- Table of Contents
-
- H3C S5500-SI Series Ethernet Switches Operation Manual(V1.01)
- 00-1Cover
- 00-2Overview
- 01-Login Configuration
- 02-VLAN Configuration
- 03-IP Addressing and IP Performance Configuration
- 04-QinQ-BPDU TUNNEL Configuration
- 05-Port Correlation Configuration
- 06-Link Aggregation Configuration
- 07-MAC Address Table Management Configuration
- 08-Port Security Configuration
- 09-MSTP Configuration
- 10-IPv6 Configuration
- 11-IP Routing Overview Configuration
- 12-IPv4 Routing Configuration
- 13-IPv6 Routing Configuration
- 14-Multicast Configuration
- 15-802.1x-HABP-MAC Authentication Configuration
- 16-AAA-RADIUS-HWTACACS Configuration
- 17-ARP Configuration
- 18-DHCP Configuration
- 19-ACL Configuration
- 20-QoS Configuration
- 21-Port Mirroring Configuration
- 22-UDP Helper Configuration
- 23-Cluster Management Configuration
- 24-SNMP-RMON Configuration
- 25-NTP Configuration
- 26-DNS Configuration
- 27-File System Management Configuration
- 28-Information Center Configuration
- 29-System Maintaining and Debugging Configuration
- 30-NQA Configuration
- 31-SSH Configuration
- 32-Track Configuration
- 33-PoE Configuration
- 34-SSL-HTTPS Configuration
- 35-PKI Configuration
- 36-Stack Management Configuration
- 37-Appendix
- Related Documents
-
Title | Size | Download |
---|---|---|
12-IPv4 Routing Configuration | 305 KB |
Table of Contents
Chapter 1 Static Routing Configuration
1.1.3 Application Environment of Static Routing
1.2 Configuring a Static Route
1.2.1 Configuration Prerequisites
1.3 Detecting Reachability of the Static Route’s Nexthop
1.3.1 Detecting Nexthop Reachability Through Track
1.4 Displaying and Maintaining Static Routes
2.2 Configuring RIP Basic Functions
2.2.1 Configuration Prerequisites
2.3 Configuring RIP Route Control
2.3.1 Configuring an Additional Routing Metric
2.3.2 Configuring RIPv2 Route Summarization
2.3.3 Disabling Host Route Reception
2.3.4 Advertising a Default Route
2.3.5 Configuring Inbound/Outbound Route Filtering
2.3.6 Configuring a Priority for RIP
2.3.7 Configuring RIP Route Redistribution
2.4 Configuring RIP Network Optimization
2.4.2 Configuring Split Horizon and Poison Reverse
2.4.3 Enabling Zero Field Check on Incoming RIPv1 Messages
2.4.4 Enabling Source IP Address Check on Incoming RIP Updates
2.4.5 Configuring RIPv2 Message Authentication
2.4.6 Specifying a RIP Neighbor
2.5 Displaying and Maintaining RIP
2.6 RIP Configuration Examples
2.7.2 Route Oscillation Occurred
Chapter 3 Routing Policy Configuration
3.1 Introduction to Routing Policy
3.1.3 Routing Policy Application
3.2 Routing Policy Configuration Task List
3.3.2 Defining an IPv4 prefix List
3.4 Configuring a Routing Policy
3.4.2 Creating a Routing Policy
3.4.3 Defining if-match Clauses for the Routing Policy
3.4.4 Defining apply Clauses for the Routing Policy
3.5 Displaying and Maintaining the Routing Policy
3.6 Routing Policy Configuration Example
3.6.1 Applying Routing Policy When Redistributing IPv4 Routes
3.7 Troubleshooting Routing Policy Configuration
3.7.1 IPv4 Routing Information Filtering Failure
Chapter 1 Static Routing Configuration
When configuring a static route, go to these sections for information you are interested in:
l Detecting Reachability of the Static Route’s Nexthop
l Displaying and Maintaining Static Routes
& Note:
The term “router” in this document refers to a router in a generic sense or a Layer 3 switch.
1.1 Introduction
1.1.1 Static Route
A static route is a special route that is manually configured by the network administrator. If a network’s topology is simple, you only need to configure static routes for the network to work normally. The proper configuration and usage of static routes can improve network performance and ensure bandwidth for important network applications.
The disadvantage of using static routes is that they cannot adapt to network topology changes. If a fault or a topological change occurs in the network, the routes will be unreachable and the network breaks. In this case, the network administrator has to modify the static routes manually.
1.1.2 Default Route
A router selects the default route only when it cannot find any matching entry in the routing table.
If there is no default route and the destination address of the packet fails to match any entry in the routing table, the packet will be discarded and an ICMP packet will be sent to the source to report that the destination or the network is unreachable.
You can create the default route with both destination and mask being 0.0.0.0, and some dynamic routing protocols, such as OSPF, RIP and IS-IS, can also generate the default route.
1.1.3 Application Environment of Static Routing
Before configuring a static route, you need to know the following concepts:
1) Destination address and mask
In the ip route-static command, an IPv4 address is in dotted decimal format and a mask can be either in dotted decimal format or in the form of mask length (the digits of consecutive 1s in the mask).
2) Output interface and next hop address
While configuring a static route, you can specify either the output interface or the next hop address depending on the specific occasion. The next hop address can not be a local interface IP address; otherwise, the route configuration will not take effect.
In fact, all the route entries must have a next hop address. When forwarding a packet, a router first searches the routing table for the route to the destination address of the packet. The system can find the corresponding link layer address and forward the packet only after the next hop address is specified.
When specifying the output interface, note that:
l If the output interface is a NULL 0 interface, there is no need to configure the next hop address.
l You are not recommended to specify a broadcast interface (such as VLAN interface) as the output interface, because a broadcast interface may have multiple next hops. If you have to do so, you must specify the corresponding next hop for the output interface.
