- Table of Contents
-
- H3C S5500-SI Series Ethernet Switches Operation Manual(V1.01)
- 00-1Cover
- 00-2Overview
- 01-Login Configuration
- 02-VLAN Configuration
- 03-IP Addressing and IP Performance Configuration
- 04-QinQ-BPDU TUNNEL Configuration
- 05-Port Correlation Configuration
- 06-Link Aggregation Configuration
- 07-MAC Address Table Management Configuration
- 08-Port Security Configuration
- 09-MSTP Configuration
- 10-IPv6 Configuration
- 11-IP Routing Overview Configuration
- 12-IPv4 Routing Configuration
- 13-IPv6 Routing Configuration
- 14-Multicast Configuration
- 15-802.1x-HABP-MAC Authentication Configuration
- 16-AAA-RADIUS-HWTACACS Configuration
- 17-ARP Configuration
- 18-DHCP Configuration
- 19-ACL Configuration
- 20-QoS Configuration
- 21-Port Mirroring Configuration
- 22-UDP Helper Configuration
- 23-Cluster Management Configuration
- 24-SNMP-RMON Configuration
- 25-NTP Configuration
- 26-DNS Configuration
- 27-File System Management Configuration
- 28-Information Center Configuration
- 29-System Maintaining and Debugging Configuration
- 30-NQA Configuration
- 31-SSH Configuration
- 32-Track Configuration
- 33-PoE Configuration
- 34-SSL-HTTPS Configuration
- 35-PKI Configuration
- 36-Stack Management Configuration
- 37-Appendix
- Related Documents
-
Title | Size | Download |
---|---|---|
13-IPv6 Routing Configuration | 249 KB |
Table of Contents
Chapter 1 IPv6 Static Routing Configuration
1.1 Introduction to IPv6 Static Routing
1.1.1 Features of IPv6 Static Routes
1.2 Configuring an IPv6 Static Route
1.2.1 Configuration prerequisites
1.2.2 Configuring an IPv6 Static Route
1.3 Displaying and Maintaining IPv6 Static Routes
1.4 IPv6 Static Routing Configuration Example
Chapter 2 IPv6 RIPng Configuration
2.1.3 RIPng Packet Processing Procedure
2.2 Configuring RIPng Basic Functions
2.2.1 Configuration Prerequisites
2.3 Configuring RIPng Route Control
2.3.1 Configuring an Additional Routing Metric
2.3.2 Configuring RIPng Route Summarization
2.3.3 Advertising a Default Route
2.3.4 Configuring a RIPng Route Filtering Policy
2.3.5 Configuring a Priority for RIPng
2.3.6 Configuring RIPng Route Redistribution
2.4 Tuning and Optimizing the RIPng Network
2.4.1 Configuring RIPng Timers
2.4.2 Configuring Split Horizon and Poison Reverse
2.4.3 Configuring Zero Field Check on RIPng Packets
2.5 Displaying and Maintaining RIPng
2.6 RIPng Configuration Example
Chapter 3 Routing Policy Configuration
3.1 Introduction to Routing Policy
3.1.3 Routing Policy Application
3.2.2 Defining an IPv6 Prefix List
3.3 Configuring a Routing Policy
3.3.2 Creating a Routing Policy
3.3.3 Defining if-match Clauses for the Routing Policy
3.3.4 Defining apply Clauses for the Routing Policy
3.4 Displaying and Maintaining the Routing Policy
3.5 Routing Policy Configuration Example
3.5.1 Applying Routing Policy When Redistributing IPv6 Routes
3.6 Troubleshooting Routing Policy Configuration
3.6.1 IPv4 Routing Information Filtering Failure
3.6.2 IPv6 Routing Information Filtering Failure
Chapter 1 IPv6 Static Routing Configuration
& Note:
The term “router” in this document refers to a Layer 3 switch running routing protocols.
1.1 Introduction to IPv6 Static Routing
Static routes are special routes that are manually configured by network administrators. They work well in simple networks. Configuring and using them properly can improve the performance of networks and guarantee enough bandwidth for important applications.
However, static routes also have shortcomings: any topology changes could result in unavailable routes, requiring the network administrator to manually configure and modify the static routes.
1.1.1 Features of IPv6 Static Routes
Similar to IPv4 static routes, IPv6 static routes work well in simple IPv6 network environments.
Their major difference lies in the destination and next hop addresses. IPv6 static routes use IPv6 addresses whereas IPv4 static routes use IPv4 addresses.
1.1.2 Default IPv6 Route
The IPv6 static route that has the destination address configured as ::/0 (indicating a prefix length of 0) is the default IPv6 route. If the destination address of an IPv6 packet does not match any entry in the routing table, this default route will be used to forward the packet.
