- Table of Contents
-
- H3C S5500-SI Series Ethernet Switches Operation Manual-Release 1205-(V1.03)
- 00-1Cover
- 00-2Overview
- 01-Login Operation
- 02-Basic System Configuration and Maintenance Operation
- 03-File System Management Operation
- 04-VLAN Operation
- 05-QinQ-BPDU TUNNEL Operation
- 06-Port Correlation Configuration Operation
- 07-MAC Address Table Management Operation
- 08-MSTP Operation
- 09-IP Address and Performance Operation
- 10-IPv6 Configuration Operation
- 11-Routing Overview Operation
- 12-IPV4 Routing Operation
- 13-IPv6 Routing Operation
- 14-802.1x-HABP-MAC Authentication Operation
- 15-AAA-RADIUS-HWTACACS Operation
- 16-Multicast Protocol Operation
- 17-ARP Operation
- 18-DHCP Operation
- 19-ACL Operation
- 20-QoS Operation
- 21-Port Mirroring Operation
- 22-Cluster Operation
- 23-SNMP-RMON Operation
- 24-NTP Operation
- 25-DNS Operation
- 26-Information Center Operation
- 27-NQA Operation
- 28-SSH Terminal Service Operation
- 29-UDP Helper Operation
- 30-SSL-HTTPS Operation
- 31-PKI Operation
- 32-PoE-PoE Profile Operation
- 33-Appendix
- Related Documents
-
Title | Size | Download |
---|---|---|
13-IPv6 Routing Operation | 243 KB |
Table of Contents
Chapter 1 IPv6 Static Routing Configuration
1.1 Introduction to IPv6 Static Routing
1.1.1 Features and Functionalities of IPv6 Static Routes
1.2 Configuring IPv6 Static Routes
1.2.1 Configuration prerequisites
1.2.2 Configuring IPv6 Static Routes
1.3 Displaying and Maintaining IPv6 Static Routes
1.4 IPv6 Static Routing Configuration Example
Chapter 2 IPv6-RIPng Configuration
2.1.3 RIPng Packet Processing Procedure
2.2 Configuring RIPng Basic Functions
2.2.1 Configuration Prerequisites
2.3 Configuring RIPng Advanced Functions
2.3.1 Configuring an Additional Routing Metric
2.3.2 Configuring RIPng Route Summarization
2.3.3 Advertising a Default Route
2.3.4 Configuring a RIPng Route Filtering Policy
2.3.5 Configuring a RIPng Priority
2.3.6 Configuring RIPng Route Redistribution
2.4 Optimizing the RIPng Network
2.4.1 Configuring RIPng Timers
2.4.2 Configuring the Split Horizon and Poison Reverse
2.4.3 Configuring Zero Field Check
2.5 Displaying and Maintaining RIPng
2.6 RIPng Configuration Example
Chapter 3 Routing Policy Configuration
3.1 Introduction to Routing Policy
3.1.1 Routing Policy and Policy Routing
3.1.3 Routing Policy Application
3.2.2 Defining an IPv6 prefix List
3.3 Configuring a Routing Policy
3.3.2 Creating a Routing Policy
3.3.3 Defining if-match Clauses for the Routing Policy
3.3.4 Defining apply Clauses for the Routing Policy
3.4 Displaying and Maintaining the Routing Policy
3.5 Routing Policy Configuration Example
3.5.1 Applying Routing Policy When Redistributing IPv6 Routes
3.6 Troubleshooting Routing Policy Configuration
3.6.1 IPv6 Routing Information Filtering Failed
Chapter 1 IPv6 Static Routing Configuration
When configuring IPv6 Static Routing, go to these sections for information you are interested in:
l Introduction to IPv6 Static Routing
l Configuring IPv6 Static Routes
l Displaying and Maintaining IPv6 Static Routes
l IPv6 Static Routing Configuration Example
& Note:
Throughout this chapter, the term router refers to either a router in a general sense or a Layer 3 switch running routing protocols.
1.1 Introduction to IPv6 Static Routing
Static routes are special routes that are manually configured by network administrators. These manually configured static routes work well in simple networks. Configuring and using them properly can improve the performance of networks and can guarantee enough bandwidth reserved for important applications.
However, static routes also have their downside: network failure or topology changes could introduce unreachable routes that lead to network disconnection. Such scenarios require the network administrators to manually configure and modify the static routes.
1.1.1 Features and Functionalities of IPv6 Static Routes
Similar to IPv4 static routes, IPv6 static routes work well in simple IPv6 network environments.
Their major difference lies in the destination and the next hop addresses. IPv6 static routes use IPv6 addresses whereas IPv4 static routes use IPv4 addresses.
