H3C S3100-52P Operation Manual-Release 1602(V1.01)

HomeSupportSwitchesH3C S3100 Switch SeriesConfigure & DeployConfiguration GuidesH3C S3100-52P Operation Manual-Release 1602(V1.01)
36-IPv6 Management Operation
Title Size Download
36-IPv6 Management Operation 310.41 KB

Chapter 1  IPv6 Configuration

When configuring IPv6, go to these sections for information you are interested in:

l           IPv6 Overview

l           IPv6 Configuration Task List

l           IPv6 Configuration Example

 

&  Note:

l      The term “router” in this document refers to a router in a generic sense or an Ethernet switch running a routing protocol.

l      H3C S3100-52P Ethernet Switch supports IPv6 management features, but do not support IPv6 forwarding and related features.

 

1.1  IPv6 Overview

Internet Protocol Version 6 (IPv6), also called IP next generation (IPng), was designed by the Internet Engineering Task Force (IETF) as the successor to Internet Protocol Version 4 (IPv4). The significant difference between IPv6 and IPv4 is that IPv6 increases the IP address size from 32 bits to 128 bits.

1.1.1  IPv6 Features

I. Header format simplification

IPv6 cuts down some IPv4 header fields or moves them to extension headers to reduce the overhead of the basic IPv6 header. IPv6 uses a fixed-length header, thus making IPv6 packet handling simple and improving the forwarding efficiency. Although the IPv6 address size is four times that of IPv4 addresses, the size of the IPv6 header is only twice that of the IPv4 header (excluding the Options field). For the specific IPv6 header format, see Figure 1-1.

Figure 1-1 Comparison between IPv4 header format and IPv6 header format

II. Adequate address space

The source IPv6 address and the destination IPv6 address are both 128 bits (16 bytes) long. IPv6 can provide 3.4 x 1038 addresses to completely meet the requirements of hierarchical address division as well as allocation of public and private addresses.

III. Hierarchical address structure

IPv6 adopts the hierarchical address structure to quicken route search and reduce the system source occupied by the IPv6 routing table by means of route aggregation.

IV. Automatic address configuration

To simplify the host configuration, IPv6 supports stateful address configuration and stateless address configuration.

l           Stateful address configuration means that a host acquires an IPv6 address and related information from the server (for example, DHCP server).

l           Stateless address configuration means that the host automatically configures an IPv6 address and related information based on its own link-layer address and the prefix information issued by the router.

In addition, a host can automatically generate a link-local address based on its own link-layer address and the default prefix (FE80::/64) to communicate with other hosts on the link.

V. Built-in security

IPv6 uses IPSec as its standard extension header to provide end-to-end security. This feature provides a standard for network security solutions and improves the interoperability between different IPv6 applications.

VI. Support for QoS

The Flow Label field in the IPv6 header allows the device to label packets in a flow and provide special handling for these packets.

VII. Enhanced neighbor discovery mechanism

The IPv6 neighbor discovery protocol is implemented by a group of Internet Control Message Protocol Version 6 (ICMPv6) messages. The IPv6 neighbor discovery protocol manages message exchange between neighbor nodes (nodes on the same link). The group of ICMPv6 messages takes the place of Address Resolution Protocol (ARP), Internet Control Message Protocol Version 4 (ICMPv4), and ICMPv4 redirect messages to provide a series of other functions.

VIII. Flexible extension headers

IPv6 cancels the Options field in IPv4 packets but introduces multiple extension headers. In this way, IPv6 enhances the flexibility greatly to provide scalability for IP while improving the processing efficiency. The Options field in IPv4 packets contains only 40 bytes, while the size of IPv6 extension headers is restricted by that of IPv6 packets.

1.1.2  Introduction to IPv6 Address

I. IPv6 addresses

An IPv6 address is represented as a series of 16-bit hexadecimals, separated by colons. An IPv6 address is divided into eight groups, 16 bits of each group are represented by four hexadecimal numbers which are separated by colons, for example, 2001:0000:130F:0000:0000:09C0:876A:130B.

To simplify the representation of IPv6 addresses, zeros in IPv6 addresses can be handled as follows:

l           Leading zeros in each group can be removed. For example, the above-mentioned address can be represented in shorter format as 2001:0:130F:0:0:9C0:876A:130B.

l           If an IPv6 address contains two or more consecutive groups of zeros, they can be replaced by the double-colon :: option. For example, the above-mentioned address can be represented in the shortest format as 2001:0:130F::9C0:876A:130B.

 

  Caution:

The double-colon :: can be used only once in an IPv6 address. Otherwise, the device is unable to determine how many zeros the double-colon represents when converting it to zeros to restore the IPv6 address to a 128-bit address.

 

An IPv6 address consists of two parts: address prefix and interface ID. The address prefix and the interface ID are respectively equivalent to the network ID and the host ID in an IPv4 address.

An IPv6 address prefix is written in IPv6-address/prefix-length notation, where IPv6-address is an IPv6 address in any of the notations and prefix-length is a decimal number indicating how many bits from the left of an IPv6 address are the address prefix.

II. IPv6 address classification

IPv6 addresses mainly fall into three types: unicast address, multicast address and anycast address.

l           Unicast address: An identifier for a single interface, similar to an IPv4 unicast address .A packet sent to a unicast address is delivered to the interface identified by that address.

l           Multicast address: An identifier for a set of interfaces (typically belonging to different nodes), similar to an IPv4 multicast address. A packet sent to a multicast address is delivered to all interfaces identified by that address.

l           Anycast address: An identifier for a set of interfaces (typically belonging to different nodes).A packet sent to an anycast address is delivered to one of the interfaces identified by that address (the nearest one, according to the routing protocols’ measure of distance).