1.2 Configuring an IPv6 Static Route
In small IPv6 networks, IPv6 static routes can be used to forward packets. In comparison to dynamic routes, it helps to save network bandwidth.
1.2.1 Configuration prerequisites
l Enabling IPv6 packet forwarding
l Ensuring that the neighboring nodes are IPv6 reachable
1.2.2 Configuring an IPv6 Static Route
Follow these steps to configure an IPv6 static route:
To do... |
Use the commands… |
Remarks |
Enter system view |
System-view |
— |
Configure an IPv6 static route |
ipv6 route-static ipv6-address prefix-length [ interface-type interface-number ] nexthop-address [ preference preference-value ] |
Required The default preference of IPv6 static routes is 60. |
1.3 Displaying and Maintaining IPv6 Static Routes
To do... |
Use the command... |
Remarks |
Display IPv6 static route information |
display ipv6 routing-table protocol static [ inactive | verbose ] |
Available in any view |
Remove all IPv6 static routes |
delete ipv6 static-routes all |
Available in system view |
& Note:
Using the undo ipv6 route-static command can delete a single IPv6 static route, while using the delete ipv6 static-routes all command deletes all IPv6 static routes including the default route.
1.4 IPv6 Static Routing Configuration Example
I. Network requirements
With IPv6 static routes configured, all hosts and switches can interact with each other.
II. Network diagram
Figure 1-1 Network diagram for static routes
III. Configuration procedure
1) Configure the IPv6 addresses of all VLAN interfaces (Omitted)
2) Configure IPv6 static routes.
# Configure the default IPv6 static route on Switch A.
<SwitchA> system-view
[SwitchA] ipv6
[SwitchA] ipv6 route-static :: 0 4::2
# Configure two IPv6 static routes on Switch B.
<SwitchB> system-view
[SwitchB] ipv6
[SwitchB] ipv6 route-static 1:: 64 4::1
[SwitchB] ipv6 route-static 3:: 64 5::1
# Configure the default IPv6 static route on Switch C.
<SwitchC> system-view
[SwitchC] ipv6
[SwitchC] ipv6 route-static :: 0 5::2
3) Configure the IPv6 addresses of hosts and gateways.
Configure the IPv6 addresses of all the hosts based upon the network diagram, configure the default gateway of Host A as 1::1, that of Host B as 2::1, and that of Host C as 3::1.
4) Display configuration information
# Display the IPv6 routing table of Switch A.
[SwitchA] display ipv6 routing-table
Routing Table :
Destinations : 7 Routes : 7
Destination: ::/0 Protocol : Static
NextHop : 4::2 Preference: 60
Interface : Vlan200 Cost : 0
Destination: ::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 1::/64 Protocol : Direct
NextHop : 1::1 Preference: 0
Interface : Vlan100 Cost : 0
Destination: 1::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 4::/64 Protocol : Direct
NextHop : 4::1 Preference: 0
Interface : Vlan200 Cost : 0
Destination: 4::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: FE80::/10 Protocol : Direct
NextHop : :: Preference: 0
Interface : NULL0 Cost : 0
# Verify the connectivity with the ping command.
[SwitchA] ping ipv6 3::1
PING 3::1 : 56 data bytes, press CTRL_C to break
Reply from 3::1
bytes=56 Sequence=1 hop limit=254 time = 63 ms
Reply from 3::1
bytes=56 Sequence=2 hop limit=254 time = 62 ms
Reply from 3::1
bytes=56 Sequence=3 hop limit=254 time = 62 ms
Reply from 3::1
bytes=56 Sequence=4 hop limit=254 time = 63 ms
Reply from 3::1
bytes=56 Sequence=5 hop limit=254 time = 63 ms
--- 3::1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 62/62/63 ms
Chapter 2 IPv6 RIPng Configuration
& Note:
l The term “router” in this document refers to a Layer 3 switch running routing protocols.
l The S5500-SI series only support single RIPng process.
2.1 Introduction to RIPng
RIP next generation (RIPng) is an extension of RIP-2 for IPv4. Most RIP concepts are applicable in RIPng.
RIPng for IPv6 made the following changes to RIP:
l UDP port number: RIPng uses UDP port 521 for sending and receiving routing information.
l Multicast address: RIPng uses FF02:9 as the link-local multicast address.
l Destination Prefix: 128-bit destination address prefix.
l Next hop: 128-bit IPv6 address.
l Source address: RIPng uses FE80::/10 as the link-local source address
2.1.1 RIPng Working Mechanism
RIPng is a routing protocol based on the distance vector (D-V) algorithm. RIPng uses UDP packets to exchange routing information through port 521.
