Login
- Table of Contents
-
- 07-Layer 3 - IP Routing Configuration Guide
- 00-Preface
- 01-Basic IP Routing Configuration
- 02-Static Routing Configuration
- 03-RIP Configuration
- 04-OSPF Configuration
- 05-IS-IS Configuration
- 06-BGP Configuration
- 07-Policy-Based Routing Configuration
- 08-Guard Route Configuration
- 09-IPv6 Static Routing Configuration
- 10-RIPng Configuration
- 11-OSPFv3 Configuration
- 12-IPv6 IS-IS Configuration
- 13-IPv6 BGP Configuration
- 14-IPv6 Policy-Based Routing Configuration
- 15-Routing Policy Configuration
- 16-Tunnel End Packets Policy Routing Configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 13-IPv6 BGP Configuration | 382.83 KB |
Contents
IPv6 BGP configuration task list
Configuring a preferred value for routes from a peer or peer group
Specifying the source interface for establishing TCP connections
Allowing the establishment of an indirect EBGP connection
Configuring a description for an IPv6 peer or peer group
Disabling session establishment to an IPv6 peer or peer group
Logging IPv6 peer or peer group state changes
Controlling route distribution and reception
Configuring IPv6 BGP route redistribution
Configuring IPv6 BGP route summarization
Advertising a default route to an IPv6 peer or peer group
Configuring outbound route filtering
Configuring inbound route filtering
Ignoring the ORIGINATOR_ID attribute of IPv6 BGP routes
Configuring IPv6 BGP and IGP route synchronization
Configuring IPv6 BGP route attributes
Configuring IPv6 BGP preference and default LOCAL_PREF and NEXT_HOP attributes
Configuring the AS_PATH attribute
Tuning and optimizing IPv6 BGP networks
Configuring IPv6 BGP soft reset
Enabling the IPv6 BGP ORF capability
Enabling 4-byte AS number suppression
Configuring the maximum number of ECMP routes
Enabling MD5 authentication for TCP connections
Applying an IPsec policy to an IPv6 BGP peer or peer group
Configuring a large scale IPv6 BGP network
Configuring IPv6 BGP peer group
Configuring IPv6 BGP community
Configuring an IPv6 BGP route reflector
Configuring basic 6PE capabilities
Configuring optional 6PE capabilities
Displaying and maintaining IPv6 BGP
Resetting IPv6 BGP connections
IPv6 BGP configuration examples
IPv6 BGP route reflector configuration
IPv6 BGP IPsec policy configuration
Troubleshooting IPv6 BGP configuration
IPv6 BGP peer relationship not established
This chapter describes only configuration for IPv6 BGP. For BGP-related information, see "Configuring BGP."
IPv6 BGP overview
BGP-4 was designed to carry only IPv4 routing information, and other network layer protocols, such as IPv6, are not supported.
To support multiple network layer protocols, IETF extended BGP-4 by introducing Multiprotocol BGP (MP-BGP), which is defined in RFC 2858 (multiprotocol extensions for BGP-4).
MP-BGP for IPv6 is called "IPv6 BGP" for short.
IPv6 BGP puts IPv6 network layer information into the attributes of Network Layer Reachability Information (NLRI) and NEXT_HOP.
The NLRI attribute of IPv6 BGP involves the following:
· MP_REACH_NLRI—Multiprotocol Reachable NLRI, for advertising reachable route and next hop information.
· MP_UNREACH_NLRI—Multiprotocol Unreachable NLRI, for withdrawal of unreachable routes.
The NEXT_HOP attribute of IPv6 BGP is identified by an IPv6 unicast address or IPv6 local link address.
IPv6 BGP has the same messaging and routing mechanisms as BGP.
IPv6 BGP configuration task list
|
Task |
Remarks |
|
|
Required. |
||
|
Optional. |
||
|
Configuring a preferred value for routes from a peer or peer group |
Optional. |
|
|
Specifying the source interface for establishing TCP connections |
Optional. |
|
|
Optional. |
||
|
Optional. |
||
|
Disabling session establishment to an IPv6 peer or peer group |
Optional. |
|
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Configuring IPv6 BGP preference and default LOCAL_PREF and NEXT_HOP attributes |
Optional. |
|
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
Configuring basic IPv6 BGP
Configuration prerequisites
Before you configure basic IPv6 BGP, complete the following tasks:
· Specify IP addresses for interfaces.
