routes carry Originator_ID attributes. In this situation,
the Originator_ID attributes (rather than router IDs) are compared. Router A selects the route
learned from Router C because its Originator_ID (10.1.4.1) is smaller than that (10.1.4.2) of the
route learned from Router B.
Table 8-33 describes the attribute comparison of the routes learned from Router B and Router
C.
Table 8-33 Attribute comparison of the routes learned from Router B and Router C
Route type Learned from a peer Learned from a peer The same.
If routes carry Originator_ID attributes, the Originator_ID attributes (rather than router IDs) are
compared.
Router ID
If multiple routes to the same destination are available, BGP preferentially selects the route
advertised by the device with the smallest router ID.
A router ID uniquely identifies a router in an AS, and the router ID can be configured as follows:
l Run the router-id { ipv4-address | vpn-instance auto-select } command. If no router ID
is configured in the BGP view, BGP selects a router ID configured in the system view. For
details on how a router ID configured in the system view is selected, see router-id.
l Run the router-id (BGP) { ipv4-address | auto-select } command in the BGP VPN instance
IPv4/IPv6 address family view. The router-id (BGP VPN instance IPv4/IPv6 address
family view) command takes precedence over the router-id (BGP) command.
If each route carries an Originator_ID, the Originator_IDs rather than router IDs are compared
during route selection. The route with the smallest Originator_ID is preferred. By default,
Cluster_List takes precedence over Originator_ID during BGP route selection. To enable
Originator_ID to take precedence over Cluster_List during BGP route selection, run the
bestroute router id-prior-clusterlist command.
For more router ID-based route selection examples, see Local_Pref, Origin, and MED.
Peer IP Address
BGP prefers the route learned from the peer with the smallest IP address during BGP route
selection.
The peer IP address is the IP address specified in ipv4-address or ipv6-address in the peer
{ group-name | ipv4-address | ipv6-address } as-number { as-number-plain | as-number-dot }
command. The group-name parameter specified in the command is the one specified in the
peer { ipv4-address | ipv6-address } group group-name command.
If the optimal route has not been selected yet before BGP begins to compare peer IP addresses,
the local device may have established multiple BGP peer relationships with another device
through equal-cost links. In most cases, if a backup physical link is available between two
devices, using loopback interfaces to establish a BGP peer relationship is recommended although
multiple BGP peer relationships may be established between the two devices through the
physical links.
In Figure 8-28, two physical links are available between Router A and Router B. Router A and
Router B can use loopback interfaces to establish a BGP peer relationship or use the two links
to establish two BGP peer relationships. In the following example, the two links are used to
establish two BGP peer relationships to show how peer addresses are used in route selection.
Figure 8-28 Networking in which two links are used to establish two BGP peer relationships
AS 65001 AS 65002
10.1.1.1/30 10.1.1.2/30
1.1.1.9/32 2.2.2.9/32
10.1.2.1/30 10.1.2.2/30
Router A Router B
Run the display bgp routing-table [ ip-address ] command to check the configurations.
# Display the routing table of Router A.
[RouterA] display bgp routing-table
The preceding command output shows that two routes 2.2.2.9/32 are available in the routing
table and that the route with the next hop address 10.1.1.2 is selected as the optimal route.
[RouterA] display bgp routing-table 2.2.2.9
The preceding command output shows that the route with the next hop address 10.1.1.2 is
selected as the optimal route because its peer IP address is smaller than that of the other route.
Follow-up Procedure
NOTE
This document takes interface numbers and link types of the NE40E-X8 as an example. In working
situations, the actual interface numbers and link types may be different from those used in this document.
Networking Requirements
Multiple ASs exist in a region. To access each other, these ASs must exchange their local routes.
As multiple routers exist in the ASs, there are a large number of routes that change frequently.
How to transmit a great deal of routing information efficiently between ASs without consuming
lots of bandwidth resources has become a problem. BGP can be used to solve this problem.
On the network shown in Figure 8-29, Router A is in AS 65008. Routers B, C, and D are in AS
65009. The routing tables of these routers store many routes, and the routes change frequently.
After BGP is enabled on the routers, the routers can exchange routing information. When routes
of one router changes, the router will send Update messages carrying only changed routing
information to its peers, and will not send its entire routing table. This greatly reduces bandwidth
consumption.
Configuration Roadmap
The configuration roadmap is as follows:
1. Establish IBGP connections between Routers B, C, and D so that these devices can
exchange routing information.
2. Establish an EBGP connection between Routers A and B so that these devices can exchange
routing information.
3. Run the network command to configure Router A to advertise route 8.1.1.1/8.
4. Configure Router B to import direct routes and view the routing tables of Routers A and
C.
Data Preparation
To complete the configuration, you need the following data:
l Router IDs 2.2.2.2, 3.3.3.3, and 4.4.4.4 and AS number 65009 of Routers B, C, and D
respectively
l Router ID 1.1.1.1 and AS number 65008 of Router A
Procedure
Step 1 Configure an IP address for each interface. The configuration details are not provided here.
# Configure Router B.
[RouterB] bgp 65009
[RouterB-bgp] router-id 2.2.2.2
[RouterB-bgp] peer 9.1.1.2 as-number 65009
[RouterB-bgp] peer 9.1.3.2 as-number 65009
# Configure Router C.
[RouterC] bgp 65009
[RouterC-bgp] router-id 3.3.3.3
# Configure Router D.
[RouterD] bgp 65009
[RouterD-bgp] router-id 4.4.4.4
[RouterD-bgp] peer 9.1.1.1 as-number 65009
[RouterD-bgp] peer 9.1.2.1 as-number 65009
# Configure Router A.
[RouterA] bgp 65008
[RouterA-bgp] router-id 1.1.1.1
[RouterA-bgp] peer 200.1.1.1 as-number 65009
# Configure Router B.
[RouterB-bgp] peer 200.1.1.2 as-number 65008
[RouterB-bgp] quit
The preceding command output shows that BGP connections have been established between
Router B and other routers.
NOTE
The preceding command output shows that Router C has learned the route to destination 8.0.0.0 in AS
65008. The route, however, is invalid because the next hop 200.1.1.2 of this route is unreachable.
# Configure Router B.
[RouterB] bgp 65009
[RouterB-bgp] ipv4-family unicast
[RouterB-bgp-af-ipv4] import-route direct
The preceding command output shows that the route to destination 8.0.0.0 becomes valid
because the next-hop address of this route is the address of Router A.
# Run the ping 8.1.1.1 command on Router C.
[RouterC] ping 8.1.1.1
PING 8.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 8.1.1.1: bytes=56 Sequence=1 ttl=254 time=31 ms
Reply from 8.1.1.1: bytes=56 Sequence=2 ttl=254 time=47 ms
Reply from 8.1.1.1: bytes=56 Sequence=3 ttl=254 time=31 ms
Reply from 8.1.1.1: bytes=56 Sequence=4 ttl=254 time=16 ms
Reply from 8.1.1.1: bytes=56 Sequence=5 ttl=254 time=31 ms
--- 8.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 16/31/47 ms
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
interface GigabitEthernet1/0/0
ip address 8.1.1.1 255.0.0.0
#
interface Pos2/0/0
link-protocol ppp
ip address 200.1.1.2 255.255.255.0
#
bgp 65008
router-id 1.1.1.1
peer 200.1.1.1 as-number 65009
#
ipv4-family unicast
undo synchronization
network 8.0.0.0
peer 200.1.1.1 enable
#
return
#
interface Pos3/0/0
link-protocol ppp
ip address 9.1.3.1 255.255.255.0
#
bgp 65009
router-id 2.2.2.2
peer 9.1.1.2 as-number 65009
peer 9.1.3.2 as-number 65009
peer 200.1.1.2 as-number 65008
#
ipv4-family unicast
undo synchronization
import-route direct
peer 9.1.1.2 enable
peer 9.1.3.2 enable
peer 200.1.1.2 enable
#
return
Networking Requirements
As the Internet grows, devices in different networks need to access each other, data needs to be
reliably transmitted, and the traffic interruption time needs to be minimized. This requires that
routing information be transmitted widely and network convergence be accelerated. BGP can
transmit routing information efficiently and widely. BGP, however, does not calculate routes by
itself. An IGP can implement rapid route convergence, but it transmits routing information with
a low efficiency in a limited scope. After BGP is configured to interact with an IGP, IGP routes
can be imported into BGP routing tables and can be transmitted efficiently, and BGP routes can
also be imported to IGP routing tables so that ASs can access each other.
The network shown in Figure 8-30 is divided into AS 65008 and AS 65009. In AS 65009, an
IGP is used to calculate routes. In this example, OSPF is used as an IGP. BGP can be configured
to enable the two ASs to access each other. Interaction between BGP and the IGP can be
configured on edge routers in the two ASs so that the two ASs can exchange routes efficiently
and access each other.
Figure 8-30 Networking diagram for configuring BGP to interact with an IGP
GE1/0/0 GE2/0/0
8.1.1.1/24 POS2/0/0 POS1/0/0
9.1.2.1/24
3.1.1.2/24 9.1.1.1/24
POS1/0/0
POS2/0/0
RouterA RouterB 9.1.1.2/24 RouterC
3.1.1.1/24
AS 65008
AS 65009
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure OSPF on Routers B and C so that these devices can access each other.
2. Establish an EBGP connection between Routers A and B so that these devices can exchange
routing information.
3. Configure BGP and OSPF to import routes from each other on Router B and view routing
information in the routing table of Router B.
4. (Optional) Configure BGP route summarization on Router B to simplify the BGP routing
table.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure an IP address for each interface. The configuration details are not provided here.
# Configure Router B.
[RouterB] ospf 1
[RouterB-ospf-1] area 0
[RouterB-ospf-1-area-0.0.0.0] network 9.1.1.0 0.0.0.255
[RouterB-ospf-1-area-0.0.0.0] quit
[RouterB-ospf-1] quit
# Configure Router C.
[RouterC] ospf 1
[RouterC-ospf-1] area 0
[RouterC-ospf-1-area-0.0.0.0] network 9.1.1.0 0.0.0.255
[RouterC-ospf-1-area-0.0.0.0] network 9.1.2.0 0.0.0.255
[RouterC-ospf-1-area-0.0.0.0] quit
[RouterC-ospf-1] quit
# Configure Router A.
[RouterA] bgp 65008
[RouterA-bgp] router-id 1.1.1.1
[RouterA-bgp] peer 3.1.1.1 as-number 65009
[RouterA-bgp] ipv4-family unicast
[RouterA-bgp-af-ipv4] network 8.1.1.0 255.255.255.0
[RouterA-bgp-af-ipv4] quit
[RouterA-bgp] quit
# Configure Router B.
[RouterB] bgp 65009
[RouterB-bgp] router-id 2.2.2.2
[RouterB-bgp] peer 3.1.1.2 as-number 65008
BGP is used to transmit routing information on large-scale networks. BGP route summarization
can be configured to simplify routing tables of devices on these networks.
# Configure Router B.
[RouterB] bgp 65009
[RouterB-bgp] ipv4-family unicast
[RouterB-bgp-af-ipv4] summary automatic
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
interface GigabitEthernet1/0/0
ip address 8.1.1.1 255.255.255.0
#
interface Pos2/0/0
link-protocol ppp
ip address 3.1.1.2 255.255.255.0
#
bgp 65008
router-id 1.1.1.1
peer 3.1.1.1 as-number 65009
#
ipv4-family unicast
undo synchronization
network 8.1.1.0 255.255.255.0
peer 3.1.1.1 enable
#
return
Networking Requirements
Enterprises A, B, and C belong to different ASs. Enterprise B's network communicate with the
networks of the other two enterprises through EBGP. Due to the competition relationship,
enterprises A and C hope that the routes that they advertise to enterprise B are not learned by
each other. An AS_Path filter is configured on enterprise B's network to address this problem.
On the network shown in Figure 8-31, Router B establish EBGP connections with Routers A
and C. To disable devices in AS 10 from communicating with devices in AS 30, you can
configure an AS_Path filter on Router B to prevent devices in AS 20 from advertising routes of
AS 30 to AS 10 or routes of AS 10 to AS 30 in order to isolate AS 10 and AS 30.
GE1/0/0
AS 10 9.1.1.1/24
POS2/0/0
200.1.2.1/24
RouterA
EBGP
POS2/0/0 POS2/0/0
200.1.2.2/24 EBGP 200.1.3.2/24
GE1/0/0
POS3/0/0 20.1.1.1/24
200.1.3.1/24 RouterC
RouterB
AS 20 AS 30
Configuration Roadmap
The configuration roadmap is as follows:
1. Establish EBGP connections between Routers A and B and between Routers B and C and
configure these devices to import direct routes so that the ASs can communicate with each
other through these EBGP connections.
2. Configure AS_Path filters on Router B and use filtering rules to prevent AS 20 from
advertising routes of AS 30 to AS 10 or routes of AS 10 to AS 30.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure an IP address for each interface. The configuration details are not provided here.
# Configure Router A.
[RouterA] bgp 10
[RouterA-bgp] router-id 1.1.1.1
[RouterA-bgp] peer 200.1.2.2 as-number 20
[RouterA-bgp] import-route direct
[RouterA-bgp] quit
# Configure Router B.
[RouterB] bgp 20
[RouterB-bgp] router-id 2.2.2.2
[RouterB-bgp] peer 200.1.2.1 as-number 10
[RouterB-bgp] peer 200.1.3.2 as-number 30
[RouterB-bgp] import-route direct
[RouterB-bgp] quit
# Configure Router C.
[RouterC] bgp 30
[RouterC-bgp] router-id 3.3.3.3
[RouterRouterC-bgp] peer 200.1.3.1 as-number 20
[RouterC-bgp] import-route direct
[RouterC-bgp] quit
# View routes advertised by Router B. Routes advertised by Router B to Router C are used as
an example. You can see that Router B advertises the direct route imported by AS 10.
[RouterB] display bgp routing-table peer 200.1.3.2 advertised-routes
View the routing table of Router C. You can see that Router C has learned the direct route from
Router B.
[RouterC] display bgp routing-table
Step 3 Configure AS_Path filters on Router B and apply the AS_Path filters to routes to be advertised
by Router B.
# Create AS_Path filter 1 to deny the routes carrying AS number 30. The regular expression
"_30_" indicates any AS list that contains AS 30 and "*" matches any character.
[RouterB] ip as-path-filter path-filter1 deny _30_
[RouterB] ip as-path-filter path-filter1 permit .*
The route does not exist in the BGP routing table of Router C.
[RouterC] display bgp routing-table
# View routes advertised by Router B to AS 10. You can see that Router B does not advertise
the direct route imported by AS 30.
[RouterB] display bgp routing-table peer 200.1.2.1 advertised-routes
The route does not exist in the BGP routing table of Router A.
[RouterA] display bgp routing-table
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 9.1.1.1 255.255.255.0
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ip address 200.1.2.1 255.255.255.0
#
bgp 10
router-id 1.1.1.1
peer 200.1.2.2 as-number 20
#
ipv4-family unicast
undo synchronization
import-route direct
peer 200.1.2.2 enable
#
return
Networking Requirements
The MED attribute equals a metric used in an IGP, and is used to determine the optimal route
for traffic that enters an AS. When a BGP device obtains multiple routes to the same destination
address but with different next hops from EBGP peers, the route with the smallest MED value
is selected as the optimal route.
On the network shown in Figure 8-32, BGP is configured on all routers. router A is in AS 65008.
Router B and Router C are in AS 65009. Router A establishes EBGP connections with Router
B and Router C. Router B establishes an IBGP connection with Router C. Traffic sent by
Router A to destination 9.1.1.0 can enter AS 65009 through Router B or Router C. If the attributes
excluding the MED values of the routes advertised by Routers B and C to Router A are the same,
you can change the MED value of the route to be advertised by Router B or Router C to
Router A in order to determine the device through which traffic will enter AS 65009.
Figure 8-32 Networking diagram for configuring MED attributes of routes to control route
selection
POS2/0/0 RouterB
200.1.1.1/24
POS1/0/0 GE1/0/0
AS 65008 200.1.1.2/24 9.1.1.1/24
EBGP
IBGP
RouterA
AS 65009
POS2/0/0
200.1.2.2/24 EBGP GE1/0/0
9.1.1.2/24
POS2/0/0
200.1.2.1/24 RouterC
Configuration Roadmap
The configuration roadmap is as follows:
1. Establish EBGP connections between Router A and Router B and between Router A and
Router C, and establish an IBGP connection between Router B and Router C.
2. Apply a routing policy to increase the MED value of the route sent by Router B to
Router A so that Router A will send traffic to AS 65009 through Router C.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure an IP address for each interface. The configuration details are not provided here.
# Configure Router A.
[RouterA] bgp 65008
[RouterA-bgp] router-id 1.1.1.1
[RouterA-bgp] peer 200.1.1.1 as-number 65009
[RouterA-bgp] peer 200.1.2.1 as-number 65009
[RouterA-bgp] quit
# Configure Router B.
[RouterB] bgp 65009
[RouterB-bgp] router-id 2.2.2.2
[RouterB-bgp] peer 200.1.1.2 as-number 65008
[RouterB-bgp] peer 9.1.1.2 as-number 65009
[RouterB-bgp] ipv4-family unicast
[RouterB-bgp-af-ipv4] network 9.1.1.0 255.255.255.0
[RouterB-bgp-af-ipv4] quit
[RouterB-bgp] quit
# Configure Router C.
[RouterC] bgp 65009
[RouterC-bgp] router-id 3.3.3.3
[RouterC-bgp] peer 200.1.2.2 as-number 65008
[RouterC-bgp] peer 9.1.1.1 as-number 65009
[RouterC-bgp] ipv4-family unicast
[RouterC-bgp-af-ipv4] network 9.1.1.0 255.255.255.0
[RouterC-bgp-af-ipv4] quit
[RouterC-bgp] quit
The preceding command output shows that there are two valid routes to destination 9.1.1.0/24.
The route with the next-hop address of 200.1.1.1 is the optimal route because the router ID of
Router is smaller.
# Apply a routing policy to set an MED value for the route advertised by Router B to Router A
(the default MED value of a route is 0).
[RouterB] route-policy policy10 permit node 10
[RouterB-route-policy] apply cost 100
[RouterB-route-policy] quit
[RouterB] bgp 65009
[RouterB-bgp] peer 200.1.1.2 route-policy policy10 export
The preceding command output shows that the MED value of the route with the next-hop address
of 200.1.2.1 (Router B) is 100 and the MED value of the route with the next-hop address of
200.1.1.1 is 0. The route with the smaller MED value is selected.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
interface Pos1/0/0
undo shutdown
link-protocol ppp
ip address 200.1.1.2 255.255.255.0
#
interface Pos2/0/0
undo shutdown
link-protocol ppp
ip address 200.1.2.2 255.255.255.0
#
bgp 65008
router-id 1.1.1.1
peer 200.1.1.1 as-number 65009
peer 200.1.2.1 as-number 65009
#
ipv4-family unicast
peer 200.1.1.1 enable
peer 200.1.2.1 enable
#
return
sysname RouterC
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 9.1.1.2 255.255.255.0
#
interface Pos2/0/0
undo shutdown
link-protocol ppp
ip address 200.1.2.1 255.255.255.0
#
bgp 65009
router-id 3.3.3.3
peer 9.1.1.1 as-number 65009
peer 200.1.2.2 as-number 65008
#
ipv4-family unicast
undo synchronization
network 9.1.1.0 255.255.255.0
peer 9.1.1.1 enable
peer 200.1.2.2 enable
#
return
Networking Requirements
Figure 8-33 shows a simplified MPLS network that bears multiple L3VPN services such as
multimedia services, signaling services, and accounting services. Two sites, each of which has
two PEs accessing the core layer, are used as an example. MP-BGP is used to advertise inner
tags and VPNv4 routes between the PEs. Each PE establishes an MP-IBGP peer relationship
with the RR. Each PE sends BGP Update messages to the RR, The RR reflects Update messages
to the PEs excluding the senders of these messages through different planes.
NOTE
Figure 8-33 is a simplified networking diagram, in which there are two sites, one RR, and two planes (each
with three Ps). On the actual network, there are 14 sites with 28 PEs, and each plane has four Ps and two
RRs. Each RR needs to establish MP-IBGP connections with 28 PEs.
P1 P3
Plane A
PE1 PE3
P5
VPN site 2
VPN site 1 10.22.1.0/24
10.21.1.0/24 RR
P2
PE4
PE2 P4
Plane
Plane B
B P6
On the network, the core layer has two planes. The Ps on each plane are fully meshed. Because
nodes on different planes need to be connected to provide a backup path, routing policies must
be deployed to ensure that one VPN flow passes through only one plane.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure different RDs for two PEs in the same site to ensure that each PE can receive
two routes from different PEs in the remote site. When two PEs in a site advertise the routes
to the same destination, configuring different RDs for the two PEs can ensure that the BGP
peers of the two PEs consider the advertised routes as two different routes. This is because
BGP-VPNv4 uses VPNv4 addresses that consist of IPv4 addresses and RDs.
2. Assign different community attributes to the routes advertised by PEs in plane A and the
routes advertised by PEs in plane B.
3. Set different local preferences for routes based on the community attributes of the routes
so that PEs in plane A always choose the routes advertised by remote PEs in plane A and
PEs in plane B always choose the routes advertised by remote PEs in plane B.
Data Preparation
To complete the configuration, you need the following data.
P1 GE 1/0/0 GE 1/0/0 P3
20.1.1.1/30 20.1.1.2/30
P1 GE 2/0/0 GE 1/0/0 P5
20.1.2.1/30 20.1.2.2/30
P1 GE 3/0/0 GE 1/0/0 RR
20.1.3.1/30 20.1.3.2/30
P1 GE 3/1/0 GE 1/0/0 P2
20.1.4.1/30 20.1.4.2/30
P2 GE 3/1/0 GE 1/0/0 P6
20.1.6.1/30 20.1.6.2/30
P2 GE 3/0/0 GE 1/0/0 P4
20.1.7.1/30 20.1.7.2/30
P2 GE 2/0/0 GE 2/0/0 RR
20.1.8.1/30 20.1.8.2/30
P3 GE 2/0/0 GE 2/0/0 P5
20.1.10.1/30 20.1.10.2/30
P3 GE 3/0/0 GE 2/0/0 P4
20.1.11.1/30 20.1.11.2/30
P4 GE 3/0/0 GE 3/0/0 P6
20.1.13.1/30 20.1.13.2/30
P5 GE 3/0/0 GE 2/0/0 P6
20.1.15.1/30 20.1.15.2/30
P1 1.1.1.9/32 P2 2.2.2.9/32
P3 3.3.3.9/32 P4 4.4.4.9/32
P5 5.5.5.9/32 P6 6.6.6.9/32
RR 11.11.11.9/32
AS number 65000
Procedure
Step 1 Configure a name for each device and an IP address for each interface.
In this example, IS-IS is used as an IGP. For detailed configurations, see configuration files in
this example.
After the configurations are complete, run the display ip routing-table command. The command
output shows that PEs, Ps and PEs, and Ps have learned the addresses of Loopback 0 interfaces
from each other.
# Configure PE1. Configurations of other PEs are the same as that of PE1, and are not provided
here.
[PE1] bgp 65000
[PE1-bgp] peer 11.11.11.9 as-number 65000
[PE1-bgp] peer 11.11.11.9 connect-interface LoopBack0
[PE1-bgp] ipv4-family unicast
[PE1-bgp-af-ipv4] undo peer 11.11.11.9 enable
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 11.11.11.9 enable
[PE1-bgp-af-vpnv4] quit
[PE1-bgp] quit
NOTE
The undo policy vpn-target command needs to be run in the BGP-VPNv4 address family view of the RR
to ensure that VPN-target-based filtering is not performed on VPNv4 routes. By default, the RR performs
VPN-target-based filtering on received VPN IPv4 routes. The matching routes are added to the VPN routing
table, and the other routes are discarded. In this example, no VPN instance is configured on the RR. As a
result, if VPN-target-based filtering is enabled, all the received VPNv4 routes will be discarded.
After the configurations are complete, run the display bgp vpnv4 all peer command on the RR.
The command output shows that the RR has established MP-IBGP connections with all PEs.
[RR] display bgp vpnv4 all peer
BGP local router ID : 11.11.11.9
Local AS number : 65000
Total number of peers : 4 Peers in established state : 4
Peer V AS MsgRcvd MsgSent OutQ Up/Down State
PrefRcv
7.7.7.9 4 65000 79 82 0 00:01:31 Established
0
8.8.8.9 4 65000 42 66 0 00:01:16 Established
0
9.9.9.9 4 65000 21 34 0 00:00:50 Established
0
10.10.10.9 4 65000 2 4 0 00:00:21 Established
0
# Configure a routing policy on PE1 so that BGP VPNv4 routes advertised by PEs in plane A
to the RR can carry community attribute 65000:100.
[PE1] route-policy comm permit node 10
[PE1-route-policy] apply community 65000:100
[PE1-route-policy] quit
# Configure a routing policy on PE2 so that BGP VPNv4 routes advertised by PEs in plane B
to the RR can carry community attribute 65000:200.
[PE2] route-policy com permit node 10
[PE2-route-policy] apply community 65000:200
[PE2-route-policy] quit
# On PE1, apply the routing policy to the advertised BGP VPNv4 routes so that the community
attribute can be advertised to the RR.
[PE1] bgp 65000
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 11.11.11.9 route-policy comm export
[PE1-bgp-af-vpnv4] peer 11.11.11.9 advertise-community
[PE1-bgp-af-vpnv4] quit
[PE1-bgp] quit
# On PE2, apply the routing policy to the advertised BGP VPNv4 routes so that the community
attribute can be advertised to the RR.
[PE2] bgp 65000
[PE2-bgp] ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 11.11.11.9 route-policy comm export
[PE2-bgp-af-vpnv4] peer 11.11.11.9 advertise-community
[PE2-bgp-af-vpnv4] quit
[PE2-bgp] quit
# On PE1, configure a routing policy to set the local preference value to 200 for routes with
community attribute 65000:100.
[PE1] route-policy local_pre permit node 10
[PE1-route-policy] if-match community-filter community1
[PE1-route-policy] apply local-preference 200
[PE1-route-policy] quit
# On PE2, configure a routing policy to set the local preference value to 200 for routes with
community attribute 65000:200.
[PE2] route-policy local_pre permit node 10
[PE2-route-policy] if-match community-filter community1
[PE2-route-policy] apply local-preference 200
[PE2-route-policy] quit
# On PE1, apply the routing policy to the imported BGP VPNv4 route so that PEs in plane A
prefer the route advertised by remote PEs in plane A.
[PE1] bgp 65000
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 11.11.11.9 route-policy local_pre import
[PE1-bgp-af-vpnv4] quit
[PE1-bgp] quit
# On PE2, apply the routing policy to the imported BGP VPNv4 route so that PEs in plane B
prefer the route advertised by remote PEs in plane B.
[PE2] bgp 65000
[PE2-bgp] ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 11.11.11.9 route-policy local_pre import
[PE2-bgp-af-vpnv4] quit
[PE2-bgp] quit
NOTE
After the configurations are complete, you need to configure MPLS, establish tunnels, configure the MPLS
L3VPN function, and connect the PEs to CEs. For detailed configurations, see configuration files in this example.
Run the display ip routing-table vpn-instance vpna 10.22.1.0 24 command on PE1. The
command output shows that the next hop of route 10.22.1.0/24 is PE3. This means that PE1
prefers the route advertised by PE3.
[PE1] display ip routing-table vpn-instance NGN_Media 10.22.1.0 24
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: NGN_Media
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.22.1.0/24 IBGP 255 0 RD 9.9.9.9 GigabitEthernet1/0/0
----End
Configuration Files
l Configuration file of P1
#
sysname P1
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
isis 64
network-entity 49.0091.0100.0100.1009.00
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 20.1.1.1 255.255.255.252
isis enable 64
mpls
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 20.1.2.1 255.255.255.252
isis enable 64
mpls
mpls ldp
#
interface GigabitEthernet3/0/0
undo shutdown
ip address 20.1.3.1 255.255.255.252
isis enable 64
mpls
mpls ldp
#
interface GigabitEthernet3/1/0
undo shutdown
ip address 20.1.4.1 255.255.255.252
isis enable 64
mpls
mpls ldp
#
interface GigabitEthernet3/2/0
undo shutdown
ip address 20.1.5.1 255.255.255.252
isis enable 64
mpls
mpls ldp
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
isis enable 64
#
return
l Configuration file of P2
#
sysname P2
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
isis 64
network-entity 49.0091.0100.0200.2009.00
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 20.1.4.2 255.255.255.252
isis enable 64
mpls
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 20.1.8.1 255.255.255.252
isis enable 64
mpls
mpls ldp
#
interface GigabitEthernet3/0/0
undo shutdown
ip address 20.1.7.1 255.255.255.252
isis enable 64
mpls
mpls ldp
#
interface GigabitEthernet3/1/0
undo shutdown
ip address 20.1.6.1 255.255.255.252
isis enable 64
mpls
mpls ldp
#
interface GigabitEthernet3/2/0
undo shutdown
ip address 20.1.9.1 255.255.255.252
isis enable 64
mpls
mpls ldp
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
isis enable 64
#
return
l Configuration file of P3
#
sysname P3
#
mpls lsr-id 3.3.3.9
mpls
#
mpls ldp
#
isis 64
network-entity 49.0091.0100.0300.3009.00
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 20.1.1.2 255.255.255.252
isis enable 64
mpls
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 20.1.10.1 255.255.255.252
isis enable 64
mpls
mpls ldp
#
interface GigabitEthernet3/0/0
undo shutdown
ip address 20.1.11.1 255.255.255.252
isis enable 64
mpls
mpls ldp
#
interface GigabitEthernet3/1/0
undo shutdown
ip address 20.1.12.1 255.255.255.252
isis enable 64
mpls
mpls ldp
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
isis enable 64
#
return
l Configuration file of P4
#
sysname P4
#
mpls lsr-id 4.4.4.9
mpls
#
mpls ldp
#
isis 64
network-entity 49.0091.0100.0400.4009.00
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 20.1.7.2 255.255.255.252
isis enable 64
mpls
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 20.1.11.2 255.255.255.252
isis enable 64
mpls
mpls ldp
#
interface GigabitEthernet3/0/0
undo shutdown
ip address 20.1.13.1 255.255.255.252
isis enable 64
mpls
mpls ldp
#
interface GigabitEthernet3/1/0
undo shutdown
ip address 20.1.14.1 255.255.255.252
isis enable 64
mpls
mpls ldp
#
interface LoopBack0
ip address 4.4.4.9 255.255.255.255
isis enable 64
#
return
l Configuration file of P5
#
sysname P5
#
mpls lsr-id 5.5.5.9
mpls
#
mpls ldp
#
isis 64
network-entity 49.0091.0100.0500.5009.00
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 20.1.2.2 255.255.255.252
isis enable 64
mpls
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 20.1.10.2 255.255.255.252
isis enable 64
mpls
mpls ldp
#
interface GigabitEthernet3/0/0
undo shutdown
ip address 20.1.15.1 255.255.255.252
isis enable 64
mpls
mpls ldp
#
interface LoopBack0
ip address 5.5.5.9 255.255.255.255
isis enable 64
#
return
l Configuration file of P6
#
sysname P6
#
mpls lsr-id 6.6.6.9
mpls
#
mpls ldp
#
isis 64
network-entity 49.0091.0100.0600.6009.00
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 20.1.6.2 255.255.255.252
isis enable 64
mpls
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 20.1.15.2 255.255.255.252
isis enable 64
mpls
mpls ldp
#
interface GigabitEthernet3/0/0
undo shutdown
ip address 20.1.13.2 255.255.255.252
isis enable 64
mpls
mpls ldp
#
interface LoopBack0
ip address 6.6.6.9 255.255.255.255
isis enable 64
#
return
#
sysname PE1
#
ip vpn-instance NGN_Media
route-distinguisher 65000:10001012
apply-label per-instance
vpn-target 65000:100 export-extcommunity
vpn-target 65000:100 65000:200 65000:300 import-extcommunity
ip vpn-instance NGN_Other
route-distinguisher 65000:30001012
apply-label per-instance
vpn-target 65000:300 export-extcommunity
vpn-target 65000:100 65000:200 65000:300 import-extcommunity
ip vpn-instance NGN_Signaling
route-distinguisher 65000:20001012
apply-label per-instance
vpn-target 65000:200 export-extcommunity
vpn-target 65000:100 65000:200 65000:300 import-extcommunity
#
mpls lsr-id 7.7.7.9
mpls
#
mpls ldp
#
isis 64
network-entity 49.0091.0100.0700.7009.00
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 20.1.5.2 255.255.255.252
isis enable 64
mpls
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 20.1.16.1 255.255.255.252
isis enable 64
mpls
mpls ldp
#
interface GigabitEthernet3/0/0
#
interface GigabitEthernet3/0/0.10
vlan-type dot1q 10
ip binding vpn-instance NGN_Media
ip address 10.21.1.73 255.255.255.252
#
interface GigabitEthernet3/0/0.11
vlan-type dot1q 11
ip binding vpn-instance NGN_Signaling
ip address 10.21.1.77 255.255.255.252
#
interface GigabitEthernet3/0/0.12
vlan-type dot1q 12
ip binding vpn-instance NGN_Other
ip address 10.21.1.81 255.255.255.252
#
interface LoopBack0
ip address 7.7.7.9 255.255.255.255
isis enable 64
#
bgp 65000
peer 11.11.11.9 as-number 65000
peer 11.11.11.9 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 11.11.11.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 11.11.11.9 enable
peer 11.11.11.9 route-policy local_pre import
peer 11.11.11.9 route-policy comm export
peer 11.11.11.9 advertise-community
#
ipv4-family vpn-instance NGN_Media
aggregate 10.21.1.0 255.255.255.0 detail-suppressed
import-route direct
#
ipv4-family vpn-instance NGN_Other
aggregate 10.21.1.0 255.255.255.0 detail-suppressed
import-route direct
#
ipv4-family vpn-instance NGN_Signaling
aggregate 10.21.1.0 255.255.255.0 detail-suppressed
import-route direct
#
route-policy comm permit node 10
apply community 65000:100
#
route-policy local_pre permit node 10
if-match community-filter community1
apply local-preference 200
#
ip community-filter basic community1 permit 65000:100
#
return
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 20.1.16.2 255.255.255.252
isis enable 64
mpls
mpls ldp
#
interface GigabitEthernet3/0/0
#
interface GigabitEthernet3/0/0.10
vlan-type dot1q 10
ip binding vpn-instance NGN_Media
ip address 10.21.1.13 255.255.255.252
#
interface GigabitEthernet3/0/0.11
vlan-type dot1q 11
ip binding vpn-instance NGN_Signaling
ip address 10.21.1.17 255.255.255.252
#
interface GigabitEthernet3/0/0.12
vlan-type dot1q 12
ip binding vpn-instance NGN_Other
ip address 10.21.1.21 255.255.255.252
#
interface LoopBack0
ip address 8.8.8.9 255.255.255.255
isis enable 64
#
bgp 65000
peer 11.11.11.9 as-number 65000
peer 11.11.11.9 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 11.11.11.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 11.11.11.9 enable
peer 11.11.11.9 route-policy local_pre import
peer 11.11.11.9 route-policy comm export
peer 11.11.11.9 advertise-community
#
ipv4-family vpn-instance NGN_Media
aggregate 10.21.1.0 255.255.255.0 detail-suppressed
import-route direct
#
ipv4-family vpn-instance NGN_Other
aggregate 10.21.1.0 255.255.255.0 detail-suppressed
import-route direct
#
ipv4-family vpn-instance NGN_Signaling
aggregate 10.21.1.0 255.255.255.0 detail-suppressed
import-route direct
#
route-policy comm permit node 10
apply community 65000:200
#
route-policy local_pre permit node 10
if-match community-filter community1
apply local-preference 200
#
ip community-filter basic community1 permit 65000:200
#
return
#
ipv4-family unicast
undo synchronization
undo peer 11.11.11.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 11.11.11.9 enable
peer 11.11.11.9 route-policy local_pre import
peer 11.11.11.9 route-policy comm export
peer 11.11.11.9 advertise-community
#
ipv4-family vpn-instance NGN_Media
aggregate 10.22.1.0 255.255.255.0 detail-suppressed
import-route direct
#
ipv4-family vpn-instance NGN_Other
aggregate 10.22.1.0 255.255.255.0 detail-suppressed
import-route direct
#
ipv4-family vpn-instance NGN_Signaling
aggregate 10.22.1.0 255.255.255.0 detail-suppressed
import-route direct
#
route-policy comm permit node 10
apply community 65000:100
#
route-policy local_pre permit node 10
if-match community-filter community1
apply local-preference 200
#
route-policy local_pre permit node 20
#
ip community-filter basic community1 permit 65000:100
#
return
Networking Requirements
On a large-scale network, multiple routers that run BGP are deployed within an AS. These
routers need to use BGP to advertise routes to each other. To meet this need, IBGP peer
relationships need to be set up between all the routers. However, establishing full-mesh logical
relationships between all routers imposes a heavy burden on configurations and increases the
link cost on routers. In addition, the full-mesh logical connections are difficult to maintain.
