HP 5500 Ei 5500 Si Switch Series Configuration Guide
Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 577
95
# Enable dynamic domain name resolution.
system-view
[Sysname] dns resolve
# Specify the DNS server 2.1.1.2.
[Sysname] dns server 2.1.1.2
# Configure com as the name suffix.
[Sysname] dns domain com
Verifying the configuration
# Use the ping host command on the device to verify that the communication between the device and the
host is normal and that the corresponding destination IP address is 3.1.1.1.
[Sysname] ping host
Trying DNS resolve, press CTRL_C to break
Trying DNS server...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-576.png "Page 577
95
# Enable dynamic domain name resolution.
system-view
[Sysname] dns resolve
# Specify the DNS server 2.1.1.2.
[Sysname] dns server 2.1.1.2
# Configure com as the name suffix.
[Sysname] dns domain com
Verifying the configuration
# Use the ping host command on the device to verify that the communication between the device and the
host is normal and that the corresponding destination IP address is 3.1.1.1.
[Sysname] ping host
Trying DNS resolve, press CTRL_C to break
Trying DNS server...")
![Page 583
101
Figure 48 Network diagram
Configuration procedure
1. Configure Switch A:
# Specify the IP address fo r VLAN-interface 100.
system-view
[SwitchA] interface Vlan-interface 100
[SwitchA-Vlan-interface100] ip address 10.154.5.1 24
# Enable IRDP on VLAN-interface 100.
[SwitchA-Vlan-interface100] ip irdp
# Specify preference 1000 for the IP address of VLAN-interface 100.
[SwitchA-Vlan-interface100] ip irdp preference 1000
# Configure the multicast address 224.0.0.1 as the destination IP...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-582.png "Page 583
101
Figure 48 Network diagram
Configuration procedure
1. Configure Switch A:
# Specify the IP address fo r VLAN-interface 100.
system-view
[SwitchA] interface Vlan-interface 100
[SwitchA-Vlan-interface100] ip address 10.154.5.1 24
# Enable IRDP on VLAN-interface 100.
[SwitchA-Vlan-interface100] ip irdp
# Specify preference 1000 for the IP address of VLAN-interface 100.
[SwitchA-Vlan-interface100] ip irdp preference 1000
# Configure the multicast address 224.0.0.1 as the destination IP...")
![Page 584
102
Verifying the configuration
After enabling IRDP on Host A and Host B, display the routing table for the hosts (Host A for example).
[HostA@localhost ~]$ netstat -rne
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use \
Iface
10.154.5.0 0.0.0.0 255.255.255.0 U 0 0 0 \
eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 \
eth1
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-583.png "Page 584
102
Verifying the configuration
After enabling IRDP on Host A and Host B, display the routing table for the hosts (Host A for example).
[HostA@localhost ~]$ netstat -rne
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use \
Iface
10.154.5.0 0.0.0.0 255.255.255.0 U 0 0 0 \
eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 \
eth1
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0...")
![Page 586
104
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type interface-number N/A
3. Enable the interface to forward
directed broadcasts. ip forward-broadcast
[ acl acl-number ] Disabled by default
Configuration example
Network requirements
As shown in Figure 49 , the host’s interface and VLAN-interface 3 of the switch are on the same network
s e g m e n t ( 1.1.1. 0 / 2 4 ) . V L A N - i n t e r f a c e 2 o f S w i t c h...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-585.png "Page 586
104
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type interface-number N/A
3. Enable the interface to forward
directed broadcasts. ip forward-broadcast
[ acl acl-number ] Disabled by default
Configuration example
Network requirements
As shown in Figure 49 , the host’s interface and VLAN-interface 3 of the switch are on the same network
s e g m e n t ( 1.1.1. 0 / 2 4 ) . V L A N - i n t e r f a c e 2 o f S w i t c h...")