· Enable IPv6 with the ipv6 command in system view.
Configuration guidelines
Create a peer group before configuring basic functions for it. For related information, see "Configuring IPv6 BGP peer group."
Specifying an IPv6 BGP peer
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Specify a router ID. |
router-id router-id |
Optional. This step is required if no IP addresses are configured for any interfaces. |
|
4. Enter IPv6 address family view or IPv6 BGP-VPN instance view. |
ipv6-family [ vpn-instance vpn-instance-name ] |
N/A |
|
5. Specify an IPv6 peer. |
peer ipv6-address as-number as-number |
N/A |
Injecting a local IPv6 route
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view or IPv6 BGP-VPN instance view. |
ipv6-family [ vpn-instance vpn-instance-name ] |
N/A |
|
4. Inject a local route into the IPv6 BGP routing table. |
network ipv6-address prefix-length [ short-cut | route-policy route-policy-name ] |
Not added by default. |
Configuring a preferred value for routes from a peer or peer group
If you both reference a routing policy and use the command peer { group-name | ipv6-address } preferred-value value to set a preferred value for routes from a peer, the routing policy sets the specific preferred value for routes matching it. If the preferred value in the routing policy is zero, the routes use the value set with the peer { group-name | ipv6-address } preferred-value value command. For information about using a routing policy to set a preferred value, see the command peer { group-name | ipv4-address | ipv6-address } route-policy route-policy-name { import | export } in this document, and the command apply preferred-value preferred-value in Layer 3—IP Routing Command Reference.
To configure a preferred value for routes from a peer or peer group:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view or IPv6 BGP-VPN instance view. |
ipv6-family [ vpn-instance vpn-instance-name ] |
N/A |
|
4. Configure a preferred value for routes received from an IPv6 peer or peer group. |
peer { group-name | ipv6-address } preferred-value value |
Optional. By default, the preferred value is 0. The IPv6 BGP-VPN instance view does not support the group-name argument. |
Specifying the source interface for establishing TCP connections
IPv6 BGP uses TCP as the transport layer protocol. By default, IPv6 BGP uses the output interface of the optimal route to a peer or peer group as the source interface for establishing TCP connections to the peer or peer group.
To establish a BGP connection, specify on the local router the source interface for establishing the TCP connection to the peer on the peering BGP router. Otherwise, the local BGP router might fail to establish TCP connection to the peer when using the output interface of the best route as the source interface.
If an IPv6 BGP router has multiple links to a peer, and the source interface fails, IPv6 BGP has to reestablish TCP connections, causing network oscillation. To enhance stability of IPv6 BGP connections, H3C recommends that you use a loopback interface as the source interface.
To specify the source interface for establishing TCP connections to a BGP peer or peer group:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view. |
ipv6-family |
N/A |
|
4. Specify the source interface for establishing TCP connections to an IPv6 BGP peer or peer group. |
peer { group-name | ipv6-address } connect-interface interface-type interface-number |
By default, IPv6 BGP uses the output interface of the best route to the IPv6 BGP peer or peer group as the source interface for establishing a TCP connection. |
Allowing the establishment of an indirect EBGP connection
In general, direct links must be available between EBGP peers. If not, you can use the peer ebgp-max-hop command to establish a multi-hop TCP connection in between. However, you need not use this command for direct EBGP connections with loopback interfaces.
To allow the establishment of a non-direct EBGP connection:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view. |
ipv6-family |
N/A |
|
4. Allow the establishment of EBGP connection to an indirectly connected peer or peer group. |
peer { group-name | ipv6-address } ebgp-max-hop [ hop-count ] |
Not configured by default. |
Configuring a description for an IPv6 peer or peer group
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view or IPv6 BGP-VPN instance view. |
ipv6-family [ vpn-instance vpn-instance-name ] |
N/A |
|
4. Configure a description for an IPv6 peer or peer group. |
peer { group-name | ipv6-address } description description-text |
Optional. Not configured by default. The IPv6 BGP-VPN instance view does not support the group-name argument. The peer group to be configured with a description must have been created. |
Disabling session establishment to an IPv6 peer or peer group
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view. |
ipv6-family |
N/A |
|
4. Disable session establishment to an IPv6 peer or peer group. |
peer { group-name | ipv6-address } ignore |
Not disabled by default. |
Logging IPv6 peer or peer group state changes
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enable logging of peer changes globally. |
log-peer-change |
Optional. Enabled by default. For information about the log-peer-change command, see Layer 3—IP Routing Command Reference. |
|
4. Enter IPv6 address family view. |
ipv6-family |
N/A |
|
5. Enable the state change logging for an IPv6 peer or peer group. |
peer { group-name | ipv6-address } log-change |
Optional. Enabled by default. |
Controlling route distribution and reception
This task includes routing information filtering, routing policy application, and route dampening.
