HP 5500 Ei 5500 Si Switch Series Configuration Guide
Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 947
258
Step Command Remarks
2. Configure an IPv6 static route.
• Approach 1:
ipv6 route-static i pv6-address prefix-length
{ interface-type interface-number
[ next-hop-address ] | next-hop-address |
vpn-instance d-vpn-instance-name
nexthop-address } [ preference
preference-value ]
• Approach 2:
ipv6 route-static vpn-instance
s-vpn-instance-name & ipv6-address
prefix-length { interface-type
interface-number [ next-hop-address ] |
nexthop-address [ public ] | vpn-instance...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-946.png "Page 947
258
Step Command Remarks
2. Configure an IPv6 static route.
• Approach 1:
ipv6 route-static i pv6-address prefix-length
{ interface-type interface-number
[ next-hop-address ] | next-hop-address |
vpn-instance d-vpn-instance-name
nexthop-address } [ preference
preference-value ]
• Approach 2:
ipv6 route-static vpn-instance
s-vpn-instance-name & ipv6-address
prefix-length { interface-type
interface-number [ next-hop-address ] |
nexthop-address [ public ] | vpn-instance...")
![Page 948
259
Figure 99 Network diagram
Configuration procedure
1. Configure the IPv6 addresses for all VL AN interfaces. (Details not shown.)
2. Configure IPv6 static routes:
# Configure a default IPv6 static route on Switch A.
system-view
[SwitchA] ipv6
[SwitchA] ipv6 route-static :: 0 4::2
# Configure two IPv6 static routes on Switch B.
system-view
[SwitchB] ipv6
[SwitchB] ipv6 route-static 1:: 64 4::1
[SwitchB] ipv6 route-static 3:: 64 5::1
# Configure a default IPv6 static route on Switch...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-947.png "Page 948
259
Figure 99 Network diagram
Configuration procedure
1. Configure the IPv6 addresses for all VL AN interfaces. (Details not shown.)
2. Configure IPv6 static routes:
# Configure a default IPv6 static route on Switch A.
system-view
[SwitchA] ipv6
[SwitchA] ipv6 route-static :: 0 4::2
# Configure two IPv6 static routes on Switch B.
system-view
[SwitchB] ipv6
[SwitchB] ipv6 route-static 1:: 64 4::1
[SwitchB] ipv6 route-static 3:: 64 5::1
# Configure a default IPv6 static route on Switch...")
![Page 949
260
Destination : 1::/64 Protocol : Dire\
ct
NextHop : 1::1 Preference : 0
Interface : Vlan-interface100 Cost : 0
Destination : 1::1/128 Protocol : Dire\
ct
NextHop : ::1 Preference : 0
Interface : InLoop0 Cost : 0
Destination : FE80::/10...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-948.png "Page 949
260
Destination : 1::/64 Protocol : Dire\
ct
NextHop : 1::1 Preference : 0
Interface : Vlan-interface100 Cost : 0
Destination : 1::1/128 Protocol : Dire\
ct
NextHop : ::1 Preference : 0
Interface : InLoop0 Cost : 0
Destination : FE80::/10...")
![Page 955
266
Step Command Remarks
4. Configure a filter policy to
filter outgoing routes. filter-policy
{ acl6-number |
ipv6-prefix ipv6-prefix-name }
export [ protocol [ process-id ] ] By default, RIPng does not filter
outgoing routing information.
Configuring a priority for RIPng
Any routing protocol has its own protocol priority used for optimal route selection. You can set a priority
for RIPng manually. The smaller the value, the higher the priority.
To configure a RIPng priority:...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-954.png "Page 955
266
Step Command Remarks
4. Configure a filter policy to
filter outgoing routes. filter-policy
{ acl6-number |
ipv6-prefix ipv6-prefix-name }
export [ protocol [ process-id ] ] By default, RIPng does not filter
outgoing routing information.
Configuring a priority for RIPng
Any routing protocol has its own protocol priority used for optimal route selection. You can set a priority
for RIPng manually. The smaller the value, the higher the priority.
