HP 5500 Ei 5500 Si Switch Series Configuration Guide
Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 1376
240
You can use the display msdp brief command to display MSDP peers on a switch. For example,
display brief information about MSDP peers on Switch B.
[SwitchB] display msdp brief
MSDP Peer Brief Information of VPN-Instance: public net
Configured Up Listen Connect Shutdown Down \
1 1 0 0 0 0
Peers Address State Up/Down time AS SA Count Reset Cou\
nt
192.168.1.1 Up 00:07:17...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-1375.png "Page 1376
240
You can use the display msdp brief command to display MSDP peers on a switch. For example,
display brief information about MSDP peers on Switch B.
[SwitchB] display msdp brief
MSDP Peer Brief Information of VPN-Instance: public net
Configured Up Listen Connect Shutdown Down \
1 1 0 0 0 0
Peers Address State Up/Down time AS SA Count Reset Cou\
nt
192.168.1.1 Up 00:07:17...")
245 Figure 67 Network diagram As shown in Figure 67, Switch A works as an MLD snooping proxy. As a host from the perspective of the querier Router A, Switch A represents its attached hosts to send their membership reports and done messages to Router A. Tabl e 8 de scribes how an MLD snooping proxy processes MLD messages. Table 8 MLD message processing on an MLD snooping proxy MLD messa ge Actions General query When receiving an MLD general query, the pro xy forwards it to all ports but the receiving port. In addition, the proxy generates a report according to the group memberships that it maintains and sends the report out of all router ports. Multicast-addres s-specific query In response to the MLD group-specific query for a certain IPv6 multicast group, the proxy sends the report to the group out of all router ports if the forwarding entry for the group still contains a member port. Report When receiving a report for an IPv6 multicast group, the proxy looks up the multicast forwarding table for the entry for the multicast group. • If a forwarding entry matches the IPv6 multicast group, and contains the receiving port as a dynamic member port, the proxy restarts the aging timer for the port. • If a forwarding entry matches the IPv6 multicast group but does not contain the receiving port, the proxy adds the port to the forwarding entry as a dynamic member port and starts an aging timer for the port. • If no forwarding entry matches the IPv6 multicast group, the proxy creates a forwarding entry for the group, adds the receiving port to the forwarding entry as a dynamic member port, and starts an aging timer for the port. Then, the switch sends the report to the group out of all router ports. Done In response to a done message for an IPv6 multicast group, the proxy sends a multicast-address-specific query for the group out of the receiving port. After making sure that no member port is contained in the forwarding entry for the IPv6 multicast group, the proxy sends a done message for the group out of all router ports.
246 Protocols and standards RFC 4541, Considerations for Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Snooping Switches MLD snooping configuration task list Task Remarks Configuring basic MLD snooping functions Enabling MLD snooping Required Specifying the version of MLD snooping Optional Configuring IPv6 static multicast MAC address entries Optional Configuring MLD snooping port functions Configuring aging timers for dynamic ports Optional Configuring static ports Optional Configuring a port as a simulated member host Optional Enabling fast-leave processing Optional Disabling a port from becoming a dynamic router port Optional Configuring MLD snooping querier Enabling MLD snooping querier Optional Configuring parameters for MLD queries and responses Optional Configuring the source IPv6 addresses for MLD queries Optional Configuring MLD snooping proxying Enabling MLD snooping proxying Optional Configuring the source IPv6 addresses for the MLD messages sent by the proxy Optional Configuring an MLD snooping policy Configuring an IPv6 multicast group filter Optional Configuring IPv6 multicast source port filtering Optional Enabling dropping unknown IPv6 multicast data Optional Configuring MLD report suppression Optional Setting the maximum number of multicast groups that a port can join Optional Enabling IPv6 multicast group replacement Optional Setting the 802.1p precedence for MLD messages Optional Configuring an IPv6 multicast user control policy Optional Enabling the MLD snooping host tracking function Optional Setting the DSCP value for MLD messages Optional For the configuration tasks in this section: • In MLD-snooping view, configurations that you make are effective in all VLANs . In VLAN view, configurations that you make are effective only on the ports that belong to the current VLAN. For a given VLAN, a configuration that you make in MLD-snooping view is effective only if you do not make the same configuration in VLAN view.
