HP 5500 Ei 5500 Si Switch Series Configuration Guide
Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 1495
359
Step Command Remarks
3. Configure an interface to be a
C-RP for IPv6 PIM-SM. c-rp
ipv6-address [ { group-policy
acl6-number | scope scope-id } | priority
priority | holdtime hold-interval |
advertisement-interval adv-interval ] * No C-RPs are configured by
default.
4. Configure a legal C-RP
address range and the range
of IPv6 multicast groups to be
served. crp-policy
acl6-number Optional.
No restrictions by default.
Enabling embedded RP
With the embedded RP...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-1494.png "Page 1495
359
Step Command Remarks
3. Configure an interface to be a
C-RP for IPv6 PIM-SM. c-rp
ipv6-address [ { group-policy
acl6-number | scope scope-id } | priority
priority | holdtime hold-interval |
advertisement-interval adv-interval ] * No C-RPs are configured by
default.
4. Configure a legal C-RP
address range and the range
of IPv6 multicast groups to be
served. crp-policy
acl6-number Optional.
No restrictions by default.
Enabling embedded RP
With the embedded RP...")
355 prune timer state of all the routers on the path. A multi-access subnet can have the state-refresh capability only if the state-refresh capability is enabled on all IPv6 PIM routers on the subnet. To enable the state-refresh capability: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Enable the state-refresh capability. pim ipv6 state-refresh-capable Optional. Enabled by default. Configuring state refresh parameters The router directly connected with the multicast source periodically sends state-refresh messages. You can configure the interval for sending such messages. A router might receive multiple state-refresh messages within a short time. Some messages might be duplicated messages. To keep a router from receiv ing such duplicated messages, you can configure the time that the router must wait before receiving the next state-refresh message. If the router receives a new state-refresh message within the waiting time, it discards it. If this timer times out, the router will accept a new state-refresh message, refresh its own IPv6 PIM-DM state, and reset the waiting timer. The hop limit value of a state-refresh message decrements by 1 whenever it passes a router before it is forwarded to the downstream node until the hop limit value comes down to 0. In a small network, a state-refresh message might cycle in the network. To control the propagation scope of state-refresh messages, you must configure an appropriate hop limit value based on the network size. Perform the following configurations on all routers in the IPv6 PIM domain. To configure state-refresh parameters: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IPv6 PIM view. pim ipv6 N/A 3. Configure the interval between state-refresh messages. state-refresh-interval interval Optional. 60 seconds by default. 4. Configure the time to wait before receiving a new state-refresh message. state-refresh-rate-limit interval Optional. 30 seconds by default. 5. Configure the hop limit value of state-refresh messages. state-refresh-hoplimit hoplimit-value Optional. 255 by default. Configuring IPv6 PIM-DM graft retry period In IPv6 PIM-DM, graft is the only type of message that uses the acknowledgment mechanism. In an IPv6 PIM-DM domain, if a router does not receive a graf t-ack message from the upstream router within the specified time after it sends a graft message, th e router keeps sending new graft messages at a
356 configurable interval (namely, graft retry period) until it receives a graft-ack message from the upstream router. To configure the IPv6 PIM-DM graft retry period: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Configure the graft retry period. pim ipv6 timer graft-retry interval Optional. 3 seconds by default. For more information about the configuration of other timers in IPv6 PIM-DM, see Configuring IPv6 PIM common timer s . Configuring IPv6 PIM-SM IPv6 PIM-SM configuration task list Task Remarks Enabling IPv6 PIM-SM Required. Configuring an RP Configuring a static RP Required. Use any a pproach. Configuring a C-RP Enabling embedded RP Configuring C-RP timers globally Optional. Configuring a BSR Configuring a C-BSR Required. Configuring an IPv6 PIM domain border Optional. Configuring C-BSR parameters globally Optional. Configuring C-BSR timers Optional. Disabling BSM semantic fragmentation Optional. Configuring IPv6 administrative scoping Enabling IPv6 administrative scoping Optional. Configuring an IPv6 admin-scope zone boundary Optional. Configuring C-BSRs for IPv6 admin-scope zones Optional. Configuring IPv6 multicast source registration Optional. Disabling SPT switchover Optional. Configuring IPv6 PIM common features Optional. Configuration prerequisites Before you configure IPv6 PIM-SM, complete the following tasks:
