- Table of Contents
-
- H3C S3600 Series Ethernet Switches Operation Manual-Release 1510(V1.04)
- 00-1Cover
- 00-2Product Overview
- 01-CLI Operation
- 02-Login Operation
- 03-Configuration File Management Operation
- 04-VLAN Operation
- 05-IP Address and Performance Configuration Operation
- 06-Management VLAN Operation
- 07-Voice VLAN Operation
- 08-GVRP Operation
- 09-Port Basic Configuration Operation
- 10-Link Aggregation Operation
- 11-Port Isolation Operation
- 12-Port Security-Port Binding Operation
- 13-DLDP Operation
- 14-MAC Address Table Operation
- 15-Auto Detect Operation
- 16-MSTP Operation
- 17-Routing Protocol Operation
- 18-Multicast Operation
- 19-802.1x Operation
- 20-AAA-RADIUS-HWTACACS-EAD Operation
- 21-VRRP Operation
- 22-Centralized MAC Address Authentication Operation
- 23-ARP Operation
- 24-DHCP Operation
- 25-ACL Operation
- 26-QoS-QoS Profile Operation
- 27-Web Cache Redirection Operation
- 28-Mirroring Operation
- 29-IRF Fabric Operation
- 30-Cluster Operation
- 31-PoE-PoE Profile Operation
- 32-UDP Helper Operation
- 33-SNMP-RMON Operation
- 34-NTP Operation
- 35-SSH Terminal Service Operation
- 36-File System Management Operation
- 37-FTP and TFTP Operation
- 38-Information Center Operation
- 39-System Maintenance and Debugging Operation
- 40-VLAN-VPN Operation
- 41-HWPing Operation
- 42-DNS Operation
- 43-Access Management Operation
- 44-Appendix
- Related Documents
-
Title | Size | Download |
---|---|---|
17-Routing Protocol Operation | 712 KB |
Table of Contents
Chapter 1 IP Routing Protocol Overview
1.1 Introduction to IP Route and Routing Table
1.1.1 IP Route and Route Segment
1.1.2 Route Selection through the Routing Table
1.2.1 Routing Protocols and Preferences
1.2.2 Traffic Sharing and Route Backup
1.2.3 Routes Shared Between Routing Protocols
Chapter 2 Static Route Configuration
2.1 Introduction to Static Route
2.2 Static Route Configuration
2.2.1 Configuration Prerequisites
2.2.2 Configuring a Static Route
2.3 Displaying the Routing Table
2.4 Static Route Configuration Example
2.5 Troubleshooting a Static Route
3.1.2 RIP Startup and Operation
3.3.1 Configuration Prerequisites
3.3.2 Configuring Basic RIP Functions
3.4.1 Configuration Prerequisites
3.4.2 Configuring RIP Route Control
3.5 RIP Network Adjustment and Optimization
3.5.1 Configuration Prerequisites
3.6 Displaying and Maintaining RIP Configuration
3.8 Troubleshooting RIP Configuration
4.3.1 Configuration Prerequisites
4.3.2 Basic OSPF Configuration
4.4 OSPF Area Attribute Configuration
4.4.1 Configuration Prerequisites
4.4.2 Configuring OSPF Area Attributes
4.5 OSPF Network Type Configuration
4.5.1 Configuration Prerequisites
4.5.2 Configuring the Network Type of an OSPF Interface
4.5.3 Configuring an NBMA Neighbor
4.5.4 Configuring the DR Priority on an OSPF Interface
4.6.1 Configuration Prerequisites
4.6.2 Configuring OSPF Route Summary
4.6.3 Configuring OSPF to Filter Received Routes
4.6.4 Configuring the Cost for Sending Packets on an OSPF Interface
4.6.5 Configuring OSPF Route Priority
4.6.6 Configuring the Maximum Number of OSPF Equal-Cost Routes
4.6.7 Configuring OSPF to Import External Routes
4.7 OSPF Network Adjustment and Optimization
4.7.1 Configuration Prerequisites
4.7.3 Configuring the LSA transmission delay
4.7.4 Configuring the SPF Calculation Interval
4.7.5 Disabling OSPF Packet Transmission on an Interface
4.7.6 Configuring OSPF Authentication
4.7.7 Configuring to Fill the MTU Field When an Interface Transmits DD Packets
4.7.9 Configuring OSPF Network Management System (NMS)
4.8 Displaying and Maintaining OSPF Configuration
4.9 OSPF Configuration Example
4.9.1 Configuring DR Election Based on OSPF Priority
4.9.2 Configuring OSPF Virtual Link
4.10 Troubleshooting OSPF Configuration
Chapter 5 IP Routing Policy Configuration
5.1 IP Routing Policy Overview
5.2 IP Routing Policy Configuration Tasks
5.3 Route-Policy Configuration
5.3.1 Configuration Prerequisites
5.3.3 Defining if-match Clauses and apply Clauses
5.4.1 Configuration Prerequisites
5.4.2 Configuring an ip-prefix list
5.5 Displaying IP Routing Policy
5.6 IP Routing Policy Configuration Example
5.6.1 Configuring to Filter Received Routing Information
5.7 Troubleshooting IP Routing Policy
Chapter 6 Route Capacity Configuration
6.1 Route Capacity Configuration Overview
6.1.2 Route Capacity Limitation on the S3600 Series
6.2 Route Capacity Configuration
6.2.1 Configuring the Lower Limit and the Safety Value of the Switch Memory
6.2.2 Enabling/Disabling Automatic Protocol Recovery
6.3 Displaying Route Capacity Configuration
Chapter 1 IP Routing Protocol Overview
& Note:
When running a routing protocol, the Ethernet switch also functions as a router. The word “router” and the router icons covered in the following text represent routers in common sense and Ethernet switches running a routing protocol.
This manual deals with the S3600-EI series switches. The ospf, ospf-ase, and ospf-nssa commands are supported by the S3600-EI series, but not supported by the S3600-SI series. This will not be mentioned again in this manual.
1.1 Introduction to IP Route and Routing Table
1.1.1 IP Route and Route Segment
Routers are used for route selection on the Internet. As a router receives a packet, it selects an appropriate route (through a network) according to the destination address of the packet and forwards the packet to the next router. The last router on the route is responsible for delivering the packet to the destination host.
A route segment is a common physical network interconnecting two nodes, which are deemed adjacent on the Internet. That is, two routers connected to the same physical network are adjacent to each other. The number of route segments between a router and any host on the local network is zero. In the following figure, the bold arrows represent route segments. A router is not concerned about which physical links compose a route segment. As shown in Figure 1-1, a packet sent from Host A to Host C travels through two routers over three route segments (along the broken line).
The number of route segments on the path between a source and destination can be used to measure the "length" of the path. As the sizes of networks may differ greatly, the actual length of router segments may be different from each other. Therefore, you can put different weights to different route segments (so that, for example, a route segment can be considered as two segments if the weight is two). In this way, the length of the path can be measure by the number of weighted route segments.
If routers in networks are regarded as nodes in networks and route segments in the Internet are regarded as links in the Internet, routing in the Internet is similar to that in a conventional network.
Routing through the shortest route is not always the most ideal way. For example, routing across three high-speed LAN route segments may be much faster than routing across two low-speed WAN route segments.
1.1.2 Route Selection through the Routing Table
The key for a router to forward packets is the routing table. Each router maintains a routing table. Each entry in this table contains an IP address that represents a host/subnet and specifies which physical port on the router should be used to forward the packets destined for the host/subnet. And the router forwards those packets through this port to the next router or directly to the destination host if the host is on a network directly connected to the router.
Each entry in a routing table contains:
l Destination address: It identifies the address of the destination host or network of an IP packet.
l Network mask: Along with the destination address, it identifies the address of the network segment where the destination host or router resides. By performing “logical AND” between destination address and network mask, you can get the address of the network segment where the destination host or router resides. For example, if the destination address is 129.102.8.10 and the mask is 255.255.0.0, the address of the network segment where the destination host or router resides is 129.102.0.0. A mask consists of some consecutive 1s, represented either in dotted decimal notation or by the number of the consecutive 1s in the mask.
l Output interface: It indicates through which interface IP packets should be forwarded to reach the destination.
l Next hop address: It indicates the next router that IP packets will pass through to reach the destination.
l Preference of the route added to the IP routing table: There may be multiple routes with different next hops to the same destination. These routes may be discovered by different routing protocols, or be manually configured static routes. The one with the highest preference (the smallest numerical value) will be selected as the current optimal route.
According to different destinations, routes fall into the following categories:
l Subnet route: The destination is a subnet.
l Host route: The destination is a host.
In addition, according to whether the network where the destination resides is directly connected to the router, routes fall into the following categories:
l Direct route: The router is directly connected to the network where the destination resides.
l Indirect route: The router is not directly connected to the network where the destination resides.
In order to avoid an oversized routing table, you can set a default route. All the packets for which the router fails to find a matching entry in the routing table will be forwarded through this default route.
Figure 1-2 shows a relatively complicated internet environment, the number in each network cloud indicate the network address and "R" represents a router. The router R8 is connected to three networks, and so it has three IP addresses and three physical ports. Its routing table is shown in Figure 1-2.
The H3C S3600 Series Ethernet Switches (hereinafter referred to as S3600 series) support the configuration of static routes as well as a series of dynamic routing protocols such as RIP and OSPF. Moreover, the switches in operation can automatically obtain some direct routes according to interface status and user configuration.
1.2 Routing Management Policy
On an S3600 Ethernet switch, you can manually configure a static route to a certain destination, or configure a dynamic routing protocol to make the switch interact with other routers in the internetwork and find routes by routing algorithm. On an S3600 Ethernet switch, the static routes configured by the user and the dynamic routes discovered by routing protocols are managed uniformly. The static routes and the routes learned or configured by different routing protocols can also be shared among routing protocols.
1.2.1 Routing Protocols and Preferences
Different routing protocols may discover different routes to the same destination, but only one route among these routes and the static routes is optimal. In fact, at any given moment, only one routing protocol can determine the current route to a specific destination. Routing protocols (including static routing) are endowed with different preferences. When there are multiple routing information sources, the route discovered by the routing protocol with the highest preference will become the current route. Routing protocols and their default route preferences (the smaller the value is, the higher the preference is) are shown in Table 1-1.
In the table, “0” is used for directly connected routes, and “255” is used for routes from untrusted sources.
Table 1-1 Routing protocols and corresponding route preferences
Routing protocol or route type |
Preference of the corresponding route |
DIRECT |
0 |
OSPF |
10 |
STATIC |
60 |
RIP |
100 |
OSPF ASE |
150 |
OSPF NSSA |
150 |
UNKNOWN |
255 |
Except for direct routing, you can manually configure the preferences of various dynamic routing protocols as required. In addition, you can configure different preferences for different static routes.
1.2.2 Traffic Sharing and Route Backup
I. Traffic sharing
The S3600 series support multi-route mode, allowing the configuration of multiple routes that reach the same destination and have the same preference. The same destination can be reached through multiple different routes, whose preferences are equal. When there is no route with a higher preference to the same destination, the multiple routes will be adopted. Then, the packets destined for the same destination will be forwarded through these routes in turn to implement traffic sharing.
II. Route backup
The S3600 series support route backup. When the primary route fails, the system automatically switches to a backup route to improve network reliability.
To achieve route backup, you can configure multiple routes to the same destination according to actual situation. One of the routes has the highest preference and is called primary route. The other routes have descending preferences and are called backup routes. Normally, the router sends data through the primary route. When line failure occurs on the primary route, the primary route will hide itself and the router will choose the one whose preference is the highest among the remaining backup routes as the path to send data. In this way, the switchover from the primary route to a backup route is implemented. When the primary route recovers, the router will restore it and re-select a route. And, as the primary route has the highest preference, the router will choose the primary route to send data. This process is the automatic switchover from the backup route to the primary route.
