HP 5500 Ei 5500 Si Switch Series Configuration Guide
Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 586
104
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type interface-number N/A
3. Enable the interface to forward
directed broadcasts. ip forward-broadcast
[ acl acl-number ] Disabled by default
Configuration example
Network requirements
As shown in Figure 49 , the host’s interface and VLAN-interface 3 of the switch are on the same network
s e g m e n t ( 1.1.1. 0 / 2 4 ) . V L A N - i n t e r f a c e 2 o f S w i t c h...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-585.png "Page 586
104
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type interface-number N/A
3. Enable the interface to forward
directed broadcasts. ip forward-broadcast
[ acl acl-number ] Disabled by default
Configuration example
Network requirements
As shown in Figure 49 , the host’s interface and VLAN-interface 3 of the switch are on the same network
s e g m e n t ( 1.1.1. 0 / 2 4 ) . V L A N - i n t e r f a c e 2 o f S w i t c h...")
![Page 590
108
Step Command Remarks
3. Enable sending of ICMP timeout packets. ip ttl-expires enable Disabled by default
4. Enable sending of ICMP destination
unreachable packets. ip unreachables enable
Disabled by default
Displaying and maintaining IP performance
optimization
Task Command Remarks
Display TCP connection statistics. display tcp statistics
[ | { begin | exclude |
include } regular-expression ] Available in any view
Display UDP statistics. display udp statistics
[ | {...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-589.png "Page 590
108
Step Command Remarks
3. Enable sending of ICMP timeout packets. ip ttl-expires enable Disabled by default
4. Enable sending of ICMP destination
unreachable packets. ip unreachables enable
Disabled by default
Displaying and maintaining IP performance
optimization
Task Command Remarks
Display TCP connection statistics. display tcp statistics
[ | { begin | exclude |
include } regular-expression ] Available in any view
Display UDP statistics. display udp statistics
[ | {...")
![Page 593
111
# Enable Switch A to receive directed broadcasts.
system-view
[SwitchA] ip forward-broadcast
# Enable UDP helper.
[SwitchA] udp-helper enable
# Enable the forwarding broadcast packets with the UDP destination port 55.
[SwitchA] udp-helper port 55
# Specify the destination server 10.2.1.1 on VLAN-interface 1 in public network.
[SwitchA] interface vlan-interface 1
[SwitchA-Vlan-interface1] ip address 10.110.1.1 16
[SwitchA-Vlan-interface1] udp-helper server 10.2.1.1](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-592.png "Page 593
111
# Enable Switch A to receive directed broadcasts.
system-view
[SwitchA] ip forward-broadcast
# Enable UDP helper.
[SwitchA] udp-helper enable
# Enable the forwarding broadcast packets with the UDP destination port 55.
[SwitchA] udp-helper port 55
# Specify the destination server 10.2.1.1 on VLAN-interface 1 in public network.
[SwitchA] interface vlan-interface 1
[SwitchA-Vlan-interface1] ip address 10.110.1.1 16
[SwitchA-Vlan-interface1] udp-helper server 10.2.1.1")
109 Configuring UDP helper Only the HP 5500 EI switches support configuring UDP helper on Layer 3 Ethernet interfaces. The term interface in this chapter refers to Layer 3 interfaces, including VLAN interfaces and route-mode (or Layer 3) Ethernet ports. You can set an Ethernet port to operate in route mode by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide ). Overview UDP helper functions as a relay agent that conver ts UDP broadcast packets into unicast packets and forwards them to a specified destination server. Th is is helpful when a host cannot obtain network configuration information or request device names thro ugh broadcasting because the server or host to be requested is located on another broadcast domain. With UDP helper enabled, a device decides whether to forward a received UDP broadcast packet according to the UDP destination port number of the packet. • If the destination port number of the packet matches the one pre-configured on the device, the device modifies the destination IP address in th e IP header, and then sends the packet to the specified destination server. • If the destination port number of the packet does not match the one pre-configured on the device, the device sends the packet to the upper layer protocol for processing. Configuration restrictions and guidelines • The receiving of directed broadcasts to a directly connected network is disabled by default on the switch. As a result, UDP helper is available only when the ip forward-broadcast command is configured in system view. For more information about reception and forwarding of directed broadcasts to a directly connected network, se e Configuring IP performance optimization. • A UDP helper enabled device must not forward DHCP broadcast packets that use destination port 67 or 68. Therefore, the UDP port numbers set with the udp-helper port command must not include 67 or 68. • You can specify a port number or the corresponding parameter for a UDP port to forward packets. For example, udp-helper port 53 and udp-helper port dns specify the same UDP port number. • The configuration of all UDP ports is removed if you disable UDP helper. • You can configure up to 256 UDP port numbers to enable the forwarding of packets with these UDP port numbers. • You can configure up to 20 destination servers on an interface. Configuration procedure To configure UDP helper: Step Command Remarks 1. Enter system view. system-view N/A