Customers require a method that can simplify network configurations, reduce the overhead on
routers, and ensure efficient route advertisement.
The use of RRs meets all these requirements. As shown in Figure 8-34, AS 65010 is divided
into two clusters, Cluster1 and Cluster2. Router B is configured as an RR in Cluster1, and
Router D and Router E are its clients. Router C is configured as an RR in Cluster2, and
Router F, Router G, and Router H are its clients. Router A is the non-client of Router B and
Router C. Router B and Router C are non-clients of each other.
GE3/0/0
9.1.1.1/24
AS 65010
POS1/0/0 POS2/0/0
RouterA POS2/0/0
POS1/0/0 POS2/0/0
RouterB POS4/0/0 POS1/0/0 POS5/0/0
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure IBGP connections between the clients and their RRs, and between the non-clients
and their RRs. Add the clients in each cluster to the same peer group to configure them in
batches (this can simplify configurations).
2. Configure the RR functionality on Router B and Router C and specify their clients, and
configure Router B and Router C to advertise routes to their clients and non-clients.
3. Disable route reflection between clients in Cluster1 to reduce the link cost because an IBGP
relationship is set up between Router D and Router E.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Assign an IP address to each interface.
Assign an IP address to each interface as shown in Figure 8-34. For details about the
configuration, see the following configuration files.
Step 2 Configure IBGP peer relationships between clients and RRs, and between non-clients and RRs.
For details about the configuration, see the following configuration files.
# Configure Router B.
[RouterB] bgp 65010
[RouterB-bgp] router-id 2.2.2.2
[RouterB-bgp] group in_rr internal
[RouterB-bgp] peer 10.1.4.2 group in_rr
[RouterB-bgp] peer 10.1.5.2 group in_rr
[RouterB-bgp] ipv4-family unicast
[RouterB-bgp-af-ipv4] peer in_rr reflect-client
[RouterB-bgp-af-ipv4] undo reflect between-clients
[RouterB-bgp-af-ipv4] reflector cluster-id 1
[RouterB-bgp-af-ipv4] quit
[RouterB-bgp] quit
# Configure Router C.
You can see that Router D has learned the route advertised by Router A from Router B. For
details, see the Originator and Cluster_ID attributes of the route.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
interface GigabitEthernet3/0/0
ip address 9.1.1.1 255.255.255.0
#
interface Pos1/0/0
link-protocol ppp
ip address 10.1.1.2 255.255.255.0
#
interface Pos2/0/0
link-protocol ppp
ip address 10.1.3.2 255.255.255.0
#
bgp 65010
router-id 1.1.1.1
peer 10.1.1.1 as-number 65010
peer 10.1.3.1 as-number 65010
#
ipv4-family unicast
undo synchronization
network 9.1.1.0 255.255.255.0
peer 10.1.1.1 enable
peer 10.1.3.1 enable
#
return
#
sysname RouterB
#
interface Pos1/0/0
link-protocol ppp
ip address 10.1.1.1 255.255.255.0
#
interface Pos2/0/0
link-protocol ppp
ip address 10.1.4.1 255.255.255.0
#
interface Pos3/0/0
link-protocol ppp
ip address 10.1.5.1 255.255.255.0
#
interface Pos4/0/0
link-protocol ppp
ip address 10.1.2.1 255.255.255.0
#
bgp 65010
router-id 2.2.2.2
peer 10.1.1.2 as-number 65010
peer 10.1.2.2 as-number 65010
group in_rr internal
peer 10.1.4.2 as-number 65010
peer 10.1.4.2 group in_rr
peer 10.1.5.2 as-number 65010
peer 10.1.5.2 group in_rr
#
ipv4-family unicast
undo synchronization
undo reflect between-clients
reflector cluster-id 1
peer 10.1.1.2 enable
peer 10.1.2.2 enable
peer in_rr enable
peer in_rr reflect-client
peer 10.1.4.2 enable
peer 10.1.4.2 group in_rr
peer 10.1.5.2 enable
peer 10.1.5.2 group in_rr
#
return
#
bgp 65010
router-id 3.3.3.3
peer 10.1.2.1 as-number 65010
peer 10.1.3.2 as-number 65010
group in_rr internal
peer 10.1.7.2 as-number 65010
peer 10.1.7.2 group in_rr
peer 10.1.8.2 as-number 65010
peer 10.1.8.2 group in_rr
peer 10.1.9.2 as-number 65010
peer 10.1.9.2 group in_rr
#
ipv4-family unicast
undo synchronization
reflector cluster-id 2
peer 10.1.2.1 enable
peer 10.1.3.2 enable
peer in_rr enable
peer in_rr reflect-client
peer 10.1.7.2 enable
peer 10.1.7.2 group in_rr
peer 10.1.8.2 enable
peer 10.1.8.2 group in_rr
peer 10.1.9.2 enable
peer 10.1.9.2 group in_rr
#
return
NOTE
The configuration files of other routers are similar to the configuration file of Router D and are not provided
in this document.
Networking Requirements
Multiple devices are deployed in a carrier's AS and IBGP full mesh must be implemented in the
AS. If every two devices establish IBGP connections, a large number of IBGP connections will
be established in the AS, increasing operation and maintenance costs. BGP confederations can
be configured to address this problem.
On the network shown in Figure 8-35, IBGP full-mesh connections must be established between
all the devices in AS 200 to ensure link connectivity. It is costly to establish a full-mesh network
because there are multiple BGP devices in AS 200. Confederations can be configured in AS 200
to reduce the number of IBGP connections to be established. After confederations are configured,
AS 200 is divided into three sub-ASs: AS 65001, AS 65002, and AS 65003. AS 65001 establishes
EBGP connections with AS 65002 and AS 65003. The three routers in AS 65001 establish IBGP
full-mesh connections with each other. As a result, the number of IBGP connections in AS 200
is reduced, and operation and maintenance costs are reduced.
AS 65002 AS 65003
POS1/0/0
RouterB 20.1.2.2/24
POS1/0/0
20.1.1.2/24 RouterC
POS3/0/0
GE2/0/0 POS2/0/0
9.1.1.1/24 POS1/0/0 20.1.1.1/24
20.1.2.1/24 AS 65001
200.1.1.2/24 POS4/0/0 RouterD
RouterA 20.1.3.1/24
POS1/0/0
POS1/0/0 POS5/0/0 20.1.3.2/24
RouterF 200.1.1.1/24 20.1.4.1/24 POS2/0/0
AS 100 20.1.5.1/24
POS1/0/0
20.1.4.2/24
POS2/0/0
20.1.5.2/24
AS 200
RouterE
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a BGP confederation on each router, divide AS 200 into three sub-ASs: AS
65001, AS 65002, and AS 65003, and configure AS 65001 to establish EBGP connections
with AS 65002 and AS 65003 so that the sub-ASs can communicate with each other.
2. Establish IBGP full-mesh connections between the devices in AS 65001 so that the devices
can communicate with each other.
3. Establish an EBGP connection between AS 100 and AS 200 so that the two ASs can
communicate with each other.
Data Preparation
To complete the configuration, you need the following data:
l Router IDs 1.1.1.1, 2.2.2.2, 3.3.3.3, 4.4.4.4, 5.5.5.5, and 6.6.6.6 of Routers A, B, C, D, E,
and F respectively
l AS numbers 100 and 200, and sub-AS numbers 65001, 65002, and 65003 of AS number
200
Procedure
Step 1 Configure an IP address for each interface. The configuration details are not provided here.
# Configure Router A.
[RouterA] bgp 65001
[RouterA-bgp] router-id 1.1.1.1
[RouterA-bgp] confederation id 200
[RouterA-bgp] confederation peer-as 65002 65003
[RouterA-bgp] peer 20.1.1.2 as-number 65002
[RouterA-bgp] peer 20.1.2.2 as-number 65003
[RouterA-bgp] ipv4-family unicast
[RouterA-bgp-af-ipv4] peer 20.1.1.2 next-hop-local
[RouterA-bgp-af-ipv4] peer 20.1.2.2 next-hop-local
[RouterA-bgp-af-ipv4] quit
[RouterA-bgp] quit
# Configure Router B.
[RouterB] bgp 65002
[RouterB-bgp] router-id 2.2.2.2
[RouterB-bgp] confederation id 200
[RouterB-bgp] confederation peer-as 65001
[RouterB-bgp] peer 20.1.1.1 as-number 65001
[RouterB-bgp] quit
# Configure Router C.
[RouterC] bgp 65003
[RouterC-bgp] router-id 3.3.3.3
[RouterC-bgp] confederation id 200
[RouterC-bgp] confederation peer-as 65001
[RouterC-bgp] peer 20.1.2.1 as-number 65001
[RouterC-bgp] quit
# Configure Router A.
[RouterA] bgp 65001
[RouterA-bgp] peer 20.1.3.2 as-number 65001
[RouterA-bgp] peer 20.1.4.2 as-number 65001
[RouterA-bgp] ipv4-family unicast
[RouterA-bgp-af-ipv4] peer 20.1.3.2 next-hop-local
[RouterA-bgp-af-ipv4] peer 20.1.4.2 next-hop-local
[RouterA-bgp-af-ipv4] quit
[RouterA-bgp] quit
# Configure Router D.
[RouterD] bgp 65001
[RouterD-bgp] router-id 4.4.4.4
[RouterD-bgp] confederation id 200
[RouterD-bgp] peer 20.1.3.1 as-number 65001
[RouterD-bgp] peer 20.1.5.2 as-number 65001
[RouterD-bgp] quit
# Configure Router E.
[RouterE] bgp 65001
[RouterE-bgp] router-id 5.5.5.5
[RouterE-bgp] confederation id 200
[RouterE-bgp] peer 20.1.4.1 as-number 65001
[RouterE-bgp] peer 20.1.5.1 as-number 65001
[RouterE-bgp] quit
# Configure Router A.
[RouterA] bgp 65001
[RouterA-bgp] peer 200.1.1.2 as-number 100
[RouterA-bgp] quit
# Configure Router F.
[RouterF] bgp 100
[RouterF-bgp] router-id 6.6.6.6
[RouterF-bgp] peer 200.1.1.1 as-number 200
[RouterF-bgp] ipv4-family unicast
[RouterF-bgp-af-ipv4] network 9.1.1.0 255.255.255.0
[RouterF-bgp-af-ipv4] quit
[RouterF-bgp] quit
# View information about the BGP routing table of Router B and detailed information about
route 9.1.1.0/24.
[RouterB] display bgp routing-table
The command output shows that Router B can receive routes of other ASs from an EBGP peer.
The command output shows that Router D can receive routes of other ASs from IBGP peers in
the same confederation.
Confederations ensure network connectivity, reduce the number of IBGP connections in ASs,
and reduce network resource consumption.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 200.1.1.1 255.255.255.0
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ip address 20.1.1.1 255.255.255.0
#
interface Pos3/0/0
link-protocol ppp
undo shutdown
ip address 20.1.2.1 255.255.255.0
#
interface Pos4/0/0
link-protocol ppp
undo shutdown
ip address 20.1.3.1 255.255.255.0
#
interface Pos5/0/0
link-protocol ppp
undo shutdown
ip address 20.1.4.1 255.255.255.0
#
bgp 65001
router-id 1.1.1.1
confederation id 200
confederation peer-as 65002 65003
NOTE
The configuration file of Router C is similar to that of Router B, and is not provided here.
l Configuration file of Router D
#
sysname RouterD
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 20.1.3.2 255.255.255.0
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ip address 20.1.5.1 255.255.255.0
#
bgp 65001
router-id 4.4.4.4
confederation id 200
peer 20.1.3.1 as-number 65001
peer 20.1.5.2 as-number 65001
#
ipv4-family unicast
undo synchronization
peer 20.1.3.1 enable
NOTE
The configuration file of Router E is similar to that of Router D, and is not provided here.
l Configuration file of Router F.
#
sysname RouterF
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 9.1.1.1 255.255.255.0
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 200.1.1.2 255.255.255.0
#
bgp 100
router-id 6.6.6.6
peer 200.1.1.1 as-number 200
#
ipv4-family unicast
undo synchronization
network 9.1.1.0 255.255.255.0
peer 200.1.1.1 enable
#
return
Networking Requirements
Enterprises A, B, and C belong to different ASs. Enterprise B's network communicates with the
networks of the other two enterprises using EBGP. Due to the competition relationship with
enterprise C, enterprise A hopes that the routes it advertises to enterprise B are transmitted only
in enterprise B, not to enterprise C. Community attributes can be configured for routes to be
advertised by enterprise A to enterprise B in order to address this problem.
On the network shown in Figure 8-36, Router B establishes EBGP connections with Routers A
and C. To ensure that routes imported by Router A are transmitted only AS 20 after being
advertised to Router B, you can configure the No_Export community attribute for BGP routes
to be advertised by Router A so that the BGPs are sent only to AS 20.
Figure 8-36 Networking diagram for configuring community attributes for BGP routes
GE1/0/0
AS 10 9.1.1.1/24
POS2/0/0
200.1.2.1/24
RouterA
EBGP
POS2/0/0 POS3/0/0
200.1.2.2/24 EBGP 200.1.3.2/24
POS3/0/0
200.1.3.1/24 RouterC
RouterB
AS 20 AS 30
Configuration Roadmap
The configuration roadmap is as follows:
1. Establish EBGP connections between Routers A and B and between Routers B and C so
that the ASs can communicate with each other.
2. Use a routing policy on Router A to configure the No_Export community attribute for BGP
routes to be advertised by Router A to Router B so that the routes are transmitted only in
AS 20 and not to other ASs.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure an IP address for each interface. The configuration details are not provided here.
# Configure Router A.
[RouterA] bgp 10
[RouterA-bgp] router-id 1.1.1.1
[RouterA-bgp] peer 200.1.2.2 as-number 20
[RouterA-bgp] ipv4-family unicast
[RouterA-bgp-af-ipv4] network 9.1.1.0 255.255.255.0
[RouterA-bgp-af-ipv4] quit
[RouterA-bgp] quit
# Configure Router B.
[RouterB] bgp 20
[RouterB-bgp] router-id 2.2.2.2
[RouterB-bgp] peer 200.1.2.1 as-number 10
[RouterB-bgp] peer 200.1.3.2 as-number 30
[RouterB-bgp] quit
# Configure Router C.
[RouterC] bgp 30
[RouterC-bgp] router-id 3.3.3.3
[RouterC-bgp] peer 200.1.3.1 as-number 20
[RouterC-bgp] quit
The preceding command output shows that Router B advertises the received BGP route to
Router C in AS 30.
# View the BGP routing table of Router C.
[RouterC] display bgp routing-table
The preceding command output shows that Router C has learned route 9.1.1.0/24 from Router
B.
Step 3 Configure a BGP community attribute.
# Configure a routing policy on Router A to prevent BGP routes to be advertised by Router A
to Router B from being advertised to any other AS.
[RouterA] route-policy comm_policy permit node 10
[RouterA-route-policy] apply community no-export
[RouterA-route-policy] quit
The preceding command output shows that route 9.1.1.0/24 carries the configured community
attribute and Router B does not advertise this route to any other AS.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 9.1.1.1 255.255.255.0
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ip address 200.1.2.1 255.255.255.0
#
bgp 10
router-id 1.1.1.1
peer 200.1.2.2 as-number 20
#
ipv4-family unicast
undo synchronization
network 9.1.1.0 255.255.255.0
peer 200.1.2.2 enable
peer 200.1.2.2 route-policy comm_policy export
peer 200.1.2.2 advertise-community
#
route-policy comm_policy permit node 10
apply community no-export
#
return
link-protocol ppp
undo shutdown
ip address 200.1.3.1 255.255.255.0
#
bgp 20
router-id 2.2.2.2
peer 200.1.2.1 as-number 10
peer 200.1.3.2 as-number 30
#
ipv4-family unicast
undo synchronization
peer 200.1.2.1 enable
peer 200.1.3.2 enable
#
return
Networking Requirements
On the network shown in Figure 8-37, Routers A and B are in AS 100. Routers C, D, and E are
in AS 200. Router A requires Router C to send only routing information matching the import
policy of Router A, but Router C does not want to maintain a separate export policy for
Router A. Prefix-based BGP ORF can be configured in such a situation.
Loopback1
4.4.4.4/32
RouterD
Loopback1
AS200 5.5.5.5/32
Configuration Roadmap
The configuration roadmap is as follows:
1. Establish an EBGP peer relationship between Routers A and C, and establish IBGP peer
relationships between Routers A and B, between Routers C and D, and between Routers C
and E.
2. Configure a prefix-based import policy on Router A, and enable prefix-based BGP ORF
on Routers A and C.
Data Preparation
To complete the configuration, you need the following data:
l Router IDs 1.1.1.1 and 2.2.2.2 and AS number 100 of Routers A and B respectively
l Router IDs 3.3.3.3, 4.4.4.4, and 5.5.5.5 and AS number 200 of Routers C, D, and E
respectively
Procedure
Step 1 Configure an IP address for each interface.
Configure an IP address for each interface, as shown in Figure 8-37. For details on configuration
procedures, see corresponding configuration files.
# Configure Router A.
[RouterA] bgp 100
[RouterA-bgp] router-id 1.1.1.1
[RouterA-bgp] peer 20.2.1.1 as-number 100
[RouterA-bgp] peer 20.1.1.2 as-number 200
[RouterA-bgp] ipv4-family unicast
[RouterA-bgp-af-ipv4] import-route direct
[RouterA-bgp-af-ipv4] quit
[RouterA-bgp] quit
# Configure Router B.
[RouterB] bgp 100
[RouterB-bgp] router-id 2.2.2.2
[RouterB-bgp] peer 20.2.1.2 as-number 100
[RouterB-bgp] quit
# Configure Router C.
[RouterC] bgp 200
[RouterC-bgp] router-id 3.3.3.3
[RouterC-bgp] peer 20.1.1.1 as-number 100
[RouterC-bgp] peer 20.3.1.1 as-number 200
[RouterC-bgp] peer 20.4.1.1 as-number 200
[RouterC-bgp] ipv4-family unicast
[RouterC-bgp-af-ipv4] import-route direct
[RouterC-bgp-af-ipv4] quit
[RouterC-bgp] quit
# Configure Router D.
[RouterD] bgp 200
[RouterD-bgp] router-id 4.4.4.4
[RouterD-bgp] peer 20.3.1.2 as-number 200
[RouterD-bgp] quit
# Configure Router E.
[RouterE] bgp 200
[RouterE-bgp] router-id 5.5.5.5
[RouterE-bgp] peer 20.4.1.2 as-number 200
[RouterE-bgp] quit
When prefix-based BGP ORF is not enabled, Router C sends seven routes, but Router A accepts
only two routes because Router A applies the prefix-based import policy to the seven routes.
# Configure Router A.
[RouterA] bgp 100
[RouterA-bgp] peer 20.1.1.2 capability-advertise orf ip-prefix both
[RouterA-bgp] quit
# Configure Router C.
[RouterC] bgp 200
[RouterC-bgp] peer 20.1.1.1 capability-advertise orf ip-prefix both
[RouterC-bgp] quit
After BGP ORF is enabled, Router C sends only two routes based on the prefix-based import
policy provided by Router A, and Router A accepts only the two routes.
----End
Configuration Files
l Configuration file of Router A
#
sysname
RouterA
#
interface
Pos1/0/0
link-protocol
ppp
ip address 20.2.1.2
255.255.255.252
#
interface
Pos1/0/1
link-protocol
ppp
ip address 20.1.1.1
255.255.255.252
#
interface
LoopBack1
ip address 1.1.1.1
255.255.255.255
#
bgp
100
router-id
1.1.1.1
peer 20.1.1.2 as-number
200
peer 20.2.1.1 as-number
100
#
ipv4-family
unicast
undo
synchronization
import-route
direct
peer 20.1.1.2
enable
peer 20.1.1.2 ip-prefix 1
import
peer 20.1.1.2 capability-advertise orf ip-prefix
both
peer 20.2.1.1
enable
#
ip ip-prefix 1 index 10 permit 20.3.1.0 24 greater-equal 24 less-equal
32
#
return
#
interface
Pos1/0/0
link-protocol
ppp
ip address 20.2.1.1
255.255.255.252
#
interface
LoopBack1
ip address 2.2.2.2
255.255.255.255
#
bgp
100
router-id
2.2.2.2
peer 20.2.1.2 as-number
100
#
ipv4-family
unicast
undo
synchronization
peer 20.2.1.2
enable
#
return
#
ipv4-family
unicast
undo
synchronization
import-route
direct
peer 20.1.1.1
enable
peer 20.1.1.1 capability-advertise orf ip-prefix
both
peer 20.3.1.1
enable
peer 20.4.1.1
enable
#
return
#
ipv4-family
unicast
undo
synchronization
peer 20.3.1.2
enable
#
return
255.255.255.252
#
interface
LoopBack1
ip address 5.5.5.5
255.255.255.255
#
bgp
200
router-id
5.5.5.5
peer 20.4.1.2 as-number
200
#
ipv4-family
unicast
undo
synchronization
peer 20.4.1.2
enable
#
return
Networking Requirements
On the network shown in Figure 8-38, BGP is configured on all routers. router A is in AS 100.
routers B and C are in AS 300. router D is in AS 200. Router A establishes EBGP connections
with Routers B and C and Router D establishes EBGP connections with Routers B and C.
Router A has two BGP routes destined for destination 8.1.1.0/24. Traffic can reach destination
8.1.1.0/24 through either Router B or Router C. BGP load balancing can be configured to better
utilize network resources and reduce network congestion.
RouterA AS100
POS1/0/0 POS2/0/0
200.1.1.1/24 200.1.2.1/24
POS1/0/0 POS2/0/0
200.1.1.2/24 200.1.2.2/24
RouterB RouterC
AS300
POS2/0/0 POS1/0/0
200.1.3.2/24 200.1.4.2/24
POS2/0/0 POS1/0/0
200.1.3.1/24 200.1.4.1/24
GE3/0/0
AS200 8.1.1.1/24
RouterD
Precautions
When configuring BGP load balancing, note the following point:
l Load balancing can be implemented by configuring BGP attributes, for example, ignoring
the comparison of IGP metrics. Ensure that no routing loops occur when configuring BGP
attributes to implement load balancing.
Configuration Roadmap
The configuration roadmap is as follows:
1. Establish EBGP connections between Routers A and B and between Routers A and C to
enable ASs to communicate with each other using BGP.
2. Establish EBGP connections between Routers D and B and between Routers D and C to
enable ASs to communicate with each other using BGP.
3. Configuring load balancing on Router A so that Router A can send traffic to Router D
through either Router B or Router C.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure an IP address for each interface. The configuration details are not provided here.
# Configure Router A.
[RouterA] bgp 100
[RouterA-bgp] router-id 1.1.1.1
[RouterA-bgp] peer 200.1.1.2 as-number 300
[RouterA-bgp] peer 200.1.2.2 as-number 300
[RouterA-bgp] quit
# Configure Router B.
[RouterB] bgp 300
[RouterB-bgp] router-id 2.2.2.2
[RouterB-bgp] peer 200.1.1.1 as-number 100
[RouterB-bgp] peer 200.1.3.1 as-number 200
[RouterB-bgp] quit
# Configure Router C.
[RouterC] bgp 300
[RouterC-bgp] router-id 3.3.3.3
[RouterC-bgp] peer 200.1.2.1 as-number 100
[RouterC-bgp] peer 200.1.4.1 as-number 200
[RouterC-bgp] quit
# Configure Router D.
[RouterD] bgp 200
[RouterD-bgp] router-id 4.4.4.4
[RouterD-bgp] peer 200.1.3.2 as-number 300
[RouterD-bgp] peer 200.1.4.2 as-number 300
[RouterD-bgp] ipv4-family unicast
[RouterD-bgp-af-ipv4] network 8.1.1.0 255.255.255.0
[RouterD-bgp-af-ipv4] quit
[RouterD-bgp] quit
The preceding command output shows that there are two valid routes from Router A to
destination 8.1.1.0/24. The route with the next-hop address of 200.1.1.2 is the optimal route
because the router ID of Router B is smaller.
The preceding command output shows that BGP route 8.1.1.0/24 has two next hops: 200.1.1.2
and 200.1.2.2. Both of them are optimal routes.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
interface Pos1/0/0
undo shutdown
link-protocol ppp
ip address 200.1.1.1 255.255.255.0
#
interface Pos2/0/0
undo shutdown
link-protocol ppp
ip address 200.1.2.1 255.255.255.0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
bgp 100
router-id 1.1.1.1
peer 200.1.1.2 as-number 300
peer 200.1.2.2 as-number 300
#
ipv4-family unicast
maximum load-balancing 2
peer 200.1.1.2 enable
peer 200.1.2.2 enable
#
return
Networking Requirements
Voice and video services have high requirements for network reliability and stability. If a fault
occurs on a network, service recovery is required to be as quick as possible, and the recovery
time is required to reach the carrier-class reliability requirement (within 50 ms). BFD for BGP
can meet this requirement.
As shown in Figure 8-39, a primary link and a backup link are deployed on the network to ensure
service transmission reliability. EBGP peer relationships are established between indirectly
connected Router A and Router B, and between indirectly connected Router A and Router C.
Under normal circumstances, traffic is transmitted along the primary link between Router A and
Router B. If the primary link fails, it is required that BGP quickly detect this failure and switch
traffic to the backup link (Router A -> Router C -> Router B).
BFD for BGP can be configured to speed up the link switchover. In case the primary link between
Router A and Router B fails, BFD will quickly detect the change in the BGP peer relationship
and notify BGP of the change. Service traffic then will be switched to the backup link for
transmission.
GE3/0/0
172.16.1.1/24
GE2/0/0
200.1.1.2/24
RouterA IBGP
AS 200
GE2/0/0
200.1.2.1/24 EBGP GE1/0/0
9.1.1.2/24
GE2/0/0
200.1.2.2/24 RouterC
NOTE
If two routers establish an EBGP peer relationship over a direct link, BFD for BGP does not need to be
configured. This is because the ebgp-interface-sensitive command is enabled by default for directly-
connected EBGP peers.
Configuration Roadmap
The configuration roadmap is as follows:
1. Establish multihop EBGP peer relationships between Router A and Router B, and between
Router A and Router C, and establish an IBGP peer relationship between Router B and
Router C so that they can learn routes from each other.
2. Configure the MED attribute to control route selection, making Router A select the route
sent from Router B as the optimal route to reach the network 172.16.1.1/24.
3. Enable BFD on Router A and Router B.
Data Preparation
To complete the configuration, you need the following data:
l Router IDs of Router A, Router B, and Router C (1.1.1.1, 2.2.2.2, and 3.3.3.3 are used as
an example here), number of the AS where Router A resides (100 is used as an example
here), and number of the AS where Router B and Router C reside (200 is used as an example
here)
l Peer IP address in BFD detection (200.1.1.2/24 is used as an example here)
l Minimum interval for transmitting BGP packets (100 is used as an example here), minimum
interval for receiving BGP packets (100 is used as an example here), and local detection
multiplier (4 is used as an example here)
Procedure
Step 1 Assign an IP address to each interface.
Assign an IP address to each interface as shown in Figure 8-39. For details about the
configuration, see the following configuration files.
Step 2 Configure basic BGP functions. Establish EBGP peer relationships between Router A and
Router B, and between Router A and Router C and an IBGP peer relationship between Router
B and Router C.
# Configure Router A.
[RouterA] bgp 100
[RouterA-bgp] router-id 1.1.1.1
[RouterA-bgp] peer 200.1.1.2 as-number 200
[RouterA-bgp] peer 200.1.1.2 ebgp-max-hop
[RouterA-bgp] peer 200.1.2.2 as-number 200
[RouterA-bgp] peer 200.1.2.2 ebgp-max-hop
[RouterA-bgp] quit
# Configure Router B.
[RouterB] bgp 200
[RouterB-bgp] router-id 2.2.2.2
[RouterB-bgp] peer 200.1.1.1 as-number 100
[RouterB-bgp] peer 200.1.1.1 ebgp-max-hop
[RouterB-bgp] peer 9.1.1.2 as-number 200
[RouterB-bgp] network 172.16.1.0 255.255.255.0
[RouterB-bgp] quit
# Configure Router C.
[RouterC] bgp 200
[RouterC-bgp] router-id 3.3.3.3
[RouterC-bgp] peer 200.1.2.1 as-number 100
[RouterC-bgp] peer 200.1.2.1 ebgp-max-hop
[RouterC-bgp] peer 9.1.1.1 as-number 200
[RouterC-bgp] quit
# Check the status of BGP peer relationships on Router A. The command output shows that the
BGP peer relationships are in the Established state.
# Configure Router C.
[RouterC] route-policy 10 permit node 10
[RouterC-route-policy] apply cost 150
[RouterC-route-policy] quit
[RouterC] bgp 200
[RouterC-bgp] peer 200.1.2.1 route-policy 10 export
[RouterC-bgp] quit
As shown in the BGP routing table, the next-hop address of the route to 172.16.1.0/24 is
200.1.1.2, and service traffic is transmitted on the primary link between Router A and Router
B.
Step 4 Configure BFD, and set the interval for transmitting BFD packets, the interval for receiving BFD
packets, and the local detection multiplier.
# Enable BFD on Router A. Set the minimum intervals for transmitting and receiving BFD
packets to 100 ms and the local detection multiplier to 4.
[RouterA] bfd
[RouterA-bfd] quit
[RouterA] bgp 100
[RouterA-bgp] peer 200.1.1.2 bfd enable
[RouterA-bgp] peer 200.1.1.2 bfd min-tx-interval 100 min-rx-interval 100 detect-
multiplier 4
[RouterA-bgp] quit
# Enable BFD on Router B. Set the minimum intervals for transmitting and receiving BFD
packets to 100 ms and the local detection multiplier to 4.
[RouterB] bfd
[RouterB-bfd] quit
[RouterB] bgp 200
[RouterB-bgp] peer 200.1.1.1 bfd enable
[RouterB-bgp] peer 200.1.1.1 bfd min-tx-interval 100 min-rx-interval 100 detect-
multiplier 4
[RouterB-bgp] quit
# Run the shutdown command on GE 2/0/0 of Router B to simulate a fault on the primary link.
[RouterB] interface gigabitethernet 2/0/0
[RouterB-Gigabitethernet2/0/0] shutdown
As shown in the BGP routing table, the backup link of Router A -> Router C -> Router B takes
effect after the primary link fails, and the next-hop address of the route to 172.16.1.0/24 is
200.1.1.2.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
bfd
#
interface Gigabitethernet1/0/0
undo shutdown
ip address 200.1.2.1 255.255.255.0
#
interface Gigabitethernet2/0/0
undo shutdown
#
interface Gigabitethernet2/0/0
undo shutdown
ip address 9.1.1.2 255.255.255.0
#
bgp 200
router-id 3.3.3.3
peer 9.1.1.1 as-number 200
peer 200.1.2.1 as-number 100
peer 200.1.2.1 ebgp-max-hop 255
#
ipv4-family unicast
undo synchronization
peer 9.1.1.1 enable
peer 200.1.2.1 enable
peer 200.1.2.1 route-policy 10 export
#
route-policy 10 permit node 10
apply cost 150
#
return
Networking Requirements
As networks evolve continuously, voice, on-line video, and financial services raise increasingly
high requirements for real-time performance. Usually, primary and backup links are deployed
on a network to ensure the stability of these services. If the primary link fails, the Router needs
to wait for route convergence to be completed. After that, the Router reselects an optimal route
and delivers the reselected route to the FIB table to start a link switchover. This is the traditional
switchover mode. In this mode, service interruption lasts a long time, which does not meet the
services' requirement.