357 • Enable IPv6 forwarding and configure an IPv6 unic ast routing protocol so that all devices in the domain are interoperable at the network layer. • Determine the IP address of a static RP and the ACL rule defining the range of IPv6 multicast groups to be served by the static RP. • Determine the C-RP priority and the ACL rule defi ning the range of IPv6 multicast groups to be served by each C-RP. • Determine the legal C-RP address range and the ACL rule defining the range of IPv6 multicast groups to be served. • Determine the C-RP-Adv interval. • Determine the C-RP timeout. • Determine the C-BSR priority. • Determine the hash mask length. • Determine the IPv6 ACL rule defining a legal BSR address range. • Determine the BS period. • Determine the BS timeout. • Determine the IPv6 ACL rule for register message filtering. • Determine the register suppression time. • Determine the register probe time. • Determine the IPv6 ACL rule and sequencing rule for disabling an SPT switchover. Enabling IPv6 PIM-SM With IPv6 PIM-SM enabled, a router sends hello mess ages periodically to discover IPv6 PIM neighbors and processes messages from the IPv6 PIM neighbors. When you deploy an IPv6 PIM-SM domain, enable IPv6 PIM-SM on all non-border interfaces of the routers. IMPORTANT: All the interfaces of the same device mu st operate in the same IPv6 PIM mode. To enable IPv6 PIM-SM: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable IPv6 multicast routing. multicast ipv6 routing-enable Disabled by default. 3. Enter interface view. interface interface-type interface-number N/A 4. Enable IPv6 PIM-SM. pim ipv6 sm Disabled by default. For more information about the multicast ipv6 routing-enable command, see IP Multicast Command Reference . Configuring an RP An RP can be manually configured or dynamically elected through the BSR mechanism. For a large IPv6 PIM network, static RP configuration is a tedious job. Generally, static RP configuration is just a backup
358 method for the dynamic RP election mechanism to enhance the robustness and operation manageability of a multicast network. IMPORTANT: In an IPv6 PIM network, if both IPv6 PIM-SM and IPv6 BIDIR-PIM are enabled, do not confi gure the same RP to serve IPv6 PIM-SM and IPv6 BIDIR-PIM simultan eously to avoid IPv6 PIM routing table errors. Configuring a static RP If only one dynamic RP exists in a network, manually configuring a static RP can avoid communication interruption because of single-point failures. It can also avoid frequent message exchange between C-RPs and the BSR. IMPORTANT: To enable a static RP to work normally, you must perf orm this configuration on all routers in the IPv6 PIM-SM domain and specify the same RP address. Perform the following configuration on all the routers in the IPv6 PIM-SM domain. To configure a static RP: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IPv6 PIM view. pim ipv6 N/A 3. Configure a static RP for IPv6 PIM-SM. static-rp ipv6-rp-address [ acl6-number ] [ preferred ] No static RP by default. Configuring a C-RP In an IPv6 PIM-SM domain, you can configure routers that intend to become the RP as C-RPs. The BSR collects the C-RP information by receiving the C-RP-Adv messages from C-RPs or auto-RP announcements from other routers and organizes the information into an RP-set, which is flooded throughout the entire network. Then, the other routers in the network calculate the mappings between specific group ranges and the corresponding RPs based on the RP-set. HP recommends that you configure C-RPs on backbone routers. To guard against C-RP spoofing, you need to configure a legal C-RP address range and the range of IPv6 multicast groups to be served on the BSR. In additi on, because every C-BSR has a chance to become the BSR, you need to configure the same filtering poli cy on all C-BSRs in the IPv6 PIM-SM domain. When you configure a C-RP, ensure a relatively large bandwidth between this C-RP and the other devices in the IPv6 PIM-SM domain. An RP can serve multiple IPv6 multicast groups or all IPv6 multicast groups. Only one RP can forward IPv6 multicast traffic for an IPv6 multicast group at a moment. To configure a C-RP: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IPv6 PIM view. pim ipv6 N/A
359
Step Command Remarks
3. Configure an interface to be a
C-RP for IPv6 PIM-SM. c-rp
ipv6-address [ { group-policy
acl6-number | scope scope-id } | priority
priority | holdtime hold-interval |
advertisement-interval adv-interval ] * No C-RPs are configured by
default.
4. Configure a legal C-RP
address range and the range
of IPv6 multicast groups to be
served. crp-policy
acl6-number Optional.
No restrictions by default.