3) Other attributes
You can configure different preferences for different static routes so that route management policies can be applied more flexibly. For example, specifying the same preference for different routes to the same destination enables load sharing, while specifying different preferences for these routes enables route backup.
1.2 Configuring a Static Route
1.2.1 Configuration Prerequisites
Before configuring a static route, you need to configure the IP addresses for related interfaces.
1.2.2 Configuration Procedure
Follow these steps to configure a static route:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
— |
Configure a static route |
ip route-static dest-address { mask | mask-length } { next-hop-address | interface-type interface-number [ next-hop-address ] } [ preference preference-value ] [ tag tag-value ] [ description description-text ] |
Required By default, preference for static routes is 60, tag is 0, and no description information is configured. |
Configure the default preference for static routes |
ip route-static default-preference default-preference-value |
Optional 60 by default |
& Note:
l When configuring a static route, the static route does not take effect if you specify the next hop address first and then configure it as the IP address of a local interface, such as a VLAN interface.
l If you do not specify the preference when configuring a static route, the default preference will be used. Reconfiguring the default preference applies only to newly created static routes.
l You can flexibly control static routes by configuring tag values and using the tag values in the routing policy.
l If the destination IP address and mask are both configured as 0.0.0.0 with the ip route-static command, the route is the default route.
1.3 Detecting Reachability of the Static Route’s Nexthop
If a static route fails due to a topology change or a fault, the connection will be interrupted. To improve network stability, the system needs to detect reachability of the static route’s next hop and switch to a backup route once the next hop is unreachable.
1.3.1 Detecting Nexthop Reachability Through Track
If you specify the nexthop but not outgoing interface when configuring a static route, you can associate the static route with a track entry to check the static route validity:
l When the track entry is positive, the static route's nexthop is reachable and the static route takes effect.
l When the track entry is negative, the static route's nexthop is unreachable and the static route is invalid. For details about track, refer to Track Configuration.
I. Network requirements
To detect the reachability of a static route's nexthop through a Track entry, you need to create a Track first. For detailed Track configuration procedure, refer to Track Configuration.
II. Configuration procedure
Follow these steps to detect the reachability of a static route's nexthop through Track:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
— |
Associate the static route with a track entry |
ip route-static dest-address { mask | mask-length } next-hop-address track track-entry-number [ preference preference-value ] [ tag tag-value ] [ description description-text ] |
Required Not configured by default |
& Note:
l To configure this feature for an existing static route, simply associate the static route with a track entry. For a non-existent static route, configure it and associate it with a Track entry.
l If a static route needs route recursion, the associated track entry must monitor the nexthop of the recursive route instead of that of the static route; otherwise, a valid route may be mistakenly considered invalid.
1.4 Displaying and Maintaining Static Routes
To do… |
Use the command… |
Remarks |
Display the current configuration information |
display current-configuration |
Available in any view |
Display the brief information of the IP routing table |
display ip routing-table |
|
Display the detailed information of the IP routing table |
display ip routing-table verbose |
|
View information of static routes |
display ip routing-table protocol static [ inactive | verbose ] |
|
Delete all the static routes |
delete static-routes all |
Available In system view |
1.5 Configuration Example
I. Network requirements
The IP addresses and masks of the switches and hosts are shown in the following figure. Static routes are required for interconnection between any two hosts.
II. Network diagram
Figure 1-1 Network diagram for static route configuration
III. Configuration procedure
1) Configuring IP addresses for interfaces (omitted)
2) Configuring static routes
# Configure a default route on Switch A
<SwitchA> system-view
[SwitchA] ip route-static 0.0.0.0 0.0.0.0 1.1.4.2
# Configure two static routes on Switch B
<SwitchB> system-view
[SwitchB] ip route-static 1.1.2.0 255.255.255.0 1.1.4.1
[SwitchB] ip route-static 1.1.3.0 255.255.255.0 1.1.5.6
# Configure a default route on Switch C
<SwitchC> system-view
[SwitchC] ip route-static 0.0.0.0 0.0.0.0 1.1.5.5
3) Configure the hosts
The default gateways for the three hosts A, B and C are 1.1.2.3, 1.1.6.1 and 1.1.3.1 respectively. The configuration procedure is omitted.
4) Display the configuration result
# Display the IP routing table of Switch A.
[SwitchA] display ip routing-table
Routing Tables: Public
Destinations : 7 Routes : 7
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 Static 60 0 1.1.4.2 Vlan500
1.1.2.0/24 Direct 0 0 1.1.2.3 Vlan300
1.1.2.3/32 Direct 0 0 127.0.0.1 InLoop0
1.1.4.0/30 Direct 0 0 1.1.4.1 Vlan500
1.1.4.1/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
# Display the IP routing table of Switch B.
[SwitchB] display ip routing-table
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost NextHop Interface
1.1.2.0/24 Static 60 0 1.1.4.1 Vlan500
1.1.3.0/24 Static 60 0 1.1.5.6 Vlan600
1.1.4.0/30 Direct 0 0 1.1.4.2 Vlan500
1.1.4.2/32 Direct 0 0 127.0.0.1 InLoop0
1.1.5.0/30 Direct 0 0 1.1.5.5 Vlan600
1.1.5.5/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
1.1.6.0/24 Direct 0 0 1.1.6.1 Vlan100
1.1.6.1/32 Direct 0 0 127.0.0.1 InLoop0
# From Host A, use the ping command to verify the network layer reachability to Host B and Host C.
Chapter 2 RIP Configuration
& Note:
l The term “router” in this document refers to a router in a generic sense or a Layer 3 switch.
l The S5500-SI series only support single RIP process.
