Login
- Table of Contents
-
- 04-Layer 3—IP Services Configuration Guide
- 00-Preface
- 01-ARP configuration
- 02-IP addressing configuration
- 03-DHCP configuration
- 04-DNS configuration
- 05-IP forwarding basics configuration
- 06-Fast forwarding configuration
- 07-Adjacency table configuration
- 08-IRDP configuration
- 09-IP performance optimization configuration
- 10-UDP helper configuration
- 11-IPv6 basics configuration
- 12-DHCPv6 configuration
- 13-IPv6 fast forwarding configuration
- 14-Tunneling configuration
- 15-GRE configuration
- 16-HTTP redirect configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 05-IP forwarding basics configuration | 107.20 KB |
Contents
Configuring IP forwarding basic settings························································ 1
About FIB table······························································································································· 1
Saving the IP forwarding entries to a file··························································································· 2
Keeping the TTL or hop limit unchanged in packets passing through tunnel interfaces or VSI interfaces 2
Forwarding ARP packets to a remote device through a VXLAN tunnel················································ 2
Forwarding ND packets to a remote device through a VXLAN tunnel·················································· 3
Forwarding IP packets with TTL 1 and specific destination IP address················································ 3
Forwarding IPv6 packets with HopLimit 1 and specific destination IP address···································· 4
Enabling IPv4 FIB entry consistency check······················································································· 4
Enabling IPv4 packet forwarding on an interface with no IPv4 address configured······························ 5
Enabling SNMP notifications for FIB events······················································································ 5
Display and maintenance commands for FIB table············································································ 6
Configuring load sharing··················································································· 7
About load sharing·························································································································· 7
Configuring load sharing mode········································································································ 7
Enabling IPv4 bandwidth-based load sharing···················································································· 7
Enabling local-first load sharing······································································································· 8
Enabling symmetric load sharing······································································································ 8
Display and maintenance commands for load sharing······································································· 9
Loading sharing configuration examples··························································································· 9
Example: Configuring load sharing based on source and destination addresses·························· 9
Configuring IP forwarding basic settings
About FIB table
A device uses the FIB table to make packet forwarding decisions.
A device selects optimal routes from the routing table, and puts them into the FIB table. Each FIB entry specifies the next hop IP address and output interface for packets destined for a specific subnet or host.
For more information about the routing table, see Layer 3—IP Routing Configuration Guide.
Use the display fib command to display the FIB table. The following example displays the entire FIB table.
<Sysname> display fib
Destination count: 8 FIB entry count: 8
Flag:
U:Usable G:Gateway H:Host B:Blackhole D:Dynamic S:Static
R:Relay F:FRR
Destination/Mask Nexthop Flag OutInterface/Token Label
0.0.0.0/32 127.0.0.1 UH InLoop0 Null
127.0.0.0/8 127.0.0.1 U InLoop0 Null
127.0.0.0/32 127.0.0.1 UH InLoop0 Null
127.0.0.1/32 127.0.0.1 UH InLoop0 Null
127.255.255.255/32 127.0.0.1 UH InLoop0 Null
224.0.0.0/4 0.0.0.0 UB NULL0 Null
224.0.0.0/24 0.0.0.0 UB NULL0 Null
255.255.255.255/32 127.0.0.1 UH InLoop0 Null
A FIB entry includes the following items:
· Destination—Destination IP address.
· Mask—Network mask. The mask and the destination address identify the destination network. A logical AND operation between the destination address and the network mask yields the address of the destination network. For example, if the destination address is 192.168.1.40 and the mask 255.255.255.0, the address of the destination network is 192.168.1.0. A network mask includes a certain number of consecutive 1s. It can be expressed in dotted decimal format or by the number of the 1s.
· Nexthop—IP address of the next hop.
· Flag—Route flag.
· OutInterface—Output interface.
· Token—MPLS Label Switched Path index number.
· Label—Inner label.
Saving the IP forwarding entries to a file
Restrictions and guidelines
The feature automatically creates the file if you specify a nonexistent file. If the file already exists, this feature overwrites the file content.
This feature triggers one-time saving of the IP forwarding entries.
To automatically save the IP forwarding entries periodically, configure a schedule for the device to automatically run the ip forwarding-table save command. For information about scheduling a task, see Fundamentals Configuration Guide.
Software and feature compatibility
Only Release 2825 and later versions support this feature.
Procedure
To save the IP forwarding entries to a file, execute the following command in any view:
ip forwarding-table save filename filename
Keeping the TTL or hop limit unchanged in packets passing through tunnel interfaces or VSI interfaces
About this task
On a private network using VXLANs or tunnels, the gateway decrements the value in the TTL or Hop Limit field by one in packets passing through VSI interfaces or tunnel interfaces by default. If you do not want the gateway to change the TTL or hop limit in these packets, configure this feature on the gateway.