110
Step Command Remarks
2. Enable UDP helper.
udp-helper enable Disabled by default.
3. Enable the forwarding of
packets with the specified
UDP destination port
number(s). udp-helper port
{ port-number | dns |
netbios-ds | netbios-ns | tacacs | tftp
| time } No UDP port number is specified
by default.
4.
Enter interface view. interface
interface-type
interface-number N/A
5.
Specify the destination server
to which UDP packets are to
be forwarded. udp-helper server
ip-address No destination server is
specified by default.
Displaying and maintaining UDP helper
Task Command Remarks
Displays information about
forwarded UDP packets. display udp-helper server
[ interface
interface-type interface-number ] [ | { begin
| exclude | include } regular-expression ] Available in any view
Clear statistics about packets
forwarded.
reset udp-helper packet
Available in user view
UDP helper configuration example
Network requirements
As shown in Figure 50, the IP address of VLAN-interface 1 of Switch A is 10.1 1 0 .1.1 / 16 , a n d t h e i n t e r f a c e
connects to the subnet 10.1 10.0.0/16.
Configure UDP helper to forward broadcast packets with UDP destination port number 55 and
destination IP address 255.255.255.255 or 10.1 10.255.255 to the destination server 10.2.1.1/16 in
public network.
Figure 50 Network diagram
Configuration procedure
Verify that a route from Switch A to the subnet 10.2.0.0/16 is available.
IP network
Vlan-int1
10.110.1.1/16 Vlan-int1
10.2.1.1/16
Switch A Switch BServer
111 # Enable Switch A to receive directed broadcasts. system-view [SwitchA] ip forward-broadcast # Enable UDP helper. [SwitchA] udp-helper enable # Enable the forwarding broadcast packets with the UDP destination port 55. [SwitchA] udp-helper port 55 # Specify the destination server 10.2.1.1 on VLAN-interface 1 in public network. [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] ip address 10.110.1.1 16 [SwitchA-Vlan-interface1] udp-helper server 10.2.1.1
112 Configuring IPv6 basics Only the HP 5500 EI switches support configuring IPv6 basics on Layer 3 Ethernet interfaces. The term interface in this chapter refers to Layer 3 interfaces, including VLAN interfaces and route-mode (or Layer 3) Ethernet ports. You can set an Ethernet port to operate in route mode by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide ). Overview Internet Protocol Version 6 (IPv6), also called IP next generation (IPng), was designed by the Internet Engineering Task Force (IETF) as the successor to Internet Protocol version 4 (IPv4). The significant difference between IPv6 and IPv4 is that IPv6 increases the IP address size from 32 bits to 128 bits. IPv6 features Header format simplification IPv6 removes several IPv4 header fields or moves them to the IPv6 extension headers to reduce the length of the basic IPv6 packet header. The basic IPv6 packet header has a fixed length of 40 bytes to simplify IPv6 packet handling and to improve forwarding effi ciency. Although IPv6 address size is four times larger than IPv4 address size, the basic IPv6 packet header size is only twice the size of the option-less IPv4 packet header. Figure 51 IPv4 packet header format and bas ic IPv6 packet header format Larger address space The source and destination IPv6 addresses are 128 bits (or 16 bytes) long. IPv6 can provide 3.4 x 1038 addresses to meet the requirements of hierarchical address division and the allocation of public and private addresses.
