Login
- Table of Contents
-
- H3C S3610[5510] Series Ethernet Switches Operation Manual-Release 0001-(V1.02)
- 00-1Cover
- 00-2Product Overview
- 01-Login Operation
- 02-VLAN Operation
- 03-IP Address and Performance Operation
- 04-QinQ-BPDU Tunnel Operation
- 05-Port Correlation Configuration Operation
- 06-MAC Address Table Management Operation
- 07-MAC-IP-Port Binding Operation
- 08-MSTP Operation
- 09-Routing Overview Operation
- 10-IPv4 Routing Operation
- 11-IPv6 Routing Operation
- 12-IPv6 Configuration Operation
- 13-Multicast Protocol Operation
- 14-802.1x-HABP-MAC Authentication Operation
- 15-AAA-RADIUS-HWTACACS Operation
- 16-ARP Operation
- 17-DHCP Operation
- 18-ACL Operation
- 19-QoS Operation
- 20-Port Mirroring Operation
- 21-Cluster Management Operation
- 22-UDP Helper Operation
- 23-SNMP-RMON Operation
- 24-NTP Operation
- 25-DNS Operation
- 26-File System Management Operation
- 27-Information Center Operation
- 28-System Maintenance and Debugging Operation
- 29-NQA Operation
- 30-VRRP Operation
- 31-SSH Operation
- 32-Appendix
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 03-IP Address and Performance Operation | 531 KB |
Chapter 1 IP Address Configuration
1.2.1 Assigning an IP Address to an Interface
1.2.2 IP Address Configuration Example
1.3 Displaying and Maintaining IP Address Configuration
Chapter 2 IP Performance Configuration
2.1 Introduction to IP performance
2.2 Permitting Receiving of Directed Broadcast Packets
2.3 Configuring TCP attributes
2.4 Configuring TCP MSS for the Interface
2.5 Configuring sending ICMP error packets
2.6 Displaying and maintaining IP performance
Chapter 1 IP Address Configuration
1.1 IP Address Overview
1.1.1 IP Address Classes
Each device interface connected to the Internet must be assigned a globally unique IP address. IP addresses are 32-bit in length, generally expressed in dotted decimal notation. That is, an IP address can be expressed as four decimal integers separated by dots, with each integer corresponding to one byte. 10.1.1.1 is an example.
Each IP address breaks down into two parts:
l net-id, the first several bits of the IP address defining a network, also known as class bits.
l host-id, identifies a host on a network.
For administration sake, IP addresses are divided into five classes. Which class an IP address belongs to depends on the first one to four bits of the net-id, as shown in Figure 1-1.
Table 1-1 describes the address ranges of these five classes. Currently, the first three classes of IP addresses are used in large quantities.
Table 1-1 IP address classes and rangs
|
Class |
Address range |
Description |
|
A |
0.0.0.0 to 127.255.255.255 |
Address 0.0.0.0 means this host no this network. This address is used by a host at bootstrap when it does not know its IP address. This address is never a valid destination address. Addresses starting with 127 are reserved for loopback test. Packets destined to these addresses are processed locally as input packets rather than sent to the line. |
|
B |
128.0.0.0 to 191.255.255.255 |
–– |
|
C |
192.0.0.0 to 223.255.255.255 |
–– |
|
D |
224.0.0.0 to 239.255.255.255 |
Multicast address. |
|
E |
240.0.0.0 to 255.255.255.255 |
Reserved for future use except for the broadcast address 255.255.255.255. |
1.1.2 Subnetting and Masking
As the Internet develops rapidly, available IP addresses are being exhausted. To make full use of available IP addresses, a network can be divided into smaller ones (known as subnets) with subnet masks. A network can be divided into subnets by using some bits of the host-id to create a subnet-id. The length of subnet-id is determined by subnet mask.
A subnet mask is 32-bit in length and comprises a series of consecutive ones and a series of consecutive zeros. In a subnet mask, the part containing consecutive ones identifies the combination of net-id and subnet-id, whereas the part containing consecutive zeros identifies the host-id.
A subnet is significant only within a network. From the perspective of an external network, the network has only one net-id. A gateway performs route selection based on subnet-id and finds the destination host only after incoming packets are received by the network.
Figure 1-2 shows how a Class B address is subnetted.