247 • In MLD-snooping view, configurations that you make are effective on all ports. In Layer 2 Ethernet interface view or Layer 2 aggregate interface view, configurations that you make are effective only on the current port. In port group view, configurations that you make are effective on all ports in only the current port group. For a given port, a configuration that you make in MLD-snooping view is effective only if you do not make the same configuration in Layer 2 Ethernet interface view, Layer 2 aggregate interface view, or port group view. • For MLD snooping, configurations that you make on a Layer 2 aggregate interface do not interfere with those made on its member ports, nor do they participate in aggregation calculations. Configurations that you make on a member port of the aggregate group will not take effect until the port leaves the aggregate group. Configuring basic MLD snooping functions Configuration prerequisites Before you configure basic MLD snooping functions, complete the following tasks: • Enable IPv6 forwarding. • Configure the corresponding VLANs. • Determine the version of MLD snooping. Enabling MLD snooping Configuration guidelines • You must enable MLD snooping globally before you enable it for a VLAN. • After you enable MLD snooping for a VLAN, you cannot enable MLD or IPv6 PIM on the corresponding VLAN interface, and vice versa. • MLD snooping for a VLAN works only on the ports in this VLAN. Configuration procedure To enable MLD snooping: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable MLD snooping globally and enter MLD-snooping view. mld-snooping Disabled by default 3. Return to system view. quit N/A 4. Enter VLAN view. vlan vlan-id N/A 5. Enable MLD snooping for the VLAN. mld-snooping enable Disabled by default
248 Specifying the version of MLD snooping Configuration guidelines Different versions of MLD snooping can process different versions of MLD messages: • MLDv1 snooping can process MLDv1 messages, but flood MLDv2 messages in the VLAN instead of processing them. • MLDv2 snooping can process MLDv1 and MLDv2 messages. If you change MLDv2 snooping to MLDv1 snooping, the system clears all MLD snooping forwarding entries that are dynamically created, and also does the following: • Keeps static MLDv2 snooping forwarding entries (*, G). • Clears static MLDv2 snooping forwarding entries (S, G), which will be restored when MLDv1 snooping is changed back to MLDv2 snooping. For more information about static joining, see Configuring static ports. Configuration procedure To specify the version of MLD snooping: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter VLAN view. vlan vlan-id N/A 3. Specify the version of MLD snooping. mld-snooping version version-number Version 1 by default Configuring IPv6 static multicast MAC address entries In Layer-2 multicast, a Layer-2 IPv6 multicast protoc ol (such as, MLD snooping) can dynamically add IPv6 multicast MAC address entries. Or, you can manually configure IPv6 multicast MAC address entries. Configuration guidelines The configuration that you make in system view is effective on the specified interfaces. The configuration that you make in interface view or port group view is effective only on the current interface or interfaces in the current port group. Any legal IPv6 multicast MAC address except 3333-xxxx-xxxx (where x represents a hexadecimal number from 0 to F) can be manually added to the MAC address table. IPv6 multicast MAC addresses are the MAC addresses whose the least significant bit of the most significant octet is 1. Configuration procedure To configure an IPv6 static multicast MAC address entry in system view: Step Command Remarks 1. Enter system view. system-view N/A 2. Configure a static multicast MAC address entry. mac-address multicast mac-address interface interface-list vlan vlan-id No static multicast MAC address entries exist by default.
249 To configure an IPv6 static multicast MAC address entry in interface view: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter Layer 2 Ethernet interface view, Layer 2 aggregate interface view, or port group view. • Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view: interface interface-type interface-number • Enter port group view: port-group manual port-group-name In Ethernet interface view or Layer 2 aggregate interface view, the configuration is effective on only the current interface. In port group view, the configuration is effective on all ports in the port group. 