To configure a RIPng priority:...")
![Page 956
267
To configure RIPng timers:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter RIPng view.
ripng [ process-id ] N/A
3. Configure RIPng
timers. timers
{ garbage-collect
garbage-collect-value | suppress
suppress-value | timeout
timeout-value | update
update-value } * Optional.
The RIPng timers have the following defaults: •
30 seconds for the update timer
• 180 seconds for the timeout timer
• 120 seconds for the suppress timer
• 120 seconds for the...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-955.png "Page 956
267
To configure RIPng timers:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter RIPng view.
ripng [ process-id ] N/A
3. Configure RIPng
timers. timers
{ garbage-collect
garbage-collect-value | suppress
suppress-value | timeout
timeout-value | update
update-value } * Optional.
The RIPng timers have the following defaults: •
30 seconds for the update timer
• 180 seconds for the timeout timer
• 120 seconds for the suppress timer
• 120 seconds for the...")
262 RIPng packet format Basic format A RIPng packet consists of a header and multiple route table entries (RTEs). The maximum number of RTEs in a packet depends on the IPv6 MTU of the sending interface. Figure 100 RIPng basic packet format Packet header description: • Command —Type of message. 0x01 indicates Request; 0x02 indicates Response. • Version —Version of RIPng. It can only be 0x01. • RTE—Route table entry. It is 20 bytes for each entry. RTE format The following are types of RTEs in RIPng: • Next hop RTE —Defines the IPv6 address of a next hop • IPv6 prefix RTE —Describes the destination IPv6 address, route tag, prefix length and metric in the RIPng routing table. Figure 101 Next hop RTE format IPv6 next hop address is the IPv6 address of the next hop. Figure 102 IPv6 prefix RTE format IPv6 prefix RTE field description: • IPv6 prefix—Destination IPv6 address prefix. • Route tag —Route tag. • Prefix len—Length of the IPv6 address prefix. • Metric —Cost of a route. Command Route table entry 1 (20 octets) VersionMust be zero Route table entry n (20 octets) 071 531
263 RIPng packet processing procedure Request packet When a RIPng router first starts or needs to update entries in its routing table, usually a multicast request packet is sent to ask for needed routes from neighbors. The receiving RIPng router processes RTEs in the reques t. If only one RTE exists with the IPv6 prefix and prefix length both being 0, and with a metric value of 16, the RIPng router will respond with the entire routing table information in response messages. If multiple RTEs exist in the request message, the RIPng router will examine each RTE, update its metric, an d send the requested routing information to the requesting router in the response packet. Response packet The response packet containing the local routin g table information is generated as follows: • A response to a request • An update periodically • A trigged update caused by route change After a router receives a response, it checks the validity of the response before adding the route to its routing table, such as whether the source IPv6 addr ess is the link-local address and whether the port number is correct. The response packet that failed the check is discarded. Protocols and standards • RFC 2080, RIPng for IPv6 • RFC 2081, RIPng Protocol Applicability Statement RIPng configuration task list Task Remarks Configuring RIPng basic functions Required Configuring RIPng route control Configuring an additional routing metric Optional Configuring RIPng route summarization Optional Advertising a default route Optional Configuring a RIPng route filtering policy Optional Configuring a priority for RIPng Optional Configuring RIPng route redistribution Optional Tuning and optimizing the RIPng network Configuring RIPng timers Optional Configuring split horizon and poison reverse Optional Configuring zero field check on RIPng packets Optional Configuring the maximum number of ECMP routes Optional Applying IPsec policies for RIPng Optional