99 Concepts Preference of an IP address Every IP address advertised in RAs has a preference value. The IP address with the highest preference is selected as the default router address. You can configure the preference for IP addresses advertised on a router interface. The bigger the preference value, the higher the preference. The minimum preference value (-2147483648) is used to indicate that the address, even though it may be advertised, is not to be used by neighboring hosts as a default router address. Lifetime of an IP address An RA contains a lifetime field that specifies the lifetime of advertised IP addresses. If no new RA for an IP address is received within the lifetime of the IP address, the host removes the corresponding route information. All the IP addresses advertised by an interface have the same lifetime. Advertising interval A router interface with IRDP enabled sends out RAs at a random interval between the minimum advertising interval and the maximum advertising interval. This mechanism prevents the local link from being overloaded by a large number of RAs sent simultaneously from routers. HP recommends shortening the advertising interval on a link that suffers high packet loss rates. Destination address of RAs An RA uses either of the two destination IP addresses: • broadcast address 255.255.255.255. • Multicast address 224.0.0.1, which identifi es all the hosts on the local subnet. By default, the destination IP address of an RA is the broadcast address. If the interface that sends RAs supports multicast, configure 224.0.0.1 as the destination IP address. Proxy-advertised IP addresses By default, an interface advertises its primary IP address and manually configured secondary IP addresses. You can configure other IP addresses for an interface to proxy-advertise. Protocols and standards RFC 1256, ICMP Router Discovery Messages Configuration procedure IRDP configuration takes effect only when IRDP is enabled. To configure IRDP: Step Command Remarks 1. Enter system view. system-view N/A
100 Step Command Remarks 2. Enter interface view. interface interface-type interface-number The interface can be a Layer 3 Ethernet port or VLAN interface. 3. Enable IRDP on the interface. ip irdp Disabled by default. 4. Configure the preference of advertised IP addresses. ip irdp preference preference-value Optional. The preference defaults to 0. The specified preference applies to all advertised IP addresses, including the primary IP address and the manually configured secondary IP addresses of the interface. 5. Set the lifetime of advertised IP addresses. ip irdp lifetime life-number Optional. 1800 seconds by default. The specified lifetime applies to all advertised IP addresses, including the IP address of the interface and proxy-advertised IP addresses on the interface. 6. Set the minimum advertising interval. ip irdp minadvinterval min-value Optional. 450 seconds by default. 7. Set the maximum advertising interval. ip irdp maxadvinterval max-value Optional. 600 seconds by default. 8. Configure the multicast address (224.0.0.1) as the destination IP address of RAs. ip irdp multicast Optional. By default, RAs use the broadcast address 255.255.255.255 as the destination IP address. 9. Specify a proxy-advertised IP address and its preference. ip irdp address ip-address preference Optional. IRDP configuration example Network requirements Host A and Host B that run Linux operating systems re side in the internal network of a company. Switch A and Switch B serve as the egress routers and connect to external networks 192.168.1.0/24 and 192.168 . 2.0 / 24 re s p e ct ive ly. Configure Switch A as the default gateway of the hosts. The packets to the external networks can be properly routed.
101 Figure 48 Network diagram Configuration procedure 1. Configure Switch A: # Specify the IP address fo r VLAN-interface 100. system-view [SwitchA] interface Vlan-interface 100 [SwitchA-Vlan-interface100] ip address 10.154.5.1 24 # Enable IRDP on VLAN-interface 100. [SwitchA-Vlan-interface100] ip irdp # Specify preference 1000 for the IP address of VLAN-interface 100. [SwitchA-Vlan-interface100] ip irdp preference 1000 # Configure the multicast address 224.0.0.1 as the destination IP address for RAs sent by VLAN-interface 100. [SwitchA-Vlan-interface100] ip irdp multicast # Specify the IP address 192.168.1.0 and pr eference 400 for VLAN-interface 100 to proxy-advertise. [SwitchA-Vlan-interface100] ip irdp address 192.168.1.0 400 2. Configure Switch B: # Specify the IP address of VLAN-interface 100. system-view [SwitchB] interface Vlan-interface 100 [SwitchB-Vlan-interface100] ip address 10.154.5.2 24 # Enable IRDP on VLAN-interface 100. [SwitchB-Vlan-interface100] ip irdp # Specify preference 5 00 for the IP address of VLAN-interface 100. [SwitchB-Vlan-interface100] ip irdp preference 500 # Configure the multicast address 224.0.0.1 as the destination IP address for RAs sent by VLAN-interface 100. [SwitchB-Vlan-interface100] ip irdp multicast # Specify the IP address 192.168.2.0 and pr eference 400 for VLAN-interface 100 to proxy-advertise. [SwitchB-Vlan-interface100] ip irdp address 192.168.2.0 400
102 Verifying the configuration After enabling IRDP on Host A and Host B, display the routing table for the hosts (Host A for example). [HostA@localhost ~]$ netstat -rne Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use \ Iface 10.154.5.0 0.0.0.0 255.255.255.0 U 0 0 0 \ eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 \ eth1 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 \ eth1 0.0.0.0 10.154.5.1 0.0.0.0 UG 0 0 0\ eth1 The output shows that the default route on Host A points to IP address 10.154.5.1, and Host A has routes t o 192.168 .1.0 / 24 a n d 192.168 . 2.0 / 24 .