BGP Auto FRR addresses this problem. After BGP Auto FRR is enabled on a Router, the
Router selects the optimal route to forward packets. In addition, the Router automatically adds
information about the second optimal route to the backup forwarding entries of the optimal route
and delivers the backup forwarding entries to the FIB table. If the primary link fails, the router
quickly switches traffic to the backup link. The switchover does not depend on route
convergence. Therefore, the service interruption time is very short, reaching the sub-second
level.
As shown in Figure 8-40, Router A resides in AS 100. There are two paths that can reach the
network 4.4.4.4/32. It is required that traffic be transmitted on LinkA, the primary link, under
normal circumstances and quickly switched to LinkB, the backup link, in the case that LinkA
fails.
RouterB
/0 PO
S 1/0 24 20 S2/
PO .1.2/ .3 . 0
1 .1 /0
.1 Loopback1
/0 /0 20 /24
O S 1 /2 4 4.4.4.4/32
P .1 .1 PO
1
20. LinkA 20 S1/
.3 . 0
1 .2 /0
/2 4
RouterA
0
LinkB O S 2/ 0/ 4
P /2
PO S . 1 .2
2 0 .4
20.2 2/0/0 RouterD
.1.1/ POS 2/0/0
AS100 24
20.2 1/0/0 POS .1/24
.1
.1.2/
24 20.4
RouterC
AS200
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure EBGP peer relationships between Router A and Router B, and between
Router A and Router C, and configure IBGP peer relationships between Router D and
Router B, and between Router D and Router C to allow them to learn BGP routes from
each other.
2. Configure routing policies on Router B and Router C to change the MED values of routes
sent to Router D so that Router A later can select the route for LinkA as the optimal route.
3. Configure BGP Auto FRR on Router A to enable the service traffic to be quickly switched
to LinkB in case LinkA fails.
Data Preparation
To complete the configuration, you need the following data:
l ID of each Router (1.1.1.1, 2.2.2.2, 3.3.3.3, and 4.4.4.4 are used as an example as the router
IDs of Router A, Router B, Router C, and Router D), number of the AS where Router A
resides (100 is used as an example here), and number of the AS where Router B, Router
C, and Router D reside (200 is used as an example here)
l Names of routing policies on Router B and Router C (rtb and rtc are used as an example
here)
l MED values of routes sent from Router B or Router C to Router D (80 and 120 are used
as an example here)
Procedure
Step 1 Assign an IP address to each interface.
Assign an IP address to each interface as shown in Figure 8-40. For details about the
configuration, see the following configuration files.
Step 2 Establish EBGP peer relationships between Router A and Router B, and between Router A and
Router C, and establish IBGP peer relationships between Router D and Router B, and between
Router D and Router C.
NOTE
The configurations on Router B and Router C are similar to the configuration on Router A, and are not
provided here.
NOTE
The configurations on Router B and Router C are similar to the configuration on Router D, and are not
provided here.
Step 3 Configure routing policies on Router B and Router C, specifying different MED values for the
routes from Router B or Router C to Router D.
[RouterD-bgp] quit
# Run the display ip routing-table verbose command on Router A to view detailed information
about the route learned by Router A to reach 4.4.4.4/32.
[RouterA] display ip routing-table 4.4.4.4 32 verbose
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : Public
Summary Count : 1
Destination: 4.4.4.4/32
Protocol: EBGP Process ID: 0
Preference: 255 Cost: 80
NextHop: 20.1.1.2 Neighbour: 20.1.1.2
State: Active Adv Age: 00h00m12s
Tag: 0 Priority: low
Label: NULL QoSInfo: 0x0
IndirectID: 0x4
RelayNextHop: 0.0.0.0 Interface: Pos1/0/0
TunnelID: 0x0 Flags: D
Because the MED value of the route learned from Router B is smaller, Router A selects the route
Router A -> Router B -> Router D as the optimal route to access 4.4.4.4/32. Since FRR is not
configured, no information about the backup route is available.
Step 4 Enable BGP Auto FRR on Router A and check routing information.
# After the configuration is complete, run the display ip routing-table verbose command on
Router A to view routing information.
[RouterA] display ip routing-table 4.4.4.4 32 verbose
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : Public
Summary Count : 1
Destination: 4.4.4.4/32
Protocol: EBGP Process ID: 0
Preference: 255 Cost: 80
NextHop: 20.1.1.2 Neighbour: 20.1.1.2
State: Active Adv Age: 00h52m45s
Tag: 0 Priority: low
Label: NULL QoSInfo: 0x0
IndirectID: 0x4
RelayNextHop: 0.0.0.0 Interface: Pos1/0/0
TunnelID: 0x0 Flags: D
BkNextHop: 20.2.1.2 BkInterface: Pos2/0/0
BkLabel: NULL SecTunnelID: 0x0
BkPETunnelID: 0x0 BkPESecTunnelID: 0x0
BkIndirectID: 0x2
The command output shows that Router A has a backup next hop and a backup outbound
interface to 4.4.4.4/32.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
interface Pos1/0/0
ip address 20.1.1.1 255.255.255.0
#
interface Pos2/0/0
ip address 20.2.1.1 255.255.255.0
#
bgp 100
router-id 1.1.1.1
peer 20.1.1.2 as-number 200
peer 20.2.1.2 as-number 200
#
ipv4-family unicast
auto-frr
#
return
#
return
Networking Requirements
"Valid packet" attacks on a network consume a large number of device resources such as CPU
resources. For example, an attacker forges BGP packets and keeps sending them to a device.
After receiving these packets, the device identifies the destination of the packets. The forwarding
plane of the device then directly sends the packets to the control plane for processing without
checking the validity of the packets. As a result, the device is busy processing these "valid"
packets, resulting in high CPU usage.
GTSM checks whether the TTL value in the header of a packet is within a pre-defined value
range. This protects devices against CPU attacks.
On the network running BGP shown in Figure 8-41, Router A is in AS 10. Routers B, C, and
D are in AS 20. BGP GTSM can be configured on Router B to protect Router B against CPU
attacks, improving network security.
IBGP
POS1/0/0 RouterB POS1/0/0
RouterC
EBGP 30.1.1.2/24 20.1.1.2/24
POS2/0/0
RouterA 20.1.1.1/24 L POS2/0/0
oo 20.1.2.1/24
Loopback0 3.3 p b IBGP
POS1/0/0 2.2.2.9/32 IB .3 a c
GP .9 k0
AS10 30.1.1.1/24 /3 POS1/0/0
2
20.1.2.2/24
PC RouterD
AS20
Loopback0
4.4.4.9/32
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure OSPF on Routers B, C, and D to allow these devices to communicate with each
other in AS 20.
2. Establish an EBGP connection between Routers A and B, and establish IBGP full-mesh
connections between Routers B, C, and D using loopback interface addresses.
3. Configure GTSM on Routers A, B, C, and D.
Data Preparation
To complete the configuration, you need the following data:
l Router ID 1.1.1.9 and AS number 10 of Router A
l Router IDs 2.2.2.9, 3.3.3.9, and 4.4.4.9, and AS numbers 20 of Routers B and C respectively
l TTL values of packets transmitted between Routers A and B, between Routers B and C,
between Routers C and D, and between Routers B and D (TTL values of packets transmitted
between Routers A and B, between Routers B and C, and between Routers C and D is 1,
and TTL values of packets transmitted between Routers B and D is 2 in this example)
Procedure
Step 1 Configure an IP address for each interface. The configuration details are not provided here.
Step 2 Configure OSPF. The configuration details are not provided here.
Step 3 Establish IBGP full-mesh connections.
# Configure Router B.
[RouterB] bgp 20
[RouterB-bgp] router-id 2.2.2.9
[RouterB-bgp] peer 3.3.3.9 as-number 20
# Configure Router C.
[RouterC] bgp 20
[RouterC-bgp] router-id 3.3.3.9
[RouterC-bgp] peer 2.2.2.9 as-number 20
[RouterC-bgp] peer 2.2.2.9 connect-interface LoopBack0
[RouterC-bgp] peer 4.4.4.9 as-number 20
[RouterC-bgp] peer 4.4.4.9 connect-interface LoopBack0
# Configure Router D.
[RouterD] bgp 20
[RouterD-bgp] router-id 4.4.4.9
[RouterD-bgp] peer 2.2.2.9 as-number 20
[RouterD-bgp] peer 2.2.2.9 connect-interface LoopBack0
[RouterD-bgp] peer 3.3.3.9 as-number 20
[RouterD-bgp] peer 3.3.3.9 connect-interface LoopBack0
# Configure Router B.
[RouterB-bgp] peer 30.1.1.1 as-number 10
[RouterB-bgp]quit
The preceding command output shows that BGP connections have been established between
Router B and other Routers.
Step 5 Configure GTSM on Routers A and B. Because the two routers are directly connected, the range
of TTL values contained in packets transmitted between the two devices is [255, 255]. The valid-
ttl-hops value is 1.
# Configure GTSM on Router A.
[RouterA-bgp] peer 30.1.1.2 valid-ttl-hops 1
[RouterA-bgp] quit
The preceding command output shows that GTSM has been enabled, the valid hop count is 1,
and the BGP connection is in the Established state.
Step 6 Configure GTSM on Routers B and C. Because the two routers are directly connected, the range
of TTL values contained in packets transmitted between the two devices is [255, 255]. The valid-
ttl-hops value is 1.
# Configure GTSM on Router B.
[RouterB] bgp 20
[RouterB-bgp] peer 3.3.3.9 valid-ttl-hops 1
[RouterB-bgp] quit
The preceding command output shows that GTSM has been enabled, the valid hop count is 1,
and the BGP connection is in the Established state.
Step 7 Configure GTSM on Routers C and D. Because the two Routers are directly connected, the range
of TTL values contained in packets transmitted between the two devices is [255, 255]. The valid-
ttl-hops value is 1.
The preceding command output shows that GTSM has been enabled, the valid hop count is 1,
and the BGP connection is in the Established state.
Step 8 Configure GTSM on Routers B and D. Because the two Routers are connected through
Router C, the range of TTL values contained in packets transmitted between the two devices is
[254, 255], and the valid-ttl-hops value is 2.
The preceding command output shows that GTSM has been enabled, the valid hop count is 2,
and the BGP connection is in the Established state.
NOTE
l In this example, if the valid-ttl-hops value is smaller than 2 on either of Routers B and D, the IBGP
connection cannot be established between them.
l GTSM must be enabled on both ends of a BGP connection.
# Run the display gtsm statistics all command on Router B to check GTSM statistics. If the
default action to be taken on packets is pass and all packets are valid, no packet is dropped.
[RouterB] display gtsm statistics all
GTSM Statistics Table
----------------------------------------------------------------
If a host forges BGP packets of Router A to attack Router B, the packets are discarded because
their TTL values are not 255 when reaching Router B. The number of dropped packets increases
accordingly in the GTSM statistics of Router B.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
interface Pos1/0/0
link-protocol ppp
ip address 30.1.1.1 255.255.255.0
#
bgp 10
router-id 1.1.1.9
peer 30.1.1.2 as-number 20
9 BGP4+ Configuration
BGP4+, which is applicable to the large-scale IPv6 network with a complicated structure, is used
between ASs to transmit routing information.
9.1 Introduction
BGP4+ is a dynamic routing protocol used between ASs.
By configuring a BGP4+ peer group, you can simplify the management of routing policies, and
therefore improve the efficiency of route advertisement.
9.1 Introduction
BGP4+ is a dynamic routing protocol used between ASs.
Other Attributes
Most of BGP4+ features supported by the NE80E/40E are similar to those of BGP supported by
the NE80E/40E. For details, refer to the chapter "BGP Configuration".
Applicable Environment
BGP4+ is configured in an IPv6 network.
Pre-configuration Tasks
Before configuring basic BGP4+ functions, complete the following tasks:
l Enabling IPv6
l Configuring link layer protocol parameters and IPv6 addresses for interfaces to make link
layers of the interfaces Up
Data Preparation
To configure BGP4+, you need the following data.
No. Data
Context
Perform the following steps on the router on which the BGP4+ connection needs to be set up:
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
BGP is enabled (the local AS number is specified) and the BGP view is displayed.
Setting or changing the router ID of BGP resets the BGP peer relationship between routers.
NOTE
l To enhance the network reliability, you can manually configure the address of a loopback interface as
the router ID. If the router ID is not set, BGP uses the router ID in the system view. To select the router
ID in the system view, refer to the Command Reference.
l If no interface of a router is configured with an IPv4 address, you must set a router ID for the router.
----End
Procedure
l Configuring an IBGP Peer
Perform the following steps on the router on which the IBGP connection needs to be set
up:
1. Run:
system-view
The peer address and the AS where the peer resides are configured.
The AS number of the specified peer must be the same as the local AS number.
A peer (group) is configured only to listen to connection requests, but not to send
connection requests.
After this command is used, the existing peer relationship is interrupted. The peer on
which this command is used waits for the connection request from its peer to
reestablish the neighbor relationship. This configuration can prevent the conflict of
sending connection requests.
NOTE
This command can be used on only one of two peers. If this command is used on the two peers,
the connection between the two peers cannot be established.
5. Run:
ipv6-family [ unicast ]
The IP address and the AS number of a specified BGP peer are specified.
The AS number of the specified BGP peer should be different from the local AS
number.
If the IP address of the specified peer is that of a loopback interface on the reachable
peer or that of a sub-interface on the directly connected peer, you need to complete
the task of Configuring the Local Interfaces Used for BGP4+ Connections to
ensure that the peer is correctly established.
4. Run:
peer { ipv6-address | group-name } ebgp-max-hop [ hop-count ]
If hop-count is not specified in the peer ebgp-max-hop command, 255 is used as the
maximum number of hops in EBGP connections.
NOTE
When establishing the EBGP connection through loopback interfaces, you must use the peer
ebgp-max-hop command specifying that hop-count is greater than or equal to 2. Otherwise,
BGP cannot set up the EBGP connection with the peer.
5. (Optional) Run:
peer { ipv6-address | group-name } listen-only
The peer or peer group is configured only to listen to connection requests, but not to
send any connection request.
After this command is used, the existing peer relationship is removed. The peer on
which this command is used reestablishes the peer relationship after receiving the
connection request from its peer. After this configuration is done, the conflict of
connection requests is avoided.
NOTE
This command can be used on only one of two peers. If this command is used on the two peers,
the connection between the two peers cannot be established.
6. Run:
ipv6-family [ unicast ]
After configuring a BGP4+ peer in the BGP view, enable the peer in the BGP IPv6
unicast address family view.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
The source interface and source address used to set up a TCP connection are specified.
Usually, BGP4+ uses the physical interface that is directly connected to the peer as the session
interface used for the TCP connection.
To increase the reliability and stability of the BGP4+ connections, configure the local interface
used for the BGP4+ connection as the loopback interface. In this way, when there are redundant
links on the network, the BGP4+ connections are not interrupted due to the failure of a certain
interface or a link.
NOTE
When establishing BGP4+ peer relationship between two devices through various links, specify the local
interface during the setup of a BGP4+ session on the devices by using the peer connect-interface command
is recommended.
----End
Prerequisites
Basic BGP4+ functions has been configured.
Procedure
l Run the display bgp ipv6 peer ipv4-address verbose command to check information about
the BGP4+ peers.
l Run the display bgp ipv6 peer ipv6-address { log-info | verbose } command to check
information about the BGP4+ peers.
----End
Applicable Environment
You can change the BGP4+ routing policies by configuring the route attributes.
l BGP4+ priority
After the BGP4+ priority is configured, Route Management (RM) is affected in routing
between BGP4+ and the other routing protocols.
l Preferred value of BGP4+ routing information
After the preferred value of BGP4+ routing information is configured, the route with the
greatest preferred value is selected when multiple routes to the same destination exist in
the BGP4+ routing table.
l Local_Pref attribute
The function of the Local_Pref attribute is similar to that of the preferred value of BGP4+
routing information. The preferred value of BGP4+ routing information takes precedence
over the Local_Pref attribute.
l Multi_Exit Discriminator (MED) attribute
After the MED attribute is configured, EBGP peers select the route with the smallest MED
value when the traffic enters an AS.
l Next_Hop attribute
A route with an unreachable next hop is ignored.
l Community attribute
The community attribute can simplify the management of routing policies. The
management range of the community attribute is wider than that of the peer group. The
community attribute can control the routing policies of multiple BGP4+ devices.
l AS_Path attribute
After the AS_Path attribute is configured, the route with a shorter AS path is selected.
l Accumulated interior gateway protocol metric (AIGP)
The AIGP attribute is used to select the optimal route in an AIGP administrative domain.
Pre-configuration Tasks
Before configuring BGP4+ route attributes, complete the following tasks:
Data Preparation
To configure BGP4+ route attributes, you need the following data.
No. Data
1 AS number
2 Protocol priority
3 Local_Pref
4 MED
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv6-family [ unicast ]
Step 4 Run:
preference { external internal local | route-policy route-policy-name }
NOTE
Using peer route-policy command to configure the preference of the BGP protocol on the peers is not
currently supported.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv6-family [ unicast ]
Step 4 Run:
peer { group-name | ipv4-address | ipv6-address } preferred-value value
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv6-family [ unicast ]
Step 4 Run:
default local-preference preference
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv6-family [ unicast ]
Step 4 Run the following commands to configure the BGP4+ MED attribute as required:
l Run:
default med med
Deterministic-MED is enabled.
If this command is not configured, when an optimal route is to be selected from among routes
which are received from different ASs and which carry the same prefix, the sequence in
which routes are received is relevant to the result of route selection. After the command is
configured, however, when an optimal route is to be selected from among routes which are
received from different ASs and which carry the same prefix, routes are first grouped
according to the leftmost AS in the AS_Path. Routes with the same leftmost AS are grouped
together, and after comparison, an optimal route is selected for the group. The group optimal
route is then compared with optimal routes from other groups to determine the final optimal
route. This mode of route selection ensures that the sequence in which routes are received is
no longer relevant to the result of route selection.
l Run:
bestroute med-none-as-maximum
The maximum MED value is used when the current MED is not available.
l Run:
bestroute med-confederation
The MED values of routes advertised in the local confederation are compared.
The commands in Step 4 can be used regardless of the order.
----End
Procedure
l Modifying the Next Hop When Advertising a Route to an IBGP Peer
1. Run:
system-view
The local address is configured as the next hop when routes are advertised.
In some networking environments, to ensure that the IBGP neighbors find the correct
next hop, configure the next hop address as its own address when routes are advertised
to the IBGP peers.
NOTE
If BGP load balancing is configured, the local router changes the next hop address to its own
address when advertising routes to the IBGP peer groups, regardless of whether the peer next-
hop-local command is used.
l The next-hop iteration based on the routing policy
1. Run:
system-view
By default, the next-hop iteration based on the specified routing policy is disabled.
The next-hop iteration based on the specified routing policy can control the iterated
route according to certain conditions. The route that fails to pass the policy is ignored.
----End
Procedure
l Configure the AS_Path Attribute in the IPv6 Address Family View.
1. Run:
system-view
The device is configured to delete private AS numbers (if any) from the AS_Path
attribute before sending update packets.
The peer public-as-only command can be used only on EBGP peers.
After the command without force is run, the device does not delete the private AS
numbers from the AS_Path attribute before sending update packets in either of the
following scenarios:
– The AS_Path of a route contains the AS number of the peer. In this case,
deleting the private AS numbers may lead to a routing loop.
– The AS_Path list contains both public network AS numbers and private AS
numbers, indicating that the route has passed through the public network.
Deleting the private AS numbers may lead to a forwarding error.
To enable the device to delete the private AS numbers from the AS_Path attribute
before sending update packets even in the preceding scenarios, specify force in
the command.
The peer fake-as command can be used to hide the actual AS number of a BGP device.
EBGP peers in other ASs will use the fake AS number of this BGP device to set up
EBGP peer relationships with this device.
NOTE
After this command is used, if the AS_Path attribute contains the AS number of the
peer, the device replaces the AS number of the peer with the local AS number before
advertising routes to the peer.
NOTICE
If the configuration is incorrect, the command may cause routing loops.
----End
Procedure
l Configuring the routers to Advertise the Community Attribute to the Peers
1. Run:
system-view
NOTE
l When configuring a BGP4+ community, you should define the specific community
attribute by using the routing policies. Then, apply these routing policies to the
advertisement of routing information.
l For the configuration of routing policies, refer to Routing Policy Configuration. For the
configuration of community attributes, refer to 8 BGP Configuration.
----End
Prerequisites
BGP4+ route attributes has been configured.
Procedure
l Run the display bgp ipv6 paths [ as-regular-expression ] command to check the AS-Path
information.
l Run the display bgp ipv6 routing-table different-origin-as command to check the route
with the different source AS.
l Run the display bgp ipv6 routing-table regular-expression as-regular-expression
command to check the routing information matching the regular expression of the AS.
l Run the display bgp ipv6 routing-table community [ aa:nn &<1-29> ] [ internet | no-
advertise | no-export | no-export-subconfed ] * [ whole-match ] command to check
routing information about the specified BGP4+ community.
l Run the display bgp ipv6 routing-table community-filter { { community-filter-name |
basic-community-filter-number } [ whole-match ] | advanced-community-filter-number }
command to check information about the routes matching the specified BGP4+ community
attribute filter.
----End
Applicable Environment
This section describes the following:
l Controlling the advertising and receiving of BGP4+ routing information, which includes
the filtering of routing information and the application of the routing policies.
l Soft resetting the BGP4+ connections
In the NE80E/40E, BGP4+ supports the route-refresh capability. When the policies are
changed, the system can refresh the BGP4+ routing table automatically without interrupting
the BGP4+ connections.
If there are routers that do not support route-refresh in the network, you can run the peer
keep-all-routes command to save all route refreshment locally. Then, you can run the
refresh bgp command to soft reset the BGP4+ connections manually.
Pre-configuration Tasks
Before controlling the advertising and receiving of BGP4+ routing information, complete the
following tasks:
Data Preparation
To control the advertising and receiving of BGP4+ routing information, you need the following
data.
No. Data
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv6-family [ unicast ]
Step 4 Run:
network ipv6-address prefix-length [ route-policy route-policy-name ]
You can use the network command to statically inject the IPv6 routes to the BGP4+ routing
table.
To be specific, the command can be used to advertise the routes only with the exactly-matched
address prefix and mask. If the mask is not designated, the routes are exactly matched based on
the natural network segment.
The local routes to be advertised should be in the local IPv6 routing table. You can use routing
policies to control the routes to be advertised more flexibly.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv6-family [ unicast ]
Step 4 Run:
aggregate ipv6-address prefix-length [ as-set | attribute-policy route-policy-
name1 | detail-suppressed | origin-policy route-policy-name2 | suppress-policy
route-policy-name3 ] *
Manual aggregation is valid for the routing entries in the local BGP4+ routing table. For example,
if 9:3::1/64 does not exist in the BGP routing table, BGP4+ does not advertise the aggregated
route even after the aggregate 9:3::1 64 command is run to aggregate this route.
When configuring manual aggregation of routes, you can apply various routing policies and set
the route attributes.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv6-family [ unicast ]
Step 4 Run:
default-route imported
If the default-route imported command is not used, you cannot import the default routes from
other protocols by using the import-route command.
Step 5 Run:
import-route protocol [ process-id ] [ med med | route-policy route-policy-name ] *
NOTE
Specify the process ID when the routes of a dynamic routing protocol are imported.
Step 6 Run:
filter-policy { acl6-number | acl6-name acl6-name | ipv6-prefix ipv6-prefix-name }
export [ protocol [ process-id ] ]
After BGP4+ filters the imported routes, only the eligible routes are added to the BGP4+ local
routing table and advertised to BGP4+ peers. If protocol [ process-id ] is specified, the routes
of the specific routing protocol are filtered. If protocol [ process-id ] is not specified, all the local
BGP routes to be advertised are filtered, including the imported routes and the local routes
advertised through the network command.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv6-family unicast
Step 4 Run:
peer { ipv6-address | group-name } default-route-advertise [ route-policy route-
policy-name ]
If route-policy route-policy-name is set, the BGP device changes attributes of a default route
based on the specified route-policy.
NOTE
After the command peer default-route-advertise is run, the router sends a default route with the local
address as the next hop to the specified peer, regardless of whether there are default routes in the routing
table.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv6-family [ unicast ]
Step 4 Run the following command to configure the outbound routing policy based on the following
different filters:
l Based on the export policy
Run:
– If the action specified in an ACL rule is deny, a route that matches the rule will not
be received or advertised by the system.
– If a route has not matched any ACL rules, the route will not be received or advertised
by the system.
– If an ACL does not contain any rules, all routes matching the route-policy that
references the ACL will not be received or advertised by the system.
– If the ACL referenced by the route-policy does not exist, all routes matching the
route-policy will be received or advertised by the system.
– In the configuration order, the system first matches a route with a rule that has a
smaller number and then matches the route with a rule with a larger number. Routes
can be filtered using a blacklist or a whitelist:
Route filtering using a blacklist: Configure a rule with a smaller number and specify
the action deny in this rule to filter out the unwanted routes. Then, configure another
rule with a larger number in the same ACL and specify the action permit in this rule
to receive or advertise the other routes.
Route filtering using a whitelist: Configure a rule with a smaller number and specify
the action permit in this rule to permit the routes to be received or advertised by the
system. Then, configure another rule with a larger number in the same ACL and
specify the action deny in this rule to filter out unwanted routes.
l Configure an advanced ACL:
1. Run
acl ipv6 name acl-name [ number acl-number2 ] [ match-order { auto |
config } ]
Route filtering using a whitelist: Configure a rule with a smaller number and specify
the action permit in this rule to permit the routes to be received or advertised by the
system. Then, configure another rule with a larger number in the same ACL and
specify the action deny in this rule to filter out unwanted routes.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv6-family [ unicast ]
Step 4 Run:
l filter-policy { acl6-number | acl6-name acl6-name | ipv6-prefix ipv6-prefix-name } import
The imported global routes are filtered.
l peer { ipv4-address | ipv6-address | group-name } route-policy route-policy-name import
BGP is configured to filter the routes imported from the specified peers.
l peer { ipv4-address | ipv6-address | group-name } filter-policy { acl6-number | acl6-
name acl6-name } import
BGP is configured to filter the routes based on the ACL.
l peer { ipv4-address | ipv6-address | group-name } as-path-filter { as-path-filter-number |
as-path-filter-name } import
BGP is configured to filter the routes based on the AS path list.
l peer { ipv4-address | ipv6-address | group-name } ipv6-prefix ipv6-prefix-name import
BGP is configured to filter the routes based on the prefix list.
The routes imported by BGP can be filtered, and only those routes that meet certain conditions
are received by BGP and added to the routing table.
The inbound routing policies used by the members in a peer group can be different from that
used by the group. That is, each peer can select its policy when importing routes.
----End
Procedure
l Enabling the Route-refresh Capability
1. Run:
system-view
If the route-refresh capability is enabled on all the BGP4+ devices, the local device
advertises the route-refresh messages to its peer if the BGP4+ route policies change.
The peer receiving this message sends its routing information to the local device again.
In this way, the BGP4+ routing table is updated dynamically and the new policies are
applied without interrupting the BGP4+ connections.
l Keeping All Route Updates of Peers
1. Run:
system-view
After this command is run, all the route updates of the specified peer are kept regardless
of whether the filtering policies are used. When the BGP connections are soft reset,
this information can be used to generate the BGP4+ routes.
l Soft Resetting a BGP4+ Connection Manually
1. Run:
refresh bgp ipv6 { all | ipv4-address | ipv6-address | group group-name |
external | internal } { export | import }
----End
Prerequisites
Controlling the advertising and receiving of BGP4+ routing information has been configured.
Procedure
l Run the display bgp ipv6 network command to check the routes advertised through the
network command.
----End
Applicable Environment
After a BGP4+ connection is set up between peers, the peers periodically send Keepalive
messages to each other. This prevents the routers from considering that the BGP4+ connection
is closed. If a router does not receive any Keepalive message or any type of packets from the
peer within the specified Hold time, the BGP4+ connection is considered as closed.
When a router sets up a BGP4+ connection with its peer, the router and the peer need negotiation
with each other. The Hold time after negotiation is the shorter one between the Hold time of the
router and that of its peer. If the negotiation result is 0, no Keepalive message is transmitted and
whether the Hold timer expires is not detected.
If the value of the timer changes, the BGP4+ connection is interrupted for a short time as the
router and its peer need negotiate again.
A ConnectRetry timer is used to set the interval between BGP4+ attempts to initiate TCP
connections. After BGP4+ initiates a TCP connection, the ConnectRetry timer is stopped if the
TCP connection is established successfully. If the first attempt to establish a TCP connection
fails, BGP4+ tries again to establish the TCP connection after the ConnectRetry timer expires.
You can speed up or slow down the establishment of BGP4+ peer relationships by changing the
BGP4+ ConnectRetry interval. For example, if the ConnectRetry interval is reduced, BGP4+
will wait less time to retry establishing a TCP connection when an earlier attempt fails. This
speeds up the establishment of the TCP connection. If a BGP4+ peer flaps constantly, the
ConnectRetry interval can be increased to suppress route flapping caused by BGP4+ peer
flapping. This speeds up route convergence.
Pre-configuration Tasks
Before configuring the parameters of a connection between BGP4+ peers, complete the
following tasks:
Data Preparation
To configure the parameters of a connection between BGP4+ peers, you need the following data.
No. Data
Context
NOTICE
As the change of the timer (with the peer timer command) tears down the BGP peer relationship
between routers. Exercise caution when running this command.
Procedure
l Configure BGP4+ timers for all peers or peer groups.
1. Run:
system-view
The proper maximum interval at which Keepalive messages are sent is one third the
holdtime and is not less than one second. If the holdtime is not set to 0, it is 3s at least.
By default, the keepalive-time value is 60s and the hold-time value is 180s.
NOTE
Setting the Keepalive time to 20s is recommended. If the Keepalive time is smaller than 20s,
sessions between peers may be closed.
When setting values of keepalive-time and hold-time, note the following points:
– The keepalive-time and hold-time values cannot be both set to 0. Otherwise, the
BGP timers become invalid, meaning that BGP will not send Keepalive messages
to detect connection status.
– The hold-time value cannot be much greater than the keepalive-time value. For
example, keepalive-time cannot be set to 1 while hold-time is set to 65535. If the
hold-time value is too large, BGP cannot detect connection status in time.
After a connection is established between peers, the keepalive-time and hold-time
values are negotiated by the peers. The smaller one of the hold-time values carried by
Open messages of both peers is taken as the hold-time value. The smaller of one third
of the hold-time value and the locally configured keepalive-time value is taken as the
keepalive-time value.
If the local device establishes BGP peer relationships with many devices, it needs to
process huge BGP messages. If hold-time negotiated among BGP peers is small, the
timer may expire before the local device processes the Keepalive messages sent from
other BGP peers. The peer relationships are then interrupted, and routes flap. To solve
the preceding problem, you can configure an appropriate value for min-holdtime min-
holdtime based on the CPU processing capability of the local device.
If the value of min-holdtime is changed, but the values of keepalive-time and hold-
time negotiated between two BGP peers remain unchanged, the established peer
relationship is not affected. Only when the local device attempts to re-establish a
relationship with a remote device, the value of min-holdtime configured on the local
device takes effect. The local device compares min-holdtime with hold-time sent from
the remote device. If the value of min-holdtime exceeds that of hold-time, hold-time
negotiation fails, and the peer relationship fails to be established.
NOTE
If min-holdtime is configured on the local device, and the value of hold-time sent from the
remote device is 0, hold-time negotiation between the two devices succeeds. The negotiated
value of hold-time is 0, and the peer relationship is established. The value 0 of hold-time
indicates that the peer relationship never expires.
l Configure timers for a specific peer or peer group.
1. Run:
system-view
The Keepalive and hold timer values are set for a specific peer or peer group.
For information about the relationship between the keepalive-time and hold-time
values, see Configure BGP4+ timers for all peers or peer groups.
NOTE
Setting the Keepalive time to 20s is recommended. If the Keepalive time is smaller than 20s,
sessions between peers may be closed.
Timers set for a specific peer or peer group takes precedence over timers set for all
peers or peer groups.
----End
Procedure
Step 1 Run:
system-view
----End
Context
When BGP4+ initiates a TCP connection, the ConnectRetry timer is stopped if the TCP
connection is established successfully. If the first attempt to establish a TCP connection fails,
BGP4+ tries again to establish the TCP connection after the ConnectRetry timer expires. The
ConnectRetry interval can be adjusted as needed.
l The ConnectRetry interval can be reduced in order to lessen the time BGP4+ waits to retry
establishing a TCP connection after the first attempt fails.
l To suppress route flapping caused by constant peer flapping, the ConnectRetry interval can
be increased to speed up route convergence.
Procedure
l Set a ConnectRetry interval globally.
1. Run:
system-view
Context
In most cases, BGP4+ routes do not have directly reachable next hops, and route iteration must
be used. When many BGP4+ routes are iterated to one next hop and a non-critical iteration
change occurs on the next hop, such as a change of IGP metric or the number of load balancing
routes, an indirect next hop-enabled device can update forwarding entries rapidly. In this
situation, BGP4+ does not need to update routes one by one, and you can configure the rate at
which BGP4+ updates routes in response to non-critical iteration changes to allow the device to
update BGP4+ routes in the IPv6 routing table gradually. This configuration prevents BGP4+
from occupying the CPU resource of other protocols, reduces CPU loads, and ensures device
reliability.
Pre-configuration Tasks
Before configuring the rate at which BGP4+ updates routes in response to non-critical iteration
changes, complete the following task:
Data Preparation
To configure the rate at which BGP4+ updates routes in response to non-critical iteration
changes, you need the following data.