264 Configuring RIPng basic functions This section presents the information to configure the basic RIPng features. You must enable RIPng first before configuring other tasks, but it is not necessary for RIPng-related interface configurations, such as assigning an IPv6 address. Before you configure RIPng basic functions, complete the following tasks: • Enable IPv6 packet forwarding. • Configure an IP address for each interface, and make sure that all neighboring nodes can reach each other. To configure the basic RIPng functions: Step Command Remarks 1. Enter system view. system-view N/A 2. Create a RIPng process and enter RIPng view. ripng [ process-id ] [ vpn-instance vpn-instance-name ] Not created by default. 3. Return to system view. quit N/A 4. Enter interface view. interface interface-type interface-number N/A 5. Enable RIPng on the interface. ripng process-id enable Disabled by default. If RIPng is not enabled on an interface, the interface will not send or receive a RIPng route. Configuring RIPng route control Before you configure RIPng, complete the following tasks: • Configure an IPv6 address on each interface, and make sure that all neighboring nodes can reach each other. • Configure RIPng basic functions. • Define an IPv6 ACL before using it for route filtering. For related information, see ACL and QoS Configuration Guide . • Define an IPv6 address prefix list before using it for route filtering. For related information, see Configuring routing policies . Configuring an additional routing metric An additional routing metric can be added to the metric of an inbound or outbound RIP route. The outbound additional metric is added to the metric of a sent route. The route’s metric in the routing table is not changed. The inbound additional metric is added to the metric of a received route before the route is added into the routing table, so the route’s metric is changed. To configure an inbound or outbound additional routing metric:
265
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type interface-number N/A
3. Specify an inbound routing
additional metric. ripng metricin
value
Optional.
0 by default.
4.
Specify an outbound
routing additional metric. ripng metricout
value Optional.
1 by default.
Configuring RIPng route summarization
Step Command
1.
Enter system view.
system-view
2. Enter interface view.
interface interface-type interface-number
3. Advertise a summary IPv6
prefix. ripng summary-address
ipv6-address prefix-length
Advertising a default route
With this feature enabled, a default route is advert ised through the specified interface regardless of
whether the default route is available in the local IPv6 routing table.
To advertise a default route:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter interface view. interface
interface-type
interface-number N/A
3.
Advertise a default route. ripng default-route
{ only |
originate } [ cost cost ]
Not advertised by default.
Configuring a RIPng route filtering policy
R e f e re n c e a c o n f i g u re d I P v 6 AC L o r p re f ix l i s t t o f i l t e r re c e i ve d o r a d v e r t i s e d ro u t i n g i n f o r m a t i o n. Yo u c a n
also filter outbound routes redistributed
from a routing specific routing protocol.
To configure a RIPng route filtering policy:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter RIPng view.
ripng [ process-id ] N/A
3. Configure a filter policy to
filter incoming routes. filter-policy { acl6-number
|
ipv6-prefix ipv6-prefix-name }
import By default, RIPng does not filter
incoming routing information.
266
Step Command Remarks
4. Configure a filter policy to
filter outgoing routes. filter-policy
{ acl6-number |
ipv6-prefix ipv6-prefix-name }
export [ protocol [ process-id ] ] By default, RIPng does not filter
outgoing routing information.
Configuring a priority for RIPng
Any routing protocol has its own protocol priority used for optimal route selection. You can set a priority
for RIPng manually. The smaller the value, the higher the priority.
To configure a RIPng priority:
Step Command Remarks
1.
Enter system view.
system-view N/A
2. Enter RIPng view.
ripng [ process-id ] N/A
3. Configure a RIPng priority. preference [
route-policy
route-policy-name ] preference
Optional.
By default, the RIPng priority is
100.
Configuring RIPng route redistribution
Step Command Remarks
1.
Enter system view.
system-view N/A
2.
Enter RIPng view.
ripng [ process-id ] N/A
3. Configure a default routing
metric for redistributed routes. default cost
cost Optional.
The default metric of redistributed
routes is 0.
4.
Redistribute routes from
another routing protocol. import-route
protocol [ process-id ]
[ allow-ibgp ] [ cost cost |
route-policy route-policy-name ] * By default, no route redistribution
is configured.
Tuning and optimizing the RIPng network
This section describes how to tune and optimize the performance of the RIPng network, as well as
applications under special network environments. Be
fore tuning and optimizing the RIPng network,
complete the following tasks:
• Configure a network layer address for each interface.
