HP 5500 Ei 5500 Si Switch Series Configuration Guide
Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 956
267
To configure RIPng timers:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter RIPng view.
ripng [ process-id ] N/A
3. Configure RIPng
timers. timers
{ garbage-collect
garbage-collect-value | suppress
suppress-value | timeout
timeout-value | update
update-value } * Optional.
The RIPng timers have the following defaults: •
30 seconds for the update timer
• 180 seconds for the timeout timer
• 120 seconds for the suppress timer
• 120 seconds for the...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-955.png "Page 956
267
To configure RIPng timers:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter RIPng view.
ripng [ process-id ] N/A
3. Configure RIPng
timers. timers
{ garbage-collect
garbage-collect-value | suppress
suppress-value | timeout
timeout-value | update
update-value } * Optional.
The RIPng timers have the following defaults: •
30 seconds for the update timer
• 180 seconds for the timeout timer
• 120 seconds for the suppress timer
• 120 seconds for the...")
![Page 958
269
Configuration guidelines
An IPsec policy used for RIPng can only be in manual mode. For more information, see Security
Configuration Guide .
Configuration procedure
To apply an IPsec policy in a process:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter RIPng view.
ripng [ process-id ] N/A
3. Apply an IPsec policy in the
process. enable ipsec-policy
policy-name Not configured by default.
To apply an IPsec policy on an interface:
Step Command Remarks
1....](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-957.png "Page 958
269
Configuration guidelines
An IPsec policy used for RIPng can only be in manual mode. For more information, see Security
Configuration Guide .
Configuration procedure
To apply an IPsec policy in a process:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter RIPng view.
ripng [ process-id ] N/A
3. Apply an IPsec policy in the
process. enable ipsec-policy
policy-name Not configured by default.
To apply an IPsec policy on an interface:
Step Command Remarks
1....")
![Page 960
271
[SwitchC] interface vlan-interface 500
[SwitchC-Vlan-interface500] ripng 1 enable
[SwitchC-Vlan-interface500] quit
[SwitchC] interface vlan-interface 600
[SwitchC-Vlan-interface600] ripng 1 enable
[SwitchC-Vlan-interface600] quit
# Display the routing table of Switch B.
[SwitchB] display ripng 1 route
Route Flags: A - Aging, S - Suppressed, G - Garbage-collect
----------------------------------------------------------------
Peer FE80::20F:E2FF:FE23:82F5 on Vlan-interface100
Dest...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-959.png "Page 960
271
[SwitchC] interface vlan-interface 500
[SwitchC-Vlan-interface500] ripng 1 enable
[SwitchC-Vlan-interface500] quit
[SwitchC] interface vlan-interface 600
[SwitchC-Vlan-interface600] ripng 1 enable
[SwitchC-Vlan-interface600] quit
# Display the routing table of Switch B.
[SwitchB] display ripng 1 route
Route Flags: A - Aging, S - Suppressed, G - Garbage-collect
----------------------------------------------------------------
Peer FE80::20F:E2FF:FE23:82F5 on Vlan-interface100
Dest...")
![Page 962
273
[SwitchA] ripng 100
[SwitchA-ripng-100] quit
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] ripng 100 enable
[SwitchA-Vlan-interface100] quit
[SwitchA] interface vlan-interface 200
[SwitchA-Vlan-interface200] ripng 100 enable
[SwitchA-Vlan-interface200] quit
# Enable RIP 100 and RIP 200 on Switch B.
system-view
[SwitchB] ripng 100
[SwitchB-ripng-100] quit
[SwitchB] interface vlan-interface 100
[SwitchB-Vlan-interface100] ripng 100 enable...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-961.png "Page 962
273
[SwitchA] ripng 100
[SwitchA-ripng-100] quit
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] ripng 100 enable
[SwitchA-Vlan-interface100] quit
[SwitchA] interface vlan-interface 200
[SwitchA-Vlan-interface200] ripng 100 enable
[SwitchA-Vlan-interface200] quit
# Enable RIP 100 and RIP 200 on Switch B.
system-view
[SwitchB] ripng 100
[SwitchB-ripng-100] quit
[SwitchB] interface vlan-interface 100
[SwitchB-Vlan-interface100] ripng 100 enable...")