When configuring RIP, go to these sections for information you are interested in:
l Configuring RIP Basic Functions
l Configuring RIP Route Control
l Configuring RIP Network Optimization
l Displaying and Maintaining RIP
2.1 RIP Overview
RIP is a simple Interior Gateway Protocol (IGP), mainly used in small-sized networks, such as academic networks and simple LANs. RIP is not applicable to complex networks.
RIP is still widely used in practical networking due to easier implementation, configuration and maintenance than OSPF and IS-IS.
2.1.1 RIP Working Mechanism
I. Basic concepts
RIP is a distance vector routing protocol, using UDP packets for exchanging information through port 520.
RIP uses a hop count to measure the distance to a destination. The hop count is known as the metric. The hop count from a router to a directly connected network is 0. The hop count from one router to a directly connected router is 1. To limit convergence time, the range of RIP metric value is from 0 to 15. A metric value of 16 (or bigger) is considered infinite, which means the destination network is unreachable. That is why RIP is not suitable for large-scaled networks.
RIP prevents routing loops by implementing the split horizon and poison reverse functions.
II. RIP routing table
A RIP router has a routing table containing routing entries of all reachable destinations, and each routing entry contains:
l Destination address: IP address of a host or a network.
l Next hop: IP address of the adjacent router’s interface to reach the destination.
l Egress interface: Packet outgoing interface.
l Metric: Cost from the local router to the destination.
l Route time: Time elapsed since the routing entry was last updated. The time is reset to 0 every time the routing entry is updated.
l Route tag: Identifies a route, used in a routing policy to flexibly control routes. For information about routing policy, refer to Routing Policy Configuration.
III. RIP timers
RIP employs four timers, update, timeout, suppress, and garbage-collect.
l The update timer defines the interval between routing updates.
l The timeout timer defines the route aging time. If no update for a route is received within the aging time, the metric of the route is set to 16 in the routing table.
l The suppress timer defines how long a RIP route stays in the suppressed state. When the metric of a route is 16, the route enters the suppressed state. In the suppressed state, only routes which come from the same neighbor and whose metric is less than 16 will be received by the router to replace unreachable routes.
l The garbage-collect timer defines the interval from when the metric of a route becomes 16 to when it is deleted from the routing table. During the garbage-collect timer length, RIP advertises the route with the routing metric set to 16. If no update is announced for that route after the garbage-collect timer expires, the route will be deleted from the routing table.
IV. Routing loops prevention
RIP is a distance vector (D-V) routing protocol. Since a RIP router advertises its own routing table to neighbors, routing loops may occur.
RIP uses the following mechanisms to prevent routing loops.
l Counting to infinity. The metric value of 16 is defined as unreachable. When a routing loop occurs, the metric value of the route will increment to 16.
l Split horizon. A router does not send the routing information learned from a neighbor to the neighbor to prevent routing loops and save bandwidth.
l Poison reverse. A router sets the metric of routes received from a neighbor to 16 and sends back these routes to the neighbor to help delete useless information from the neighbor’s routing table.
l Triggered updates. A router advertises updates once the metric of a route is changed rather than after the update period expires to speed up network convergence.
2.1.2 Operation of RIP
The following procedure describes how RIP works.
1) After RIP is enabled, the router sends Request messages to neighboring routers. Neighboring routers return Response messages including information about their routing tables.
2) After receiving such information, the router updates its local routing table, and sends triggered update messages to its neighbors. All routers on the network do the same to keep the latest routing information.
3) By default, a RIP router sends its routing table to neighbors every 30 seconds.
4) RIP ages out routes by adopting an aging mechanism to keep only valid routes.
2.1.3 RIP Version
RIP has two versions, RIPv1 and RIPv2.
RIPv1, a classful routing protocol, supports message advertisement via broadcast only. RIPv1 protocol messages do not carry mask information, which means it can only recognize routing information of natural networks such as Class A, B, C. That is why RIPv1 does not support discontiguous subnets.
RIPv2 is a classless routing protocol. Compared with RIPv1, RIPv2 has the following advantages.
l Supporting route tags. Route tags are used in routing policies to flexibly control routes.
l Supporting masks, route summarization and Classless Inter-Domain Routing (CIDR).
l Supporting designated next hops to select the best next hops on broadcast networks.
l Supporting multicast routing update to reduce resource consumption.
l Supporting plain text authentication and MD5 authentication to enhance security.
& Note:
RIPv2 has two types of message transmission: broadcast and multicast. Multicast is the default type using 224.0.0.9 as the multicast address. The interface working in the RIPv2 broadcast mode can also receive RIPv1 messages.
2.1.4 RIP Message Format
I. RIPv1 message format
A RIPv1 message consists of a header and up to 25 route entries.
Figure 2-1 shows the format of RIPv1 message.
Figure 2-1 RIPv1 Message Format
l Command: Type of message. 1 indicates request, and 2 indicates response.
l Version: Version of RIP, 0x01 for RIPv1.
l AFI: Address Family Identifier, 2 for IP.
l IP Address: Destination IP address of the route. It can be a natural network, subnet or a host address.
l Metric: Cost of the route.
II. RIPv2 message format
The format of RIPv2 message is similar with RIPv1. Figure 2-2 shows it.
Figure 2-2 RIPv2 Message Format
The differences from RIPv1 are stated as following.
l Version: Version of RIP. For RIPv2 the value is 0x02.
l Route Tag: Route Tag.
l IP Address: Destination IP address. It could be a natural network address, subnet address or host address.
l Subnet Mask: Mask of the destination address.
l Next Hop: If set to 0.0.0.0, it indicates that the originator of the route is the best next hop; otherwise it indicates a next hop better than the originator of the route.
III. RIPv2 authentication
RIPv2 sets the AFI field of the first route entry to 0xFFFF to identify authentication information. See Figure 2-3.