Procedure
1. Enter system view.
system-view
2. Configure the device not to change the TTL or hop limit in the packets passing through tunnel interfaces or VSI interfaces.
forwarding tunnel-ttl-unvaried
By default, the TTL or hop limit is decremented by one when a packet passes through a tunnel interface or VSI interface.
Forwarding ARP packets to a remote device through a VXLAN tunnel
About this task
In ARP flooding suppression, if a device receives an ARP packet that uses the device's MAC as the destination MAC but another device's IP as the destination IP, the device discards the packet. You can perform this task for the device to forward such packets to a specific VXLAN tunnel.
Make sure the specified tunnel interface is a manual created VXLAN over IPv4 tunnel.
Procedure
1. Enter system view.
system-view
2. Enable forwarding ARP packets with a specific destination address to the specified VXLAN tunnel.
forwarding arp-packet destination [ vpn-instance vpn-instance-name ] ip-address interface tunnel number
By default, the device delivers ARP packets to the CPU.
Forwarding ND packets to a remote device through a VXLAN tunnel
About this task
In ND flooding suppression, if a device receives an ND packet that uses the device's MAC as the destination MAC but another device's IP as the destination IP, the device discards the packet. You can perform this task for the device to forward such packets to a specific VXLAN tunnel.
Make sure the specified tunnel interface is a manual created VXLAN over IPv4 tunnel.
Procedure
1. Enter system view.
system-view
2. Enable forwarding ND packets with a specific destination address to the specified VXLAN tunnel.
forwarding nd-packet destination [ vpn-instance vpn-instance-name ]ipv6-address interface tunnel number
By default, the device delivers ND packets to the CPU.
Forwarding IP packets with TTL 1 and specific destination IP address
About this task
This feature is typically configured on a device that acts as the gateway in the following scenario:
· The device directly connects to an internal server.
· The internal devices wish to receive IP packets destined to a specific IP address, but they do not care about the TTL value in the packets.
Upon receiving an IP packet destined to the specified destination IP address, the device forwards the packet with TTL of 1 instead of sending it to the CPU.
Procedure
1. Enter system view.
system-view
2. Enable forwarding IP packet with TTL of 1 if the packets are destined to the specified IP address.
forwarding ttl-exceeded-packet destination [ vpn-instance vpn-instance-name ]ip-address
By default, the device delivers IP packets to the CPU.
Forwarding IPv6 packets with HopLimit 1 and specific destination IP address
About this task
This feature is typically configured on a device that acts as the gateway in the following scenario:
· The device directly connects to an internal server.
· The internal devices wish to receive IPv6 packets destined to a specific IPv6 address, but they do not care about the HopLimit value in the packets.
Upon receiving an IPv6 packet destined to the specified destination IPv6 address, the device forwards the packet with HopLimit of 1 instead of sending it to the CPU.
Procedure
1. Enter system view.
system-view
2. Enable forwarding IPv6 packet with HopLimit of 1 if the packets are destined to the specified IP address.
forwarding hop-limit-exceeded destination [ vpn-instance vpn-instance-name ] ipv6-address
By default, the device delivers IPv6 packets to the CPU.
Enabling IPv4 FIB entry consistency check
About this task
Packet drops or incorrect forwarding might occur when the IPv4 FIB entries in hardware are inconsistent with FIB entries configured in software. To prevent these issues, enable IPv4 FIB entry consistency check.
This feature compares all IPv4 FIB entries in software with the IPv4 FIB entries in hardware regularly. If the device detects an inconsistency, the device performs the following tasks:
· Generates a log.
· Updates the IPv4 FIB entry in hardware with the IPv4 FIB entry in software.
Procedure
1. Enter system view.
system-view
2. Enable IPv4 FIB entry consistency check.
fib consistency-check enable
By default, IPv4 FIB entry consistency check is disabled.
Enabling IPv4 packet forwarding on an interface with no IPv4 address configured
About this task
On a device that supports both IPv4 and IPv6, the next hop of an IPv4 packet might be an IPv4 address or an IPv6 address. If the output interface has no IPv4 address configured, the interface cannot forward the IPv4 packet. To resolve this issue, enable this feature on the interface. This feature allows the interface to forward IPv4 packets even though the interface has no IPv4 address configured.
Software and feature compatibility
Only Release 2825 and later versions support this feature.
Procedure
1. Enter system view.
system-view
2. Enter interface view.
interface interface-type interface-number
3. Enable IPv4 packet forwarding on an interface that has no IPv4 address configured.
ip forwarding
By default, the IPv4 packet forwarding is disabled on the interface that has no IPv4 address configured.
