Login
- Released At: 29-06-2021
- Page Views:
- Downloads:
- Table of Contents
- Related Documents
-
|
|
|
H3C SR6600&SR6600-X Routers |
|
FAQ |
|
|
|
|
SR6600 Router Series
SR6600-X Router Series
Software version: R7612
Document version: 6W101-20181015
Copyright © 2018 New H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.
The information in this
document is subject to change without notice.
Contents
Q. What models does H3C SR6600 Router Series include?
Q. What MPUs are available for the router?
Q. What line cards are available for the router?
Q. What power modules are available for the router?
Q. Are the power modules on the router hot swappable?
Q. Can the router adjust the fan speed automatically?
Q. Are the cards/interface modules on the router hot swappable?
Q. How are the interfaces numbered on the router?
Q. Does the router support active/standby MPU switchover?
Q. What is the operating temperature and upper and lower temperature thresholds of the router?
Q. How do I identify the card serial number or manufacture information?
Q. What is intelligent power management?
Q. What cards and interface modules are available for the router?
Q. What transceiver modules available for the router?
Q. Do the router LPUs support interface type changing between POS and GE?
Q. Does the router support switching fabric modules?
Q. Does the BootWare support forward compatibility?
Q. How do I view the system version information and operation time information?
Q. Can I delete the Comware system software image file after the upgrade is completed?
Q. How can I empty the recycle bin?
Q. Is software hotfix supported?
Q. What should I do before installing patches?
Q. Why doesn't the router display the current startup configuration file?
System management and maintenance
Q. Information displayed on the console terminal is incorrect sometimes. Why?
Q. Data loss occurred after I logged in to the router through the console port. What should I do?
Q. How can I clear a Telnet connection?
Q. Can a Telnet user's username contain the at sign (@)?
Q. How do I format the Flash or CF card from the BootWare?
Q. Does the router relearn MAC address, ARP, and route entries after an active/standby switchover?
Q. Why should I wait for all LPUs to operate correctly before I save the running configuration?
Q. Can the router operate as a TFTP server?
Q. Are all H3C SR6600 routers IRF capable?
Q. Do all SR6600 service modules support IRF?
Q. Can an H3C SR6600 router form an IRF fabric with any devices in the same series?
Q. How many chassis can an H3C SR6600 IRF fabric have?
Q. What topologies does an H3C SR6600 IRF fabric support?
Q. Does an SR6600 IRF fabric support multichassis Ethernet link aggregation?
Q. Can I set up an IRF connection that has multiple links?
Q. Can IRF member chassis use duplicate member IDs?
Q. Can I use an intermediate device to connect IRF physical interfaces?
Q. What physical interfaces can be used for IRF connection?
Q. Can I remove both the MPUs in a subordinate chassis?
Q. Are there any requirements for the intermediate device in LACP MAD?
Q. Why are service interfaces that were shut down by MAD still down after an IRF merge?
Network security and attack prevention
Q. What attack prevention types does the router support?
Q. Does the router support local authentication before RADIUS authentication?
Q. Why can the level for the RADIUS server (the router) only be 1 when it connects to an ACS server?
Q. Does the router support local authentication when the HWTACACS authentication fails?
Q. Can the router be connected to a TACACS server that runs third-party TACACS server software?
Q. How do I set the user role?
Q. How do I prevent gateway spoofing when the router acts as a gateway?
Q. Does the router support cross-card port mirroring?
Q. Does the router support remote port mirroring?
Q. What tunneling technologies does the router support?
Q. What protocols and features does BFD support on the router?
Q. What interfaces can be used for link aggregation?
Q. Does the router support cross-card link aggregation?
Q. Does the router support configuring blackhole routes?
Q. Is the OSPF cost of a Layer 3 Ethernet interface on the router relevant to the interface rate?
Q. What are the preferences of different routing protocols?
Q. Does the router discard the matching packets when the PBR-based forwarding fails?