![Page 963
274
Interface : Vlan200 Cost : 0
Destination: 2::1/128 Protocol : Dir\
ect
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: FE80::/10 Protocol : Dir\
ect
NextHop : :: Preference: 0
Interface : NULL0...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-962.png "Page 963
274
Interface : Vlan200 Cost : 0
Destination: 2::1/128 Protocol : Dir\
ect
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: FE80::/10 Protocol : Dir\
ect
NextHop : :: Preference: 0
Interface : NULL0...")
![Page 964
275
NextHop : :: Preference: 0
Interface : NULL0 Cost : 0d \
Configuring RIPng IPsec policies
Network requirements
In the following figure, configure RIPng on the switches, and configure IPsec policies on the switches to
authenticate and encrypt protocol packets.
Figure 105 Network diagram
Configuration procedure
1. Configure IPv6 addresses for inte rfaces. (Details not shown.)
2. Configure RIPng basic...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-963.png "Page 964
275
NextHop : :: Preference: 0
Interface : NULL0 Cost : 0d \
Configuring RIPng IPsec policies
Network requirements
In the following figure, configure RIPng on the switches, and configure IPsec policies on the switches to
authenticate and encrypt protocol packets.
Figure 105 Network diagram
Configuration procedure
1. Configure IPv6 addresses for inte rfaces. (Details not shown.)
2. Configure RIPng basic...")
![Page 965
276
reference IPsec proposal tran1, set the SPIs of the inbound and outbound SAs to 12345, and the
keys for the inbound and outbound SAs using ESP to abcdefg.
[SwitchA] ipsec proposal tran1
[SwitchA-ipsec-proposal-tran1] encapsulation-mode transport
[SwitchA-ipsec-proposal-tran1] transform esp
[SwitchA-ipsec-proposal-tran1] esp encryption-algorithm des
[SwitchA-ipsec-proposal-tran1] esp authentication-algorithm sha1
[SwitchA-ipsec-proposal-tran1] quit
[SwitchA] ipsec policy policy001 10 manual...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-964.png "Page 965
276
reference IPsec proposal tran1, set the SPIs of the inbound and outbound SAs to 12345, and the
keys for the inbound and outbound SAs using ESP to abcdefg.
[SwitchA] ipsec proposal tran1
[SwitchA-ipsec-proposal-tran1] encapsulation-mode transport
[SwitchA-ipsec-proposal-tran1] transform esp
[SwitchA-ipsec-proposal-tran1] esp encryption-algorithm des
[SwitchA-ipsec-proposal-tran1] esp authentication-algorithm sha1
[SwitchA-ipsec-proposal-tran1] quit
[SwitchA] ipsec policy policy001 10 manual...")