No. Data
1 Interval at which BGP updates routes in response to non-critical iteration changes and
the number of routes that are updated during the interval
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv6-family [ unicast ]
Step 4 Run:
nexthop recursive-lookup non-critical-event route-update-timer route-update-timer
[ route-update-number route-update-number ]
The rate at which BGP4+ updates routes in response to non-critical iteration changes is
configured.
By default, the rate at which BGP updates routes in response to non-critical iteration changes is
not configured.
timer is 5 and route-update-number is 1000, the number of routes that are updated each second
is 200.
NOTE
When many BGP4+ routes are iterated to one next hop and a non-critical iteration change occurs on the
next hop, if the nexthop recursive-lookup non-critical-event route-update-timer command is
configured, the BGP4+ route convergence is slowed down. Before BGP4+ updates all routes associated
with the next hop, the IP routing table shows iteration information before the update. However, the
forwarding entries have been updated, and traffic is forwarded along the correct path.
The nexthop recursive-lookup non-critical-event route-update-timer command does not take effect to
critical iteration changes on a next hop, and for example, the reachability of the next hop changes due to
interface flapping.
----End
Prerequisites
Parameters of a connection between BGP4+ peers has been configured.
Procedure
l Run the display bgp ipv6 peer ipv4-address verbose command to check detailed
information about the BGP4+ peers.
l Run the display bgp ipv6 peer ipv6-address { log-info | verbose } command to check
information about the BGP4+ peers.
----End
Example
Run the display bgp ipv6 peer ipv6-address verbose command in the system view. You can
view the configured Keepalive period, holdtime, ConnectRetry interval, and interval at which
Update packets are sent.
<RouterB> display bgp peer 2001:db8:1::1 verbose
Applicable Environment
BFD can rapidly detect IPv6 forwarding failures. By adopting the BFD fast detection
mechanism, an IPv6 network can transmit voice services, video services, and VoD services with
high QoS. This enables service provides to provide their customers with highly available and
reliable voice over IP (VoIP) and other real-time services.
BGP periodically sends Keepalive messages to the peer to detect faults on the neighbor. This
mechanism, however, takes more than one second to detect a fault. When the data rate is up to
Gbit/s, the detection mechanism causes a great packet loss. This mechanism fails to meet the
requirement on the reliability of core networks.
BGP introduces BFD for BGP4+. The fast detection mechanism of BFD can faster detect faults
on the links between BGP peers. The convergence of networks therefore speeds up.
Pre-configuration Tasks
Before configuring BFD for BGP4+, complete the following tasks:
l Configuring link layer protocol parameters and assigning IP addresses to the interfaces to
ensure that the status of the link layer protocol of the interface is Up
l Configuring Basic BGP4+ Functions
Data Preparation
To configure BFD for BGP4+, you need the following data.
No. Data
2 Related BFD detection parameters, including the minimum interval and the
maximum interval for receiving BFD control packets, and the detection time
multiplier
Context
Perform the following steps on BGP4+ devices at the two ends of a link on which a BFD session
needs to be set up:
Procedure
Step 1 Run:
system-view
Step 2 Run:
bfd
Step 3 Run:
quit
Step 4 Run:
bgp { as-number-plain | as-number-dot }
Step 5 Run:
peer { group-name | ipv6-address } bfd enable [ single-hop-prefer ]
BFD is configured for a peer or a peer group and the BFD session is set up.
If BFD is configured on a peer group, peers that belong to the group set up BFD sessions when
the peer bfd block command is not used on the peers.
NOTE
l A BFD session is set up only when the BGP session is in the Established state.
l If BFD parameters of a peer are set, the BFD session is set up by using BFD parameters of the peer.
NOTE
The BFD parameters of peers take precedence over those of peer groups. If BFD parameters are configured
on peers, they will be used in BFD session establishment.
The default interval for transmitting BFD packets and the default detection multiplier are
recommended. When changing the default values, pay attention to the network status and the
network reliability requirement. A short interval for transmitting BFD packets can be configured
for a link that has a higher reliability requirement. A long interval for transmitting BFD packets
can be configured for a link that has a lower reliability requirement.
NOTE
There are three formulas: Actual interval for the local device to send BFD packets = max {Locally
configured interval for transmitting BFD packets, Remotely configured interval for receiving BFD
packets}, Actual interval for the local device to receive BFD packets = max {Remotely configured interval
for transmitting BFD packets, Locally configured interval for receiving BFD packets}, and Local detection
period = Actual interval for receiving BFD packets x Remotely configured BFD detection multiplier.
For example:
l On the local device, the configured interval for transmitting BFD packets is 200 ms, the interval for
receiving BFD packets is 300 ms, and the detection multiplier is 4.
l On the peer device, the configured interval for transmitting BFD packets is 100 ms, the interval for
receiving BFD packets is 600 ms, and the detection multiplier is 5.
Then:
l On the local device, the actual interval for transmitting BFD packets is 600 ms calculated by using the
formula max {200 ms, 600 ms}; the interval for receiving BFD packets is 300 ms calculated by using
the formula max {100 ms, 300 ms}; the detection period is 1500 ms calculated by multiplying 300 ms
by 5.
l On the peer device, the actual interval for transmitting BFD packets is 300 ms calculated by using the
formula max {100 ms, 300 ms}; the interval for receiving BFD packets is 600 ms calculated by using
the formula max {200 ms, 600 ms}; the detection period is 2400 ms calculated by multiplying 600 ms
by 4.
wtr wtr-value can be specified in the command to suppress frequent BFD and BGP session
flapping caused by link flapping. If a BFD session over a link goes Down, it does not go Up
immediately after the link recovers. Instead, the BFD session waits for the WTR timer to expire
before going Up. If the link fails again before the WTR timer expires, BFD does not send a link
fault message to BGP, and the BGP session status is stabilized.
The default value of wtr-value is 0, which means that the WTR timer will not be started.
If a peer joins a group enabled with BFD, the peer inherits BFD of the group and creates a BFD
session. If you do not want the peer to inherit BFD of the group, you can prevent the peer from
inheriting BFD of its group.
NOTE
The peer bfd block command is exclusive with the peer bfd enable command. After the peer bfd
block command is used, the BFD session is automatically deleted.
----End
Context
Perform the following steps on the BGP devices at the both ends of the link that needs to set up
a BFD session:
Procedure
Step 1 Run:
system-view
Step 2 Run:
bfd
Step 3 Run:
quit
Step 4 Run:
bgp { as-number-plain | as-number-dot }
Step 5 Run:
ipv6-family vpn-instance vpn-instance-name
Step 6 Run:
peer { group-name | ipv6-address } bfd enable [ single-hop-prefer ]
BFD is configured for a peer or a peer group and the BFD session is set up.
If BFD is configured on a peer group, peers that belong to the group set up BFD sessions when
the peer bfd block command is not used on the peers.
NOTE
l A BFD session is set up only when the BGP session is in the Established state.
l If BFD parameters of a peer are set, the BFD session is set up by using BFD parameters of the peer.
NOTE
The BFD parameters of peers take precedence over those of peer groups. If BFD parameters are configured
on peers, they will be used in BFD session establishment.
The default interval for transmitting BFD packets and the default detection multiplier are
recommended. When changing the default values, pay attention to the network status and the
network reliability requirement. A short interval for transmitting BFD packets can be configured
for a link that has a higher reliability requirement. A long interval for transmitting BFD packets
can be configured for a link that has a lower reliability requirement.
NOTE
There are three formulas: Actual interval for the local device to send BFD packets = max {Locally
configured interval for transmitting BFD packets, Remotely configured interval for receiving BFD
packets}, Actual interval for the local device to receive BFD packets = max {Remotely configured interval
for transmitting BFD packets, Locally configured interval for receiving BFD packets}, and Local detection
period = Actual interval for receiving BFD packets x Remotely configured BFD detection multiplier.
For example:
l On the local device, the configured interval for transmitting BFD packets is 200 ms, the interval for
receiving BFD packets is 300 ms, and the detection multiplier is 4.
l On the peer device, the configured interval for transmitting BFD packets is 100 ms, the interval for
receiving BFD packets is 600 ms, and the detection multiplier is 5.
Then:
l On the local device, the actual interval for transmitting BFD packets is 600 ms calculated by using the
formula max {200 ms, 600 ms}; the interval for receiving BFD packets is 300 ms calculated by using
the formula max {100 ms, 300 ms}; the detection period is 1500 ms calculated by multiplying 300 ms
by 5.
l On the peer device, the actual interval for transmitting BFD packets is 300 ms calculated by using the
formula max {100 ms, 300 ms}; the interval for receiving BFD packets is 600 ms calculated by using
the formula max {200 ms, 600 ms}; the detection period is 2400 ms calculated by multiplying 600 ms
by 4.
wtr wtr-value can be specified in the command to suppress frequent BFD and BGP session
flapping caused by link flapping. If a BFD session over a link goes Down, it does not go Up
immediately after the link recovers. Instead, the BFD session waits for the WTR timer to expire
before going Up. If the link fails again before the WTR timer expires, BFD does not send a link
fault message to BGP, and the BGP session status is stabilized.
The default value of wtr-value is 0, which means that the WTR timer will not be started.
If a peer joins a group enabled with BFD, the peer inherits BFD of the group and creates a BFD
session. If you do not want the peer to inherit BFD of the group, you can prevent the peer from
inheriting BFD of its group.
NOTE
The peer ipv6-address bfd block command is exclusive with the peer { group-name | ipv6-address }
bfd enable command. After the peer bfd block command is used, the BFD session is automatically deleted.
----End
Prerequisites
BFD for BGP4+ has been configured.
Procedure
l Run the display bgp ipv6 bfd session { [ vpnv6 vpn-instance vpn-instance-name ] peer
ipv6-address | all } command to check the BFD sessions established by BGP4+.
l Run the display bgp [ vpnv6 vpn-instance vpn-instance-name ] peer [ [ ipv6-address ]
verbose ] command to check BGP4+ peers.
l Run the display bgp ipv6 group [ group-name ] command to check BGP peer groups.
l Run the display bgp vpnv6 { all | vpn-instance vpn-instance-name } group [ group-
name ] command to check BGP4+ peer groups.
----End
Applicable Environment
Since BFD is difficult to deploy and is of poor scalability, in a network where BFD is unsuitable
to be deployed, you can configure BGP4+ peer tracking as a substitution for BFD to implement
the fast convergence of BGP4+ routes.
BGP4+ peer tracking is easy to deploy because it needs to be configured only on the local device,
without the need of configuring it on the peer device. However, BGP4+ route convergence in a
network configured with BGP4+ peer tracking is slower than that in a network enabled with
BFD; therefore, BGP4+ peer tracking cannot meet the requirement of voice services that demand
high convergence speed.
Pre-configuration Tasks
Before configuring BGP4+ peer tracking, complete the following tasks:
Data Preparation
To configure BGP4+ peer tracking, you need the following data.
No. Data
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
peer { group-name | ipv6-address } tracking [ delay delay-time ]
A proper value of delay-time can ensure network stability when a peer is detected unreachable.
l If delay-time is set to 0, BGP immediately tears down the connection between the local device
and its peer after the peer is detected unreachable.
l If IGP route flapping occurs and delay-time for an IBGP peer is set to 0, the peer relationship
between the local device and the peer alternates between Up and Down. Therefore, delay-
time for an IBGP peer should be set to a value greater than the actual IGP route convergence
time.
l When BGP neighbors successfully perform the GR negotiation, the active/standby
switchover occurs on the BGP neighbors, to prevent the failure of GR, delay-time should be
set to a value greater than GR period. If delay-time is set to be smaller than the GR period,
the connection between the local device and the BGP peer will be torn down, which leads to
the failure of GR.
----End
Prerequisite
All BGP4+ peer tracking configurations are complete.
l Run the display bgp ipv6 peer [ [ ipv6-address ] verbose ] command to check information
about the BGP4+ peer.
l Run the display bgp ipv6 group [ group-name ] command to check information about the
BGP4+ peer group.
Applicable Environment
BGP4+ dampening can suppress unstable routes. BGP4+ neither adds the unstable routes to the
routing table nor advertises them to other BGP peers.
Pre-configuration Tasks
Before configuring BGP4+ route dampening, complete the following task:
Data Preparation
To configure BGP4+ route dampening, you need the following data.
No. Data
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv6-family [ unicast ]
Step 4 Run:
dampening [ half-life-reach reuse suppress ceiling | route-policy route-policy-
name ] *
----End
Prerequisites
BGP4+ route dampening has been configured.
Procedure
l Run the display bgp ipv6 routing-table dampened command to check BGP4+ dampened
routes.
l Run the display bgp ipv6 routing-table dampening parameter command to check the
configuration parameters of BGP4+ dampening.
l Run the display bgp ipv6 routing-table flap-info [ regular-expression as-regular-
expression | as-path-filter { as-path-filter-number | as-path-filter-name } | network-
address [ prefix-length [ longer-match ] ] ] command to check the statistics of BGP4+
route flapping.
----End
Usage Scenario
On large networks, there may be multiple valid routes to the same destination. BGP, however,
advertises only the optimal route to its peers. This may result in unbalanced traffic on different
routes.
Either of the following methods can be used to address the problem of unbalanced traffic:
l Use BGP routing policies to allow traffic to be balanced. For example, use a routing policy
to modify the Local_Pref, AS_Path, Origin, and Multi_Exit Discriminator (MED) attributes
of BGP routes to direct traffic to different forwarding paths for load balancing. For details
on how to modify attributes of BGP routes, see Configuring BGP4+ Route Attributes.
l Use multiple paths for load balancing. In this method, multiple equal-cost routes need to
be configured for traffic load balancing.
NOTE
Equal-cost BGP routes can be generated for traffic load balancing only when the first 9 route attributes
described in "Principles of Route Selection" in BGP Features Supported by the NE80E/40E are
the same, and the AS_Path attributes are also the same.
Pre-configuration Tasks
Before configuring BGP4+ load balancing, configure basic BGP4+ functions.
Data Preparation
To configure BGP4+ load balancing, you need the following data.
No. Data
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv6-family [ unicast ]
Step 4 Run:
maximum load-balancing [ ebgp | ibgp ] number
By default, the number of BGP4+ routes to be used for load balancing is 1, meaning that load
balancing is not implemented.
l ebgp indicates that load balancing is implemented only among EBGP routes.
l ibgp indicates that load balancing is implemented only among IBGP routes.
l If neither ebgp nor ibgp is specified, both EBGP and IBGP routes participate in load
balancing, and the number of EBGP routes to be used for load balancing is the same as the
number of IBGP routes to be used for load balancing.
NOTE
The maximum load-balancing number command cannot be configured together with the maximum load-
balancing ebgp number or maximum load-balancing ibgp number command.
When routes with the same destination addresses carry out load balancing on the public network, the system
determines the type of optimal routes first. If the optimal routes are IBGP routes, only IBGP routes carry
out load balancing. If the optimal routes are EBGP routes, only EBGP routes carry out load balancing. This
means that load balancing cannot be implemented among IBGP and EBGP routes with the same destination
address.
The device has been configured whether to change the next hop addresses of the routes to be
advertised to a local address.
If you run the maximum load-balancing number command, the device changes the next hop
addresses of the routes to be advertised to a local address no matter whether the routes are used
for load balancing.
If you run the maximum load-balancing [ ebgp | ibgp ] number command, the device does not
change the next hop addresses of the routes to be advertised to a local address no matter whether
the routes are used for load balancing.
The router is configured not to compare the AS_Path attributes of the routes to be used for load
balancing.
By default, the router compares the AS_Path attributes of the routes to be used for load balancing.
NOTE
l If there are multiple routes to the same destination but these routes pass through different ASs, load
balancing cannot be implemented among these routes by default. To implement load balancing among
these routes, run the load-balancing as-path-ignore command. After the load-balancing as-path-
ignore command is run, the device no longer compares the AS_Path attributes of the routes to be used
for load balancing. Therefore, exercise caution when using this command.
l The load-balancing as-path-ignore and bestroute as-path-ignore commands are mutually exclusive.
----End
l Run the display bgp ipv6 routing-table [ ipv6-address prefix-length ] command to check
routing information in an IPv6 BGP routing table.
l Run the display ipv6 routing-table [ verbose ] command to view the IPv6 routing table.
MED : 0 PrefVal : 0
Label :
Path/Ogn : ?
*> Network : 2001:db8:2002:: PrefixLen : 64
NextHop : :: LocPrf :
MED : 0 PrefVal : 0
Label :
Path/Ogn : ?
Applicable Environment
A great number of peers exist in a large-scale BGP4+ network, which is not convenient for
configuration and maintenance. In this case, you can configure peer groups to simplify the
management and improve the efficiency of route advertisement. According to the AS where the
peers reside, you can classify peer groups into IBGP peer groups and EBGP peer groups. You
can classify EBGP peer groups into pure EBGP peer groups and mixed EBGP peer groups. This
classification is performed according to the position of the peers in the same external AS.
Pre-configuration Tasks
Before configuring a BGP4+ peer group, complete the following task:
Data Preparation
To configure a BGP4+ peer group, you need the following data.
No. Data
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
group group-name [ internal ]
Step 4 Run:
ipv6-family [ unicast ]
Step 5 Run:
peer group-name enable
Step 6 Run:
peer ipv6-address group group-name
NOTE
After an IBGP peer is added to a peer group, the system automatically creates the IPv6 peer in the BGP
view. Besides, the system enables this IBGP peer in the IPv6 address family view.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
group group-name external
Step 4 Run:
peer group-name as-number { as-number-plain | as-number-dot }
Step 5 Run:
ipv6-family [ unicast ]
Step 6 Run:
peer group-name enable
Step 7 Run:
peer ipv6-address group group-name
----End
Procedure
Step 1 Run:
system-view
When creating a mixed EBGP peer group, you need to create peers separately, and you can
configure different AS numbers for them, but cannot configure the AS number for the peer group.
----End
Prerequisites
A BGP4+ peer group has been configured.
Procedure
l Run the display bgp ipv6 group [ group-name ] command to check information about the
IPv6 peer group.
----End
Applicable Environment
To ensure the connectivity between IBGP peers inside an AS, you need to establish full-meshed
IBGP peers. When there are many IBGP peers, establishing a full-meshed network costs a lot.
The route reflector or the confederation can be used to solve this problem.
Pre-configuration Tasks
Before configuring a BGP4+ route reflector, complete the following task:
Data Preparation
To configure a BGP4+ route reflector, you need the following data.
No. Data
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv6-family [ unicast ]
Step 4 Run:
peer { ipv4-address | ipv6-address | group-name } reflect-client
The router on which this command is run serves as the route reflector. In addition, this command
specifies the peers that serve as its clients.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv6-family [ unicast ]
Step 4 Run:
undo reflect between-clients
If the clients of the route reflector are full-meshed, you can use the undo reflect between-
clients command to disable the route reflection between the clients. This reduces cost.
By default, the route reflection between clients is enabled.
This command is used only on the reflector.
----End
Procedure
Step 1 Run:
system-view
NOTE
When there are multiple route reflectors in a cluster, you can use the command to configure all the route
reflectors in this cluster with the same cluster ID. This avoids routing loops.
----End
Context
Usually, BGP4+ routes are delivered to the IPv6 routing table on the router to guide traffic
forwarding. If the router does not need to forward traffic, disable BGP4+ route delivery to the
IPv6 routing table on the router.
BGP4+ route delivery to the IPv6 routing table is generally disabled on RRs. An RR transmits
routes and forwards traffic within an AS. If the RR is connected to many clients and non-clients,
the route transmission task will consume a lot of central processing unit (CPU) resources of the
RR and cause the RR unable to implement traffic forwarding. To improve the efficiency of route
transmission, disable BGP4+ route delivery to the IPv6 routing table on the RR to make the RR
dedicated to route transmission.
Procedure
Step 1 Run:
system-view
NOTE
The routing-table rib-only command and the active-route-advertise command are mutually exclusive.
----End
Context
According to RFC 4456, the route attributes on the RR cannot be modified using the export
policy. This is because it may cause route loops. By default, the RR is disabled from modifying
the route attributes using the export policy. But if you need to re-plan the network traffic, you
can enable the RR to modify the route attributes by using the export policy.
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv6-family unicast
Step 4 Run:
reflect change-path-attribute
You can enable the RR to modify the route attributes of the BGP4+ routes using the export
policy.
By default, you can disable the RR from modifying the route attributes using the export policy.
After you enable the reflect change-path-attribute command on an RR, the configurations of
the RR attributes modified using the export policy takes effect immediately. Perform the
following operations:
l Run the apply as-path command to modify the AS_Path attributes of BGP4+ routes.
l Run the apply comm-filter delete command to delete all community attributes from a BGP4
+ route.
l Run the apply community command modifies the AS_Path attributes of BGP4+ routes.
l Run the apply cost command to modify the cost of BGP4+ routes, that is, to modify its
Multi_Exit Discriminator (MED).
l Run the apply ipv6 next-hop command to modify the next hop of BGP4+ routes.
l Run the apply local-preference command to modify the local preference of BGP4+ routes.
l Run the apply origin command to modify the Origin attributes of BGP4+ routes.
l Run the apply extcommunity command to modify the extended community attributes of
BGP4+ routes.
NOTE
After the reflect change-path-attribute command is run on the RR, the peer route-policy export
command takes precedence over the peer next-hop-invariable and peer next-hop-local commands.
----End
Prerequisites
A BGP4+ route reflector has been configured.
Procedure
l Run the display bgp ipv6 peer [ verbose ] command to check information about BGP4+
peers.
l Run the display bgp ipv6 peer ipv4-address verbose command to check information about
BGP4+ peers.
l Run the display bgp ipv6 peer ipv6-address { log-info | verbose } command to check
information about BGP4+ peers.
----End
Applicable Environment
The confederation is a method of handling the abrupt increase of IBGP connections in an AS.
The confederation divides an AS into multiple sub-ASs. In each sub-AS, IBGP peers can be
full-meshed or be configured with a route reflector. EBGP connections are set up between sub-
ASs.
Pre-configuration Tasks
Before configuring a BGP4+ confederation, complete the following task:
Data Preparation
To configure a BGP4+ confederation, you need the following data.
No. Data
Procedure
l Configuring a BGP4+ Confederation
1. Run:
system-view
The sub-AS number of other EBGP peers connected to the local AS is set.
You must run the confederation id and confederation peer-as commands for all the
EBGP peers that belong to a confederation, and specify the same confederation ID for
them.
NOTE
The old speaker with 2-byte AS numbers and the new speaker with 4-byte AS numbers cannot
exist in the same confederation. Otherwise, routing loops may occur because AS4_Path does
not support confederations.
l Configuring the Compatibility of a Confederation
1. Run:
system-view
When the confederation of other devices does not conform to the RFC, you can use
this command to make standard devices be compatible with nonstandard devices.
----End
Prerequisites
A BGP4+ confederation has been configured.
Procedure
l Run the display bgp ipv6 peer [ verbose ] command to check detailed information about
BGP4+ peers.
----End
Applicable Environment
6PE interconnects separated IPv6 networks at different locations by using the MPLS technology
in an IPv4 network. Multiple modes are used to connect separated IPv6 networks by using the
tunnel technology. The tunnel in 6PE mode supports the IPv4/IPv6 dual stacks on PEs of the
Internet Service Provider (ISP). It identifies IPv6 routes by using the label assigned by MP-BGP,
and implements IPv6 interworking through tunnels between PEs.
Pre-configuration Tasks
Before configuring BGP4+ 6PE, complete the following task:
MPLS label switched paths (LSPs), MPLS Local IFNET tunnels, MPLS TE tunnels, and GRE tunnels
are often used between PEs to transmit IPv6 packets. By default, a PE uses an MPLS LSP to transmit
IPv6 packets. If you want a PE to transmit IPv6 packets over an MPLS TE or a GRE tunnel, run the
tunnel-policy command to configure a tunnel policy on the PE and run the peer tnl-policy command
to apply the tunnel policy to IPv6 labeled routes. Then, IPv6 labeled routes will be able to be iterated
to these tunnels. If the MPLS LSPs, MPLS TE tunnels, and GRE tunnels are all unavailable, the PE
uses MPLS Local IFNET tunnels.
Data Preparation
To configure BGP4+ 6PE, you need the following data.
No. Data
Context
Perform the following steps on the PE supporting the IPv4/IPv6 dual stacks:
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
peer ipv4-address as-number { as-number-plain | as-number-dot }
The IP address and AS number of a PE that needs to be configured with 6PE are specified.
Step 4 Run:
ipv6-family unicast
Step 5 Run:
peer ipv4-address enable
Step 6 Run:
peer ipv4-address label-route-capability
----End
Context
By default, the 6PE device applies for a label for each 6PE route. When a large number of 6PE
routes need to be sent, a large number of labels are required. This greatly wastes label resources
and causes IPv6 routes unable to be advertised due to the shortage of label resources.
After 6PE routes sharing the explicit null label is enabled, all 6PE routes to be sent to the same
6PE peer share the explicit null label 2.
Procedure
Step 1 Run:
system-view
All 6PE routes to be sent to the same 6PE peer share the explicit null label.
If you run this command after a 6PE peer relationship is established, temporary packet loss
occurs.
----End
Prerequisites
BGP4+ 6PE has been configured.
Procedure
l Run the display bgp ipv6 peer [ verbose ] command to check detailed information about
BGP4+ peers.
----End
Example
Run the display bgp ipv6 peer [ verbose ] command on a PE. The command output shows the
BGP4+ peer relationship between the PE and a CE and the 6PE peer relationship between the
PE and the peer PE.
Applicable Environment
6PE interconnects separate IPv6 networks at different locations using MPLS tunnels on an
existing IPv4 network. Separate IPv6 networks can be connected using multiple tunneling
techniques. 6PE implements IPv4/IPv6 dual stack on service provider PEs and uses MP-BGP
to assign labels to IPv6 routes, enabling IPv6 networks to communicate over tunnels between
PEs.
Pre-configuration Tasks
Before configuring inter-AS 6PE, complete the following tasks:
NOTE
l In inter-AS 6PE OptionB with Autonomous System Boundary Routers (ASBRs) as PEs, PEs
usually establish MPLS Label Switched Paths (LSPs), MPLS Local IFNET tunnels, MPLS TE
tunnels, or GRE tunnels between each other. By default, a PE uses an MPLS LSP to transmit
IPv6 packets. If you want a PE to transmit IPv6 packets over an MPLS TE or a GRE tunnel, run
the tunnel-policy command to configure a tunnel policy on the PE and run the peer tnl-policy
command to apply the tunnel policy to IPv6 labeled routes. Then, IPv6 labeled routes will be
able to be iterated to these tunnels. If the MPLS LSPs, MPLS TE tunnels, and GRE tunnels are
all unavailable, the PE uses MPLS Local IFNET tunnels.
l In inter-AS 6PE OptionB, PEs usually establish MPLS LSPs, MPLS TE tunnels, or GRE tunnels
with ASBRs; ASBRs usually establish MPLS LSPs, MPLS Local IFNET tunnels, MPLS TE
tunnels, or GRE tunnels with each other. By default, a PE or an ASBR uses an MPLS LSP to
transmit IPv6 packets. If you want a PE or an ASBR to transmit IPv6 packets over an MPLS TE
or a GRE tunnel, run the tunnel-policy command to configure a tunnel policy on the PE or ASBR
and run the peer tnl-policy command to apply the tunnel policy to IPv6 labeled routes. Then,
IPv6 labeled routes will be able to be iterated to these tunnels. If the MPLS LSPs, MPLS TE
tunnels, and GRE tunnels are all unavailable, the PE or ASBR uses MPLS Local IFNET tunnels.
l In inter-AS 6PE OptionC, PEs usually establish BGP LSPs with each other. ASBRs usually
establish MPLS LSPs, MPLS Local IFNET tunnels, MPLS TE tunnels, or GRE tunnels with PEs
or other ASBRs. By default, a PE or an ASBR uses an MPLS LSP to transmit IPv6 packets. If
you want a PE or an ASBR to transmit IPv6 packets over an MPLS TE or a GRE tunnel, run the
tunnel-selector command in the system view to configure a tunnel selector on the PE or ASBR
and run the tunnel-selector command in the BGP view to apply the tunnel selector to BGP-IPv4
labeled routes. If the MPLS LSPs, MPLS TE tunnels, and GRE tunnels are all unavailable, the
PE or ASBR uses MPLS Local IFNET tunnels.
Data Preparation
To configure inter-AS 6PE, you need the following data.
No. Data
Context
Before configuring inter-AS 6PE OptionB with Autonomous System Boundary Routers
(ASBRs) as PEs, ensure that tunnels have been established between ASBRs to transparently
transmit IPv6 packets. The tunnels can be MPLS Label Switched Paths (LSPs) or MPLS Local
IFNET tunnels. By default, an ASBR uses an MPLS LSP to transmit IPv6 packets. If no MPLS
LSP is available, an ASBR uses an MPLS Local IFNET tunnel to transmit IPv6 packets. The
difference between an MPLS Local IFNET tunnel and an MPLS LSP is that the former does not
require you to enable MPLS LDP on interfaces used to connect PEs.
Perform the following steps on each PE to which separate IPv6 networks are connected:
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
peer ipv4-address as-number { as-number-plain | as-number-dot }
Step 4 Run:
ipv6-family unicast
Step 5 Run:
peer ipv4-address enable
The 6PE peer relationship is enabled in the IPv6 unicast address family view.
Step 6 Run:
peer ipv4-address label-route-capability
6PE routes to be sent to the same 6PE peer are configured to share the same explicit null label.
NOTE
If a 6PE peer relationship has been established, running this command will trigger PEs to re-allocate labels
and cause temporary packet loss.
By default, each 6PE route is assigned a label. The number of required labels is proportionate
to the number of 6PE routes to be sent to the 6PE peer. If a large number of 6PE routes are to
be sent, a large number of labels are required.
After 6PE routes to be sent to the same 6PE peer are configured to share the same explicit null
label, all the 6PE routes to be sent to 6PE peers share the same explicit null label 2. The number
of required labels is irrelevant to the number of 6PE routes to be sent. This configuration saves
label resources on 6PE devices.
----End
Context
Before configuring inter-AS 6PE OptionB, configure an inter-AS OptionB network to ensure
that tunnels can be established between Autonomous System Boundary Routers (ASBRs) and
between PEs and ASBRs. For configuration details, see "Configuring Inter-AS VPN OptionB"
in NE80E/40E Configuration Guide - VPN.
On an inter-AS OptionB network, labeled IPv6 routes are transmitted between PEs by means of
ASBRs. The PE and ASBR in the same AS establish an MP-IBGP peer relationship to exchange
labeled IPv6 routes. The ASBRs in two different ASs establish an MP-EBGP peer relationship
to exchange labeled IPv6 routes. After you configure an inter-AS OptionB network, establish
6PE peer relationships between the ASBRs in different ASs and between the PE and ASBR in
the same AS.
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
peer ipv4-address as-number { as-number-plain | as-number-dot }
A PE only needs to establish an IBGP peer relationship with the ASBR in the same AS. An
ASBR must establish an IBGP peer relationship with the PE in the same AS and an EBGP peer
relationship with the ASBR in the other AS.
Step 4 Run:
ipv6-family unicast
Step 5 Run:
peer ipv4-address enable
The 6PE peer relationship is enabled in the IPv6 unicast address family view.
Step 6 Run:
peer ipv4-address label-route-capability
6PE routes to be sent to the same 6PE peer are configured to share the same explicit null label.
NOTE
If a 6PE peer relationship has been established, running this command will trigger PEs to re-allocate labels
and cause temporary packet loss.
By default, each 6PE route is assigned a label. The number of required labels is proportionate
to the number of 6PE routes to be sent to the 6PE peer. If a large number of 6PE routes are to
be sent, a large number of labels are required.
After 6PE routes to be sent to the same 6PE peer are configured to share the same explicit null
label, all the 6PE routes to be sent to 6PE peers share the same explicit null label 2. The number
of required labels is irrelevant to the number of 6PE routes to be sent. This configuration saves
label resources on 6PE devices.
----End
Context
Before configuring inter-AS 6PE OptionC, configure an inter-AS OptionC network to ensure
that end-to-end MPLS label switched paths (LSPs) can be established between PEs.
Two inter-AS 6PE OptionC solutions are available, depending on the establishment methods of
end-to-end LSPs.
l Solution 1: A local Autonomous System Boundary Router (ASBR) learns the labeled public
network BGP route from the peer ASBR, assigns a label to this route, and advertises this
route to its IBGP peer, a PE in the same AS. Then, a complete LSP is established between
the ingress and egress PEs on the public network. For more information, see "Configuring
Inter-AS VPN OptionC (Solution 1)" in NE80E/40E Configuration Guide - VPN.
l Solution 2: The IBGP peer relationship between the PE and ASBR in the same AS is not
needed. In this solution, a local ASBR learns the labeled public network BGP route from
the peer ASBR and imports this route to an IGP to trigger LDP LSP establishment. Then,
a complete LSP is established between the ingress and egress PEs on the public network.
For more information, see "Configuring Inter-AS VPN OptionC (Solution 2)" in NE80E/
40E Configuration Guide - VPN.
In an inter-AS 6PE OptionC scenario, PEs establish multi-hop MP-EBGP peer relationships to
exchange labeled IPv6 routes and establish end-to-end BGP LSPs to transmit IPv6 packets. The
way in which an end-to-end BGP LSP is established does not matter much to inter-AS 6PE
OptionC. After configuring an inter-AS OptionC network, perform the following steps on the
ingress and egress PEs that connect to separate IPv6 networks:
Procedure
Step 1 Run:
system-view
Step 2 Run:
Step 3 Run:
peer ipv4-address as-number { as-number-plain | as-number-dot }
Step 4 Run:
peer ipv4-address ebgp-max-hop [ hop-count ]
By default, a direct physical link must be available between EBGP peers. If such a link does not
exist, run the peer ebgp-max-hop command to allow EBGP peers to establish a TCP connection
over multiple hops.
If hop-count is not specified in the peer ebgp-max-hop command, 255 is used as the maximum
number of hops in EBGP connections.
Step 5 Run:
ipv6-family unicast
Step 6 Run:
peer ipv4-address enable
The 6PE peer relationship is enabled in the IPv6 unicast address family view.