Configuration prerequisites
Before you configure route distribution and reception control, complete the following tasks:
· Enable IPv6 with the ipv6 command in system view.
· Configure IPv6 BGP basic functions.
Configuring IPv6 BGP route redistribution
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view or IPv6 BGP-VPN instance view. |
ipv6-family [ vpn-instance vpn-instance-name ] |
N/A |
|
4. Enable default route redistribution into the IPv6 BGP routing table. |
default-route imported |
Optional. Not enabled by default. If the default-route imported command is not configured, using the import-route command cannot redistribute an IGP default route. |
|
5. Enable route redistribution from another routing protocol. |
import-route protocol [ process-id [ med med-value | route-policy route-policy-name ] * ] |
Not enabled by default. |
Configuring IPv6 BGP route summarization
To reduce the routing table size on medium and large BGP networks, configure route summarization on BGP routers. BGP supports only manual summarization of IPv6 routes.
To configure IPv6 BGP route summarization:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view. |
ipv6-family |
N/A |
|
4. Configure manual route summarization. |
aggregate ipv6-address prefix-length [ as-set | attribute-policy route-policy-name | detail-suppressed | origin-policy route-policy-name | suppress-policy route-policy-name ] * |
Not configured by default. |
Advertising a default route to an IPv6 peer or peer group
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view. |
ipv6-family |
N/A |
|
4. Advertise a default route to an IPv6 peer or peer group. |
peer { group-name | ipv6-address } default-route-advertise [ route-policy route-policy-name ] |
Not advertised by default. With the peer default-route-advertise command executed, the local router advertises a default route with itself as the next hop to the specified IPv6 peer or peer group, regardless of whether the default route is available in the routing table. |
Configuring outbound route filtering
IPv6 BGP advertises routes passing the specified policy to peers. Using the protocol argument can filter only the routes redistributed from the specified protocol. If no protocol is specified, IPv6 BGP filters all routes to be advertised, including redistributed routes and routes imported with the network command.
To configure outbound route filtering:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view or IPv6 BGP-VPN instance view. |
ipv6-family [ vpn-instance vpn-instance-name ] |
N/A |
|
4. Configure the filtering of outgoing routes. |
filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } export [ protocol process-id ] |
Not configured by default. |
|
5. Apply a routing policy to routes advertised to an IPv6 peer or peer group. |
peer { group-name | ipv6-address } route-policy route-policy-name export |
Not applied by default. The IPv6 BGP-VPN instance view does not support the group-name argument. |
|
6. Specify an IPv6 ACL to filter routes advertised to an IPv6 peer or peer group. |
peer { group-name | ipv6-address } filter-policy acl6-number export |
Not specified by default. The IPv6 BGP-VPN instance view does not support this command. |
|
7. Specify an AS path ACL to filter routes advertised to an IPv6 peer or peer group. |
peer { group-name | ipv6-address } as-path-acl as-path-acl-number export |
Not specified by default. The IPv6 BGP-VPN instance view does not support this command. |
|
8. Specify an IPv6 prefix list to filter routes advertised to an IPv6 peer or peer group. |
peer { group-name | ipv6-address } ipv6-prefix ipv6-prefix-name export |
Not specified by default. The IPv6 BGP-VPN instance view does not support this command. |
Configuring inbound route filtering
Only routes passing the configured filtering can be added into the local IPv6 BGP routing table.
Members of a peer group can have different inbound route filtering policies.