Figure 1-2 Subnetting a Class B address
Note that subnetting is somewhat a tradeoff between subnets and accommodated hosts. For example, a Class B network can accommodate 65,534 (216 – 2. Of the two deducted Class B addresses, one with an all-ones host-id is the broadcast address and the other with an all-zeros host-id is the network address) hosts before being subnetted. After you break it down into 64 (26) subnets by using the first 6 bits of the host-id for the subnet, you have only 10 bits for the host-id and thus have only 1022 (210 – 2) hosts in each subnet. The maximum number of hosts is thus 65,408 (64 × 1022), 126 less after the network is subnetted.
Class A, B, and C networks, before being subnetted, use these default masks (also called natural masks): 255.0.0.0, 255.255.0.0, and 255.255.255.0 respectively.
1.2 Configuring IP Addresses
An interface can obtain an IP address using the following methods:
l Manually configured by using the IP address configuration command
l Allocated by the BOOTP server
l Allocated by the DHCP server
The three methods are mutually exclusive and the use of a new method will result in the IP address obtained by the old method being released. For example, if you obtain an IP address by using the IP address configuration command, and then use the ip address bootp-alloc command to apply for an IP address, the originally configured IP address is deleted and a new IP address will be allocated by BOOTP for the interface.
& Note:
This chapter only introduces how to configure an IP address manually. For the other two methods of obtaining IP addresses, refer to the "DHCP" module.
1.2.1 Assigning an IP Address to an Interface
Follow these steps to assign an IP address to an interface:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
–– |
|
Enter interface view |
interface interface-type interface-number |
–– |
|
Assign an IP address to the Interface |
ip address ip-address { mask | mask-length } [ sub ] |
Required No IP address is assigned by default. |
Caution:
l One interface can be configured with only one primary IP address. The primary IP address you assigned to the interface can overwrite the old one if there is any.
l You cannot assign secondary IP addresses to an interface using BOOTP or DHCP.
l The primary and secondary IP addresses you assign to the interface can be located on the same network segment.
l You can configure IP addresses for VLAN interface, Tunnel interface and Loopback interface on S3610&S5510 Series Ethernet Switches.
1.2.2 IP Address Configuration Example
I. Network requirements
As shown in Figure 1-3, Vlan-interface1 (belonging to VLAN 1) on the switch is connected to a LAN comprising two segments: 172.16.1.0/24 and 172.16.2.0/24. The hosts in external network can communicate with the two network segments through the switch and the hosts between the two segments can communicate with each other.
II. Network diagram
Figure 1-3 Network diagram for IP address configuration
III. Configuration procedure
If only one IP address is configured on Vlan-interface1 of the switch, only part of the hosts can be accessed from external network through the switch. To enable the access to all the hosts in the network through the switch, a secondary IP address needs to be configured for Vlan-interface1. To allow the hosts on the two segments to communicate with each other, the switch needs to be set as the gateway on all the hosts on the two segments.
# Assign a primary IP address and a secondary IP address to VLAN interface 1.
<Sysname> system-view
[Sysname] interface Vlan-interface 1
[Sysname-Vlan-interface1] ip address 172.16.1.1 255.255.255.0
[Sysname-Vlan-interface1] ip address 172.16.2.1 255.255.255.0 sub
# Set the gateway to 172.16.1.1 on the PCs attached to 172.16.1.0/24, and to 172.16.2.1 on the PCs attached to 172.16.2.0/24.
# Ping a host on 172.16.1.0/24 from the switch to verify the configuration.
<Sysname> ping 172.16.1.2
PING 172.16.1.2: 56 data bytes, press CTRL_C to break
Reply from 172.16.1.2: bytes=56 Sequence=1 ttl=255 time=25 ms
Reply from 172.16.1.2: bytes=56 Sequence=2 ttl=255 time=27 ms
Reply from 172.16.1.2: bytes=56 Sequence=3 ttl=255 time=26 ms
Reply from 172.16.1.2: bytes=56 Sequence=4 ttl=255 time=26 ms
Reply from 172.16.1.2: bytes=56 Sequence=5 ttl=255 time=26 ms
--- 172.16.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 25/26/27 ms
# Ping a host on 172.16.2.0/24 from the switch to verify the configuration.
<Sysname> ping 172.16.2.2
PING 172.16.2.2: 56 data bytes, press CTRL_C to break
Reply from 172.16.2.2: bytes=56 Sequence=1 ttl=255 time=25 ms
Reply from 172.16.2.2: bytes=56 Sequence=2 ttl=255 time=26 ms
Reply from 172.16.2.2: bytes=56 Sequence=3 ttl=255 time=26 ms
Reply from 172.16.2.2: bytes=56 Sequence=4 ttl=255 time=26 ms
Reply from 172.16.2.2: bytes=56 Sequence=5 ttl=255 time=26 ms
--- 172.16.2.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 25/25/26 ms
# Verify that the hosts on 172.16.1.0 and 172.16.2.0 can ping each other.
1.3 Displaying and Maintaining IP Address Configuration
After the above-mentioned configuration, you can use the display command in any view to display IP address configuration, so as to verify configuration result.