Step 7 Run:
peer ipv4-address label-route-capability
6PE routes to be sent to the same 6PE peer are configured to share the same explicit null label.
NOTE
If a 6PE peer relationship has been established, running this command will trigger PEs to re-allocate labels
and cause temporary packet loss.
By default, each 6PE route is assigned a label. The number of required labels is proportionate
to the number of 6PE routes to be sent to the 6PE peer. If a large number of 6PE routes are to
be sent, a large number of labels are required.
After 6PE routes to be sent to the same 6PE peer are configured to share the same explicit null
label, all the 6PE routes to be sent to 6PE peers share the same explicit null label 2. The number
of required labels is irrelevant to the number of 6PE routes to be sent. This configuration saves
label resources on 6PE devices.
----End
Prerequisites
Inter-AS 6PE has been configured.
Procedure
Step 1 Run the display bgp ipv6 peer [ verbose ] command on a PE to check BGP4+ peer information.
Step 2 Run the display ipv6 routing-table command on a CE to check IPv6 route information.
----End
Example
Run the display bgp ipv6 peer [ verbose ] command on a PE. The command output shows the
BGP4+ peer relationship between the PE and a CE and the 6PE peer relationship between the
PE and an ASBR in the same AS or between the PE and the peer PE.
Run the display ipv6 routing-table command on each CE. The command output shows the IPv6
routes received from the peer CE.
Applicable Environment
6PE services are sensitive to the packet loss and delay. If high requirements are imposed on the
reliability of the IPv4/MPLS network that carries the 6PE services, you can enable 6PE FRR on
6PE devices.
Enabled with 6PE FRR, a 6PE device selects an optimal route and a sub-optimal route among
the routes with the same IP prefix from different 6PE peers. The optimal route serves as the
primary route, and the sub-optimal route serves as the backup route. When traffic forwarding
on the primary route fails, 6PE services can be quickly redirected to the backup next hop.
Pre-configuration Tasks
Before configuring 6PE FRR, complete the following tasks:
l Configuring a routing protocol on 6PE devices to enable the connectivity between devices
on the IPv4/MPLS network
l Configuring different IGP metrics on the IPv4/MPLS network to ensure that two routes of
different costs are generated between 6PE devices
Data Preparation
To configure 6PE FRR, you need the following data.
No. Data
Context
For details, see Configuring BGP4+ 6PE.
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv6-family unicast
Step 4 Run:
auto-frr
The function of the auto-frr command varies with the command configuration view. At present,
the auto-frr command configured in the BGP-IPv6 unicast address family view is valid only
for 6PE FRR.
In a 6PE FRR scenario, if the device on which FRR is configured completes refreshing
forwarding entries before the intermediate device on the primary path does so after the primary
path recovers, traffic may be temporarily lost after it switches back to the primary path from the
backup path. The severity of packet loss is proportional to the number of routes stored on the
intermediate device. To solve this problem, perform any of the following operations to prevent
path-switchover-triggered packet loss:
l In the BGP view of the intermediate device on the primary path, run:
out-delay delay-value
A delay for sending Update packets to all BGP peers is configured. An appropriate delay
ensures that traffic switches back to the primary path after the intermediate device on the
primary path completes refreshing forwarding entries.
The delay-value value is an integer ranging from 0 to 3600, in seconds. The default delay-
value value is 0, indicating that the intermediate device on the primary path sends Update
packets without a delay. The delay-value value is inversely proportional to the route
convergence performance of the device on which FRR is configured.
l In the BGP IPv6 unicast address family view of the intermediate device on the primary path,
run:
peer { group-name | ipv6-address } out-delay delay-value
A delay for sending Update packets is configured. An appropriate delay ensures that traffic
switches back to the primary path after the intermediate device on the primary path completes
refreshing forwarding entries.
The delay-value value is an integer ranging from 0 to 3600, in seconds. The default delay-
value value is 0, indicating that the intermediate device on the primary path sends Update
packets without a delay. The delay-value value is inversely proportional to the route
convergence performance of the device on which FRR is configured.
l In the BGP IPv6 unicast address family view of the device on which FRR is configured, run:
route-select delay delay-value
A delay for selecting a route to the intermediate device on the primary path is configured.
An appropriate delay ensures that traffic switches back to the primary path after the
intermediate device completes refreshing forwarding entries.
The delay-value value is an integer ranging from 0 to 3600, in seconds. The default delay-
value value is 0, indicating that the device on which FRR is configured selects a route to the
intermediate device on the primary path without a delay.
----End
Prerequisites
6PE FRR has been configured.
Procedure
l Run the display ipv6 routing-table ipv6-address [ prefix-length ] [ longer-match ]
verbose command to check the backup next hop, backup tunnel, and backup label in the
routing table.
----End
Example
Run the display ipv6 routing-table ipv6-address [ prefix-length ] [ longer-match ] verbose
command on the 6PE devices enabled with 6PE FRR to check the backup next hop, backup
tunnel, and backup label of 6PE routes in the routing table.
<HUAWEI> display ipv6 routing-table 2001:db8:2003::1 verbose
Routing Table :
Summary Count : 1
Applicable Environment
l BGP4+ authentication
BGP4+ uses TCP as the transport layer protocol. To enhance BGP4+ security, you can
perform the Message Digest 5 (MD5) authentication when TCP connections are created.
The MD5 authentication, however, does not authenticate BGP4+ packets. Instead, it sets
MD5 authentication passwords for TCP connections, and the authentication is then
completed by TCP. If the authentication fails, TCP connections cannot be established.
NOTE
The Generalized TTL Security Mechanism (GTSM) is used to prevent attacks by using the
TTL detection. If an attack simulates BGP4+ packets and sends a large number of packets
to a router, an interface through which the router receives the packets directly sends the
packets to BGP4+ of the control layer, without checking the validity of the packets. In this
manner, routers on the control layer process the packets as valid packets. As a result, the
system becomes busy, and CPU usage is high.
In this case, you can configure GTSM to solve the preceding problem. After GTSM is
configured on a router, the router checks whether the TTL value in the IP header of a packet
is in the pre-defined range after receiving the packet. If yes, the router forwards the packet;
if not, the router discards the packet. This enhances the security of the system.
NOTE
Pre-configuration Tasks
Before configuring BGP4+ security, complete the following task:
Data Preparation
Before configure BGP4+ security, you need the following data.
No. Data
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
peer { ipv6-address | group-name } password { cipher cipher-password | simple
simple-password }
NOTE
When configuring an authentication password, select the ciphertext mode because the password is saved
in configuration files in plaintext if you select simple mode, which has a high risk. To ensure device security,
change the password periodically.
When the peer password command is used in the BGP view, the extensions on Virtual Private Network
version 6 (VPNv6) of MP-BGP are also valid because they use the same TCP connection.
The BGP MD5 authentication and BGP Keychain authentication are mutually exclusive.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
peer { ipv6-address | group-name } keychain keychain-name
You must configure Keychain authentication on both BGP peers. Note that encryption
algorithms and passwords configured for the Keychain authentication on both peers must be the
same; otherwise, the TCP connection cannot be set up between BGP peers and BGP messages
cannot be transmitted.
Before configuring the BGP Keychain authentication, configure a Keychain in accordance with
the configured keychain-name. Otherwise, the TCP connection cannot be set up.
NOTE
l When this command is used in the BGP view, the extensions on VPNv6 of MP-BGP are also valid
because they use the same TCP connection.
l The BGP MD5 authentication and BGP Keychain authentication are mutually exclusive.
----End
Procedure
l Configuring Basic BGP4+ GTSM Functions
Perform the following steps on the two peers:
1. Run:
system-view
NOTE
l The configuration in the BGP view is also valid for the VPNv6 extension of MP-BGP. This
is because they use the same TCP connection.
l GSTM is exclusive with EBGP-MAX-HOP; therefore, you can enable only one of them
on the same peer or the peer group.
After the BGP4+ GTSM policy is configured, an interface board checks the TTL
values of all BGP4+ packets. According to the actual networking requirements, you
can configure GTSM to discard or process the packets that do not match the GTSM
policy. If you configure GTSM to discard the packets that do not match the GTSM
policy by default, you can configure the range of finite TTL values according to the
network topology; therefore, the interface board directly discards the packets with the
TTL value not in the configured range. Therefore, the attackers cannot simulate valid
BGP4+ packets to occupy CPU resources.
l Performing the Default GTSM Action
Perform the following steps on the router configured with GTSM:
1. Run:
system-view
The default action is configured for the packets that do not match the GTSM policy.
By default, the packets that do not match the GTSM policy can pass the filtering.
NOTE
If only the default action is configured and the GTSM policy is not configured, GTSM does
not take effect.
----End
Prerequisites
BGP4+ security has been configured.
Procedure
l Run the display gtsm statistics { slot-id | all } command to check the statistics of GTSM.
Run the display gtsm statistics command. You can view GTSM statistics on each board,
including the total number of BGP4+ packets, the total number of OSPF packets, the
number of packets that match the GTSM policy, and the number of discarded packets.
l Run the display bgp ipv6 peer ipv6-address verbose command to check information about
BGP4+ GTSM.
l Run the display bgp group [ group-name ] command to check GTSM of a BGP4+ peer
group.
----End
Context
NOTICE
The peer relationship is broken after you reset the BGP4+ connections with the reset bgp
ipv6 command. Exercise caution when running this command.
To reset a BGP4+ session in GR mode, run the reset bgp command with the graceful parameter
specified and run the graceful-restart peer-reset command. If the graceful parameter is not
specified in the reset bgp command or if the graceful-restart peer-reset command is not run,
the GR reset mode does not take effect, so that routing entries will be deleted for existing sessions,
interrupting services. The services will be restored after the BGP4+ peer relationship is
reestablished.
After the BGP4+ configuration changes, reset the BGP4+ connections to validate the
modification.
To reset the BGP4+ connections, run the following reset command in the user view.
Procedure
l To validate the new configuration, run the reset bgp ipv6 all [ graceful ] command in the
user view to reset all the BGP4+ connections.
l To validate the new configuration, run the reset bgp ipv6 { as-number-plain | as-number-
dot } [ graceful ] command in the user view to reset the BGP+4 connections between the
peers in a specified AS.
l To validate the new configuration, run the reset bgp ipv6 { ipv4-address | ipv6-address |
group group-name } [ graceful ] command in the user view to reset the BGP+4 connections
with the specified peer (or peer group).
l To validate the new configuration, run the reset bgp ipv6 external [ graceful ] command
in the user view to reset the external BGP4+ connections.
l To validate the new configuration, run the reset bgp ipv6 internal [ graceful ] command
in the user view to reset the internal BGP4+ connections.
----End
Context
NOTICE
The BGP4+ statistics cannot be restored after being cleared. Exercise caution when running this
command.
Procedure
l Run the reset bgp ipv6 dampening [ ipv6-address prefix-length ] command in the user
view to clear information about route dampening and release the suppressed routes.
l Run the reset bgp ipv6 flap-info [ ipv6-address prefix-length | regexp as-path-regexp |
as-path-filter { as-path-filter-number | as-path-filter-name } ] command in the user view
to clear the statistics of route flapping.
----End
NOTE
This document takes interface numbers and link types of the NE40E-X8 as an example. In working
situations, the actual interface numbers and link types may be different from those used in this document.
Networking Requirement
As shown in Figure 9-1, there are two ASs: 65008 and 65009. Router A belongs to AS 65008;
Router B, Router C, and Router D belong to AS65009. BGP4+ is required to exchange the routing
information between the two ASs.
RouterC AS 65009
POS3/0/0 POS2/0/0
2001:db8:3::2/64 2001:db8:2::1/64
20
01
:d PO
b8 S
AS 65008
POS3/0/0 :2 2/0
GE1/0/0 ::2 /0
2001:db8:3::1/64 POS1/0/0 /6
2001:db8:8::1/64 4
2001:db8:1::1/64
POS2/0/0 RouterB POS1/0/0
RouterA 2001:db8:10::2/64 POS2/0/0 2001:db8:1::2/64 RouterD
2001:db8:10::1/64
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Assign an IPv6 address for each interface.
# Configure Router B.
[RouterB] ipv6
[RouterB] bgp 65009
[RouterB-bgp] router-id 2.2.2.2
[RouterB-bgp] peer 2001:db8:1::2 as-number 65009
[RouterB-bgp] peer 2001:db8:3::2 as-number 65009
[RouterB-bgp] ipv6-family unicast
[RouterB-bgp-af-ipv6] peer 2001:db8:1::2 enable
[RouterB-bgp-af-ipv6] peer 2001:db8:3::2 enable
[RouterB-bgp-af-ipv6] network 2001:db8:1:: 64
[RouterB-bgp-af-ipv6] network 2001:db8:3:: 64
[RouterB-bgp-af-ipv6] quit
[RouterB-bgp] quit
# Configure Router C.
[RouterC] ipv6
[RouterC] bgp 65009
[RouterC-bgp] router-id 3.3.3.3
[RouterC-bgp] peer 2001:db8:3::1 as-number 65009
[RouterC-bgp] peer 2001:db8:2::2 as-number 65009
[RouterC-bgp] ipv6-family unicast
[RouterC-bgp-af-ipv6] peer 2001:db8:3::1 enable
[RouterC-bgp-af-ipv6] peer 2001:db8:2::2 enable
[RouterC-bgp-af-ipv6] network 2001:db8:3:: 64
[RouterC-bgp-af-ipv6] network 2001:db8:2:: 64
[RouterC-bgp-af-ipv6] quit
[RouterC-bgp] quit
# Configure Router D.
[RouterD] ipv6
[RouterD] bgp 65009
[RouterD-bgp] router-id 4.4.4.4
[RouterD-bgp] peer 2001:db8:1::1 as-number 65009
[RouterD-bgp] peer 2001:db8:2::1 as-number 65009
[RouterD-bgp] ipv6-family unicast
[RouterD-bgp-af-ipv6] peer 2001:db8:1::1 enable
[RouterD-bgp-af-ipv6] peer 2001:db8:2::1 enable
[RouterD-bgp-af-ipv6] network 2001:db8:2:: 64
[RouterD-bgp-af-ipv6] network 2001:db8:1:: 64
[RouterD-bgp-af-ipv6] quit
[RouterD-bgp] quit
# Configure Router B.
[RouterB] bgp 65009
[RouterB-bgp] peer 2001:db8:10::2 as-number 65008
[RouterB-bgp] ipv6-family unicast
[RouterB-bgp-af-ipv6] peer 2001:db8:10::2 enable
[RouterB-bgp-af-ipv6] network 2001:db8:10:: 64
[RouterB-bgp-af-ipv6] quit
[RouterB-bgp] quit
The routing table shows that Router B has set up BGP4+ connections with other routers.
# Display the routing table of Router A.
[RouterA]display bgp ipv6 routing-table
BGP Local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 6
*> Network : 2001:db8:8:: PrefixLen : 64
NextHop : :: LocPrf :
MED : 0 PrefVal : 0
Label :
Path/Ogn : i
*> Network : 2001:db8:1:: PrefixLen : 64
NextHop : 2001:db8:10::1 LocPrf :
MED : 0 PrefVal : 0
Label :
Path/Ogn : 65009 i
*> Network : 2001:db8:2:: PrefixLen : 64
NextHop : 2001:db8:10::1 LocPrf :
MED : PrefVal : 0
Label :
Path/Ogn : 65009 i
*> Network : 2001:db8:3:: PrefixLen : 64
NextHop : 2001:db8:10::1 LocPrf :
MED : 0 PrefVal : 0
Label :
Path/Ogn : 65009 i
The routing table shows that Router A has learned the route from AS 65009. AS 65008 and AS
65009 can exchange their routing information.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
ipv6
#
interface GigabitEthernet1/0/0
ipv6 enable
ipv6 address 2001:db8:8::1/64
#
interface Pos2/0/0
link-protocol ppp
ipv6 enable
ipv6 address 2001:db8:10::2/64
#
bgp 65008
router-id 1.1.1.1
peer 2001:db8:10::1 as-number 65009
#
ipv4-family unicast
undo synchronization
#
ipv6-family unicast
network 2001:db8:8:: 64
network 2001:db8:10:: 64
peer 2001:db8:10::1 enable
#
return
Networking Requirements
As shown in Figure 9-2, Router B receives an update packet from the EBGP peer and forwards
it to Router C. Router C is configured as a route reflector with two clients, Router B and Router
D.
Router B and Router D need not set up an IBGP connection. When Router C receives the route
update packet from Router B, it reflects the information to Router D. Similarly, when Router C
receives the route update packet from Router D, it reflects the information to Router B.
RouterC
AS200
GE2/0/0 GE1/0/0
AS100 2001:db8:101::1/96 2001:db8:102::1/96
GE2/0/0 GE1/0/0 GE1/0/0
2001:db8:100::1/96 2001:db8:101::2/96 2001:db8:102::2/96
GE1/0/0
2001:db8:1::1/64 RouterB
RouterA
GE2/0/0 RouterD
2001:db8:100::2/96
Configuration Roadmap
The configuration roadmap is as follows:
1. Establish an IBGP connection between the client and the route reflector.
2. Configure Router C as the route reflector and check the routing information.
Preparation Data
To complete the configuration, you need the following data:
l The AS numbers are AS 100 and AS 200.
l The router IDs of Router A, Router B, Router C, and Router D are 1.1.1.1, 2.2.2.2, 3.3.3.3,
and 4.4.4.4 respectively.
Procedure
Step 1 Assign an IPv6 address for each interface.
For configuration details, see "Configuration Files" in this section.
Step 2 Configure basic BGP4+ functions.
# Configure Router A.
[RouterA] ipv6
[RouterA] bgp 100
[RouterA-bgp] router-id 1.1.1.1
[RouterA-bgp] peer 2001:db8:100::2 as-number 200
[RouterA-bgp] ipv6-family unicast
[RouterA-bgp-af-ipv6] peer 2001:db8:100::2 enable
[RouterA-bgp-af-ipv6] network 2001:db8:1:: 64
[RouterA-bgp-af-ipv6] network 2001:db8:100:: 96
[RouterA-bgp-af-ipv6] quit
[RouterA-bgp] quit
# Configure Router B.
[RouterB] ipv6
[RouterB] bgp 200
[RouterB-bgp] router-id 2.2.2.2
[RouterB-bgp] peer 2001:db8:100::1 as-number 100
[RouterB-bgp] peer 2001:db8:101::1 as-number 200
[RouterB-bgp] ipv6-family unicast
[RouterB-bgp-af-ipv6] peer 2001:db8:100::1 enable
[RouterB-bgp-af-ipv6] peer 2001:db8:101::1 enable
[RouterB-bgp-af-ipv6] network 2001:db8:100:: 96
[RouterB-bgp-af-ipv6] network 2001:db8:101:: 96
[RouterB-bgp-af-ipv6] quit
[RouterB-bgp] quit
# Configure Router C.
[RouterC] ipv6
[RouterC] bgp 200
[RouterC-bgp] router-id 3.3.3.3
[RouterC-bgp] peer 2001:db8:101::2 as-number 200
[RouterC-bgp] peer 2001:db8:102::2 as-number 200
[RouterC-bgp] ipv6-family unicast
[RouterC-bgp-af-ipv6] peer 2001:db8:101::2 enable
[RouterC-bgp-af-ipv6] peer 2001:db8:102::2 enable
[RouterC-bgp-af-ipv6] network 2001:db8:101:: 96
[RouterC-bgp-af-ipv6] network 2001:db8:102:: 96
# Configure Router D.
[RouterD] ipv6
[RouterD] bgp 200
[RouterD-bgp] router-id 4.4.4.4
The routing table shows that Router D and Router B learn the routing information advertised by
Router A from Router C.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
ipv6
#
interface GigabitEthernet1/0/0
ipv6 enable
ipv6 address 2001:db8:1::1/64
#
interface GigabitEthernet2/0/0
ipv6 enable
ipv6 address 2001:db8:100::1/96
#
bgp 100
router-id 1.1.1.1
peer 2001:db8:100::2 as-number 200
#
ipv6-family unicast
undo synchronization
network 2001:db8:1:: 64
network 2001:db8:100:: 96
peer 2001:db8:100::2 enable
#
return
ipv6-family unicast
undo synchronization
network 2001:db8:102:: 96
peer 2001:db8:102::1 enable
#
Return
Networking Requirements
l As shown in Figure 9-3, Router A belongs to AS 100, Router B to AS 200, and Router C
to AS 200. Establish an EBGP connection between Router A and Router B and that between
Router A and Router C.
l Traffic is transmitted on the active link Router A → Router B. The link Router A → Router
C → Router B acts as the standby link.
l Use BFD to detect the BGP session between Router A and Router B. When the link between
Router A and Router B fails, BFD can rapidly detect the failure and notify BGP of the
failure. Traffic is transmitted on the standby link.
GE3/0/0
2001:db8:7::1/64
GE2/0/0
2001:db8:8::2/64
RouterA IBGP
AS 200
GE2/0/0
2001:db8:10::1/64 EBGP GE1/0/0
2001:db8:9::1:2/64
GE2/0/0
2001:db8:10::2/64 RouterC
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Assign an IPv6 address to each interface.
Step 2 Configure the basic BGP4+ functions. Establish an EBGP connection between Router A and
Router B, that between Router A and Router C. Establish an IBGP connection between Router
B and Router C.
# Configure Router A.
[RouterA] bgp 100
[RouterA-bgp] router-id 1.1.1.1
[RouterA-bgp] peer 2001:db8:8::2 as-number 200
[RouterA-bgp] peer 2001:db8:10::2 as-number 200
[RouterA-bgp] ipv6-family unicast
[RouterA-bgp-af-ipv6] peer 2001:db8:8::2 enable
[RouterA-bgp-af-ipv6] peer 2001:db8:10::2 enable
[RouterA-bgp-af-ipv6] quit
[RouterA-bgp] quit
# Configure Router B.
[RouterB] bgp 200
[RouterB-bgp] router-id 2.2.2.2
[RouterB-bgp] peer 2001:db8:8::1 as-number 100
[RouterB-bgp] peer 2001:db8:9::1:2 as-number 200
[RouterB-bgp] ipv6-family unicast
[RouterB-bgp-af-ipv6] peer 2001:db8:8::1 enable
[RouterB-bgp-af-ipv6] peer 2001:db8:9::1:2 enable
[RouterB-bgp-af-ipv6] network 2001:db8:7::1 64
[RouterB-bgp-af-ipv6] quit
[RouterB-bgp] quit
# Configure Router C.
[Routerc] bgp 200
[Routerc-bgp] router-id 3.3.3.3
[Routerc-bgp] peer 2001:db8:10::1 as-number 100
[Routerc-bgp] peer 2001:db8:9::1:1 as-number 200
[RouterC-bgp] ipv6-family unicast
[RouterC-bgp-af-ipv6] peer 2001:db8:10::1 enable
[RouterC-bgp-af-ipv6] peer 2001:db8:9::1:1 enable
[RouterC-bgp-af-ipv6] quit
[RouterC-bgp] quit
Set the value of MED sent by Router B and Router C to Router A by using the policy.
# Configure Router B.
[RouterB] route-policy 10 permit node 10
[RouterB-route-policy] apply cost 100
[RouterB-route-policy] quit
[RouterB] bgp 200
[RouterB-bgp] ipv6-family unicast
[RouterB-bgp-af-ipv6] peer 2001:db8:8::1 route-policy 10 export
[RouterB-bgp-af-ipv6] quit
[RouterB-bgp] quit
# Configure Router C.
[RouterC] route-policy 10 permit node 10
[RouterC-route-policy] apply cost 150
[RouterC-route-policy] quit
[RouterC] bgp 200
[RouterC-bgp] ipv6-family unicast
[RouterC-bgp-af-ipv6] peer 2001:db8:10::1 route-policy 10 export
[RouterC-bgp-af-ipv6] quit
[RouterC-bgp] quit
As shown in the BGP routing table, the next hop address of the route to 2001:db8:7::1/64 is
2001:db8:8::2 and traffic is transmitted on the active link Router A → Router B.
Step 4 Configure the BFD detection function, the interval for sending the packets, the interval for
receiving the packets, and the local detection time multiple.
# Enable BFD on Router A, set the minimum interval for sending the packets and the minimum
interval for receiving the packets to 100 ms, and set the local detection time multiple to 4.
[RouterA] bfd
[RouterA-bfd] quit
# Enable BFD on Router B, set the minimum interval for sending the packets and the minimum
interval for receiving the packets to 100 ms, and set the local detection time multiple to 4.
[RouterB] bfd
[RouterB-bfd] quit
[RouterB] bgp 200
[RouterB-bgp] peer 2001:db8:8::1 bfd enable
[RouterB-bgp] peer 2001:db8:8::1 bfd min-tx-interval 100 min-rx-interval 100
detect-multiplier 4
[RouterB-bgp] quit
As shown in the BGP routing table, the standby link Router A → Router C → Router B takes
effect after the active link fails. The next hop address of the route to 2001:db8:7::1/64 becomes
2001:db8:10::2.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
ipv6
#
bfd
#
interface GigabitEthernet1/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:db8:8::1/64
#
interface GigabitEthernet2/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:db8:10::1/64
#
interface NULL0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
bgp 100
router-id 1.1.1.1
peer 2001:db8:8::2 as-number 200
peer 2001:db8:8::2 bfd min-tx-interval 100 min-rx-interval 100 detect-
multiplier 4
peer 2001:db8:8::2 bfd enable
peer 2001:db8:10::2 as-number 200
#
ipv4-family unicast
undo synchronization
#
ipv6-family unicast
undo synchronization
peer 2001:db8:8::2 enable
peer 2001:db8:10::2 enable
#
return
Networking Requirements
As shown in Figure 9-4, the link between CE1 and PE1 is an IPv6 link; the link between PE1
and PE2 is an IPv4 link; the link between PE2 and CE2 is an IPv6 link. BGP4+ runs between
CE1 and PE1 and between PE2 and CE2. MPLS runs between PE1 and PE2. 6PE is configured
to implement interworking between IPv6 networks.
POS1/0/0 POS1/0/0
2001:db8:1::1/64 2001:db8:2::1/64
Loopback1 CE1 CE2 Loopback1
2001:db8:5::5/64 2001:db8:6::6/64
Loopback0 Loopback0
AS100 1.1.1.1 4.4.4.4 AS300
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure OSPF on PE1 and PE2 to make them learn loopback interface addresses from
each other.
2. Configure BGP4+ between CE1 and PE1 and between PE2 and CE2.
3. Configure MPLS on PE1 and PE2 and set up the LSP.
4. Configure 6PE on PE1 and PE2.
Data Preparation
To complete the configuration, you need the following data:
l Router IDs of CE1, PE1, PE2, and CE2 as 1.1.1.1, 2.2.2.2, 3.3.3.3, and 4.4.4.4 respectively
l Number of the AS where each router resides
Procedure
Step 1 Configure the IPv4 and IPv6 addresses for each interface.
This example assumes that you know the configuration method and no details are provided here.
Step 2 Configure OSPF on PE1 and PE2 to make them learn routes from each other.
This example assumes that you know the configuration method and no details are provided here.
# Configure CE1.
[CE1] bgp 100
[CE1-bgp] peer 2001:db8:1::2 as-number 200
[CE1-bgp] ipv6-family unicast
[CE1-bgp-af-ipv6] peer 2001:db8:1::2 enable
[CE1-bgp-af-ipv6] network 2001:db8:5::5 64
[CE1-bgp-af-ipv6] quit
[CE1-bgp] quit
# Configure PE1.
[PE1] bgp 200
[PE1-bgp] peer 2001:db8:1::1 as-number 100
[PE1-bgp] ipv6-family unicast
[PE1-bgp-af-ipv6] peer 2001:db8:1::1 enable
[PE1-bgp-af-ipv6] quit
[PE1-bgp] quit
# Configure PE2.
[PE2] bgp 200
[PE2-bgp] peer 2001:db8:2::1 as-number 300
[PE2-bgp] ipv6-family unicast
[PE2-bgp-af-ipv6] peer 2001:db8:2::1 enable
[PE2-bgp-af-ipv6] quit
[PE2-bgp] quit
# Configure CE2.
[CE2] bgp 300
[CE2-bgp] peer 2001:db8:2::2 as-number 200
[CE2-bgp] ipv6-family unicast
[CE2-bgp-af-ipv6] peer 2001:db8:2::2 enable
[CE2-bgp-af-ipv6] network 2001:db8:6::6 64
[CE2-bgp-af-ipv6] quit
[CE2-bgp] quit
Step 4 Configure MPLS on PE1 and PE2 and set up the LSP.
# Configure PE1.
[PE1] mpls lsr-id 2.2.2.2
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface pos2/0/0
[PE1-Pos2/0/0] mpls
[PE1-Pos2/0/0] mpls ldp
[PE1-Pos2/0/0] quit
# Configure PE 2.
[PE2] mpls lsr-id 3.3.3.3
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface pos2/0/0
[PE2-Pos2/0/0] mpls
[PE2-Pos2/0/0] mpls ldp
[PE2-Pos2/0/0] quit
# Configure PE2.
[PE2] bgp 200
[PE2-bgp] peer 2.2.2.2 as-number 200
[PE2-bgp] peer 2.2.2.2 connect-interface LoopBack0
[PE2-bgp] ipv6-family unicast
[PE2-bgp-af-ipv6] peer 2.2.2.2 enable
[PE2-bgp-af-ipv6] peer 2.2.2.2 label-route-capability
[PE2-bgp-af-ipv6] import-route direct
[PE2-bgp-af-ipv6] quit
[PE2-bgp] quit
From the preceding display, you can view that the BGP 6PE connection between PE1 and PE2
is set up.
CE1 can learn the address of Loopback 1 from CE2 and ping through CE2.
[CE1] display ipv6 routing-table
Routing Table : Public
Destinations : 8 Routes : 8
From the preceding display, you can view that 6PE connects the separated IPv6 networks and
realizes interworking.
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
ipv6
#
interface Pos1/0/0
link-protocol ppp
ipv6 enable
ipv6 address 2001:db8:1::1/64
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface LoopBack1
ipv6 enable
ipv6 address 2001:db8:5::5/64
#
bgp 100
peer 2001:db8:1::2 as-number 200
#
ipv4-family unicast
undo synchronization
#
ipv6-family unicast
undo synchronization
network 2001:db8:5:: 64
peer 2001:db8:1::2 enable
#
return
ipv6
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface Pos1/0/0
link-protocol ppp
ipv6 enable
ipv6 address 2001:db8:1::2/64
#
interface Pos2/0/0
link-protocol ppp
ip address 20.0.0.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
bgp 200
peer 2001:db8:1::1 as-number 100
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 3.3.3.3 enable
#
ipv6-family unicast
undo synchronization
import-route direct
peer 3.3.3.3 enable
peer 3.3.3.3 label-route-capability
peer 2001:db8:1::1 enable
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 20.0.0.0 0.0.0.3
#
return
Networking Requirements
If separate IPv6 networks connect to different ASs, deploy 6PE for the IPv6 networks to
communicate.
In practical application, different inter-AS 6PE solutions are provided for separate IPv6 networks
that connect to multiple ASs, depending on the types of links between the PEs of the ASs. If
EBGP peer relationships and public network tunnels are established between PEs, use the inter-
AS 6PE OptionB (with ASBRs as PEs) solution.
As shown in Figure 9-5, ASBRs also function as PEs. An IPv6 link is established between CE1
and ASBR1 and between ASBR2 and CE2. An IPv4 link is established between ASBR1 and
ASBR2. BGP4+ runs between CE1 and ASBR1 and between ASBR2 and CE2. EBGP runs
between ASBR1 and ASBR2 and an MPLS tunnel is established between ASBR1 and ASBR2.
Figure 9-5 Networking diagram for inter-AS 6PE OptionB (with ASBRs as PEs)
GE1/0/0 GE1/0/0
2001:db8:1::2/64 2001:db8:2::2/64
GE1/0/0 GE1/0/0
AS 300 AS 400
2001:db8:1::1/64 2001:db8:2::1/64
CE1 CE2
Loopback1 Loopback1
2001:db8:5::5/64 2001:db8:6::6/64
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable MPLS globally and on the interfaces between ASBR1 and ASBR2 to ensure that
ASBRs can use MPLS to assign labels to BGP4+ routes.
2. Configure a 6PE peer relationship between ASBR1 and ASBR2 and enable the function to
exchange labeled IPv6 routes on ASBR1 and ASBR2, so that IPv6 routes can transmit
across multiple ASs.
3. Configure BGP4+ for CE1 and ASBR1 to communicate and for ASBR2 and CE2 to
communicate, separately.
Data Preparation
To complete the configuration, you need the following data:
l AS numbers of ASBR1, ASBR2, CE1, and CE2: 100, 200, 300, 400, respectively
Procedure
Step 1 Configure device names and interface IP addresses.
Configure the name of each device and assign an IP address to each interface, as shown in Figure
9-5. For more information about the configuration, see the following configuration files.
# Configure ASBR1.
[ASBR1] mpls lsr-id 1.1.1.1
[ASBR1] mpls
[ASBR1-mpls] quit
[ASBR1] interface gigabitethernet 1/0/1
[ASBR1-GigabitEthernet1/0/1] mpls
[ASBR1-GigabitEthernet1/0/1] quit
# Configure ASBR2.
[ASBR2] mpls lsr-id 2.2.2.2
[ASBR2] mpls
[ASBR2-mpls] quit
[ASBR2] interface gigabitethernet 1/0/2
[ASBR2-GigabitEthernet1/0/2] mpls
[ASBR2-GigabitEthernet1/0/2] quit
# Configure ASBR1.
[ASBR1] bgp 100
[ASBR1-bgp] peer 20.1.1.2 as-number 200
[ASBR1-bgp] ipv6-family unicast
[ASBR1-bgp-af-ipv6] peer 20.1.1.2 enable
[ASBR1-bgp-af-ipv6] peer 20.1.1.2 label-route-capability
[ASBR1-bgp-af-ipv6] quit
[ASBR1-bgp] quit
# Configure ASBR2.
[ASBR2] bgp 200
[ASBR2-bgp] peer 20.1.1.1 as-number 100
[ASBR2-bgp] ipv6-family unicast
[ASBR2-bgp-af-ipv6] peer 20.1.1.1 enable
[ASBR2-bgp-af-ipv6] peer 20.1.1.1 label-route-capability
[ASBR2-bgp-af-ipv6] quit
[ASBR2-bgp] quit
Step 4 Configure ASBR1 to communicate with CE1 and ASBR2 to communicate with CE2.
l Configure ASBR1 to communicate with CE1.