Enabling embedded RP
With the embedded RP feature enabled, the router can resolve the RP address directly from the IPv6
multicast group address of an IPv6 multicast packets. This RP can replace the statically configured RP or
the RP dynamically calculated based on the BSR mechan i s m. Th e re fo re, t h e D R d o e s n o t n e e d t o i d e n t i f y
the RP address beforehand.
Perform this configuration on all routers in the IPv6 PIM-SM domain.
To enable embedded RP:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter IPv6 PIM view.
pim ipv6 N/A
3. Enable embedded RP.
embedded-rp [ acl6-number ]
Optional.
By default, embedded RP is enabled for IPv6
multicast groups in the default embedded RP
address scopes.
NOTE:
The default embedded RP address scopes are FF7x ::/12 and FFFx::/12. Here x refers to any legal
address scope. For more information about the Scope field, see Multicast overview.
Configuring C-RP timers globally
To enable the BSR to distribute the RP-set information within the IPv6 PIM-SM domain, C-RPs must
periodically send C-RP-Adv messages to the BSR. The BSR obtains the RP-set information from the
received messages, and encapsulates its own IPv6 addr ess together with the RP-set information in its
bootstrap messages. The BSR then fl oods the bootstrap messages to all IPv6 routers in the network.
Each C-RP encapsulates a timeout value in its C-RP -Adv messages. After receiving a C-RP-Adv message,
the BSR obtains this timeout value and starts a C-RP ti meout timer. If the BSR fails to obtain a subsequent
C-RP-Adv message from the C-RP when the timer times out, the BSR assumes the C-RP to have expired or
become unreachable.
You must configure the C-RP timers on C-RP routers.
To configure C-RP timers globally:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter IPv6 PIM view.
pim ipv6 N/A
360
Step Command Remarks
3. Configure the C-RP-Adv
interval. c-rp
advertisement-interval interval Optional.
60 seconds by default.
4. Configure C-RP timeout time.
c-rp holdtime interval
Optional.
150 seconds by default.
For more information about the configuratio n of other timers in IPv6 PIM-SM, see Configuring IPv6 PIM
common timer
s .
Configuring a BSR
Configuration guidelines
Before you configure a BSR, make sure that you are familiar with BSR election process, BSR legal address
against BSR spoofing, IPv6 PIM domain border, glo bal C-BSR parameters, C-BSR timers, and bootstrap
message fragments (BSMFs).
• BSR election process
A n I P v 6 P I M - S M d o m a i n c a n h a v e o n l y o n e B S R , b u t m u s t h a v e a t l e a s t o n e C - B S R . A n y r o u t e r c a n
be configured as a C-BSR. Elected from C-BS Rs, the BSR is responsible for collecting and
advertising RP information in the IPv6 PIM-SM domain.
You should configure C-BSRs on routers in the backbone network. When you configure a router as
a C-BSR, be sure to specify the IPv6 address of an IPv6 PIM-SM-enabled interface on the router.
The BSR election process is as follows:
a. Initially, every C-BSR assumes itself to be the BSR of this IPv6 PIM-SM domain and uses its
interface IPv6 address as the BSR addr ess to send bootstrap messages.
b. When a C-BSR receives the bootstrap message of another C-BSR, it first compares its own
priority with the other C-BSR’s priority carried in the message. The C-BSR with a higher priority
wins. If a tie exists in the priority, the C-BSR with a higher IPv6 address wins. The loser uses the
winner’s BSR address to replace its own BSR addres s and no longer assumes itself to be the
BSR, and the winner keeps its own BSR address and continues assuming itself to be the BSR.
• BSR legal address against BSR spoofing
Configuring a legal range of BS R addresses enables filtering of bootstrap messages based on the
address range, thereby preventing a maliciously co nfigured host from masquerading as a BSR.
You must make the same configuration on all ro uters in the IPv6 PIM-SM domain. Typical BSR
spoofing cases and the corr esponding preventive measures are as follows:
{ Some maliciously configured hosts can forge boot strap messages to fool routers and change RP
mappings. Such attacks often occur on border routers. Because a BSR is inside the network
whereas hosts are outside the network, you can protect a BSR against attacks from external
hosts by enabling the border routers to perfor m neighbor checks and RPF checks on bootstrap
messages and to discard unwanted messages.