RIPng uses a hop count to measure the distance to a destination. The hop count is referred to as metric or cost. The hop count from a router to a directly connected network is 0. The hop count between two directly connected routers is 1. When the hop count is greater than or equal to 16, the destination network or host is unreachable.
By default, the routing update is sent every 30 seconds. If the router receives no routing updates from a neighbor after 180 seconds, the routes learned from the neighbor are considered as unreachable. After another 240 seconds, if no routing update is received, the router will remove these routes from the routing table.
RIPng supports Split Horizon and Poison Reverse to prevent routing loops, and route redistribution.
Each RIPng router maintains a routing database, including route entries of all reachable destinations. A route entry contains the following information:
l Destination address: IPv6 address of a host or a network.
l Next hop address: IPv6 address of a neighbor along the path to the destination.
l Egress interface: Outbound interface that forwards IPv6 packets.
l Metric: Cost from the local router to the destination.
l Route time: Time that elapsed since a route entry is last changed. Each time a route entry is modified, the routing time is set to 0.
l Route tag: Identifies the route, used in routing policy to control routing information.
2.1.2 RIPng Packet Format
I. Basic format
A RIPng packet consists of a header and multiple route table entries (RTEs). The maximum number of RTEs in a packet depends on the MTU of the sending interface.
Figure 2-1 shows the packet format of RIPng.
Figure 2-1 RIPng basic packet format
l Command: Type of message. 0x01 indicates Request, 0x02 indicates Response.
l Version: Version of RIPng. It can only be 0x01 currently.
l RTE: Route table entry, 20 bytes for each entry.
II. RTE format
There are two types of RTE in RIPng.
l Next hop RTE: Defines the IPv6 address of a next hop
l IPv6 prefix RTE: Describes the destination IPv6 address, route tag, prefix length and metric in the RIPng routing table.
Figure 2-2 shows the format of the next hop RTE:
Figure 2-2 Next hop RTE format
IPv6 next hop address is the IPv6 address of the next hop.
Figure 2-3 shows the format of the IPv6 prefix RTE.
Figure 2-3 IPv6 prefix RTE format
l IPv6 prefix: Destination IPv6 address prefix.
l Route tag: Route tag.
l Prefix len: Length of the IPv6 address prefix.
l Metric: Cost of a route.
2.1.3 RIPng Packet Processing Procedure
I. Request packet
When a RIPng router first starts or needs to update some entries in its routing table, generally a multicast request packet is sent to ask for needed routes from neighbors.
The receiving RIPng router processes RTEs in the request. If there is only one RTE with the IPv6 prefix and prefix length both being 0, and with a metric value of 16, the RIPng router will respond with the entire routing table information in response messages. If there are multiple RTEs in the request message, the RIPng router will examine each RTE, update its metric, and send the requested routing information to the requesting router in the response packet.
II. Response packet
The response packet containing the local routing table information is generated as:
l A response to a request
l An update periodically
l A trigged update caused by route change
After receiving a response, a router checks the validity of the response before adding the route to its routing table, such as whether the source IPv6 address is the link-local address, whether the port number is correct. The response packet failed the check will be discarded.
2.1.4 Protocols and Standards
l RFC2080: RIPng for IPv6
l RFC2081: RIPng Protocol Applicability Statement
l RFC2453: RIP Version 2
2.2 Configuring RIPng Basic Functions
In this section, you are presented with the information to configure the basic RIPng features.
You need to enable RIPng first before configuring other tasks, but it is not necessary for RIPng related interface configurations, such as assigning an IPv6 address.
2.2.1 Configuration Prerequisites
Before the configuration, accomplish the following tasks first:
l Enable IPv6 packet forwarding.
l Configure an IP address for each interface, and make sure all nodes are reachable.
2.2.2 Configuration Procedure
Follow these steps to configure the basic RIPng functions:
Use the command... |
Remarks |
|
Enter system view |
system-view |
–– |
Create a RIPng process and enter RIPng view |
ripng [ process-id ] |
Required Not created by default |
Return to system view |
quit |
— |
Enter interface view |
interface interface-type interface-number |
–– |
Enable RIPng on the interface |
ripng process-id enable |
Required Disabled by default |
& Note:
If RIPng is not enabled on an interface, the interface will not send and receive any RIPng route.