1.2.3 Routes Shared Between Routing Protocols
As the algorithms of various routing protocols are different, different routing protocols may discover different routes. This brings about the problem of how to share the discovered routes between routing protocols. The S3600 series can import (with the import-route command) the routes discovered by one routing protocol to another routing protocol. Each protocol has its own route redistribution mechanism. For details, see section 3.4.2 VII. "Configuring RIP to import routes” and section 4.6.7 "Configuring OSPF to Import External Routes".
Chapter 2 Static Route Configuration
& Note:
When running a routing protocol, the Ethernet switch also functions as a router. The word “router” and the router icons covered in the following text represent routers in common sense and Ethernet switches running a routing protocol.
2.1 Introduction to Static Route
2.1.1 Static Route
Static routes are special routes. They are manually configured by the administrator. By configuring static routes, you can build an interconnecting network. The problem for such configuration is when a fault occurs on the network, a static route cannot change automatically to steer away from the fault point without the help of the administrator.
In a relatively simple network, you only need to configure static routes to make routers work normally. Proper configuration and usage of static routes can improve network performance and ensure sufficient bandwidth for important applications.
Static routes are divided into three types:
l Reachable route: normal route. If a static route to a destination is of this type, the IP packets destined for this destination will be forwarded to the next hop. It is the most common type of static routes.
l Unreachable route: route with the "reject" attribute. If a static route to a destination has the "reject" attribute, all the IP packets destined for this destination will be discarded, and the source hosts will be informed of the unreachability of the destination.
l Blackhole route: route with “blackhole” attribute. If a static route destined for a destination has the “blackhole” attribute, the outgoing interface of this route is the Null 0 interface regardless of the next hop address, and all the IP packets addressed to this destination will be dropped without notifying the source hosts.
The attributes "reject" and "blackhole" are usually used to limit the range of the destinations this router can reach, and help troubleshoot the network.
2.1.2 Default Route
Simply to say, a default route is a route used only when no matching entry is found in the routing table. That is, the default route is used only when there is no proper route. In a routing table, both the destination address and mask of the default route are 0.0.0.0. You can use the display ip routing-table command to view whether the default route has been set. If the destination address of a packet does not match any entry in the routing table, the router will select the default route for the packet; in this case, if there is no default route, the packet will be discarded, and an Internet control message protocol (ICMP) packet will be returned to inform the source host that the destination host or network is unreachable.
2.2 Static Route Configuration
2.2.1 Configuration Prerequisites
Before configuring a static route, perform the following tasks:
l Configuring the physical parameters of the related interface
l Configuring the link layer attributes of the related interface
l Configuring an IP address for the related interface
2.2.2 Configuring a Static Route
Table 2-1 Configure a static route
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Add a static route |
ip route-static ip-address { mask | mask-length } { interface-type interface-number | next-hop } [ preference value ] [ reject | blackhole ] [ description text | detect-group group number ]* |
Required By default, the system can obtain the route to the subnet directly connected to the router. |
Delete all static routes |
delete static-routes all |
Optional This command deletes all static routes, including the default route. |
& Note:
l If the destination IP address and the mask of a route are both 0.0.0.0, the route is the default route. Any packet for which the router fails to find a matching entry in the routing table will be forwarded through the default route.
l Do not configure the next hop address of a static route to the address of an interface on the local switch.
l Different preferences can be configured to implement flexible route management policy.
2.3 Displaying the Routing Table
After the above configuration, use the display command in any view to display and verify the static route configuration.
Table 2-2 Display the routing table
Operation |
Command |
Description |
Display routing table summary |
display ip routing-table |
You can execute the display command in any view. |
Display routing table details |
display ip routing-table verbose |
|
Display the detailed information of a specific route |
display ip routing-table ip-address [ mask ] [ longer-match ] [ verbose ] |
|
Display the routes in a specified address range |
display ip routing-table ip-address1 mask1 ip-address2 mask2 [ verbose ] |
|
Display the routes discovered by a specified protocol |
display ip routing-table protocol protocol [ inactive | verbose ] |
|
Display the tree-structured routing table information |
display ip routing-table radix |
|
Display the statistics of the routing table |
display ip routing-table statistics |
2.4 Static Route Configuration Example
I. Network requirements
As shown in Figure 2-1, the masks of all the IP addresses in the figure are 255.255.255.0. It is required that all the hosts/Ethernet switches in the figure can interconnect with each other by configuring static routes.
II. Network diagram
Figure 2-1 Static route configuration
III. Configuration procedure
Perform the following steps on the switch:
# Configure static routes on SwitchA.
[SwitchA] ip route-static 1.1.3.0 255.255.255.0 1.1.2.2
[SwitchA] ip route-static 1.1.4.0 255.255.255.0 1.1.2.2
[SwitchA] ip route-static 1.1.5.0 255.255.255.0 1.1.2.2
# Configure static routes on SwitchB.
[SwitchB] ip route-static 1.1.2.0 255.255.255.0 1.1.3.1
[SwitchB] ip route-static 1.1.5.0 255.255.255.0 1.1.3.1
[SwitchB] ip route-static 1.1.1.0 255.255.255.0 1.1.3.1
# Configure static routes on SwitchC.
[SwitchC] ip route-static 1.1.1.0 255.255.255.0 1.1.2.1
[SwitchC] ip route-static 1.1.4.0 255.255.255.0 1.1.3.2
Perform the following steps on the host:
# Configure the default gateway of Host A to 1.1.5.1. Detailed configuration procedure is omitted.
# Configure the default gateway of Host B to 1.1.4.1. Detailed configuration procedure is omitted.
# Configure the default gateway of Host C to 1.1.1.1. Detailed configuration procedure is omitted.
Now, all the hosts/switches in the figure can interconnect with each other.
2.5 Troubleshooting a Static Route
Symptom: The switch is not configured with a dynamic routing protocol. Both the physical status and the link layer protocol status of an interface are UP, but IP packets cannot be normally forwarded on the interface.
Solution: Perform the following procedure.
Use the display ip routing-table protocol static command to view whether the corresponding static route is correctly configured.
Use the display ip routing-table command to view whether the static route is valid.
Chapter 3 RIP Configuration
& Note:
When running a routing protocol, the Ethernet switch also functions as a router. The word “router” and the router icons covered in the following text represent routers in common sense and Ethernet switches running a routing protocol.
3.1 RIP Overview
Routing information protocol (RIP) is a simple interior gateway protocol (IGP) suitable for small-sized networks.
3.1.1 Basic Concepts
I. RIP
RIP is a distance-vector (D-V) algorithm-based protocol. It exchanges routing information through UDP packets.
RIP uses hop count (also called routing cost) to measure the distance to a destination address. In RIP, the hop count from a router to its directly connected network is 0, and that to a network which can be reached through another router is 1, and so on. To restrict the time to converge, RIP prescribes that the cost is an integer ranging from 0 and 15. The hop count equal to or exceeding 16 is defined as infinite; that is, the destination network or host is unreachable.
To improve performance and avoid routing loop, RIP supports split horizon. Besides, RIP can import routes from other routing protocols.
II. RIP routing database
Each router running RIP manages a routing database, which contains routing entries to all the reachable destinations in the internetwork. Each routing entry contains the following information:
l Destination address: IP address of a host or network.
l Next hop address: IP address of an interface on the adjacent router that IP packets should pass through to reach the destination.
l Interface: Interface on this router, through which IP packets should be forwarded to reach the destination.
l Cost: Cost for the router to reach the destination.
l Routing time: Time elapsed after the routing entry is updated last time. This time is reset to 0 whenever the routing entry is updated.
III. RIP timers
As defined in RFC 1058, RIP is controlled by three timers: Period update, Timeout, and Garbage-collection.
l Period update timer: This timer is used to periodically trigger routing information update so that the router can send all RIP routes to all the neighbors.
l Timeout timer: If a RIP route is not updated (that is, the switch does not receive any routing update packet from the neighbor) within the timeout time of this timer, the route is considered unreachable.
3.1.2 RIP Startup and Operation
The whole process of RIP startup and operation is as follows:
l Once RIP is enabled on a router, the router broadcasts or multicasts a request packet to its neighbors. Upon receiving the packet, each neighbor running RIP answers a response packet containing its routing table information.
l When this router receives a response packet, it modifies its local routing table and sends an update triggering packet to the neighbor. Upon receiving the update triggering packet, the neighbor sends the packet to all its neighbors. After a series of update triggering processes, each router can get and keep the updated routing information.
l By default, RIP sends its routing table to its neighbors every 30 seconds. Upon receiving the packets, the neighbors maintain their own routing tables and select optimal routes, and then advertise update information to their respective neighbors so as to make the updated routes known globally. Furthermore, RIP uses the timeout mechanism to handle the timeout routes to ensure real-time and valid routes.
3.2 RIP Configuration Tasks
Table 3-1 RIP configuration tasks
Configuration task |
Description |
Related section |
|
Configuring basic RIP functions |
Enabling RIP |
Required |
Section 3.3.2 I. “Enabling RIP globally and on the interface of a specified network segment” |
Setting the RIP operating status on an interface |
Optional |
Section 3.3.2 II. “Setting the RIP operating status on an interface” |
|
Specifying a RIP version |
Optional |
Section 3.3.2 III. “Specifying the RIP version on an interface” |
|
Configuring RIP route control |
Setting the additional routing metrics of an interface |
Optional |
Section 3.4.2 I. “Setting the additional routing metrics of an interface” |
Configuring RIP route summary |
Optional |
Section 3.4.2 II. “Configuring RIP route summary” |
|
Disabling the receiving of host routes |
Optional |
||
Configuring RIP to filter incoming/outgoing routes |
Optional |
Section 3.4.2 IV. “Configuring RIP to filter incoming/outgoing routes” |
|
Setting RIP preference |
Optional |
Section 3.4.2 V. “Setting RIP preference” |
|
Enabling traffic to be forwarded along multiple equivalent RIP routes |
Optional |
Section3.4.2 VI. Enabling traffic to be forwarded along multiple equivalent RIP routes” |
|
Configuring RIP to import routes from another protocol |
Optional |
Section 3.4.2 VII. “Configuring RIP to import routes from another protocol” |
|
Adjusting and optimizing a RIP network |
Configuring RIP timers |
Optional |
Section 3.5.2 I. “Configuring RIP timers” |
Configuring split horizon |
Optional |
Section 3.5.2 II. “Configuring split horizon” |
|
Configuring RIP-1 packet zero field check |
Optional |
Section 3.5.2 III. “Configuring RIP-1 packet zero field check” |
|
Setting RIP-2 packet authentication mode |
Optional |
Section 3.5.2 IV. “Setting RIP-2 packet authentication mode” |
|
Configuring a RIP neighbor |
Optional |
Section 3.5.2 V. “Configuring a RIP neighbor” |
|
Displaying and debugging RIP |
Optional |
3.3 Basic RIP Configuration
3.3.1 Configuration Prerequisites
Before configuring basic RIP functions, perform the following tasks:
l Configuring the link layer protocol
3.3.2 Configuring Basic RIP Functions
I. Enabling RIP globally and on the interface of a specified network segment
Table 3-2 Enable RIP globally and on the interface of a specified network segment
Operation |
Command |
|
Enter system view |
system-view |
— |
Enable RIP globally and enter RIP view |
rip |
Required |
Enable RIP on the interface of a specified network segment |
network network-address |
Required By default, RIP is disabled on any interface. |
& Note:
l Related RIP commands configured in interface view can take effect only after RIP is enabled.