Figure 2-3 RIPv2 Authentication Message
l Authentication Type: 2 represents plain text authentication, while 3 represents MD5.
l Authentication: Authentication data, including password information when plain text authentication is adopted or including key ID, MD5 authentication data length and sequence number when MD5 authentication is adopted.
& Note:
l RFC 1723 only defines plain text authentication. For information about MD5 authentication, refer to RFC2082 “RIPv2 MD5 Authentication”.
l With RIPv1, you can configure the authentication mode in interface view. However, the configuration will not take effect because RIPv1 does not support authentication.
2.1.5 Supported RIP Features
The current implementation supports RIPv1 and RIPv2
2.1.6 Protocols and Standards
RFC 1058: Routing Information Protocol
RFC 1723: RIP Version 2 - Carrying Additional Information
RFC 1721: RIP Version 2 Protocol Analysis
RFC 1722: RIP Version 2 Protocol Applicability Statement
RFC 1724: RIP Version 2 MIB Extension
RFC 2082: RIPv2 MD5 Authentication
2.2 Configuring RIP Basic Functions
2.2.1 Configuration Prerequisites
Before configuring RIP basic functions, configure IP addresses for interfaces, making all adjacent nodes reachable to each other at the network layer.
2.2.2 Configuration Procedure
I. Enabling RIP and a RIP interface
Follow these steps to enable RIP:
Use the command… |
Remarks |
|
Enter system view |
System-view |
–– |
Enable a RIP process and enter RIP view |
rip [ process-id ] |
Required Not enabled by default |
Enable RIP on the interface attached to the specified network |
network network-address |
Required Disabled by default |
& Note:
l If you make some RIP configurations in interface view before enabling RIP, those configurations will take effect after RIP is enabled.
l RIP runs only on the interfaces residing on the specified networks. Therefore, you need to specify the network after enabling RIP to validate RIP on a specific interface.
l You can enable RIP on all interfaces using the command network 0.0.0.0.
II. Configuring the interface behavior
Follow these steps to configure the interface behavior:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
–– |
Enter RIP view |
rip [ process-id ] |
–– |
Disable an or all interfaces from sending routing updates (the interfaces can still receive updates) |
silent-interface { all | interface-type interface-number } |
Optional All interfaces can send routing updates by default. |
Return to system view |
quit |
— |
Enter interface view |
interface interface-type interface-number |
— |
Enable the interface to receive RIP messages |
rip input |
Optional Enabled by default |
Enable the interface to send RIP messages |
rip output |
Optional Enabled by default |
III. Configuring a RIP version
You can configure a RIP version in RIP or interface view.
l If neither global nor interface RIP version is configured, the interface sends RIPv1 broadcasts and can receive RIPv1 broadcast and unicast packets, and RIPv2 broadcast, multicast, and unicast packets.
l If an interface has no RIP version configured, it uses the global RIP version; otherwise it uses the RIP version configured on it.
l With RIPv1 configured, an interface sends RIPv1 broadcasts, and can receive RIPv1 broadcasts and RIPv1 unicasts.
l With RIPv2 configured, a multicast interface sends RIPv2 multicasts and can receive RIPv2 unicasts, broadcasts and multicasts.
l With RIPv2 configured, a broadcast interface sends RIPv2 broadcasts and can receive RIPv1 unicasts, and broadcasts, and RIPv2 broadcasts, multicasts and unicasts.
Follow these steps to configure a RIP version:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
–– |
Enter RIP view |
rip [ process-id ] |
–– |
Specify a global RIP version |
version { 1 | 2 } |
Optional By default, if an interface has a RIP version specified, the version takes precedence over the global one. If no RIP version is specified for an interface, the interface can send RIPv1 broadcasts, and receive RIPv1 broadcasts, unicasts, RIPv2 broadcasts, multicasts and unicasts. |
Return to system view |
Quit |
— |
Enter interface view |
interface interface-type interface-number |
–– |
Specify a RIP version for the interface |
rip version { 1 | 2 [ broadcast | multicast ] } |
Optional |
2.3 Configuring RIP Route Control
In complex networks, you need to configure advanced RIP features.
This section covers the following topics:
l Configuring an Additional Routing Metric
l Configuring RIPv2 Route Summarization
l Disabling Host Route Reception
l Configuring Inbound/Outbound Route Filtering
l Configuring a Priority for RIP
l Configuring RIP Route Redistribution
Before configuring RIP routing feature, complete the following tasks:
l Configure an IP address for each interface, and make sure all neighboring routers are reachable to each other.
l Configure RIP basic functions
2.3.1 Configuring an Additional Routing Metric
An additional routing metric can be added to the metric of an inbound or outbound RIP route.
The outbound additional metric is added to the metric of a sent route, the route’s metric in the routing table is not changed.
The inbound additional metric is added to the metric of a received route before the route is added into the routing table, so the route’s metric is changed.
Follow these steps to configure additional routing metrics:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
–– |
Enter interface view |
interface interface-type interface-number |
–– |
Define an inbound additional routing metric |
rip metricin [ route-policy route-policy-name ] value |
Optional 0 by default |
Define an outbound additional routing metric |
rip metricout [ route-policy route-policy-name ] value |
Optional 1 by default |
2.3.2 Configuring RIPv2 Route Summarization
Route summarization means that subnets in a natural network are summarized with a natural network that is sent to other networks. This feature can reduce the size of routing tables.
I. Enabling RIPv2 route automatic summarization
You can disable RIPv2 route automatic summarization if you want to advertise all subnet routes.
Follow these steps to enable RIPv2 route automatic summarization:
Use the command… |
Remarks |
|
Enter system view |
system-view |
–– |
Enter RIP view |
rip [ process-id ] |
–– |
Enable RIPv2 automatic route summarization |
summary |
Optional Enabled by default |
II. Advertising a summary route
You can configure RIPv2 to advertise a summary route on the specified interface.