2.3 Configuring RIPng Route Control
Before the configuration, accomplish the following tasks first:
l Configure an IPv6 address on each interface, and make sure all nodes are reachable.
l Configure RIPng basic functions
l Define an IPv6 ACL before using it for route filtering. Refer to ACL configuration for related information.
l Define an IPv6 address prefix list before using it for route filtering. Refer to section 3.2.2 "Defining an IPv6 Prefix List" for related information.
2.3.1 Configuring an Additional Routing Metric
An additional routing metric can be added to the metric of an inbound or outbound RIP route, namely, the inbound and outbound additional metric.
The outbound additional metric is added to the metric of a sent route, the route’s metric in the routing table is not changed.
The inbound additional metric is added to the metric of a received route before the route is added into the routing table, so the route’s metric is changed.
Follow these steps to configure an inbound/outbound additional routing metric:
Use the command... |
Remarks |
|
Enter system view |
system-view |
–– |
Enter interface view |
interface interface-type interface-number |
–– |
Specify an inbound routing additional metric |
ripng metricin value |
Optional 0 by default |
Specify an outbound routing additional metric |
ripng metricout value |
Optional 1 by default
|
2.3.2 Configuring RIPng Route Summarization
Follow these steps to configure RIPng route summarization:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
–– |
Enter interface view |
interface interface-type interface-number |
–– |
Advertise a summary IPv6 prefix |
ripng summary-address ipv6-address prefix-length |
Required |
2.3.3 Advertising a Default Route
Follow these steps to advertise a default route:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
–– |
Enter interface view |
interface interface-type interface-number |
–– |
Advertise a default route |
ripng default-route { only | originate } [ cost cost ] |
Required Not advertised by default |
& Note:
With this feature enabled, a default route is advertised via the specified interface regardless of whether the default route is available in the local IPv6 routing table.
2.3.4 Configuring a RIPng Route Filtering Policy
You can reference a configured IPv6 ACL or prefix list to filter received/advertised routing information as needed. For filtering outbound routes, you can also specify a routing protocol from which to filter routing information redistributed.
Follow these steps to configure a RIPng route filtering policy:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
–– |
Enter RIPng view |
ripng [ process-id ] |
–– |
Configure a filter policy to filter incoming routes |
filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } import |
Required By default, RIPng does not filter incoming routing information. |
Configure a filter policy to filter outgoing routes |
filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } export [ protocol [ process-id ] ] |
Required By default, RIPng does not filter outgoing routing information. |
2.3.5 Configuring a Priority for RIPng
Any routing protocol has its own protocol priority used for optimal route selection. You can set a priority for RIPng manually. The smaller the value is, the higher the priority is.
Follow these steps to configure a RIPng priority:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
— |
Enter RIPng view |
ripng [ process-id ] |
— |
Configure a RIPng priority |
preference [ route-policy route-policy-name ] preference |
Optional By default, the RIPng priority is 100. |
2.3.6 Configuring RIPng Route Redistribution
Follow these steps to configure RIPng route redistribution:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
–– |
Enter RIPng view |
ripng [ process-id ] |
–– |
Configure a default routing metric for redistributed routes |
default cost cost |
Optional By default, the default metric of redistributed routes is 0. |
Redistribute routes from another routing protocol |
import-route protocol [ cost cost | route-policy route-policy-name ] * |
Required No route redistribution is configured by default. |
2.4 Tuning and Optimizing the RIPng Network
This section describes how to tune and optimize the performance of the RIPng network as well as applications under special network environments. Before tuning and optimizing the RIPng network, complete the following tasks:
l Configure a network layer address for each interface
l Configure the basic RIPng functions
This section covers the following topics:
l Configuring Split Horizon and Poison Reverse
l Configuring Zero Field Check on RIPng Packets
2.4.1 Configuring RIPng Timers
You can adjust RIPng timers to optimize the performance of the RIPng network.
Follow these steps to configure RIPng timers:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
— |
Enter RIPng view |
ripng [ process-id ] |
— |
Configure RIPng timers |
timers { garbage-collect garbage-collect-value | suppress suppress-value | timeout timeout-value | update update-value } * |
Optional. The RIPng timers have the following defaults: l 30 seconds for the update timer l 180 seconds for the timeout timer l 120 seconds for the suppress timer l 120 seconds for the garbage-collect timer |
& Note:
When adjusting RIPng timers, you should consider the network performance and perform unified configurations on routers running RIPng to avoid unnecessary network traffic increase or route oscillation.
2.4.2 Configuring Split Horizon and Poison Reverse
& Note:
If both the split horizon and poison reverse are configured, only the poison reverse function takes effect.
I. Configure the split horizon
The split horizon function disables a route learned from an interface from being advertised via the interface to prevent routing loops between neighbors.