Q. What is the compatibility between routing protocols and the GR, NSR, FRR, and BFD features?
Q. Which MPLS features are supported by the router?
Q. Which IGMP versions are supported by the router?
Q. Are static RPs supported by the router?
Q. Are static multicast routes supported by the router?
Q. How do I deny multicast packets from an illegal multicast source?
Q. Are multicast group policies supported by the router?
Q. Is BIDIR-PIM or IPv6 BIDIR-PIM supported by the router?
Q. Is inter-AS MD VPN supported by the router?
Q. Which cards can support NAT?
Q. How does the router perform NAT?
Q. Do all types of cards support VXLAN?
Q. Can I use the router as a VXLAN IP gateway?
Q. Can I use VXLAN for Layer 2 forwarding on the router?
Q. Which cards do not support OpenFlow?
Q. Which OpenFlow version does the router support?
Q. Does OpenFlow support controlling Layer 2 forwarded packets?
Q. Does OpenFlow support controlling MPLS forwarded packets?
Q. Does the OpenFlow forwarding process depend on the normal forwarding process?
H3C SR6600/SR6600-X Routers FAQ
Hardware
This section contains the most frequently asked questions about the router hardware.
Q. What models does H3C SR6600 Router Series include?
A. H3C SR6600 Router Series includes the following models:
· SR6600 models: SR6604, SR6608, and SR6616.
· SR6602-X models: SR6602-X1 and SR6602-X2.
· SR6600-X models: SR6604-X, SR6608-X, and SR6616-X.
Table 1 SR6600 Router Series models
|
Model |
MPU slot |
LPU slot |
Fan tray slot |
Power module slot |
|
SR6604 |
2 |
2 |
1 |
2 |
|
SR6608 |
2 |
4 |
1 |
2 |
|
SR6616 |
2 |
8 |
1 |
4 |
|
SR6602-X1 |
0 |
1 |
1 |
2 |
|
SR6602-X2 |
0 |
1 |
1 |
2 |
|
SR6604-X |
2 |
2 |
1 |
2 |
|
SR6608-X |
2 |
4 |
1 |
2 |
|
SR6616-X |
2 |
8 |
1 |
4 |
Q. What MPUs are available for the router?
A. The RT-RPE-X3 MPU is available for the SR6600 routers. A BKEC carrier is required to install an MPU on the router.
The RT-RSE-X3 MPU is available for the SR6600-X routers. No carrier is required to install an MPU on the router.
Q. What line cards are available for the router?
A. The router supports FIP and SAP modules.
· FIP modules—Lower FIP modules than FIP-600 are full-service multi-core forwarding modules. FIP-600 and above modules are full-service forwarding modules that use Appllo chips. FIP modules provide interface modules slots and need to work in conjunction with interface modules.
· SAP modules—Full-service modules that use fixed interfaces and do not provide interface module slots.
Q. What power modules are available for the router?
A. The following power modules are available for the router:
|
Model |
Voltage range |
Quantity |
|
LSWM1AC300 |
· AC input: 100 VAC to 240 VAC · High-voltage DC input: 240 VDC |
· SR6602-X1: 1 to 2 · SR6602-X2: 1 to 2 |
|
LSWM1DC300 |
–48 VDC to –60 VDC |
|
|
PSR650-D |
–48 VDC to –60 VDC |
· SR6604: 1 to 2 · SR6608: 1 to 2 · SR6616: 1 to 4 · SR6604-X: 1 to 2 · SR6608-X: 1 to 2 · SR6616-X: 1 to 4 |
|
PSR1200-D |
||
|
PSR650-A |
· AC input: 100 VAC to 240 VAC · High-voltage DC input: 240 VDC |
· SR6604: 1 to 2 · SR6608: 1 to 2 · SR6616: 1 to 4 · SR6604-X: 1 to 2 · SR6608-X: 1 to 2 · SR6616-X: 1 to 4 |
|
PSR1200-A |
|
|
CAUTION: Do not install AC and DC power modules on the same router. |
Q. Are the power modules on the router hot swappable?
A. Yes. Make sure the maximum output power of the power modules available on the router is larger than the total power consumption. Reserve 20% of the power as a best practice.
Q. Can the router adjust the fan speed automatically?
A. Yes. The router can automatically adjust the fan speed based on the card temperature.
Q. Are the cards/interface modules on the router hot swappable?
A. Yes.
Q. How are the interfaces numbered on the router?
A. In IRF mode, the interfaces on the router are numbered in the interface-type A/B/C/D format. In standalone mode, the interfaces on the router are numbered in the interface-type B/C/D format.
· A—Chassis ID.
· B—Slot number.
· C—Subslot number. If the card has no subslot, the subslot number is 0.
· D—Interface number.
Q. Does the router support active/standby MPU switchover?
A. Yes. The standby MPU automatically takes over when the active MPU fails to ensure service continuity.
For a successful active/standby switchover, make sure the active and standby MPUs use the same software version.
