Home > HP > Printer > HP 5500 Ei 5500 Si Switch Series Configuration Guide

HP 5500 Ei 5500 Si Switch Series Configuration Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual HP 5500 Ei 5500 Si Switch Series Configuration Guide. The HP manuals for Printer are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 1081

    Page 1081 392 VPN-IPv4 address Traditional BGP cannot process overlapping VPN routes. If, for example, both VPN 1 and VPN 2 use addresses on the segment 10.110.10.0/24 and each advertise a route to the segment, BGP selects only one of them, which results in the loss of the other route. PEs use MP-BGP to advertise VPN routes and use VPN-IPv4 address family to solve the problem with traditional BGP. A VPN-IPv4 address consists of 12 bytes. The first eight bytes represent the RD, followed by a four-byte... 
     392 
VPN-IPv4 address 
Traditional BGP cannot process overlapping VPN routes. If, for example, both VPN 1 and VPN 2 use 
addresses on the segment 10.110.10.0/24 and each advertise a route to the segment, BGP selects only 
one of them, which results in the loss of the other route.  
PEs use MP-BGP to advertise VPN routes and use VPN-IPv4 address family to solve the problem with 
traditional BGP. 
A VPN-IPv4 address consists of 12 bytes. The first eight bytes represent the RD, followed by a four-byte...

    Page 1082

    Page 1082 393 • Expor t targ et at tri bute : A l o c al PE sets thi s t ype of route targ et at tri bute for VP N - I P v4 routes le arne d from directly connected sites before advertising them to other PEs. • Import target attribute: A PE checks the export ta rget attribute of VPN -IPv4 routes advertised by other PEs. If the export target attribute matches the import target attribute of the VPN instance, the PE adds the routes to the VPN routing table. In other words, route target attributes... 
     393 
•  Expor t targ et at tri bute : A  l o c al  PE sets  thi s t ype  of  route  targ et at tri bute for  VP N - I P v4  routes  le arne d 
from directly connected sites before advertising them to other PEs. 
•   Import target attribute: A PE checks the export ta rget attribute of VPN -IPv4 routes advertised by 
other PEs. If the export target attribute matches the import target attribute of the VPN instance, the 
PE adds the routes to the VPN routing table. 
In other words, route target attributes...

    Page 1083

    Page 1083 394 Figure 128 Network diagram for the MCE function On the left-side network, there are two VPN sites, both of which are connected to the MPLS backbone through the MCE device. VPN 1 and VPN 2 on the left-side network must establish a tunnel with VPN 1 and VPN 2 on the right-side network, respectively. With MCE enabled, routing tables can be created for VPN 1 and VPN 2 individually, VLAN-interface 2 can be bound to VPN 1, and VLAN-interface 3 can be bound to VPN 2. When receiving a piece of... 
     394 
Figure 128 Network diagram for the MCE function 
 
 
On the left-side network, there are two VPN sites, both of which are connected to the MPLS backbone 
through the MCE device. VPN 1 and VPN 2 on the left-side network must establish a tunnel with VPN 1 
and VPN 2 on the right-side network, respectively. 
With MCE enabled, routing tables can be created for VPN 1 and VPN 2 individually, VLAN-interface 2 
can be bound to VPN 1, and VLAN-interface 3 can be bound to VPN 2. When receiving a piece of...

    Page 1084

    Page 1084 395 Static routes An MCE can communicate with a site through static routes. As static routes configured for traditional CEs take effect globally, address overlapping between mu ltiple VPNs remains a problem until the emergence of MCE. MCE allows static-route-to-VPN-instance bind ing, which isolates the static routes of different VPNs. RIP The switch can bind RIP processes to VPN instances. With these bindings on the MCE, private network routes of different VPNs can be exchanged betwee n MCE and... 
     395 
Static routes 
An MCE can communicate with a site through static routes. As static routes configured for traditional CEs 
take effect globally, address overlapping between mu ltiple VPNs remains a problem until the emergence 
of MCE. MCE allows static-route-to-VPN-instance bind ing, which isolates the static routes of different 
VPNs.  
RIP 
The switch can bind RIP processes to VPN instances. With these bindings on the MCE, private network 
routes of different VPNs can be exchanged betwee n MCE and...

    Page 1085

    Page 1085 396 information can be transmitted by performing relatively simple configurations between MCE and PE, such as importing the VPN routing entries on MCE devices to the routing table of the routing protocol running between MCE and PEs. The following routing protocols can be used be tween MCE and PE devices for routing formation exchange: • Static route • RIP • OSPF • IS-IS • IBGP • EBGP Configuring an MCE Configuring VPN instances Configuring VPN instances is required in all MCE... 
     396 
information can be transmitted by performing relatively simple configurations between MCE and PE, 
such as importing the VPN routing entries on MCE devices to the routing table of the routing protocol 
running between MCE and PEs.  
The following routing protocols can be used be tween MCE and PE devices for routing formation 
exchange:  
•   Static route 
•   RIP 
•   OSPF 
•   IS-IS 
•   IBGP 
•   EBGP 
Configuring an MCE 
Configuring VPN instances 
Configuring VPN instances is required in all MCE...