Follow these steps to configure the split horizon:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
–– |
Enter interface view |
interface interface-type interface-number |
–– |
Enable the split horizon function |
ripng split-horizon |
Optional Enabled by default |
& Note:
Generally, you are recommended to enable the split horizon to prevent routing loops.
II. Configuring the poison reverse function
The poison reverse function enables a route learned from an interface to be advertised via the interface. However, the metric of the route is set to 16. That is to say, the route is unreachable.
Follow these steps to configure poison reverse:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
–– |
Enter interface view |
interface interface-type interface-number |
–– |
Enable the poison reverse function |
ripng poison-reverse |
Required Disabled by default |
2.4.3 Configuring Zero Field Check on RIPng Packets
Some fields in the RIPng packet must be zero. These fields are called zero fields. With zero field check on RIPng packets enabled, if such a field contains a non-zero value, the entire RIPng packet will be discarded. If you are sure that all packets are trusty, you can disable the zero field check to save the CPU processing time.
Follow these steps to configure RIPng zero field check:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
–– |
Enter RIPng view |
ripng [ process-id ] |
–– |
Enable the zero field check |
checkzero |
Optional Enabled by default |
2.5 Displaying and Maintaining RIPng
To do... |
Use the command... |
Remarks |
Display configuration information of a RIPng process |
display ripng [ process-id ] |
Available in any view |
Display routes in the RIPng database |
display ripng process-id database |
Available in any view |
Display the routing information of a specified RIPng process |
display ripng process-id route |
Available in any view |
Display RIPng interface information |
display ripng process-id interface [ interface-type interface-number ] |
Available in any view |
2.6 RIPng Configuration Example
I. Network requirements
As shown in Figure 2-4, all switches run RIPng. Configure Switch B to filter the route (3::/64) learnt from Switch C, which means the route will not be added to the routing table of Switch B, and Switch B will not forward it to Switch A.
II. Network diagram
Figure 2-4 Network diagram for RIPng configuration
III. Configuration procedure
1) Configure the IPv6 address for each interface (omitted)
2) Configure basic RIPng functions
# Configure Switch A.
<SwitchA> system-view
[SwitchA] ipv6
[SwitchA] ripng 1
[SwitchA-ripng-1] quit
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] ripng 1 enable
[SwitchA-Vlan-interface100] quit
[SwitchA] interface vlan-interface 400
[SwitchA-Vlan-interface400] ripng 1 enable
[SwitchA-Vlan-interface400] quit
# Configure Switch B.
<SwitchB> system-view
[SwitchB] ipv6
[SwitchB] ripng 1
[SwitchB-ripng-1] quit
[SwitchB] interface vlan-interface 200
[SwitchB-Vlan-interface200] ripng 1 enable
[SwitchB-Vlan-interface200] quit
[SwitchB] interface vlan-interface 100
[SwitchB-Vlan-interface100] ripng 1 enable
[SwitchB-Vlan-interface100] quit
# Configure Switch C.
<SwitchC> system-view
[SwitchC] ipv6
[SwitchC] ripng 1
[SwitchC-ripng-1] quit
[SwitchC] interface vlan-interface 200
[SwitchC-Vlan-interface200] ripng 1 enable
[SwitchC-Vlan-interface200] quit
[SwitchC] interface Vlan-interface 500
[SwitchC-Vlan-interface500] ripng 1 enable
[SwitchC-Vlan-interface500] quit
[SwitchC] interface vlan-interface 600
[SwitchC-Vlan-interface600] ripng 1 enable
[SwitchC-Vlan-interface600] quit
# Display the routing table of Switch B.
[SwitchB] display ripng 1 route
Route Flags: A - Aging, S - Suppressed, G - Garbage-collect
----------------------------------------------------------------
Peer FE80::20F:E2FF:FE23:82F5 on Vlan-interface100
Dest 1::/64,
via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 6 Sec
Dest 2::/64,
via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 6 Sec
Peer FE80::20F:E2FF:FE00:100 on Vlan-interface200
Dest 3::/64,
via FE80::20F:E2FF:FE00:100, cost 1, tag 0, A, 11 Sec
Dest 4::/64,
via FE80::20F:E2FF:FE00:100, cost 1, tag 0, A, 11 Sec
Dest 5::/64,
via FE80::20F:E2FF:FE00:100, cost 1, tag 0, A, 11 Sec
# Display the routing table of Switch A.
[SwitchA] display ripng 1 route
Route Flags: A - Aging, S - Suppressed, G - Garbage-collect
----------------------------------------------------------------
Peer FE80::200:2FF:FE64:8904 on Vlan-interface100
Dest 1::/64,
via FE80::200:2FF:FE64:8904, cost 1, tag 0, A, 31 Sec
Dest 4::/64,
via FE80::200:2FF:FE64:8904, cost 2, tag 0, A, 31 Sec
Dest 5::/64,
via FE80::200:2FF:FE64:8904, cost 2, tag 0, A, 31 Sec
Dest 3::/64,
via FE80::200:2FF:FE64:8904, cost 1, tag 0, A, 31 Sec
3) Configure Switch B to filter incoming and outgoing routes.