II. Setting the RIP operating status on an interface
Table 3-3 Setting the RIP operating status on an interface
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter interface view |
interface interface-type interface-number |
— |
Enable the interface to receive RIP update packets |
rip input |
Optional By default, all interfaces are allowed to send and receive RIP packets. |
Enable the interface to send RIP update packets |
rip output |
|
Run RIP on the interface |
rip work |
III. Specifying the RIP version on an interface
Table 3-4 Specify the RIP version on an interface
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter interface view |
interface interface-type interface-number |
— |
Specify RIP version on the interface |
rip version { 1 | 2 [ broadcast | multicast ] } |
Optional By default, the interface can receive RIP-1 and RIP-2 broadcast packets but send only RIP-1 packets. When specifying the RIP version on an interface as RIP-2, you can also specify the mode (broadcast or multicast) to send RIP packets. |
3.4 RIP Route Control
In actual implementation, it may be needed to control RIP routing information more accurately to accommodate complex network environments. By performing the configuration described in the following sections, you can:
l Control route selection by adjusting additional routing metrics on interfaces running RIP.
l Reduce the size of the routing table by setting route summary and disabling the receiving of host routes.
l Filter the received routes.
l Import external routes in an environment with multiple routing protocols and filter the advertised routes.
3.4.1 Configuration Prerequisites
Before configuring RIP route control, perform the following tasks:
l Configuring network layer addresses of interfaces so that adjacent nodes are reachable to each other at the network layer
l Configuring basic RIP functions
3.4.2 Configuring RIP Route Control
I. Setting the additional routing metrics of an interface
Additional routing metric is the routing metric (hop count) added to the original metrics of RIP routes on an interface. It does not change the metric value of a RIP route in the routing table, but will be added for incoming or outgoing RIP routes on the interface.
Table 3-5 Set additional routing metric
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter interface view |
interface interface-type interface-number |
— |
Set the additional routing metric to be added for incoming RIP routes on this interface |
rip metricin value |
Optional By default, the additional routing metric added for incoming routes on an interface is 0. |
Set the additional routing metric to be added for outgoing RIP routes on this interface |
rip metricout value |
Optional By default, the additional routing metric added for outgoing routes on an interface is 1. |
& Note:
The rip metricout command takes effect only on the RIP routes learnt by the router and the RIP routes generated by the router itself, but the command is invalid for any route imported to RIP from other routing protocols.
II. Configuring RIP route summary
Route summary means that different subnet routes in the same natural network segment can be aggregated into one route with a natural mask for transmission to another network segment. This function is used to reduce the routing traffic on the network as well as to reduce the size of the routing table.
Route summary does not work for RIP-1. RIP-2 supports route summary. When it is needed to advertise all subnet routes, you can disable the function for RIP-2.
Table 3-6 Configure RIP route summary
Operation |
Command |
|
Enter system view |
system-view |
— |
Enter RIP view |
rip |
— |
Enable RIP-2 automatic route summary |
summary |
Optional By default, RIP-2 automatic route summary is enabled. |
III. Disabling the receiving of host routes
In some special cases, the router can receive a lot of host routes from the same segment, and these routes are of little help in route addressing but consume a lot of network resources. After host route receiving is disabled, a router can refuse any incoming host route.
Table 3-7 Disable the receiving of host route
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter RIP view |
rip |
— |
Disable the receiving of host routes |
undo host-route |
Optional By default, the router receives host routes. |
IV. Configuring RIP to filter incoming/outgoing routes
The route filtering function provided by a router enables you to configure inbound/outbound filter policy by specifying an ACL or address prefix list to make RIP filter incoming/outgoing routes. Besides, you can configure RIP to receive only the RIP packets from a specific neighbor.
Table 3-8 Configure RIP to filter incoming/outgoing routes
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter RIP view |
rip |
— |
Configure RIP to filter incoming routes |
filter-policy { acl-number | ip-prefix ip-prefix-name [ gateway ip-prefix-name ] | route-policy route-policy-name } import |
Required By default, RIP does not filter any incoming route. The gateway keyword is used to filter the incoming routes advertised from a specified address. |
filter-policy gateway ip-prefix-name import |
||
Configure RIP to filter outgoing routes |
filter-policy { acl-number | ip-prefix ip-prefix-name } export [ routing-protocol ] |
Required By default, RIP does not filter any outgoing route. |
filter-policy route-policy route-policy-name export |
& Note:
l The filter-policy import command filters the RIP routes received from neighbors, and the routes being filtered out will neither be added to the routing table nor be advertised to any neighbors.
l The filter-policy export command filters all the routes to be advertised, including the routes imported by using the import-route command as well as RIP routes learned from neighbors.
l The filter-policy export command without the routing-protocol argument filters all the routes to be advertised, including the routes imported by the import-route command.
V. Setting RIP preference
Table 3-9 Set RIP preference
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter RIP view |
rip |
— |
Set the RIP preference |
preference value |
Optional The default RIP preference is 100. |
VI. Enabling traffic to be forwarded along multiple equivalent RIP routes
Table 3-10 Enable traffic to be forwarded along multiple equivalent RIP routes
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter RIP view |
rip |
— |
Enable traffic forwarded along multiple equivalent RIP routes |
traffic-share-across-interface |
Optional By default, traffic-share-across-interface is disabled |
VII. Configuring RIP to import routes from another protocol
Table 3-11 Configure RIP to import routes from another protocol
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter RIP view |
rip |
— |
Set the default cost for RIP to import routes from other protocols |
default cost value |
Optional When you use the import-route command without specifying the cost of imported routes, the default cost you set here will be used. |
Configure RIP to import routes from another protocol |
import-route protocol [ process-id ] [ cost value | route-policy route-policy-name ]* |
Optional The process-id parameter is used only for importing OSPF routes |
3.5 RIP Network Adjustment and Optimization
In some special network environments, some RIP features need to be configured and RIP network performance needs to be adjusted and optimized. By performing the configuration mentioned in this section, the following can be implemented:
l Changing the convergence speed of RIP network by adjusting RIP timers,
l Avoiding routing loop by configuring split horizon,
l Packet validation in network environments with high security requirements, and
l Configuring RIP feature on an interface or link with special requirements.
3.5.1 Configuration Prerequisites
Before adjusting RIP, perform the following tasks:
l Configuring the network layer addresses of interfaces so that adjacent nodes are reachable to each other at the network layer
l Configuring basic RIP functions
3.5.2 Configuration Tasks
I. Configuring RIP timers
Table 3-12 Configure RIP timers
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter RIP view |
rip |
— |
Set the values of RIP timers |
timers { update update-timer | timeout timeout-timer } * |
Optional By default, Update timer value is 30 seconds and Timeout timer value is 180 seconds. |
& Note:
When configuring the values of RIP timers, you should take network performance into consideration and perform consistent configuration on all routers running RIP to avoid unnecessary network traffic and network route oscillation.
II. Configuring split horizon
Table 3-13 Configure split horizon
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter interface view |
interface interface-type interface-number |
— |
Enable split horizon |
rip split-horizon |
Optional By default, an interface uses split horizon to send RIP packets. |
Split horizon cannot be disabled on a point-to-point link.
III. Configuring RIP-1 packet zero field check
Table 3-14 Configure RIP-1 packet zero field check
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter RIP view |
rip |
— |
Enable zero field check of RIP-1 packets |
checkzero |
Optional By default, zero field check is performed on RIP-1 packets. |
& Note:
Some fields in a RIP-1 packet must be 0, and they are known as zero fields. For RIP-1, zero field check is performed on incoming packets, those RIP-1 packets with nonzero value in a zero filed will not be processed further. As a RIP-2 packet has no zero fields, this configuration is invalid for RIP-2.
IV. Setting RIP-2 packet authentication mode
RIP-2 supports two authentication modes: simple authentication and MD5 authentication.
Simple authentication cannot provide complete security, because the authentication keys sent along with packets that are not encrypted. Therefore, simple authentication cannot be applied where high security is required.
Table 3-15 Set RIP-2 packet authentication mode
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter interface view |
interface interface-type interface-number |
— |
Set RIP-2 packet authentication mode |
rip authentication-mode { simple password | md5 { rfc2453 key-string | rfc2082 key-string key-id } } |
Required If you specify to use MD5 authentication, you must specify one of the following MD5 authentication types: rfc2453 (this type supports the packet format defined in RFC 2453) rfc2082 (this type supports the packet format defined in RFC 2082) |
V. Configuring a RIP neighbor
Table 3-16 Configure a RIP neighbor
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter RIP view |
rip |
— |
Configure a RIP neighbor |
peer ip-address |
Required To make RIP to work on a link that does not support broadcast/multicast packets, you must manually configure the RIP neighbor. Normally, RIP uses broadcast or multicast addresses to send packets. |
3.6 Displaying and Maintaining RIP Configuration
After the above configuration, you can use the display command in any view to display the running status of RIP and verify the RIP configuration. You can use the reset command in RIP view to reset the system configuration related to RIP.
Table 3-17 Display and debug RIP configuration
Operation |
Command |
Description |
Display the current RIP running status and configuration information |
display rip |
You can execute the display command in any view. |
Display RIP interface information |
display rip interface |
|
Display RIP routing information |
display rip routing |
|
Reset the system configuration related to RIP |
reset |
You can use this command in RIP view. |
3.7 RIP Configuration Example
I. Network requirements
As shown in Figure 3-1, SwitchC is connected to subnet 117.102.0.0 through an Ethernet port. SwitchA and SwitchB are connected to networks 155.10.1.0 and 196.38.165.0 respectively through Ethernet ports. SwitchC, SwitchA and SwitchB are interconnected through Ethernet 110.11.2.0. It is required to configure RIP correctly to ensure the interworking between the networks connected to SwitchC, SwitchA and SwitchB.
II. Network diagram
III. Configuration procedure
& Note:
Only the configuration related to RIP is listed below. Before the following configuration, make sure the Ethernet link layer works normally and the IP addresses of VLAN interfaces are configured correctly.
1) Configure SwitchA:
# Configure RIP.
<SwitchA> system-view
[SwitchA] rip
[SwitchA-rip] network 110.11.2.0
[SwitchA-rip] network 155.10.1.0
2) Configure SwitchB:
# Configure RIP.
<SwitchB> system-view
[SwitchB] rip
[SwitchB-rip] network 196.38.165.0
[SwitchB-rip] network 110.11.2.0
3) Configure SwitchC:
# Configure RIP.
<SwitchC> system-view
[SwitchC-rip] network 117.102.0.0
[SwitchC-rip] network 110.11.2.0
3.8 Troubleshooting RIP Configuration
Symptom: The Ethernet switch cannot receive any RIP update packet when the physical connection between the switch and the peer routing device is normal.
Solution: RIP is not enabled on the corresponding interface (for example, the undo rip work command is executed on the interface) or RIP is not enabled by the network command on the interface. The peer routing device is configured to work in the multicast mode (for example, the rip version 2 multicast command is executed) but the multicast mode is not configured on the corresponding interface of this switch.
Chapter 4 OSPF Configuration
& Note:
When running a routing protocol, the Ethernet switch also functions as a router. The words “router” and the router icons covered in the following text represent routers in common sense and Ethernet switches running a routing protocol.
Among S3600 series, only S3600-EI series support OSPF protocol.
4.1 OSPF Overview
4.1.1 Introduction to OSPF
Open shortest path first (OSPF) is a link state-based interior gateway protocol developed by IETF. At present, OSPF version 2 (RFC 2328) is used, which has the following features:
l High applicability: OSPF supports networks of various sizes and can support up to several hundred routers.
l Fast convergence: OSPF can transmit update packets immediately after the network topology changes so that the change can be synchronized in the autonomous system (AS).
l Loop-free: Since OSPF calculates routes with the shortest path tree algorithm according to the collected link states, it guarantees that no loop routes will be generated from the algorithm basis.
l Area partition: OSPF allows an autonomous system network to be divided into different areas for convenient management so that routing information transmitted between the areas is abstracted further, thereby reducing network bandwidth consumption.
l Equivalent route: OSPF supports multiple equivalent routes to the same destination.
l Routing hierarchy: OSPF has a four-level routing hierarchy. It prioritizes the routes as intra-area, inter-area, external type-1, and external type-2 routes.
l Authentication: OSPF supports interface-based packet authentication to guarantee the security of route calculation.
l Multicast transmission: OSPF supports transmitting protocol packets in multicast mode.