1.1.2 Default IPv6 Route
An IPv6 static route that has the destination address configured as “::/0” (indicating a prefix length of 0) is the default IPv6 route. If the destination address of an IPv6 packet does not match any entries in the routing table, this default route will be used to forward the packet.
1.2 Configuring IPv6 Static Routes
In small IPv6 network environments, IPv6 static routes can be used to achieve network connectivity. In comparison to dynamic routes, it helps to save network bandwidth.
1.2.1 Configuration prerequisites
l Enabling IPv6 packet forwarding
l Ensuring that the neighboring nodes are IPv6 reachable
1.2.2 Configuring IPv6 Static Routes
To do… |
Use the commands… |
Remarks |
Enter system view |
system-view |
— |
Configure an IPv6 static route |
ipv6 route-static ipv6-address prefix-length [ interface-type interface-number ] nexthop-address [ preference preference-value ] |
Required The default preference of IPv6 static routes is 60. |
1.3 Displaying and Maintaining IPv6 Static Routes
To do… |
Use the command… |
Remarks |
Display IPv6 static route information |
display ipv6 routing-table protocol static [ inactive | verbose ] |
Available in any view |
Remove all IPv6 static routes |
delete ipv6 static-routes all |
Available in system view |
& Note:
Using the undo ipv6 route-static command can delete a single IPv6 static route, while using the delete ipv6 static-routes all command deletes all IPv6 static routes including the default route.
1.4 IPv6 Static Routing Configuration Example
I. Network requirements
With IPv6 static routes configured, all hosts and switches can interact with each other.
II. Network diagram
Figure 1-1 Network diagram for static routes
III. Configuration procedure
1) Configure the IPv6 addresses of all VLAN interfaces (Omitted)
2) Configure IPv6 static routes.
# Configure on SwitchA the default IPv6 static route.
<SwitchA> system-view
[SwitchA] ipv6
[SwitchA] ipv6 route-static :: 0 4::2
# Configure two IPv6 static routes on SwitchB.
<SwitchB> system-view
[SwitchB] ipv6
[SwitchB] ipv6 route-static 1:: 64 4::1
[SwitchB] ipv6 route-static 3:: 64 5::1
# Configure on SwitchC the default IPv6 static route.
<SwitchC> system-view
[SwitchC] ipv6
[SwitchC] ipv6 route-static :: 0 5::2
3) Configure the IPv6 addresses of hosts and gateways.
Configure the IPv6 addresses of all the hosts based upon the network diagram, configure the default gateway of PC1 as 1::1, PC2 as 2::1, and PC3 as 3::1.
4) Display configuration information
# Display the IPv6 routing table of SwitchA.
[SwitchA] display ipv6 routing-table
Routing Table :
Destinations : 7 Routes : 7
Destination: ::/0 Protocol : Static
NextHop : 4::2 Preference: 60
Interface : Vlan200 Cost : 0
Destination: ::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 1::/64 Protocol : Direct
NextHop : 1::1 Preference: 0
Interface : Vlan100 Cost : 0
Destination: 1::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 4::/64 Protocol : Direct
NextHop : 4::1 Preference: 0
Interface : Vlan200 Cost : 0
Destination: 4::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: FE80::/10 Protocol : Direct
NextHop : :: Preference: 0
Interface : NULL0 Cost : 0
# Verify with the ping command.
[SwitchA] ping ipv6 3::1
PING 3::1 : 56 data bytes, press CTRL_C to break
Reply from 3::1
bytes=56 Sequence=1 hop limit=63 time = 5 ms
Reply from 3::1
bytes=56 Sequence=2 hop limit=63 time = 13 ms
Reply from 3::1
bytes=56 Sequence=3 hop limit=63 time = 3 ms
Reply from 3::1
bytes=56 Sequence=4 hop limit=63 time = 3 ms
Reply from 3::1
bytes=56 Sequence=5 hop limit=63 time = 3 ms
--- 3::1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/5/13 ms
Chapter 2 IPv6-RIPng Configuration
When configuring RIPng, go to these sections for information you are interested in:
l Configuring RIPng Basic Functions
l Configuring RIPng Advanced Functions
l Optimizing the RIPng Network
& Note:
The term “router” in this document refers to a router in a generic sense or a Layer 3 switch.
2.1 Introduction to RIPng
RIP next generation (RIPng) is an extension of RIP-2 for IPv4. Most RIP concepts are applicable in RIPng.