[SwitchB] acl ipv6 number 2000
[SwitchB-acl6-basic-2000] rule deny source 3::/64
[SwitchB-acl6-basic-2000] rule permit
[SwitchB-acl6-basic-2000] quit
[SwitchB] ripng 1
[SwitchB-ripng-1] filter-policy 2000 import
[SwitchB-ripng-1] filter-policy 2000 export
[SwitchB-ripng-1] quit
# Display routing tables of Switch B and Switch A.
[SwitchB] display ripng 1 route
Route Flags: A - Aging, S - Suppressed, G - Garbage-collect
----------------------------------------------------------------
Peer FE80::20F:E2FF:FE23:82F5 on Vlan-interface100
Dest 1::/64,
via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 2 Sec
Dest 2::/64,
via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 2 Sec
Peer FE80::20F:E2FF:FE00:100 on Vlan-interface200
Dest 4::/64,
via FE80::20F:E2FF:FE00:100, cost 1, tag 0, A, 5 Sec
Dest 5::/64,
via FE80::20F:E2FF:FE00:100, cost 1, tag 0, A, 5 Sec
[SwitchA] display ripng 1 route
Route Flags: A - Aging, S - Suppressed, G - Garbage-collect
----------------------------------------------------------------
Peer FE80::20F:E2FF:FE00:1235 on Vlan-interface100
Dest 1::/64,
via FE80::20F:E2FF:FE00:1235, cost 1, tag 0, A, 2 Sec
Dest 4::/64,
via FE80::20F:E2FF:FE00:1235, cost 2, tag 0, A, 2 Sec
Dest 5::/64,
via FE80::20F:E2FF:FE00:1235, cost 2, tag 0, A, 2 Sec
Chapter 3 Routing Policy Configuration
3.1 Introduction to Routing Policy
3.1.1 Routing Policy
A routing policy is used on the router for route inspection, filtering, attributes modifying when routes are received, advertised, or redistributed.
When distributing or receiving routing information, a router can use a routing policy to filter routing information. For example, a router receives or advertises only routing information that matches the criteria of a routing policy; a routing protocol redistributes routes from another protocol only routes matching the criteria of a routing policy and modifies some attributes of these routes to satisfy its needs using the routing policy.
To implement a routing policy, you need to define a set of match criteria according to attributes in routing information, such as destination address, advertising router’s address and so on. The match criteria can be set beforehand and then apply them to a routing policy for route distribution, reception and redistribution.
3.1.2 Filters
Routing protocols can use three filters: ACL, IP prefix list and routing policy.
I. ACL
When defining an ACL, you can specify IP addresses and prefixes to match destinations or next hops of routing information.
For ACL configuration, refer to the part discussing ACL operation.
II. IP prefix list
IP prefix list plays a role similar to ACL, but it is more flexible than ACL and easier to understand. When an IP prefix list is applied to filtering routing information, its matching object is the destination address of routing information.
An IP prefix list is identified by name. Each IP prefix list can comprise multiple items, and each item, which is identified by an index number, can specify a matching range in the network prefix format. The index number indicates the matching sequence of items in the IP prefix list.
During matching, the router compares the packet with the items in the ascending order. If one item is matched, the IP prefix list filter is passed, and the packet will not go to the next item.
III. Routing policy
A routing policy is used to match against some attributes in given routing information and modify the attributes of the information if match conditions are satisfied. It can reference the above mentioned filters to define its own match criteria.
A routing policy can comprise multiple nodes, which are in logic OR relationship. Each node is a match unit, and the system compares each node to a packet in the order of node sequence number. Once a node is matched, the routing policy is passed and the packet will not go through the next node.
Each node comprises a set of if-match and apply clauses. The if-match clauses define the match criteria. The matching objects are some attributes of routing information. The different if-match clauses on a node is in logical AND relationship. Only when the matching conditions specified by all the if-match clauses on the node are satisfied, can routing information pass the node. The apply clauses specify the actions to be performed after the node is passed, concerning the attribute settings for routing information.