4.1.2 OSPF Route Calculation
Taking no account of area partition, the routing calculation process of the OSPF protocol is as follows:
l Each OSPF-capable router maintains a link state database (LSDB), which describes the topology of the whole AS. According to the network topology around itself, each router generates a link state advertisement (LSA). Routers on the network exchange LSAs with each other by transmitting protocol packets. Thus, each router receives the LSAs of other routers and all these LSAs form the LSDB of the router.
l An LSA describes the network topology around a router, whereas an LSDB describes the network topology of the whole network. Routers can easily transform the LSDB to a weighted directed map, which actually reflects the topology of the whole network. Obviously, all routers get exactly the same map.
l A router uses the shortest path first (SPF) algorithm to calculate the shortest path tree with itself as the root. The tree shows the routes to the nodes in the autonomous system. External routes are leaf nodes, which are marked with the routers from which they are advertised to record information outside the AS. Obviously, the routing tables obtained by different routers are different.
Furthermore, to enable individual routers to broadcast their local status information (such as available interface information and reachable neighbor information) to the whole AS, routers in the AS should establish neighboring relationship among them. In this case, the route changes on any router will result in multiple transmissions, which are unnecessary and waste the precious bandwidth resources. To solve this problem, designated router (DR) and backup designated router (BDR) are defined in OSPF. For details about DR and BDR, see section 4.1.4 III. "DR and BDR".
OSPF supports interface-based packet authentication to guarantee the security of route calculation. In addition, it transmits and receives packets in multicast (224.0.0.5 and 224.0.0.6).
4.1.3 Basic OSPF Concepts
I. Router ID
To run OSPF, a router must have a router ID. A router ID can be configured manually. If no router ID is configured, the system will automatically select an IP address from the IP addresses of the interfaces as the router ID. A router ID is selected in the following way: if loopback interface addresses are configured, the system chooses the latest configured IP address as the router ID; if no loopback interface is configured, the first configured IP address among the IP addresses of other interfaces will be the router ID.
II. Area
If all the routers on an ever-growing huge network run OSPF, the large number of routers will result in an enormous LSDB, which will consume an enormous storage space, complicate the running of SPF algorithm, and increase CPU load. Furthermore, as a network grows larger, it is more potential to have changes in the network topology. Hence, the network will often be in “flapping”, and a great number of OSPF packets will be generated and transmitted in the network. This will lower the network bandwidth utilization. In addition, each change will cause all the routers on the network re-perform route calculation.
OSPF solves the above-mentioned problem by dividing an AS into multiple areas. Areas group routers logically. A router on the border of an area belongs to more than one area. A router connecting the backbone area to a non-backbone area is called an area border router (ABR). An ABR can connect to the backbone area physically or logically.
Area partition in OSPF reduces the number of LSAs in the network and enhances OSPF scalability. To further reduce routing table size and the number of LSAs in some non-backbone areas on the edge of the AS, you can configure these areas as stub areas.
A stub area cannot import any external route. For this reason the concept NSSA area (not-so-stubby area) is introduced. In an NSSA area, type 7 LSAs are allowed to be propagated. A type 7 LSA is generated by an ASBR (autonomous system boundary router) in a NSSA area. A type 7 LSA reaching an ABR in the NSSA area is transformed into an AS-external LSA, which is then advertised to other areas.
III. Backbone area and virtual link
Backbone Area
With OSPF area partition, not all areas are equal. One of the areas is different from any other area. Its area ID is 0 and it is usually called the backbone area.
Virtual link
Since all areas must be connected to the backbone area, the concept virtual link is introduced to maintain logical connectivity between the backbone area and any other area physically separated from the backbone area.
IV. Route summary
After an AS is divided into different areas that are interconnected through OSPF ABRs, The routing information between areas can be reduced through route summary. This reduces the size of routing tables and improves the calculation speed of routers.
After an ABR in an area calculates the intra-area routes in the area, the ABR aggregates multiple OSPF routes into one LSA (based on the summary configuration) and sends the LSA outside the area.
For example, in Figure 4-1, there are three intra-area routes in Area 19: 19.1.1.0/24, 19.1.2.0/24, and 19.1.3.0/24. If route summary is configured, the three routes are aggregated into one route 19.1.0.0/16, and only one corresponding LSA, which describes the route after summary, is generated on RTA.
Figure 4-1 Area partition and route aggregation
4.1.4 OSPF Network Type
I. Four OSPF network types
OSPF divides networks into four types by link layer protocols:
l Broadcast: If Ethernet or FDDI is adopted, OSPF defaults the network type to broadcast. In a broadcast network, protocol packets are sent in multicast (224.0.0.5 and 224.0.0.6) by default.
l Non-broadcast multi-access (NBMA): If Frame Relay, ATM, or X.25 is adopted, OSPF defaults the network type to NBMA. In an NBMA network, protocol packets are sent in unicast.
l Point-to-multipoint (P2MP): OSPF will not default the network type of any link layer protocol to P2MP. A P2MP network must be compulsorily changed from another network type. The common practice is to change an NBMA network into a P2MP network. In a P2MP network, protocol packets are sent in multicast (224.0.0.5).
l Point-to-point (P2P): If PPP or HDLC is adopted, OSPF defaults the network type to P2P. In a P2P network, protocol packets are sent in multicast (224.0.0.5).
II. Principles for configuring an NBMA network
An NBMA network is a non-broadcast and multi-accessible network. ATM and frame relay networks are typical NBMA networks.
Some special configurations need to be done on an NBMA network. In an NBMA network, an OSPF router cannot discover an adjacent router by broadcasting Hello packets. Therefore, you must manually specify an IP address for the adjacent router and whether the adjacent router has the right to vote for a DR.
An NBMA network must be fully connected. That is, any two routers in the network must be directly reachable to each other through a virtual circuit. If two routers in the network are not directly reachable to each other, you must configure the corresponding interface type to P2MP. If a router in the network has only one peer, you can change the corresponding interface type to P2P.
The differences between NBMA and P2MP are as follows:
l An NBMA network is fully connected, non-broadcast, and multi-accessible, whereas a P2MP network is not necessarily fully connected.
l DR and BDR are required to be elected on an NBMA network but not on a P2MP network.
l NBMA is a default network type. A P2MP network, however, must be compulsorily changed from another network type. The more common practice is to change an NBMA network into a P2MP network.
l NBMA sends protocol packets in unicast and neighbors should be configured manually, while P2MP sends protocol packets in multicast.
III. DR and BDR
In a broadcast network or an NBMA network, routing information needs to be transmitted between any two routers. If there are n routers in the network, n x (n-1)/2 adjacencies need to be established. In this case, the route changes on any router will result in multiple transmissions, which waste bandwidth. To solve this problem, DR is defined in OSPF so that all routers send information to the DR only and the DR broadcasts the network link states in the network.
If the DR fails, a new DR must be elected and synchronized with the other routers on the network. The process takes quite a long time; in the process, route calculation is incorrect. To shorten the process, BDR is introduced in OSPF.
In fact, a BDR provides backup for a DR. DR and BDR are elected at the same time. Adjacencies are also established between the BDR and all the other routers on the segment, and routing information is also exchanged between them. Once the DR becomes invalid, the BDR becomes a DR. Since no re-election is needed and the adjacencies already exist, the switchover process is very short. Now, a new BDR should be elected. Although this election process will also take quite a long time, route calculation will not be affected.
Neither neighboring relationship is established nor routing information is exchanged between DR Others (routers other than DR and BDR). This reduces the number of adjacencies among routers on the broadcast or NBMA network.
In Figure 4-2, the solid lines represent physical Ethernet connections and the dotted lines represent adjacencies established. The figure shows that, with the DR/BDR mechanism adopted, seven adjacencies suffice among the five routers.
IV. DR/BDR election
Instead of being manually configured, DR and BDR are elected by all the routers on the current network segment. The priority of a router interface determines the qualification of the interface in DR/BDR election. All the routers with DR priorities greater than 0 in the current network segment are eligible "candidates".
Hello packets serve as the "votes" in the election. Each router writes the DR it selects to the Hello packet and sends the packet to each router running OSPF in the network segment. If two routers on the same network segment declare themselves to be the DR, the one with the highest DR priority will be preferred. If their priorities are the same, the one with greater router ID will be preferred. A router whose DR priority is 0 can neither be elected as the DR nor be elected as the BDR.
Note the following points:
l DR election is required for broadcast or NBMA interfaces but is not required for P2P or P2MP interfaces.
l DR is based on the router interfaces in a certain segment. A router may be a DR on an interface and a BDR or DR Other on another interface.
l If a new router is added after DR and BDR election, the router does not become the DR immediately even if it has the highest DR priority.
l The DR on a network segment is not necessarily the router with the highest priority. Likewise, the BDR is not necessarily the router with the second-highest priority.
4.1.5 OSPF Packets
OSPF uses five types of packets:
I. Hello packet:
Hello packets are most commonly used OSPF packets, which are periodically sent by a router to its neighbors. A Hello packet contains the values of some timers, the DR, the BDR and the known peers.
II. DD packet:
When two routers synchronize their databases, they use database description (DD) packets to describe their own LSDBs, including the digest of each LSA. The digest refers to the HEAD of an LSA which uniquely identifies the LSA. This reduces the size of traffic transmitted between the routers because the HEAD of an LSA only occupies a small portion of the LSA. With the HEAD, the peer router can judge whether it has the LSA or not.
III. LSR packet:
After exchanging DD packets, the two routers know which LSAs of the peer router are lacked in the local LSDB, and send link state request (LSR) packets requesting for the lacked LSAs to the peer. These LSR packets contain the digest of the needed LSAs.
IV. LSU packet:
Link state update (LSU) packets are used to transmit the needed LSAs to the peer router. An LSU packet is a collection of multiple LSAs (complete LSAs, not LSA digest).
V. LSAck packet
Link state acknowledgment (LSAck) packets are used to acknowledge received LSU packets. An LSAck contains the HEAD(s) of LSA(s) to be acknowledged (one LSAck packet can acknowledge multiple LSAs).
4.1.6 LSA Types
I. Five basic LSA types
As described in the preceding sections, LSAs are the primary source for OSPF to calculate and maintain routes. RFC 2328 defines five types of LSAs:
l Router-LSA: Type-1 LSAs, generated by every router to describe the router's link states and costs and advertised only in the area where the router resides.
l Network-LSA: Type-2 LSAs, generated by the DRs of broadcast or NBMA network to describe the link states of the current network segment and are advertised only in the area where the DRs reside.
l Summary-LSA: Type-3 and Type-4 LSAs, generated by ABRs and advertised in the areas associated with the LSAs. Each Summary-LSA describes a route to a destination in another area of the AS (also called inter-area route).Type-3 Summary-LSAs are for routes to networks (that is, their destinations are segments), while Type-4 Summary-LSAs are for routes to ASBRs.
l AS-external-LSA: Type-5 LSA, also called ASE LSA, generated by ASBRs to describe the routes to other ASs and advertised to the whole AS (excluding stub areas). The default AS route can also be described by AS-external-LSAs.
II. Type-7 LSAs
In RFC 1587 (OSPF NSSA Option), Type-7 LSA, a new LSA type, is added.
As described in RFC 1587, Type-7 LSAs and Type-5 LSAs mainly differ in the following two ways:
l Type-7 LSAs are generated and advertised in an NSSA, where Type-5 LSAs will not be generated or advertised.
l Type-7 LSAs can only be advertised in an NSSA area. When Type-7 LSAs reach an ABR, the ABR can convert part of the routing information carried in the Type-7 LSAs into Type-5 LSAs and advertise the Type-5 LSAs. Type-7 LSAs are not directly advertised to other areas (including the backbone area).