# Configure ASBR1.
[ASBR1] ipv6
[ASBR1] bgp 100
[ASBR1-bgp] peer 2001:db8:1::1 as-number 300
[ASBR1-bgp] ipv6-family unicast
[ASBR1-bgp-af-ipv6] peer 2001:db8:1::1 enable
[ASBR1-bgp-af-ipv6] quit
[ASBR1-bgp] quit
# Configure CE1.
[CE1] ipv6
# Configure CE2.
[CE2] ipv6
[CE2] bgp 400
[CE2-bgp] router-id 4.4.4.4
[CE2-bgp] peer 2001:db8:2::2 as-number 200
[CE2-bgp] ipv6-family unicast
[CE2-bgp-af-ipv6] peer 2001:db8:2::2 enable
[CE2-bgp-af-ipv6] network 2001:db8:6:: 64
[CE2-bgp-af-ipv6] quit
[CE2-bgp] quit
# Run the display bgp ipv6 peer command on ASBR1 and ASBR2. The command output shows
that the BGP4+ peer relationships have been established.
[ASBR1] display bgp ipv6 peer
# Run the display ipv6 routing-table command on each CE. The command output shows that
the two CEs have learned the routes to each other's Loopback1 interface. The following example
uses the display on CE1.
# Ping the Loopback1 interface of CE2 from CE1. The command output shows that the
Loopback1 interface of CE2 can be pinged.
[CE1] ping ipv6 -a 2001:db8:5::5 2001:db8:6::6
PING 2001:db8:6::6 : 56 data bytes, press CTRL_C to break
Reply from 2001:db8:6::6
bytes=56 Sequence=1 hop limit=62 time = 80 ms
Reply from 2001:db8:6::6
bytes=56 Sequence=2 hop limit=62 time = 60 ms
Reply from 2001:db8:6::6
bytes=56 Sequence=3 hop limit=62 time = 80 ms
Reply from 2001:db8:6::6
bytes=56 Sequence=4 hop limit=62 time = 70 ms
Reply from 2001:db8:6::6
bytes=56 Sequence=5 hop limit=62 time = 80 ms
----End
Configuration Files
l CE1 configuration file
#
sysname CE1
#
ipv6
#
interface GigabitEthernet1/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:db8:1::1/64
#
interface LoopBack1
ipv6 enable
ipv6 address 2001:db8:5::5/64
#
bgp 300
router-id 3.3.3.3
peer 2001:db8:1::2 as-number 100
#
ipv6-family unicast
undo synchronization
network 2001:db8:5:: 64
peer 2001:db8:1::2 enable
#
return
#
return
Networking Requirements
If separate IPv6 networks connect to different ASs, deploy 6PE for the IPv6 networks to
communicate.
In practical application, different inter-AS 6PE solutions are provided for separate IPv6 networks
that connect to multiple ASs, depending on the types of links between the PEs of the ASs. If
inter-AS OptionB public network tunnels are established between PEs, use the inter-AS 6PE
OptionB solution.
As shown in Figure 9-6, an IPv6 link is established between CE1 and PE1 and between CE2
and PE2. An IPv4 link is established between PE1 and ASBR1, between PE2 and ASBR2, and
between ASBR1 and ASBR2. BGP4+ runs between CE1 and PE1 and between PE2 and CE2.
IBGP runs between PE1 and ASBR1 and between PE2 and ASBR2. EBGP runs between ASBR1
and ASBR2. An MPLS tunnel has been established between PE1 and PE2.
AS 100 AS 200
Loopback1 Loopback1
3.3.3.3/32 4.4.4.4/32
GE1/0/1 GE1/0/0 GE1/0/0 GE1/0/1
20.1.1.2/24 192.1.1.1/24 192.1.1.2/24 20.1.2.1/24
Loopback1 Loopback1
2.2.2.2/32 ASBR1 ASBR2
5.5.5.5/32
GE1/0/1 GE1/0/1
PE1 20.1.1.1/24 PE2
20.1.2.2/24
GE1/0/0 GE1/0/0
2001:db8:1::2/64 2001:db8:2::2/64
GE1/0/0 GE1/0/0
2001:db8:1::1/64 2001:db8:2::1/64
CE2
CE1
AS 400
AS 300
Loopback1 Loopback1
2001:db8:5::5/64 2001:db8:6::6/64
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a dynamic routing protocol so that PE1 and ASBR1 can learn the loopback
interface addresses of each other and PE2 and ASBR2 can learn the loopback interface
addresses of each other.
2. Enable MPLS and MPLS LDP in each AS to ensure that MPLS LDP LSPs can be
established in each AS.
3. Establish a 6PE peer relationship between PE1 and ASBR1, between PE2 and ASBR2, and
between ASBR1 and ASBR2. Enable the function to exchange labeled IPv6 routes on these
routers to allow IPv6 routes to be transmitted across multiple ASs.
4. Configure BGP4+ for CE1 and PE1 to communicate and for CE2 and PE2 to communicate.
Data Preparation
To complete the configuration, you need the following data:
l AS numbers of PE1 and ASBR1 are both 100. AS numbers of PE2 and ASBR2 are both
200. AS numbers of CE1, CE2: 300, 400, respectively
l Router IDs of CE1 and CE2: 1.1.1.1, 6.6.6.6, respectively
l Open Shortest Path First (OSPF) process IDs 1 and area IDs 0 of PE1, PE2, ASBR1, and
ASBR2
l MPLS LSR IDs of PE1, PE2, ASBR1, and ASBR2: 2.2.2.2, 3.3.3.3, 4.4.4.4, 5.5.5.5,
respectively
Procedure
Step 1 Configure device names and interface IP addresses.
Configure the name of each device and assign an IP address to each interface, as shown in Figure
9-6. For more information about the configuration, see the following configuration files.
Step 2 Configure an IGP on the MPLS backbone networks of AS 100 and AS 200, so that the PEs and
ASBRs on each MPLS backbone network can communicate with each other.
This section uses OSPF as an example. For more information about the configuration, see the
following configuration files.
NOTE
Configure OSPF to advertise the 32-bit loopback interface addresses to be used as LSR IDs.
After the configurations in this step are complete, OSPF neighbor relationships are established
between the PEs and ASBRs in the same AS. Run the display ospf peer command. The
command output shows that the OSPF neighbor relationship status is Full. The following
example uses the display on PE1.
[PE1] display ospf peer
The PEs and ASBRs in the same AS can learn the loopback interface addresses of each other
and ping each other.
Step 3 Configure basic MPLS functions and MPLS LDP on the MPLS backbone networks of AS 100
and AS 200 to establish MPLS LDP LSPs.
# Configure basic MPLS functions on PE1 and enable LDP on the interface connected to ASBR1.
[PE1] mpls lsr-id 2.2.2.2
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] mpls
[PE1-GigabitEthernet1/0/0] mpls ldp
[PE1-GigabitEthernet1/0/0] quit
# Configure basic MPLS functions on ASBR1 and enable LDP on the interface connected to
PE1.
[ASBR1] mpls lsr-id 3.3.3.3
[ASBR1] mpls
[ASBR1-mpls] quit
[ASBR1] mpls ldp
[ASBR1-mpls-ldp] quit
[ASBR1] interface gigabitethernet 1/0/1
[ASBR1-GigabitEthernet1/0/1] mpls
[ASBR1-GigabitEthernet1/0/1] mpls ldp
[ASBR1-GigabitEthernet1/0/1] quit
# Configure basic MPLS functions on ASBR2 and enable LDP on the interface connected to
PE2.
[ASBR2] mpls lsr-id 4.4.4.4
[ASBR2] mpls
[ASBR2-mpls] quit
[ASBR2] mpls ldp
[ASBR2-mpls-ldp] quit
[ASBR2] interface gigabitethernet 1/0/1
[ASBR2-GigabitEthernet1/0/1] mpls
[ASBR2-GigabitEthernet1/0/1] mpls ldp
[ASBR2-GigabitEthernet1/0/1] quit
# Configure basic MPLS functions on PE2 and enable LDP on the interface connected to ASBR2.
[PE2] mpls lsr-id 5.5.5.5
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface gigabitethernet 1/0/1
[PE2-GigabitEthernet1/0/1] mpls
[PE2-GigabitEthernet1/0/1] mpls ldp
[PE2-GigabitEthernet1/0/1] quit
After the configurations in this step are complete, an LSP is established between PE1 and ASBR1
and between PE2 and ASBR2. Run the display mpls ldp lsp command. The command output
shows whether LDP LSPs have been established. The following example uses the display on
PE1.
[PE1] display mpls ldp lsp
Before configuring a 6PE peer relationship, ensure that the function to exchange labeled routes has been
enabled.
1. # Configure PE1 and ASBR1.
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] peer 3.3.3.3 as-number 100
[PE1-bgp] peer 3.3.3.3 connect-interface LoopBack 1
[PE1-bgp] ipv6-family unicast
[PE1-bgp-af-ipv6] peer 3.3.3.3 enable
[PE1-bgp-af-ipv6] peer 3.3.3.3 label-route-capability
[PE1-bgp-af-ipv6] quit
[PE1-bgp] quit
# Configure ASBR1.
[ASBR1] bgp 100
[ASBR1-bgp] peer 2.2.2.2 as-number 100
[ASBR1-bgp] peer 2.2.2.2 connect-interface LoopBack 1
[ASBR1-bgp] ipv6-family unicast
[ASBR1-bgp-af-ipv6] peer 2.2.2.2 enable
[ASBR1-bgp-af-ipv6] peer 2.2.2.2 label-route-capability
[ASBR1-bgp-af-ipv6] quit
[ASBR1-bgp] quit
# Configure ASBR2.
[ASBR2] bgp 200
[ASBR2-bgp] peer 5.5.5.5 as-number 200
[ASBR2-bgp] peer 5.5.5.5 connect-interface LoopBack 1
[ASBR2-bgp] ipv6-family unicast
[ASBR2-bgp-af-ipv6] peer 5.5.5.5 enable
[ASBR2-bgp-af-ipv6] peer 5.5.5.5 label-route-capability
[ASBR2-bgp-af-ipv6] quit
[ASBR2-bgp] quit
# Configure ASBR1.
[ASBR1] interface gigabitethernet 1/0/0
[ASBR1-GigabitEthernet1/0/0] mpls
[ASBR1-GigabitEthernet1/0/0] quit
[ASBR1] bgp 100
[ASBR1-bgp] peer 192.1.1.2 as-number 200
[ASBR1-bgp] ipv6-family unicast
[ASBR1-bgp-af-ipv6] peer 192.1.1.2 enable
[ASBR1-bgp-af-ipv6] peer 192.1.1.2 label-route-capability
[ASBR1-bgp-af-ipv6] quit
[ASBR1-bgp] quit
# Configure ASBR2.
[ASBR2] interface gigabitethernet 1/0/0
[ASBR2-GigabitEthernet1/0/0] mpls
[ASBR2-GigabitEthernet1/0/0] quit
[ASBR2] bgp 200
[ASBR2-bgp] peer 192.1.1.1 as-number 100
[ASBR2-bgp] ipv6-family unicast
[ASBR2-bgp-af-ipv6] peer 192.1.1.1 enable
[ASBR2-bgp-af-ipv6] peer 192.1.1.1 label-route-capability
[ASBR2-bgp-af-ipv6] quit
[ASBR2-bgp] quit
Step 5 Configure CE1 to communicate with PE1 and CE2 to communicate with PE2.
# Configure CE1.
[CE1] ipv6
[CE1] bgp 300
[CE1-bgp] router-id 1.1.1.1
[CE1-bgp] peer 2001:db8:1::2 as-number 100
[CE1-bgp] ipv6-family unicast
[CE1-bgp-af-ipv6] peer 2001:db8:1::2 enable
[CE1-bgp-af-ipv6] network 2001:db8:5:: 64
[CE1-bgp-af-ipv6] quit
[CE1-bgp] quit
# Configure PE1.
[PE1] ipv6
[PE1] bgp 100
[PE1-bgp] peer 2001:db8:1::1 as-number 300
[PE1-bgp] ipv6-family unicast
[PE1-bgp-af-ipv6] peer 2001:db8:1::1 enable
[PE1-bgp-af-ipv6] quit
[PE1-bgp] quit
# Configure PE2.
[PE2] ipv6
[PE2] bgp 200
[PE2-bgp] peer 2001:db8:2::1 as-number 400
[PE2-bgp] ipv6-family unicast
[PE2-bgp-af-ipv6] peer 2001:db8:2::1 enable
[PE2-bgp-af-ipv6] quit
[PE2-bgp] quit
# Configure CE2.
[CE2] ipv6
[CE2] bgp 400
# Run the display bgp ipv6 peer command on PE1 and PE2. The command output shows that
the BGP4+ peer relationship has been established.
[PE1] display bgp ipv6 peer
# Ping the Loopback1 interface of CE2 from CE1. The command output shows that the
Loopback1 interface of CE2 can be pinged.
[CE1] ping ipv6 -a 2001:db8:5::5 2001:db8:6::6
PING 2001:db8:6::6 : 56 data bytes, press CTRL_C to break
Reply from 2001:db8:6::6
bytes=56 Sequence=1 hop limit=60 time = 110 ms
Reply from 2001:db8:6::6
bytes=56 Sequence=2 hop limit=60 time = 90 ms
Reply from 2001:db8:6::6
bytes=56 Sequence=3 hop limit=60 time = 110 ms
Reply from 2001:db8:6::6
bytes=56 Sequence=4 hop limit=60 time = 130 ms
Reply from 2001:db8:6::6
bytes=56 Sequence=5 hop limit=60 time = 140 ms
----End
Configuration Files
l CE1 configuration file
#
sysname CE1
#
ipv6
#
interface GigabitEthernet1/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:db8:1::1/64
#
interface LoopBack1
ipv6 enable
ipv6 address 2001:db8:5::5/64
#
bgp 300
router-id 1.1.1.1
interface GigabitEthernet1/0/0
undo shutdown
ip address 192.1.1.1 255.255.255.0
mpls
#
interface GigabitEthernet1/0/1
undo shutdown
ip address 20.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack1
peer 192.1.1.2 as-number 200
#
ipv4-family unicast
undo synchronization
peer 2.2.2.2 enable
peer 192.1.1.2 enable
#
ipv6-family unicast
undo synchronization
peer 2.2.2.2 enable
peer 2.2.2.2 label-route-capability
peer 192.1.1.2 enable
peer 192.1.1.2 label-route-capability
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 20.1.1.0 0.0.0.255
#
return
#
ipv4-family unicast
undo synchronization
peer 5.5.5.5 enable
peer 192.1.1.1 enable
#
ipv6-family unicast
undo synchronization
peer 5.5.5.5 enable
peer 5.5.5.5 label-route-capability
peer 192.1.1.1 enable
peer 192.1.1.1 label-route-capability
#
ospf 1
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 20.1.2.0 0.0.0.255
#
return
Networking Requirements
If separate IPv6 networks connect to different ASs, deploy 6PE for the IPv6 networks to
communicate.
In practical application, different inter-AS 6PE solutions are provided for separate IPv6 networks
that connect to multiple ASs, depending on the types of links between the PEs of the ASs. If
inter-AS OptionC tunnels are established between PEs, use the inter-AS 6PE OptionC solution.
As shown in Figure 9-7, an IPv6 link is established between CE1 and PE1 and between CE2
and PE2. An IPv4 link is established between PE1 and ASBR1, between PE2 and ASBR2, and
between ASBR1 and ASBR2. BGP4+ runs between CE1 and PE1 and between PE2 and CE2.
MP-EBGP runs between PE1 and PE2 and an end-to-end MPLS tunnel is established between
PE1 and PE2.
AS 100 AS 200
Loopback1 Loopback1
3.3.3.3/32 4.4.4.4/32
GE1/0/1
GE1/0/0 GE1/0/0 GE1/0/1
20.1.1.2/24
192.1.1.1/24 192.1.1.2/24 20.1.2.1/24
Loopback1
ASBR1 ASBR2 Loopback1
2.2.2.2/32
5.5.5.5/32
GE1/0/1 GE1/0/1
PE1 20.1.1.1/24 20.1.2.2/24 PE2
GE1/0/0 GE1/0/0
2001:db8:1::2/64 2001:db8:2::2/64
GE1/0/0 GE1/0/0
2001:db8:1::1/64 2001:db8:2::1/64
CE2
CE1
AS 400
AS 300
Loopback1 Loopback1
2001:db8:5::5/64 2001:db8:6::6/64
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a dynamic routing protocol for PE1 and ASBR1 to learn each other's loopback
interface addresses and for PE2 and ASBR2 to learn each other's loopback interface
addresses.
2. Enable MPLS and MPLS LDP in each AS to ensure that MPLS LDP LSPs can be
established in each AS.
3. Configure a BGP LSP between PE1 and PE2.
l Configure a routing policy on each ASBR. Configure a routing policy on each ASBR.
After receiving a loopback route from a PE in the same AS, an ASBR assigns an MPLS
label to the route when advertising this route to the remote ASBR. An ASBR assigns
new MPLS labels to labeled IPv4 routes when advertising the routes to the PE in the
local AS.
l Establish an IBGP peer relationship between PE1 and ASBR1 and between PE2 and
ASBR2.
l Configure each ASBR to exchange labeled IPv4 routes with the PE in the same AS and
with the ASBR in the other AS.
4. Configure an MP-EBGP peer relationship between PE1 and PE2 and enable the function
to exchange labeled IPv6 routes on PE1 and PE2, so that BGP4+ routes can be transmitted
across multiple ASs.
NOTE
An EBGP peer relationships can be established between PEs of different ASs. In most cases, these
PEs are not directly connected, and the maximum hops between them must be specified.
5. Configure BGP4+ for CE1 and PE1 to communicate and for CE2 and PE2 to communicate.
Data Preparation
To complete the configuration, you need the following data:
l AS numbers of PE1 and ASBR1 are both 100. AS numbers of PE2 and ASBR2 are both
200. AS numbers of CE1, CE2: 300, 400, respectively
l Router IDs of CE1 and CE2: 1.1.1.1, 6.6.6.6, respectively
l Open Shortest Path First (OSPF) process IDs 1 and area IDs 0 of PE1, PE2, ASBR1, and
ASBR2
l MPLS LSR IDs of PE1, PE2, ASBR1, and ASBR2: 2.2.2.2, 3.3.3.3, 4.4.4.4, 5.5.5.5,
respectively
l Routing policies that apply to routes from ASBR1 to PE1 and ASBR2 and routing policies
that apply to routes from ASBR2 to PE2 and ASBR1
Procedure
Step 1 Configure device names and interface IP addresses.
Configure the name of each device and assign an IP address to each interface, as shown in Figure
9-7. For more information about the configuration, see the following configuration files.
Step 2 Configure an IGP on the MPLS backbone networks of AS 100 and AS 200, so that the PEs and
ASBRs on each MPLS backbone network can communicate with each other.
The following example uses OSPF as the IGP. The detailed configurations are not provided here.
NOTE
When configuring the IGP, configure OSPF to advertise the 32-bit loopback interface addresses to be used
as LSR IDs.
After the configurations in this step are complete, OSPF neighbor relationships are established
between the PEs and ASBRs in the same AS. The display ospf peer command output shows
that the OSPF neighbor relationship status is Full. The following example uses the display on
PE1.
[PE1] display ospf peer
The PEs and ASBRs in the same AS can learn each other's loopback interface addresses and
ping each other.
Step 3 Configure basic MPLS functions and MPLS LDP on the MPLS backbone networks of AS 100
and AS 200 to establish MPLS LDP LSPs.
# Configure basic MPLS functions on PE1 and enable LDP on the interface connected to ASBR1.
[PE1] mpls lsr-id 2.2.2.2
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] mpls
[PE1-GigabitEthernet1/0/0] mpls ldp
[PE1-GigabitEthernet1/0/0] quit
# Configure basic MPLS functions on ASBR1 and enable LDP on the interface connected to
PE1.
[ASBR1] mpls lsr-id 3.3.3.3
[ASBR1] mpls
[ASBR1-mpls] quit
[ASBR1] mpls ldp
[ASBR1-mpls-ldp] quit
[ASBR1] interface gigabitethernet 1/0/1
[ASBR1-GigabitEthernet1/0/1] mpls
[ASBR1-GigabitEthernet1/0/1] mpls ldp
[ASBR1-GigabitEthernet1/0/1] quit
# Configure basic MPLS functions on ASBR2 and enable LDP on the interface connected to
PE2.
[ASBR2] mpls lsr-id 4.4.4.4
[ASBR2] mpls
[ASBR2-mpls] quit
[ASBR2] mpls ldp
[ASBR2-mpls-ldp] quit
[ASBR2] interface gigabitethernet 1/0/1
[ASBR2-GigabitEthernet1/0/1] mpls
[ASBR2-GigabitEthernet1/0/1] mpls ldp
[ASBR2-GigabitEthernet1/0/1] quit
# Configure basic MPLS functions on PE2 and enable LDP on the interface connected to ASBR2.
[PE2] mpls lsr-id 5.5.5.5
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface gigabitethernet 1/0/1
[PE2-GigabitEthernet1/0/1] mpls
[PE2-GigabitEthernet1/0/1] mpls ldp
[PE2-GigabitEthernet1/0/1] quit
After the configurations in this step are complete, an LSP is established between PE1 and ASBR1
and between PE2 and ASBR2. Run the display mpls ldp lsp command. The command output
shows whether LDP LSPs have been established. The following example uses the display on
PE1.
[PE1] display mpls ldp lsp
Step 4 Configure IBGP peer relationships in AS 100 and AS 200 in the IPv4 address family view.
# Establish an MP-IBGP peer relationship between PE1 and ASBR1.
[PE1] bgp 100
[PE1-bgp] peer 3.3.3.3 as-number 100
[PE1-bgp] peer 3.3.3.3 connect-interface loopback 1
[PE1-bgp] quit
# Configure on ASBR1 a routing policy that applies to the routes advertised to PE1 and enable
ASBR1 to exchange labeled IPv4 routes with PE1.
[ASBR1] bgp 100
[ASBR1-bgp] peer 2.2.2.2 route-policy policy2 export
[ASBR1-bgp] peer 2.2.2.2 label-route-capability
# Configure a routing policy that applies to the routes advertised from ASBR1 to ASBR2 and
enable ASBR1 to exchange labeled IPv4 routes with ASBR2.
[ASBR1-bgp] peer 192.1.1.2 as-number 200
[ASBR1-bgp] peer 192.1.1.2 route-policy policy1 export
[ASBR1-bgp] peer 192.1.1.2 label-route-capability
# Configure ASBR1 to advertise the route destined for PE1's loopback interface address to
ASBR2 and then to PE2.
[ASBR1-bgp] network 2.2.2.2 32
[ASBR1-bgp] quit
NOTE
The configuration of PE2 is similar to the configuration of PE1 and the configuration of ASBR2 is similar
to the configuration of ASBR1. For more information, see the following configuration files.
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] peer 5.5.5.5 as-number 200
[PE1-bgp] peer 5.5.5.5 connect-interface LoopBack 1
[PE1-bgp] peer 5.5.5.5 ebgp-max-hop
[PE1-bgp] ipv6-family unicast
[PE1-bgp-af-ipv6] peer 5.5.5.5 enable
[PE1-bgp-af-ipv6] peer 5.5.5.5 label-route-capability
[PE1-bgp-af-ipv6] quit
[PE1-bgp] quit
# Configure PE2.
[PE2] bgp 200
[PE2-bgp] peer 2.2.2.2 as-number 100
[PE2-bgp] peer 2.2.2.2 connect-interface LoopBack 1
[PE2-bgp] peer 2.2.2.2 ebgp-max-hop
[PE2-bgp] ipv6-family unicast
[PE2-bgp-af-ipv6] peer 2.2.2.2 enable
[PE2-bgp-af-ipv6] peer 2.2.2.2 label-route-capability
[PE2-bgp-af-ipv6] quit
[PE2-bgp] quit
Step 7 Configure CE1 to communicate with PE1 and CE2 to communicate with PE2.
# Configure CE1.
[CE1] ipv6
[CE1] bgp 300
[CE1-bgp] router-id 1.1.1.1
[CE1-bgp] peer 2001:db8:1::2 as-number 100
[CE1-bgp] ipv6-family unicast
[CE1-bgp-af-ipv6] peer 2001:db8:1::2 enable
[CE1-bgp-af-ipv6] network 2001:db8:5:: 64
[CE1-bgp-af-ipv6] quit
[CE1-bgp] quit
# Configure PE1.
[PE1] ipv6
[PE1] bgp 100
[PE1-bgp] peer 2001:db8:1::1 as-number 300
[PE1-bgp] ipv6-family unicast
[PE1-bgp-af-ipv6] peer 2001:db8:1::1 enable
[PE1-bgp-af-ipv6] quit
[PE1-bgp] quit
# Configure PE2.
[PE2] ipv6
[PE2] bgp 200
[PE2-bgp] peer 2001:db8:2::1 as-number 400
[PE2-bgp] ipv6-family unicast
[PE2-bgp-af-ipv6] peer 2001:db8:2::1 enable
[PE2-bgp-af-ipv6] quit
[PE2-bgp] quit
# Configure CE2.
[CE2] ipv6
[CE2] bgp 400
[CE2-bgp] router-id 6.6.6.6
[CE2-bgp] peer 2001:db8:2::2 as-number 200
[CE2-bgp] ipv6-family unicast
[CE2-bgp-af-ipv6] peer 2001:db8:2::2 enable
[CE2-bgp-af-ipv6] network 2001:db8:6:: 64
[CE2-bgp-af-ipv6] quit
[CE2-bgp] quit
# Run the display bgp ipv6 peer command on PE1 and PE2. The command output shows that
the BGP4+ peer relationship has been established.
[PE1] display bgp ipv6 peer
# Run the display ipv6 routing-table command on each CE. The command output shows that
the two CEs have learned the routes to each other's Loopback1 interface. The following example
uses the display on CE1.
[CE1] display ipv6 routing-table
Routing Table : Public
Destinations : 7 Routes : 7
# Ping the Loopback1 interface of CE2 from CE1. The command output shows that the
Loopback1 interface of CE2 can be pinged. The following example uses the display on CE1.
[CE1] ping ipv6 -a 2001:db8:5::5 2001:db8:6::6
PING 2001:db8:6::6 : 56 data bytes, press CTRL_C to break
Reply from 2001:db8:6::6
bytes=56 Sequence=1 hop limit=62 time = 100 ms
Reply from 2001:db8:6::6
bytes=56 Sequence=2 hop limit=62 time = 120 ms
Reply from 2001:db8:6::6
bytes=56 Sequence=3 hop limit=62 time = 130 ms
Reply from 2001:db8:6::6
bytes=56 Sequence=4 hop limit=62 time = 110 ms
Reply from 2001:db8:6::6
bytes=56 Sequence=5 hop limit=62 time = 140 ms
----End
Configuration Files
l CE1 configuration file
#
sysname CE1
#
ipv6
#
interface GigabitEthernet1/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:db8:1::1/64
#
interface LoopBack1
ipv6 enable
ipv6 address 2001:db8:5::5/64
#
bgp 300
router-id 1.1.1.1
peer 2001:db8:1::2 as-number 100
#
ipv6-family unicast
undo synchronization
network 2001:db8:5:: 64
peer 2001:db8:1::2 enable
#
return
#
mpls lsr-id 5.5.5.5
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:db8:2::2/64
#
interface GigabitEthernet1/0/1
undo shutdown
ip address 20.1.2.2 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 5.5.5.5 255.255.255.255
#
bgp 200
peer 2.2.2.2 as-number 100
peer 2.2.2.2 ebgp-max-hop 255
peer 2.2.2.2 connect-interface LoopBack1
peer 4.4.4.4 as-number 200
peer 4.4.4.4 connect-interface LoopBack1
peer 2001:db8:2::1 as-number 400
#
ipv4-family unicast
undo synchronization
peer 2.2.2.2 enable
peer 4.4.4.4 enable
peer 4.4.4.4 label-route-capability
#
ipv6-family unicast
undo synchronization
peer 2.2.2.2 enable
peer 2.2.2.2 label-route-capability
peer 2001:db8:2::1 enable
#
ospf 1
area 0.0.0.0
network 5.5.5.5 0.0.0.0
network 20.1.2.0 0.0.0.255
#
return
undo synchronization
network 2001:db8:6:: 64
peer 2001:db8:2::2 enable
#
return
Networking Requirements
If separate IPv6 networks connect to different ASs, deploy 6PE for the IPv6 networks to
communicate.
In practical application, different inter-AS 6PE solutions are provided for separate IPv6 networks
that connect to multiple ASs, depending on the types of links between the PEs of the ASs. If
inter-AS OptionC public network tunnels are established between PEs, use the inter-AS 6PE
OptionC solution. As shown in Figure 9-8, an IPv6 link is established between CE1 and PE1
and between CE2 and PE2. An IPv4 link is established between PE1 and ASBR1, between PE2
and ASBR2, and between ASBR1 and ASBR2. BGP4+ runs between CE1 and PE1 and between
PE2 and CE2. MP-EBGP runs between PE1 and PE2 and an end-to-end MPLS tunnel is
established between PE1 and PE2. To enable separate IPv6 networks to communicate, use inter-
AS OptionC solution 2.
AS 100 AS 200
Loopback1 Loopback1
3.3.3.3/32 4.4.4.4/32
GE1/0/1
GE1/0/0 GE1/0/0 GE1/0/1
20.1.1.2/24
192.1.1.1/24 192.1.1.2/24 20.1.2.1/24
Loopback1
ASBR1 ASBR2 Loopback1
2.2.2.2/32
5.5.5.5/32
GE1/0/1 GE1/0/1
PE1 20.1.1.1/24 20.1.2.2/24 PE2
GE1/0/0 GE1/0/0
2001:db8:1::2/64 2001:db8:2::2/64
GE1/0/0 GE1/0/0
2001:db8:1::1/64 2001:db8:2::1/64
CE2
CE1
AS 400
AS 300
Loopback1 Loopback1
2001:db8:5::5/64 2001:db8:6::6/64
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a dynamic routing protocol for PE1 and ASBR1 to learn each other's loopback
interface addresses and for PE2 and ASBR2 to learn each other's loopback interface
addresses.
2. Enable MPLS and MPLS LDP in each AS to ensure that MPLS LDP LSPs can be
established in each AS.
3. Configure a BGP LSP between PE1 and PE2.
l Configure the PEs in different ASs to exchange routes through ASBRs.
l Configure a routing policy on each ASBR. After receiving a loopback route from a PE
in the same AS, an ASBR assigns an MPLS label to the route when advertising this
route to the remote ASBR. An ASBR assigns new MPLS labels to labeled IPv4 routes
when advertising the routes to the PE in the local AS.
l Configure the local and remote ASBRs to exchange labeled IPv4 routes.
l Configure an LDP LSP between ASBRs to transmit the labeled BGP routes of the public
network.
4. Configure an MP-EBGP peer relationship between PE1 and PE2 and enable the function
to exchange labeled IPv6 routes on PE1 and PE2, so that BGP4+ routes can be transmitted
across multiple ASs.
NOTE
An EBGP peer relationships can be established between PEs of different ASs. In most cases, these
PEs are not directly connected, and the maximum hops between them must be specified.
5. Configure BGP4+ for CE1 and PE1 to communicate and for CE2 and PE2 to communicate.
Data Preparation
To complete the configuration, you need the following data:
l AS numbers of PE1 and ASBR1 are both 100. AS numbers of PE2 and ASBR2 are both
200. AS numbers of CE1, CE2: 300, 400, respectively
l Router IDs of CE1 and CE2: 1.1.1.1, 6.6.6.6, respectively
l Open Shortest Path First (OSPF) process ID 1 and area ID 0 of PE1, PE2, ASBR1, and
ASBR2
l MPLS LSR IDs of PE1, PE2, ASBR1, and ASBR2: 2.2.2.2, 3.3.3.3, 4.4.4.4, 5.5.5.5,
respectively
Procedure
Step 1 Configure device names and interface IP addresses.
Configure the name of each device and assign an IP address to each interface, as shown in Figure
9-8. For more information about the configuration, see the following configuration files.
Step 2 Configure an IGP on the MPLS backbone networks of AS 100 and AS 200, so that the PEs and
ASBRs on each MPLS backbone network can communicate with each other.
The following example uses OSPF as the IGP. The detailed configurations are not provided here.
NOTE
Configure OSPF to advertise the 32-bit loopback interface addresses to be used as LSR IDs.
After the configurations in this step are complete, OSPF neighbor relationships are established
between the PEs and ASBRs in the same AS. The display ospf peer command output shows
that the OSPF neighbor relationship status is Full.
The PEs and ASBRs in the same AS can learn the loopback interface addresses of each other
and ping each other.
Step 3 Establish an EBGP peer relationship between ASBRs.
# Configure ASBR1.
[ASBR1] bgp 100
[ASBR1-bgp] peer 192.1.1.2 as-number 200
[ASBR1-bgp] quit
# Configure ASBR2.
[ASBR2] bgp 200
[ASBR2-bgp] peer 192.1.1.1 as-number 100
[ASBR2-bgp] quit
After the configurations in this step are complete, run the display bgp peer command on each
ASBR. The command output shows that the EBGP peer relationship status is Established. The
following uses the display on ASBR1 as an example:
[ASBR1] display bgp peer
# Configure ASBR1 to import BGP routes to OSPF and advertise the routes of PE2 to PE1 using
OSPF.
[ASBR1] ospf 1
[ASBR1-ospf-1] import-route bgp
# Configure ASBR2 to import BGP routes to OSPF and advertise the routes of PE1 to PE2 using
OSPF.
[ASBR2] ospf 1
[ASBR2-ospf-1] import-route bgp
After the configurations in this step are complete, run the display ip routing-table command
on each PE. The following example uses the display on PE1 as an example.