RIPng for IPv6 made the following changes to RIP:
l UDP port number: RIPng uses UDP port 521 for sending and receiving routing information.
l Multicast address: RIPng uses FF02:9 as the link-local multicast address.
l Destination Prefix: 128-bit destination address prefix.
l Next hop: IPv6 address in 128-bit.
l Source address: RIPng uses FE80::/10 as the link-local source address
2.1.1 RIPng Working Mechanism
RIPng is a routing protocol based on the distance vector (D-V) algorithm. RIPng uses UPD packets to exchange routing information through port 521.
RIPng uses a hop count to measure the distance to a destination. The hop count is referred to as metric or cost. The hop count from a router to a directly connected network is 0. The hop count from one router to another router is 1, and so on. When the hop count is greater than or equal to 16, the destination network or host is unreachable.
By default, the routing update is sent every 30 seconds. If the router receives no routing update from a neighbor after 180 seconds, the routes learned from the neighbor are considered as unreachable. After another 240 seconds, if no routing update is received, the router will remove these routes from the routing table.
RIPng supports Split Horizon and Poison Reverse to prevent routing loops, and route redistribution.
Each RIPng router maintains a routing database, including route entries of all reachable destinations. A route entry contains the following information:
l Destination address: IPv6 address of a host or a network.
l Next hop address: IPv6 address of a neighbor along the path to the destination.
l Egress interface: Outbound interface that forwards IPv6 packets.
l Metric: Cost from the local router to the destination.
l Route time: Time that elapsed since a route entry is last changed. Each time a route entry is modified, the routing time is set to 0.
l Route tag: Identifies the route, used in routing policy to control routing.
2.1.2 RIPng Packet Format
I. Basic format
A RIPng packet consists of a header and multiple Route Table Entries (RTEs). The maximum number of RTEs in a packet is determined by the interface MTU value.
Figure 2-1 shows the basic packet format of RIPng.
Figure 2-1 RIPng basic packet format
l Command: Type of message. 0x01 indicates Request, 0x02 indicates Response.
l Version: Version of RIPng. It can only be 0x01 currently.
l RTE: Route table entry, 20 bytes for each entry.
II. RTE format
There are two types of RTE in RIPng.
l Next hop RTE: Defines a next hop IPv6 address
l IPv6 prefix RTE: Describes the destination IPv6 address and metric in the RIPng routing table.
Figure 2-2 shows format of the next hop RTE:
Figure 2-2 Next hop RTE format
IPv6 next hop address is the IPv6 address of the next hop.
Figure 2-3 shows the format of the IPv6 prefix RTE.
Figure 2-3 IPv6 prefix RTE format
l IPv6 prefix: Destination IPv6 address prefix.
l Route tag: Route tag.
l Prefix len: Length of the IPv6 address prefix.
l Metric: Cost of a route.
2.1.3 RIPng Packet Processing Procedure
I. Request packet
When a RIPng router first starts or needs to update some entries in its routing table, generally a multicast request packet is sent to ask for needed routes from neighbors.
The receiving RIPng router processes RTEs in the request. If there is only one RTE with the IPv6 prefix and prefix length both being 0, and with a metric value of 16, the RIPng router will respond with the entire routing table information in response messages. If there are multiple RTEs in the request message, the RIPng router will examine each RTE, update its metric, and send the requested routing information to the requesting router in the response packet.
II. Response packet
The response packet containing the local routing table information is generated as:
l A response to a request
l An update periodically
l A trigged update caused by route change
After receiving a response, a router checks the validation of the response before adding the route to its routing table, such as whether the source IPv6 address is the link-local address, whether the port number is correct. The response packet failed the check will be discarded.
2.1.4 Protocols and Standards
l RFC2080: RIPng for IPv6
l RFC2081: RIPng Protocol Applicability Statement
l RFC2453: RIP Version 2
2.2 Configuring RIPng Basic Functions
In this section, you are presented with the information to configure the basic RIPng features.
You need to enable RIPng first before configuring other tasks, but it is not necessary for RIPng related interface configurations, such as assigning an IPv6 address.
2.2.1 Configuration Prerequisites
Before the configuration, accomplish the following tasks first:
l Enable IPv6 packet forwarding.
l Configure an IP address for each interface, and make sure all nodes are reachable.
2.2.2 Configuration Procedure
Follow these steps to configure the basic RIPng function:
Use the command… |
Remarks |
|
Enter system view |
system-view |
–– |
Create a RIPng process and enter RIPng view |
ripng [ process-id ] |
Required Not created by default |
Return to system view |
quit |
— |
Enter interface view |
interface interface-type interface-number |
–– |
Enable RIPng on the interface |
ripng process-id enable |
Required Disabled by default |
& Note:
If RIPng is not enabled on an interface, the interface will not send and receive any RIPng route.