 

&  Note:

There are no broadcast addresses in IPv6. Their function is superseded by multicast addresses.

 

The type of an IPv6 address is designated by the format prefix. Table 1-1 lists the mapping between major address types and format prefixes.

Table 1-1 Mapping between address types and format prefixes

Type

Format prefix (binary)

IPv6 prefix ID

Unicast address

Unassigned address

00...0  (128 bits)

::/128

Loopback address

00...1  (128 bits)

::1/128

Link-local address

1111111010

FE80::/10

Site-local address

1111111011

FEC0::/10

Global unicast address

other forms

Multicast address

11111111

FF00::/8

Anycast address

Anycast addresses are taken from unicast address space and are not syntactically distinguishable from unicast addresses.

 

III. Unicast address

There are several forms of unicast address assignment in IPv6, including global unicast address, link-local address, and site-local address.

l           The global unicast address, equivalent to an IPv4 public address, is used for aggregatable links and provided for network service providers. This type of address allows efficient routing aggregation to restrict the number of global routing entries.

l           The link-local address is used in the neighbor discovery protocol and the stateless autoconfiguration process. Routers must not forward any packets with link-local source or destination addresses to other links.

l           IPv6 unicast site-local addresses are similar to private IPv4 addresses. Routers must not forward any packets with site-local source or destination addresses outside of the site (equivalent to a private network).

l           Loopback address: The unicast address 0:0:0:0:0:0:0:1 (represented in shorter format as ::1) is called the loopback address and may never be assigned to any physical interface. Like the loopback address in IPv4, it may be used by a node to send an IPv6 packet to itself.

l           Unassigned address: The unicast address :: is called the unassigned address and may not be assigned to any node. Before acquiring a valid IPv6 address, a node may fill this address in the source address field of an IPv6 packet, but may not use it as a destination IPv6 address.

IV. Multicast address

Multicast addresses listed in Table 1-2 are reserved for special purpose.

Table 1-2 Reserved IPv6 multicast addresses

Address

Application

FF01::1

Node-local scope all-nodes multicast address

FF02::1

Link-local scope all-nodes multicast address

FF01::2

Node-local scope all-routers multicast address

FF02::2

Link-local scope all-routers multicast address

FF05::2

Site-local scope all-routers multicast address

 

Besides, there is another type of multicast address: solicited-node address. The solicited-node multicast address is used to acquire the link-layer addresses of neighbor nodes on the same link and is also used for duplicate address detection. Each IPv6 unicast or anycast address has one corresponding solicited-node address. The format of a solicited-node multicast address is as follows:

FF02:0:0:0:0:1:FFXX:XXXX

Where, FF02:0:0:0:0:1:FF is permanent and consists of 104 bits, and XX:XXXX is the last 24 bits of an IPv6 address.

V. Interface identifier in IEEE EUI-64 format

Interface identifiers in IPv6 unicast addresses are used to identify interfaces on a link and they are required to be unique on that link. Interface identifiers in IPv6 unicast addresses are currently required to be 64 bits long. An interface identifier is derived from the link-layer address of that interface. Interface identifiers in IPv6 addresses are 64 bits long, while MAC addresses are 48 bits long. Therefore, the hexadecimal number FFFE needs to be inserted in the middle of MAC addresses (behind the 24 high-order bits).To ensure the interface identifier obtained from a MAC address is unique, it is necessary to set the universal/local (U/L) bit (the seventh high-order bit) to “1”. Thus, an interface identifier in EUI-64 format is obtained.

Figure 1-2 Convert a MAC address into an EUI-64 address

1.1.3  Introduction to IPv6 Neighbor Discovery Protocol

The IPv6 Neighbor Discovery Protocol (NDP) uses five types of ICMPv6 messages to implement the following functions:

l           Address resolution

l           Neighbor unreachability detection

l           Duplicate address detection

l           Router/prefix discovery

l           Address autoconfiguration

l           Redirection

Table 1-3 lists the types and functions of ICMPv6 messages used by the NDP.

Table 1-3 Types and functions of ICMPv6 messages

ICMPv6 message

Function

Neighbor solicitation (NS) message

Used to acquire the link-layer address of a neighbor

Used to verify whether the neighbor is reachable

Used to perform a duplicate address detection

Neighbor advertisement (NA) message

Used to respond to a neighbor solicitation message

When the link layer address changes, the local node initiates a neighbor advertisement message to notify neighbor nodes of the change.

Router solicitation (RS) message

After started, a host sends a router solicitation message to request the router for an address prefix and other configuration information for the purpose of autoconfiguration.

Router advertisement (RA) message

Used to respond to a router solicitation message

With the RA message suppression disabled, the router regularly sends a router advertisement message containing information such as address prefix and flag bits.

Redirect message

When a certain condition is satisfied, the default gateway sends a redirect message to the source host so that the host can reselect a correct next hop router to forward packets.

 

&  Note:

l      H3C S3100-52P Ethernet Switch does not support the RS, RA, or Redirect message.

l      Of the above mentioned IPv6 NDP functions, H3C S3100-52P Ethernet Switch supports the following three functions: address resolution, neighbor unreachability detection, and duplicate address detection. The subsequent sections present a detailed description of these three functions and relevant configuration.