3.1.3 Routing Policy Application
A routing policy is applied in two ways:
l When redistributing routes from other routing protocols, a routing protocol accepts only routes passing the routing policy.
l When receiving or advertising routing information, a routing protocol uses the routing policy to filter routing information.
3.2 Defining Filtering Lists
3.2.1 Prerequisites
Before configuring this task, you need to decide on:
l IP-prefix list name
l Matching address range
3.2.2 Defining an IPv6 Prefix List
Identified by name, each IPv6 prefix list can comprise multiple items. Each item specifies a matching address range in the form of network prefix, which is identified by index number.
During matching, the system compares the route to each item in the ascending order of index number. If one item is matched, the route passes the IP-prefix list, without needing to match the next item.
Follow these steps to define an IPv6 prefix list:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
— |
Define an IPv6 prefix list |
ip ipv6-prefix ipv6-prefix-name [ index index-number ] { deny | permit } ipv6-address prefix-length [ greater-equal min-prefix-length ] [ less-equal max-prefix-length ] |
Required Not defined by default |
& Note:
If all items are set to the deny mode, no routes can pass the IPv6 prefix list. Therefore, you need to define the permit :: 0 less-equal 128 item following multiple deny mode items to allow other IPv6 routing information to pass.
For example, the following configuration filters routes 2000:1::/48, 2000:2::/48 and 2000:3::/48, but allows other routes to pass.
<Sysname> system-view
[Sysname] ip ipv6-prefix abc index 10 deny 2000:1:: 48
[Sysname] ip ipv6-prefix abc index 20 deny 2000:2:: 48
[Sysname] ip ipv6-prefix abc index 30 deny 2000:3:: 48
[Sysname] ip ipv6-prefix abc index 40 permit :: 0 less-equal 128
3.3 Configuring a Routing Policy
A routing policy is used to filter routing information according to some attributes, and modify some attributes of the routing information that matches the routing policy. Match criteria can be configured using filters above mentioned.
A routing policy can comprise multiple nodes, each node contains:
l if-match clauses: Define the match criteria that routing information must satisfy. The matching objects are some attributes of routing information.
l apply clauses: Specify the actions performed after specified match criteria are satisfied, concerning attribute settings for passed routing information.
3.3.1 Prerequisites
Before configuring this task, you have completed:
l Filtering list configuration
l Routing protocol configuration
You also need to decide on:
l Name of the routing policy, node sequence numbers
l Match criteria
l Attributes to be modified
3.3.2 Creating a Routing Policy
Follow these steps to create a routing policy:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
— |
Create a routing policy and enter its view |
route-policy route-policy-name { permit | deny } node node-number |
Required |
& Note:
l If a node has the permit keyword specified, routing information meeting the node’s conditions will be handled using the apply clauses of this node, without needing to match against the next node. If routing information does not meet the node’s conditions, it will go to the next node for a match.
l If a node is specified as deny, the apply clauses of the node will not be executed. When routing information matches all if-match clauses of the node, it can neither pass the node, nor go to the next node. If route information cannot match any if-match clause of the node, it will go to the next node for a match.
l When a routing policy is defined with more than one node, at least one node should be configured with the permit keyword. If the routing policy is used to filter routing information, routing information that does not meet any node’s conditions cannot pass the routing policy. If all nodes of the routing policy are set using the deny keyword, no routing information can pass it.
3.3.3 Defining if-match Clauses for the Routing Policy
Follow these steps to define if-match clauses for a route-policy:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
— |
Enter routing policy view |
route-policy route-policy-name { permit | deny } node node-number |
Required |
Match IPv6 routes having the next hop or source specified in the ACL or IP prefix list |
if-match ipv6 { address | next-hop | route-source } { acl acl-number | prefix-list ipv6-prefix-name } |
Optional Not configured by default |
Match routes having the specified cost |
if-match cost value |
Optional Not configured by default |
Match routes having specified outbound interface(s) |
if-match interface { interface-type interface-number }&<1-16> |
Optional Not configured by default |
Match the routes having the specified tag value |
if-match tag value |
Optional Not configured by default |
& Note:
l The if-match clauses of a route-policy are in logic AND relationship, namely, routing information has to satisfy all if-match clauses before being executed with apply clauses.
l You can specify no or multiple if-match clauses for a routing policy. If no if-match clause is specified, and the routing policy is in permit mode, all routing information can pass the node; if in deny mode, no routing information can pass.