To do so, use the following commands:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
–– |
Enter RIP view |
rip [ process-id ] |
–– |
Disable RIPv2 automatic route summarization |
undo summary |
Required Enabled by default |
Return to system view |
quit |
— |
Enter interface view |
interface interface-type interface-number |
— |
Advertise a summary route |
rip summary-address ip-address { mask | mask-length } |
Required |
& Note:
You need to disable RIPv2 route automatic summarization before advertising a summary route on an interface.
2.3.3 Disabling Host Route Reception
Sometimes a router may receive many host routes from the same network, which are not helpful for routing and occupy a large amount of network resources. In this case, you can disable RIP from receiving host routes to save network resources.
Follow these steps to disable RIP from receiving host routes:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
— |
Enter RIP view |
rip [ process-id ] |
— |
Disable RIP from receiving host routes |
undo host-route |
Required Enabled by default |
& Note:
RIPv2 can be disabled from receiving host routes, but RIPv1 cannot.
2.3.4 Advertising a Default Route
You can configure RIP to advertise a default route with A specified metric to RIP neighbors.
Follow these steps to configure RIP to advertise a default route:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
–– |
Enter RIP view |
rip [ process-id ] |
–– |
Enable RIP to advertise a default route |
default-route originate cost value |
Required Not enabled by default |
& Note:
The router enabled to advertise a default route does not receive default routes from RIP neighbors.
2.3.5 Configuring Inbound/Outbound Route Filtering
The device supports route filtering. You can filter routes by configuring the inbound and outbound route filtering policies via referencing an ACL or IP prefix list. You can also configure the router to receive only routes from a specified neighbor.
Follow these steps to configure route filtering:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
–– |
Enter RIP view |
rip [ process-id ] |
–– |
Configure the filtering of incoming routes |
filter-policy { acl-number | gateway ip-prefix-name | ip-prefix ip-prefix-name [ gateway ip-prefix-name ] } import [ interface-type interface-number ] |
Required Not configured by default |
Configure the filtering of outgoing routes |
filter-policy { acl-number | ip-prefix ip-prefix-name } export [ protocol [ process-id ] | interface-type interface-number ] |
Required Not configured by default |
& Note:
l Using the filter-policy import command filters incoming routes. Routes not passing the filtering will be neither installed into the routing table nor advertised to neighbors.
l Using the filter-policy export command filters outgoing routes, including routes redistributed with the import-route command.
2.3.6 Configuring a Priority for RIP
Multiple IGP protocols may run in a router. If you want RIP routes to have a higher priority than those learned by other routing protocols, you can assign RIP a smaller priority value to influence optimal route selection.
Follow these steps to configure a priority for RIP:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
–– |
Enter RIP view |
rip [ process-id ] |
–– |
Configure a priority for RIP |
preference [ route-policy route-policy-name ] value |
Optional 100 by default |
2.3.7 Configuring RIP Route Redistribution
Follow these steps to configure RIP route redistribution:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
–– |
Enter RIP view |
rip [ process-id ] |
–– |
Configure a default metric for redistributed routes |
default-cost value |
Optional The default metric of a redistributed route is 0 by default. |
Redistribute routes from another protocol |
import-route protocol [ cost cost | route-policy route-policy-name | tag tag ] * |
Required No redistribution is configured by default. |
2.4 Configuring RIP Network Optimization
Complete the following tasks before configuring RIP network optimization:
l Configure network addresses for interfaces, and make neighboring nodes reachable to each other;
l Configure RIP basic functions.
2.4.1 Configuring RIP Timers
Follow these steps to configure RIP timers:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
–– |
Enter RIP view |
rip [ process-id ] |
–– |
Configure values for RIP timers |
timers { garbage-collect garbage-collect-value | suppress suppress-value | timeout timeout-value | update update-value }* |
Optional The default update timer, timeout timer, suppress timer, and garbage-collect timer are 30s, 180s, 120s and 120s respectively. |
& Note:
Based on network performance, you need to make RIP timers of RIP routers identical to each other to avoid unnecessary traffic or route oscillation.
2.4.2 Configuring Split Horizon and Poison Reverse
& Note:
If both split horizon and poison reverse are configured, only the poison reverse function takes effect.
I. Enabling split horizon
The split horizon function disables an interface from sending routes received from the interface to prevent routing loops between adjacent routers.
Follow these steps to enable split horizon:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
— |
Enter interface view |
interface interface-type interface-number |
— |
Enable split horizon |
rip split-horizon |
Optional Enabled by default |
& Note:
Disabling the split horizon function on a point-to-point link does not take effect.
II. Enabling poison reverse
The poison reverse function allows an interface to advertise the routes received from it, but the metric of these routes is set to 16, making them unreachable.
Follow these steps to enable poison reverse:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
— |
Enter interface view |
interface interface-type interface-number |
— |
Enable poison reverse |
rip poison-reverse |
Required Disabled by default |
2.4.3 Enabling Zero Field Check on Incoming RIPv1 Messages
Some fields in the RIPv1 message must be zero. These fields are called zero fields. You can enable zero field check on received RIPv1 messages. If such a field contains a non-zero value, the RIPv1 message will not be processed. If you are sure that all messages are trusty, you can disable zero field check to save CPU resources.
Follow these steps to enable zero field check on incoming RIPv1 messages:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
–– |
Enter RIP view |
rip [ process-id ] |
–– |
Enable zero field check on received RIPv1 messages |
checkzero |
Optional Enabled by default |
2.4.4 Enabling Source IP Address Check on Incoming RIP Updates
You can enable source IP address check on incoming RIP updates.
For a message received on an Ethernet interface, RIP compares the source IP address of the message with the IP address of the interface. If they are not in the same network segment, RIP discards the message.
For a message received on a serial interface, RIP checks whether the source address of the message is the IP address of the peer interface. If not, RIP discards the message.