![Page 966
277
[SwitchC-ipsec-policy-manual-policy001-10] sa string-key outbound esp ab\
cdefg
[SwitchC-ipsec-policy-manual-policy001-10] sa string-key inbound esp abc\
defg
[SwitchC-ipsec-policy-manual-policy001-10] quit
4. Apply the IPsec policies in the RIPng process:
# Configure Switch A.
[SwitchA] ripng 1
[SwitchA-ripng-1] enable ipsec-policy policy001
[SwitchA-ripng-1] quit
# Configure Switch B.
[SwitchB] ripng 1
[SwitchB-ripng-1] enable ipsec-policy policy001
[SwitchB-ripng-1] quit
# Configure...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-965.png "Page 966
277
[SwitchC-ipsec-policy-manual-policy001-10] sa string-key outbound esp ab\
cdefg
[SwitchC-ipsec-policy-manual-policy001-10] sa string-key inbound esp abc\
defg
[SwitchC-ipsec-policy-manual-policy001-10] quit
4. Apply the IPsec policies in the RIPng process:
# Configure Switch A.
[SwitchA] ripng 1
[SwitchA-ripng-1] enable ipsec-policy policy001
[SwitchA-ripng-1] quit
# Configure Switch B.
[SwitchB] ripng 1
[SwitchB-ripng-1] enable ipsec-policy policy001
[SwitchB-ripng-1] quit
# Configure...")
272
Route Flags: A - Aging, S - Suppressed, G - Garbage-collect
----------------------------------------------------------------
Peer FE80::20F:E2FF:FE23:82F5 on Vlan-interface100
Dest 1::/64,
via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 2 Sec
Dest 2::/64,
via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 2 Sec
Peer FE80::20F:E2FF:FE00:100 on Vlan-interface200
Dest 4::/64,
via FE80::20F:E2FF:FE00:100, cost 1, tag 0, A, 5 Sec
Dest 5::/64,
via FE80::20F:E2FF:FE00:100, cost 1, tag 0, A, 5 Sec
[SwitchA] display ripng 1 route
Route Flags: A - Aging, S - Suppressed, G - Garbage-collect
----------------------------------------------------------------
Peer FE80::20F:E2FF:FE00:1235 on Vlan-interface100
Dest 1::/64,
via FE80::20F:E2FF:FE00:1235, cost 1, tag 0, A, 2 Sec
Dest 4::/64,
via FE80::20F:E2FF:FE00:1235, cost 2, tag 0, A, 2 Sec
Dest 5::/64,
via FE80::20F:E2FF:FE00:1235, cost 2, tag 0, A, 2 Sec
Configuring RIPng route redistribution
Network requirements
Two RIPng processes are running on Switch B, which communicates with Switch A through RIPng 100
and with Switch C through RIPng 200.
Configure route redistribution on Switch B, letting the two RIPng processes redistribute routes from each
other. Set the default cost of redistributed routes from RIPng 200 to 3.
Figure 104 Network diagram
Configuration procedure
1. Configure IPv6 addresses for the in terfaces. (Details not shown.)
2. Configure RIPng basic functions:
# Enable RIPng 100 on Switch A.
system-view
273
[SwitchA] ripng 100
[SwitchA-ripng-100] quit
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] ripng 100 enable
[SwitchA-Vlan-interface100] quit
[SwitchA] interface vlan-interface 200
[SwitchA-Vlan-interface200] ripng 100 enable
[SwitchA-Vlan-interface200] quit
# Enable RIP 100 and RIP 200 on Switch B.
system-view
[SwitchB] ripng 100
[SwitchB-ripng-100] quit
[SwitchB] interface vlan-interface 100
[SwitchB-Vlan-interface100] ripng 100 enable
[SwitchB-Vlan-interface100] quit
[SwitchB] ripng 200
[SwitchB-ripng-200] quit
[SwitchB] interface vlan-interface 300
[SwitchB-Vlan-interface300] ripng 200 enable
[SwitchB-Vlan-interface300] quit
# Enable RIPng 200 on Switch C.
system-view
[SwitchC] ripng 200
[SwitchC] interface vlan-interface 300
[SwitchC-Vlan-interface300] ripng 200 enable
[SwitchC-Vlan-interface300] quit
[SwitchC] interface vlan-interface 400
[SwitchC-Vlan-interface400] ripng 200 enable
[SwitchC-Vlan-interface400] quit
# Display the routing table of Switch A.
[SwitchA] display ipv6 routing-table
Routing Table :