103 Configuring IP performance optimization O n ly t h e H P 550 0 E I swi tch s e rie s s u p p o r ts c o n fig u ri ng I P p e r fo rm a n c e o p t i m iza t io n o n Laye r 3 E t h e rn e t interfaces. The term interface in this chapter refers to Layer 3 interfaces, including VLAN interfaces and route-mode (or Layer 3) Ethernet ports. You can set an Ethernet port to operate in route mode by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide). Enabling receiving and forwarding of directed broadcasts to a directly connected network Directed broadcast packets are broadcast on a specific network. In the destination IP address of a directed broadcast, the network ID identifies the target network, and the host ID is made up of all ones. If a device is allowed to forward directed broadc asts to a directly connected network, hackers may mount attacks to the network. However, you can enable the feature by using the UDP Helper function to convert broadcasts to unicasts and forward them to a specified server. Enabling receiving of directed broadcasts to a directly connected network If the switch is enabled to receive directed broadc asts, the switch determines whether to forward them according to the configuration on the outgoing interface. To enable the device to receive directed broadcasts: Step Command 1. Enter system view. system-view 2. Enable the device to receive directed broadcasts. ip forward-broadcast Enabling forwarding of directed broadcasts to a directly connected network Follow these guidelines when you enable the device to forward directed broadcasts: • If an ACL is referenced in the ip forward-broadcast command, only packets permitted by the ACL can be forwarded. • If you repeatedly execute the ip forward-broadcast command on an interface, only the last command takes effect. If the command executed last does not include acl acl-number , the ACL configured previously is removed. To enable the device to forward directed broadcasts:
104 Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Enable the interface to forward directed broadcasts. ip forward-broadcast [ acl acl-number ] Disabled by default Configuration example Network requirements As shown in Figure 49 , the host’s interface and VLAN-interface 3 of the switch are on the same network s e g m e n t ( 1.1.1. 0 / 2 4 ) . V L A N - i n t e r f a c e 2 o f S w i t c h and the server are on another network segment (2.2.2.0/24). The default gateway of the host is VLAN-interface 3 (IP address 1.1.1.2/24) of Switch. Configure the switch so that the server can receive directed broadcasts from the host to IP address 2. 2. 2. 255. Figure 49 Network diagram Configuration procedure # Enable the switch to receive directed broadcasts. system-view [Switch] ip forward-broadcast # Configure IP addresses for VLAN-interface 3 and VLAN-interface 2. [Switch] interface vlan-interface 3 [Switch-Vlan-interface3] ip address 1.1.1.2 24 [Switch-Vlan-interface3] quit [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 2.2.2.2 24 # Enable VLAN-interface 2 to forward directed broadcasts. [Switch-Vlan-interface2] ip forward-broadcast Configuring TCP attributes Configuring TCP path MTU discovery IMPORTANT: All the devices on the TCP path must be enabled to send ICMP error messages by using the ip unreachables enable command. TCP path MTU discovery (in RFC 1 191) discovers the path MTU between the source and destination ends of a TCP connection. It works as follows:
105 1. A TCP source device sends a packet with the Don’t Fragment (DF) bit set. 2. A router that fails to forward the packet becaus e it exceeds the MTU on the outgoing interface discards the packet and returns an ICMP error message, which contains the MTU of the outgoing interface. 3. Upon receiving the ICMP message, the TCP source device calculates the current path MTU of the TCP connection. 