3.3.4 Defining apply Clauses for the Routing Policy
Follow these steps to define apply clauses for a route-policy:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
— |
Create a routing policy and enter its view |
route-policy route-policy-name { permit | deny } node node-number |
Required Not created by default |
Set a cost for routes |
apply cost [ + | - ] value |
Optional Not set by default |
Set a next hop for IPv6 routes |
apply ipv6 next-hop ipv6-address |
Optional Not set by default |
Set a preference for the matched routing protocol |
apply preference preference |
Optional Not set by default |
Set a tag value for the routes |
apply tag value |
Optional Not set by default |
& Note:
The apply ipv6 next-hop commands do not apply to redistributed IPv6 routes respectively.
3.4 Displaying and Maintaining the Routing Policy
To do... |
Use the command... |
Remarks |
Display IPv6 prefix list statistics |
display ip ipv6-prefix [ ipv6-prefix-name ] |
Available in any view |
Display routing policy information |
display route-policy [ route-policy-name ] |
|
Clear IPv6 prefix statistics |
reset ip ipv6-prefix [ ipv6-prefix-name ] |
3.5 Routing Policy Configuration Example
3.5.1 Applying Routing Policy When Redistributing IPv6 Routes
I. Network requirements
l Enable RIPng on Switch A and Switch B.
l Configure three static routes on Switch A and apply a routing policy when redistributing static routes, making routes 20::0/32 and 40::0/32 pass, routes in 30::0/32 filtered out.
l Display RIPng routing table information on Switch B to verify the configuration.
II. Network diagram
Figure 3-1 Network diagram for routing policy application to route redistribution
III. Configuration procedure
1) Configure Switch A
# Configure IPv6 addresses for VLAN-interface 100 and VLAN-interface 200.
<SwitchA> system-view
[SwitchA] ipv6
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] ipv6 address 10::1 32
[SwitchA-Vlan-interface100] quit
[SwitchA] interface vlan-interface 200
[SwitchA-Vlan-interface200] ipv6 address 11::1 32
[SwitchA-Vlan-interface200] quit
# Enable RIPng on VLAN-interface 100.
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] ripng 1 enable
[SwitchA-Vlan-interface100] quit
# Configure three static routes.
[SwitchA] ipv6 route-static 20:: 32 11::2
[SwitchA] ipv6 route-static 30:: 32 11::2
[SwitchA] ipv6 route-static 40:: 32 11::2
# Configure routing policy.
[SwitchA] ip ipv6-prefix a index 10 permit 30:: 32
[SwitchA] route-policy static2ripng deny node 0
[SwitchA-route-policy] if-match ipv6 address prefix-list a
[SwitchA-route-policy] quit
[SwitchA] route-policy static2ripng permit node 10
[SwitchA-route-policy] quit
# Enable RIPng and redistribute static routes.
[SwitchA] ripng
[SwitchA-ripng-1] import-route static route-policy static2ripng
2) Configure Switch B.
# Configure the IPv6 address for VLAN-interface 100.
[SwitchB] ipv6
[SwitchB] interface vlan-interface 100
[SwitchB-Vlan-interface100] ipv6 address 10::2 32
# Enable RIPng on VLAN-interface 100.
[SwitchB-Vlan-interface100] ripng 1 enable
[SwitchB-Vlan-interface100] quit
# Enable RIPng.
[SwitchB] ripng
# Display RIPng routing table information.
[SwitchB-ripng-1] display ripng 1 route
Route Flags: A - Aging, S - Suppressed, G - Garbage-collect
----------------------------------------------------------------
Peer FE80::7D58:0:CA03:1 on Vlan-interface 100
Dest 10::/32,
via FE80::7D58:0:CA03:1, cost 1, tag 0, A, 18 Sec
Dest 20::/32,
via FE80::7D58:0:CA03:1, cost 1, tag 0, A, 8 Sec
Dest 40::/32,
via FE80::7D58:0:CA03:1, cost 1, tag 0, A, 3 Sec
3.6 Troubleshooting Routing Policy Configuration
3.6.1 IPv4 Routing Information Filtering Failure
I. Symptom
Filtering routing information failed, while routing protocol runs normally.
II. Analysis
At least one item of the IP prefix list should be configured as permit mode, and at least one node in the Route-policy should be configured as permit mode.
III. Processing procedure
1) Use the display ip ip-prefix command to display IP prefix list information.
2) Use the display route-policy command to display routing policy information.
3.6.2 IPv6 Routing Information Filtering Failure
I. Symptom
Filtering routing information failed, while routing protocol runs normally.
II. Analysis
At least one item of the IPv6 prefix list should be configured as permit mode, and at least one node of the Route-policy should be configured as permit mode.
III. Processing procedure
1) Use the display ip ipv6-prefix command to display IP prefix list information.
2) Use the display route-policy command to display routing policy information.