Q. What is the operating temperature and upper and lower temperature thresholds of the router?
A. The operating temperature of the router is in the range of 0°C (32°F) to 45°C (113°F).
You can use the display environment command to display the router temperature statistics, including the current temperature and temperature thresholds.
· When the temperature drops below the lower threshold or reaches the warning threshold, the router displays a log message and a trap.
· When the temperature reaches the alarm threshold, the router repeatedly displays log and trap messages. It also alerts the user to the high-temperature condition through LEDs on the panel.
Q. How do I identify the card serial number or manufacture information?
A. Use the display device manuinfo command on the router. The following is a sample command output.
Chassis self:
The operation is not supported on the specified chassis.
Slot 0 CPU 0:
DEVICE_NAME:RT-RSE-X3
DEVICE_SERIAL_NUMBER:210231A1U5B13C900098
MAC_ADDRESS:5CDD-70A2-C654
MANUFACTURING_DATE:2014-02-11
VENDOR_NAME: H3C
Slot 3 CPU 0:
DEVICE_NAME: FIP-240
DEVICE_SERIAL_NUMBER: 210231A2MGB13C900008
MAC_ADDRESS:NONE
MANUFACTURING_DATE:NONE
VENDOR_NAME: H3C
Q. What is intelligent power management?
A. Intelligent power management powers on or off cards based on the remaining power and the power consumptions of the operating cards and shuts down non-operating cards.
Q. What cards and interface modules are available for the router?
A. See H3C SR6600/SR6600-X Routers Interface Module Guide.
Q. What transceiver modules available for the router?
A. See H3C SR6600/SR6600-X Routers Interface Module Guide.
Q. Do the router LPUs support interface type changing between POS and GE?
A. Only the HIM-TS8P interface module supports interface type changing between POS and GE.
Q. Does the router support switching fabric modules?
A. The SR6600-X routers support the SFE-X1 switching fabric module. The SR6600 routers support the SFE-L1 switching fabric module.
Software
This section contains the most frequently asked questions about the router software.
Q. Does the BootWare support forward compatibility?
A. Yes. The BootWare is released together with the Comware software. You do not need to upgrade the BootWare separately. For an SR6602-X1 or SR6602-X2 router or an RSE-X2 MPU to migrate from Comware 5 to Comware 7, you must follow the BootWare upgrade steps listed in the release notes to upgrade the BootWare first.
Q. How do I view the system version information and operation time information?
A. Use the display version command. This command displays information about the current BootWare version, Comware system software version, and system operation time.
Q. Can I delete the Comware system software image file after the upgrade is completed?
A. No. The file contains the software images for MPUs and the software images for LPUs. MPUs and LPUs read these images during startup.
Q. Can I view deleted files?
A. Yes if the files were deleted by a delete command without the /unreserved option. A delete command with the /unreserved option permanently deletes files. A delete command without the /unreserved option moves commands to the recycle bin.
To view the commands in the recycle bin, use the dir /all command. The name of a file in the recycle bin is placed in brackets ([ ]).
You can use the undelete command to restore commands from the recycle bin.
Q. How can I empty the recycle bin?
A. Use the reset recycle-bin command. If a file in the recycle bin is corrupt, use the reset recycle-bin command with the /force option to delete the file.
Q. Is software hotfix supported?
A. Yes.
Q. What should I do before installing patches?
A. Before installing patches, perform the following tasks:
· Save the patch image file in the same directory on the same type of storage medium (flash or CF card) on the MPUs.
· Specify the path of the patch image file for the patch file location argument.
Q. Why doesn't the router display the current startup configuration file?
A. The router does not display the current startup configuration file at the first startup:
<Sysname>display startup
MainBoard:
Current saved-configuration file: NULL
Next main startup saved-configuration file: flash:/startup.cfg
Next backup startup saved-configuration file: NULL
Slot 1:
Current saved-configuration file: NULL
Next main startup saved-configuration file: flash:/startup.cfg
Next backup startup saved-configuration file: NULL
System management and maintenance
This section contains the most frequently asked questions about system management and maintenance.
Q. Information displayed on the console terminal is incorrect sometimes. Why?
A. If nothing is displayed on the console terminal, examine the following:
· Whether the power system is operating correctly.
· Whether the MPUs are operating correctly.
· Whether the console cable is connected to the console port correctly.
If no problem is found, the reason might be one of the following:
· The access port specified for the terminal is different from the port to which the console cable is connected.