4.1.7 OSPF Features
S3600 series support the following OSPF features:
l Stub area: Stub area is defined to reduce the cost for the routers in the area to receive ASE routes.
l NSSA area: NSSA area is defined to remove the limit on the topology in a stub area.
l OSPF multi-process: Multiple OSPF processes can be run on a router.
l Sharing discovered routing information with other dynamic routing protocols: At present, OSPF supports importing the routes of other dynamic routing protocols (such as RIP), and static routes as OSPF external routes into the AS to which the router belongs. In addition, OSPF supports advertising the routing information it discovered to other routing protocols.
l Authentication key: OSPF supports the authentication of the packets between neighboring routers in the same area by using one of the two methods: plain text authentication key and MD5 authentication key.
l Flexible configuration of router interface parameters: For a router interface, you can configure the following OSPF parameters: output cost, Hello interval, retransmission interval, interface transmission delay, route priority, dead time for a neighboring router, and packet authentication mode and authentication key.
l Virtual link: Virtual links can be configured.
4.2 OSPF Configuration Tasks
Table 4-1 OSPF configuration tasks
Configuration task |
Description |
Related section |
|
Basic OSPF configuration |
Required |
||
OSPF area attribute configuration |
Optional |
||
OSPF network type configuration |
Configuring the network type of an OSPF interface |
Optional |
|
Configuring an NBMA neighbor |
Optional |
||
Configuring the DR priority on an OSPF interface |
Optional |
||
OSPF route control |
Configuring OSPF route summary |
Optional |
|
Configuring OSPF to filter received routes |
Optional |
||
Configuring the cost for sending packets on an OSPF interface |
Optional |
||
Configuring OSPF route priority |
Optional |
||
Configuring the maximum number of OSPF equal-cost routes |
Optional |
||
Configuring OSPF to import external routes |
Optional |
||
OSPF network adjustment and optimization |
Configuring OSPF timers |
Optional |
|
Configuring the LSA transmission delay |
Optional |
||
Configuring the SPF calculation interval |
Optional |
||
Disabling OSPF packet transmission on an interface |
Optional |
||
Configuring OSPF authentication |
Optional |
||
Configuring to fill the MTU field when an interface transmits DD packets |
Optional |
||
Enabling OSPF logging |
Optional |
||
Configuring OSPF network management system (NMS) |
Optional |
||
Displaying and maintaining OSPF configuration |
— |
4.3 Basic OSPF Configuration
4.3.1 Configuration Prerequisites
Before configuring OSPF, perform the following tasks:
l Configuring the link layer protocol
l Configuring the network layer addresses of interfaces so that the adjacent nodes are reachable to each other at the network layer
4.3.2 Basic OSPF Configuration
Basic OSPF configuration includes:
l Configuring router ID
To ensure stable OSPF operation, you should determine the division of router IDs and manually configure them when implementing network planning. When you configure router IDs manually, make sure each router ID is uniquely used by one router in the AS. A common practice is to set the router ID to the IP address of an interface on the router.
l Enabling OSPF
Comware supports multiple OSPF processes. To enable multiple OSPF processes on a router, you need to specify different process IDs. OSPF process ID is only locally significant; it does not affect the packet exchange between an OSPF process and other routers. Therefore, packets can be exchanged between routers with different OSPF processes IDs.
l Configuring an area and the network segments in the area. You need to plan areas in an AS before performing the corresponding configurations on each router.
When configuring the routers in the same area, please note that most configurations should be uniformly made based on the area. Wrong configuration may disable information transmission between neighboring routers and even lead to congestion or self-loop of routing information.
Table 4-2 Basic OSPF configuration
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Configure the router ID |
router id router-id |
Optional If multiple OSPF processes run on a router, you are recommended to use the router-id keyword in the ospf command to specify different router IDs for different processes. |
Enable OSPF and enter OSPF view |
ospf [ process-id [ router-id router-id ] ] |
Required Enter OSPF view. |
Enter OSPF area view |
area area-id |
Required |
Configure the network segments in the area |
network address wildcard-mask |
Required By default, an interface does not belong to any area. |
& Note:
l In router ID selection, the priorities of the router IDs configured with the ospf [ process-id [ router-id router-id ] ] command, the router id command, and the priorities of the router IDs automatically selected are in a descending order.
l Router IDs can be re-selected. A re-selected router ID takes effect only after the OSPF process is restarted.
l The ospf [ process-id [ router-id router-id ] ] command is recommended for configuring router IDs manually.
l The ID of an OSPF process or OSPF multi-instance is unique. That is, the ID of OSPF multi-instance must be different from any in-use process ID.
l One segment can belong to only one area and you must specify each OSPF interface to belong to a particular area.
4.4 OSPF Area Attribute Configuration
Area partition in OSPF reduces the number of LSAs in the network and enhances OSPF scalability. To further reduce routing table size and the number of LSAs in some non-backbone areas on the edge of the AS, you can configure these areas as stub areas.
A stub area cannot import any external route. For this reason the concept of NSSA area is introduced. Type7 LSAs can be advertised in an NSSA area. Type7 LSAs are generated by ASBRs of the NSSA area, and will be transformed into AS-external LSAs whey reaching ABRs in the NSSA area, which will then be advertised to other areas.
After area partition, the OSPF route updates between non-backbone areas are exchanged by way of the backbone area. Therefore, OSPF requires that all the non-backbone areas should keep connectivity with the backbone area and the backbone area must keep connectivity in itself.
4.4.1 Configuration Prerequisites
Before configuring OSPF area attributes, perform the following tasks:
l Configuring the network layer addresses of interfaces so that the adjacent nodes are reachable to each other at the network layer
l Performing basic OSPF configuration
4.4.2 Configuring OSPF Area Attributes
Table 4-3 Configure OSPF area attributes
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter OSPF view |
ospf [ process-id [ router-id router-id ] ] |
— |
Enter OSPF area view |
area area-id |
— |
Configure the current area to be a stub area |
stub [ no-summary ] |
Optional By default, no area is configured as a stub area. |
Configure the current area to be an NSSA area |
nssa [ default-route-advertise | no-import-route | no-summary ]* |
Optional By default, no area is configured as an NSSA area. |
Configure the cost of the default route transmitted by OSPF to a stub or NSSA area |
default-cost cost |
Optional This can be configured on an ABR only. By default, the cost of the default route to a stub or NSSA area is 1. |
Create and configure a virtual link |
vlink-peer router-id [ hello seconds | retransmit seconds | trans-delay seconds | dead seconds | simple password | md5 keyid key ]* |
Optional For a virtual link to take effect, you need to use this command at both ends of the virtual link and ensure consistent configurations of the hello, dead, and other parameters at both ends. |
& Note:
l You must use the stub command on all the routers connected to a stub area to configure the area with the stub attribute.
4.5 OSPF Network Type Configuration
OSPF divides networks into four types by link layer protocol. See section 4.1.4 "OSPF Network Type". An NBMA network must be fully connected. That is, any two routers in the network must be directly reachable to each other through a virtual circuit. However, in many cases, this cannot be implemented and you need to use a command to change the network type forcibly.
Configure the interface type as P2MP if not all the routers are directly accessible on an NBMA network. Change the interface type to P2P if the router has only one peer on the NBMA network.
4.5.1 Configuration Prerequisites
Before configuring the network type of an OSPF interface, perform the following tasks:
l Configuring the network layer address of the interface so that the adjacent node is reachable at network layer
l Performing basic OSPF configuration
4.5.2 Configuring the Network Type of an OSPF Interface
Table 4-4 Configure the network type of an OSPF interface
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter interface view |
interface interface-type interface-number |
— |
Configure the network type of the OSPF interface |
ospf network-type { broadcast | nbma | p2mp | p2p } |
Optional By default, the network type of an interface depends on the physical interface. |
& Note:
l After an interface has been configured with a new network type, the original network type of the interface is removed automatically.
l Note that, neighboring relationship can be established between two interfaces configured as broadcast, NBMA, or P2MP only if the interfaces are on the same network segment.
4.5.3 Configuring an NBMA Neighbor
Some special configurations need to be done on an NBMA network. Since an NBMA interface cannot discover the adjacent router by broadcasting Hello packets, you must manually specify the IP address of the adjacent router for the interface and whether the adjacent router has the right to vote.
Table 4-5 Configure NBMA neighbor
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter OSPF view |
ospf [ process-id [ router-id router-id ] ] |
Required |
Configure an NBMA neighbor |
peer ip-address [ dr-priority dr-priority ] |
Required By default, the priority for the neighbor of an NBMA interface is 1. |
4.5.4 Configuring the DR Priority on an OSPF Interface
You can control the DR/BDR election on a broadcast or NBMA network by configuring the DR priorities of interfaces.
Table 4-6 Configure the DR priority on an OSPF interface
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter interface view |
interface interface-type interface-number |
Required |
Configure the DR priority on the OSPF interface |
ospf dr-priority priority |
Optional The default DR priority is 1. |
& Note:
The DR priorities configured by the ospf dr-priority command and the peer command have different purpose:
l The priority set with the ospf dr-priority command is used for actual DR election.
4.6 OSPF Route Control
4.6.1 Configuration Prerequisites
Before configuring OSPF route control, perform the following tasks:
l Configuring the network layer addresses of interfaces so that the adjacent nodes are reachable to each other at the network layer
l Completing basic OSPF configuration
l Configuring filter list to filter routing information
4.6.2 Configuring OSPF Route Summary
The configuration of OSPF route summary includes:
l Configuring ABR route summary,
l Configuring ASBR route summary for imported routes.
Table 4-7 Configure ABR route summary
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter OSPF view |
ospf [ process-id [ router-id router-id ] ] |
Required |
Enter area view |
area area-id |
Required |
Enable ABR route summary |
abr-summary ip-address mask [ advertise | not-advertise ] |
Required This command takes effect only when it is configured on an ABR. By default, this function is disabled on an ABR. |
Table 4-8 Configure ASBR route summary
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter OSPF view |
ospf [ process-id [ router-id router-id ] ] |
Required |
Enable ASBR route summary |
asbr-summary ip-address mask [ not-advertise | tag value ] |
Required This command takes effect only when it is configured on an ASBR. By default, summary of imported routes is disabled. |
4.6.3 Configuring OSPF to Filter Received Routes
Table 4-9 Configure OSPF to filter received routes
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter OSPF view |
ospf [ process-id [ router-id router-id ] ] |
Required |
Configure to filter the received routes |
filter-policy { acl-number | ip-prefix ip-prefix-name | gateway ip-prefix-name } import |
Required By default, OSPF does not filter received routing information. |
& Note:
OSPF is a dynamic routing protocol based on link state, with routing information hidden in LSAs. Therefore, OSPF cannot filter any advertised or received LSA. In fact, the filter-policy import command filters the routes calculated by OSPF; only the routes passing the filter can be added to the routing table.
4.6.4 Configuring the Cost for Sending Packets on an OSPF Interface
Table 4-10 Configure the cost for sending packets on an OSPF interface
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter interface view |
interface interface-type interface-number |
Required |
Configure the cost for sending packets on an OSPF interface |
ospf cost value |
Optional By default, OSPF calculates the cost for sending packets on an interface according to the current baud rate on the interface. For a VLAN interface on the switch, this value is fixed at 10. |
4.6.5 Configuring OSPF Route Priority
Since multiple dynamic routing protocols may be running on one router, the problem of route sharing and selection between various routing protocols arises. The system sets a priority for each routing protocol (which you can change manually), and when more than one route to the same destination is discovered by different protocols, the route with the highest priority will take preference over other routes.
