HP 5500 Ei 5500 Si Switch Series Configuration Guide
Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 1334
198
IMPORTANT:
•
Before grouping multiple routers into an MSDP mesh group, make sure that these routers are
interconnected with one another.
• If you configure more than one mesh group name on an MSDP peer, only the last configuration is
effective.
To create an MSDP mesh group:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter public network MSDP
view or VPN instance MSDP
view. msdp
[ vpn-instance
vpn-instance-name ] N/A
3.
Create an MSDP mesh group...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-1333.png "Page 1334
198
IMPORTANT:
•
Before grouping multiple routers into an MSDP mesh group, make sure that these routers are
interconnected with one another.
• If you configure more than one mesh group name on an MSDP peer, only the last configuration is
effective.
To create an MSDP mesh group:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter public network MSDP
view or VPN instance MSDP
view. msdp
[ vpn-instance
vpn-instance-name ] N/A
3.
Create an MSDP mesh group...")
![Page 1336
200
To configure the SA message content:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter public network MSDP view or
VPN instance MSDP view. msdp
[ vpn-instance
vpn-instance-name ] N/A
3.
Enable encapsulation of multicast
data in SA messages. encap-data-enable Optional.
Disabled by default.
4.
Configure the interface address as
the RP address in SA messages. originating-rp
interface-type
interface-number Optional.
PIM RP address by default....](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-1335.png "Page 1336
200
To configure the SA message content:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter public network MSDP view or
VPN instance MSDP view. msdp
[ vpn-instance
vpn-instance-name ] N/A
3.
Enable encapsulation of multicast
data in SA messages. encap-data-enable Optional.
Disabled by default.
4.
Configure the interface address as
the RP address in SA messages. originating-rp
interface-type
interface-number Optional.
PIM RP address by default....")
195 Task Remarks connection Configuring an MSDP mesh group Optional Configuring MSDP peer connection control Optional Configuring SA messages related parameters Configuring SA message content Optional Configuring SA request messages Optional Configuring SA message filtering rules Optional Configuring the SA cache mechanism Optional Configuring basic MSDP functions IMPORTANT: All the configuration tasks should be carried out on RPs in PIM-SM domains, and each of these RPs acts as an MSDP peer. Configuration prerequisites Before you configure basic MSDP functions, complete the following tasks: • Configure any unicast routing protocol so that a ll devices in the domain are interoperable at the network layer. • Configure PIM-SM to enable intra-domain multicast forwarding. • Determine the IP addresses of MSDP peers. • Determine the address prefix list for an RP address filtering policy. Enabling MSDP Enabling MSDP globally for the public network Step Command Remarks 1. Enter system view. system-view N/A 2. Enable IP multicast routing. multicast routing-enable Disabled by default. 3. Enable MSDP and enter public network MSDP view. msdp Disabled by default. Enabling MSDP in a VPN instance Step Command Remarks 1. Enter system view. system-view N/A 2. Create a VPN instance and enter VPN instance view. ip vpn-instance vpn-instance-name N/A
196 Step Command Remarks 3. Configure a route-distinguisher (RD) for the VPN instance. route-distinguisher route-distinguisher No RD is configured by default. 4. Enable IP multicast routing. multicast routing-enable Disabled by default. 5. Return to system view. quit N/A 6. Enable MSDP and enter VPN instance MSDP view. msdp vpn-instance vpn-instance-name Disabled by default. For more information about the ip vpn-instance and route-distinguisher commands, see IP Routing Command Refernece . For more information about the multicast routing-enable command, see IP Multicast Command Reference . Creating an MSDP peer connection An MSDP peering relationship is identified by an address pair, namely, the address of the local MSDP peer and that of the remote MSDP peer. An MSDP peer connection must be created on both devices that are a pair of MSDP peers. To create an MSDP peer connection: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter public network MSDP view or VPN instance MSDP view. msdp [ vpn-instance vpn-instance-name ] N/A 3. Create an MSDP peer connection. peer peer-address connect-interface interface-type interface-number No MSDP peer connection is created by default. NOTE: If an interface of the router is shared by an MSDP peer and a BGP or MBGP peer at the same time, HP recommends you to configure the IP address of the MSDP peer the same as that of the BGP or MBGP peer. Configuring a static RPF peer Configuring static RPF peers avoids RPF check of SA messages. To configure a static RPF peer: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter public network MSDP view or VPN instance MSDP view. msdp [ vpn-instance vpn-instance-name ] N/A 3. Configure a static RPF peer. static-rpf-peer peer-address [ rp-policy ip-prefix-name ] No static RPF peer is configured by default.
