HP 5500 Ei 5500 Si Switch Series Configuration Guide
Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 1020
331
Ste
p Command Remarks
4.
Enable default route redistribution into
the IPv6 BGP routing table. default-route imported Optional.
Not enabled by default.
If the default-route imported
command is not configured,
using the import-route command
cannot redistribute any IGP
default route.
5. Enable route redistribution from
another routing protocol. import-route
protocol
[ process-id [ med med-value
| route-policy
route-policy-name ] * ]
Not enabled by default....](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-1019.png "Page 1020
331
Ste
p Command Remarks
4.
Enable default route redistribution into
the IPv6 BGP routing table. default-route imported Optional.
Not enabled by default.
If the default-route imported
command is not configured,
using the import-route command
cannot redistribute any IGP
default route.
5. Enable route redistribution from
another routing protocol. import-route
protocol
[ process-id [ med med-value
| route-policy
route-policy-name ] * ]
Not enabled by default....")
![Page 1021
332
Ste
p Command Remarks
4.
Advertise a default route to
an IPv6 peer or peer
group. peer { ipv6-group-name
| ipv6-address }
default-route-advertise [ route-policy
route-policy-name ] Not advertised by default.
With the peer
default-route-advertise
command executed, the
local router advertises a
default route with itself as
the next hop to the specified
IPv6 peer or peer group,
regardless of whether the
default route is available in
the routing table.
Configuring...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-1020.png "Page 1021
332
Ste
p Command Remarks
4.
Advertise a default route to
an IPv6 peer or peer
group. peer { ipv6-group-name
| ipv6-address }
default-route-advertise [ route-policy
route-policy-name ] Not advertised by default.
With the peer
default-route-advertise
command executed, the
local router advertises a
default route with itself as
the next hop to the specified
IPv6 peer or peer group,
regardless of whether the
default route is available in
the routing table.
Configuring...")
![Page 1023
334
Configuring route dampening
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter BGP view.
bgp as-number N/A
3. Enter IPv6 address family
view. ipv6-family
N/A
4. Configure IPv6 BGP route
dampening parameters. dampening
[ half-life-reachable
half-life-unreachable reuse suppress ceiling |
route-policy route-policy-name ]* Optional.
Not configured by
default.
Configuring IPv6 BGP route attributes
Use the following IPv6 BGP route attributes to...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-1022.png "Page 1023
334
Configuring route dampening
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter BGP view.
bgp as-number N/A
3. Enter IPv6 address family
view. ipv6-family
N/A
4. Configure IPv6 BGP route
dampening parameters. dampening
[ half-life-reachable
half-life-unreachable reuse suppress ceiling |
route-policy route-policy-name ]* Optional.
Not configured by
default.
Configuring IPv6 BGP route attributes
Use the following IPv6 BGP route attributes to...")
![Page 1025
336
Ste
p Command Remarks
3.
Enter IPv6 address family
view. ipv6-family
N/A
4. Allow the local AS number to
appear in AS_PATH of routes
from a peer or peer group
and specify the repeat times. peer { ipv6-group-name
|
ipv6-address } allow-as-loop
[ number ] Optional.
Not allowed by default.
5.
Specify a fake AS number for
an IPv6 peer or peer group. peer {
ipv6-group-name |
ipv6-address } fake-as as-number Optional.
Not specified by default.
6.
Disable IPv6 BGP...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-1024.png "Page 1025
336
Ste
p Command Remarks
3.
Enter IPv6 address family
view. ipv6-family
N/A
4. Allow the local AS number to
appear in AS_PATH of routes
from a peer or peer group
and specify the repeat times. peer { ipv6-group-name
|
ipv6-address } allow-as-loop
[ number ] Optional.
Not allowed by default.
5.
Specify a fake AS number for
an IPv6 peer or peer group. peer {
ipv6-group-name |
ipv6-address } fake-as as-number Optional.
Not specified by default.
6.
Disable IPv6 BGP...")
332
Ste
p Command Remarks
4.
Advertise a default route to
an IPv6 peer or peer
group. peer { ipv6-group-name
| ipv6-address }
default-route-advertise [ route-policy
route-policy-name ] Not advertised by default.
With the peer
default-route-advertise
command executed, the
local router advertises a
default route with itself as
the next hop to the specified
IPv6 peer or peer group,
regardless of whether the
default route is available in
the routing table.
Configuring outbound route filtering
IPv6 BGP advertises routes passing the specified policy to peers. Using the protocol argument can filter
only the routes redistributed from the specified protocol. If no protocol is specified, IPv6 BGP filters all
routes to be advertised, including redistri buted routes and routes imported with the network command.