 

The NDP mainly provides the following functions:

I. Address resolution

Similar to the ARP function in IPv4, a node acquires the link-layer address of neighbor nodes on the same link through NS and NA messages. Figure 1-3 shows how node A acquires the link-layer address of node B.

Figure 1-3 Address resolution

The address resolution procedure is as follows:

1)         Node A multicasts an NS message. The source address of the NS message is the IPv6 address of the interface of node A and the destination address is the solicited-node multicast address of node B. The NS message contains the link-layer address of node A.

2)         After receiving the NS message, node B judges whether the destination address of the packet is the corresponding solicited-node multicast address of its own IPv6 address. If yes, node B learns the link-layer address of node A and returns an NA message containing the link-layer address of node B in the unicast mode.

3)         Node A acquires the link-layer address of node B from the NA message. After that, node A and node B can communicate with each other.

II. Neighbor unreachability detection

After node A acquires the link-layer address of its neighbor node B, node A can verify whether node B is reachable according to NS and NA messages.

1)         Node A sends an NS message whose destination address is the IPv6 address of node B.

2)         If node A receives an NA message from node B, node A considers that node B is reachable. Otherwise, node B is unreachable.

III. Duplicate address detection

After a node acquires an IPv6 address, it should perform the duplicate address detection to determine whether the address is being used by other nodes (similar to the gratuitous ARP function). The duplication address detection is accomplished through NS and NA messages. Figure 1-4 shows the duplicate address detection procedure.

Figure 1-4 Duplicate address detection

The duplicate address detection procedure is as follows:

1)         Node A sends an NS message whose source address is the unassigned address :: and the destination address is the corresponding solicited-node multicast address of the IPv6 address to be detected. The NS message also contains the IPv6 address.

2)         If node B uses this IPv6 address, node B returns an NA message. The NA message contains the IPv6 address of node B.

3)         Node A learns that the IPv6 address is being used by node B after receiving the NA message from node B. Otherwise, node B is not using the IPv6 address and node A can use it.

1.1.4  Introduction to IPv6 DNS

In the IPv6 network, a Domain Name System (DNS) supporting IPv6 converts domain names into IPv6 addresses. Different from an IPv4 DNS, an IPv6 DNS converts domain names into IPv6 addresses, instead of IPv4 addresses.

However, just like an IPv4 DNS, an IPv6 DNS also covers static domain name resolution and dynamic domain name resolution. The function and implementation of these two types of domain name resolution are the same as those of an IPv4 DNS. For details, refer to DNS Operation in this manual.

Usually, the DNS server connecting IPv4 and IPv6 networks contain not only A records (IPv4 addresses) but also AAAA records (IPv6 addresses). The DNS server can convert domain names into IPv4 addresses or IPv6 addresses. In this way, the DNS server has the functions of both IPv6 DNS and IPv4 DNS.

1.1.5  Protocols and Standards

Protocol specifications related to IPv6 include:

l           RFC 1881: IPv6 Address Allocation Management

l           RFC 1887: An Architecture for IPv6 Unicast Address Allocation

l           RFC 1981: Path MTU Discovery for IP version 6

l           RFC 2375: IPv6 Multicast Address Assignments

l           RFC 2460: Internet Protocol, Version 6 (IPv6) Specification.

l           RFC 2461: Neighbor Discovery for IP Version 6 (IPv6)

l           RFC 2462: IPv6 Stateless Address Autoconfiguration

l           RFC 2463: Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification

l           RFC 2464: Transmission of IPv6 Packets over Ethernet Networks

l           RFC 2526: Reserved IPv6 Subnet Anycast Addresses

l           RFC 3307: Allocation Guidelines for IPv6 Multicast Addresses

l           RFC 3513: Internet Protocol Version 6 (IPv6) Addressing Architecture

l           RFC 3596: DNS Extensions to Support IP Version 6

1.2  IPv6 Configuration Task List

Complete the following tasks to configure IPv6:

Task

Remarks

Configuring an IPv6 Unicast Address

Required

Configuring IPv6 NDP

Optional

Configuring a Static IPv6 Route

Optional

Configuring IPv6 TCP Properties

Optional

Configuring the Maximum Number of IPv6 ICMP Error Packets Sent within a Specified Time

Optional

Configuring the Hop Limit of ICMPv6 Reply Packets

Optional

Configuring IPv6 DNS

Optional

Displaying and Maintaining IPv6

Optional

 

1.2.1  Configuring an IPv6 Unicast Address

l           An IPv6 address is required for a host to access an IPv6 network. A host can be assigned a global unicast address, a site-local address, or a link-local address.

l           To enable a host to access a public IPv6 network, you need to assign an IPv6 global unicast address to it.

IPv6 site-local addresses and global unicast addresses can be configured in either of the following ways:

l           EUI-64 format: When the EUI-64 format is adopted to form IPv6 addresses, the IPv6 address prefix of an interface is the configured prefix and the interface identifier is derived from the link-layer address of the interface.

l           Manual configuration: IPv6 site-local addresses or global unicast addresses are configured manually.

IPv6 link-local addresses can be acquired in either of the following ways:

l           Automatic generation: The device automatically generates a link-local address for an interface according to the link-local address prefix (FE80::/64) and the link-layer address of the interface.

l           Manual assignment: IPv6 link-local addresses can be assigned manually.

Follow these steps to configure an IPv6 unicast address:

To do...

Use the command...