To configure inbound route filtering:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view or IPv6 BGP-VPN instance view. |
ipv6-family [ vpn-instance vpn-instance-name ] |
N/A |
|
4. Configure inbound route filtering. |
filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } import |
Not configured by default. |
|
5. Apply a routing policy to routes from an IPv6 peer or peer group. |
peer { group-name | ipv6-address } route-policy route-policy-name import |
Not applied by default. The IPv6 BGP-VPN instance view does not support the group-name argument. |
|
6. Specify an ACL to filter routes imported from an IPv6 peer or peer group. |
peer { group-name | ipv6-address } filter-policy acl6-number import |
Not specified by default. The IPv6 BGP-VPN instance view does not support this command. |
|
7. Specify an AS path ACL to filter routing information imported from an IPv6 peer or peer group. |
peer { group-name | ipv6-address } as-path-acl as-path-acl-number import |
Not specified by default. The IPv6 BGP-VPN instance view does not support this command. |
|
8. Specify an IPv6 prefix list to filter routing information imported from an IPv6 peer or peer group. |
peer { group-name | ipv6-address } ipv6-prefix ipv6-prefix-name import |
Not specified by default. The IPv6 BGP-VPN instance view does not support this command. |
|
9. Specify the upper limit of prefixes allowed to receive from an IPv6 peer or peer group. |
peer { group-name | ipv6-address } route-limit limit [ percentage ] |
Optional. Unlimited by default. The IPv6 BGP-VPN instance view does not support the group-name argument. |
Ignoring the ORIGINATOR_ID attribute of IPv6 BGP routes
In general, IPv6 BGP saves the ORIGINATOR ID attribute of IPv6 BGP routes received from the router reflector to make sure that those routes will not be advertised back to the route reflector. But IPv6 BGP might need to advertise BGP-VPN routes with different Route Distinguisher (RD) attributes back to the route reflector. For more information about RD, see MPLS Configuration Guide. To meet this requirement, use the peer ignore-originated command to ignore the ORIGINATOR_ID attribute of IPv6 BGP routes received from the route reflector.
Before you execute the peer ignore-originatorid command, make sure that no routing loop exits among route reflectors in the network.
The peer ignore-originatorid also enables IPv6 BGP to ignore the CLUSTER_LIST attribute of IPv6 BGP routes.
To ignore the ORIGINATOR_ID attribute of IPv6 BGP routes:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter IPv6 BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view. |
ipv6-family |
N/A |
|
4. Ignore the ORIGINATOR_ID attribute of IPv6 BGP routes received from the route reflector. |
peer { group-name | ipv6-address } ignore-originatorid |
By default, IPv6 BGP saves the ORIGINATOR ID attribute of IPv6 received BGP routes. |
Configuring IPv6 BGP and IGP route synchronization
By default, upon receiving an IBGP route, an IPv6 BGP router checks the route’s next hop. If the next hop is reachable, the IPv6 BGP router advertises the route to EBGP peers. If the synchronization feature is configured, in addition to the reachability check of the next hop, the IPv6 BGP router must find an active IGP route with the same destination network segment before it can advertise the IBGP route (use the display ipv6 routing-table protocol command to check the IGP route state).
To configure IPv6 BGP and IGP route synchronization:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view. |
ipv6-family |
N/A |
|
4. Enable route synchronization between IPv6 BGP and IGP. |
Synchronization |
Not enabled by default. |
Configuring route dampening
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view. |
ipv6-family |
N/A |
|
4. Configure IPv6 BGP route dampening parameters. |
dampening [ half-life-reachable half-life-unreachable reuse suppress ceiling | route-policy route-policy-name ]* |
Optional. Not configured by default. |
Configuring IPv6 BGP route attributes
This section describes how to use IPv6 BGP route attributes to modify BGP routing policy. The attributes include the following:
· IPv6 BGP protocol preference
· Default LOCAL_PREF attribute
· MED attribute
· NEXT_HOP attribute
· AS_PATH attribute
Configuration prerequisites
Before you configure IPv6 BGP route attributes, complete the following tasks:
· Enable IPv6 with the ipv6 command in system view.
· Configure IPv6 BGP basic functions.
Configuring IPv6 BGP preference and default LOCAL_PREF and NEXT_HOP attributes
Follow these guidelines when you configure IPv6 BGP preference and default LOCAL_PREF and NEXT_HOP attributes:
· To ensure an IBGP peer can find the correct next hop, you can configure routes advertised to the IPv6 IBGP peer or peer group to use the local router as the next hop. If BGP load balancing is configured, the local router specifies itself as the next hop of routes sent to an IPv6 IBGP peer or peer group regardless of whether the peer next-hop-local command is configured.