Enabling SNMP notifications for FIB events
About this task
This feature enables the FIB module to generate SNMP notifications for critical FIB events, such as the exceeding of the message queue length threshold. The SNMP notifications are sent to the SNMP module.
You can enable specific SNMP notifications for FIB events as needed. If you do not specify any SNMP notification types, the command enables all types of SNMP notifications.
· With ecmp-limit specified, when the number of ECMP routes learned by a module exceeds the upper limit, the device sends an SNMP notification that carries the module number to the SNMP module.
· With entry-consistency specified, if the FIB software and hardware entries on a module are inconsistent, the device sends an SNMP notification that carries the module number to the SNMP module.
· With entry-limit specified, when the number of FIB entries exceeds the upper limit, the device sends an SNMP notification that carries the FIB entry module name to the SNMP module.
· With deliver-failed specified, when FIB entry deployment to the hardware fails, the device sends an SNMP notification that carries the entry VRF, IP address type, IP address, mask, and failure reason to the SNMP module.
For the SNMP notifications to be sent correctly, you must also configure SNMP. For more information about SNMP configuration, see Network Management and Monitoring Configuration Guide.
Software and feature compatibility
Only Release 2825 and later versions support this feature.
Procedure
1. Enter system view.
system-view
2. Enable SNMP notifications for FIB events.
snmp-agent trap enable fib [ deliver-failed | ecmp-limit | entry-consistency | entry-limit ] *
By default, SNMP notifications for FIB events are enabled.
Display and maintenance commands for FIB table
Execute display commands in any view.
|
Task |
Command |
|
Display FIB entries. |
display fib [ vpn-instance vpn-instance-name ] [ ip-address [ mask | mask-length ] ] |
Configuring load sharing
About load sharing
If a routing protocol finds multiple equal-cost best routes to the same destination, the device forwards packets over the equal-cost routes to implement load sharing.
Configuring load sharing mode
About this task
In the per-flow load sharing mode, the device forwards flows over equal-cost routes. Packets of one flow travel along the same routes. You can configure the device to identify a flow based on the following criteria: source IP address, destination IP address, source port number, destination port number, IP protocol number, and ingress port.
In a complex network, when the traffic is not load balanced proportionally, you can use the algorithm keyword to specify an algorithm to improve the sharing.
Procedure
1. Enter system view.
system-view
2. Configure load sharing.
ip load-sharing mode { per-flow [ algorithm algorithm-number [ seed seed-number ] [ shift shift-number ] | [ dest-ip | dest-port | flow-label flow-label | ingress-port | ip-pro | src-ip | src-port ] * | tunnel { all | inner | outer } ] { global | slot slot-number }
By default, the device performs per-flow load sharing based on the following criteria: source IP address, destination IP address, source port number, destination port number, IP protocol number, and ingress port.
3. Display the load sharing path selected for a flow.
display ip load-sharing path ingress-port interface-type interface-number packet-format { ipv4oe dest-ip ip-address [ src-ip ip-address ] | ipv6oe dest-ipv6 ipv6-address | flow-label flow-label [ src-ipv6 ipv6-address ] } [ dest-port port-id | ip-pro protocol-id | src-port port-id | vpn-instance vpn-instance-name ] *
The option settings in this command must match both the options displayed in the display ip load-sharing mode command and the field values in load shared packets. If the option settings do not meet the requirement, the path displayed by this command might be different from the real path for load sharing.
Enabling IPv4 bandwidth-based load sharing
About this task
This feature load shares flow traffic among multiple output interfaces based on their load percentages. The device calculates the load percentage for each output interface in terms of the interface expected bandwidth.
Devices that run load sharing protocols, such as Locator/ID Separation Protocol (LISP), implement load sharing based on the ratios defined by these protocols.
Restrictions and guidelines
This feature is mutually exclusive with enhanced ECMP mode, which is configured by using the ecmp mode enhanced command.
After you configure this feature, make sure the expected bandwidth of the interface does not exceed the physical bandwidth of the interface.
Procedure
1. Enter system view.
system-view
2. Enable IPv4 bandwidth-based load sharing.
bandwidth-based-sharing
By default, the IPv4 bandwidth-based load sharing is disabled.
3. (Optional.) Configure the expected bandwidth of the interface.
a. Enter interface view.
interface interface-type interface-number
b. Configure the expected bandwidth of the interface.
bandwidth bandwidth
By default, the expected bandwidth is the physical bandwidth of the interface.
Enabling local-first load sharing
About this task
Local-first load sharing distributes traffic preferentially across the output interfaces on the receiving IRF member device if output interfaces for multiple equal-cost routes are on different members. This feature enhances packets forwarding efficiency.