Destinations : 6 Routes : 6
Destination: ::1/128 Protocol : Dir\
ect
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 1::/64 Protocol : Dir\
ect
NextHop : 1::1 Preference: 0
Interface : Vlan100 Cost : 0
Destination: 1::1/128 Protocol : Dir\
ect
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 2::/64 Protocol : Dir\
ect
NextHop : 2::1 Preference: 0
274
Interface : Vlan200 Cost : 0
Destination: 2::1/128 Protocol : Dir\
ect
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: FE80::/10 Protocol : Dir\
ect
NextHop : :: Preference: 0
Interface : NULL0 Cost : 0
3. Configure RIPng route redistribution:
# Configure route redistribution between the two RIPng processes on Switch B.
[SwitchB] ripng 100
[SwitchB-ripng-100] default cost 3
[SwitchB-ripng-100] import-route ripng 200
[SwitchB-ripng-100] quit
[SwitchB] ripng 200
[SwitchB-ripng-200] import-route ripng 100
[SwitchB-ripng-200] quit
# Display the routing table of Switch A.
[SwitchA] display ipv6 routing-table
Routing Table :
Destinations : 7 Routes : 7
Destination: ::1/128 Protocol : Dir\
ect
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 1::/64 Protocol : Dir\
ect
NextHop : 1::1 Preference: 0
Interface : Vlan100 Cost : 0
Destination: 1::1/128 Protocol : Dir\
ect
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 2::/64 Protocol : Dir\
ect
NextHop : 2::1 Preference: 0
Interface : Vlan200 Cost : 0
Destination: 2::1/128 Protocol : Dir\
ect
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 4::/64 Protocol : RIP\
ng
NextHop : FE80::200:BFF:FE01:1C02 Preference: 100\
Interface : Vlan100 Cost : 4
Destination: FE80::/10 Protocol : Dir\
ect
275 NextHop : :: Preference: 0 Interface : NULL0 Cost : 0d \ Configuring RIPng IPsec policies Network requirements In the following figure, configure RIPng on the switches, and configure IPsec policies on the switches to authenticate and encrypt protocol packets. Figure 105 Network diagram Configuration procedure 1. Configure IPv6 addresses for inte rfaces. (Details not shown.) 2. Configure RIPng basic functions: # Configure Switch A. system-view [SwitchA] ripng 1 [SwitchA-ripng-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ripng 1 enable [SwitchA-Vlan-interface100] quit # Configure Switch B. system-view [SwitchB] ripng 1 [SwitchB-ripng-1] quit [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface200] ripng 1 enable [SwitchB-Vlan-interface200] quit [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ripng 1 enable [SwitchB-Vlan-interface100] quit # Configure Switch C. system-view [SwitchC] ripng 1 [SwitchC-ripng-1] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] ripng 1 enable [SwitchC-Vlan-interface200] quit 3. Configure RIPng IPsec policies: # On Switch A, create an IPsec proposal named tran1, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1; create an IPsec policy named policy001, specify the manual mode for it,
276 reference IPsec proposal tran1, set the SPIs of the inbound and outbound SAs to 12345, and the keys for the inbound and outbound SAs using ESP to abcdefg. [SwitchA] ipsec proposal tran1 [SwitchA-ipsec-proposal-tran1] encapsulation-mode transport [SwitchA-ipsec-proposal-tran1] transform esp [SwitchA-ipsec-proposal-tran1] esp encryption-algorithm des [SwitchA-ipsec-proposal-tran1] esp authentication-algorithm sha1 [SwitchA-ipsec-proposal-tran1] quit [SwitchA] ipsec policy policy001 10 manual [SwitchA-ipsec-policy-manual-policy001-10] proposal tran1 [SwitchA-ipsec-policy-manual-policy001-10] sa spi outbound esp 12345 [SwitchA-ipsec-policy-manual-policy001-10] sa spi inbound esp 12345 [SwitchA-ipsec-policy-manual-policy001-10] sa string-key outbound esp ab\ cdefg [SwitchA-ipsec-policy-manual-policy001-10] sa string-key inbound esp abc\ defg [SwitchA-ipsec-policy-manual-policy001-10] quit # On Switch B, create an IPsec proposal named tran1, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1; create an IPsec policy named policy001, specify the manual mode for it, reference IPsec proposal tran1, set the SPIs of the inbound and outbound SAs to 12345, and the keys for the inbound and outbound SAs using ESP to abcdefg. [SwitchB] ipsec proposal tran1 [SwitchB-ipsec-proposal-tran1] encapsulation-mode transport [SwitchB-ipsec-proposal-tran1] transform esp [SwitchB-ipsec-proposal-tran1] esp encryption-algorithm des [SwitchB-ipsec-proposal-tran1] esp authentication-algorithm sha1 [SwitchB-ipsec-proposal-tran1] quit [SwitchB] ipsec policy policy001 10 manual [SwitchB-ipsec-policy-manual-policy001-10] proposal tran1 [SwitchB-ipsec-policy-manual-policy001-10] sa spi outbound esp 12345 [SwitchB-ipsec-policy-manual-policy001-10] sa spi inbound esp 12345 [SwitchB-ipsec-policy-manual-policy001-10] sa string-key outbound esp ab\ cdefg [SwitchB-ipsec-policy-manual-policy001-10] sa string-key inbound esp abc\ defg [SwitchB-ipsec-policy-manual-policy001-10] quit # On Switch C, create an IPsec proposal named tran1, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1; create an IPsec policy named policy001, specify the manual mode for it, reference IPsec proposal tran1, set the SPIs of the inbound and outbound SAs to 12345, and the keys for the inbound and outbound SAs using ESP to abcdefg. [SwitchC] ipsec proposal tran1 [SwitchC-ipsec-proposal-tran1] encapsulation-mode transport [SwitchC-ipsec-proposal-tran1] transform esp [SwitchC-ipsec-proposal-tran1] esp encryption-algorithm des [SwitchC-ipsec-proposal-tran1] esp authentication-algorithm sha1 [SwitchC-ipsec-proposal-tran1] quit [SwitchC] ipsec policy policy001 10 manual [SwitchC-ipsec-policy-manual-policy001-10] proposal tran1 [SwitchC-ipsec-policy-manual-policy001-10] sa spi outbound esp 12345 [SwitchC-ipsec-policy-manual-policy001-10] sa spi inbound esp 12345
277 [SwitchC-ipsec-policy-manual-policy001-10] sa string-key outbound esp ab\ cdefg [SwitchC-ipsec-policy-manual-policy001-10] sa string-key inbound esp abc\ defg [SwitchC-ipsec-policy-manual-policy001-10] quit 4. Apply the IPsec policies in the RIPng process: # Configure Switch A. [SwitchA] ripng 1 [SwitchA-ripng-1] enable ipsec-policy policy001 [SwitchA-ripng-1] quit # Configure Switch B. [SwitchB] ripng 1 [SwitchB-ripng-1] enable ipsec-policy policy001 [SwitchB-ripng-1] quit # Configure Switch C. [SwitchC] ripng 1 [SwitchC-ripng-1] enable ipsec-policy policy001 [SwitchC-ripng-1] quit 5. Verify the configuration: RIPng traffic between Switches A, B and C is protected by IPsec.