To configure outbound route filtering:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter BGP view.
bgp as-number N/A
3. Enter IPv6 address family
view. ipv6-family
N/A
4.
Configure the filtering of
outgoing routes. filter-policy {
acl6-number | ipv6-prefix
ipv6-prefix-name } export [ protocol
process-id ] Not configured by default.
5.
Apply a routing policy to
routes advertised to an IPv6
peer or peer group. peer {
ipv6-group-name | ipv6-address }
route-policy route-policy-name export Not applied by default.
6.
Specify an IPv6 ACL to filter
routes advertised to an IPv6
peer or peer group. peer {
ipv6-group-name | ipv6-address }
filter-policy acl6-number export Not specified by default.
7.
Specify an AS path ACL to
filter routes advertised to an
IPv6 peer or peer group. peer {
ipv6-group-name | ipv6-address }
as-path-acl as-path-acl-number export Not specified by default.
8.
Specify an IPv6 prefix list to
filter routes advertised to an
IPv6 peer or peer group. peer {
ipv6-group-name | ipv6-address }
ipv6-prefix ipv6-prefix-name export Not specified by default.
Configuring inbound route filtering
Only routes passing the configured filtering can be added into the local IPv6 BGP routing table.
Members of a peer group can have diff
erent inbound route filtering policies.
333
To configure inbound route filtering:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter BGP view.
bgp as-number N/A
3. Enter IPv6 address family
view. ipv6-family
N/A
4. Configure inbound route
filtering. filter-policy
{ acl6-number |
ipv6-prefix ipv6-prefix-name }
import Not configured by default.
5.
Apply a routing policy to
routes from an IPv6 peer or
peer group. peer {
ipv6-group-name |
ipv6-address } route-policy
route-policy-name import Not applied by default.
6.
Specify an ACL to filter routes
i m p o r t e d f ro m a n I P v 6 p e e r o r
peer group. peer {
ipv6-group-name |
ipv6-address } filter-policy
acl6-number import Not specified by default.
7.
Specify an AS path ACL to
filter routing information
i m p o r t e d f ro m a n I P v 6 p e e r o r
peer group. peer {
ipv6-group-name |
ipv6-address } as-path-acl
as-path-acl-number import Not specified by default.
8.
Specify an IPv6 prefix list to
filter routing information
i m p o r t e d f ro m a n I P v 6 p e e r o r
peer group. peer {
ipv6-group-name |
ipv6-address } ipv6-prefix
ipv6-prefix-name import Not specified by default.
9.
Specify the upper limit of
prefixes allowed to receive
from an IPv6 peer or peer
group. peer {
ipv6-group-name |
ipv6-address } route-limit limit
[ percentage ] Optional.
Unlimited by default.
Configuring IPv6 BGP and IGP route synchronization
By d efau l t, u p o n re c eivi n g a n I BG P ro u te, a n I P v 6 BG P ro u te r che ck s t h e ro u te’ s n ex t ho p. I f t h e n ex t ho p
is reachable, the IPv6 BGP router advertises the route to EBGP peers. If the synchronization feature is
configured, in addition to the reachability check of the next hop, the IPv6 BGP router must find an active
IGP route with the same destination network segment before it can advertise the IBGP route (use the
display ipv6 routing-table protocol
command to check the IGP route state).
To configure IPv6 BGP and IGP route synchronization:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter BGP view.
bgp as-number N/A
3. Enter IPv6 address family view.
ipv6-family N/A
4. Enable route synchronization between
IPv6 BGP and IGP. synchronization
Not enabled by default.
334 Configuring route dampening Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Enter IPv6 address family view. ipv6-family N/A 4. Configure IPv6 BGP route dampening parameters. dampening [ half-life-reachable half-life-unreachable reuse suppress ceiling | route-policy route-policy-name ]* Optional. Not configured by default. Configuring IPv6 BGP route attributes Use the following IPv6 BGP route attributes to modify BGP routing policy: • IPv6 BGP protocol preference • Default LOCAL_PREF attribute • MED attribute • NEXT_HOP attribute • AS_PATH attribute Configuration prerequisites Before you configure IPv6 BGP route attributes, complete the following tasks: • Enable IPv6 function. • Configure IPv6 BGP basic functions. Configuring IPv6 BGP preference and default LOCAL_PREF and NEXT_HOP attributes Follow these guidelines when you configure IPv6 BGP preference and default LOCAL_PREF and NEXT_HOP attributes: • To ensure an IBGP peer can find the correct next hop, configure routes adver tised to the IPv6 IBGP peer or peer group to use the local router as the next hop. If BGP load balancing is configured, the local router specifies itself as the next hop of routes sent to an IPv6 IBGP peer or peer group regardless of whether the peer next-hop-local command is configured. • In a third party next hop network where the two IPv6 EBGP peers reside in a common broadcast subnet, the router does not change the next hop for ro u t e s s e n t t o t h e I P v 6 E B G P p e e r o r p e e r g ro u p by default, unless the peer next-hop-local command is configured. To configure IPv6 BGP preference and default LOCAL_PREF and NEXT_HOP attributes:
335
Ste
p Command Remarks
1.