Remarks

Enter system view

system-view

Enter VLAN interface view

interface interface-type interface-number

Configure an IPv6 global unicast address or site-local address

Manually assign an IPv6 address

ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }

Use either command

By default, no site-local address or global unicast address is configured for an interface.

Note that the prefix specified by the prefix-length argument in an EUI-64 address cannot exceed 64 bits in length.

Adopt the EUI-64 format to form an IPv6 address

ipv6 address ipv6-address/prefix-length eui-64

Configure an IPv6 link-local address

Automatically generate a link-local address

ipv6 address auto link-local

Optional

By default, after an IPv6 site-local address or global unicast address is configured for an interface, a link-local address will be generated automatically.

Manually assign a link-local address for an interface.

ipv6 address ipv6-address link-local

 

&  Note:

l      IPv6 unicast addresses can be configured for only one VLAN interface on an H3C S3100-52P Ethernet switch. The total number of global unicast addresses and site-local addresses on the VLAN interface can be up to four.

l      After an IPv6 site-local address or global unicast address is configured for an interface, a link-local address will be generated automatically. The automatically generated link-local address is the same as the one generated by using the ipv6 address auto link-local command.

l      The manual assignment takes precedence over the automatic generation. That is, if you first adopt the automatic generation and then the manual assignment, the manually assigned link-local address will overwrite the automatically generated one. If you first adopt the manual assignment and then the automatic generation, the automatically generated link-local address will not take effect and the link-local address of an interface is still the manually assigned one. If the manually assigned link-local address is deleted, the automatically generated link-local address takes effect.

l      You must have carried out the ipv6 address auto link-local command before you carry out the undo ipv6 address auto link-local command. However, if an IPv6 site-local address or global unicast address is already configured for an interface, the interface still has a link-local address because the system automatically generates one for the interface. If no IPv6 site-local address or global unicast address is configured, the interface has no link-local address.

 

1.2.2  Configuring IPv6 NDP

I. Configuring a static neighbor entry

The IPv6 address of a neighbor node can be resolved into a link-layer address dynamically through NS and NA messages or statically through manual configuration.

You can configure a static neighbor entry in two ways:

l           Mapping a VLAN interface to an IPv6 address and a link-layer address

l           Mapping a port in a VLAN to an IPv6 address and a link-layer address

If you configure a static neighbor entry in the second way, make sure the corresponding VLAN interface exists. In this case, the device associates the VLAN interface to the IPv6 address to uniquely identify a static neighbor entry.

Follow these steps to configure a static neighbor entry:

To do...

Use the command...

Remarks

Enter system view

system-view

Configure a static neighbor entry

ipv6 neighbor ipv6-address mac-address { vlan-id port-type port-number | interface interface-type interface-number }

Required

 

II. Configuring the maximum number of neighbors dynamically learned

The device can dynamically acquire the link-layer address of a neighbor node through NS and NA messages and add it to the neighbor table. Too large a neighbor table may lead to the forwarding performance degradation of the device. Therefore, you can restrict the size of the neighbor table by setting the maximum number of neighbors that an interface can dynamically learn. When the number of dynamically learned neighbors reaches the threshold, the interface will stop learning neighbor information.

Follow these steps to configure the maximum number of neighbors dynamically learned:

To do…

Use the command…

Remarks

Enter system view

system-view

Enter VLAN interface view

interface interface-type interface-number

Configure the maximum number of neighbors dynamically learned by an interface

ipv6 neighbors max-learning-num number

Optional

The default value is 2,048

 

III. Configuring the attempts to send an ns message for duplicate address detection

The device sends a neighbor solicitation (NS) message for duplicate address detection. If the device does not receive a response within a specified time (set by the ipv6 nd ns retrans-timer command), the device continues to send an NS message. If the device still does not receive a response after the number of attempts to send an NS message reaches the maximum, the device judges the acquired address is available.

Follow these steps to configure the attempts to send an NS message for duplicate address detection:

To do…

Use the command…

Remarks

Enter system view

system-view

Enter VLAN interface view

interface interface-type interface-number

Configure the attempts to send an NS message for duplicate address detection

ipv6 nd dad attempts value

Optional

1 by default. When the value argument is set to 0, the duplicate address detection is disabled.

 

IV. Configuring the NS Interval

After a device sends an NS message, if it does not receive a response within a specific period, the device will send another NS message. You can configure the interval for sending NS messages.

Follow these steps to configure the NS interval:

To do…

Use the command…

Remarks

Enter system view

system-view

Enter VLAN interface view

interface interface-type interface-number

Specify the NS interval

ipv6 nd ns retrans-timer value

Optional

1,000 milliseconds by default.

 

V. Configuring the neighbor reachable timeout time on an interface

After a neighbor passed the reachability detection, the device considers the neighbor to be reachable in a specific period. However, the device will examine whether the neighbor is reachable again when there is a need to send packets to the neighbor after the neighbor reachable timeout time elapsed.

Follow these steps to configure the neighbor reachable timeout time on an interface:

To do…

Use the command…

Remarks

Enter system view

system-view

Enter VLAN interface view

interface interface-type interface-number

Configure the neighbor reachable timeout time

ipv6 nd nud reachable-time value

Optional

30,000 milliseconds by default.

 

1.2.3  Configuring a Static IPv6 Route

You can configure static IPv6 routes for network interconnection in a small sized IPv6 network.

Follow these steps to configure a static IPv6 route:

To do…

Use the command…

Remarks

Enter system view

system-view

Configure a static IPv6 route

ipv6 route-static ipv6-address prefix-length [ interface-type interface-number] nexthop-address

Required

By default, no static IPv6 route is configured.