113 Hierarchical address structure IPv6 uses hierarchical address structure to speed up route lookups and reduce the IPv6 routing table size through route aggregation. Address autoconfiguration To simplify host configuration, IPv6 supports stateful and stateless address autoconfiguration. • Stateful address autoconfiguration enables a host to acquire an IPv6 address and other configuration information from a server (for example, a DHCP server). • Stateless address autoconfiguration enables a host to automatically generate an IPv6 address and other configuration information by using its link-layer address and the prefix information advertised by a router. To communicate with other hosts on the same link, a host automatically generates a link-local address based on its link-layer address and the link-local address prefix (FE80::/10). Built-in security IPv6 defines extension headers to support IPsec. IPsec provides end-to-end security for network security solutions and enhances interoperability among different IPv6 applications. QoS support The Flow Label field in the IPv6 header allows the device to label the packets and facilitates the special handling of a flow. Enhanced neighbor discovery mechanism The IPv6 neighbor discovery protocol is implemen ted through a group of Internet Control Message Protocol version 6 (ICMPv6) messages to manage the information exchange among neighboring nodes o n t h e s a me l i n k. Th e g rou p of I C M P v 6 mess a g e s re places Address Resolution Protocol (ARP) messages, Internet Control Message Protocol version 4 (ICMPv4) Router Discovery messages, and ICMPv4 Redirect messages and provides a series of other functions. Flexible extension headers IPv6 eliminates the Options field in the header and introduces optional extension headers to provide scalability and improve efficiency. The Options field in the IPv4 packet header contains a maximum of 40 bytes, whereas the IPv6 extension headers are restricted to the maximum size of IPv6 packets only. IPv6 addresses IPv6 address format An IPv6 address is represented as a set of 16-bit hexadecimals separated by colons. An IPv6 address is divided into eight groups, and each 16-bit group is represented by four hexadecimal numbers, for example, 2001:0000:130F:0000:0000:09C0:876A:130B. To simplify the representation of IPv6 addresses, you can handle zeros in IPv6 addresses by using the following methods: • The leading zeros in each group can be removed. For example, the previous address can be represented in a shorter format as 2001:0:130F:0:0:9C0:876A:130B. • If an IPv6 address contains two or more consecut ive groups of zeros, they can be replaced by a double colon (::). For example, the previous addres s can be represented in the shortest format as 2001:0:130F::9C0:876A:130B.
114 A double colon may appear once or not at all in an IPv6 address. This limit allows the device to determine how many zeros the double colon represen ts, and correctly convert it to zeros to restore a 128-bit IPv6 address. An IPv6 address consists of an address prefix and an interface ID, both of which are equivalent to the network ID and the host ID of an IPv4 address, respectively. An IPv6 address prefix is written in IPv6-address/prefix-length notation where the IPv6-address is represented in any of the formats previously mentioned and the prefix-length is a decimal number indicating how many leftmost bits of the IPv6 address comprises the address prefix. IPv6 address types IPv6 addresses fall into the following types: • Unicast address —An identifier for a single interface, simi lar to an IPv4 unicast address. A packet sent to a unicast address is delivered to the interface identified by that address. • Multicast address —An identifier for a set of interfaces (typically belonging to different nodes), similar to an IPv4 multicast address. A packet se nt to a multicast address is delivered to all interfaces identified by that address. • Anycast address —An identifier for a set of interfaces (t ypically belonging to different nodes). A packet sent to an anycast address is delivered to th e nearest one of the interfaces identified by that address. The nearest interface is chosen according to the routing protocols measure of distance. NOTE: There are no broadcast addresses in IPv6. Their function is replaced by multicast addresses. The type of an IPv6 address is designated by the first several bits, the format prefix. Tabl e 6 lists the mappings between address types and format prefixes. Table 6 Mappings between address type s and format prefixes T ype Format prefix (binary) IPv6 prefix ID Unicast address Unspecified address 00...0 (128 bits) ::/128 Loopback address 00...1 (128 bits) ::1/128 Link-local address 1111111010 FE80::/10 Site-local address 1111111011 FEC0::/10 Global unicast address Other forms N/A Multicast address 11111111 FF00::/8 Anycast address Anycast addresses use the unicast address space and have the identical structure of unicast addresses. Unicast addresses Unicast addresses comprise global unicast addresses, link-local unicast addresses, site-local unicast addresses, the loopback address, and the unspecified address. • Global unicast addresses, equivalent to public IPv4 addresses, are provided for network service providers. This type of address allows efficient prefix aggregation to restrict the number of global routing entries.