Table 4-11 Configure OSPF route priority
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter OSPF view |
ospf [ process-id [ router-id router-id ] ] |
Required |
Configure OSPF route priority |
preference [ ase ] value |
Optional By default, the OSPF route priority is 10 and the priority of OSPF ASE is 150. |
4.6.6 Configuring the Maximum Number of OSPF Equal-Cost Routes
Table 4-12 Configure the maximum number of OSPF equal-cost routes
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter OSPF view |
ospf [ process-id [ router-id router-id ] ] |
Required |
Configure the maximum number of OSPF equal-cost routes |
multi-path-number value |
Optional |
4.6.7 Configuring OSPF to Import External Routes
Table 4-13 Configure OSPF to import external routes
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter OSPF view |
ospf [ process-id [ router-id router-id ] ] |
Required |
Enable OSPF to import routes of other protocols |
import-route protocol [ cost value | type value | tag value | route-policy route-policy-name ]* |
Required By default, OSPF does not import the routing information of other protocols. |
Enable OSPF to filter advertised routes |
filter-policy { acl-number | ip-prefix ip-prefix-name } export [ routing-protocol ] |
Optional By default, OSPF does not filter advertised routes. |
Enable OSPF to import the default route |
default-route-advertise [ always | cost value | type type-value | route-policy route-policy-name ]* |
Optional By default, OSPF does not import the default route. |
Configure the default cost for OSPF to import external routes |
default cost value |
Optional By default, the cost for OSPF to import external routes is 1. |
Configure the default maximum number of external routes imported by OSPF per unit time. |
default limit routes |
Optional By default, a maximum of 1000 routes can be imported. |
Configure the default tag for OSPF to import external routes |
default tag tag |
Optional The default tag is 1 if it is not set by using this command. |
Configure the default type of external routes that OSPF will import |
default type { 1 | 2 } |
Optional By default, the type of imported external routes is Type-2. |
& Note:
l The import-route command cannot import the default route. To import the default route, you must use the default-route-advertise command.
l The filtering of advertised routes by OSPF means that OSPF only converts the external routes meeting the filter criteria into Type-5 or Type-7 LSAs and advertises them.
l When enabling OSPF to import external routes, you can also configure the defaults of some additional parameters, such as cost, number of routes, tag, and type. A route tag can be used to identify protocol-related information.
4.7 OSPF Network Adjustment and Optimization
You can adjust and optimize an OSPF network in the following aspects:
l By changing the OSPF packet timers, you can adjust the convergence speed of the OSPF network and the network load brought by OSPF packets. On some low-speed links, you need to consider the delay experienced when the interfaces transmit LSAs.
l By Adjusting SPF calculation interval, you can mitigate resource consumption caused by frequent network changes.
l In a network with high security requirements, you can enable OSPF authentication to enhance OSPF network security.
4.7.1 Configuration Prerequisites
Before adjusting and optimizing an OSPF network, perform the following tasks:
l Configuring the network layer addresses of interfaces so that the adjacent nodes are reachable to each other at the network layer
l Configuring basic OSPF functions
4.7.2 Configuring OSPF Timers
The Hello intervals for OSPF neighbors must be consistent. The value of Hello interval is in inverse proportion to route convergence speed and network load.
The dead time on an interface must be at least four times of the Hello interval on the same interface.
After a router sends an LSA to a neighbor, it waits for an acknowledgement packet from the neighbor. If the router receives no acknowledgement packet from the neighbor within the retransmission interval, it retransmits the LSA to the neighbor.
Table 4-14 Configure OSPF timers
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter interface view |
interface interface-type interface-number |
Required |
Configure the hello interval on the interface |
ospf timer hello seconds |
Optional By default, p2p and broadcast interfaces send Hello packets every 10 seconds; while p2mp and NBMA interfaces send Hello packets every 30 seconds. |
Configure the poll interval on the NBMA interface |
ospf timer poll seconds |
Optional By default, poll packets are sent every 40 seconds. |
Configure the dead time of the neighboring router on the interface |
ospf timer dead seconds |
Optional By default, the dead time for the OSPF neighboring router on a p2p or broadcast interface is 40 seconds and that for the OSPF neighboring router on a p2mp or NBMA interface is 120 seconds. |
Configure the interval at which the router retransmits an LSA to the neighboring router on the interface |
ospf timer retransmit interval |
Optional By default, this interval is five seconds. |
& Note:
l Default Hello and Dead timer values will be restored once the network type is changed.
l Do not set an LSA retransmission interval that is too short. Otherwise, unnecessary retransmission will occur. LSA retransmission interval must be greater than the round trip time of a packet between two routers.
4.7.3 Configuring the LSA transmission delay
Table 4-15 Configure the LSA transmission delay
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter interface view |
interface interface-type interface-number |
Required |
Configure the LSA transmission delay |
ospf trans-delay seconds |
Optional By default, the LSA transmission delay is one second. |
& Note:
The transmission of OSPF packets on a link also takes time. Therefore, a transmission delay should be added to the aging time of LSAs before the LSAs are transmitted. For a low-speed link, pay close attention on this configuration.
4.7.4 Configuring the SPF Calculation Interval
Whenever the LSDB of OSPF is changed, the shortest paths need to be recalculated. When the network changes frequently, calculating the shortest paths immediately after LSDB changes will consume enormous resources and affect the operation efficiency of the router. By adjusting the minimum SPF calculation interval, you can lighten the negative affection caused by frequent network changes.
Table 4-16 Configure the SPF calculation interval
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter OSPF view |
ospf [ process-id [ router-id router-id ] ] |
Required |
Configure the SPF calculation interval |
spf-schedule-interval interval |
Optional By default, the SPF calculation interval is five seconds. |
4.7.5 Disabling OSPF Packet Transmission on an Interface
To prevent OSPF routing information from being acquired by the routers on a certain network, use the silent-interface command to disable OSPF packet transmission on the corresponding interface.
Table 4-17 Disable OSPF packet transmission through an interface
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter OSPF view |
ospf [ process-id [ router-id router-id ] ] |
Required |
Disable OSPF packet transmission on a specified interface |
silent-interface silent-interface-type silent-interface-number |
Optional By default, all the interfaces are allowed to transmit OSPF packets. |
& Note:
l On the same interface, you can disable multiple OSPF processes from transmitting OSPF packets. The silent-interface command, however, only applies to the OSPF interface where the specified process has been enabled, without affecting the interface for any other process.
l After an OSPF interface is set to be in silent status, the interface can still advertise its direct route. However, the Hello packets from the interface will be blocked, and no neighboring relationship can be established on the interface. This enhances OSPF networking adaptability, thus reducing the consumption of system resources.
4.7.6 Configuring OSPF Authentication
Table 4-18 Configure OSPF authentication
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter OSPF view |
ospf [ process-id [ router-id router-id ] ] |
Required |
Enter OSPF area view |
area area-id |
Required |
Configure the authentication mode of the OSPF area |
authentication-mode { simple | md5 } |
Required By default, no authentication mode is configured for an area. |
Return to OSPF view |
quit |
— |
Return to system view |
quit |
— |
Enter interface view |
interface interface-type interface-number |
Required |
Configure the authentication mode of the OSPF interface |
ospf authentication-mode { simple password | md5 key-id key } |
Optional By default, OSPF packets are not authenticated on an interface. |
& Note:
l OSPF supports packet authentication and receives only those packets that are successfully authenticated. If packet authentication fails, no neighboring relationship will be established.
l The authentication modes for all routers in an area must be consistent. The authentication passwords for all routers on a network segment must also be consistent.
4.7.7 Configuring to Fill the MTU Field When an Interface Transmits DD Packets
By default, an interface uses value 0 instead of its actual MTU value when transmitting DD packets. After the following configuration, the actual MTU value of the interface is filled in the Interface MTU field of the DD packets.
Table 4-19 Configure to fill the MTU field when an interface transmits DD packets
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter Ethernet interface view |
interface interface-type interface-number |
Required |
Enable the interface to fill in the MTU field when transmitting DD packets |
ospf mtu-enable |
Optional By default, the MTU value is 0 when an interface transmits DD packets. That is, the actual MTU value of the interface is not filled in. |
4.7.8 Enabling OSPF Logging
Table 4-20 Enable OSPF logging
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter OSPF view |
ospf [ process-id [ router-id router-id ] ] |
— |
Enable the logging of neighbor status changes |
log-peer-change |
Optional Log neighbor status changes. |
4.7.9 Configuring OSPF Network Management System (NMS)
Table 4-21 Configure OSPF MIB binding
Operation |
Command |
|
Enter system view |
system-view |
— |
Configure OSPF MIB binding |
ospf mib-binding process-id |
Optional By default, MIB is bound to the first enabled OSPF process. When multiple OSPF processes are enabled, you can configure to which OSPF process the MIB is bound. |
Enable OSPF Trap |
snmp-agent trap enable ospf [ process-id ] [ ifauthfail | ifcfgerror | ifrxbadpkt | ifstatechange | iftxretransmit | lsdbapproachoverflow | lsdboverflow | maxagelsa | nbrstatechange | originatelsa | vifauthfail | vifcfgerror | virifrxbadpkt | virifstatechange | viriftxretransmit | virnbrstatechange ]* |
Optional You can configure OSPF to send diversified SNMP TRAP messages and specify a certain OSPF process to send SNMP TRAP messages by process ID. |
4.8 Displaying and Maintaining OSPF Configuration
After the above configuration, you can use the display command in any view to display and verify the OSPF configuration.
You can use the reset command in user view to reset the OSPF counter or connection.
Table 4-22 Display and maintain configuration
Operation |
Command |
Description |
Display brief information about one or all OSPF processes |
display ospf [ process-id ] brief |
You can execute the display command in any view. |
Display OSPF statistics |
display ospf [ process-id ] cumulative |
|
Display OSPF LSDB information |
display ospf [ process-id [ area-id ] ] lsdb [ brief | [ [ asbr | ase | network | nssa | router | summary ] [ ip-address ] ] [ originate-router ip-address | self-originate ] ] |
|
Display OSPF peer information |
display ospf [ process-id ] peer [ brief | statistics ] |
|
Display OSPF next hop information |
display ospf [ process-id ] nexthop |
|
Display OSPF routing table |
display ospf [ process-id ] routing |
|
Display OSPF virtual links |
display ospf [ process-id ] vlink |
|
Display OSPF request list |
display ospf [ process-id ] request-queue |
|
Display OSPF retransmission list |
display ospf [ process-id ] retrans-queue |
|
Display the information about OSPF ABR and ASBR |
display ospf [ process-id ] abr-asbr |
|
Display OSPF interface information |
display ospf [ process-id ] interface interface-type interface-number |
|
Display OSPF errors |
display ospf [ process-id ] error |
|
Display OSPF ASBR summary information |
display ospf [ process-id ] asbr-summary [ ip-address mask ] |
|
Reset one or all OSPF processes |
reset ospf [ statistics ] { all | process-id } |
Use the reset command in user view. |
4.9 OSPF Configuration Example
4.9.1 Configuring DR Election Based on OSPF Priority
I. Network requirements
Four S3600 switches, SwitchA, SwitchB, SwitchC, and SwitchD, which run OSPF, are on the same segment, as shown in Figure 4-3. Perform proper configurations to make SwitchA and SwitchC become DR and BDR respectively. Set the priority of SwitchA to 100 (the highest on the network) so that SwitchA is elected as the DR. Set the priority of SwitchC to 2 (the second highest priority) so that SwitchC is elected as the BDR. Set the priority of SwitchB to 0 so that SwitchB cannot be elected as the DR. No priority is set for SwitchD so it has a default priority of 1.