 

1.2.4  Configuring IPv6 TCP Properties

The IPv6 TCP properties you can configure include:

l           synwait timer: When a SYN packet is sent, the synwait timer is triggered. If no response packet is received before the synwait timer expires, the IPv6 TCP connection establishment fails.

l           finwait timer: When the IPv6 TCP connection status is FIN_WAIT_2, the finwait timer is triggered. If no packet is received before the finwait timer expires, the IPv6 TCP connection is terminated. If FIN packets are received, the IPv6 TCP connection status becomes TIME_WAIT. If other packets are received, the finwait timer is reset from the last packet and the connection is terminated after the finwait timer expires.

l           Size of IPv6 TCP receiving/sending buffer.

Follow these steps to configure IPv6 TCP properties:

To do…

Use the command…

Remarks

Enter system view

system-view

Set the finwait timer of IPv6 TCP packets

tcp ipv6 timer fin-timeout wait-time

Optional

675 seconds by default.

Set the synwait timer of IPv6 TCP packets

tcp ipv6 timer syn-timeout wait-time

Optional

75 seconds by default.

Configure the size of IPv6 TCP receiving/sending buffer

tcp ipv6 window size

Optional

8 KB by default.

 

1.2.5  Configuring the Maximum Number of IPv6 ICMP Error Packets Sent within a Specified Time

If too many IPv6 ICMP error packets are sent within a short time in a network, network congestion may occur. To avoid network congestion, you can control the maximum number of IPv6 ICMP error packets sent within a specified time. Currently, the token bucket algorithm is adopted.

You can set the capacity of a token bucket, namely, the number of tokens in the bucket. In addition, you can set the update period of the token bucket, namely, the interval for updating the number of tokens in the token bucket to the configured capacity. One token allows one IPv6 ICMP error packet to be sent. Each time an IPv6 ICMP error packet is sent, the number of tokens in a token bucket decreases by 1. If the number of the IPv6 ICMP error packets that are continuously sent out reaches the capacity of the token bucket, the subsequent IPv6 ICMP error packets cannot be sent out until new tokens are put into the token bucket based on the specified update frequency.

Follow these steps to configure the maximum number of IPv6 ICMP error packets sent within a specified time:

To do…

Use the command…

Remarks

Enter system view

system-view

Configure the maximum number of IPv6 ICMP error packets sent within a specified time

ipv6 icmp-error { bucket bucket-size | ratelimit interval }*

Optional

By default, the capacity of a token bucket is 10 and the update period to 100 milliseconds. That is, at most 10 IPv6 ICMP error packets can be sent within an update period.

 

1.2.6  Configuring the Hop Limit of ICMPv6 Reply Packets

When sending an ICMPv6 reply packet, the device will fill a configurable value in the Hop Limit field in the ICMPv6 reply packet header.

Follow these steps to configure the hop limit of ICMPv6 reply packets:

To do…

Use the command…

Remarks

Enter system view

system-view

Configure the hop limit of ICMPv6 reply packets

ipv6 nd hop-limit value

Optional

64 by default.

 

1.2.7  Configuring IPv6 DNS

I. Configuring a static IPv6 DNS entry

You can directly use a host name when applying telnet applications and the system will resolve the host name into an IPv6 address. Each host name can correspond to only one IPv6 address. A newly configured IPv6 address will overwrite the previous one.

Follow these steps to configure a static IPv6 DNS entry:

To do…

Use the command…

Remarks

Enter system view

system-view

Configure a static IPv6 DNS entry

ipv6 host hostname ipv6-address

Required

 

II. Configuring dynamic DNS resolution

If you want to use the dynamic domain name function, you can use the following command to enable the dynamic domain name resolution function. In addition, you should configure a DNS server so that a query request message can be sent to the correct server for resolution. The system can support at most six DNS servers.

You can configure a domain name suffix so that you only need to enter some fields of a domain name and the system automatically adds the preset suffix for address resolution. The system can support at most 10 domain name suffixes.

Follow these steps to configure dynamic DNS resolution:

To do…

Use the command…

Remarks

Enter system view

system-view

Enable the dynamic domain name resolution function

dns resolve

Required

Disabled by default.

Configure an IPv6 DNS server

dns server ipv6 ipv6-address [ interface-type interface-number ]

Required

If the IPv6 address of the DNS server is a link-local address, the interface-type and interface-number arguments are required.

Configure the domain suffix.

dns domain domain-name

Required

By default, no domain name suffix is configured, that is, the domain name is resolved according to the input information.

 

&  Note:

The dns resolve and dns domain commands are the same as those of IPv4 DNS. For details about the commands, refer to DNS Operation in this manual.