115 • Link-local addresses are used for communication among link-local nodes for neighbor discovery and stateless autoconfiguration. Packets with li nk-local source or destination addresses are not forwarded to other links. • Site-local unicast addresses are similar to private IP v4 addresses. Packets with site-local source or destination addresses are not forwarded out of the local site (or a private network). • A loopback address is 0:0:0:0:0:0:0:1 (or ::1). It cannot be assigned to any physical interface and can be used by a node to send an IPv6 packet to itself in the same way as the loopback address in IPv4. • An unspecified address is 0:0:0:0:0:0:0:0 (or ::). It cannot be assigned to any node. Before acquiring a valid IPv6 address, a node fills this address in the source address field of IPv6 packets. The unspecified address cannot be used as a destination IPv6 address. Multicast addresses IPv6 multicast addresses listed in Tabl e 7 are reserved for special purposes. Table 7 Reserved IPv6 multicast addresses Address Application FF01::1 Node-local scope all-nodes multicast address FF02::1 Link-local scope all-nodes multicast address FF01::2 Node-local scope all-routers multicast address FF02::2 Link-local scope all-routers multicast address FF05::2 Site-local scope all-routers multicast address Multicast addresses also include solicited-node addr esses. A node uses a solicited-node multicast address to acquire the link-layer address of a neighborin g node on the same link and to detect duplicate addresses. Each IPv6 unicast or anycast address has a corresponding solicited-node address. The format of a solicited-node multicast address is: FF02:0:0:0:0:1:FFXX:XXXX where FF02:0:0:0:0:1:FF is fixed and consists of 104 bits, and XX:XXXX is the last 24 bits of an IPv6 unicast address or anycast address. EUI-64 address-based interface identifiers An interface identifier is 64 bits and uniq uely identifies an interface on a link. Interfaces generate EUI-64 address-based interface identifiers differently. • On an IEEE 802 interface (such as a VLAN interface) The interface identifier is derived from the li nk-layer address (typically a MAC address) of the interface. The MAC address is 48 bits long. To obtain an EUI-64 address-based interface identifier, you must insert the hexadecimal number FFFE (16 bits of 1111111111111110) into the MAC address (behind the 24th high-order bit), and set the universal/local (U/L) bit (which is the seventh high-order bit) to 1, to make sure that the obtained EUI-64 address-based interface identifier is globally unique. Figure 52 shows how an EUI-64 address-based interfa ce identifier is generated from a MAC address.
116 Figure 52 Converting a MAC address into an EUI-64 address-based interface identifier • On a tunnel interface The lower 32 bits of the EUI-64 address-based interf ace identifier are the source IPv4 address of the tunnel interface. The higher 32 bits of the EUI-64 address-based interface identifier of an ISATAP tunnel interface are 0000:5EFE, whereas those of other tunnel interfaces are all zeros. For more information about tunnels, see Configuring tunneling. • On an interface of another type The EUI-64 address-based interface identifier is generated randomly by the device. IPv6 neighbor discovery protocol The IPv6 Neighbor Discovery (ND) protocol uses five types of ICMPv6 messages to implement the following functions: • Address resolution • Neighbor reachability detection • Duplicate address detection • Router/prefix discovery and address autoconfiguration • Redirection Table 8 ICMPv6 mess ages used by ND ICMPv6 messa ge Type Function Neighbor Solicitation (NS) message 135 Acquires the link-layer address of a neighbor. Verifies whether a neighbor is reachable. Detects duplicate addresses. Neighbor Advertisement (NA) message 136 Responds to an NS message. Notifies the neighboring nodes of link layer changes. Router Solicitation (RS) message 133 Requests an address prefix and ot her configuration information for autoconfiguration after startup. Router Advertisement (RA) message 134 Responds to an RS message. Advertises information such as the Prefix Information options and flag bits. Redirect message 137 Informs the source host of a better next hop on the path to a particular destination when certain conditions are satisfied.