• Configure the basic RIPng functions.
Configuring RIPng timers
Adjust RIPng timers to optimize the performance of the RIPng network. When adjusting RIPng timers,
consider the network performance, and perform unified configurations on routers running RIPng to avoid
unnecessary network traffic increase or route oscillation.
267
To configure RIPng timers:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter RIPng view.
ripng [ process-id ] N/A
3. Configure RIPng
timers. timers
{ garbage-collect
garbage-collect-value | suppress
suppress-value | timeout
timeout-value | update
update-value } * Optional.
The RIPng timers have the following defaults: •
30 seconds for the update timer
• 180 seconds for the timeout timer
• 120 seconds for the suppress timer
• 120 seconds for the garbage-collect timer
Configuring split horizon and poison reverse
If both split horizon and poison reverse are configured, only the poison reverse function takes effect.
Configuring split horizon
The split horizon function disables a route learned from an interface from being advertised through the
same interface to prevent routing loops between ne ighbors. HP recommends enabling split horizon to
prevent routing loops.
To configure split horizon:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter interface view. interface
interface-type
interface-number N/A
3.
Enable the split horizon
function. ripng split-horizon Optional.
Enabled by default.
Configuring the poison reverse function
The poison reverse function enables a route learned from an interface to be advertised through the
interface. However, the metric of the route is set to 16 (unreachable).
To configure poison reverse:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter interface view. interface
interface-type
interface-number N/A
3.
Enable the poison reverse
function. ripng poison-reverse
Disabled by default.
268 Configuring zero field check on RIPng packets Some fields in the RIPng packet must be zero, which are called zero fields. With zero field check on RIPng packets enabled, if such a field contains a non-ze ro value, the entire RIPng packet is discarded. If you are sure that all packets are trustworthy, disable the zero field check to reduce the CPU processing time. To configure RIPng zero field check: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter RIPng view. ripng [ process-id ] N/A 3. Enable the zero field check. checkzero Optional. Enabled by default. Configuring the maximum number of ECMP routes Step Command Remarks 1. Enter system view. system-view N/A 2. Enter RIPng view. ripng [ process-id ] N/A 3. Configure the maximum number of ECMP routes for load balancing. maximum load-balancing number Optional. 8 by default. Applying IPsec policies for RIPng To protect routing information and defend attacks, RI Png supports using an IPsec policy to authenticate protocol packets. Outbound RIPng packets carry the Security Parameter Index (SPI) defined in the relevant IPsec policy. A device uses the SPI carried in a received packet to match against the configured IPsec policy. If they match, the device accepts the packet; otherwise, it discards the packet and will not establish a neighbor relationship with the sending device. You can configure an IPsec policy for a RIPng proces s or interface. The IPsec policy configured for a process applies to all packets in the process. The IP sec policy configured on an interface applies to packets on the interface. If an interface and its process each have an IPsec policy configured, the interface uses its own IPsec policy. Configuration prerequisites Before you apply an IPsec policy for RIPng, complete following tasks: • Create an IPsec proposal. • Create an IPsec policy. For more information about IPsec policy configuration, see Security Configuration Guide.
269
Configuration guidelines
An IPsec policy used for RIPng can only be in manual mode. For more information, see Security
Configuration Guide .
Configuration procedure
To apply an IPsec policy in a process:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter RIPng view.
ripng [ process-id ] N/A
3. Apply an IPsec policy in the
process. enable ipsec-policy
policy-name Not configured by default.
To apply an IPsec policy on an interface:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter interface view. interface
interface-type
interface-number N/A
3.
Apply an IPsec policy on the
interface. ripng ipsec-policy
policy-name Not configured by default.