 

1.2.8  Displaying and Maintaining IPv6

To do…

Use the command…

Remarks

Display DNS domain name suffix information

display dns domain [ dynamic ]

Available in any view

Display IPv6 dynamic domain name cache information.

display dns ipv6 dynamic-host

Display DNS server information

display dns server [ dynamic ]

Display the FIB entries

display ipv6 fib

Display the mapping between host name and IPv6 address

display ipv6 host

Display the brief IPv6 information of an interface

display ipv6 interface [ interface-type interface-number | brief ]

Display neighbor information

display ipv6 neighbors [ ipv6-address | all | dynamic | interface interface-type interface-number | static | vlan vlan-id ] [ | { begin | exclude | include } regular-expression ]

Display the total number of neighbor entries satisfying the specified conditions

display ipv6 neighbors { all | dynamic | static | interface interface-type interface-number | vlan vlan-id } count

Display information about the routing table

display ipv6 route-table [ verbose ]

Display information related to a specified socket

display ipv6 socket [ socktype socket-type ] [ task-id socket-id ]

Display the statistics of IPv6 packets and IPv6 ICMP packets

display ipv6 statistics

Display the statistics of IPv6 TCP packets

display tcp ipv6 statistics

Display the IPv6 TCP connection status

display tcp ipv6 status

Display the statistics of IPv6 UDP packets

display udp ipv6 statistics

Clear IPv6 dynamic domain name cache information

reset dns ipv6 dynamic-host

Available in user view

Clear IPv6 neighbor information

reset ipv6 neighbors [ all | dynamic | interface interface-type interface-number | static ]

Clear the statistics of IPv6 packets

reset ipv6 statistics

Clear the statistics of all IPv6 TCP packets

reset tcp ipv6 statistics

Clear the statistics of all IPv6 UDP packets

reset udp ipv6 statistics

 

&  Note:

The display dns domain and display dns server commands are the same as those of IPv4 DNS. For details about the commands, refer to DNS Operation in this manual.

 

1.3  IPv6 Configuration Example

1.3.1  IPv6 Unicast Address Configuration

I. Network requirements

Two switches are directly connected through two Ethernet ports. The Ethernet ports belong to VLAN 2. Different types of IPv6 addresses are configured for the interface VLAN-interface 2 on each switch to verify the connectivity between the two switches. The IPv6 prefix in the EUI-64 format is 2001::/64, the global unicast address of Switch A is 3001::1/64, and the global unicast address of Switch B is 3001::2/64.

II. Network diagram

Figure 1-5 Network diagram for IPv6 address configuration

III. Configuration procedure

1)         Configure Switch A.

# Configure an automatically generated link-local address for the interface VLAN-interface 2.

<SwitchA> system-view

[SwitchA] interface Vlan-interface 2

[SwitchA-Vlan-interface2] ipv6 address auto link-local

# Configure an EUI-64 address for the interface VLAN-interface 2.

[SwitchA-Vlan-interface2] ipv6 address 2001::/64 eui-64

# Configure a global unicast address for the interface VLAN-interface 2.

[SwitchA-Vlan-interface2] ipv6 address 3001::1/64

2)         Configure Switch B.

# Configure an automatically generated link-local address for the interface VLAN-interface 2.

<SwitchA> system-view

[SwitchB] interface Vlan-interface 2

[SwitchB-Vlan-interface2] ipv6 address auto link-local

# Configure an EUI-64 address for the interface VLAN-interface 2.

[SwitchB-Vlan-interface2] ipv6 address 2001::/64 eui-64

# Configure a global unicast address for the interface VLAN-interface 2.

[SwitchB-Vlan-interface2] ipv6 address 3001::2/64

IV. Verification

# Display the brief IPv6 information of an interface on Switch A.

[SwitchA-Vlan-interface2] display ipv6 interface vlan-interface 2

Vlan-interface2 current state : UP

Line protocol current state : UP

IPv6 is enabled, link-local address is FE80::20F:E2FF:FE49:8048

  Global unicast address(es):

    2001::20F:E2FF:FE49:8048, subnet is 2001::/64

    3001::1, subnet is 3001::/64

  Joined group address(es):

    FF02::1:FF00:1

    FF02::1:FF49:8048

    FF02::1

  MTU is 1500 bytes

  ND DAD is enabled, number of DAD attempts: 1

  ND reachable time is 30000 milliseconds

  ND retransmit interval is 1000 milliseconds

  Hosts use stateless autoconfig for addresses

# Display the brief IPv6 information of the interface on Switch B.

[SwitchB-Vlan-interface2] display ipv6 interface Vlan-interface 2

Vlan-interface2 current state : UP

Line protocol current state : UP

IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1

  Global unicast address(es):

    2001::20F:E2FF:FE00:1, subnet is 2001::/64

    3001::2, subnet is 3001::/64

  Joined group address(es):

    FF02::1:FF00:2

    FF02::1:FF00:1

    FF02::1

  MTU is 1500 bytes

  ND DAD is enabled, number of DAD attempts: 1

  ND reachable time is 30000 milliseconds

  ND retransmit interval is 1000 milliseconds

  Hosts use stateless autoconfig for addresses

# On Switch A, ping the link-local address, EUI-64 address, and global unicast address of Switch B. If the configurations are correct, the above three types of IPv6 addresses can be pinged.

 

  Caution:

When you use the ping ipv6 command to verify the reachability of the destination, you must specify the “–i” keyword if the destination address is a link-local address. For the operation of IPv6 ping, refer to section IPv6 Ping.