4. The TCP source device sends subsequent TCP segm ents that each are smaller than the MSS (MSS =path MTU –IP header length –TCP header length). If the TCP source device still receives ICMP error me ssages when the MSS is smaller than 32 bytes, the TCP source device will fragment packets. An ICMP error message received from a router that does not support RFC 1 191 has the MTU of the outgoing interface set to 0. Upon receiving the IC MP message, the TCP source device selects the path MTU smaller than the current path MTU from the MTU table as described in RFC 1 191 t o c a l c u l a t e t h e T C P MSS. The MTU table contains MTUs of 68, 296, 508, 1006, 1280, 1492, 2002, 4352, 8166, 17914, 32000, and 65535 bytes. Because the minimum TCP MSS specified by the system is 32 bytes, the actual minimum MTU is 72 bytes. After you enable TCP path MTU discovery, all new TCP connections will detect the path MTU. The device uses the path MTU to calculate the MSS to avoid IP fragmentation. The path MTU uses an aging mechanism to make sure that the source device can increase the path MTU when the minimum link MTU on the path increases. • When the TCP source device receives an ICMP error message, it reduces the path MTU and starts an age timer for the path MTU. • After the age timer expires, the source device uses a larger MSS in the MTU table as described in RFC 1 191. • If no ICMP error message is received within two minutes, the source device increases the MSS again until the MSS is as large as the MSS negotiated during TCP three-way handshake. To enable TCP path MTU discovery: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable TCP path MTU discovery. tcp path-mtu-discovery [ aging minutes | no-aging ] Optional. Disabled by default. Configuring the TCP send/receive buffer size Step Command Remarks 1. Enter system view. system-view N/A 2. Configure the size of TCP send/receive buffer. tcp window window-size Optional. 8 KB by default. Configuring TCP timers You can configure the following TCP timers:
106
• synwait timer —When sending a SYN packet, TCP starts the synwait timer. If no response packet is
received within the synwait timer interval, the TCP connection cannot be created.
• finwait timer —When a TCP connection is changed into FIN_WAIT_2 state, the finwait timer is
started. If no FIN packet is received within the ti mer interval, the TCP connection is terminated. If a
FIN packet is received, the TCP connection state changes to TIME_WAIT. If a non-FIN packet is
received, the system restarts the timer upon rece iving the last non-FIN packet. The connection is
broken after the timer expires.
The actual length of the finwait timer is determined by the following formula:
Actual length of the finwait timer = (Configured length of the finwait timer – 75) + configured
length of the synwait timer
To c o n fig u re TC P t i m e rs :
Step Command Remarks
1. Enter system view.
system-view N/A
2. Configure the TCP synwait timer. tcp timer syn-timeout time-value Optional.
75 seconds by default.
3.
Configure the TCP finwait timer. tcp timer fin-timeout time-value Optional.
675 seconds by default.
Configuring ICMP to send error packets
Sending error packets is a major function of ICMP. In
case of network abnormalities, error packets are
usually sent by the network or transport layer protocols to notify corresponding devices so as to facilitate
control and management.
Advantages of sending ICMP error packets
ICMP error packets include the following types:
• ICMP redirect packets
A host may have only a default route to the default gateway in its routing table after startup. If the
following conditions are satisfied, the default gateway will send ICMP redirect packets to the
source host, telling it to re select a correct next hop to send the subsequent packets:
{ The receiving and forwarding interfaces are the same.
{ The selected route has not been created or modified by an ICMP redirect packet.
{ The selected route is not the default route of the device.
{ There is no source route option in the packet.
The ICMP redirect packets function simplifies ho st administration and enables a host to gradually
establish a sound routing table to find the best route.
• ICMP timeout packets
If the device receives an IP pac ket with a timeout error, it drops the packet and sends an ICMP
timeout packet to the source.