Follow these steps to enable source IP address check on incoming RIP updates:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
–– |
Enter RIP view |
rip [ process-id ] |
–– |
Enable source IP address check on incoming RIP messages |
validate-source-address |
Optional Enabled by default |
& Note:
The source IP address check feature should be disabled if a RIP neighbor is not directly connected.
2.4.5 Configuring RIPv2 Message Authentication
RIPv2 supports two authentication modes: plain text and MD5.
In plain text authentication, the authentication information is sent with the RIP message, which however cannot meet high security needs.
Follow these steps to configure RIPv2 message authentication:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
–– |
Enter interface view |
interface interface-type interface-number |
–– |
Configure RIPv2 authentication |
rip authentication-mode { md5 { rfc2082 key-string key-id | rfc2453 key-string } | simple password } |
Required |
2.4.6 Specifying a RIP Neighbor
Usually, RIP sends messages to broadcast or multicast addresses. On non broadcast or multicast links, you need to manually specify RIP neighbors. If a specified neighbor is not directly connected, you must disable source address check on incoming updates.
Follow these steps to specify a RIP neighbor:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
–– |
Enter RIP view |
rip [ process-id ] |
–– |
Specify a RIP neighbor |
peer ip-address |
Required By default, RIP sends no updates to any IP address. |
Disable source address check on incoming RIP updates |
undo validate-source-address |
Required Not disabled by default |
& Note:
You need not use the peer ip-address command when the neighbor is directly connected; otherwise the neighbor may receive both the unicast and multicast (or broadcast) of the same routing information.
2.5 Displaying and Maintaining RIP
Use the command… |
Remarks |
|
Display RIP current status and configuration information |
display rip [ process-id ] |
Available in any view |
Display all active routes in RIP database |
display rip process-id database |
|
Display RIP interface information |
display rip process-id interface [ interface-type interface-number ] |
|
Display routing information about a specified RIP process |
display rip process-id route [ statistics | ip-address { mask | mask-length } | peer ip-address ] |
|
Clear the statistics of a RIP process |
reset rip process-id statistics |
Available in user view |
2.6 RIP Configuration Examples
2.6.1 Configuring RIP Version
I. Network requirements
As shown in Figure 2-4, enable RIPv2 on all interfaces on Switch A and Switch B.
II. Network diagram
Figure 2-4 Network diagram for RIP version configuration
III. Configuration procedure
1) Configure IP addresses for interfaces (omitted).
2) Configure basic RIP functions
# Configure Switch A.
<SwitchA> system-view
[SwitchA] rip
[SwitchA-rip-1] network 192.168.1.0
[SwitchA-rip-1] network 172.16.0.0
[SwitchA-rip-1] network 172.17.0.0
[SwitchA-rip-1] quit
# Configure Switch B.
<SwitchB> system-view
[SwitchB] rip
[SwitchB-rip-1] network 192.168.1.0
[SwitchB-rip-1] network 10.0.0.0
[SwitchB-rip-1] quit
# Display the RIP routing table of Switch A.
[SwitchA] display rip 1 route
Route Flags: R - RIP, T - TRIP
P - Permanent, A - Aging, S - Suppressed, G - Garbage-collect
-------------------------------------------------------------------------
Peer 192.168.1.2 on Vlan-interface100
Destination/Mask Nexthop Cost Tag Flags Sec
10.0.0.0/8 192.168.1.2 1 0 RA 11
From the routing table, you can find RIPv1 uses natural mask.
3) Configure RIP version
# Configure RIPv2 on Switch A.
[SwitchA] rip
[SwitchA-rip-1] version 2
[SwitchA-rip-1] undo summary
# Configure RIPv2 on Switch B.
[SwitchB] rip
[SwitchB-rip-1] version 2
[SwitchB-rip-1] undo summary
# Display the RIP routing table on Switch A.
[SwitchA] display rip 1 route
Route Flags: R - RIP, T - TRIP
P - Permanent, A - Aging, S - Suppressed, G - Garbage-collect
--------------------------------------------------------------------------
Peer 192.168.1.2 on Vlan-interface100
Destination/Mask Nexthop Cost Tag Flags Sec
10.2.1.0/24 192.168.1.2 1 0 RA 16
10.1.1.0/24 192.168.1.2 1 0 RA 16
From the routing table, you can see RIPv2 uses classless subnet masks.
& Note:
Since RIPv1 routing information has a long aging time, it will still exist until aged out after RIPv2 is configured.
2.7 Troubleshooting RIP
2.7.1 No RIP Updates Received
Symptom:
No RIP updates are received when the links work well.
Analysis:
After enabling RIP, you must use the network command to enable corresponding interfaces. Make sure no interfaces are disabled from handling RIP messages.
If the peer is configured to send multicast messages, the same should be configured on the local end.
Solution:
l Use the display current-configuration command to check RIP configuration
l Use the display rip command to check whether some interface is disabled
2.7.2 Route Oscillation Occurred
Symptom:
When all links work well, route oscillation occurs on the RIP network. After displaying the routing table, you may find some routes appear and disappear in the routing table intermittently.
Analysis:
In the RIP network, make sure all the same timers within the whole network are identical and relationships between timers are reasonable. For example, the timeout timer value should be larger than the update timer value.
Solution:
l Use the display rip command to check the configuration of RIP timers
l Use the timers command to adjust timers properly.
Chapter 3 Routing Policy Configuration
& Note:
The term “router” refers to a router in a generic sense or a Layer 3 switch running routing protocols.
A routing policy is used on a router for route inspection, filtering, attributes modification when routes are received, advertised, or redistributed.