· In a "third party next hop" network where the two IPv6 EBGP peers reside in a common broadcast subnet, the router does not change the next hop for routes sent to the IPv6 EBGP peer or peer group by default, unless the peer next-hop-local command is configured.
To configure IPv6 BGP preference and default LOCAL_PREF and NEXT_HOP attributes:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view or IPv6 BGP-VPN instance view. |
ipv6-family [ vpn-instance vpn-instance-name ] |
N/A |
|
4. Configure preference values for IPv6 BGP external, internal, local routes. |
preference { external-preference internal-preference local-preference | route-policy route-policy-name } |
Optional. The default preference values of external, internal, and local routes are 255, 255, and 130. |
|
5. Configure the default local preference. |
default local-preference value |
Optional. The value defaults to 100. |
|
6. Advertise routes to an IPv6 peer or peer group with the local router as the next hop. |
peer { group-name | ipv6-address } next-hop-local |
By default, IPv6 BGP specifies the local router as the next hop for routes sent to an IPv6 EBGP peer or peer group, but does not change the next hop for routes sent to an IPv6 IBGP peer or peer group. The IPv6 BGP-VPN instance view does not support this command. |
Configuring the MED attribute
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view or IPv6 BGP-VPN instance view. |
ipv6-family [ vpn-instance vpn-instance-name ] |
N/A |
|
4. Configure a default MED value. |
default med med-value |
Optional. 0 by default. |
|
5. Enable the comparison of MED for routes from different EBGP peers. |
compare-different-as-med |
Optional. Not enabled by default. The IPv6 BGP-VPN instance view does not support this command. |
|
6. Enable the comparison of MED for routes from each AS. |
bestroute compare-med |
Optional. Disabled by default. The IPv6 BGP-VPN instance view does not support this command. |
|
7. Enable the comparison of MED for routes from confederation peers. |
bestroute med-confederation |
Optional. Disabled by default. The IPv6 BGP-VPN instance view does not support this command. |
Configuring the AS_PATH attribute
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view. |
ipv6-family |
N/A |
|
4. Allow the local AS number to appear in AS_PATH of routes from a peer or peer group and specify the repeat times. |
peer { group-name | ipv6-address } allow-as-loop [ number ] |
Optional. Not allowed by default. |
|
5. Specify a fake AS number for an IPv6 peer or peer group. |
peer { group-name | ipv6-address } fake-as as-number |
Optional. Not specified by default. |
|
6. Disable IPv6 MBGP from considering the AS_PATH during best route selection. |
bestroute as-path-neglect |
Optional. Enabled by default. |
|
7. Configure to carry only the public AS number in updates sent to a peer or peer group. |
peer { group-name | ipv6-address } public-as-only |
Optional. By default, IPv6 BGP updates carry private AS number. |
|
8. Substitute the local AS number for the AS number of an IPv6 peer or peer group identified in the AS_PATH attribute. |
peer { group-name | ipv6-address } substitute-as |
Optional. Not substituted by default. |
Tuning and optimizing IPv6 BGP networks
This section describes configurations of IPv6 BGP timers, IPv6 BGP connection soft reset, and the maximum number of load balanced routes.
· IPv6 BGP timers
After establishing an IPv6 BGP connection, two routers send keepalive messages periodically to each other to maintain the connection. If a router receives no keepalive message from the peer after the holdtime elapses, it tears down the connection.
When establishing an IPv6 BGP connection, the two parties compare their holdtimes, taking the shorter one as the common holdtime. If the holdtime is 0, neither keepalive message is sent, nor holdtime is checked.
· IPv6 BGP connection soft reset
After modifying a route selection policy, reset IPv6 BGP connections to make the new one take effect. The current IPv6 BGP implementation supports the route-refresh feature that enables dynamic route refresh without needing to disconnect IPv6 BGP links.
After this feature is enabled on all IPv6 BGP routers, a router that wants to apply a new route selection policy advertises a route-refresh message to its peers, which then send their routing information to the router. After receiving the routing information, the router can perform dynamic route update by using the new policy without tearing down connections.