Enter system view.
system-view N/A
2. Enter BGP view.
bgp as-number N/A
3. Enter IPv6 address family
view. ipv6-family
N/A
4. Configure preference values
for IPv6 BGP external,
internal, and local routes. preference
{ external-preference
internal-preference
local-preference | route-policy
route-policy-name } Optional.
The default preference values of
external, internal, and local routes are
255, 255, and 130.
5.
Configure the default local
preference. default local-preference
value Optional.
The
value defaults to 100.
6. Advertise routes to an IPv6
peer or peer group with the
local router as the next hop. peer {
ipv6-group-name |
ipv6-address } next-hop-local By default, IPv6 BGP specifies the
local router as the next hop for routes
sent to an IPv6 EBGP peer or peer
group, but does not change the next
hop for routes sent to an IPv6 IBGP
peer or peer group.
Configuring the MED attribute
Step Command Remarks
1.
Enter system view.
system-view N/A
2. Enter BGP view.
bgp as-number N/A
3. Enter IPv6 address family
view. ipv6-family
N/A
4. Configure a default MED
value. default med
med-value Optional.
Defaults to 0.
5.
Enable the comparison of
MED for routes from different
EBGP peers. compare-different-as-med
Optional.
Not enabled by default.
6.
Enable the comparison of
MED for routes from each AS. bestroute compare-med Optional.
Disabled by default.
7.
Enable the comparison of
MED for routes from
confederation peers. bestroute med-confederation
Optional.
Disabled by default.
Configuring the AS_PATH attribute
Step Command Remarks
1.
Enter system view.
system-view N/A
2. Enter BGP view.
bgp as-number N/A
336
Ste
p Command Remarks
3.
Enter IPv6 address family
view. ipv6-family
N/A
4. Allow the local AS number to
appear in AS_PATH of routes
from a peer or peer group
and specify the repeat times. peer { ipv6-group-name
|
ipv6-address } allow-as-loop
[ number ] Optional.
Not allowed by default.
5.
Specify a fake AS number for
an IPv6 peer or peer group. peer {
ipv6-group-name |
ipv6-address } fake-as as-number Optional.
Not specified by default.
6.
Disable IPv6 BGP from
considering the AS_PATH
during best route selection. bestroute as-path-neglect
Optional.
Enabled by default.
7.
Configure to carry only the
public AS number in updates
sent to a peer or peer group. peer { ipv6-group-name
|
ipv6-address } public-as-only Optional.
By default, IPv6 BGP updates carry
a private AS number.
8.
Substitute the local AS number
for the AS number of an IPv6
peer or peer group identified
in the AS_PATH attribute. peer { ipv6-group-name
|
ipv6-address } substitute-as Optional.
Not substituted by default.
Tuning and optimizing IPv6 BGP networks
This section describes configurations of IPv6 BGP timers, IPv6 BGP connection soft reset, and the
maximum number of load balanced routes.
•
IPv6 BGP timers
After establishing an IPv6 BGP connection, two routers send kee palive messages periodically to
each other to maintain the connection. If a rout er receives no keepalive message from the peer
after the holdtime elapses, it tears down the connection.
When establishing an IPv6 BGP connection, the two parties compare their holdtimes, taking the
shorter one as the common holdtime. If the holdtime is 0, neither keepalive massage is sent, nor
holdtime is checked.
• IPv6 BGP connection soft reset
After modifying a route selection policy, you must reset IPv6 BGP connections to make the new one
take effect. The current IPv6 BGP implementation supports the route-refresh feature that enables
dynamic route refresh without needin g to disconnect IPv6 BGP links.
After this feature is enabled on all IPv6 BGP routers, a router that wants to apply a new route
selection policy advertises a rout e-refresh message to its peers, which then send their routing
information to the router. After receiving the routing information, the router can perform dynamic
route update by using the new policy without tearing down connections.