2.3 Configuring RIPng Advanced Functions
This section covers the following topics:
l Configuring an Additional Routing Metric
l Configuring RIPng Route Summarization
l Configuring a RIPng Route Filtering Policy
l Configuring a RIPng Priority
l Configuring RIPng Route Redistribution
Before the configuration, accomplish the following tasks first:
l Configure an IPv6 address on each interface, and make sure all nodes are reachable.
l Configure RIPng basic functions
l Define an IPv6 ACL before using it for route filtering. Refer to ACL configuration for related information.
l Define an IPv6 address prefix list before using it for route filtering.
2.3.1 Configuring an Additional Routing Metric
An additional routing metric can be added to the metric of an inbound or outbound RIP route, namely, the inbound and outbound additional metric.
The outbound additional metric is added to the metric of a sent route, the route’s metric in the routing table is not changed.
The inbound additional metric is added to the metric of a received route before the route is added into the routing table, so the route’s metric is changed.
Follow these steps to configure an inbound/outbound additional routing metric:
Use the command… |
Remarks |
|
Enter system view |
system-view |
–– |
Enter interface view |
interface interface-type interface-number |
–– |
Enter interface view |
interface interface-type interface-number |
–– |
Specify an inbound additional metric |
ripng metricin value |
Optional 0 by default |
Specify an outbound additional metric |
ripng metricout value |
Optional 1 by default |
2.3.2 Configuring RIPng Route Summarization
Follow these steps to configure RIPng route summarization
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
–– |
Enter interface view |
interface interface-type interface-number |
–– |
Advertise a summary IPv6 prefix |
ripng summary-address ipv6-address prefix-length |
Required |
2.3.3 Advertising a Default Route
Follow these steps to advertise a default route:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
–– |
Enter interface view |
interface interface-type interface-number |
–– |
Advertise a default route |
ripng default-route { only | originate } [ cost value ] |
Required Not advertised by default |
& Note:
With this feature enabled, a default route is advertised via the specified interface regardless of whether the default route is available in the local IPv6 routing table.
2.3.4 Configuring a RIPng Route Filtering Policy
You can reference a configured IPv6 ACL or prefix list to filter received/advertised routing information as needed. For filtering outbound routes, you can also specify a routing protocol from which to filter routing information redistributed.
Follow these steps to configure a RIPng route filtering policy:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
–– |
Enter RIPng view |
ripng [ process-id ] |
–– |
Configure a filter policy to filter received routes |
filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } import |
Required By default, RIPng does not filter received routing information. |
Configure a filter policy to filter advertised routes |
filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } export [ protocol [ process-id ] ] |
Required By default, RIPng does not filter routing information to be advertised. |
2.3.5 Configuring a RIPng Priority
Any routing protocol has its own protocol priority used for optimal route selection. You can set a priority for RIPng manually. The smaller the value is, the higher the priority is.
Follow these steps to configure a RIPng priority:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
— |
Enter RIPng view |
ripng [ process-id ] |
— |
Configure a RIPng priority |
preference [ route-policy route-policy-name ] value |
Optional By default, the RIPng priority is 100. |
2.3.6 Configuring RIPng Route Redistribution
Follow these steps to configure RIPng route redistribution:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
–– |
Enter RIPng view |
ripng [ process-id ] |
–– |
Configure a default routing metric for redistributed routes |
default cost value |
Optional By default, the default metric of redistribute routes is 0. |
Redistribute routes from another routing protocol |
import-route protocol [ cost cost-value | route-policy route-policy-name ] * |
Required By default, RIPng does not redistribute any other protocol route. |
2.4 Optimizing the RIPng Network
This section describes how to adjust and optimize the performance of the RIPng network as well as applications under special network environments. Before adjusting and optimizing the RIPng network, complete the following tasks:
l Configure a network layer address for each interface
l Configure the basic RIPng functions
This section covers the following topics:
l Configuring the Split Horizon and Poison Reverse
l Configuring Zero Field Check
2.4.1 Configuring RIPng Timers
You can adjust RIPng timers to optimize the performance of the RIPng network.
Follow these steps to configure RIPng timers:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
— |
Enter RIPng view |
ripng [ process-id ] |
— |
Configure RIPng timers |
timers { garbage-collect garbage-collect-value | suppress suppress-value | timeout timeout-value | update update-value } * |
Optional. The RIPng timers have the following defaults: l 30 seconds for the update timer l 180 seconds for the timeout timer l 120 seconds for the suppress timer l 240 seconds for the garbage-collect timer |
& Note:
When adjusting RIPng timers, you should consider the network performance and perform unified configurations on routers running RIPng to avoid unnecessary network traffic increase or route oscillation.