 

[SwitchA-Vlan-interface2] ping ipv6 FE80::20F:E2FF:FE00:1 -i Vlan-interface 2

  PING FE80::20F:E2FF:FE00:1 : 56  data bytes, press CTRL_C to break

    Reply from FE80::20F:E2FF:FE00:1

    bytes=56 Sequence=1 hop limit=255  time = 80 ms

    Reply from FE80::20F:E2FF:FE00:1

    bytes=56 Sequence=2 hop limit=255  time = 60 ms

    Reply from FE80::20F:E2FF:FE00:1

    bytes=56 Sequence=3 hop limit=255  time = 60 ms

    Reply from FE80::20F:E2FF:FE00:1

    bytes=56 Sequence=4 hop limit=255  time = 70 ms

    Reply from FE80::20F:E2FF:FE00:1

    bytes=56 Sequence=5 hop limit=255  time = 60 ms

  --- FE80::20F:E2FF:FE00:1 ping statistics ---

    5 packet(s) transmitted

    5 packet(s) received

    0.00% packet loss

    round-trip min/avg/max = 60/66/80 ms

 

[SwitchA-Vlan-interface2] ping ipv6 2001::20F:E2FF:FE00:1

  PING 2001::20F:E2FF:FE00:1 : 56  data bytes, press CTRL_C to break

    Reply from 2001::20F:E2FF:FE00:1

    bytes=56 Sequence=1 hop limit=255  time = 40 ms

    Reply from 2001::20F:E2FF:FE00:1

    bytes=56 Sequence=2 hop limit=255  time = 70 ms

    Reply from 2001::20F:E2FF:FE00:1

    bytes=56 Sequence=3 hop limit=255  time = 60 ms

    Reply from 2001::20F:E2FF:FE00:1

    bytes=56 Sequence=4 hop limit=255  time = 60 ms

    Reply from 2001::20F:E2FF:FE00:1

    bytes=56 Sequence=5 hop limit=255  time = 60 ms

 

  --- 2001::20F:E2FF:FE00:1 ping statistics ---

    5 packet(s) transmitted

    5 packet(s) received

    0.00% packet loss

    round-trip min/avg/max = 40/58/70 ms

 

[SwitchA-Vlan-interface2] ping ipv6 3001::2

  PING 3001::2 : 56  data bytes, press CTRL_C to break

    Reply from 3001::2

    bytes=56 Sequence=1 hop limit=255  time = 50 ms

    Reply from 3001::2

    bytes=56 Sequence=2 hop limit=255  time = 60 ms

    Reply from 3001::2

    bytes=56 Sequence=3 hop limit=255  time = 60 ms

    Reply from 3001::2

    bytes=56 Sequence=4 hop limit=255  time = 70 ms

    Reply from 3001::2

    bytes=56 Sequence=5 hop limit=255  time = 60 ms

 

  --- 3001::2 ping statistics ---

    5 packet(s) transmitted

    5 packet(s) received

    0.00% packet loss

    round-trip min/avg/max = 50/60/70 ms

 


Chapter 2  IPv6 Application Configuration

When configuring IPv6 application, go to these sections for information you are interested in:

l           Introduction to IPv6 Application

l           Configuring IPv6 Application

l           IPv6 Application Configuration Example

l           Troubleshooting IPv6 Application

2.1  Introduction to IPv6 Application

IPv6 are supporting more and more applications. Most of IPv6 applications are the same as those of IPv4. The applications supported on H3C S3100-52P Ethernet Switch are:

l           Ping

l           Traceroute

l           TFTP

l           Telnet

2.2  Configuring IPv6 Application

2.2.1  IPv6 Ping

The ping ipv6 command is commonly used for testing the reachability of a host. This command sends an ICMPv6 message to the destination host and records the time for the response message to be received. For details about the ping command, refer to System Maintenance and Debugging Operation in this manual.

After you execute the ping ipv6 command, you can press Ctrl+C to terminate the ping operation.

Follow these steps to ping IPv6:

To do…

Use the command…

Remarks

Ping IPv6

ping ipv6 [ -a source-ipv6 | -c count | -m interval | -s packet-size | -t timeout ]* remote-system [ -i interface-type interface-number ]

Required

Available in any view

 

  Caution:

When you use the ping ipv6 command to verify the reachability of the destination, you must specify the “–i” keyword if the destination address is a link-local address.

 

2.2.2  IPv6 Traceroute

The traceroute ipv6 command is used to record the route of IPv6 packets from source to destination, so as to check whether the link is available and determine the point of failure.

Figure 2-1 Traceroute process

As Figure 2-1 shows, the traceroute process is as follows:

l           The source sends an IP datagram with the Hop Limit of 1.

l           If the first hop device receiving the datagram reads the Hop Limit of 1, it will discard the packet and return an ICMP timeout error message. Thus, the source can get the first device’s address in the route.

l           The source sends a datagram with the Hop Limit of 2 and the second hop device returns an ICMP timeout error message. The source gets the second device’s address in the route.

l           This process continues until the datagram reaches the destination host. As there is no application using the UDP port, the destination returns a “port unreachable” ICMP error message.

l           The source receives the “port unreachable” ICMP error message and understands that the packet has reached the destination, and thus determines the route of the packet from source to destination.

Follow these steps to traceroute IPv6:

To do…

Use the command…

Remarks

Traceroute IPv6

tracert ipv6 [ -f first-ttl | -m max-ttl | -p port | -q packet-num | -w timeout ]* remote-system

Required

Available in any view

 

2.2.3  IPv6 TFTP

IPv6 supports Trivial File Transfer Protocol (TFTP). As a client, the device can download files from or upload files to a TFTP server. For details about TFTP, see FTP-SFTP-TFTP Operation.

I. Configuration preparation

Enable TFTP on the TFTP server and specify the path to download or upload files. For specific operations, refer to TFTP server configuration specifications.

II. IPv6 TFTP configuration

Follow these steps to download or upload files to TFTP servers:

To do…

Use the command…

Remarks

Download/Upload files from TFTP server

tftp ipv6 remote-system [ -i interface-type interface-number ] { get | put } source-filename [ destination-filename ]

Required

Available in user view

 

  Caution:

When you use the tftp ipv6 command to connect to the TFTP server, you must specify the “–i” keyword if the destination address is a link-local address.