If a peer not supporting route-refresh exists in the network, you must configure the peer
keep-all-routes c o m m a n d t o s a v e a l l r o u t e s f r o m t h e p e e r . W h e n t h e r o u t i n g p o l i c y i s c h a n g e d , t h e
system will update the IPv6 BGP routing table and apply the new policy.
337
Configuration prerequisites
Before you configure IPv6 BGP timers, complete the following tasks:
• Enable IPv6.
• Configure IPv6 BGP basic functions.
Configuring IPv6 BGP timers
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter BGP view.
bgp as-number N/A
3. Enter IPv6 address family view. ipv6-family N/A
4.
Configure IPv6 BGP timers.
• Specify keepalive interval and
holdtime:
timer keepalive keepalive hold
holdtime
• Configure keepalive interval
and holdtime for an IPv6 peer
or peer group:
peer { ipv6-group-name
|.ipv6-address } timer
keepalive keepalive hold
holdtime Optional.
The keepalive interval defaults to
60 seconds, holdti
me defaults to
180 seconds.
The holdtime interval must be at
least three times the keepalive
interval.
Timers configured by using the
timer command have lower
priority than timers configured by
using the peer timer command.
5. Configure the interval for
sending the same update to an
IPv6 peer or peer group. peer { ipv6-group-name
|
ipv6-address }
route-update-interval interval Optional.
The interval for sending the same
update to an IBGP peer or an
EBGP peer defaults to 15
seconds or 30 seconds.
Configuring IPv6 BGP soft reset
Enabling route refresh
Step Command Remarks
1.
Enter system view.
system-view N/A
2. Enter BGP view.
bgp as-number N/A
3. Enter IPv6 address
family view. ipv6-family
N/A
4. Enable route refresh. peer { ipv6-group-name
| ipv6-address }
capability-advertise route-refresh Optional.
Enabled by default.
Performing manual soft-reset
338
Ste
p Command Remarks
1.
Enter system view.
system-view N/A
2. Enter BGP view.
bgp as-number N/A
3. Enter IPv6 address family
view. ipv6-family
N/A
4. Save all routes from an IPv6
peer or peer group, not letting
them go through the inbound
policy. peer {
ipv6-group-name | ipv6-address }
keep-all-routes Optional.
Not saved by default.
If the peer
keep-all-routes
command is used, all routes
from the peer or peer group
are saved regardless of
whether the filtering policy is
available. These routes will
be used to generate IPv6 BGP
routes after soft-reset is
performed.
5. Return to user view.
return N/A
6. Soft-reset BGP connections
manually. refresh bgp
ipv6 { all | ipv6-address |
group ipv6-group-name | external |
internal } { export | import } N/A
Enabling the IPv6 BGP ORF capability
The BGP Outbound Route Filter (ORF) feature allows a BGP speaker to send its BGP peer a set of ORFs
through route-refresh messages. The peer then applies the ORFs, in addition to its local routing policies
(if any), to filter updates to the BGP speaker, re
ducing the number of exchanged update messages and
saving network resources.
After you enable the BGP ORF capability, the local BGP router negotiates the ORF capability with the
BGP peer through Open messages. The local BGP router determines whether to carry ORF information
in messages. If yes, it will further determine whethe r to carry non-standard ORF information in the packets.
After completing the negotiation process and establishing the neighboring relationship, the BGP router
and its BGP peer can exchange ORF information through specific route-refresh messages.
For the parameters configured on both si des for ORF capability negotiation, see Tabl e 9.
T
o enable the BGP ORF capability:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter BGP view.
bgp as-number Required
3. Enter IPv6 address family
view. ipv6-family
N/A
4. Enable BGP route refresh for a
peer or peer group. peer
{ group-name |
ipv6-address } capability-advertise
route-refresh Enabled by default
339
Ste
p Command Remarks
5.
Enable the non-standard ORF
capability for a BGP peer or
peer group. peer
{ group-name |
ipv6-address } capability-advertise
orf non-standard Optional.
By default, standard BGP ORF
capability defined in RFC 5291
and RFC 5292 is supported.
6.
Enable the ORF IP prefix
negotiation capability for a
BGP peer or peer group. peer { group-name
| ip-address |
ipv6-address } capability-advertise
orf ip-prefix { both | receive |
send } Not supported by default.