If a peer not supporting route-refresh exists in the network, configure the peer keep-all-routes command to save all routes from the peer. When the routing policy is changed, the system will update the IPv6 BGP routing table and apply the new policy.
Configuration prerequisites
Before you configure IPv6 BGP timers, complete the following tasks:
· Enable IPv6.
· Configure IPv6 BGP basic functions.
Configuring IPv6 BGP timers
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Configure IPv6 BGP timers. |
· Specify keepalive interval and holdtime: · Configure keepalive interval and holdtime for
an IPv6 peer or peer group: |
Optional. By default: · The keepalive interval is 60 seconds. · The holdtime is 180 seconds. The holdtime interval must be at least three times the keepalive interval. Timers configured by using the timer command have lower priority than timers configured by using the peer timer command. |
|
4. Configure the interval for sending the same update to an IPv6 peer or peer group. |
peer { group-name | ipv6-address } route-update-interval interval |
Optional. The interval for sending the same update to an IBGP peer or an EBGP peer defaults to 15 seconds or 30 seconds. |
Configuring IPv6 BGP soft reset
Enabling route refresh
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view. |
ipv6-family |
N/A |
|
4. Enable route refresh. |
peer { group-name | ipv6-address } capability-advertise route-refresh |
Optional. Enabled by default. |
Performing manual soft-reset
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view |
ipv6-family |
N/A |
|
4. Save all routes from an IPv6 peer or peer group, not letting them go through the inbound policy. |
peer { group-name | ipv6-address } keep-all-routes |
Optional. Not saved by default. If the peer keep-all-routes command is used, all routes from the peer or peer group are saved regardless of whether the filtering policy is available. These routes will be used to generate IPv6 BGP routes after soft-reset is performed. |
|
5. Return to user view. |
Return |
N/A |
|
6. Soft-reset BGP connections manually. |
refresh bgp ipv6 { all | ipv6-address | group group-name | external | internal } { export | import } |
N/A |
Enabling the IPv6 BGP ORF capability
The BGP Outbound Route Filter (ORF) feature allows a BGP speaker to send its BGP peer a set of ORFs through route-refresh messages. The peer then applies the ORFs, in addition to its local routing policies (if any), to filter updates to the BGP speaker, reducing the number of exchanged update messages and saving network resources.
After you enable the BGP ORF capability, the local BGP router negotiates the ORF capability with the BGP peer through Open messages. The local BGP router determines whether to carry ORF information in messages. If yes, it will further determine whether to carry non-standard ORF information in the packets. After completing the negotiation process and establishing the neighboring relationship, the BGP router and its BGP peer can exchange ORF information through specific route-refresh messages.
For the parameters configured on both sides for ORF capability negotiation, see Table 1.
To enable the BGP ORF capability:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view. |
ipv6-family |
N/A |
|
4. Enable BGP route refresh for a peer or peer group. |
peer { group-name | ipv6-address } capability-advertise route-refresh |
Enabled by default. |
|
5. Enable the non-standard ORF capability for a BGP peer or peer group. |
peer { group-name | ipv6-address } capability-advertise orf non-standard |
Optional. By default, standard BGP ORF capability defined in RFC 5291 and RFC 5292 is supported. |
|
6. Enable the ORF IP prefix negotiation capability for a BGP peer or peer group. |
peer { group-name | ip-address | ipv6-address } capability-advertise orf ipv6-prefix { both | receive | send } |
Not supported by default. |
Table 1 Description of the both, send, and receive parameters and the negotiation result
|
Local parameter |
Peer parameter |
Negotiation result |
|
send |
· receive · both |
The ORF sending capability is enabled locally and the ORF receiving capability is enabled on the peer. |
|
receive |
· send · both |
The ORF receiving capability is enabled locally and the ORF sending capability is enabled on the peer. |
|
both |
both |
Both the ORF sending and receiving capabilities are enabled locally and on the peer. |
Enabling 4-byte AS number suppression
When a device that supports 4-byte AS numbers sends an Open message for peer relationship establishment, the Optional parameters field of the message indicates that the AS number occupies four bytes—in the range of 1 to 4294967295. If the peer device does not support 4-byte AS numbers (for examples, it supports only 2-byte AS numbers), the peer relationship cannot be established.