The device sends an ICMP timeout pac ket under the following conditions:
107
{ If the device finds that the destination of a packet is not itself and the TTL field of the packet is
1, it will send a TTL timeout ICMP error message.
{ When the device receives the first fragment of an IP datagram whose destination is the device
itself, it starts a timer. If the timer times out be fore all the fragments of the datagram are received,
the device will send a reassembly timeout ICMP error packet.
• ICMP destination unreachable packets
If the device receives an IP pac ket with the destination unreachable, it will drop the packet and
send an ICMP destination unreac hable error packet to the source.
Conditions for sending an ICMP destination unreachable packet:
{ If neither a route nor the default route for forwarding a packet is available, the device will send
a network unreachable ICMP error packet.
{ If the destination of a packet is local but the transport layer protocol of the packet is not
supported by the local device, the device sends a protocol unreachable ICMP error packet to
the source.
{ When receiving a packet with the destination being local and transport layer protocol being
UDP, if the packet’s port number does not match the running process, the device will send the
source a port unreachable ICMP error packet.
{ If the source uses strict source routing to send packets, but the intermediate device finds that
the next hop specified by the source is not directly connected, the device will send the source
a source routing failure ICMP error packet.
{ When forwarding a packet, if the MTU of the sending interface is smaller than the packet, but
the packet has been set as Don’t Fragment, the device will send the source a fragmentation
needed and Don’t Fragment (DF) -set ICMP error packet.
Disadvantages of sending ICMP error packets
Sending ICMP error packets facilitates network control and management, but it has the following
disadvantages:
• Increases network traffic.
• A device’s performance degrades if it receives a lot of malicious packets that cause it to respond
with ICMP error packets.
• A host’s performance degrades if the redirection fu nction increases the size of its routing table.
• End users are affected because of receiving ICMP destination unreachable packets caused by
malicious users.
To prevent such problems, disable the device from sending ICMP error packets.
Configuration procedure
The device stops sending TTL ti meout ICMP error packets after sending ICMP timeout packets is
disabled. However, reassembly timeout error packets will be sent normally.
To enable sending of ICMP error packets:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enable sending of ICMP redirect packets. ip redirects enable Disabled by default
108
Step Command Remarks
3. Enable sending of ICMP timeout packets. ip ttl-expires enable Disabled by default
4. Enable sending of ICMP destination
unreachable packets. ip unreachables enable
Disabled by default
Displaying and maintaining IP performance
optimization
Task Command Remarks
Display TCP connection statistics. display tcp statistics
[ | { begin | exclude |
include } regular-expression ] Available in any view
Display UDP statistics. display udp statistics
[ | { begin | exclude |
include } regular-expression ] Available in any view
Display statistics of IP packets. display ip statistics
[ slot slot-number ] [ | { begin
| exclude | include } regular-expression ] Available in any view
Display ICMP statistics. display icmp statistics
[ slot slot-number ] [ |
{ begin | exclude | include } regular-expression ]
regular-expression ] Available in any view
Display socket information. display ip socket [
socktype sock-type ] [ task-id
socket-id ] [ slot slot-number ] [ | { begin |
exclude | include } regular-expression ] Available in any view
Display FIB information. display
fib [ vpn-instance vpn-instance-name ]
[ acl acl-number | ip-prefix ip-prefix-name ] [ |
{ begin | include | exclude } regular-expression ] Available in any view
Only HP 5500 EI
Switch Series supports
the
vpn-instance
vpn-instance-name
option
Display FIB information matching
the specified destination IP
address. display
fib [ vpn-instance vpn-instance-name ]
ip-address [ mask | mask-length ] [ | { begin |
exclude | include } regular-expression ] Available in any view
Only HP 5500 EI
Switch Series supports
the
vpn-instance
vpn-instance-name
option
Clear statistics of IP packets. reset ip statistics [ slot slot-number ] Available in user view
Clear statistics of TCP
connections. reset tcp
statistics Available in user view
Clear statistics of UDP traffic.
reset udp statistics Available in user view