Procedure
1. Enter system view.
system-view
2. Enable local-first load sharing.
ip load-sharing local-first enable
By default, local-first load sharing is enabled.
Enabling symmetric load sharing
About this task
Symmetric load sharing ensures that bidirectional traffic specific to a source and destination address pair flow along the same path.
Procedure
1. Enter system view.
system-view
2. Enable symmetric load sharing.
ip load-sharing symmetric enable
By default, symmetric load sharing is disabled.
Display and maintenance commands for load sharing
Execute display commands in any view.
|
Task |
Command |
|
Display the load sharing mode in use. |
display ip load-sharing mode slot slot-number |
|
Display the load sharing path selected for a flow. |
display ip load-sharing path ingress-port interface-type interface-number packet-format { ipv4oe dest-ip ip-address [ src-ip ip-address ] | ipv6oe dest-ipv6 ipv6-address [ src-ipv6 ipv6-address | flow-label flow-label ] } [ dest-port port-id | ip-pro protocol-id | src-port port-id | vpn-instance vpn-instance-name ] * |
Loading sharing configuration examples
Example: Configuring load sharing based on source and destination addresses
Network configuration
As shown in Figure 1, Switch A has two equal-cost routes to Switch B. Configure load sharing on Switch A to forward packets through Switch B to the destination IP address 1.2.3.4/24.
Procedure
|
|
IMPORTANT: By default, interfaces on the device are disabled (in ADM or Administratively Down state). To have an interface operate, you must use the undo shutdown command to enable that interface. |
# On Switch A, assign Ten-GigabitEthernet 1/0/1 to VLAN 10, and Ten-GigabitEthernet 1/0/2 to VLAN 20.
<SwitchA> system-view
[SwitchA] vlan 10
[SwitchA-vlan10] port ten-gigabitethernet 1/0/1
[SwitchA-vlan10] quit
[SwitchA] vlan 20
[SwitchA-vlan20] port ten-gigabitethernet 1/0/2
[SwitchA-vlan20] quit
# On Switch A, configure IP addresses for VLAN-interface 10 and VLAN-interface 20.
[SwitchA] interface vlan-interface 10
[SwitchA-Vlan-interface10] ip address 10.1.1.1 24
[SwitchA-Vlan-interface10] quit
[SwitchA] interface vlan-interface 20
[SwitchA-Vlan-interface20] ip address 20.1.1.1 24
[SwitchA-Vlan-interface20] quit
# On Switch B, assign Ten-GigabitEthernet 1/0/1 to VLAN 10, and Ten-GigabitEthernet 1/0/2 to VLAN 20.
<SwitchB> system-view
[SwitchB] vlan 10
[SwitchB-vlan10] port ten-gigabitethernet 1/0/1
[SwitchB-vlan10] quit
[SwitchB] vlan 20
[SwitchB-vlan20] port ten-gigabitethernet 1/0/2
[SwitchB-vlan20] quit
# On Switch B, configure IP addresses for VLAN-interface 10 and VLAN-interface 20.
[SwitchB] interface vlan-interface 10
[SwitchB-Vlan-interface10] ip address 10.1.1.2 24
[SwitchB-Vlan-interface10] quit
[SwitchB] interface vlan-interface 20
[SwitchB-Vlan-interface20] ip address 20.1.1.2 24
[SwitchB-Vlan-interface20] quit
# On Switch A, configure two static routes to the destination IP address.
<SwitchA> system-view
[SwitchA] ip route-static 1.2.3.4 24 10.1.1.2
[SwitchA] ip route-static 1.2.3.4 24 20.1.1.2
[SwitchA] quit
# On Switch A, display FIB entries matching the destination IP address 1.2.3.4.
<SwitchA> display fib 1.2.3.4
Destination count: 1 FIB entry count: 2
Flag:
U:Usable G:Gateway H:Host B:Blackhole D:Dynamic S:Static
R:Relay F:FRR
Destination/Mask Nexthop Flag OutInterface/Token Label
1.2.3.0/24 10.1.1.2 USGR Vlan10 Null
1.2.3.0/24 20.1.1.2 USGR Vlan20 Null
# On Switch A, configure per-flow load sharing based on the source IP address and destination IP address.
<SwitchA> system-view
[SwitchA] ip load-sharing mode per-flow dest-ip src-ip global
Verifying the configuration
# Verify that Switch A implements load sharing.
<SwitchA> display counters outbound interface Ten-GigabitEthernet
Interface Total (pkts) Broadcast (pkts) Multicast (pkts) Err (pkts)
XGE1/0/1 1045 0 0 0
XGE1/0/2 1044 0 0 0