197 NOTE: If only one MSDP peer is configur ed on a router, this MSDP will be registered as a static RPF peer. Configuring an MSDP peer connection Configuration prerequisites Before you configure an MSDP peer connection, complete the following tasks: • Configure any unicast routing protocol so that a ll devices in the domain are interoperable at the network layer. • Configure basic MSDP functions. • Determine the description of MSDP peers. • Determine the name of an MSDP mesh group. • Determine the MSDP peer connection retry interval. • Determine the MD5 authentication password for the TCP connection to be established with an MSDP peer. Configuring MSDP peer description With the MSDP peer description information, the adm inistrator can easily distinguish different MSDP peers to better manage MSDP peers. To configure description for an MSDP peer: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter public network MSDP view or VPN instance MSDP view. msdp [ vpn-instance vpn-instance-name ] N/A 3. Configure description for an MSDP peer. peer peer-address description text No description is configured for an MSDP peer by default. Configuring an MSDP mesh group An AS can contain multiple MSDP peers. You can use the MSDP mesh group mechanism to avoid SA message flooding among these MSDP peers and optimize the multicast traffic. An MSDP peer in an MSDP mesh group forwards SA messages (that have passed the RPF check) from outside the mesh group to the other members in the mesh group. A mesh group member accepts SA messages from inside the group without performing an RPF check, and does not forward the message within the mesh group. This mechanism not only avoids SA flooding but also simplifies the RPF check mechanism because you do not need to run BGP or MBGP between these MSDP peers. By configuring the same mesh group name for multiple MSDP peers, you can create a mesh group that contains these MSDP peers.
198 IMPORTANT: • Before grouping multiple routers into an MSDP mesh group, make sure that these routers are interconnected with one another. • If you configure more than one mesh group name on an MSDP peer, only the last configuration is effective. To create an MSDP mesh group: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter public network MSDP view or VPN instance MSDP view. msdp [ vpn-instance vpn-instance-name ] N/A 3. Create an MSDP mesh group and assign an MSDP peer to that mesh group. peer peer-address mesh-group name An MSDP peer does not belong to any mesh group by default. Configuring MSDP peer connection control MSDP peers are interconnected over TCP (port number 639). You can flexibly control sessions between MSDP peers by manually deactivating and reactivating the MSDP peering connections. When the connection between two MSDP peers is deactivated, SA messages will no longer be delivered between them, and the TCP connection is closed without any connection setup retry. The configuration information, however, remain unchanged. A TCP connection is required in the following situations: • When a new MSDP peer is created • When you reactivate a previously deactivated MSDP peer connection • When a previously failed MSDP peer attempts to resume operation You can adjust the interval between MSDP peering connection retries. To enhance MSDP security, you can configure an MD 5 authentication password for the TCP connection to be established with an MSDP peer. If the MD5 authentication fails, the TCP connection cannot be established. IMPORTANT: The MSDP peers involved in the MD5 authentication must have the same authentication method and password. Otherwise, the authentication fails and the TCP connection cannot be established. To configure MSDP peer connection control: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter public network MSDP view or VPN instance MSDP view. msdp [ vpn-instance vpn-instance-name ] N/A
199
Step Command Remarks
3. Deactivate an MSDP peer.
shutdown peer-address Optional.
Active by default.
4.