Displaying and maintaining RIPng
Task Command Remarks
Display configuration information
of a RIPng process.
display ripng
[ process-id |
vpn-instance vpn-instance-name ]
[ | { begin | exclude | include }
regular-expression ]
Available in any view
Display routes in the RIPng
database. display ripng
process-id database
[ | { begin | exclude | include }
regular-expression ] Available in any view
Display the routing information of
a specified RIPng process. display ripng
process-id route [ |
{ begin | exclude | include }
regular-expression ] Available in any view
Display RIPng interface
information. display ripng
process-id interface
[ interface-type interface-number ]
[ | { begin | exclude | include }
regular-expression ] Available in any view
Reset a RIPng process. reset ripng process-id process Available in user view
Clear statistics of a RIPng process. reset ripng process-id statistics Available in user view
270 RIPng configuration examples Configuring RIPng basic functions Network requirements In Figure 103 , all switches run RIPng. Configure Switch B to filter the route (3::/64) learned from Switch C, which means the route will not be added to the routin g table of Switch B, and Switch B will not forward it to Switch A. Figure 103 Network diagram Configuration procedure 1. Configure the IPv6 address for each interface. (Details not shown.) 2. Configure basic RIPng functions: # Configure Switch A. system-view [SwitchA] ripng 1 [SwitchA-ripng-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ripng 1 enable [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 400 [SwitchA-Vlan-interface400] ripng 1 enable [SwitchA-Vlan-interface400] quit # Configure Switch B. system-view [SwitchB] ripng 1 [SwitchB-ripng-1] quit [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface200] ripng 1 enable [SwitchB-Vlan-interface200] quit [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ripng 1 enable [SwitchB-Vlan-interface100] quit # Configure Switch C. system-view [SwitchC] ripng 1 [SwitchC-ripng-1] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] ripng 1 enable [SwitchC-Vlan-interface200] quit
271
[SwitchC] interface vlan-interface 500
[SwitchC-Vlan-interface500] ripng 1 enable
[SwitchC-Vlan-interface500] quit
[SwitchC] interface vlan-interface 600
[SwitchC-Vlan-interface600] ripng 1 enable
[SwitchC-Vlan-interface600] quit
# Display the routing table of Switch B.
[SwitchB] display ripng 1 route
Route Flags: A - Aging, S - Suppressed, G - Garbage-collect
----------------------------------------------------------------
Peer FE80::20F:E2FF:FE23:82F5 on Vlan-interface100
Dest 1::/64,
via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 6 Sec
Dest 2::/64,
via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 6 Sec
Peer FE80::20F:E2FF:FE00:100 on Vlan-interface200
Dest 3::/64,
via FE80::20F:E2FF:FE00:100, cost 1, tag 0, A, 11 Sec
Dest 4::/64,
via FE80::20F:E2FF:FE00:100, cost 1, tag 0, A, 11 Sec
Dest 5::/64,
via FE80::20F:E2FF:FE00:100, cost 1, tag 0, A, 11 Sec
# Display the routing table of Switch A.
[SwitchA] display ripng 1 route
Route Flags: A - Aging, S - Suppressed, G - Garbage-collect
----------------------------------------------------------------
Peer FE80::200:2FF:FE64:8904 on Vlan-interface100
Dest 1::/64,
via FE80::200:2FF:FE64:8904, cost 1, tag 0, A, 31 Sec
Dest 4::/64,
via FE80::200:2FF:FE64:8904, cost 2, tag 0, A, 31 Sec
Dest 5::/64,
via FE80::200:2FF:FE64:8904, cost 2, tag 0, A, 31 Sec
Dest 3::/64,
via FE80::200:2FF:FE64:8904, cost 1, tag 0, A, 31 Sec
3. Configure Switch B to filter incoming and outgoing route:
[SwitchB] acl ipv6 number 2000
[SwitchB-acl6-basic-2000] rule deny source 3::/64
[SwitchB-acl6-basic-2000] rule permit
[SwitchB-acl6-basic-2000] quit
[SwitchB] ripng 1
[SwitchB-ripng-1] filter-policy 2000 import
[SwitchB-ripng-1] filter-policy 2000 export
# Display routing tables of Switch B and Switch A.
[SwitchB] display ripng 1 route