II. Network diagram
Figure 4-3 DR election based on OSPF priority
III. Configuration procedure
# Configure SwitchA.
<SwitchA> system-view
[SwitchA] interface Vlan-interface 1
[SwitchA-Vlan-interface1] ip address 196.1.1.1 255.255.255.0
[SwitchA-Vlan-interface1] ospf dr-priority 100
[SwitchA-Vlan-interface1] quit
[SwitchA] router id 1.1.1.1
[SwitchA] ospf
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 196.1.1.0 0.0.0.255
# Configure SwitchB.
<SwitchB> system-view
[SwitchB] interface Vlan-interface 1
[SwitchB-Vlan-interface1] ip address 196.1.1.2 255.255.255.0
[SwitchB-Vlan-interface1] ospf dr-priority 0
[SwitchB-Vlan-interface1] quit
[SwitchB] router id 2.2.2.2
[SwitchB] ospf
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] network 196.1.1.0 0.0.0.255
# Configure SwitchC.
<SwitchC> system-view
[SwitchC] interface Vlan-interface 1
[SwitchC-Vlan-interface1] ip address 196.1.1.3 255.255.255.0
[SwitchC-Vlan-interface1] ospf dr-priority 2
[SwitchC-Vlan-interface1] quit
[SwitchC] router id 3.3.3.3
[SwitchC] ospf
[SwitchC-ospf-1] area 0
[SwitchC-ospf-1-area-0.0.0.0] network 196.1.1.0 0.0.0.255
# Configure SwitchD.
<SwitchD> system-view
[SwitchD] interface Vlan-interface 1
[SwitchD-Vlan-interface1] ip address 196.1.1.4 255.255.255.0
[SwitchD-Vlan-interface1] quit
[SwitchD] router id 4.4.4.4
[SwitchD] ospf
[SwitchD-ospf-1] area 0
[SwitchD-ospf-1-area-0.0.0.0] network 196.1.1.0 0.0.0.255
On SwitchA, run the display ospf peer command to display its OSPF peers. Note that SwitchA has three peers.
The state of each peer is full, which means that adjacency is established between SwitchA and each peer. SwitchA and SwitchC must establish adjacencies with all the switches on the network so that they can serve as the DR and BDR respectively on the network. SwitchA is DR, while SwitchC is BDR on the network. All the other neighbors are DR others (This means that they are neither DRs nor BDRs).
# Change the priority of SwitchB to 200.
<SwitchB> system-view
[SwitchB] interface Vlan-interface 1
[SwitchB-Vlan-interface1] ospf dr-priority 200
On SwitchA, run the display ospf peer command to display its OSPF peers. Note that the priority of SwitchB has been changed to 200, but it is still not the DR.
The DR is changed only when the current DR turn offline. Shut down SwitchA, and run the display ospf peer command on SwitchD to display its peers. Note that the original BDR (SwitchC) becomes the DR and SwitchB becomes BDR now.
If all Ethernet Switches on the network are removed from and then added to the network again, SwitchB will be elected as the DR (with a priority of 200), and SwitchA will be the BDR (with a priority of 100). Shutting down and restarting all of the switches will bring about a new round of DR/BDR selection.
4.9.2 Configuring OSPF Virtual Link
I. Network requirements
As shown in Figure 4-4, Area 2 and Area 0 are not directly interconnected. It is required to use Area 1 as a transition area for interconnecting Area 2 and Area 0. Correctly configure a virtual link between SwitchB and SwitchC in Area 1.
II. Network diagram
Figure 4-4 OSPF virtual link configuration
III. Configuration procedure
# Configure SwitchA.
<SwitchA> system-view
[SwitchA] interface Vlan-interface 1
[SwitchA-Vlan-interface1] ip address 196.1.1.1 255.255.255.0
[SwitchA-Vlan-interface1] quit
[SwitchA] router id 1.1.1.1
[SwitchA] ospf
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 196.1.1.0 0.0.0.255
# Configure SwitchB.
<SwitchB> system-view
[SwitchB] interface vlan-interface 1
[SwitchB-Vlan-interface1] ip address 196.1.1.2 255.255.255.0
[SwitchB-Vlan-interface1] quit
[SwitchB] interface vlan-interface 2
[SwitchB-Vlan-interface2] ip address 197.1.1.2 255.255.255.0
[SwitchB-Vlan-interface2] quit
[SwitchB] router id 2.2.2.2
[SwitchB] ospf
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] network 196.1.1.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] area 1
[SwitchB-ospf-1-area-0.0.0.1] network 197.1.1.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.1] vlink-peer 3.3.3.3
# Configure SwitchC.
<SwitchC> system-view
[SwitchC] interface Vlan-interface 1
[SwitchC-Vlan-interface1] ip address 152.1.1.1 255.255.255.0
[SwitchC-Vlan-interface1] quit
[SwitchC] interface Vlan-interface 2
[SwitchC-Vlan-interface2] ip address 197.1.1.1 255.255.255.0
[SwitchC-Vlan-interface2] quit
[SwitchC] router id 3.3.3.3
[SwitchC] ospf
[SwitchC-ospf-1] area 1
[SwitchC-ospf-1-area-0.0.0.1] network 197.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.1] vlink-peer 2.2.2.2
[SwitchC-ospf-1-area-0.0.0.1] quit
[SwitchC-ospf-1] area 2
[SwitchC-ospf-1-area-0.0.0.2] network 152.1.1.0 0.0.0.255
4.10 Troubleshooting OSPF Configuration
Symptom 1: OSPF has been configured in accordance with the above-mentioned steps, but OSPF does not run normally on the switch.
Solution: Perform the following procedure.
Local fault removal: Firstly, check whether the protocol works normally between two directly connected routers. The normal sign is that the peer state machine between the two routers reaches the FULL state. Note: On a broadcast or NBMA network, if the interfaces between two routers are in DROther state, the peer state machine between the two routers are in 2-way state, instead of FULL state. The peer state machine between DR/BDR and all the other routers is in FULL state.
l Use the display ospf peer command to view peers.
l Use the display ospf interface command to view the OSPF information on an interface.
l Check whether the physical connection is correct and the lower layer protocol operates normally. You can use the ping command to test. If the local router cannot ping through the peer router, it indicates that faults exist on the physical link and the lower level protocol.
l If the physical connection and the lower layer protocol are normal, check the OSPF parameters configured on the interface. Verify that these parameter configurations are consistent with those on the peer interface. The area IDs must be the same, and the network segments and the masks must also be consistent (p2p or virtually linked segments can have different segments and masks).
l Ensure that the dead timer value is at least four times of the hello timer value on the same interface.
l If the network type is NBMA, you must use the peer ip-address command to manually specify a peer.
l If the network type is broadcast or NBMA, ensure that there is at least one interface with a priority greater than zero.
l If an area is set to a stub area, ensure that the area is set to a stub area for all the routers connected to this area.
l Ensure that the interface types of two neighboring routers are consistent.
l If two or more areas are configured, ensure that at least one area is configured as the backbone area; that is, the area ID of an area is 0.
l Ensure that the backbone area is connected to all the other areas.
l Ensure that no virtual link passes through a stub area.
Global fault removal: If OSPF still cannot discover the remote routes after the above procedure is performed, check the following configurations:
l If two or more areas are configured on a router, at least one area should be configured to be connected to the backbone area.
As shown in Figure 4-5, RTA and RTD are configured to belong to only one area, whereas RTB (Area 0 and Area 1) and RTC (Area 1 and Area 2) are configured to belong to two areas. RTB also belongs to area 0, which meets the requirement. However, none of the areas of RTC is Area 0. Therefore, a virtual link should be set up between RTC and RTB. Ensure that Area 2 and Area 0 (backbone area) are interconnected.
l A virtual link cannot pass through a stub area. The backbone area (Area 0) cannot be configured as a stub area. So, if a virtual link has been set up between RTB and RTC, neither Area 1 nor Area 0 can be configured as a stub area. In Figure 4-5, only Area 2 can be configured as a stub area.
l A router in a stub area cannot receive external routes.
The backbone area must guarantee the connectivity between various nodes.
Chapter 5 IP Routing Policy Configuration
& Note:
When running a routing protocol, the Ethernet switch also functions as a router. The words “router” and the router icons covered in the following text represent routers in common sense and Ethernet switches running a routing protocol.
5.1 IP Routing Policy Overview
When a router distributes or receives routing information, it may need to implement some policies to filter the routing information, so as to receive or distribute only the routing information meeting given conditions. A routing protocol (RIP, for example) may need to import the routing information discovered by other protocols to enrich its routing knowledge. While importing routing information from another protocol, it possibly only needs to import the routes meeting given conditions and set some attributes of the imported routes to make the routes meet the requirements of this protocol.
For the implementation of a routing policy, you need to define a set of matching rules by specifying the characteristics of the routing information to be filtered. You can set the rules based on such attributes as destination address and source address of the information. The matching rules can be set in advance and then used in the routing policies to advertise, receive, and import routes.
The S3600 series provide three kinds of filters (Route-policy, ACL, and ip-prefix), which can be referenced by routing protocols. The following sections introduce these filters.
I. Route-policy
A route policy is used to match some attributes with given routing information and the attributes of the information will be set if the conditions are satisfied.
A route policy can comprise multiple nodes. Each node is a unit for matching test, and the nodes will be matched in the order of their node numbers. Each node comprises a set of if-match and apply clauses. The if-match clauses define the matching rules. The matching objects are some attributes of routing information. The relationship among the if-match clauses for a node is “AND”. As a result, a matching test against a node is successful only when all the matching conditions specified by the if-match clauses in the node are satisfied. The apply clauses specify the actions performed after a matching test against the node is successful, and the actions can be the attribute settings of routing information.
The relationships among different nodes in a route-policy are “OR”. As a result, the system examines the nodes in the route-policy in sequence, and once the route passes a node in the route-policy, it will pass the matching test of the route-policy without entering the test of the next node.
II. ACL
The S3600 series support four types of ACLs: advanced, basic, user-defined, and layer 2 ACLs.
Normally, a basic ACL is used to filter routing information. You can specify a range of IP addresses or subnets when defining a basic ACL so as to match the destination network segment addresses or next-hop addresses of routing information. If an advanced ACL is used, the specified range of source addresses will be used for matching.
For ACL configuration, see the QoS/ACL configuration section of this manual.
III. ip-prefix
ip-prefix plays a role similar to ACL. But it is more flexible than ACL and easier to understand. When ip-prefix is applied to filtering routing information, its matching object is the destination address information field of routing information. Moreover, with ip-prefix, you can use the gateway option to specify that only routing information advertised by certain routers will be received.
An ip-prefix is identified by its ip-prefix name. Each ip-prefix can include multiple items, and each item, identified by an index-number, can independently specify the match range in network prefix form. An index-number specifies the matching sequence in the ip-prefix.
During the matching, the router checks items identified by index-number in ascending order. Once an item is met, the ip-prefix filtering is passed and no other item will be checked.
5.2 IP Routing Policy Configuration Tasks
Table 5-1 IP routing policy configuration tasks
Configuration task |
Description |
Related section |
|
Route-policy configuration |
Defining a route-policy |
Required |
|
Defining if-match clauses and apply clauses |
— |
||
ip-prefix configuration |
— |
||
Displaying IP routing policy |
— |
5.3 Route-Policy Configuration
A route-policy is used to match given routing information or some attributes of routing information and change the attributes of the routing information if the conditions are met. The above-mentioned filtering lists can serve as the match conditions:
A route-policy can comprise multiple nodes and each node comprises:
l if-match clause: Defines matching rules; that is, the filtering conditions that the routing information should satisfy for passing the current route-policy. The matching objects are some attributes of the routing information.