 

2.2.4  IPv6 Telnet

Telnet protocol belongs to application layer protocols of the TCP/IP protocol suite, and is used to provide remote login and virtual terminals. The device can be used either as a Telnet client or a Telnet server.

As the following figure shows, the Host is running Telnet client application of IPv6 to set up an IPv6 Telnet connection with Device A, which serves as the Telnet server. If Device A again connects to Device B through Telnet, the Device A is the Telnet client and Device B is the Telnet server.

Figure 2-2 Provide Telnet services

I. Configuration prerequisites

Enable Telnet on the Telnet server and configure the authentication method. For details, refer to Login Operation in this manual.

Follow these steps to set up IPv6 Telnet connections:

To do…

Use the command…

Remarks

Perform the telnet command on the Telnet client to log in to other devices

telnet ipv6 remote-system [ -i interface-type interface-number ] [ port-number ]

Required

Available in user view

 

  Caution:

When you use the telnet ipv6 command to connect to the Telnet server, you must specify the “–i” keyword if the destination address is a link-local address.

 

II. Displaying and maintaining IPv6 Telnet

To do…

Use the command…

Remarks

Display the use information of the users who have logged in

display users [ all ]

Available in any view

 

2.3  IPv6 Application Configuration Example

2.3.1  IPv6 Applications

I. Network requirements

In Figure 2-3, SWA, SWB, and SWC are three switches, among which SWA is an H3C S3100-52P Ethernet switch, SWB and SWC are two switches supporting IPv6 forwarding. In a LAN, there is a Telnet server and a TFTP server for providing Telnet service and TFTP service to the switch respectively. It is required that you telnet to the telnet server from SWA and download files from the TFTP server.

II. Network diagram

Figure 2-3 Network diagram for IPv6 applications

III. Configuration procedure

 

&  Note:

You need configure IPv6 address at the switch’s and server’s interfaces and ensure that the route between the switch and the server is accessible before the following configuration.

 

# Ping SWB’s IPv6 address from SWA.

<SWA> ping ipv6 3003::1

  PING 3003::1 : 64  data bytes, press CTRL_C to break

    Reply from 3003::1

    bytes=56 Sequence=1 hop limit=64  time = 110 ms

    Reply from 3003::1

    bytes=56 Sequence=2 hop limit=64  time = 31 ms

    Reply from 3003::1

    bytes=56 Sequence=3 hop limit=64  time = 31 ms

    Reply from 3003::1

    bytes=56 Sequence=4 hop limit=64  time = 31 ms

    Reply from 3003::1

    bytes=56 Sequence=5 hop limit=64  time = 31 ms

 

--- 3003::1 ping statistics ---

  5 packet(s) transmitted

  5 packet(s) received

  0.00% packet loss

    round-trip min/avg/max = 31/46/110 ms 

# On SWA, configure static routes to SWC, the Telnet Server, and the TFTP Server.

<SWA> system-view

[SWA] ipv6 route-static 3002:: 64 3003::1

[SWA] ipv6 route-static 3001:: 64 3003::1

[SWA] quit

# Trace the IPv6 route from SWA to SWC.

<SWA> tracert ipv6 3002::1

 traceroute to 3002::1  30 hops max,60 bytes packet

 1  3003::1 30 ms  0 ms  0 ms

 2  3002::1 10 ms 10 ms 0 ms

# SWA downloads a file from TFTP server 3001::3.

<SWA> tftp ipv6 3001::3 get filetoget flash:/filegothere

  .

  File will be transferred in binary mode

  Downloading file from remote tftp server, please wait....

  TFTP:       13 bytes received in 1.243 second(s)

  File downloaded successfully.

# SWA Connect to Telnet server 3001::2.

<SWA> telnet ipv6 3001::2

Trying 3001::2...

Press CTRL+K to abort

Connected to 3001::2 ...

Telnet Server>

2.4  Troubleshooting IPv6 Application

2.4.1  Unable to Ping a Remote Destination

I. Symptom

Unable to ping a remote destination and return an error message.

II. Solution

l           Check that the IPv6 addresses are configured correctly.

l           Use the display ipv6 interface command to determine the interfaces of the source and the destination and the link-layer protocol between them are up.

l           Use the display ipv6 route-table command to verify that the destination is reachable.

l           Use the ping ipv6 -t timeout { destination-ipv6-address | hostname } [ -i interface-type interface-number ] command to increase the timeout time limit, so as to determine whether it is due to the timeout limit is too small.

2.4.2  Unable to Run Traceroute

I. Symptom

Unable to trace the route by performing traceroute operations.

II. Solution

l           Check that the destination host can be pinged.

l           If the host can be pinged through, check whether the UDP port that was included in the tracert ipv6 command is used by an application on the host. If yes, you need to use the tracert ipv6 command with an unreachable UDP port.

2.4.3  Unable to Run TFTP

I. Symptom

Unable to download and upload files by performing TFTP operations.

II. Solution

l           Check that the route between the device and the TFTP server is up.

l           Check that the file system of the device is usable. You can check it by running the dir command in user view.

l           Check that the ACL configured for the TFTP server does not block the connection to the TFTP server.

2.4.4  Unable to Run Telnet

I. Symptom

Unable to login to Telnet server by performing Telnet operations.

II. Solution

l           Check that the Telnet server application is running on the server. Check the configuration allows the server reachable.

l           Check that the route between the device and the TFTP server is up.

 

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网