· Settings on the configuration terminal are incorrect.
· The cable has a problem.
If garbled characters are displayed on the terminal, settings on the configuration terminal might be incorrect.
The correct terminal settings are as follows:
· Bits per second—9600 bps
· Flow control—None
· Parity—None
· Stop bits—1
· Data bits—8
· Terminal display type—VT100
If you are running the terminal software SecureCRT, you must deselect the DTR/DSR option and RTS/CTS option for flow control. By default, the RTS/CTS option is selected for flow control.
Q. Data loss occurred after I logged in to the router through the console port. What should I do?
A. Perform the following tasks:
1. Enter console user interface view.
2. Use the speed command to change the data rate to 115200 bps.
3. Close the connection.
4. Initiate a new console connection.
Q. How can I clear a Telnet connection?
A. Use the free user-interface vty number command in user view.
Q. Can a Telnet user's username contain the at sign (@)?
A. The username of a Telnet user that is configured on the router cannot contain the at sign (@).
Q. I cleared the packet statistics on an interface by using the reset counters interface command. Why does the MIB browser show that the error packet count is still the same?
A. The MIB browser shows the values of the hardware counters. The reset counters interface command does not reset the hardware counters. This command clears only the statistics calculated by software.
Q. How do I format the Flash or CF card from the BootWare?
A. To format the Flash or CF card:
1. Access the extended BootWare menu.
2. Access the storage media management menu and select the storage medium to be formatted.
3. Format the storage medium.
For example, to format the Flash on an RSE-X3 MPU:
1. Power on or reboot the router.
The startup information appears. (Details not shown.)
2. Press Ctrl + B as prompted to enter the extended BootWare menu.
==========================<EXTENDED-BOOTWARE MENU>==========================
|<1> Boot System |
|<2> Enter Serial SubMenu |
|<3> Enter Ethernet SubMenu |
|<4> File Control |
|<5> Restore to Factory Default Configuration |
|<6> Skip Current System Configuration |
|<7> BootWare Operation Menu |
|<8> Skip Authentication for Console Login |
|<9> Storage Device Operation |
|<0> Reboot |
============================================================================
Ctrl+Z: Access EXTEND-ASSISTANT MENU
Ctrl+F: Format File System
Enter your choice(0-9):
3. Enter 9 to access the storage media management menu. Follow the displayed instructions to specify the operating storage medium and then return to the extended BootWare menu.
4. Press Ctrl+F to format the Flash.
Q. Does the router relearn MAC address, ARP, and route entries after an active/standby switchover?
A. The router relearns route entries, but it does not relearn MAC address entries and ARP entries.
The switchover does not interrupt MAC-based forwarding or ARP services because the MAC address table and the ARP table are backed up on the standby MPU. The impact on routing-based forwarding services depends on the configuration of GR and NSR:
· If GR or NSR is configured, the switchover will not interrupt forwarding services.
· If GR and NSR are not configured, the switchover will interrupt forwarding services.
Q. Why should I wait for all LPUs to operate correctly before I save the running configuration?
A. The configuration is saved on the Flash or CF card. During startup, the router configures LPUs by loading the configuration to memory. If you execute the save command before the process is completed, the incomplete configuration in memory will be saved to the Flash to replace the complete configuration, resulting in configuration loss.
Q. Can the router operate as a TFTP server?
A. No.
IRF
This section contains the most frequently asked questions about IRF.
Q. Are all H3C SR6600 routers IRF capable?
A. Yes, all H3C SR6600 routers are IRF capable.
Q. Do all SR6600 service modules support IRF?
A. Yes.
Q. Can an H3C SR6600 router form an IRF fabric with any devices in the same series?
A. No. When you set up an IRF fabric, follow these hardware restrictions and guidelines:
· The H3C SR6604, SR6608, and SR6616 routers can form an IRF fabric with each other. The routers cannot form an IRF fabric with any other devices.
· The H3C SR6604-X, SR6608-X, and SR6616-X routers can form an IRF fabric with each other. The routers cannot form an IRF fabric with any other devices.
· The H3C SR6602-X1 and SR6602-X2 routers can form an IRF fabric with each other. The routers cannot form an IRF fabric with any other devices.