2.4.2 Configuring the Split Horizon and Poison Reverse
& Note:
If both the split horizon and poison reverse are configured, only the poison reverse function takes effect.
I. Configure the split horizon
The split horizon function disables a route learned from an interface from being advertised via the interface to prevent routing loops between neighbors.
Follow these steps to configure the split horizon:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
–– |
Enter interface view |
interface interface-type interface-number |
–– |
Enable the split horizon function |
ripng split-horizon |
Optional Enabled by default |
& Note:
Generally, you are recommended to enable the split horizon to prevent routing loops.
II. Configuring the poison reverse function
The poison reverse function enables a route learned from an interface to be advertised via the interface. However, the metric of the route is set to 16. That is to say, the route is unreachable.
Follow these steps to configure poison reverse:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
–– |
Enter interface view |
interface interface-type interface-number |
–– |
Enable the poison reverse function |
ripng poison-reverse |
Required Disabled by default |
2.4.3 Configuring Zero Field Check
Some fields in RIPng packet headers must be zero. These fields are called zero fields. You can enable the zero field check on RIPng packets. If any such field contains a non-zero value, the entire RIPng packet will be discarded. If you are sure that all packets are trusty, you can disable the zero field check to save the CPU processing time.
Follow these steps to configure RIPng zero field check:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
–– |
Enter RIPng view |
ripng [ process-id ] |
–– |
Enable the zero field check |
checkzero |
Optional Enabled by default |
2.5 Displaying and Maintaining RIPng
To do… |
Use the command… |
Remarks |
Display configuration information of a RIPng process |
display ripng [ process-id ] |
Available in any view |
Display routes in the RIPng database |
display ripng process-id database |
Available in any view |
Display the routing information of a specified RIPng process |
display ripng process-id route |
Available in any view |
Display information of a RIPng interface |
display ripng process-id interface [ interface-type interface-number ] |
Available in any view |
2.6 RIPng Configuration Example
I. Network requirements
As shown in Figure 2-4, all switches run RIPng. Configure Switch B to filter the route (3::/64) learnt from Switch C, which means the route will not be added to the routing table of Switch B, and Switch B will not forward it to Switch A..
II. Network diagram
Figure 2-4 Network diagram for RIPng configuration
III. Configuration procedure
1) Configure the IPv6 address for each interface (omitted)