{ If an attacker controls a router in the network or if the network contains an illegal router, the
attacker can configure this router as a C-BSR an d make it win BSR election to control the right
of advertising RP information in the network. After you configure a router as a C-BSR, the router
automatically floods the network with bootstra p messages. Because a bootstrap message has
a hop limit value of 1, the whole network will not be affected as long as the neighbor router
discards these bootstrap messages. Therefore, with a legal BSR address range configured on
361
all routers in the entire network, all these routers will discard bootstrap messages from out of the
legal address range.
These preventive measures can partially protect the security of BSRs in a network. However, if an
attacker controls a legal BSR, the problem will still occur.
Because a large amount of information needs to be exchanged between a BSR and the other
devices in the IPv6 PIM-SM doma in, a relatively large bandwidth should be provided between the
C-BSR and the other devices in the IPv6 PIM-SM domain.
• IPv6 PIM domain border
As the administrative core of an IPv6 PIM-SM domain, the BSR sends the collected RP-set
information in the form of bootstrap messages to all routers in the IPv6 PIM-SM domain.
An IPv6 PIM domain border is a bootstrap messa ge boundary. Each BSR has its specific service
scope. IPv6 PIM domain border interfaces partition a network into different IPv6 PIM-SM domains.
Bootstrap messages cannot cross a doma in border in either direction.
• C-BSR parameters
In each IPv6 PIM-SM domain, a unique BSR is elected from C-BSRs. The C-RPs in the IPv6 PIM-SM
domain send advertisement messages to the BSR. The BSR summarizes the advertisement
messages to form an RP-set and advertises it to all routers in the IPv6 PIM-SM domain. All the
routers use the same hash algorithm to get the RP address that corresponds to specific IPv6
multicast groups.
• C-BSR timers
The BSR election winner multicasts its own IPv6 address and RP-Set information throughout the
region that it serves through bootstrap messag es. The BSR floods bootstrap messages throughout
the network at the interval of the BS (BSR stat e) period. Any C-BSR that receives a bootstrap
message retains the RP-set for the length of BS time out, during which no BSR election occurs. If no
bootstrap message is received from the BSR be fore the BS timeout timer expires, a new BSR
election process begins among the C-BSRs.
About the BS period:
{ By default, the BS period is determined by the formula BS period = (BS timeout – 10) / 2. The
default BS timeout is 130 seconds, so the default BS period = (130 – 10) / 2 = 60 (seconds).
{ If this parameter is manually configured, the system will use the configured value.
About the BS timeout timer:
{ By default, the BS timeout value is determined by the formula BS timeout timer = BS period ×
2 + 10. The default BS period is 60 seconds, so the default BS timeout timer = 60 × 2 + 10
= 130 (seconds).
{ If this parameter is manually configured, the system will use the configured value.
In the configuration, make sure that the BS pe riod is smaller than the BS timeout value.
• Bootstrap message fragments (BSMFs)
Generally, a BSR periodically distributes the RP-s et information in bootstrap messages within the
IPv6 PIM-SM domain. It encapsulates a BSM in an IPv6 datagram and might split the datagram
into fragments if the message exceeds the maximum tr ansmission unit (MTU). In respect of such IP
fragmentation, loss of a single IP fragment le ads to unavailability of the entire message.
Semantic fragmentation of BSMs can solve this issu e. When a BSM exceeds the MTU, it is split to
multiple bootstrap message fragments (BSMFs).
{ After receiving a BSMF that contains the RP-set information of one group range, a non-BSR
router updates corresponding RP -set information directly.
362
{ If the RP-set information of one group range is carried in multiple BSMFs, a non-BSR router
updates corresponding RP-set information after receiving all these BSMFs.
Because the RP-set information contained in each segment is different, loss of some IP fragments
will not result in dropping of the entire message.
The function of BSM semantic fragmentation is en abled by default. Devices not supporting this
function might deem a fragment as an entire mess age and learn only part of the RP-set information.
Therefore, if such devices exist in the IPv6 PIM-SM domain, you need to disable the semantic
fragmentation function on the C-BSRs.
Generally, a BSR performs BSM semantic fragmentat ion according to the MTU of its BSR interface.
However, the semantic fragmentation of BSMs orig inated because of learning of a new IPv6 PIM
neighbor is performed according to the MTU of the outgoing interface.
Configuring a C-BSR
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter IPv6 PIM view.
pim ipv6 N/A
3. Configure an interface as a
C-BSR. c-bsr
ipv6-address
[ hash-length [ priority ] ] No C-BSRs are configured by default.
4. Configure a legal BSR
address range. bsr-policy
acl6-number Optional.
No restrictions by default.