5.3.1 Configuration Prerequisites
Before configuring a route-policy, perform the following tasks:
l Configuring a filtering list,
l Configuring a routing protocol
Prepare the following data before the configuration:
l Route-policy name and node number
l Match conditions
l Route attributes to be changed
5.3.2 Defining a Route-Policy
Table 5-2 Define a route-policy
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Define a route-policy and enter the route-policy view |
route-policy route-policy-name { permit | deny } node node-number |
Required By default, no route-policy is defined. |
& Note:
l The permit argument specifies the matching mode for a defined node in the route-policy to be in permit mode. If a route matches the rules for the node, the apply clauses for the node will be executed and the test of the next node will not be taken. If not, however, the route takes the test of the next node.
l The deny argument specifies the matching mode for a defined node in the route-policy to be in deny mode. In this mode, no apply clause is executed. If a route satisfies all the if-match clauses of the node, no apply clause for the node will be executed and the test of the next node will not be taken. If not, however, the route takes the test of the next node.
l If multiple nodes are defined in a route-policy, at least one of them should be in permit mode. When a route-policy is applied to filtering routing information, if a piece of routing information does not match any node, the routing information will be denied by the route-policy. If all the nodes in the route-policy are in deny mode, all routing information will be denied by the route-policy.
5.3.3 Defining if-match Clauses and apply Clauses
Table 5-3 Define if-match clauses and apply clauses
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter the route-policy view |
route-policy route-policy-name { permit | deny } node node-number |
Required |
Define a rule to match the IP address of routing information |
if-match { acl acl-number | ip-prefix ip-prefix-name } |
Optional By default, no matching is performed on the address of routing information. |
Define a rule to match the routing cost of routing information |
if-match cost value |
Optional By default, no matching is performed on the routing cost of routing information. |
Define a rule to match the next-hop interface of routing information |
if-match interface interface-type interface-number |
Optional By default, no matching is performed on the next-hop interface of routing information. |
Define a rule to match the next-hop address of routing information |
if-match ip next-hop { acl acl-number | ip-prefix ip-prefix-name } |
Optional By default, no matching is performed on the next-hop address of routing information. |
Define a rule to match the tag field of OSPF routing information |
if-match tag value |
Optional By default, no matching is performed on the tag field of OSPF routing information. |
Define an action to set the cost of routing information |
apply cost value |
Optional By default, no action is defined to set the routing cost of routing information. |
Define an action to set the tag field of routing information |
apply tag value |
Optional By default, no action is defined to set the tag field of OSPF routing information. |
& Note:
l A route-policy comprises multiple nodes. The relationship among the nodes in a route-policy is “OR”. As a result, the system examines the nodes in sequence, and once the route passes a node in the route-policy, it will pass the matching test of the route-policy without entering the test of the next node.
l During the matching, the relationship among the if-match clauses for a route-policy node is “AND”. That is, a matching test against a node is successful only when all the matching conditions specified by the if-match clauses in the node are satisfied.
l If no if-match clauses are specified, all the routes will filter through the node.
l A node can comprise no if-match clause or multiple if-match clauses.
l Each node comprises a set of if-match and apply clauses. if-match clauses define matching rules. apply clauses specify the actions performed after a matching test against the node is successful, and the actions can be the attribute settings of routing information.
5.4 ip-prefix Configuration
5.4.1 Configuration Prerequisites
Before configuring a filter list, prepare the following data:
l ip-prefix name
l Range of addresses to be matched
l Extended community attribute list number
5.4.2 Configuring an ip-prefix list
An ip-prefix list is identified by its ip-prefix list name. Each ip-prefix list can comprise multiple items. Each item can independently specify a match range in the form of network prefix and is identified by an index-number. For example, the following is an ip-prefix list named abcd:
l ip ip-prefix abcd index 10 permit 1.0.0.0 8
l ip ip-prefix abcd index 20 permit 2.0.0.0 8
During the matching of a route, the router checks the items in the ascending order of index-number. Once the route match an item, the route passes the filtering of the ip-prefix list and no other item will be matched.
Table 5-4 Configure an IPv4 ip-prefix list
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Configure an IPv4 ip-prefix list |
ip ip-prefix ip-prefix-name [ index index-number ] { permit | deny } network len [ greater-equal greater-equal | less-equal less-equal ] |
Required By default, no ip-prefix list is specified. If all the list items are in deny mode, all routing information will be denied by the filter list. You are recommended to define the item permit 0.0.0.0 0 greater-equal 0 less-equal 32 after multiple items in the deny mode so as to permit all other IPv4 routes. |
& Note:
If more than one ip-prefix item are defined, the match mode of at least one item should be the permit mode.
5.5 Displaying IP Routing Policy
After the above configuration, execute the display command in any view to display and verify the routing policy configuration.
Table 5-5 Display a route policy
Operation |
Command |
Description |
Display route-policy information |
display route-policy [ route-policy-name ] |
You can execute the display command in any view. |
Display address prefix list information |
display ip ip-prefix [ ip-prefix-name ] |
5.6 IP Routing Policy Configuration Example
5.6.1 Configuring to Filter Received Routing Information
I. Network requirements
SwitchA communicates with SwitchB. OSPF protocol is enabled on both switches. The router ID of SwitchA is 1.1.1.1 and that of SwitchB is 2.2.2.2.
Configure three static routes and enable OSPF on SwitchA.
By configuring route filtering rules on SwitchA make the three received static routes partially visible and partially shielded: the routes of network segments 20.0.0.0 and 40.0.0.0 are visible, and the route of network segment 30.0.0.0 is shielded.
View the OSPF routing table to check the routing policy takes effect.
II. Network diagram
Figure 5-1 Filtering received routing information
III. Configuration procedure
l Configure SwitchA:
# Configure the IP addresses of the interfaces.
<SwitchA> system-view
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] ip address 10.0.0.1 255.0.0.0
[SwitchA-Vlan-interface100] quit
[SwitchA] interface vlan-interface 200
[SwitchA-Vlan-interface200] ip address 12.0.0.1 255.0.0.0
[SwitchA-Vlan-interface200] quit
# Configure three static routes.
[SwitchA] ip route-static 20.0.0.1 255.0.0.0 12.0.0.2
[SwitchA] ip route-static 30.0.0.1 255.0.0.0 12.0.0.2
[SwitchA] ip route-static 40.0.0.1 255.0.0.0 12.0.0.2
# Enable the OSPF protocol and specify the ID of the area to which the interface 10.0.0.1 belongs.
<SwitchA> system-view
[SwitchA] router id 1.1.1.1
[SwitchA] ospf
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 10.0.0.0 0.255.255.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1]quit
# Configure an ACL.
[SwitchA] acl number 2000
[SwitchA-acl-basic-2000] rule deny source 30.0.0.0 0.255.255.255
[SwitchA-acl-basic-2000] rule permit source any
[SwitchA-acl-basic-2000] quit
# Configure a route-policy.
[SwitchA] route-policy ospf permit node 10
[SwitchA-route-policy] if-match acl 2000
[SwitchA-route-policy] quit
# Apply route policy when the static routes are imported.
[SwitchA] ospf
[SwitchA-ospf-1] import-route static route-policy ospf
l Configure SwitchB:
# Configure the IP address of the interface.
<SwitchB> system-view
[SwitchB] interface vlan-interface 100
[SwitchB-Vlan-interface100] ip address 10.0.0.2 255.0.0.0
[SwitchB-Vlan-interface100] quit
# Enable the OSPF protocol and specify the ID of the area to which the interface belongs.
[SwitchB] router id 2.2.2.2
[SwitchB] ospf
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] network 10.0.0.0 0.255.255.255
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
# Display the OSPF routing table on SwitchB and check if route policy takes effect.
<SwitchB> display ospf routing
OSPF Process 1 with Router ID 2.2.2.2
Routing Tables
Routing for Network
Destination Cost Type NextHop AdvRouter Area
10.0.0.0/8 1 Transit 10.0.0.2 1.1.1.1 0.0.0.0
Routing for ASEs
Destination Cost Type Tag NextHop AdvRouter
20.0.0.0/8 1 Type2 1 10.0.0.1 1.1.1.1
40.0.0.0/8 1 Type2 1 10.0.0.1 1.1.1.1
Total Nets: 3
Intra Area: 1 Inter Area: 0 ASE: 2 NSSA: 0
5.7 Troubleshooting IP Routing Policy
Symptom: Routing information cannot be filtered when the routing protocol runs normally.
Solution: Check to see the following requirements are satisfied.
At least one node in a route-policy should be in permit mode. When a route-policy is used to filter routing information, if a piece of routing information filters through no node in the route-policy, it means that the route information does not pass the filtering of the route-policy. Therefore, when all the nodes in the route-policy are in the deny mode, no routing information will pass the filtering of the route-policy.
At least one item in an ip-prefix list should be in permit mode. The items in deny mode can be defined first to rapidly filter out the routing information not meeting the condition. However, if all the items are in the deny mode, no route will pass the ip-prefix filtering. You can define the item “permit 0.0.0.0 0 less-equal 32” after multiple items in the deny mode for all other routes to pass the filtering (if less-equal 32 is not specified, only the default route will be matched).
Chapter 6 Route Capacity Configuration
& Note:
When running a routing protocol, the Ethernet switch also functions as a router. The words “router” and the router icons covered in the following text represent routers in common sense and Ethernet switches running a routing protocol.
Among S3600 series, only S3600-EI series switches support route capacity configuration.
6.1 Route Capacity Configuration Overview
6.1.1 Introduction
In practical networking applications, there are a large number of routes, especially OSPF routes, in the routing table. Normally, routing information is stored in the memory of the switch. While the size of the routing table increases, the total memory of the switch remains unchanged unless the hardware is upgraded. However, upgrading may not always solve the problem.
To solve this problem, the S3600 series provide a mechanism to control the size of the routing table; that is, monitoring the free memory in the system to determine whether to add new routes to the routing table and whether to keep the connection of a routing protocol.
Caution:
Note that, normally, the default system configuration meets the requirements. To avoid decreasing system stability and availability due to improper configuration, it is not recommended to modify the configuration yourself.
6.1.2 Route Capacity Limitation on the S3600 Series
Huge routing tables are usually caused by OSPF routes. Therefore, the route capacity limitation implemented by an S3600 Ethernet switch applies to OSPF routes only but not to static and RIP routes.
When the free memory of the switch is equal to or lower than the lower limit, OSPF connection will be disconnected and OSPF routes will be removed from the routing table.
If automatic protocol connection recovery is enabled, when the free memory of the switch restores to a value larger than the safety value, the switch automatically re-establishes the OSPF connection. If the automatic protocol connection recovery function is disabled, the switch will not reestablish the disconnected OSPF connection even when the free memory restores to a value larger than the safety value.
6.2 Route Capacity Configuration
Route capacity configuration includes:
l Configuring the lower limit and the safety value of switch memory,
l Enabling/disabling the switch to recover the disconnected routing protocol automatically.
6.2.1 Configuring the Lower Limit and the Safety Value of the Switch Memory
Table 6-1 Set the lower limit and the safety value of switch memory
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Set the lower limit and the safety value of switch memory |
memory { safety safety-value | limit limit-value }* |
Optional By default, the default values are used. |
& Note:
The safety-value must be greater than the limit-value.
6.2.2 Enabling/Disabling Automatic Protocol Recovery
Table 6-2 Enable automatic protocol recovery
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enable automatic protocol recovery |
memory auto-establish enable |
Optional By default, automatic protocol recovery is enabled. |
Table 6-3 Disable automatic protocol recovery
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Disable automatic protocol recovery |
memory auto-establish disable |
Optional By default, automatic protocol recovery is enabled. |
& Note:
If automatic protocol recovery is disabled, the OSPF connection will not recover even when the free memory exceeds the safety value. Therefore, take cautions when disabling the function.
6.3 Displaying Route Capacity Configuration
After the above configuration, you can use the display command in any view to display and verify the route capacity configuration.
Table 6-4 Display route capacity configuration
Operation |
Command |
Description |
Display memory occupancy of a switch |
display memory [ unit unit-id ] |
You can execute the display command in any view. |
Display the route capacity related memory setting and state information |
display memory limit |