2) Configure basic RIPng functions
# Configure Switch A.
<SwitchA> system-view
[SwitchA] ipv6
[SwitchA] ripng 1
[SwitchA-ripng-1] quit
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] ripng 1 enable
[SwitchA-Vlan-interface100] quit
[SwitchA] interface vlan-interface 400
[SwitchA-Vlan-interface400] ripng 1 enable
[SwitchA-Vlan-interface400] quit
# Configure Switch B.
<SwitchB> system-view
[SwitchB] ipv6
[SwitchB] ripng 1
[SwitchB-ripng-1] quit
[SwitchB] interface vlan-interface 200
[SwitchB-Vlan-interface200] ripng 1 enable
[SwitchB-Vlan-interface200] quit
[SwitchB] interface vlan-interface 100
[SwitchB-Vlan-interface100] ripng 1 enable
[SwitchB-Vlan-interface100] quit
# Configure Switch C.
<SwitchB> system-view
[SwitchC] ipv6
[SwitchC] ripng 1
[SwitchC-ripng-1] quit
[SwitchC] interface vlan-interface 200
[SwitchC-Vlan-interface200] ripng 1 enable
[SwitchC-Vlan-interface200] quit
[SwitchC] interface vlan-interface 500
[SwitchC-Vlan-interface500] ripng 1 enable
[SwitchC-Vlan-interface500] quit
[SwitchC] interface Vlan-interface 600
[SwitchC-Vlan-interface600] ripng 1 enable
[SwitchC-Vlan-interface600] quit
# Display the routing table of Switch B.
[SwitchB] display ripng 1 route
Route Flags: A - Aging, S - Suppressed, G - Garbage-collect
----------------------------------------------------------------
Peer FE80::20F:E2FF:FE23:82F5 on Vlan-interface100
Dest 1::/64,
via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 6 Sec
Dest 2::/64,
via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 6 Sec
Peer FE80::20F:E2FF:FE00:100 on Vlan-interface200
Dest 3::/64,
via FE80::20F:E2FF:FE00:100, cost 1, tag 0, A, 11 Sec
Dest 4::/64,
via FE80::20F:E2FF:FE00:100, cost 1, tag 0, A, 11 Sec
Dest 5::/64,
via FE80::20F:E2FF:FE00:100, cost 1, tag 0, A, 11 Sec
# Display the routing table of Switch A.
[SwitchA] display ripng 1 route
Route Flags: A - Aging, S - Suppressed, G - Garbage-collect
----------------------------------------------------------------
Peer FE80::200:2FF:FE64:8904 on Vlan-interface100
Dest 1::/64,
via FE80::200:2FF:FE64:8904, cost 1, tag 0, A, 31 Sec
Dest 4::/64,
via FE80::200:2FF:FE64:8904, cost 2, tag 0, A, 31 Sec
Dest 5::/64,
via FE80::200:2FF:FE64:8904, cost 2, tag 0, A, 31 Sec
Dest 3::/64,
via FE80::200:2FF:FE64:8904, cost 1, tag 0, A, 31 Sec
3) Configure Switch B to filter received routes
[SwitchB] acl ipv6 number 2000
[SwitchB-acl6-basic-2000] rule deny source 3::/64
[SwitchB-acl6-basic-2000] rule permit
[SwitchB-acl6-basic-2000] quit
[SwitchB] ripng 1
[SwitchB-ripng-1] filter-policy 2000 import
[SwitchB-ripng-1] filter-policy 2000 export
[SwitchB-ripng-1] quit
# Display routing tables of Switch B and Switch A.
[SwitchB] display ripng 1 route
Route Flags: A - Aging, S - Suppressed, G - Garbage-collect
----------------------------------------------------------------
Peer FE80::20F:E2FF:FE23:82F5 on Vlan-interface100
Dest 1::/64,
via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 2 Sec
Dest 2::/64,
via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 2 Sec
Peer FE80::20F:E2FF:FE00:100 on Vlan-interface200
Dest 4::/64,
via FE80::20F:E2FF:FE00:100, cost 1, tag 0, A, 5 Sec
Dest 5::/64,
via FE80::20F:E2FF:FE00:100, cost 1, tag 0, A, 5 Sec
[SwitchA] display ripng 1 route
Route Flags: A - Aging, S - Suppressed, G - Garbage-collect
----------------------------------------------------------------
Peer FE80::20F:E2FF:FE00:1235 on Vlan-interface100
Dest 1::/64,
via FE80::20F:E2FF:FE00:1235, cost 1, tag 0, A, 2 Sec
Dest 4::/64,
via FE80::20F:E2FF:FE00:1235, cost 2, tag 0, A, 2 Sec
Dest 5::/64,
via FE80::20F:E2FF:FE00:1235, cost 2, tag 0, A, 2 Sec
Chapter 3 Routing Policy Configuration
A routing policy is used on the router for route inspection, filtering, attributes modifying when routes are received, advertised, or redistributed.
When configuring routing policy, go to these sections for information you are interested in:
l Introduction to Routing Policy
l Configuring a Routing Policy
l Displaying and Maintaining the Routing Policy
l Routing Policy Configuration Example
l Troubleshooting Routing Policy Configuration
3.1 Introduction to Routing Policy
3.1.1 Routing Policy and Policy Routing
By modifying route attributes (including reachability), routing policy is adopted to change routing path for network traffic.
When distributing or receiving routing information, a router can apply some policy to filter routing information, for example, a router handles only routing information that matches some rules, or a routing protocol redistributes from other protocols only routes matching some rules and modifies some attributes of these routes to satisfy its needs.
To implement routing policy, first define the features of routing information, namely, a set of matching rules. You can make definitions according to attributes in routing information, such as destination address, advertising router’s address. The matching rules can be set beforehand and then apply them to a routing policy for route distribution, reception and redistribution.
3.1.2 Filters
Routing protocols can use three filters: ACL, IP prefix list, and route policy.
I. ACL
When defining an ACL, you can specify IPv6 addresses and prefixes for matching destinations or next hops of routing information.
For ACL configuration, refer to ACL operation.
II. IP prefix list
IP-prefix list plays a role similar to ACL, but it is more flexible than ACL and easier to understand. When IP-prefix list is applied for routing information filtering, its matching object is the destination address information field of routing information.
An IP-prefix list is identified by the IP-prefix list name. Each IP-prefix list can comprise multiple items, and each item, which is identified by an index number, can specify a matching range in network prefix format. The index number indicates the matching sequence in the IP-prefix list.
During matching, a router checks list items identified by index number in the ascending order. If one item matched, the IP-prefix list filtering is passed, without needing to match the next item.
III. Routing policy
A routing policy is used for matching some attributes in given routing information and modifying the attributes of the information if matching conditions are satisfied. A routing policy can utilize the above filters to define its own matching rules.
A routing policy can comprise multiple nodes, which are in logic OR relationship. Each node is a matching unit, and the system checks nodes in the order of node sequence number. Once the matching test of a node is passed, the route-policy is passed without needing to match other nodes.