Table 9
Description of the both, send, and receive parameters and the negotiation result
Local
parameter Peer parameter Negotiation result
send • receive
• both The ORF sending capability is enabled locally and
the ORF receiving capability is enabled on the
peer.
receive •
send
• both The ORF receiving capability is enabled locally and
the ORF sending capability is enabled on the peer.
both both
Both the ORF sending and receiving capabilities
are enabled locally and on the peer.
Enabling 4-byte AS number suppression
When a switch that supports 4-byte AS numbers sends an Open message for peer relationship
establishment, the Optional parameters field of the message indicates that the AS number occupies four
bytes—in the range of 1 to 4294967295. If the peer device does not support 4-byte AS numbers (for
examples, it supports only 2-byte AS numbers), th
e peer relationship cannot be established.
After you enable the 4-byte AS number suppression function, the peer device can then process the Open
message even though it does not support 4-byte AS numbers, and the BGP peer relationship can be
established.
If the peer device supports 4-byte AS numbers, do not enable the 4-byte AS number suppression function;
otherwise, the BGP peer relation ship cannot be established.
To enable 4-byte AS number suppression:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter BGP view.
bgp as-number N/A
3. Enter IPv6 address
family view. ipv6-family
N/A
4. Enable 4-byte AS
number suppression. peer
{ group-name | ip-address }
capability-advertise suppress-4-byte-as Disabled by default.
340
Setting the DSCP value for IPv6 BGP packets
An IPv6 packet header contains an 8-bit Traffic class field. This field identifies the service type of IPv6
packets. As defined in RFC 2474, the first six bits set the Differentiated Services Code Point (DSCP) value
and the last two bits are reserved. Network devices use the DSCP value as a reference to determine the
packet priority for transmission.
You can set the DSCP value for IPv6 BGP packets.
To set the DSCP value for packets sent to an IPv6 BGP peer or peer group:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter BGP view.
bgp as-number N/A
3. Enter IPv6 address
family view. ipv6-family
N/A
4. Set the DSCP value
for the BGP packets
sent to the specified
IPv6 peer or peer
group. peer { ipv6-group-name
| ipv6-address }
dscp dscp-value Optional.
By default, the DSCP value in IPv6
BGP packets is 48.
Configuring the maximum number of load-balanced routes
Step Command Remarks
1.
Enter system view.
system-view N/A
2. Enter BGP view.
bgp as-number N/A
3. Enter IPv6 address family
view. ipv6-family
N/A
4. Configure the maximum
number of load balanced
routes. balance
number By default, no load balancing is
enabled.
Enabling MD5 authentication for TCP connections
IPv6 BGP employs TCP as the transport protocol. To enhance security, configure IPv6 BGP to perform
MD5 authentication when establishing a TCP connection. If the authentication fails, no TCP connection
can be established.
The MD5 authentication for establishing TCP connections does not apply to BGP packets.
The MD5 authentication requires that the two parties have the same authentication mode and password
to establish a TCP connection; otherwise, no TCP connection can be established due to authentication
failure.
To enable MD5 authentication for TCP connections:
341
Ste
p Command Remarks
1.
Enter system view.
system-view N/A
2. Enter BGP view.
bgp as-number N/A
3. Enter IPv6 address family
view. ipv6-family
N/A
4. Enable MD5 authentication
when establishing a TCP
connection to the peer or peer
group. peer { ipv6-group-name
|
ipv6-address } password { cipher |
simple } password Not enabled by default.
Applying an IPsec policy to an IPv6 BGP peer or peer group
To protect routing information and defend attacks, IP
v6 BGP can authenticate protocol packets by using
an IPsec policy.
Outbound IPv6 BGP packets carry the Security Parameter Index (SPI) defined in the IPsec policy. A device
uses the SPI carried in a received packet to match against the configured IPsec policy. If they match, the
device accepts the packet; otherwise, it discards the packet and will not establish a neighbor relationship
with the sending device.
Configuration prerequisites
Before you apply an IPsec policy to a peer or peer group, complete following tasks:
• Create an IPsec proposal.
• Create an IPsec policy.
For more information about IPsec policy configuration, see Security Configuration Guide.
Configuration guidelines
An IPsec policy used for IPv6 BGP can be only in manual mode. For more information, see Security
Configuration Guide .
Configuration procedure
To apply an IPsec policy to a peer or peer group
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter BGP view.
bgp as-number N/A
3. Enter IPv6 address
family view. ipv6-family
N/A
4. Apply an IPsec policy to
a peer or peer group. peer
{ group-name | ip-address } ipsec-policy
policy-name Not configured by default.