[PE1] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 7 Routes : 7
Step 5 Configure basic MPLS functions and MPLS LDP on the MPLS backbone networks of AS 100
and AS 200 to establish MPLS LDP LSPs.
# Configure basic MPLS functions on PE1 and enable LDP on the interface connected to ASBR1.
[PE1] mpls lsr-id 2.2.2.2
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] mpls
[PE1-GigabitEthernet1/0/0] mpls ldp
[PE1-GigabitEthernet1/0/0] quit
# Configure basic MPLS functions on ASBR1 and enable LDP on the interface connected to
PE1.
[ASBR1] mpls lsr-id 3.3.3.3
[ASBR1] mpls
[ASBR1-mpls] quit
[ASBR1] mpls ldp
[ASBR1-mpls-ldp] quit
[ASBR1] interface gigabitethernet 1/0/1
[ASBR1-GigabitEthernet1/0/1] mpls
[ASBR1-GigabitEthernet1/0/1] mpls ldp
[ASBR1-GigabitEthernet1/0/1] quit
# Configure basic MPLS functions on ASBR2 and enable LDP on the interface connected to
PE2.
[ASBR2] mpls lsr-id 4.4.4.4
[ASBR2] mpls
[ASBR2-mpls] quit
[ASBR2] mpls ldp
[ASBR2-mpls-ldp] quit
[ASBR2] interface gigabitethernet 1/0/1
[ASBR2-GigabitEthernet1/0/1] mpls
[ASBR2-GigabitEthernet1/0/1] mpls ldp
[ASBR2-GigabitEthernet1/0/1] quit
# Configure basic MPLS functions on PE2 and enable LDP on the interface connected to ASBR2.
After the configurations in this step are complete, an LSP is established between PE1 and ASBR1
and between PE2 and ASBR2. Run the display mpls ldp lsp command. The command output
shows whether LDP LSPs have been established. The following example uses the display on
PE1.
[PE1] display mpls ldp lsp
# Configure a routing policy that applies to the routes advertised from ASBR1 to ASBR2 and
enable ASBR1 to exchange labeled IPv4 routes with ASBR2.
[ASBR1] bgp 100
[ASBR1-bgp] peer 192.1.1.2 route-policy policy1 export
[ASBR1-bgp] peer 192.1.1.2 label-route-capability
[ASBR1-bgp] quit
NOTE
The configuration of ASBR2 is similar to that of ASBR1. For more information, see the following
configuration files.
Step 7 Configure an LDP LSP between ASBRs to transmit the labeled BGP routes of the public
network.
# Configure ASBR1.
[ASBR1] mpls
[ASBR1-mpls] lsp-trigger bgp-label-route
[ASBR1-mpls] quit
# Configure ASBR2.
[ASBR2] mpls
[ASBR2-mpls] lsp-trigger bgp-label-route
[ASBR2-mpls] quit
# Configure PE2.
[PE2] bgp 200
[PE2-bgp] peer 2.2.2.2 as-number 100
[PE2-bgp] peer 2.2.2.2 connect-interface LoopBack 1
[PE2-bgp] peer 2.2.2.2 ebgp-max-hop
[PE2-bgp] ipv6-family unicast
[PE2-bgp-af-ipv6] peer 2.2.2.2 enable
[PE2-bgp-af-ipv6] quit
[PE2-bgp] quit
Step 9 Configure CE1 to communicate with PE1 and CE2 to communicate with PE2.
# Configure CE1.
[CE1] ipv6
[CE1] bgp 300
[CE1-bgp] router-id 1.1.1.1
[CE1-bgp] peer 2001:db8:1::2 as-number 100
[CE1-bgp] ipv6-family unicast
[CE1-bgp-af-ipv6] peer 2001:db8:1::2 enable
[CE1-bgp-af-ipv6] network 2001:db8:5::5 64
[CE1-bgp-af-ipv6] quit
[CE1-bgp] quit
# Configure PE1.
[PE1] ipv6
[PE1] bgp 100
[PE1-bgp] peer 2001:db8:1::1 as-number 300
[PE1-bgp] ipv6-family unicast
[PE1-bgp-af-ipv6] peer 2001:db8:1::1 enable
[PE1-bgp-af-ipv6] quit
[PE1-bgp] quit
# Configure PE2.
[PE2] ipv6
[PE2] bgp 200
[PE2-bgp] peer 2001:db8:2::1 as-number 400
[PE2-bgp] ipv6-family unicast
[PE2-bgp-af-ipv6] peer 2001:db8:2::1 enable
[PE2-bgp-af-ipv6] quit
[PE2-bgp] quit
# Configure CE2.
[CE2] ipv6
[CE2] bgp 400
[CE2-bgp] router-id 6.6.6.6
[CE2-bgp] peer 2001:db8:2::2 as-number 200
[CE2-bgp] ipv6-family unicast
[CE2-bgp-af-ipv6] peer 2001:db8:2::2 enable
[CE2-bgp-af-ipv6] network 2001:db8:6::6 64
[CE2-bgp-af-ipv6] quit
[CE2-bgp] quit
# Run the display bgp ipv6 peer command on PE1 and PE2. The command output shows that
the BGP4+ peer relationship has been established.
[PE1] display bgp ipv6 peer
# Ping the Loopback1 interface of CE2 from CE1. The command output shows that the
Loopback1 interface of CE2 can be pinged.
[CE1] ping ipv6 2001:db8:6::6
PING 2001:db8:6::6 : 56 data bytes, press CTRL_C to break
Reply from 2001:db8:6::6
bytes=56 Sequence=1 hop limit=62 time = 150 ms
Reply from 2001:db8:6::6
bytes=56 Sequence=2 hop limit=62 time = 140 ms
Reply from 2001:db8:6::6
bytes=56 Sequence=3 hop limit=62 time = 90 ms
Reply from 2001:db8:6::6
bytes=56 Sequence=4 hop limit=62 time = 110 ms
Reply from 2001:db8:6::6
bytes=56 Sequence=5 hop limit=62 time = 100 ms
----End
Configuration Files
l CE1 configuration file
#
sysname CE1
#
ipv6
#
interface GigabitEthernet1/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:db8:1::1/64
#
interface LoopBack1
ipv6 enable
ipv6 address 2001:db8:5::5/64
#
bgp 300
router-id 1.1.1.1
peer 2001:db8:1::2 as-number 100
#
ipv6-family unicast
undo synchronization
network 2001:db8:5:: 64
peer 2001:db8:1::2 enable
#
return
#
return
undo shutdown
ip address 20.1.2.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
#
bgp 200
peer 192.1.1.1 as-number 100
#
ipv4-family unicast
undo synchronization
network 5.5.5.5 255.255.255.255
peer 192.1.1.1 enable
peer 192.1.1.1 route-policy policy1 export
peer 192.1.1.1 label-route-capability
#
ospf 1
import-route bgp
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 20.1.2.0 0.0.0.255
#
route-policy policy1 permit node 10
apply mpls-label
#
return
Networking Requirements
A 6PE device learns the 6PE routes with the same IP prefix from different 6PE peers. After BGP
6PE FRR is configured on the 6PE device, a backup link can be selected for the device. When
the next hop of the primary route between PEs becomes unreachable, traffic can be quickly
switched to the backup link.
As shown in Figure 9-9, 6PE peer relationships are established between PE1 and PE2, and
between PE1 and PE3. PE1 receives the 6PE routes to the loopback interface on the CE from
PE2 and PE3. On PE1, it is required to configure a primary 6PE route and a backup 6PE route
to the loopback interface on the CE, with Link_A serving as the primary link and Link_B serving
as the backup link.
Loopback1
3.3.3.3/32
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure an IGP on the IPv4/MPLS network to enable the connectivity between network
devices.
2. Enable MPLS and MPLS LDP globally and on the interfaces of the routers on the network
and set up LDP LSPs.
3. Establish 6PE peer relationships between the PEs.
4. Establish EBGP peer relationships between the PEs and CE and import the address of the
loopback interface on the CE into BGP.
5. Configure 6PE FRR on PE1.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure IP or IPv6 addresses for the interfaces on the routers. For details, see the following
configuration files.
In this example, OSPF, as an IGP, is configured. For the configuration details, see the following
configuration files.
After the configuration is complete, run the display ip routing-table command on the PEs, and
you can see that the routers have learned the addresses of the loopback interfaces on the other
routers. The following takes the display on PE1 as an example:
[PE1] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Step 3 Enable MPLS and MPLS LDP globally and on the interfaces of the routers on the network and
set up LDP LSPs.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface pos2/0/0
[PE1-Pos2/0/0] mpls
[PE1-Pos2/0/0] mpls ldp
[PE1-Pos2/0/0] quit
[PE1] interface pos3/0/0
[PE1-Pos3/0/0] mpls
[PE1-Pos3/0/0] mpls ldp
[PE1-Pos3/0/0] quit
The configurations of the PE2 and PE3 are similar to the configuration of PE1. For details, see
the following configuration files.
After the configuration is complete, run the display mpls ldp lsp command on the PEs, and you
can find the labels allocated to the routes to the loopback interfaces on the other PEs.
[PE1] display mpls ldp lsp
LDP LSP Information
-------------------------------------------------------------------------------
DestAddress/Mask In/OutLabel UpstreamPeer NextHop OutInterface
-------------------------------------------------------------------------------
1.1.1.1/32 3/NULL 2.2.2.2 127.0.0.1 InLoop0
1.1.1.1/32 3/NULL 3.3.3.3 127.0.0.1 InLoop0
*1.1.1.1/32 Liberal/1024 DS/2.2.2.2
*1.1.1.1/32 Liberal/1024 DS/3.3.3.3
2.2.2.2/32 NULL/3 - 30.1.1.2 Pos2/0/0
2.2.2.2/32 1024/3 2.2.2.2 30.1.1.2 Pos2/0/0
2.2.2.2/32 1024/3 3.3.3.3 30.1.1.2 Pos2/0/0
*2.2.2.2/32 Liberal/1025 DS/3.3.3.3
3.3.3.3/32 NULL/3 - 20.1.1.2 Pos3/0/0
3.3.3.3/32 1025/3 2.2.2.2 20.1.1.2 Pos3/0/0
3.3.3.3/32 1025/3 3.3.3.3 20.1.1.2 Pos3/0/0
*3.3.3.3/32 Liberal/1025 DS/2.2.2.2
-------------------------------------------------------------------------------
TOTAL: 8 Normal LSP(s) Found.
TOTAL: 4 Liberal LSP(s) Found.
TOTAL: 0 Frr LSP(s) Found.
A '*' before an LSP means the LSP is not established
A '*' before a Label means the USCB or DSCB is stale
A '*' before a UpstreamPeer means the session is in GR state
A '*' before a NextHop means the LSP is FRR LSP
Establish 6PE peer relationships between PE1 and PE2, and between PE1 and PE3.
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] peer 2.2.2.2 as-number 100
[PE1-bgp] peer 2.2.2.2 connect-interface LoopBack1
[PE1-bgp] peer 3.3.3.3 as-number 100
[PE1-bgp] peer 3.3.3.3 connect-interface LoopBack1
[PE1-bgp] ipv6-family unicast
[PE1-bgp-af-ipv6] peer 2.2.2.2 enable
[PE1-bgp-af-ipv6] peer 2.2.2.2 label-route-capability
[PE1-bgp-af-ipv6] peer 3.3.3.3 enable
[PE1-bgp-af-ipv6] peer 3.3.3.3 label-route-capability
[PE1-bgp-af-ipv6] quit
[PE1-bgp] quit
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.1 as-number 100
[PE2-bgp] peer 1.1.1.1 connect-interface LoopBack1
[PE2-bgp] ipv6-family unicast
[PE2-bgp-af-ipv6] peer 1.1.1.1 enable
[PE2-bgp-af-ipv6] peer 1.1.1.1 label-route-capability
[PE2-bgp-af-ipv6] quit
[PE2-bgp] quit
# Configure PE3.
[PE3] bgp 100
[PE3-bgp] peer 1.1.1.1 as-number 100
[PE3-bgp] peer 1.1.1.1 connect-interface LoopBack1
[PE3-bgp] ipv6-family unicast
[PE3-bgp-af-ipv6] peer 1.1.1.1 enable
[PE3-bgp-af-ipv6] peer 1.1.1.1 label-route-capability
[PE3-bgp-af-ipv6] quit
[PE3-bgp] quit
After the configuration is complete, run the display bgp ipv6 peer command on the PEs, and
you can find that the status of the peer relationships is Established. The following takes the
display on PE1 as an example:
[PE1] display bgp ipv6 peer
Step 5 Establish EBGP peer relationships between PE2 and the CE, and between PE3 and the CE, and
import the address of the loopback interface on the CE into BGP.
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] peer 2001:db8:2001::2 as-number 200
[PE2-bgp] ipv6-family unicast
[PE2-bgp-af-ipv6] peer 2001:db8:2001::2 enable
[PE2-bgp-af-ipv6] quit
[PE2-bgp] quit
# Configure PE3.
[PE3] bgp 100
[PE3-bgp] peer 2001:db8:2002::2 as-number 200
[PE3-bgp] ipv6-family unicast
[PE3-bgp-af-ipv6] peer 2001:db8:2002::2 enable
[PE3-bgp-af-ipv6] quit
[PE3-bgp] quit
After the configuration is complete, run the display ipv6 routing-table command on the PEs,
and you can find that the PEs have received the routes to the loopback interface on the CE. The
following takes the display on PE2 as an example:
<PE2> display ipv6 routing-table
Routing Table : Public
Destinations : 5 Routes : 5
Step 6 Configure a routing policy on PE3 and apply this policy to make the cost of the route sent from
PE3 to PE1 greater than the cost of the route sent from PE2 to PE1. In this case, PE1 later will
select the route sent from PE2.
# Configure PE3.
[PE3] route-policy addcost permit node 10
[PE3-route-policy] apply cost 20
[PE3-route-policy] quit
[PE3] bgp 100
[PE3-bgp] ipv6-family unicast
[PE3-bgp-af-ipv6] peer 1.1.1.1 route-policy addcost export
[PE3-bgp-af-ipv6] quit
[PE3-bgp] quit
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] ipv6-family unicast
[PE1-bgp-af-ipv6] auto-frr
[PE1-bgp-af-ipv6] quit
[PE1-bgp] quit
After running the undo ipv6 enable command on GE 2/0/0 of PE2, run the display ipv6 routing-
table command on PE1. You can find that PE3 is the next hop of PE1 on the route to the loopback
interface on the CE and there is no backup next hop for PE1.
[PE1] display ipv6 routing-table 2001:db8:2003::1 verbose
Routing Table :
Summary Count : 1
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
interface Pos2/0/0
link-protocol ppp
ip address 30.1.1.1 255.255.255.252
mpls
mpls ldp
#
interface Pos3/0/0
link-protocol ppp
ip address 20.1.1.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
bgp 100
router-id 1.1.1.1
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack1
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.2 enable
peer 3.3.3.3 enable
#
ipv6-family unicast
undo synchronization
auto-frr
peer 2.2.2.2 enable
peer 2.2.2.2 label-route-capability
peer 3.3.3.3 enable
peer 3.3.3.3 label-route-capability
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 30.1.1.0 0.0.0.3
network 20.1.1.0 0.0.0.3
#
return
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface Pos1/0/0
link-protocol ppp
ip address 30.1.1.2 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet2/0/0
link-protocol ppp
ipv6 enable
ipv6 address 2001:db8:2001::1 64
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
bgp 100
router-id 2.2.2.2
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack1
peer 2001:db8:2001::2 as-number 200
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
#
ipv6-family unicast
undo synchronization
peer 1.1.1.1 enable
peer 1.1.1.1 label-route-capability
peer 2001:db8:2001::2 enable
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 30.1.1.0 0.0.0.3
#
return
#
bgp 100
router-id 3.3.3.3
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack1
peer 2001:db8:2002::2 as-number 200
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
#
ipv6-family unicast
undo synchronization
peer 1.1.1.1 enable
peer 1.1.1.1 route-policy addcost export
peer 1.1.1.1 label-route-capability
peer 2001:db8:2002::2 enable
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 20.1.1.0 0.0.0.3
#
route-policy addcost permit node 10
apply cost 20
#
return
Routing policies are used to filter routes to change the path through which network traffic passes.
10.1 Introduction
By configuring routing policies, you can properly use network resources.
10.1 Introduction
By configuring routing policies, you can properly use network resources.
Routing Policy
Routing policies are used to filter routes and control the receiving and advertising of routes. By
changing the route attributes such as reachability, you can change the path that the traffic passes
through.
When a router sends or receives routes, it may use certain policies to filter routes. The policies
are used in the following situations:
l Define a set of matching rules and setting rules. The policy is applied to the routing
information to meet the requirements of the matching rules.
l Apply the matching rules to the routing policies for route advertisement, reception, and
import.
Routing policies and PBR are different concepts. Table 10-1 shows the differences between the
two concepts.
Forwards packets based on the Forwards packets based on the policy. If packets
destination address in the routing table. fail to be forwarded, the device forwards packets
by searching the routing table.
Based on the control plane and serves Based on forwarding plane and serves for the
the routing protocol and routing table. forwarding policy.
Combines with the routing protocol Needs to be manually configured hop by hop to
ensure that the packet is forwarded through the
policy.
Filters
The NE80E/40E provides several types of filters for routing protocols, such as Access Control
Lists (ACLs), IP prefix lists, AS-Path filters, community filters, extended community filters
(Extcommunity-filters), and Route-Policies.
l ACL
The ACL consists of the ACL for IPv4 packets and the ACL for IPv6 packets. According
to the usage, ACLs are classified into three types, that is, interface-based ACLs, basic
ACLs, and advanced ACLs. When defining an ACL, you can specify the IP address and
subnet range to match the destination network segment address or the next hop address of
a route.
For details of the ACL configuration, refer to the HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services.
l IP-Prefix List
The IP-prefix list consists of IPv4 prefix list and IPv6 prefix list. The implementation of
the IP-prefix is flexible.
An IP-prefix list is identified by its list name. Each prefix list includes multiple entries.
Each entry can independently specify the matching range in the form of the network prefix.
The matching range is identified by an index number that designates the sequence of the
matching check.
During the matching, the router checks entries identified by index numbers in an ascending
order. When a route matches an entry, the system does not search the next entry matching
the route. For the detailed configuration, refer to Configuring the IP-Prefix List.
l AS-Path Filter
Border Gateway Protocol (BGP) routing information packet includes an autonomous
system (AS) path domain. The AS-Path filter specifies the matching condition for the AS
path domain.
For the configuration of AS-Path filter, refer to BGP Configuration.
l Community Filter
The community filter is used only in BGP. The BGP routing information includes a
community attribute domain. It is used to identify a community. The community filter
specifies the matching condition for the community attribute domain.
l Import routes that meet the matching rules through filters when a routing protocol imports
routes discovered by other protocols.
l Filter routes that a routing protocol advertises or receives. Only the routes that meet the
matching rules are received or advertised.
For the configuration of routing policy applications, refer to the related routing protocol
configurations.
NOTE
After the routing policy changes, Routing Management Module (RM) immediately notifies various
protocols for processing by default.
Applicable Environment
Before applying a routing policy, you should set the matching rules, that is, filters. Compared
with an ACL, an IP prefix list is more flexible. When the IP prefix list is used to filter routes, it
matches the destination address of a route.
Pre-configuration Tasks
None.
Data Preparation
To configure an IP prefix list, you need the following data.
No. Data
Context
Perform the following steps on the router to which the IP prefix list is applied:
Procedure
Step 1 Run:
system-view
Step 2 Run:
ip ip-prefix ip-prefix-name [ index index-number ] { permit | deny } ip-address
mask-length [ match-network ] [ greater-equal greater-equal-value ] [ less-equal
less-equal-value ]
match-network is used to filter routes to a specified IP address and can be configured only when
ipv4-address is 0.0.0.0. For example, the ip ip-prefix prefix1 permit 0.0.0.0 8 command filters
all routes with mask length 8, while the ip ip-prefix prefix1 permit 0.0.0.0 8 match-
network command filters all routes to the IP address range from 0.0.0.1 to 0.255.255.255.
The range of the mask length can be specified as mask-length <= greater-equal-value <= less-
equal-value <= 32. If only greater-equal is specified, the range of the prefix is [greater-equal-
value, 32]; if only less-equal is specified, the range of the prefix is [mask-length, less-equal-
value].
An IPv4 prefix list is identified by its list name. Each prefix list contains multiple entries. Each
entry can independently specify the matching range in the form of the network prefix and identify
it with an index number. For example, the following shows an IPv4 prefix list named abcd:
#
ip ip-prefix abcd index 10 permit 1.0.0.0 8
ip ip-prefix abcd index 20 permit 2.0.0.0 8
During the matching, the system checks the entries identified by the index numbers in an
ascending order. When a route matches an entry, it does not match other entries.
In the NE80E/40E, all unmatched routes cannot pass the filtering list. If all entries are in deny
mode, all routes are filtered. It is recommended that you define a permit 0.0.0.0 0 less-equal
32 entry after multiple entries in deny mode, therefore allowing all the other IPv4 routes to pass
the IP prefix list.
NOTE
If more than one IP-prefix entry is defined, at least one entry should be in the permit mode.
----End
Context
Perform the following steps on the router to which the IP prefix list is applied:
Procedure
Step 1 Run:
system-view
Step 2 Run:
ip ipv6-prefix ipv6-prefix-name [ index index-number ] { permit | deny } ipv6-
address prefix-length [ match-network ] [ greater-equal greater-equal-value ]
[ less-equal less-equal-value ]
match-network is used to filter routes to a specified IPv6 address and can be configured only
when ipv6-address is 0.0.0.0. For example, the ip ipv6-prefix prefix1 permit :: 96 command
filters all IPv6 routes with mask length 96, while the ip ipv6-prefix prefix1 permit :: 96 match-
network command filters all routes to the IPv6 address range from ::1 to ::FFFF:FFFF.
The range of the prefix length can be specified as prefix-length <= greater-equal-value <= less-
equal-value <= 128. If only greater-equal is specified, the range of the prefix is [greater-equal-
value, 128]; if only less-equal is specified, the range of the prefix is [prefix-length, less-equal-
value].
An IPv6 prefix list is identified by its list name. Each prefix list can include multiple entries.
Each entry can independently specify the matching range in the form of the network prefix and
identify it with an index number. For example, the following shows an IPv6 prefix list named
abcd:
#
ip ipv6-prefix abcd index 10 permit 2001:db8:1:: 64
ip ipv6-prefix abcd index 20 permit 2001:db8:2:: 64
During the matching, the system checks the entries identified by the index numbers in an
ascending order. When a route matches an entry, it does not match other entries.
In NE80E/40E, all unmatched routes are filtered. If all entries are in deny mode, all routes are
filtered. It is recommended that you define a permit :: 0 less-equal 128 after multiple entries
in deny mode, therefore allowing all the other IPv6 routes to pass the IP prefix list.
NOTE
If more than one IP-prefix entry is defined, at least one entry should be in the permit mode.
----End
Prerequisites
The IP-Prefix list has been configured.
Procedure
l Run the display ip ip-prefix [ ip-prefix-name ] command to check information about the
IPv4 prefix list.
l Run the display ip ipv6-prefix [ ipv6-prefix-name ] command to check information about
the IPv6 prefix list.
----End
Example
Run the display ip ip-prefix p1 command. You can view information about the prefix list named
p1.
Applicable Environment
A Route-Policy is used to match routes or certain route attributes, and to change these attributes
when the matching rules are met.
A Route-Policy consists of multiple nodes. Each node is classified into the following clauses:
l if-match clauses: define the matching rules. The matching rules are used by the routes that
match the Route-Policy. The matching objects refer to some attributes of the route.
l apply clauses: specify actions, that is, configuration commands used to modify certain
attributes.
For more information about Route-Policy, refer to the HUAWEI NetEngine80E/40E Router
Feature Description - IP Routing.
Pre-configuration Tasks
To configure a Route-Policy, complete the following tasks:
Data Preparation
To configure a Route-Policy, you need the following data.
No. Data
2 Matching rule
Context
Perform the following steps on the router to which the Route-Policy is applied:
Procedure
Step 1 Run:
system-view
Step 2 Run:
route-policy route-policy-name { permit | deny } node node
l The parameter permit specifies a node in a Route-Policy in permit mode. If a route matches
the node, the router performs actions defined by the apply clauses and the matching is
complete. Otherwise, the route continues to match the next nod.
l The parameter deny specifies a node in a Route-Policy in deny mode. In deny mode, the
apply clauses are not used. If a route entry matches all the if-match clauses of the node, the
route is denied by the node and the next node is not matched. If the entry does not match all
the clauses, the next node is matched.
NOTE
In the NE80E/40E, by default, the unmatched routes are denied. If multiple nodes are defined in a Route-
Policy, at least one of them should be in permit mode.
When the parameter route-policy is used to filter routes, note the following:
When a Route-Policy is used to filter the routing information, the node with the smaller value
of node is tested first.
----End
Context
Each node of a Route-Policy can comprise multiple if-match clauses or no if-match clause at
all. If no if-match clause is configured for a node in the permit mode, all routes match the node.
Perform the following steps on the router to which the Route-Policy is applied:
Procedure
Step 1 Run:
system-view
Step 2 Run:
route-policy route-policy-name { permit | deny } node node
the system will take the action specified in the apply clause in the second node in
the route-policy.
l To set a matching rule that is based on the advanced ACL, perform the following steps:
1. Run if-match acl acl-name, the ACL is configured to match the routes.
2. Run quit, return to the system view.
3. Run acl name acl-name advance [ number acl-number2 ] [ match-order { auto |
config } ], the basic ACL view is displayed.
4. Run rule [ rule-id ] { deny | permit } protocol [ source { source-ip-address source-
wildcard | any } | time-range time-name ] *, a rule is configured for the basic ACL.
When a route-policy is configured to filter routes:
– If the action specified in an ACL rule is permit, a route that has matched this rule
is considered to have passed the check by the if-match clause.
– If the action specified in an ACL rule is deny, a route that has matched this rule is
considered to have failed the check by the if-match clause.
– If a route has not matched any ACL rules, the route is considered to have failed the
check by the if-match clause.
– If an ACL does not contain any rules, all routes are considered to have failed the
check by the if-match clause.
– In a route-policy where the first node is a permit node, if a route has passed the
check by the if-match clause, the system will take the action specified in the
apply clause on this route. If the route has not passed the check by the if-match
clause, the system will take the action specified in the apply clause in the second
node in the route-policy.
– In a route-policy where the first node is a deny node, if a route has passed the check
by the if-match clause, the system will not take the action specified in the apply
clause on this route. If the route has not passed the check by the if-match clause,
the system will take the action specified in the apply clause in the second node in
the route-policy.
l Run:
if-match cost cost
The next hop, the source address or the multicast group address is configured to match the
routes.
l Run:
if-match ip-prefix ip-prefix-name
NOTE
For the same Route-Policy node, you cannot run the if-match acl command and the if-match ip-
prefix command at the same time. This is because the latest configuration overrides the previous
configuration.
l Run:
if-match ipv6 { address | next-hop | route-source } prefix-list ipv6-prefix-name
The next hop or the source address is configured to match the routes.
l Perform as follows to match the type of the route:
– Run:
if-match route-type { external-type1 | external-type1or2 | external-type2 |
internal | nssa-external-type1 | nssa-external-type1or2 | nssa-external-
type2 }
The route type, OSPF in this case, is set to match the routes.
– Run:
if-match route-type { is-is-level-1 | is-is-level-2 }
The route type, IS-IS in this case, is set to match the routes.
l Run:
if-match tag tag
The commands in Step 3 can be used regardless of the order. A node can have multiple or no
if-match clauses.
NOTE
l For the same node in a route-policy, the relationship between if-match clauses is "AND". The route
must meet all the matching rules before the actions defined by the apply clauses are performed. In the
if-match route-type and if-match interface commands, the relationship between the if-match clauses
is "OR". In other commands, the relationship between if-match clauses is "AND".
l If no if-match clause is specified, all the routes meet the matching rules.
----End
Context
Each node of a Route-Policy can comprise multiple apply clauses or no apply clause at all. The
apply clause is not used when routes need to be filtered but attributes of the routes do not need
to be set.
Perform the following steps on the router to which the Route-Policy is applied:
Procedure
Step 1 Run:
system-view
Step 2 Run:
route-policy route-policy-name { permit | deny } node node
The area of the OSPF that routes are imported into is set.
l Run:
apply preference preference
----End
Context
A route-policy can be applied to direct, static, RIP/RIPng, IS-IS, OSPF/OSPFv3, BGP/BGP4+,
multicast, and BGP/MPLS IP VPN routes. In addition, a route-policy can be applied to an FRR
scenario. Perform one of the following configurations as needed:
l Apply a route-policy to direct routes.
l Apply a route-policy to static routes.
l Apply a route-policy to RIP routes.
l Apply a route-policy to RIPng routes.
l Apply a route-policy to IPv4 IS-IS routes.
l Apply a route-policy to IPv6 IS-IS routes.
l Apply a route-policy to OSPF routes.
l Apply a route-policy to OSPFv3 routes.
l Apply a route-policy to BGP routes.
l Apply a route-policy to BGP4+ routes.
l Apply a route-policy to multicast routes.
l Apply a route-policy to BGP/MPLS IP VPN routes.
l Apply a route-policy to an FRR scenario.
Procedure
l Apply a route-policy to direct routes.
1. Run:
system-view
rip [ process-id ]
Table 10-5 Applying a route-policy to IPv4 IS-IS routes in the IS-IS view
– To apply a route-policy in the IS-IS FRR view, perform the following operations:
Table 10-6 Applying a route-policy to IPv6 IS-IS routes in the IS-IS view
– To apply a route-policy in the IS-IS IPv6 topology view, perform the following
operations:
1. Run the system-view command to enter the system view.
2. Run the isis [ process-id ] command to enter the IS-IS view.
3. Run the ipv6 topology topology-name [ topology-id { multicast | topology-id } ]
command to bind the IS-IS process to an IPv6 topology and enter the IS-IS IPv6
topology view.
4. Run the import-route { direct | unr | { ospfv3 | ripng | isis } [ process-id ] |
bgp [ permit-ibgp ] } inherit-cost [ tag tag | route-policy route-policy-name |
{ level-1 | level-2 | level-1-2 } ] * command to import routes to the IS-IS IPv6
topology.
For details on how to configure IPv6 IS-IS multi-topology, see 7.18 Configuring
Multi-Topology for IPv6 IS-IS.
l Apply a route-policy to OSPF routes.
– To apply a route-policy in the OSPF view, perform the following operations:
1. Run the system-view command to enter the system view.
2. Run the ospf [ process-id ] command to enable an OSPF process and enter the
OSPF view.
3. To apply a route-policy to OSPF routes in the OSPF view, see Table 10-7.
– To apply a route-policy in the OSPF area view, perform the following operations:
– To apply a route-policy in the OSPFv3 area view, perform the following operations:
1. Run the system-view command to enter the system view.
2. Run the ospfv3 [ process-id ] command to enable an OSPFv3 process and enter
the OSPFv3 view.
3. Run the area area-id command to enter the OSPFv3 area view.
4. Perform either of the following operations to apply a route-policy in the OSPFv3
area view:
– Run the filter route-policy route-policy-name export command to apply a
route-policy to outgoing Type 3 LSAs (Inter-Area-Prefix-LSAs) in the area.
– Run the filter route-policy route-policy-name import command to apply a
route-policy to incoming Type 3 LSAs in the area.
For details on how to apply a route-policy to Type 3 LSAs, see 6.7.5 (Optional)
Configuring OSPFv3 to Filter LSAs in an Area.
– To apply a route-policy in the OSPFv3 FRR view, perform the following operations:
1. Run the system-view command to enter the system view.
2. Run the ospfv3 [ process-id ] command to enable an OSPFv3 process and enter
the OSPFv3 view.
3. Run the frr command to enter the OSPFv3 IP FRR view.
4. Run the loop-free-alternate command to enable OSPFv3 IP FRR.
5. Run the frr-policy route route-policy route-policy-name command to configure
OSPFv3 to add the backup routes that match a route-policy to the IP routing table.
For details on how to configure OSPFv3 IP FRR, see 6.11 Configuring OSPFv3
IP FRR.
l Apply a route-policy to BGP routes.
1. Run the system-view command to enter the system view.
2. Run the bgp { as-number-plain | as-number-dot } command to enter the BGP view.
3. Run the ipv4-family unicast command to enter the IPv4 unicast address family view.
4. To apply a route-policy to specific BGP routes, see Table 10-9.
Prerequisites
The Route-Policy has been configured.
Procedure
l Run the display route-policy [ route-policy-name ] command to check the Route-Policy.
----End
Applicable Environment
After defining the filters including the IP prefix list, ACL, and Route-Policy related to the routing
policy, you need to import the filters to the protocols. The routing filters are used in the following
situations:
l BGP has powerful filtering functions. For details of BGP configuration, refer to BGP
Configuration.
l You can run the filter-policy command and the import-route command with different parameters for
RIP, OSPF, IS-IS, and BGP. For details, refer to related configurations.
Pre-configuration Tasks
Before applying filters to received routes, complete the following tasks:
Data Preparation
To apply filters to received routes, you need the following data.
No. Data
Context
Perform the following steps on the router that runs RIP:
Procedure
Step 1 Run:
system-view
Step 2 Run:
rip [ process-id ] [ vpn-instance vpn-instance-name ]
rule with a larger number in the same ACL and specify the action permit in this rule
to receive or advertise the other routes.
Route filtering using a whitelist: Configure a rule with a smaller number and specify
the action permit in this rule to permit the routes to be received or advertised by the
system. Then, configure another rule with a larger number in the same ACL and
specify the action deny in this rule to filter out unwanted routes.
l Based on the advanced ACL:
1. Run filter-policy acl-name acl-name import [ interface-type interface-number ], the
filtering policy is configured for routes received by RIP.
2. Run quit, return to the system view.
3. Run acl name acl-name advance [ number acl-number2 ] [ match-order { auto |
config } ], the basic ACL view is displayed.