278 Configuring OSPFv3 Hardware compatibility The HP 5500 SI Switch Series does not support OSPFv3. Introduction to OSPFv3 OSPFv3 overview O p e n S h o r t e s t Pa t h Fi r s t ve r s io n 3 ( OS P F v 3 ) s u p p o r t s I P v 6 a n d c o m p l i e s wi t h R F C 2740 ( OS P F fo r I P v 6 ) . The term router in this chapter refers to both routers and Layer 3 switches. OSPFv3 and OSPFv2 have the following similarities: • 32-bits router ID and area ID • Packets, including Hello, DD (Data Description), LSR (Link State Request), LSU (Link State Update), and LSAck (Link State Acknowledgment) • Mechanism for finding neighbors and establishing adjacencies • Mechanism for LSA flooding and aging OSPFv3 and OSPFv2 have the following differences: • OSPFv3 runs on a per-link basis, and OSPFv2 runs on a per-IP-subnet basis. • OSPFv3 supports multiple instances per link, but OSPFv2 does not. • OSPFv3 identifies neighbors by Router ID, and OSPFv2 by IP address. OSPFv3 packets OSPFv3 has the following packet types: hello, DD, LSR, LSU, and LSAck. These packets have the same packet header, which is different from the OSPFv2 packet header. The OSPFv3 packet header is only 16 bytes in length, has no authentication field, and is added with an Instance ID field to support VPN per link. Figure 106 OSPFv3 packet header Major fields for OSPFv3 packets are as follows: • Version # —Version of OSPF, which is 3 for OSPFv3. • Ty p e —Type of OSPF packet; types 1 to 5 are hello, DD, LSR, LSU, and LSAck. • Pac ke t l e ngt h —Packet length in bytes, including header.
279 • Instance ID —Instance ID for a link. • 0—Reserved. It must be 0. OSPFv3 LSA types OSPFv3 sends routing information in LSAs, which, as defined in RFC 2740, have the following types: • Router-LSA —Originated by all routers. This LSA descri bes the collected states of the routers interfaces to an area, and is flood ed throughout a single area only. • Network-LSA —Originated for broadcast and NBMA networks by the Designated Router. This LSA contains the list of routers connected to the networ k, and is flooded throughout a single area only. • Inter-Area-Prefix-LSA —Similar to Type 3 LSA of OSPFv2, originated by ABRs (Area Border Routers), and flooded throughout the LSAs associated area. Each Inter-Area-Prefix-LSA describes a route with IPv6 address prefix to a destination outside the area , yet still inside the AS (an inter-area route). • Inter-Area-Router-LSA—Similar to Type 4 LSA of OSPFv2, originated by ABRs and flooded throughout the LSAs associated area. Each Inter-Area-Router-LSA describes a route to ASBR (Autonomous System Boundary Router). • AS-external-LSA —Originated by ASBRs, and flooded throughout the AS (except Stub and NSSA areas). Each AS-external-LSA describes a route to another autonomous system. A default route can be described by an AS-external-LSA. • Link-LSA —A router originates a separate Link-LSA for ea ch attached link. Link-LSAs have link-local flooding scope. Each Link-LSA describes the IPv6 address prefix of the link and Link-local address of the router. • Intra-Area-Prefix-LSA —Each Intra-Area-Prefix-LSA contains IPv6 prefix information on a router, stub area, or transit area information, and has area flooding scope. It was introduced because Router-LSAs and Network-LSAs do not contain address information. RFC 5187 defines the Type 1 1 LSA, Grace-LSA. A Grace-LSA is generated by a GR (Graceful Restart) Restarter at reboot and transmitted on the local link. The restarter describes the cause and interval of the reboot in the Grace-LSA to tell its neighbors that it performs a GR operation. OSPFv3 timers Timers in OSPFv3 include the following: • OSPFv3 packet timer • LSA delay timer • SPF timer • GR timer OSPFv3 packet timer Hello packets are sent periodically between neighboring routers for finding and maintaining neighbor relationships, or for DR or BDR election. The hello interval must be identical on neighboring interfaces. The smaller the hello interval, the faster the network convergence speed and the bigger the network load. If a router does not receive a hello packet from a ne ighbor within a given period—dead interval, it then declares the peer down. After sending an LSA to its adjacen cy, a router waits for an acknowledgment from the adjacency. If no response is received after the retransmission interv al elapses, the router will send the LSA again. The retransmission interval must be longer than the round-trip time of the LSA.