Configuring an IPv6 PIM domain border
Perform the following configuration on routers that you want to configure as an IPv6 PIM domain border.
To configure an IPv6 PIM border domain:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter interface view. interface
interface-type
interface-number N/A
3.
Configure an IPv6 PIM
domain border. pim ipv6 bsr-boundary No IPv6 PIM domain border is
configured by default.
Configuring C-BSR parameters globally
Perform the following configuration on C-BSR routers.
To configure C-BSR parameters globally:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter IPv6 PIM view.
pim ipv6 N/A
3. Configure the hash mask
length. c-bsr hash-length
hash-length Optional.
126 by default.
363 Step Command Remarks 4. Configure the C-BSR priority. c-bsr priority priority Optional. 64 by default. Configuring C-BSR timers Perform the following configuration on C-BSR routers. To c o n fig u re C - BS R t i me rs : Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IPv6 PIM view. pim ipv6 N/A 3. Configure the BS period. c-bsr interval interval Optional. For the default value, see the note after this table. 4. Configure the BS timeout timer. c-bsr holdtime interval Optional. For the default value, see the note after this table. Disabling BSM semantic fragmentation To disable the BSM semantic fragmentation function: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IPv6 PIM view. pim ipv6 N/A 3. Disable the BSM semantic fragmentation function. undo bsm-fragment enable By default, the BSM semantic fragmentation function is enabled. Configuring IPv6 administrative scoping With IPv6 administrative scoping disabled, an IP v6 PIM-SM domain has only one BSR. The BSR manages the whole network. To manage your network more effectively and specifically, you can partition the IPv6 PIM-SM domain into multiple IP v6 admin-scope zones. Each IPv6 admin-scope zone maintains a BSR, which serves a specific IPv6 multicast group range. The IPv6 global scope zone also maintains a BSR, which serves the IPv6 multicast groups with the Scope field in the group addresses being 14. Enabling IPv6 administrative scoping Before you configure an IPv6 admin-scope zone, you must enable IPv6 administrative scoping. Perform the following configuration on all routers in the IPv6 PIM-SM domain. To enable IPv6 administrative scoping: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IPv6 PIM view. pim ipv6 N/A
364
Step Command Remarks
3. Enable IPv6 administrative
scoping. c-bsr admin-scope
Disabled by default
Configuring an IPv6 admin-scope zone boundary
The boundary of each IPv6 admin-scope zone is fo rmed by ZBRs. Each admin-scope zone maintains a
BSR, which serves multicast groups with a specific Scope field in their group addresses. Multicast
protocol packets (such as assert messages and bootstrap messages) that belong to this range cannot
cross the admin-scope zone boundary.
Perform the following configuration on routers that you want to configure as a ZBR.
To configure an IPv6 admin-scope zone boundary:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type interface-number N/A
3. Configure an IPv6
multicast forwarding
boundary. multicast ipv6 boundary
{
ipv6-group-address prefix-length | scope
{ scope-id | admin-local | global |
organization-local | site-local } } By default, no multicast forwarding
boundary is configured.
For more information about the multicast ipv6 boundary command, see IP Multicast Command
Reference .
Configuring C-BSRs for IPv6 admin-scope zones
In a network with IPv6 administrative scoping enabled, BSRs are elected from C-BSRs specific to different
Scope field values. The C-RPs in the network send advertisement messages to the specific BSR. The BSR
summarizes the advertisement messages to form an RP-set and advertises it to all routers in the specific
admin-scope zone. All the routers use the same hash algorithm to get the RP address corresponding to
the specific IPv6 multicast group.
You can configure the hash mask length and C-BSR priority globally and in an IPv6 admin-scope zone.
• The values configured in the IPv6 admin-scope zo ne have preference over the global values.
• If you do not configure these parameters in the IPv6 admin-scope zone, the corresponding global
values will be used.
For configuration of global C-BSR parameters, see Configuring C-BSR parameters globally.
P
erform the following configuration on the routers that you want to configure as C-BSRs in IPv6
admin-scope zones.
To configure a C-BSR for an IPv6 admin-scope zone:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter IPv6 PIM view.
pim ipv6 N/A
3. Configure a C-BSR for an
IPv6 admin-scope zone. c-bsr
scope { scope-id | admin-local |
global | organization-local | site-local }
[ hash-length hash-length | priority
priority ] * No C-BSRs are configured for an
IPv6 admin-scope zone by default.