3. Configure a static multicast MAC address entry. mac-address multicast mac-address vlan vlan-id No static multicast MAC address entries exist by default. For more information about the mac-address multicast command, see IP Multicast Command Reference. Configuring MLD snooping port functions Configuration prerequisites Before you configure MLD snooping port functions, complete the following tasks: • Enable MLD snooping in the VLAN. • Configure the corresponding port groups. • Determine the aging time of dynamic router ports. • Determine the aging time of dynamic member ports. • Determine the IPv6 multicast group and IPv6 multicast source addresses. Configuring aging timers for dynamic ports If a switch receives no MLD general queries or IPv6 PIM hello messages on a dynamic router port when the aging timer of the port expires, the switch removes the port from the router port list. If the switch receives no MLD reports for an IPv6 multicast group on a dynamic member port when the aging timer of the port expires, the switch removes the port from the forwarding entry for the IPv6 multicast group. If the memberships of IPv6 multicast groups change frequently, you can set a relatively small value for the aging timer of the dynamic member ports. If the memb erships of IPv6 multicast groups change rarely, you can set a relatively large value. Setting the global aging timers for dynamic ports Step Command Remarks 1. Enter system view. system-view N/A 2. Enter MLD-snooping view. mld-snooping N/A 3. Set the global aging timer for dynamic router ports. router-aging-time interval 260 seconds by default
250 Step Command Remarks 4. Set the global aging timer for dynamic member ports. host-aging-time interval 260 seconds by default Setting the aging timers for the dynamic ports in a VLAN Step Command Remarks 1. Enter system view. system-view N/A 2. Enter VLAN view. vlan vlan-id N/A 3. Set the aging timer for the dynamic router ports. mld-snooping router-aging-time interval 260 seconds by default 4. Set the aging timer for the dynamic member ports. mld-snooping host-aging-time interval 260 seconds by default Configuring static ports Configuration guidelines If all hosts attached to a port are interested in the IPv6 multicast data addressed to a particular IPv6 multicast group, configure the port as a static member port for that IPv6 multicast group. You can configure a port as a static router port, th rough which the switch can forward all IPv6 multicast data that it received. A static member port does not respond to queries fr om the M L D querier; when you c onfig u re a p or t as a static member port or cancel this configuration on the port, the port does not send an unsolicited MLD report or an MLD done message. Static member ports and static router ports neve r age out. To remove such a port, you use the corresponding undo command. Configuration procedure To configure static ports: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter Layer 2 Ethernet interface view, Layer 2 aggregate interface view, or port group view. • Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view: interface interface-type interface-number • Enter port group view: port-group manual port-group-name Use either command. 3. Configure the port as a static member port. mld-snooping static-group ipv6-group-address [ source-ip ipv6-source-address ] vlan vlan-id No static member ports exist by default.
251 Step Command Remarks 4. Configure the port as a static router port. mld-snooping static-router-port vlan vlan-id No static router ports exist by default. Configuring a port as a simulated member host Generally, a host that runs MLD can respond to MLD queries. If a host fails to respond, the multicast router might deem that the IPv6 multicast group has no members on the subnet, and removes the corresponding forwarding path. To avoid this situation, you can configure a port on the switch as a simulated member host for an IPv6 multicast group. A simulated host is equivalent to an independent host. For example, when a simulated member host receives an MLD query, it gives a response separately. Therefore, the switch can continue receiving IPv6 multicast data. A simulated host acts like a real host in the following ways: • When a port is configured as a simulated member host, the switch sends an unsolicited MLD report through the port, and can respond to MLD genera l queries with MLD reports through the port. • When the simulated joining configuration is cancel ed on the port, the switch sends an MLD done message through that port. To configure a port as a simulated member host: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter Layer 2 Ethernet interface view, Layer 2 aggregate interface view, port group view. • Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view: interface interface-type interface-number • Enter port group view: port-group manual port-group-name Use either command. 3. Configure the port as a simulated member host. mld-snooping host-join ipv6-group-address [ source-ip ipv6-source-address ] vlan vlan-id Not configured by default. NOTE: Unlike a static member port, a port that you configur e as a simulated member host ages out like a dynamic member port. Enabling fast-leave processing The fast-leave processing feature enables the switch to process MLD done messages quickly. After the fast-leave processing feature is enabled, when the switch receives an MLD done message on a port, it immediately removes that port from the forwarding entry for the multicast group specified in the message. Then, when the switch receives MLD multicast-address-specific queries for that multicast group, it does not forward them to that port.