Q. How many chassis can an H3C SR6600 IRF fabric have?
A. An H3C SR6600 IRF fabric can have a maximum of two member chassis.
Q. What topologies does an H3C SR6600 IRF fabric support?
A. An H3C SR6600 IRF fabric only supports the daisy-chain topology. It does not support the ring topology.
Q. What restrictions should I follow when I bind a physical interface to or remove it from an IRF port in IRF mode?
A. In IRF mode, you must shut down a physical interface before you bind it to or remove it from an IRF port. After the physical interface is bound to or removed from the IRF port, use the undo shutdown command to bring up the physical interface. You cannot shut down the interface if one of the following conditions exists:
· The interface is the only member interface of a subordinate chassis in an IRF port binding.
· Among all interfaces of a subordinate chassis in an IRF port binding, only the interface is in up state.
Q. Does an SR6600 IRF fabric support multichassis Ethernet link aggregation?
A. Yes.
Q. Can I set up an IRF connection that has multiple links?
A. Yes, you can bind multiple physical links into one IRF connection. These links aggregate automatically. You do not need to create a link aggregation group as you do for creating an Ethernet link aggregation.
Q. Can IRF member chassis use duplicate member IDs?
A. No. You must assign a unique IRF member ID to each member chassis before setting up an IRF fabric. If a chassis has different member IDs on its active MPU and standby MPU, the standby MPU will reboot automatically with the member ID on the active MPU.
Q. Can I use an intermediate device to connect IRF physical interfaces?
A. No. To ensure the network stability, use fibers or cables to directly connect the IRF physical interfaces. No intermediate device is allowed for IRF connection.
Q. What physical interfaces can be used for IRF connection?
A. Only fixed ports on interface modules can be used as IRF physical interfaces.
Q. Can I remove both the MPUs in a subordinate chassis?
A. No. Each subordinate chassis must have an MPU to communicate with the global active MPU and manage forwarding on the local chassis. If you remove both the MPUs on a subordinate chassis, its interface modules cannot communicate with each other to forward cross-module traffic correctly. For an SR6600 IRF fabric, if you remove both the MPUs on a subordinate chassis, the IRF fabric splits.
Q. Are there any requirements for the intermediate device in LACP MAD?
A. When you configure LACP MAD, make sure the intermediate device meets the following requirements:
· The intermediate device is a Comware-based H3C device that can process the LACPDUs that convey the ActiveID field for MAD.
· If the intermediate device is also an IRF fabric, assign the two IRF fabrics different domain IDs for correct split detection.
Q. Why are service interfaces that were shut down by MAD still down after an IRF merge?
A. If you reboot the active fabric instead of the recovery IRF fabric to complete an IRF merge, the service interfaces that were shut down by MAD cannot be restored automatically. You must use the mad restore command to restore their original physical state.
To avoid this issue, reboot the recovery IRF fabric instead of the active IRF fabric to complete an IRF merge.
Q. Why doesn't the running configuration on a reunified IRF fabric include the configuration that I made on one chassis after an IRF split?
A. When an IRF fabric merges, the chassis in the Recovery-state IRF fabric reboots with the running configuration on the active IRF fabric. The configuration you made on the recovery IRF fabric will not take effect.
Network security and attack prevention
This section contains the most frequently asked questions about network security and attack prevention.
Q. What attack prevention types does the router support?
A. The router supports protection against ARP, network layer, and transport layer attacks, as shown in Table 2.
Table 2 Attack prevention types
|
Attack prevention types |
Description |
|
|
ARP attack |
ARP source suppression |
Prevents IP attack packets from fixed sources. |
|
ARP black hole routing |
Prevents IP attack packets from sources that are not fixed. |
|
|
ARP active acknowledgement |
Prevents user spoofing. |
|
|
Source MAC-based ARP attack detection |
Prevents ARP packet attacks from the same source MAC. |
|
|
ARP packet source MAC consistency check |
Prevents attacks from ARP packets whose source MAC address in the Ethernet header is different from the sender MAC address in the message body. |
|
|
Network layer |
uRPF check |
Protects a network against source spoofing attacks. |
|
TTL attack prevention |
Prevents an attack by disabling sending ICMP time exceeded messages. |
|
|
Transport layer |
SYN flood attack prevention |
Enables the server to directly return a SYN ACK message upon receiving a TCP connection request, without establishing a half-open TCP connection. |
Q. Does the router support local authentication before RADIUS authentication?
A. No. Local authentication can be performed only when no response is received from the RADIUS server.
Q. Why cannot a user log in to an ACS authentication server through a console port when the router uses RADIUS authentication?