280 LSA delay time Each LSA has an age in the local LSDB (incremented by one per second), but an LSA does not age on transmission. You must add an LSA delay time into the age time before transmission, which is important for low-speed networks. SPF timer Whenever the LSDB changes, an SPF calculation occurs. If recalculations become frequent, a large amount of resources will be occupied. You can adjust the SPF calculation interval and delay time to protect networks from being overloaded by frequent changes. GR timer If a failure to establish adjacencies occurs during a GR, the device will be in the GR process for a long time. To avoid this, configure the GR timer for the devi ce to exit the GR process when the timer expires. OSPFv3 features supported • Basic features defined in RFC 2740 • OSPFv3 stub area • OSPFv3 multi-process • VPN instances • OSPFv3 GR • BFD Protocols and standards • RFC 2740, OSPF for IPv6 • RFC 2328, OSPF Version 2 • RFC 5187, OSPFv3 Graceful Restart OSPFv3 configuration task list Task Remarks Enabling OSPFv3 Required Configuring OSPFv3 area parameters Configuring an OSPFv3 stub area Optional Configuring an OSPFv3 virtual link Optional Configuring OSPFv3 network types Configuring the OSPFv3 network type for an interfa ce Optional Configuring an NBMA or P2MP neighbor Optional Configuring OSPFv3 routing information control Configuring OSPFv3 route summarization Optional Configuring OSPFv3 inbound route filtering Optional Configuring an OSPFv3 cost for an interface Optional Configuring the maximum number of OSPFv3 ECMP routes Optional
281 Task Remarks Configuring a priority for OSPFv3 Optional Configuring OSPFv3 route redistribution Optional Tuning and optimizing OSPFv3 networks Configuring OSPFv3 timers Optional Configuring a DR priority for an interface Optional Ignoring MTU check for DD packets Optional Disabling interfaces from receiving and sending OSPFv3 packets Optional Enabling the logging of neighbor state changes Optional Configuring OSPFv3 GR Configuring GR Restarter Optional Configuring GR Helper Optional Configuring BFD for OSPFv3 Optional Applying IPsec policies for OSPFv3 Optional Enabling OSPFv3 Configuration prerequisites Before you enable OSPFv3, complete the following tasks: • Make neighboring nodes accessible with each other at the network layer. • Enable IPv6 packet forwarding. Enabling OSPFv3 To enable an OSPFv3 process on a router, you must enable the OSPFv3 process globally, assign the OSPFv3 process a router ID, and enable the OSPFv3 process on related interfaces. A r o u t e r I D u n i q u e l y i d e n t i f i e s a r o u t e r w i t h i n a n A S . Yo u m u s t s p e c i f y a u n i q u e r o u t e r I D f o r e a c h O S P F v 3 router within the AS to ensure normal operation. If a router runs multiple OSPFv3 processes, you must specify a unique router ID for each process. An OSPFv3 process ID has only local significance. Process 1 on a router can exchange packets with process 2 on another router. To enable OSPFv3: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable an OSPFv3 process and enter its view. ospfv3 [ process-id ] [ vpn-instance vpn-instance-name ] By default, no OSPFv3 process is enabled. 3. Specify a router ID. router-id router-id N/A 4. Enter interface view. interface interface-type interface-number N/A