Each node comprises a set of if-match and apply clauses. The if-match clauses define the matching rules. The matching objects are some attributes of routing information. The different if-match clauses on the same node is in logic AND relationship. Only when the matching conditions specified by all the if-match clauses on a node are satisfied, can routing information passes the matching test of the node. The apply clauses specify the actions performed after the node matching test passed, concerning the attribute settings for the routing information.
3.1.3 Routing Policy Application
Routing policy applies in two ways:
l When redistributing routes from other routing protocols, a routing protocol redistributes only routes matching rules defined in a routing policy.
l When receiving or advertising routing information, a routing protocol uses a routing policy to filter routing information.
3.2 Defining Filtering Lists
3.2.1 Prerequisites
Before configuring this task, prepare the following data:
l IP-prefix list name
l Matching address range
3.2.2 Defining an IPv6 prefix List
Identified by name, each IPv6 prefix list can comprise multiple items. Each item specifies a matching address range in the form of network prefix, which is identified by index number.
During matching, the system checks list items identified by index number in the ascending order. If one item is matched, IP-prefix list filtering is passed, without needing to match other items.
To define an IPv6 prefix list, use the following commands:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
— |
Define an IPv6 prefix list |
ip ipv6-prefix ipv6-prefix-name [ index index-number ] { deny | permit } ipv6-address prefix-length [ greater-equal min-prefix-length ] [ less-equal max-prefix-length ] |
Required Not defined by default |
& Note:
If all items are set to the deny mode, no route can pass the IPv6 prefix list. It is recommended to define the permit :: 0 less-equal 128 item following multiple deny mode items to allow other IPv6 routing information to pass.
For example, the following configuration filters routes 2000:1::/48, 2000:2::/48 and 2000:3::/48, but allows other routes to pass.
<Sysname> system-view
[Sysname] ip ipv6-prefix abc index 10 deny 2000:1:: 48
[Sysname] ip ipv6-prefix abc index 20 deny 2000:2:: 48
[Sysname] ip ipv6-prefix abc index 30 deny 2000:3:: 48
[Sysname] ip ipv6-prefix abc index 40 permit :: 0 less-equal 128
3.3 Configuring a Routing Policy
A routing policy is used to filter routing information according to some attributes, and modify some attributes of the routing information that matches the routing policy. Matching rules can be configured using filters above mentioned.
A routing policy can comprise multiple nodes, each node contains:
l if-match clauses: define the matching rules routing information must satisfy. The matching objects are some attributes of routing information.
l apply clauses: specifies the actions performed after specified matching rules satisfied, concerning attribute settings for passed routing information.
3.3.1 Prerequisites
Before configuring this task, you have completed:
l Filtering list configuration
l Routing protocol configuration
You also need to decide on:
l Name of routing policy, node sequence numbers
l Matching rules
l Attributes to be modified
3.3.2 Creating a Routing Policy
To create a routing policy, use the following commands:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
— |
Create a routing policy and enter its view |
route-policy route-policy-name { permit | deny } node node-number |
Required Not created by default |
& Note:
l If a node is specified as permit, routing information meeting the node’s conditions will be handled using the apply clauses of this node, without needing to match the next node. If routing information does not meet the node’s conditions, it will go to the next node for matching.
l If a node is specified as deny, the apply clauses of the node will not be executed. When routing information meets all if-match clauses, it cannot pass the node, nor can it go to the next node. If route information cannot meet any if-match clause of the node, it will go to the next node for matching.
l When a routing policy is defined with more than one node, at least one node should be configured using the permit keyword. If the routing policy is used to filter routing information, routing information that does not meet any node’s conditions cannot pass the routing policy. If all nodes of the routing policy are set using the deny keyword, no routing information can pass it.
3.3.3 Defining if-match Clauses for the Routing Policy
To define if-match clauses for a route-policy, use the following command:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
— |
Enter routing policy view |
route-policy route-policy-name { permit | deny } node node-number |
Required Not created by default |
Set conditions to match IPv6 routing information |
if-match ipv6 { address | next-hop | route-source } { acl acl6-number | prefix-list ipv6-prefix-name } |
Optional Not configured by default |
Match route cost of routing information |
if-match cost value |
Optional Not configured by default |
Match outbound interface of routing information |
if-match interface { interface-type interface-number }&<1-16> |
Optional Not configured by default |
Match the tag of routing information |
if-match tag value |
Optional Not configured by default |
& Note:
l The if-match clauses of a route-policy are in logic AND relationship, namely, routing information has to satisfy all if-match clauses before executed with apply clauses.
l You can specify no or multiple if-match clauses for a routing policy. If no if-match clause is specified, and the routing policy is in permit mode, all routing information can pass the node, or in deny mode, no routing information can pass.