A. The user can log in to an ACS server through a console port only when you clear the Login-Service option for the ACS server configuration.
Q. Why can the level for the RADIUS server (the router) only be 1 when it connects to an ACS server?
A. The symptom might occur when one of the following conditions exists:
· The 2011/002 private attributes for the ACS server are not complete.
· The Login-Service attribute for the ACS server is not configured.
Q. Does the router support local authentication when the HWTACACS authentication fails?
A. The router supports local authentication when the HWTACACS authentication fails because the server is not reachable.
The router does not support local authentication when the HWTACACS authentication fails because of an incorrect username or password.
Q. Can the router be connected to a TACACS server that runs third-party TACACS server software?
A. As long as the TACACS server is configured with the standard RADIUS protocol, the router can be connected to the server. The servers include ACS servers from Cisco and TACACS servers open to public (for example, free TACACS servers).
Q. Does the reply from a RADIUS server include the Login-Service option after the authentication succeeds?
A. It depends on whether a service type is specified on the server. If a service type is specified on the server, the reply includes the Login-Service option. If no service type is specified on the server, the reply does not include the Login-Service option.
Q. How do I set the user role?
A. You can set the user role in one of the following ways:
· Execute the user-role command in user line view or user line class view to assign a user role to a user line. Users who log in through the user line will get the user role.
· Execute the authorization-attribute user-role command in local user view to specify a user role for the local user account.
· If AAA remote authentication is used, set the user role on the remote server.
Q. What is the relationship between the levels authorized by an SR6600 HWTACACS server and the levels authorized by a Cisco ACS server?
A. The levels 0 to 16 authorized by an SR6600 HWTACACS server correspond to the levels 0 to 16 authorized by a Cisco ACS server.
Q. Which user role is assigned to a Telnet user: The user role configured in VTY user interface or the user role configured on a RADIUS server or a HWTACACS server?
A. The user role configured on a RADIUS server or a HWTACACS server is assigned. Both the default user roles are network-operator.
For example, if the user role network-admin or level 15 is configured in VTY user interface, and no user role is configured on the server, the user role network-operator is assigned to the Telnet user.
If no user role is configured in VTY user interface, and the user role level 15 is configured on the server, the user role level 15 is assigned to the Telnet user.
The user role configured in VTY user interface is assigned only after the authentication-mode none command or the password command is executed.
Q. How do I prevent gateway spoofing when the router acts as a gateway?
A. When receiving an ARP packet from the router that acts as a gateway, the router sends a gratuitous ARP packet to modify the spoofed ARP entries. If a large number of attack packets exist, the router detects the incoming interface of the attack packets. It captures the packets, obtains the packet signature, and applies an ACL to the interface to filter out subsequent attack packets.
IP forwarding services
This section contains the most frequently asked questions about IP forwarding services.
Q. Does the router support cross-card port mirroring?
A. The local mirroring group supports cross-card port mirroring. The mirroring source and destination can reside on different cards or interface cards of a router.
Q. Does the router support remote port mirroring?
A. No.
Q. What tunneling technologies does the router support?
A. The router supports the following tunneling technologies:
· IPv6 over IPv4 tunneling—Enables IPv6 packets to traverse IPv4 networks and enables isolated IPv6 networks to communicate.
· IPv4 over IPv4 tunneling/GRE tunneling—Creates VPN to ensure communication security.
· MPLS TE tunneling—Implements traffic engineering to prevent network congestion.
Q. What protocols and features does BFD support on the router?
A. BFD supports the following protocols and features:
· IPv4 routing protocols, including RIP, OSPF, IS-IS, and BGP.
· IPv6 routing protocols, including OSPFv3, IPv6 IS-IS, and IPv6 BGP.
· LDP LSP.
· MPLS TE.
· Static routing, policy-based routing, and Track.
· IP FRR and MPLS TE FRR.
· VRRP.
· PIM DR.
· Primary and backup PWs of VPLS.
· LACP.
· Interface and subinterface.
Q. What interfaces can be used for link aggregation?
A. You can aggregate the physical Ethernet interfaces on an FIP-600 or SAP-4EXP card.
You can aggregate the physical Ethernet interfaces and Layer 3 Ethernet subinterfaces on any card except an FIP-600 or SAP-4EXP card.
Q. Does the router support cross-card link aggregation?
A. Yes. You can use interfaces on any cards for cross-card link aggregation except an FIP-600 or SAP-4EXP card.
IP routing
This section contains the most frequently asked questions about IP routing.