Configure the interval
between MSDP peer
connection retries. timer retry interval
Optional.
30 seconds by default.
5. Configure an MD5
authentication key for the TCP
connection to be established
with an MSDP peer. peer
peer-address password
{ cipher | simple } password Optional.
By default, MD5 authentication is
not performed before an TCP
connection is established.
Configuring SA messages related parameters
Configuration prerequisites
Before you configure SA message delivery, complete the following tasks:
•
Configure any unicast routing protocol so that a ll devices in the domain are interoperable at the
network layer.
• Configure basic MSDP functions.
• Determine the ACL rules for filtering SA request messages.
• Determine the ACL rules as SA message creation rules.
• Determine the ACL rules for filtering SA me ssages to be received and forwarded.
• Determine the TTL threshold for multicast packet encapsulation in SA messages.
• Determine the maximum number of (S, G) entries learned from the specified MSDP peer that the
router can cache.
Configuring SA message content
Some multicast sources send multicast data at an interval longer than the aging time of (S, G) entries. In
this case, the source-side DR must encapsulate multicast data packet by packet in register messages and
send them to the source-side RP. The source-side RP transmits the (S, G) information to the remote RP
through SA messages. Then the remote RP joins the source-side DR and builds an SPT. Because the (S, G)
entries have timed out, remote receivers can never receive the multicast data from the multicast source.
After the source-side RP is enabled to encapsulate mult icast data in SA messages, if the RP wants to sends
a multicast packet, it encapsulates the multicast packet in an SA message and sends it. After receiving the
SA message, the remote RP de-encapsulates the SA message and delivers the multicast packet to the
receivers in the local domain along the RPT.
The MSDP peers deliver SA messages to one another. After receiving an SA message, a router performs
RPF check on the message. If the router finds that the remote RP address is the same as the local RP
address, it discards the SA message. In the Anycast RP application, however, you must configure RPs with
the same IP address on two or more routers in the same PIM-SM domain and configure these routers as
MSDP peers to one another. Therefore, a logic RP address (namely, the RP address on the logic interface)
that is different from the actual RP address must be designated for SA messages so that the messages can
pass the RPF check.
200 To configure the SA message content: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter public network MSDP view or VPN instance MSDP view. msdp [ vpn-instance vpn-instance-name ] N/A 3. Enable encapsulation of multicast data in SA messages. encap-data-enable Optional. Disabled by default. 4. Configure the interface address as the RP address in SA messages. originating-rp interface-type interface-number Optional. PIM RP address by default. Configuring SA request messages By default, after receiving a new join message, a ro uter does not send an SA request message to any MSDP peer. Instead, it waits for the next SA message from its MSDP peer. This will cause the receiver to delay obtaining multicast source information. To enable a new receiver to get the active multicast source information as early as possible, you can configure routers to send SA request messages to the designated MSDP peers after receiving a join message of a new receiver. IMPORTANT: Before you can enable the device to send SA requests, be sure to disable the SA message cache mechanism. To configure SA message transmission and filtering: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter public network MSDP view or VPN instance MSDP view. msdp [ vpn-instance vpn-instance-name ] N/A 3. Enable the device to send SA request messages. peer peer-address request-sa-enable Optional. Disabled by default. 4. Configure a filtering rule for SA request messages. peer peer-address sa-request-policy [ acl acl-number ] Optional. SA request messages are not filtered by default. Configuring SA message filtering rules Configuration guidelines By configuring an SA message creation rule, you can enable the router to filter the (S, G) entries to be advertised when creating an SA message, so that the propagation of messages of multicast sources is controlled. By configuring a filtering rule for receiving or forwardi ng SA messages, you can enable the router to filter the (S, G) forwarding entries to be advertised when receiving or forwarding an SA message, so that the propagation of multicast source information is co ntrolled at SA message reception or forwarding.