Follow these steps to display and maintain IP address configuration:
|
To do… |
Use the command… |
Remarks |
|
Display information about a specified or all L3 interfaces |
display ip interface [ interface-type interface-number ] |
Available in any view |
|
Display brief information about a specified or all Layer 3 interfaces |
display ip interface brief [ interface-type interface-number ] |
Chapter 2 IP Performance Configuration
2.1 Introduction to IP performance
In some network environments, you need to adjust the parameters for the best IP performance. IP performance configuration includes:
l Permitting Receiving of Directed Broadcast Packets
l TCP timer
l Size of TCP receiving/sending buffer
l TCP MSS Configuration of the Interface
2.2 Permitting Receiving of Directed Broadcast Packets
Directed broadcasts packets refer to broadcast packets within the network where the local interface resides. As specified in RFC 2644, the device can receive directed broadcast packets by default. However, hackers can use such packets to attack the network system, thus bringing forth great potential dangers to the network.
S3610&S5510 series Ethernet switches do not receive directed broadcast packets by default. You can configure to permit S3610&S5510 series Ethernet switches to receive directed broadcast packets.
Follow these steps to permit the receiving of directed broadcast packets:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable the switch to receive directed broadcast packets |
ip forward-broadcast |
Required By default, an interface is not allowed to receive directed broadcasts |
2.3 Configuring TCP attributes
TCP attributes that can be configured include:
l synwait timer: Before sending a SYN packet, TCP starts the synwait timer. If no response packets are received before synwait timeout, TCP connection is not successfully created.
l finwait timer: When the TCP connection is in FIN_WAIT_2 state, finwait timer will be started. If no FIN packets are received before the timer timeouts, the TCP connection will be terminated. If FIN packets are received, the TCP connection state changes to TIME_WAIT, and it recounts time from receiving the last non-FIN packet until the connection is broken after the timer timeouts.
l Size of TCP receiving/sending buffer
Follow these steps to configure TCP attributes:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
- |
|
Configure TCP synwait timer’s timeout value |
tcp timer syn-timeout time-value |
Optional By default, the timeout value is 75 seconds. |
|
Configure TCP finwait timer’s timeout value |
tcp timer fin-timeout time-value |
Optional By default, the timeout value is 675 seconds. |
|
Configure the size of TCP receiving/sending buffer |
tcp window window-size |
Optional By default, the buffer is 8k bytes. |
2.4 Configuring TCP MSS for the Interface
An interface’s TCP MSS determines whether the TCP packets of the interface need to be fragmented. If the size of a packet is smaller than the TCP MSS, the packet is not fragmented; otherwise, it will be fragmented according to the TCP MSS.
Follow these steps to configure TCP MSS of the interface:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter interface view |
interface interface-type interface-number |
— |
|
Configure TCP MSS of the interface |
tcp mss value |
Required TCP MSS is 1460 bytes by default. |
& Note:
Currently S3610&S5510 series Ethernet switches only support the configuration of the maximum segment size of TCP packets for a Tunnel interface.
2.5 Configuring sending ICMP error packets
Sending error packets is a major function of ICMP protocol. ICMP packets are typically sent by protocols on the network or transfer layer to notify corresponding devices so as to facilitate control and management.
I. Advantage of sending ICMP error packets
There are three kinds of ICMP error packets: redirection packets, timeout packets and destination unreachable packets. Their sending conditions and functions are as follows.
1) Sending ICMP redirect packets
It may have only one default route to the default gateway in the routing table when the host starts. The default gateway will send ICMP redirect packets to the source host and notify it to reselect a correct router for the next hop in order to send the following packets, if the following conditions are satisfied:
l The device finds that the receiving and sending interfaces are the same while forwarding data packets.
l The selected router has not been created or modified by ICMP redirect packets.
l The selected router is not the default router of the host.
l The source IP address of the data packets and the next hop’s IP address in the selected router belong to the same network section.
You can use ICMP redirect packets to simplify host administration and find out the best routing by establishing a sound routing table for hosts with little routing information.