Q. Does the router support configuring blackhole routes?
A. Yes. A blackhole route is a static route whose output interface is Null 0. The router discards the matching packets without sending ICMP messages to notify the source host. To prevent IP attacks, you can configure blackhole routes to discard packets destined for specific destinations. The following example shows how to configure a blackhole route:
<Sysname>system-view
[Sysname]ip route-static 1.1.1.1 32 null 0 preference 1
Q. Is the OSPF cost of a Layer 3 Ethernet interface on the router relevant to the interface rate?
A. Yes. By default, a Layer 3 Ethernet interface automatically computes its OSPF cost according to the interface rate with the following formula: Interface OSPF cost = Bandwidth reference value (100 Mbps) / Interface rate (Mbps).
If the calculated cost is greater than 65535, the value of 65535 is used. If the calculated cost is smaller than 1, the value of 1 is used.
Q. What are the preferences of different routing protocols?
A. Routing protocols, including static routing, each have a preference by default. If they find multiple routes to the same destination, the router selects the route with the highest preference as the optimal route. The preference of a direct route is always 0 and cannot be changed. You can configure a preference for each static route and each dynamic routing protocol. Table 3 lists the route types and default preferences. The smaller the value, the higher the preference.
Table 3 Route types and default route preferences
|
Route type |
Preference |
|
Direct route |
0 |
|
OSPF |
10 |
|
IS-IS |
15 |
|
Static route |
60 |
|
RIP |
100 |
|
OSPF ASE |
150 |
|
OSPF NSSA |
150 |
|
IBGP |
255 |
|
EBGP |
255 |
|
Unknown (route from an untrusted source) |
256 |
Q. Does the router discard the matching packets when the PBR-based forwarding fails?
A. No. If the PBR-based forwarding fails because of nonexistent next hop, the router forwards the matching packets based on the IP routing table.
Q. What is the compatibility between routing protocols and the GR, NSR, FRR, and BFD features?
A. The following matrix shows the GR, NSR, FRR, and BFD features and routing protocol compatibility:
|
Routing protocol |
GR |
NSR |
FRR |
BFD |
|
IPv4 static route |
N/A |
N/A |
Yes |
Yes |
|
IPv6 static route |
N/A |
N/A |
N/A |
Yes |
|
RIP |
Yes |
Yes |
Yes |
Yes |
|
RIPng |
Yes |
Yes |
Yes |
No |
|
OSPF |
Yes |
Yes |
Yes |
Yes |
|
OSPFv3 |
Yes |
Yes |
Yes |
Yes |
|
IS-IS |
Yes |
Yes |
Yes |
Yes |
|
IPv6 IS-IS |
Yes |
Yes |
Yes |
Yes |
|
BGP |
Yes |
Yes |
Yes |
Yes |
|
IPv6 BGP |
Yes |
Yes |
Yes |
Yes |
MPLS
This section contains the most frequently asked questions about MPLS.
Q. Which MPLS features are supported by the router?
A. The router supports the following MPLS features:
· MPLS data forwarding, LSP, and LDP.
· Acting as an ingress, egress, or a transit LSR.
· MPLS TE and RSVP-TE.
· MPLS L2VPN and VPLS.
· MPLS L3VPN.
· MPLS L2VPN access to L3VPN.
IP multicast
This section contains the most frequently asked questions about IP multicast.
Q. Which IGMP versions are supported by the router?
A. The router supports IGMPv1, IGMPv2, and IGMPv3. By default, the router runs IGMPv2.
Q. Are static RPs supported by the router?
A. Yes. You can use the static-rp rp-address [ acl-number | bidir | preferred ] *command to configure a static RP. You can also use this command to define the multicast group range to which the static RP is designated and to give priority to the static RP.
When you configure a static RP, follow these restrictions and guidelines:
· If you specify the preferred keyword, the static RP takes priority. The dynamic RP takes effect only if the static RP fails. If you do not specify the preferred keyword, the dynamic RP takes priority.
· You must configure the same static RP for all routers in the PIM domain.