252 On a port that has only one host attached, you can enable fast-leave processing to save bandwidth and resources. However, on a port that has multiple hosts attached, you should not enable fast-leave processing if you have enabled dropping unknown IPv6 multicast data globally or for the port. O t h e r wi s e, i f a h o s t o n t h e p o r t l e ave s a n I P v 6 m u l t ic as t g ro u p, t h e o t h e r h o s t s a t t a ch e d t o t h e p o r t i n t h e same IPv6 multicast group cannot receive the IPv6 multicast data for the group. Enabling fast-leave processing globally Step Command Remarks 1. Enter system view. system-view N/A 2. Enter MLD-snooping view. mld-snooping N/A 3. Enable fast-leave processing. fast-leave [ vlan vlan-list ] Disabled by default Enabling fast-leave processing on a port Step Command Remarks 1. Enter system view. system-view N/A 2. Enter Layer 2 Ethernet interface view, Layer 2 aggregate interface view, or port group view. • Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view: interface interface-type interface-number • Enter port group view: port-group manual port-group-name Use either command. 3. Enable fast-leave processing. mld-snooping fast-leave [ vlan vlan-list ] Disabled by default. Disabling a port from becoming a dynamic router port The following problems exist in a multicast access network: • After receiving an MLD general query or IPv6 PI M hello message from a connected host, a router port becomes a dynamic router port. Before its timer expires, this dynamic router port receives all multicast packets within the VLAN where the port be longs, and forwards them to the host, affecting normal multicast reception of the host. • In addition, the MLD general query and IPv6 PIM hello message that the host sends affects the multicast routing protocol state on Layer 3 devices, such as the MLD querier or DR election, and might further cause network interruption. To solve these problems, disable that router port from becoming a dynamic router port after the port re c e i ve s a n M L D g e n e r a l q u e r y o r I P v 6 P I M h e l l o m e s s a g e, s o a s t o i m p ro ve n e t w o r k s e cu r i t y a n d c o n t ro l over multicast users. To disable a port from becoming a dynamic router port: Step Command Remarks 1. Enter system view. system-view N/A
253 Step Command Remarks 2. Enter Layer 2 Ethernet interface view, Layer 2 aggregate interface view, or port group view. • Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view: interface interface-type interface-number • Enter port group view: port-group manual port-group-name Use either command. 3. Disable the port from becoming a dynamic router port. mld-snooping router-port-deny [ vlan vlan-list ] By default, a port can become a dynamic router port. NOTE: This configuration does not affect the static router port configuration. Configuring MLD snooping querier Configuration prerequisites Before you configure MLD snooping querier, complete the following tasks: • Enable MLD snooping in the VLAN. • Determine the MLD general query interval. • Determine the MLD last-member query interval. • Determine the maximum response time for MLD general queries. • Determine the source IPv6 address of MLD general queries. • Determine the source IPv6 address of MLD multicast-address-specific queries. Enabling MLD snooping querier In an IPv6 multicast network that runs MLD, a multicast router or Layer 3 multicast switch sends MLD queries, so that all Layer 3 multicast devices can establish and maintain multicast forwarding entries, in order to forward multicast traffic correctly at the networ k layer. This router or Layer 3 switch is called the MLD querier. For more information about MLD querier, see Configuring MLD (available only on the HP 5 500 EI) . However, a Layer 2 multicast switch does not support MLD. Therefore, it cannot send MLD general queries by default. When you enable MLD snooping querier on a Layer 2 switch in a VLAN where multicast traffic is switched only at Layer 2 and no Layer 3 multicast devices are present, the Layer 2 switch sends MLD queries, so that multicast forwar ding entries can be created and maintained at the data link layer. IMPORTANT: It is meaningless to configure an MLD snooping quer ier in an IPv6 multicast network that runs MLD. Although an MLD snooping querier does not participate in MLD querier elections, it might affect MLD querier elections because it sends MLD genera l queries with a low source IPv6 address.
254 To enable the MLD snooping querier: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter VLAN view. vlan vlan-id N/A 3. Enable the MLD snooping querier. mld-snooping querier Disabled by default Configuring parameters for MLD queries and responses Configuration guidelines You can modify the MLD general query interval based on the actual condition of the network. A multicast listening host starts a timer for each IPv6 multicast group that it has joined when it receives an MLD query (general query or multicast-address-specific query). This timer is initialized to a random value in the range of 0 to the maximum response delay advertised in the MLD query message. When the timer value decreases to 0, the host sends an MLD report to the IPv6 multicast group. To speed up the response of hosts to MLD queries and avoid simultaneous timer expirations causing MLD report traffic bursts, you must properly set the maximum response delay. • The maximum response delay for MLD general queries is set by the max-response-time command. • The maximum response delay for MLD multicast-address-specific queries equals the MLD last-listener query interval. In the configuration, make sure that the interval for sending MLD general queries is greater than the maximum response delay for MLD general queries. Otherwise, undesired deletion of IPv6 multicast members might occur. Configuration procedure To configure MLD queries and responses globally: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter MLD-snooping view. mld-snooping N/A 3. Set the maximum response delay for MLD general queries. max-response-time interval 10 seconds by default 4. Set the MLD last-member query interval. last-listener-query-interval interval 1 second by default To configure the parameters for MLD queries and responses in a VLAN Step Command Remarks 1. Enter system view. system-view N/A 2. Enter VLAN view. vlan vlan-id N/A 3. Set the MLD query interval. mld-snooping query-interval interval 125 seconds by default