When configuring routing policy, go to these sections for information you are interested in:
l Introduction to Routing Policy
l Routing Policy Configuration Task List
l Configuring a Routing Policy
l Displaying and Maintaining the Routing Policy
l Routing Policy Configuration Example
l Troubleshooting Routing Policy Configuration
3.1 Introduction to Routing Policy
3.1.1 Routing Policy
A routing policy is used on the router for route inspection, filtering, attributes modifying when routes are received, advertised, or redistributed.
When distributing or receiving routing information, a router can use a routing policy to filter routing information. For example, a router receives or advertises only routing information that matches the criteria of a routing policy; a routing protocol redistributes routes from another protocol only routes matching the criteria of a routing policy and modifies some attributes of these routes to satisfy its needs using the routing policy.
To implement a routing policy, you need to define a set of match criteria according to attributes in routing information, such as destination address, advertising router’s address and so on. The match criteria can be set beforehand and then apply them to a routing policy for route distribution, reception and redistribution.
3.1.2 Filters
Routing protocols can use three filters: ACL, IP prefix list, and routing policy.
I. ACL
ACL involves IPv4 ACL only. When defining an ACL, you can specify IP addresses and prefixes to match destinations or next hops of routing information.
For ACL configuration, refer to ACL configuration.
II. IP prefix list
IP prefix list plays a role similar to ACL, but it is more flexible than ACL and easier to understand. When an IP prefix list is applied to filtering routing information, its matching object is the destination address of routing information. Moreover, you can specify the gateway option to indicate that only routing information advertised by certain routers will be received.
An IP prefix list is identified by name. Each IP prefix list can comprise multiple items, and each item, which is identified by an index number, can specify a matching range in the network prefix format. The index number indicates the matching sequence of items in the IP prefix list.
During matching, the router compares the packet with the items in the ascending order. If one item is matched, the IP prefix list filter is passed, and the packet will not go to the next item.
III. Routing policy
A routing policy is used to match against some attributes in given routing information and modify the attributes of the information if match conditions are satisfied. It can reference the above mentioned filters to define its own match criteria.
A routing policy can comprise multiple nodes, which are in logic OR relationship. Each node is a match unit, and the system compares each node to a packet in the order of node sequence number. Once a node is matched, the routing policy is passed and the packet will not go through the next node.
Each node comprises a set of if-match and apply clauses. The if-match clauses define the match criteria. The matching objects are some attributes of routing information. The different if-match clauses on a node is in logical AND relationship. Only when the matching conditions specified by all the if-match clauses on the node are satisfied, can routing information pass the node. The apply clauses specify the actions to be performed after the node is passed, concerning the attribute settings for routing information.
3.1.3 Routing Policy Application
A routing policy is applied in two ways:
l When redistributing routes from other routing protocols, a routing protocol accepts only routes passing the routing policy.
l When receiving or advertising routing information, a routing protocol uses the routing policy to filter routing information.
3.2 Routing Policy Configuration Task List
Complete the following tasks to configure a routing policy:
Task |
|
3.3 Defining Filtering Lists
3.3.1 Prerequisites
Before configuring this task, you need to decide on:
l IP-prefix list name
l Matching address range
3.3.2 Defining an IPv4 prefix List
Identified by name, each IPv4 prefix list can comprise multiple items. Each item specifies a matching address range in the form of network prefix identified by index number.
During matching, the system compares the route to each item identified by index number in the ascending order. If one item matches, the route passes the IP-prefix list, without needing to match against the next item.
Follow these steps to define an IPv4 prefix list:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
— |
Define an IPv4 prefix list |
ip ip-prefix ip-prefix-name [ index index-number ] { permit | deny } ip-address mask-length [ greater-equal min-mask-length ] [ less-equal max-mask-length ] |
Required Not defined by default |
& Note:
If all items are set to the deny mode, no routes can pass the IPv4 prefix list. Therefore, you need to define the permit 0.0.0.0 0 less-equal 32 item following multiple deny mode items to allow other IPv4 routing information to pass.
For example, the following configuration filters routes 10.1.0.0/16, 10.2.0.0/16 and 10.3.0.0/16, but allows other routes to pass.
<Sysname> system-view
[Sysname] ip ip-prefix abc index 10 deny 10.1.0.0 16
[Sysname] ip ip-prefix abc index 20 deny 10.2.0.0 16
[Sysname] ip ip-prefix abc index 30 deny 10.3.0.0 16
[Sysname] ip ip-prefix abc index 40 permit 0.0.0.0 0 less-equal 32
3.4 Configuring a Routing Policy
A routing policy is used to filter routing information according to some attributes, and modify some attributes of the routing information that matches the routing policy. Match criteria can be configured using filters above mentioned.
A routing policy can comprise multiple nodes, each node contains:
l if-match clauses: Define the match criteria that routing information must satisfy. The matching objects are some attributes of routing information.
l apply clauses: Specify the actions performed after specified match criteria are satisfied, concerning attribute settings for passed routing information.
3.4.1 Prerequisites
Before configuring this task, you have completed:
l Filtering list configuration
l Routing protocol configuration
You also need to decide on:
l Name of the routing policy, node sequence numbers
l Match criteria
l Attributes to be modified
3.4.2 Creating a Routing Policy
Follow these steps to create a routing policy:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
— |
Create a routing policy and enter its view |
route-policy route-policy-name { permit | deny } node node-number |
Required |
& Note:
l If a node has the permit keyword specified, routing information meeting the node’s conditions will be handled using the apply clauses of this node, without needing to match against the next node. If routing information does not meet the node’s conditions, it will go to the next node for a match.
l If a node is specified as deny, the apply clauses of the node will not be executed. When routing information matches all if-match clauses of the node, it can neither pass the node, nor go to the next node. If route information cannot match any if-match clause of the node, it will go to the next node for a match.
l When a routing policy is defined with more than one node, at least one node should be configured with the permit keyword. If the routing policy is used to filter routing information, routing information that does not meet any node’s conditions cannot pass the routing policy. If all nodes of the routing policy are set using the deny keyword, no routing information can pass it.