2) Sending ICMP timeout packets
Sending ICMP timeout packet will enable the device to drop the data packet and send an ICMP error packet to the source when there is a timeout error after a device received an IP data packet.
The device will send an ICMP timeout packet under the following conditions:
l If a device finds the destination of the packet is not local after receiving a data packet whose TTL field is 1, it will send a “TTL timeout” ICMP error message.
l When the device receives the first fragment IP packets whose destination address is local, it will start the timer. If the timer timeouts before receiving all the fragments, the device will send a “reassembly timeout” ICMP error packets.
3) Sending ICMP destination unreachable packets
Sending ICMP destination unreachable packet means when there happens a destination timeout error after a device received an IP data packet, the device will drop the data packet and send an ICMP error packet to the source.
The device will send an ICMP destination unreachable packet under the following conditions:
l When forwarding a packet, if the device finds no corresponding forward route and default route in the routing table, it will send a “network unreachable” ICMP error packets.,
l When receiving a data packet whose destination address is local, if the transfer layer protocol is unavailable for the device, then the device sends a “protocol unreachable” ICMP error packets.
l When receiving a data packet with the destination address as local and transfer layer protocol being UDP, if the packet’s port number does not match with the running process, the device will send source a “port unreachable” ICMP error packet.
l When sending packets using “strict source routing", if the intermediate finds that the source point to a device not directly connected to the network, it will send source a “source routing fails” ICMP error packets.
l When forwarding a packet, if the MTU of the forward interface is smaller than the packet but the packet has been set unfragmentable, the device will send source a “fragmenting is required but unavailable” ICMP error packet.
II. Disadvantage of sending ICMP error packets
Although sending ICMP error packets facilitate control and management, it still has the following disadvantage:
l Sending a lot of ICMP packets will increase network traffic.
l If the device receives a lot of malicious packets that sends much ICMP error packets, it will reduce the device's performance.
l As redirecting increases a host’s routing, it will reduce the host’s performance if there is a great increase in the hosting.
l As ICMP destination unreachable packets are unreachable to users' process, if there are malicious attacks, end users may be affected.
In order to prevent such phenomena, you can disable the device sending ICMP error packets to reduce network flows and avoid malicious attacks.
Follow these steps to disable sending ICMP error packets:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
- |
|
Disable sending ICMP redirect packets |
undo ip redirects |
Required Sending a device’s ICMP redirection packet is enabled by default |
|
Disable sending ICMP timeout packets |
undo ip ttl-expires |
Required Sending a device’s ICMP timeout packet is enabled by default. |
|
Disable sending ICMP destination unreachable packets |
undo ip unreachables |
Required Sending a device’s ICMP destination unreachable packet is enabled by default |
& Note:
l The device stops sending “network unreachable” and “source route unsuccessful” ICMP error packets after sending ICMP destination unreachable packets is disabled. But other destination unreachable packets will be sent normally.
l The device stops sending “TTL timeout” ICMP error packets after sending ICMP timeout packets is disabled. But “reassembly timeout” error packets will be sent normally.
2.6 Displaying and maintaining IP performance
After the above-mentioned configuration, you can use the display command in any view to display the IP performance status, so as to verify configuration result.
In user view, you can run the reset command to clear statistics of IP, TCP and UDP flows.
Follow these steps to display and maintain IP performance:
|
To do… |
Use the command… |
Remarks |
|
Display current TCP connection state |
display tcp status |
Available in any view |
|
Display statistics of TCP connection flows |
display tcp statistics |
|
|
Display statistics of UDP flows |
display udp statistics |
|
|
Display statistics of IP packets |
display ip statistics |
|
|
Display statistics of ICMP flows |
display icmp statistics |
|
|
Display current socket information of the system |
display ip socket [ socktype sock-type ] [ task-id socket-id ] |
|
|
Display FIB forward information |
display fib [ | { begin | include | exclude } text | acl acl-number | ip-prefix ip-prefix-name ] |
|
|
Display FIB forward information matching the specified destination IP address |
display fib ip-address1 [ { mask1 | mask-length1 } [ ip-address2 { mask2 | mask-length2 } | longer ] | longer ] |
Available in any view |
|
Display statistics about the FIB items |
display fib statistics |
|
|
Clear statistics of IP packets |
reset ip statistics |
Available in user view |
|
Clear statistics of TCP connection flows |
reset tcp statistics |
|
|
Clear statistics of UDP flows |
reset udp statistics |