201
By configuring a TTL threshold for multicast data packet encapsulation in SA messages, you can control
the multicast data packet encapsulation in SA messages and limit the propagation range of SA
messages:
• Before creating an SA message with an encapsul ated multicast data packet, the router checks the
TTL value of the multicast data packet. If the TTL value is less than the threshold, the router does not
create an SA message. If the TTL value is greater than or equal to the threshold, the router
encapsulates the multicast data in an SA message and sends the SA message.
• After receiving an SA message with an encapsulat ed multicast data packet, the router decreases the
TTL value of the multicast packet by 1 and then checks the TTL value. If the TTL value is less than the
threshold, the router does not forward the SA message to the designated MSDP peer. If the TTL
value is greater than or equal to the threshold, the router re-encapsulates the multicast data in an SA
message and sends the SA message.
Configuration procedure
To configure a filtering rule for receiving or forwarding SA messages:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter public network MSDP
view or VPN instance MSDP
view. msdp
[ vpn-instance
vpn-instance-name ] N/A
3.
Configure an SA message
creation rule. import-source
[ acl acl-number ] No restrictions on (S, G) entries by
default.
4.
Configure a filtering rule for
receiving or forwarding SA
messages. peer
peer-address sa-policy
{ import | export } [ acl
acl-number ] No filtering rule by default.
5. Configure the TTL threshold
for multicast data packet
encapsulation in SA
messages. peer
peer-address minimum-ttl
ttl-value Optional.
0 by default.
Configuring the SA cache mechanism
To reduce the time spent in obtaining the multicast information, you can enable the SA cache mechanism
to cache (S, G) entries contained in SA messages locally on the router. However, caching (S, G) entries
uses memory space on the router.
When the SA cache mechanism is enabled and the router receives a new (*, G) join message, the router
searches its SA cache first.
• If the corresponding (S, G) entry does not exist in the cache, the router waits for the SA message that
its MSDP peer will send in the next cycle.
• If the corresponding (S, G) entry exists in the cache, the router joins the corresponding SPT rooted
at S.
To protect the router effectively against denial of se rvice (DoS) attacks, you can set a limit on the number
of (S, G) entries the router can cache.
To configure the SA message cache:
202
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter public network MSDP view or
VPN instance MSDP view. msdp
[ vpn-instance
vpn-instance-name ] N/A
3.
Enable the SA cache mechanism.
cache-sa-enable Optional.
Enabled by default.
4. Configure the maximum number of (S,
G) entries learned from the specified
MSDP peer that the router can cache. peer
peer-address
sa-cache-maximum sa-limit Optional.
8192 by default.
Displaying and maintaining MSDP
Step Command Remarks
1. Display brief information
about MSDP peers. display msdp
[ all-instance |
vpn-instance vpn-instance-name ]
brief [ state { connect | down |
listen | shutdown | up } ] [ |
{ begin | exclude | include }
regular-expression ] Available in any view
2.