3.4.3 Defining if-match Clauses for the Routing Policy
Follow these steps to define if-match clauses for a route-policy:
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter routing policy view |
route-policy route-policy-name { permit | deny } node node-number |
— |
|
Define match criteria for IPv4 routes |
Match IPv4 routes having destinations specified in the ACL |
if-match acl acl-number |
Optional Not configured by default |
Match IPv4 routes having destinations specified in the IP prefix list |
if-match ip-prefix ip-prefix-name |
||
Match IPv4 routes having next hops or sources specified in the ACL or IP prefix list |
if-match ip { next-hop | route-source } { acl acl-number | ip-prefix ip-prefix-name } |
Optional Not configured by default |
|
Match routes having the specified cost |
if-match cost value |
Optional Not configured by default |
|
Match routes having specified outbound interface(s) |
if-match interface { interface-type interface-number }&<1-16> |
Optional Not configured by default |
|
Match rip routes having the specified tag value |
if-match tag value |
Optional Not configured by default |
& Note:
l The if-match clauses of a route-policy are in logic AND relationship, namely, routing information has to satisfy all if-match clauses before being executed with apply clauses.
l You can specify no or multiple if-match clauses for a routing policy. If no if-match clause is specified, and the routing policy is in permit mode, all routing information can pass the node; if in deny mode, no routing information can pass.
3.4.4 Defining apply Clauses for the Routing Policy
Follow these steps to define apply clauses for a route-policy:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
— |
Create a routing policy and enter its view |
route-policy route-policy-name { permit | deny } node node-number |
Required Not created by default |
Set a cost for routes |
apply cost [ + | - ] value |
Optional Not set by default |
Set a next hop for IPv4 routes |
apply ip-address next-hop ip-address |
Optional Not set by default |
Set a preference for the matched routing protocol |
apply preference preference |
Optional Not set by default |
Set a tag value for routes |
apply tag value |
Optional Not set by default |
& Note:
The apply ip-address next-hop command do not apply to redistributed IPv4 routes.
3.5 Displaying and Maintaining the Routing Policy
To do… |
Use the command… |
Remarks |
Display IPv4 prefix list statistics |
display ip ip-prefix [ ip-prefix-name ] |
Available in any view |
Display routing policy information |
display route-policy [ route-policy-name ] |
|
Clear IPv4 prefix list statistics |
reset ip ip-prefix [ ip-prefix-name ] |
Available in user view |
3.6 Routing Policy Configuration Example
3.6.1 Applying Routing Policy When Redistributing IPv4 Routes
I. Network Requirements
As shown in the following figure, Switch A and Switch B communicate with each other at the network layer through RIPv2. Switch A has static routes to networks 20.0.0.0/8, 30.0.0.0/8, and 40.0.0.0/8. Switch B needs to access these networks through Switch A, while Switch A allows Switch B to access networks 20.0.0.0/8 and 40.0.0.0/8, but not 30.0.0.0/8.
II. Network diagram
Figure 3-1 Network diagram for routing policy application on IPv4 route redistribution
III. Configuration procedure
1) Configure Switch A.
# Configure IP addresses of the interfaces (omitted).
# Configure RIP basic functions.
<SwitchA> system-view
[SwitchA] rip
[SwitchA-rip-1] version 2
[SwitchA-rip-1] undo summary
[SwitchA-rip-1] network 192.168.1.0
[SwitchA-rip-1] quit
# Configure three static routes.
[SwitchA] ip route-static 20.0.0.0 255.0.0.0 172.17.1.2
[SwitchA] ip route-static 30.0.0.0 255.0.0.0 172.17.1.2
[SwitchA] ip route-static 40.0.0.0 255.0.0.0 172.17.1.2
# Configure an ACL.
[SwitchA] acl number 2000
[SwitchA-acl-basic-2000] rule deny source 30.0.0.0 0.255.255.255
[SwitchA-acl-basic-2000] rule permit source any
[SwitchA-acl-basic-2000] quit
# Redistribute static routes.
[SwitchA] rip
[SwitchA-rip-1] import-route static
# Apply ACL 2000 to filter the routing information to be advertised to Switch B.
[SwitchA-rip-1] filter-policy 2000 export vlan-interface 100
[SwitchA-rip-1] quit
2) Configure Switch B.
# Configure IP addresses of the interfaces (omitted).
# Configure RIP basic functions.
<SwitchB> system-view
[SwitchB] rip
[SwitchB-rip-1] version 2
[SwitchB-rip-1] undo summary
[SwitchB-rip-1] network 192.168.1.0
[SwitchB-rip-1] network 10.0.0.0
[SwitchB-rip-1] quit
3) Display the RIP routing table of Switch B and verify the configuration.
[SwitchB] display rip 1 route
Route Flags: R - RIP, T - TRIP
P - Permanent, A - Aging, S - Suppressed, G - Garbage-collect ----------------------------------------------------------------------
Peer 192.168.1.3 on Vlan-interface100
Destination/Mask Nexthop Cost Tag Flags Sec
20.0.0.0/8 192.168.1.3 1 0 RA 14
40.0.0.0/8 192.168.1.3 1 0 RA 14
The display shows that Switch B has only the routing information permitted by ACL 2000. Therefore, the configurations above can meet the configuration requirements.
3.7 Troubleshooting Routing Policy Configuration
3.7.1 IPv4 Routing Information Filtering Failure
I. Symptom
Filtering routing information failed, while routing protocol runs normally.
II. Analysis
At least one item of the IP prefix list should be configured as permit mode, and at least one node in the Route-policy should be configured as permit mode.
III. Processing procedure
1) Use the display ip ip-prefix command to display IP prefix list information.
2) Use the display route-policy command to display routing policy information.