4. Run rule [ rule-id ] { deny | permit } protocol [ source { source-ip-address source-
wildcard | any } | time-range time-name ] *, a rule is configured for the basic ACL.
When a filtering policy of a routing protocol is used to filter routes:
– If the action specified in an ACL rule is permit, a route that matches the rule will
be received or advertised by the system.
– If the action specified in an ACL rule is deny, a route that matches the rule will not
be received or advertised by the system.
– If a route has not matched any ACL rules, the route will not be received or advertised
by the system.
– If an ACL does not contain any rules, all routes matching the route-policy that
references the ACL will not be received or advertised by the system.
– If the ACL referenced by the route-policy does not exist, all routes matching the
route-policy will be received or advertised by the system.
– In the configuration order, the system first matches a route with a rule that has a
smaller number and then matches the route with a rule with a larger number. Routes
can be filtered using a blacklist or a whitelist:
Route filtering using a blacklist: Configure a rule with a smaller number and specify
the action deny in this rule to filter out the unwanted routes. Then, configure another
rule with a larger number in the same ACL and specify the action permit in this rule
to receive or advertise the other routes.
Route filtering using a whitelist: Configure a rule with a smaller number and specify
the action permit in this rule to permit the routes to be received or advertised by the
system. Then, configure another rule with a larger number in the same ACL and
specify the action deny in this rule to filter out unwanted routes.
l Based on the IP prefix: filter-policy gateway ip-prefix-name import
l Based on the IP prefix: filter-policy ip-prefix ip-prefix-name [ gateway ip-prefix-name ]
import [ interface-type interface-number ]
The filter-policy is configured in the RIP process. If routes are filtered based on an interface,
you can configure only one route-policy based on the interface at a time. If no interface is
specified, the system considers the configured route-policy as the global route-policy, and you
can configure only one route-policy at a time. If the route-policy is configured repeatedly, the
new route-policy will replace the old route-policy.
----End
Context
Perform the following steps on the router that runs OSPF:
Procedure
Step 1 Run:
system-view
rule with a larger number in the same ACL and specify the action permit in this rule
to receive or advertise the other routes.
Route filtering using a whitelist: Configure a rule with a smaller number and specify
the action permit in this rule to permit the routes to be received or advertised by the
system. Then, configure another rule with a larger number in the same ACL and
specify the action deny in this rule to filter out unwanted routes.
l Based on the advanced ACL:
1. Run filter-policy acl-name acl-name import, the filtering policy is configured for
routes received by OSPF.
2. Run quit, return to the system view.
3. Run acl name acl-name advance [ number acl-number2 ] [ match-order { auto |
config } ], the basic ACL view is displayed.
4. Run rule [ rule-id ] { deny | permit } protocol [ source { source-ip-address source-
wildcard | any } | time-range time-name ] *, a rule is configured for the basic ACL.
When a filtering policy of a routing protocol is used to filter routes:
– If the action specified in an ACL rule is permit, a route that matches the rule will
be received or advertised by the system.
– If the action specified in an ACL rule is deny, a route that matches the rule will not
be received or advertised by the system.
– If a route has not matched any ACL rules, the route will not be received or advertised
by the system.
– If an ACL does not contain any rules, all routes matching the route-policy that
references the ACL will not be received or advertised by the system.
– If the ACL referenced by the route-policy does not exist, all routes matching the
route-policy will be received or advertised by the system.
– In the configuration order, the system first matches a route with a rule that has a
smaller number and then matches the route with a rule with a larger number. Routes
can be filtered using a blacklist or a whitelist:
Route filtering using a blacklist: Configure a rule with a smaller number and specify
the action deny in this rule to filter out the unwanted routes. Then, configure another
rule with a larger number in the same ACL and specify the action permit in this rule
to receive or advertise the other routes.
Route filtering using a whitelist: Configure a rule with a smaller number and specify
the action permit in this rule to permit the routes to be received or advertised by the
system. Then, configure another rule with a larger number in the same ACL and
specify the action deny in this rule to filter out unwanted routes.
l Based on the IP prefix: filter-policy { acl-number | acl-name acl-name | ip-prefix ip-prefix-
name } import
----End
Context
Perform the following steps on the router that runs IS-IS:
Procedure
Step 1 Run:
system-view
system. Then, configure another rule with a larger number in the same ACL and
specify the action deny in this rule to filter out unwanted routes.
l Based on the named advanced ACL:
1. Run filter-policy acl-name acl-name import, you can configure IS-IS to filter the
received routes to be added to the IP routing table.
2. Run quit, return to the system view.
3. Run acl name acl-name advance [ number acl-number2 ] [ match-order { auto |
config } ], the basic ACL view is displayed.
4. Run rule [ rule-id ] { deny | permit } protocol [ source { source-ip-address source-
wildcard | any } | time-range time-name ] *, a rule is configured for the basic ACL.
When a filtering policy of a routing protocol is used to filter routes:
– If the action specified in an ACL rule is permit, a route that matches the rule will
be received or advertised by the system.
– If the action specified in an ACL rule is deny, a route that matches the rule will not
be received or advertised by the system.
– If a route has not matched any ACL rules, the route will not be received or advertised
by the system.
– If an ACL does not contain any rules, all routes matching the route-policy that
references the ACL will not be received or advertised by the system.
– If the ACL referenced by the route-policy does not exist, all routes matching the
route-policy will be received or advertised by the system.
– In the configuration order, the system first matches a route with a rule that has a
smaller number and then matches the route with a rule with a larger number. Routes
can be filtered using a blacklist or a whitelist:
Route filtering using a blacklist: Configure a rule with a smaller number and specify
the action deny in this rule to filter out the unwanted routes. Then, configure another
rule with a larger number in the same ACL and specify the action permit in this rule
to receive or advertise the other routes.
Route filtering using a whitelist: Configure a rule with a smaller number and specify
the action permit in this rule to permit the routes to be received or advertised by the
system. Then, configure another rule with a larger number in the same ACL and
specify the action deny in this rule to filter out unwanted routes.
l Based on the IP prefix: filter-policy ip-prefix ip-prefix-name import
l Based on the Route-Policy: filter-policy route-policy route-policy-name import
----End
Procedure
l Filtering the Received Routes
1. Run:
system-view
number in the same ACL and specify the action deny in this rule to filter
out unwanted routes.
– Based on the advanced ACL:
a. Run filter-policy acl-name acl-name import, the filtering policy is
configured for routes received by BGP.
b. Run quit, return to the system view.
c. Run acl name acl-name advance [ number acl-number2 ] [ match-order
{ auto | config } ], the basic ACL view is displayed.
d. Run rule [ rule-id ] { deny | permit } protocol [ source { source-ip-address
source-wildcard | any } | time-range time-name ] *, a rule is configured for
the basic ACL.
When a filtering policy of a routing protocol is used to filter routes:
– If the action specified in an ACL rule is permit, a route that matches the
rule will be received or advertised by the system.
– If the action specified in an ACL rule is deny, a route that matches the
rule will not be received or advertised by the system.
– If a route has not matched any ACL rules, the route will not be received
or advertised by the system.
– If an ACL does not contain any rules, all routes matching the route-
policy that references the ACL will not be received or advertised by the
system.
– If the ACL referenced by the route-policy does not exist, all routes
matching the route-policy will be received or advertised by the system.
– In the configuration order, the system first matches a route with a rule that
has a smaller number and then matches the route with a rule with a larger
number. Routes can be filtered using a blacklist or a whitelist:
Route filtering using a blacklist: Configure a rule with a smaller number
and specify the action deny in this rule to filter out the unwanted routes.
Then, configure another rule with a larger number in the same ACL and
specify the action permit in this rule to receive or advertise the other
routes.
Route filtering using a whitelist: Configure a rule with a smaller number
and specify the action permit in this rule to permit the routes to be received
or advertised by the system. Then, configure another rule with a larger
number in the same ACL and specify the action deny in this rule to filter
out unwanted routes.
– Based on the IP prefix: filter-policy ip-prefix ip-prefix-name import
l Filtering Routes Received from the Peers or Peer Groups
1. Run:
system-view
The filtering policy is configured for routes received from peers or peer groups.
----End
Prerequisites
Applying filters to received routes has been configured.
Procedure
l Run the display rip process-id route command to check information about the RIP routing
table.
l Run the display ospf [ process-id ] routing command to check information about the OSPF
routing table.
l Run the display isis [ process-id ] route command to check information about the ISIS
routing table.
l Run the display bgp routing-table command to check information about the BGP routing
table.
l Run the display ip routing-table command to check information about the public IPv4
routing table.
Run the display ip routing-table command on the neighboring router. You can find that
the routes that meet the matching rules set on the neighboring router are filtered or the
actions defined by the apply clauses are performed.
----End
Applicable Environment
After defining the filters including the IP prefix list, ACL, and Route-Policy related to the routing
policy, you need to import the filters to the protocols.
A link state protocol generates routes based on Link-State Databases (LSDBs). The
filter-policy does not affect Link State Advertisements (LSAs) or the integrity of
LSDBs. The commands of filter-policy import and filter-policy export are different.
To advertise routes, you can run the filter-policy export command on a device to control
whether the device advertises the routes imported by a specific routing protocol (such
as RIP) from other routing protocols. If the device has not imported any route in
Import mode, it will not add LSAs or Link State Protocol Data Units (LSPs)
corresponding to the imported routes to its LSDB. The device, however, can advertise
LSAs that carry the routing information discovered by the specific routing protocol
itself to other routers.
NOTE
l BGP has powerful filtering function. For details of BGP configuration, refer to BGP Configuration.
l You can run the filter-policy command and the import-route command with different parameters for
RIP, OSPF, IS-IS, and BGP. For details, refer to related configurations.
Pre-configuration Tasks
Before applying filters to advertised routes, complete the following tasks:
Data Preparation
To apply filters to advertised routes, you need the following data.
No. Data
Context
Perform the following steps on the router that runs RIP:
Procedure
Step 1 Run:
system-view
Step 2 Run:
rip [ process-id ]
----End
Context
Perform the following steps on the router that runs OSPF:
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospf [ process-id ]
----End
Context
Perform the following steps on the router that runs IS-IS:
Procedure
Step 1 Run:
system-view
Step 2 Run:
isis [ process-id ]
----End
Procedure
l Filtering the Advertised Routes
1. Run:
system-view
The filter-policy export commands of different protocols have different affect ranges on routes
advertisement:
l For the link state protocol, only the routes imported are filtered.
l For the DV protocol, the routes imported and the routes discovered by the protocols are
filtered.
l Filtering Routes Advertised to the Peers
Perform the following steps on the router that runs BGP:
1. Run:
system-view
The filtering policy is configured for routes advertised to the peers or peer groups.
----End
Prerequisites
Applying filters to advertised routes has been configured.
Procedure
l Run the display rip process-id route command to check information about the RIP routing
table.
l Run the display ospf [ process-id ] routing command to check information about the OSPF
routing table.
l Run the display isis [ process-id ] route command to check information about the ISIS
routing table.
l Run the display bgp routing-table command to check information about the BGP routing
table.
l Run the display ip routing-table command to check information about the public IPv4
routing table.
Run the display ip routing-table command on the neighboring router. You can find that
the routes that meet the matching rules set on the neighboring router are filtered or the
actions defined by the apply clauses are performed.
----End
Applicable Environment
After defining the filters including the IP prefix list, ACL, and Route-Policy related to the routing
policy, you need to import the filters to the protocols.
l BGP has powerful filtering functions. For details of BGP configuration, refer to BGP
Configuration.
l You can run the filter-policy command and the import-route command with different parameters for
RIP, OSPF, IS-IS, and BGP. For details, refer to related configurations.
Pre-configuration Tasks
Before applying filters to imported routes, complete the following tasks:
Data Preparation
To apply filters to imported routes, you need the following data.
No. Data
Context
Perform the following steps on the router that runs RIP:
Procedure
Step 1 Run:
system-view
Step 2 Run:
rip [ process-id ]
Step 3 Run:
import-route bgp [ cost { cost | transparent } | route-policy route-policy-name ]
* or import-route { { static | direct | unr } | { { rip | ospf | isis } [ process-
id ] } } [ cost cost | route-policy route-policy-name ] *
----End
Context
Perform the following steps on the router that runs OSPF:
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospf [ process-id ]
Step 3 Run:
import-route { limit limit-number | { bgp [ permit-ibgp ] | direct | unr | rip
[ process-id-rip ] | static | isis [ process-id-isis ] | ospf [ process-id-ospf ] }
[ cost cost | type type | tag tag | route-policy route-policy-name ] * }
----End
Context
Perform the following steps on the router that runs IS-IS:
Procedure
Step 1 Run:
system-view
Step 2 Run:
isis [ process-id ]
----End
Context
Perform the following steps on the router that runs BGP:
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
ipv4-family unicast
Step 4 Run:
import-route protocol [ process-id ] [ med med | route-policy route-policy-name ] *
----End
Prerequisites
Applying filters to imported routes has been configured.
Procedure
l Run the display rip process-id route command to check information about the RIP routing
table.
l Run the display ospf [ process-id ] routing command to check information about the OSPF
routing table.
l Run the display isis [ process-id ] route command to check information about the ISIS
routing table.
l Run the display bgp routing-table command to check information about the BGP routing
table.
l Run the display ip routing-table command to check information about the public IPv4
routing table.
Run the display ip routing-table command on the neighboring router. You can find that
the routes that meet the matching rules on the neighboring router are filtered or the actions
defined by the apply clauses are performed.
----End
Applicable Environment
In actual applications, when the configurations of multiple cooperative routing polices change,
the Routing Management Module (RM) immediately notifies related protocols to apply a new
routing policy, after the configuration of the routing policy is complete. An incomplete routing
policy causes route flapping, instability of the network, and a waste of time during packet
processing.
The NE80E/40E provides the following rules for processing changes of a routing policy:
l By default, the RM immediately notifies the protocol of applying the new policy when the
routing policy changes.
l If the valid time of the routing policy is configured, when the commands used to configure
the routing policy change, the RM does not notify various protocols of immediately
processing the changes. Instead, the RM waits for a certain period, and then notifies various
protocols of applying the changed routing policy.
l If the routing policy changes again during the waiting time, the RM resets the timer.
You can run related commands to set the waiting time as required.
Pre-configuration Tasks
None.
Data Preparation
To configure the valid time of the routing policy, you need the following data.
No. Data
Context
Perform the following steps on the router on which the delay for applying routing policy needs
to be changed:
Procedure
Step 1 Run:
system-view
Step 2 Run:
route-policy-change notify-delay delay-time
By default, the RM immediately notifies the protocol of applying the new policy when the routing
policy changes.
----End
Prerequisites
Controlling the valid time of the routing policy has been configured.
Procedure
l Run the display current-configuration | include notify-delay command to check the
delay for applying the routing policy.
----End
Example
Run the display current-configuration command. You can find the delay for applying the
routing policy. For example:
<HUAWEI> display current-configuration | include notify-delay
route-policy-change notify-delay 10
Context
NOTICE
The statistics of IP prefix lists and the number of routes which match or do not match the Route-
Policy cannot be restored after being cleared. Exercise caution when running this command.
By default, the statistics of IP prefix lists and the number of routes which match or do not match
the Route-Rolicy are not cleared.
Procedure
l Run reset ip ip-prefix [ ip-prefix-name ] command in the user view to clear the IPv4 prefix
list statistics.
l Run reset ip ipv6-prefix [ ipv6-prefix-name ] command in the user view to clear the IPv6
prefix list statistics.
l Run reset route-policy route-policy-name counters command in the user view to clear the
number of routes which match or do not match the Route-Rolicy.
----End
NOTE
This document takes interface numbers and link types of the NE40E-X8 as an example. In working
situations, the actual interface numbers and link types may be different from those used in this document.
Networking Requirements
As shown in Figure 10-1, in the network that runs OSPF, Router A receives routes from the
network, and provides some of these routes for Router B. Router A is required to provide only
172.1.17.0/24, 172.1.18.0/24 and 172.1.19.0/24 for Router B. Router C is required to receive
only172.1.18.0/24.Router D receives all the routes provided by Router B.
Figure 10-1 Networking diagram for filtering received and advertised routes
RouterC
POS3/0/0
172.1.16.0/24
POS1/0/0 192.168.2.1/24 172.1.17.0/24
192.168.2.2/24 POS1/0/0
192.168.1.2/24 172.1.18.0/24
POS1/0/0 172.1.19.0/24
POS1/0/0
192.168.3.2/24 RouterB 172.1.20.0/24
192.168.1.1/24
POS2/0/0 RouterA
192.168.3.1/24
RouterD OSPF
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Assign an IP address to each interface.
This example assumes that you know the configuration method and no details are provided here.
# Configure Router A.
[RouterA] ospf
[RouterA-ospf-1] area 0
[RouterA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[RouterA-ospf-1-area-0.0.0.0] quit
[RouterA-ospf-1] quit
# Configure Router B.
[RouterB] ospf
[RouterB-ospf-1] area 0
[RouterB-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[RouterB-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[RouterB-ospf-1-area-0.0.0.0] network 192.168.3.0 0.0.0.255
[RouterB-ospf-1-area-0.0.0.0] quit
[RouterB-ospf-1] quit
# Configure Router C.
[RouterC] ospf
[RouterC-ospf-1] area 0
[RouterC-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[RouterC-ospf-1-area-0.0.0.0] quit
[RouterC-ospf-1] quit
# Configure Router D.
[RouterD] ospf
[RouterD-ospf-1] area 0
[RouterD-ospf-1-area-0.0.0.0] network 192.168.3.0 0.0.0.255
[RouterD-ospf-1-area-0.0.0.0] quit
[RouterD-ospf-1] quit
Step 3 Configure five static routes on Router A and import these routes to OSPF.
[RouterA] ip route-static 172.1.16.0 24 NULL 0
[RouterA] ip route-static 172.1.17.0 24 NULL 0
[RouterA] ip route-static 172.1.18.0 24 NULL 0
[RouterA] ip route-static 172.1.19.0 24 NULL 0
[RouterA] ip route-static 172.1.20.0 24 NULL 0
[RouterA] ospf
[RouterA-ospf-1] import-route static
[RouterA-ospf-1] quit
# Check the IP routing table on Router B. You can view that the five static routes are imported
to OSPF.
[RouterB] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 16 Routes : 16
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
# Configure the policy for advertising routes on Router A and use the IP prefix list named a2b
to filter routes.
[RouterA] ospf
[RouterA-ospf-1] filter-policy ip-prefix a2b export static
# Check the IP routing table on Router B, and you can view the three routes received by Router
B from a2b.
[RouterB] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.1.17.0/24 O_ASE 150 1 D 192.168.1.1 Pos1/0/0
172.1.18.0/24 O_ASE 150 1 D 192.168.1.1 Pos1/0/0
172.1.19.0/24 O_ASE 150 1 D 192.168.1.1 Pos1/0/0
192.168.1.0/24 Direct 0 0 D 192.168.1.2 Pos1/0/0
192.168.1.1/32 Direct 0 0 D 192.168.1.1 Pos1/0/0
192.168.1.2/32 Direct 0 0 D 127.0.0.1 Pos1/0/0
192.168.2.0/24 Direct 0 0 D 192.168.2.1 Pos3/0/0
192.168.2.1/32 Direct 0 0 D 127.0.0.1 Pos3/0/0
192.168.2.2/32 Direct 0 0 D 192.168.2.2 Pos3/0/0
192.168.3.0/24 Direct 0 0 D 192.168.3.1 Pos2/0/0
192.168.3.1/32 Direct 0 0 D 127.0.0.1 Pos2/0/0
192.168.3.2/32 Direct 0 0 D 192.168.3.2 Pos2/0/0
# Configure the policy for receiving routes on Router C, and use IP prefix list named in to filter
routes.
[RouterC] ospf
[RouterC-ospf-1] filter-policy ip-prefix in import
# Check the IP routing table on Router C, and you can find that Router C in the local core routing
table receives only one route from the IP prefix list named in.
# Check the IP routing table on Router D, and you can find that Router D in the local core routing
table receives all the routes advertised by Router B.
[RouterD] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 10 Routes : 10
# Check the OSPF routing table of Router C. You can find that three routes defined by the IP
prefix list named a2b are in the OSPF routing table. In the link state protocol, you can run the
filter-policy import command to filter the routes that join the local core routing table from the
protocol routing table.
[RouterC] display ospf routing
Total Nets: 6
Intra Area: 3 Inter Area: 0 ASE: 3 NSSA: 0
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
interface Pos1/0/0
link-protocol ppp
ip address 192.168.1.1 255.255.255.0
#
ospf 1
filter-policy ip-prefix a2b export static
import-route static
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
ip ip-prefix a2b index 10 permit 172.1.17.0 24
ip ip-prefix a2b index 20 permit 172.1.18.0 24
ip ip-prefix a2b index 30 permit 172.1.19.0 24
#
ip route-static 172.1.16.0 255.255.255.0 NULL0
ip route-static 172.1.17.0 255.255.255.0 NULL0
ip route-static 172.1.18.0 255.255.255.0 NULL0
ip route-static 172.1.19.0 255.255.255.0 NULL0
ip route-static 172.1.20.0 255.255.255.0 NULL0
#
return
#
sysname RouterD
#
interface Pos1/0/0
link-protocol ppp
ip address 192.168.3.2 255.255.255.0
#
ospf 1
area 0.0.0.0
network 192.168.3.0 0.0.0.255
#
return
Networking Requirements
As shown in Figure 10-2, Router B exchanges routing information with Router A through OSPF
and with Router C through IS-IS.
Router B is required to import IS-IS routes into OSPF and to use the routing policy to set the
route attributes. The cost of the route 172.17.1.0/24 is set to 100, and the tag of the route
172.17.2.0/24 is set to 20.
Figure 10-2 Networking diagram of applying a routing policy for imported routes
RouterB IS-IS
POS1/0/0 POS2/0/0 GE1/0/0
OSPF
192.168.1.2/24 192.168.2.2/24 172.17.1.1/24
GE2/0/0
RouterA 172.17.2.1/24
POS1/0/0 POS4/0/0
GE3/0/0
192.168.1.1/24 192.168.2.1/24
RouterC 172.17.3.1/24
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
l The IS-IS level of Router C is Level-2. The system ID is ID 0000.0000.0001. The IS-IS
level of Router B is Level-2. The system ID is ID 0000.0000.0002. The area number of
Router B and Router C is 10.
l Router A and Router B are located in Area 0, that is, the backbone area.
l Configure the name of the filtering list and IP prefix list. The cost of the route 172.17.1.0/24
is 100. The tag of the route 172.17.2.0/24 is 20.
Procedure
Step 1 Assign an IP address to each interface.
This example assumes that you know the configuration method and no details are provided here.
Step 2 Configure IS-IS.
# Configure Router C.
[RouterC] isis
[RouterC-isis-1] is-level level-2
[RouterC-isis-1] network-entity 10.0000.0000.0001.00
[RouterC-isis-1] quit
[RouterC] interface pos 4/0/0
[RouterC-Pos4/0/0] isis enable
[RouterC-Pos4/0/0] quit
[RouterC] interface GigabitEthernet 1/0/0
[RouterC-GigabitEthernet1/0/0] isis enable
[RouterC-GigabitEthernet1/0/0] quit
[RouterC] interface GigabitEthernet 2/0/0
[RouterC-GigabitEthernet2/0/0] isis enable
[RouterC-GigabitEthernet2/0/0] quit
[RouterC] interface GigabitEthernet 3/0/0
[RouterC-GigabitEthernet3/0/0] isis enable
[RouterC-GigabitEthernet3/0/0] quit
# Configure Router B.
[RouterB] isis
[RouterB-isis-1] is-level level-2
[RouterB-isis-1] network-entity 10.0000.0000.0002.00
[RouterB-isis-1] quit
[RouterB] interface pos 2/0/0
[RouterB-Pos2/0/0] isis enable
[RouterB-Pos2/0/0] quit
# Check the OSPF routing table of Router A. You can view the imported routes.
[RouterA] display ospf routing
# Check the OSPF routing table of Router A. You can view the cost of the route with the
destination address as 172.17.1.0/24 is 100. The tag of the route with the destination address as
172.17.2.0/24 is 20. Other routing attributes do not change.
[RouterA] display ospf routing
OSPF Process 1 with Router ID 192.168.1.1
Routing Tables
Routing for Network
Destination Cost Type NextHop AdvRouter Area
192.168.1.0/24 1 Stub 192.168.1.1 192.168.1.1 0.0.0.0
Routing for ASEs
Destination Cost Type Tag NextHop AdvRouter
172.17.1.0/24 100 Type2 1 192.168.1.2 192.168.1.2
172.17.2.0/24 1 Type2 20 192.168.1.2 192.168.1.2
172.17.3.0/24 1 Type2 1 192.168.1.2 192.168.1.2
192.168.2.0/24 1 Type2 1 192.168.1.2 192.168.1.2
Total Nets: 5
Intra Area: 1 Inter Area: 0 ASE: 4 NSSA: 0
[RouterA]
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
interface Pos1/0/0
link-protocol ppp
ip address 192.168.1.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
return
11.1 Overview
This section describes the route monitoring group and its features supported by the NE80E/
40E.
11.1 Overview
This section describes the route monitoring group and its features supported by the NE80E/
40E.
11.1.1 Introduction
All monitored network-side routes of the same type can be added to a group called a route
monitoring group. Each route monitoring group is identified by a unique name.
A route monitoring group monitors the status of its member routes, each of which has a down-
weight. The down-weight sum of the route monitoring group changes with the number of routes
that are Down and indicates the link quality. If a route in the route monitoring group goes Down,
its down-weight is added to the down-weight sum of the route monitoring group. If a route in
the route monitoring group goes Up again, its down-weight is subtracted from the down-weight
sum of the route monitoring group.
Service modules can be associated with the route monitoring group, and a switchover threshold
can be configured for each service module to perform a primary/backup access-side link
switchover. If the down-weight sum of the route monitoring group reaches the switchover
threshold of a service module, the routing management (RM) module instructs the service
module to switch services from the primary link to the backup link. If the down-weight sum of
the route monitoring group falls below the threshold, the RM module instructs the service module
to switch services back.
If a service module is associated with a route monitoring group in a dual-device hot backup
scenario, services can be switched to the backup link if the primary link fails, therefore preventing
traffic overload or forwarding failures.
l If two routes in the route monitoring group go Down, the RM module instructs service
module D to switch services from the primary link to the backup link. If one more route
goes Down, the RM module instructs service module C to perform a primary/backup link
switchover. If five routes go Down, the RM module instructs service module B to perform
a primary/backup link switchover. If the number of routes that go Down reaches eight, the
RM module instructs service module A to perform a primary/backup link switchover.
l If the number of routes that are Down in the route monitoring group falls below eight, the
RM module instructs service module A to switch services back. If the number of routes
that are Down in the route monitoring group falls below five, the RM module instructs
service module B to switch services back. If the number of routes that are Down in the
route monitoring group falls below three, the RM module instructs service module C to
switch services back. If the number of routes that are Down in the route monitoring group
falls below two, the RM module instructs service module D to switch services back.
1 2 3 4 … ... 9 10
Network side
BRAS Trigger
Status management
Access side
Context
To improve network reliability, most carriers implement device-level redundancy by deploying
two devices. The two devices back up each other or share traffic load. If one of the devices fails,
the other device takes over services. Despite the benefit of enhanced network reliability, you
must dual-home other devices to the two devices, which may provoke link reliability and load
balancing issues.
As shown in Figure 11-2, BRAS 2 backs up BRAS 1. NPEs on the user side are dual-homed to
the two BRASs to load-balance traffic, and the two BRASs are connected to routers on the
network side.
l If the link between BRAS 1 and router A or between BARS 1 and router B fails, the link
bandwidth between BRAS 1 and the IP core network decreases. The NPEs, however, cannot
detect the link failure and keep sending packets to the IP core network through BRAS 1.
As a result, the other link between BRAS 1 and the IP core network may be overloaded.
l If the links between BRAS 1 and router A and between BARS 1 and router B both fail,
only the links between BRAS 2 and the IP core network are available. The NPEs, however,
cannot detect the link failure and keep sending packets to the IP core network through
BRAS 1. As a result, the packets are discarded.
IP Core
Router A Router B
Network side
......
BRAS 1 BRAS 2
Access side
......
Primary path
Backup path
To address the packet drop issue, deploy a route monitoring group on each BRAS, and add
network-side routes of the BRAS to the route monitoring group. If the down-weight sum of the
route monitoring group reaches the switchover threshold of a service module that is associated
with the group, the RM module instructs the service module to perform a primary/backup access-
side link switchover. This mechanism prevents traffic overload and service interruptions.
Data Preparation
To configure a route monitoring group, you need the following data.
No. Data
Procedure
Step 1 Run:
system-view
Step 2 Run:
ip route-monitor-group group-name
A route monitoring group is created, and the route monitoring group view is displayed.
Step 3 Run:
track ip route [ vpn-instance vpn-instance-name ] dest-address { mask | mask-
length } [ down-weight down-weight-value ]
To add multiple routes to the route monitoring group, repeat this step. A maximum of 16 routes
can be added to a route monitoring group.
A delay is configured after which the RM module instructs the service module to perform a link
switchback.
If a route in a route monitoring group goes Up, the RM module delivers this route to the
forwarding table and establishes a forwarding entry for it, which takes some time. Packet loss
may occur if the RM module instructs the service module to perform a link switchback
immediately when the down-weight sum of the route monitoring group falls below the
switchover threshold of the service module. To address this issue, run the trigger-up-delay
command to configure a delay after which the RM module instructs the service module to
perform a link switchback.
If the value of delay-value is set to 0, the RM module instructs the service module to perform a
link switchback immediately when the down-weight sum of the route monitoring group falls
below the threshold of the service module.
Step 5 Run:
monitor enable (route monitoring group view)
When a large number of routes are being added to or deleted from a route monitoring group, the
down-weight sum of the route monitoring group may change frequently, which in turn leads to
service flapping of the service modules associated with the route monitoring group. To prevent
such service flapping, run the undo monitor enable command to disable the route monitoring
group so that it is dissociated from all service modules. After the routes are added or deleted,
run the monitor enable command to re-associate the route monitoring group with all service
modules.
----End
Example
After configuring the route monitoring group, check the configurations.
l Run the display ip route-monitor-group [ group-name ] command to check information
about a route monitoring group or all route monitoring groups.
l Run the display ip route-monitor-group track-route [ vpn-instance vpn-instance-
name ] dest-address { mask | mask-length } command to check information about all route
monitoring groups to which a route has been added.
Run the display ip route-monitor-group command. The command output shows information
about all route monitoring groups.
<HUAWEI> display ip route-monitor-group
Route monitor group number : 2
Route monitor group Total weight Down weight State
uplink 20 20 Enabled
downlink 20 20 Enabled
Follow-up Procedure
In a dual-device hot backup scenario, you can also associate specified service modules with a
route monitoring group to protect specified services.
A Glossary
Access Control List A list that contains a group of rules that consist of rule { deny |
permit } statements. In firewall, ACL is applied to an interface of
a router. The router then decides which packets can be received or
be rejected. In QoS, ACL is used to classify traffic.
Area A logical set of network segments and devices. Areas are connected
through routers to form AS.
Area border router A router that can belong to more than two areas of which one area
(ABR) must be a backbone area.
AS Border Router A router that exchanges routing information with other ASs.
(ASBR)
Autonomous System A network set that uses the same routing policy and is managed by
the same technology administration department. Each AS has a
unique identifier that is an integer. The identifier is assigned by
IANA. An AS can be divided into areas.
Backbone Area An area that is responsible for routing between areas and forwarding
routing information of non-backbone areas.
Classless InterDomain To use IP address and mask to indicate network address and sub-
Routing network address. Through CIDR, routers can flexibly aggregate
routes. This reduces the size of the routing table.
Extended Community A list that identifies a community, which is divided into standard
Access List community access list and extended community access list.
Incremental SPF To recalculate the routes that change but not to recalculates all
routes.
Interior Gateway A routing protocol that runs in an AS, including RIP, OSPF.
Protocol (IGP)
Intra-Domain Router A router with all interfaces that belong to an OSPF area.
Multiprotocol Border A multiprotocol extension for BGP-4, which is also called BGP-4+.
Gateway Protocol MP-BGP is the extended protocol of BGP-4. MP-BGP can carry
both IPv4 unicast routing information and routing information of
other network protocols, such as multicast and IPv6.
NE80E/40E provides multiple types of MP-BGP applications,
including extension of multicast and the extension of BGP/MPLS
VPN.
Network Entity Title Network layer information of an IS itself. It excludes the transport
(NET) layer information (SEL = 0) and can be regarded as a special NSAP.
Network Service A network address defined by ISO, through which entities on the
Access Point (NSAP) network layer can access OSI network services.
Partial Route A type of route calculation that is similar to that of PRC. Only the
Calculation routes that change are calculated. Instead of calculating the node
path, PRC updates the leaf routes according to the SPT calculated
by I-SPF.
Poison Reverse A feature that RIP learns a route from the neighboring interface, sets
its cost to 16, and advertises it to the neighboring routers.
Split Horizon A feature that RIP does not send the route learned from the
neighboring interface back to its neighboring router.
Stub area A specific area in which ABRs do not transmit the routes outside the
AS.
Transmit area An area that provides an internal route of a non-backbone area for
both ends of a virtual link.
User Network Route When a user goes online through a Layer 2 device, such as a switch,
but there is no available Layer 3 interface and the user is assigned
an IP address, no dynamic routing protocol can be used. To enable
devices to use IP routes to forward the traffic of this user, use the
Huawei User Network Route (UNR) technology to assign a route to
forward the traffic of the user.
Virtual Link A logical channel that connects two ABRs through a non-backbone
area.
Virtual System The system, identified by an additional system ID, is used to generate
extended LSP fragments. These fragments carry the additional
system IDs in their LSP IDs
This appendix collates frequently used acronyms and abbreviations in this document.
CE Customer Edge
DD Database Description
DR Designated Router
GR Graceful Restart
ID Identification
IP Internet Protocol
MP Multilink PPP
PC Personal Computer
PE Provider Edge
RD Route Distinguisher
RM Routing Management
TE Traffic Engineering
UP User Plane
VT Virtual-Template