    Page 1086

    Page 1086 397 You can add a management Ethernet interface on the switch to a VPN so that the IP address of the interface only participates in the route calculation of the specified VPN. After creating and configuring a VPN instance, you associate the VPN instance with the interface for connecting different VPN sites. To associate a VPN instance with an interface: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A... 
     397 
You can add a management Ethernet interface on the switch to a VPN so that the IP address of the 
interface only participates in the route calculation of the specified VPN. 
After creating and configuring a VPN instance, you  associate the VPN instance with the interface for 
connecting different VPN sites.  
To associate a VPN instance with an interface: 
 
Step Command Remarks 
1.   Enter system view. 
system-view  N/A 
2.  Enter interface view.  interface 
interface-type 
interface-number   N/A...

    Page 1087

    Page 1087 398 Step Command Remarks 5. Configure the maximum number of routes for the VPN instance. routing-table limit number { warn-threshold | simply-alert } Optional. Not configured by default. Setting the maximum number of routes for a VPN instance to support is for preventing too many routes from being redistributed into the PE. 6. Apply an import routing policy to the current VPN instance. import route-policy route-policy Optional. By default, all routes permitted by the... 
     398 
Step Command Remarks 
5.  Configure the maximum 
number of routes for the VPN 
instance.   routing-table
 limit  number  
{  warn-threshold  | simply-alert  }  Optional. 
Not configured by default. 
Setting the maximum number of 
routes for a VPN instance to 
support is for preventing too many 
routes from being redistributed into 
the PE. 
6.
  Apply an import routing 
policy to the current VPN 
instance.   import route-policy route-policy
 Optional. 
By default, all routes permitted by 
the...

    Page 1088

    Page 1088 399 To configure static routing between MCE and VPN site: Step Command Remarks 1. Enter system view. system-view N/A 2. Configure a static route for a VPN instance. • ip route-static dest-address { mask | mask-length } { gateway-address | interface-type interface-number [ gateway-address ] | vpn-instance d-vpn-instance-name gateway-address } [ preference preference-value ] [ tag tag-value ] [ description description-text ] • ip route-static vpn-instance... 
     399 
To configure static routing between MCE and VPN site:  
Step Command Remarks 
1.  Enter system view. 
system-view  N/A 
2.  Configure a static route 
for a VPN instance. 
• ip  route-static  dest-address  { mask | mask-length  } 
{  gateway-address  | interface-type 
interface-number [ gateway-address  ] | 
vpn-instance  d-vpn-instance-name 
gateway-address  } [ preference preference-value  ] 
[ tag  tag-value  ] [ description  description-text  ] 
• ip route-static  vpn-instance...

    Page 1089

    Page 1089 400 By configuring OSPF process-to-VPN instance bindings on a MCE, you allow routes of different VPNs to be exchanged between the MCE and the sites through different OSPF processes, ensuring the separation and security of VPN routes. An OSPF process can belong to only one VPN instance, but one VPN instance can use multiple OSPF processes to advertise the VPN routes. An OSPF process that is bound with a VPN instance do es not use the public network router ID configured in system view. Therefore,... 
     400 
By configuring OSPF process-to-VPN instance bindings on a MCE, you allow routes of different VPNs to 
be exchanged between the MCE and the sites through different OSPF processes, ensuring the separation 
and security of VPN routes. 
An OSPF process can belong to only one VPN instance, but one VPN instance can use multiple OSPF 
processes to advertise the VPN routes. 
An OSPF process that is bound with a VPN instance do es not use the public network router ID configured 
in system view. Therefore,...

    Page 1090

    Page 1090 401 Step Command Remarks 4. Redistribute remote site routes advertised by the PE. import-route { isis [ process-id ] | ospf [ process-id ] | rip [ process-id ] | bgp [ allow-ibgp ] | direct | static } [ cost cost | cost-type { external | internal } | [ level-1 | level-1-2 | level-2 ] | route-policy route-policy-name | tag tag ] * Optional. By default, IS-IS does not redistribute routes of any other routing protocol. If you do not specify the route level in the... 
     401 
Step Command Remarks 
4.  Redistribute remote site routes 
advertised by the PE.  import-route { isis
 [ process-id ] |  
ospf  [ process-id  ] | rip  
[  process-id  ] |  bgp  [ allow-ibgp  ] | 
direct |  static } [ cost  cost  | 
cost-type  { external |  internal } | 
[ level-1  | level-1-2  | level-2  ] | 
route-policy  route-policy-name  | 
tag  tag  ] *  Optional. 
By default, IS-IS does not 
redistribute routes of any other 
routing protocol. 
If you do not specify the route level 
in the...
    Start reading HP 5500 Ei 5500 Si Switch Series Configuration Guide

    Related Manuals for HP 5500 Ei 5500 Si Switch Series Configuration Guide

    All HP manuals