Q. Are static multicast routes supported by the router?
A. Yes. You can configure static multicast routes to create or change RPF routes.
Q. How do I deny multicast packets from an illegal multicast source?
A. You can configure an ACL to permit multicast packets only from legal sources. For example, to permit only packets from the source 99.100.100.4 to the group 225.1.1.1, follow these steps:
1. Configure an ACL.
[Sysname] acl number 3000
[Sysname-acl-adv-3000] rule 0 permit ip source 99.100.100.4 0 destination 225.1.1.1 0
[Sysname-acl-adv-3000] rule 1 deny ip
2. Configure a multicast source policy that uses ACL 3000.
[Sysname-pim] source-policy 3000
Q. Are multicast group policies supported by the router?
A. Yes. You can configure a multicast group policy by using the igmp group-policy ipv4-acl-number [ version-number ] command in one of the following views:
· Layer 3 Ethernet interface view
· Layer 3 Ethernet subinterface view
· Layer 3 aggregate interface view
· Layer 3 aggregate subinterface view
When you configure a rule in the IPv4 ACL, follow these restrictions and guidelines:
· For the rule to take effect, do not specify the vpn-instance vpn-instance option.
· In a basic ACL, the source source-address source-wildcard option specifies a multicast group address.
· In an advanced ACL, the source source-address source-wildcard option specifies a multicast source address. The destination dest-address dest-wildcard option specifies a multicast group address.
· To match the following IGMP reports, set the source source-address source-wildcard option to 0.0.0.0:
¡ IGMPv1 and IGMPv2 reports.
¡ IGMPv3 IS_EX and IGMPv3 TO_EX reports that do not carry multicast source addresses.
· Among the other optional parameters, only the fragment keyword and the time-range time-range-name option take effect.
Q. The RPF check fails after the MSDP peer switchover in inter-domain multicast routing. What are the possible reasons?
A. The RPF check fails due to either of the following reasons:
· The configuration for the static RPF peer is not correct. For example, the filtering policy for the static RPF peer is incorrect.
· Loops exist between MSDP peers, causing packets to arrive at non-RPF interfaces.
Q. Is BIDIR-PIM or IPv6 BIDIR-PIM supported by the router?
A. Yes.
Q. Is inter-AS MD VPN supported by the router?
A. Yes.
Q. Is IP multicast unavailable if I configure both of VPLS and IP multicast on the same interface of the router?
A. Yes. Do not configure both of VPLS and IP multicast on the same interface of the router.
NAT
This section contains the most frequently asked questions about NAT.
Q. Which cards can support NAT?
A. All cards support NAT on the router.
Q. How does the router perform NAT?
A. The router can perform traditional NAT and twice NAT:
· Traditional NAT applies to the interface that connects the public network. It translates the source IP addresses of outgoing packets and destination IP addresses of incoming packets.
· Twice NAT translates the destination IP address on the receiving interface and the source IP address on the sending interface. The receiving and sending interfaces are both NAT interfaces. Twice NAT allows VPNs with overlapping addresses to access each other.
Q. Why routing protocols are not recommended to be configured on the interface with Easy IP configured?
A. With Easy IP configured, the interface puts all packets into one software queue to the CPU. If routing protocols are configured on the interface, a large number of protocol packets will be generated. Queue congestion might occur and some packets will be dropped, affecting the correct function of the device. If Easy IP is not configured, the interface puts packets of different protocols into different queues.
VXLAN
This section contains the most frequently asked questions about VXLAN.
Q. Do all types of cards support VXLAN?
A. No. FIP-600 and SAP-4EXP cards do not support VXLAN.
Q. Can I use the router as a VXLAN IP gateway?
A. Yes.
Q. Can I use VXLAN for Layer 2 forwarding on the router?
A. No.
OpenFlow
This section contains the most frequently asked questions about OpenFlow.
Q. Which cards do not support OpenFlow?
A. The FIP-600 and SAP-4EXP cards do not support OpenFlow.
Q. Which OpenFlow version does the router support?
A. The router supports OpenFlow 1.31.
Q. Does OpenFlow support controlling Layer 2 forwarded packets?
A. No.
Q. Does OpenFlow support controlling MPLS forwarded packets?
A. No.
Q. Does the OpenFlow forwarding process depend on the normal forwarding process?
Yes. The OpenFlow forwarding process must depend on the normal forwarding process in the current version. For the router to forward a packet by using the OpenFlow forwarding process, make sure the router can forward the packet by using the normal forwarding process. Otherwise, the router cannot forward the packet by using the OpenFlow forwarding process even if OpenFlow is configured.
Q. Does OpenFlow support VLAN interfaces?
A. The VLAN interfaces support only MAC-IP flow tables and do not support extensibility flow tables.