3.3.4 Defining apply Clauses for the Routing Policy
To define apply clauses for a route-policy, use the following command:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
— |
Create a routing policy and enter its view |
route-policy route-policy-name { permit | deny } node node-number |
Required Not created by default |
Set the cost of routing information |
apply cost [ + | - ] value |
Optional Not set by default |
Set the next hop for IPv6 routing information |
apply ipv6 next-hop ipv6-address |
Optional Not set by default The next hop set using the apply ip-address next-hop command does not take effect for route redistribution. |
Set routing protocol preference |
apply preference preference |
Optional Not set by default |
Set the tag field of routing information |
apply tag value |
Optional Not set by default |
& Note:
The apply ipv6 next-hop commands do not apply to redistributed IPv6 routes respectively.
3.4 Displaying and Maintaining the Routing Policy
To do… |
Use the command… |
Remarks |
Display IPv6 prefix list statistics |
display ip ipv6-prefix [ ipv6-prefix-name ] |
Available in any view |
Display routing policy information |
display route-policy [ route-policy-name ] |
|
Clear IPv6 prefix statistics |
reset ip ipv6-prefix [ ipv6-prefix-name ] |
Available in user view |
3.5 Routing Policy Configuration Example
3.5.1 Applying Routing Policy When Redistributing IPv6 Routes
I. Network requirements
l Enable RIPng and configure three static routes on Switch A.
l Apply a routing policy when redistributing static routes, making routes in 20::/32 and 40::/32 pass, routes in 30::/32 filtered.
l Display RIPng routing table information on Switch B to verify the configuration.
II. Network diagram
Figure 3-1 Network diagram for routing policy application to route redistribution
III. Configuration procedure
1) Configure Switch A
# Configure IPv6 addresses for Vlan-interface 100 and Vlan-interface 200.
<SwitchA> system-view
[SwitchA] ipv6
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] ipv6 address 10::1 32
[SwitchA] interface vlan-interface 200
[SwitchA-Vlan-interface200] ipv6 address 11::1 32
[SwitchA-Vlan-interface200] quit
# Enable RIPng on Vlan-interface 100.
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] ripng 1 enable
[SwitchA-Vlan-interface100] quit
# Configure three static routes.
[SwitchA] ipv6 route-static 20:: 32 11::2
[SwitchA] ipv6 route-static 30:: 32 11::2
[SwitchA] ipv6 route-static 40:: 32 11::2
# Configure routing policy.
[SwitchA] ip ipv6-prefix a index 10 permit 30:: 32
[SwitchA] route-policy static2ripng deny node 0
[SwitchA-route-policy] if-match ipv6 address prefix-list a
[SwitchA-route-policy] quit
[SwitchA] route-policy static2ripng permit node 10
[SwitchA-route-policy] quit
# Enable RIPng and redistribute static routes.
[SwitchA] ripng
[SwitchA-ripng-1] import-route static route-policy static2ripng
2) Configure Switch B.
# Configure the IPv6 address for Vlan-interface 100.
[SwitchB] ipv6
[SwitchB] interface vlan-interface 100
[SwitchB-Vlan-interface100] ipv6 address 10::2 32
# Enable RIPng on Vlan-interface 100.
[SwitchB-Vlan-interface100] ripng 1 enable
[SwitchB-Vlan-interface100] quit
# Enable RIPng.
[SwitchB] ripng
# Display RIPng routing table information.
[SwitchB-ripng-1] display ripng 1 route
Route Flags: A - Aging, S - Suppressed, G - Garbage-collect
----------------------------------------------------------------
Peer FE80::7D58:0:CA03:1 on Vlan-interface 100
Dest 10::/32,
via FE80::7D58:0:CA03:1, cost 1, tag 0, A, 18 Sec
Dest 20::/32,
via FE80::7D58:0:CA03:1, cost 1, tag 0, A, 8 Sec
Dest 40::/32,
via FE80::7D58:0:CA03:1, cost 1, tag 0, A, 3 Sec
3.6 Troubleshooting Routing Policy Configuration
3.6.1 IPv6 Routing Information Filtering Failed
I. Symptom
Filtering routing information failed, while routing protocol runs normally.
II. Analysis
At least one item of the IPv6 prefix list should be configured as permit mode, and at least one node of the Route-policy should be configured as permit mode.
III. Processing procedure
1) Use the display ip ipv6-prefix command to display IP prefix list.
2) Use the display route-policy command to display route policy information.