117 Address resolution This function is similar to the ARP function in IPv4. An IPv6 node acquires the link-layer addresses of neighboring nodes on the same link through NS and NA message exchanges. Figure 53 sh ows how Host A acquires the link-layer address of Host B on a single link. Figure 53 Address resolution The address resolution operates in the following steps: 1. Host A multicasts an NS message. The source addr ess of the NS message is the IPv6 address of the sending interface of Host A and the destination address is the solicited-node multicast address of Host B. The NS message contains the link-layer address of Host A. 2. After receiving the NS message, Host B determines whether the destination address of the packet is its solicited-node multicast addr ess. If yes, Host B learns the link-layer address of Host A, and then unicasts an NA message co ntaining its link-layer address. 3. Host A acquires the link-layer addre ss of Host B from the NA message. Neighbor reachability detection After Host A acquires the link-layer address of its neighbor Host B, Host A can use NS and NA messages to check whether Host B is reachable. 1. Host A sends an NS message whose destinat ion address is the IPv6 address of Host B. 2. I f H o s t A r e c e i v e s a n N A m e s s a g e f r o m H o s t B , H o st A decides that Host B is reachable. Otherwise, Host B is unreachable. Duplicate address detection After Host A acquires an IPv6 address, it performs Duplicate Address Detection (DAD) to check whether the address is being used by any other node (similar to the gratuitous ARP function in IPv4). DAD is accomplished through NS and NA message exchanges. Figure 54 sh ows the DAD process. Figure 54 Duplicate address detection
118 1. Host A sends an NS message whose source address is the unspecified address and whose destination address is the corresponding solicited- node multicast address of the IPv6 address to be detected. The NS message co ntains the IPv6 address. 2. If Host B uses this IPv6 address, Host B returns an NA message. The NA message contains the IPv6 address of Host B. 3. Host A learns that the IPv6 address is being used by Host B after receiving the NA message from Host B. If receiving no NA message, Host A decide s that the IPv6 address is not in use and uses this address. Router/prefix discovery and address autoconfiguration Router/prefix discovery enables a node to locate the neighboring routers and to learn from the received RA message configuration parameters such as the prefix of the network where the node is located. Stateless address autoconfiguration enables a node to generate an IPv6 address automatically according to the information obtained through router/prefix discovery. Router/prefix discovery is implemented through RS and RA messages in the following steps: 1. At startup, a node sends an RS message to re quest the address prefix and other configuration information for autoconfiguration. 2. A router returns an RA message containing inform ation such as Prefix Information options. (The router also periodically sends an RA message. In addition to an address prefix, the Prefix Information option also contains the preferred lifetime and valid lifetime of the address prefix. Nodes update the preferred lifetime and valid lifetime accordingly through periodic RA messages.) 3. The node automatically generates an IPv6 addre ss and other configuration information according to the address prefix and other configuration param eters in the RA message. (The automatically generated address is applicable within the valid life time and is removed when the valid lifetime expires.) Redirection A newly started host may contain only a default route to the gateway in its routing table. When certain conditions are satisfied, the gateway sends an ICMPv6 Redirect message to the source host, so the host can select a better next hop to forward packets (sim ilar to the ICMP redirection function in IPv4). The gateway sends an ICMPv6 Redirect message when the following conditions are satisfied. • The receiving interface is the forwarding interface. • The selected route itself is not created or modified by an ICMPv6 Redirect message. • The selected route is not the default route. • The IPv6 packet to be forwarded do es not contain any routing header. IPv6 path MTU discovery The links that a packet passes from a source to a destination may have different MTUs. In IPv6, when the packet size exceeds the path MTU of a link, the packet is fragmented at the source end of the link to reduce the processing pressure on intermediate devices and to use network resources effectively. The path MTU discovery mechanism is designed to find the minimum MTU of all links in the path between a source and a destination. Figure 55 sho ws how a source host discovers the path MTU to a destination host.