Display detailed information
about the status of MSDP
peers. display msdp
[ all-instance |
vpn-instance vpn-instance-name ]
peer-status [ peer-address ] [ |
{ begin | exclude | include }
regular-expression ] Available in any view
3. Display the (S, G) entry
information in the SA cache. display msdp
[ all-instance |
vpn-instance vpn-instance-name ]
sa-cache [ group-address |
source-address | as-number ] * [ |
{ begin | exclude | include }
regular-expression ] Available in any view
4. Display the number of (S, G)
entries in the SA cache. display msdp
[ all-instance |
vpn-instance vpn-instance-name ]
sa-count [ as-number ] [ | { begin |
exclude | include }
regular-expression ] Available in any view
5. Reset the TCP connection with
an MSDP peer. reset msdp
[ all-instance |
vpn-instance vpn-instance-name ]
peer [ peer-address ] Available in user view
6. Clear (S, G) entries in the SA
cache. reset msdp
[ all-instance |
vpn-instance vpn-instance-name ]
sa-cache [ group-address ] Available in user view
7. Clear statistics for an MSDP
peer. reset msdp
[ all-instance |
vpn-instance vpn-instance-name ]
statistics [ peer-address ] Available in user view
203 MSDP configuration examples PIM-SM Inter-domain multicast configuration Network requirements As shown in Figure 60, AS 100 and AS 200 run OSPF within each AS, and run BGP between each other. PIM-SM 1 belongs to AS 100, and PIM-SM 2 and PIM-SM 3 belong to AS 200. Each PIM-SM domain has at least one multicast source or receiver. Loopback 0 is configured as the C-BSR and C-RP of the related PIM-SM domain on Switch B, Switch C, and Switch E, respectively. An MSDP peering relationship is set up between the RPs of the PIM-SM domains to share multicast source information among the PIM-SM domains. Figure 60 Network diagram Device Interface IP address Device Interface IP address Switch A Vlan-int103 10.110.1.2/24 Switch D Vlan-int104 10.110.4.2/24 Vlan-int100 10.110.2.1/24 Vlan-int300 10.110.5.1/24 Vlan-int200 10.110.3.1/24 Switch E Vlan-int105 10.110.6.1/24 Switch B Vlan-int103 10.110.1.1/24 Vlan-int102 192.168.3.2/24 Vlan-int101 192.168.1.1/24 Loop0 3.3.3.3/32 Loop0 1.1.1.1/32 Switch F Vlan-int105 10.110.6.2/24 Switch C Vlan-int104 10.110.4.1/24 Vlan-int400 10.110.7.1/24 Vlan-int102 192.168.3.1/24 Source 1 — 10.110.2.100/24 Vlan-int101 192.168.1.2/24 Source 2 — 10.110.5.100/24 Loop0 2.2.2.2/32 Vlan-i n t103 Vlan- i n t103 Vl an -int20 0 Vlan -int300 Vlan-i nt400
204 Configuration procedure 1. Configure IP addresses and unicast routing: Configure the IP address and subnet mask for each interface as per Figure 60. (Details not sh own.) Configure OSPF for interconnection between switches in each AS. Ensure the network-layer interoperation among each AS, and ensure the dynamic update of routing information between the switches through a unicast rout ing protocol. (Details not shown.) 2. Enable IP multicast routing, enabl e PIM-SM on each interface, and configure a PIM-SM domain border: # Enable IP multicast routing on Switch A, enable PIM-SM on each interface, and enable IGMP on the host-side interface VLAN-interface 200. system-view [SwitchA] multicast routing-enable [SwitchA] interface vlan-interface 103 [SwitchA-Vlan-interface103] pim sm [SwitchA-Vlan-interface103] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] pim sm [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 200 [SwitchA-Vlan-interface200] igmp enable [SwitchA-Vlan-interface200] pim sm [SwitchA-Vlan-interface200] quit The configuration on Switch B, Switch C, Switch D, Switch E, and Switch F is similar to the configuration on Switch A. # Configure a PIM domain border on Switch B. [SwitchB] interface vlan-interface 101 [SwitchB-Vlan-interface101] pim bsr-boundary [SwitchB-Vlan-interface101] quit The configuration on Switch C and Switch E is similar to the configuration on Switch B. 3. Configure C-BSRs and C-RPs: # Configure Loopback 0 as a C-BSR and a C-RP on Switch B. [SwitchB] pim [SwitchB-pim] c-bsr loopback 0 [SwitchB-pim] c-rp loopback 0 [SwitchB-pim] quit The configuration on Switch C and Switch E is similar to the configuration on Switch B. 4. Configure BGP for mutual route redi stribution between BGP and OSPF: # Configure an EBGP peer, and redistri bute OSPF routes on Switch B. [SwitchB] bgp 100 [SwitchB-bgp] router-id 1.1.1.1 [SwitchB-bgp] peer 192.168.1.2 as-number 200 [SwitchB-bgp] import-route ospf 1 [SwitchB-bgp] quit # Configure an EBGP peer, and redistribute OSPF routes on Switch C. [SwitchC] bgp 200