After you enable the 4-byte AS number suppression function, the peer device can then process the Open message even though it does not support 4-byte AS numbers, and the IPv6 BGP peer relationship can be established.
If the peer device supports 4-byte AS numbers, do not enable the 4-byte AS number suppression function; otherwise, the BGP peer relationship cannot be established.
To enable 4-byte AS number suppression:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view or IPv6 BGP-VPN instance view. |
ipv6-family [ vpn-instance vpn-instance-name ] |
N/A |
|
4. Enable 4-byte AS number suppression. |
peer { group-name | ipv6-address } capability-advertise suppress-4-byte-as |
Disabled by default. The IPv6 BGP-VPN instance view does not support the group-name argument. |
Configuring the maximum number of ECMP routes
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view or IPv6 BGP-VPN instance view. |
ipv6-family [ vpn-instance vpn-instance-name ] |
N/A |
|
4. Configure the maximum number of ECMP routes. |
balance number |
By default, no load balancing is enabled. |
Enabling MD5 authentication for TCP connections
IPv6 BGP employs TCP as the transport protocol. To enhance security, configure IPv6 BGP to perform MD5 authentication when establishing a TCP connection. If the authentication fails, no TCP connection can be established.
The MD5 authentication for establishing TCP connections does not apply to BGP packets.
The MD5 authentication requires that the two parties have the same authentication mode and password to establish a TCP connection; otherwise, no TCP connection can be established due to authentication failure.
To enable MD5 authentication for TCP connections:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view or IPv6 BGP-VPN instance view. |
ipv6-family [ vpn-instance vpn-instance-name ] |
N/A |
|
4. Enable MD5 authentication when establishing a TCP connection to the peer or peer group. |
peer { group-name | ipv6-address } password { cipher | simple } password |
Not enabled by default. The IPv6 BGP-VPN instance view does not support the group-name argument. |
Applying an IPsec policy to an IPv6 BGP peer or peer group
To protect routing information and defend attacks, IPv6 BGP can authenticate protocol packets by using an IPsec policy.
Outbound IPv6 BGP packets carry the Security Parameter Index (SPI) defined in the IPsec policy. A device uses the SPI carried in a received packet to match against the configured IPsec policy. If they match, the device accepts the packet; otherwise, it discards the packet and will not establish a neighbor relationship with the sending device.
Configuration prerequisites
Before you apply an IPsec policy to a peer or peer group, complete following tasks:
· Create an IPsec proposal.
· Create an IPsec policy.
For more information about IPsec policy configuration, see Security Configuration Guide.
Configuration procedure
To apply an IPsec policy to a peer or peer group
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view. |
ipv6-family |
N/A |
|
4. Apply an IPsec policy to a peer or peer group. |
peer { group-name | ip-address } ipsec-policy policy-name |
Not configured by default. An IPsec policy used for IPv6 BGP can be only in manual mode. For more information, see Security Configuration Guide. |
Configuring a large scale IPv6 BGP network
In a large-scale IPv6 BGP network, configuration and maintenance become inconvenient because of too many peers. Configuring peer groups makes management easier and improves route distribution efficiency. Peer groups include IBGP peer groups, where peers belong to the same AS, and EBGP peer groups, where peers belong to different ASs. If peers in an EBGP group belong to the same external AS, the EBGP peer group is a pure EBGP peer group, and if not, a mixed EBGP peer group.
In a peer group, all members have a common policy. Using the community attribute can make a set of IPv6 BGP routers in multiple ASs have the same policy, because community sending between IPv6 BGP peers is not limited by AS.
To ensure connectivity between IBGP peers, make them fully meshed, but it becomes impractical when too many IBGP peers exist. Using route reflectors or confederation can solve this issue. In a large-scale AS, both of them can be used.
Confederation configuration of IPv6 BGP is identical to that of BGP4, so it is not mentioned here.
Configuration prerequisites
Before you configure a large-scale IPv6 BGP network, complete the following tasks:
· Make peer nodes accessible to each other at the network layer.
· Enable BGP and configure a router ID.
Configuring IPv6 BGP peer group
Configuring an IBGP peer group
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view. |
ipv6-family |
N/A |
|
4. Create an IBGP peer group. |
group group-name [ internal ] |
N/A |
|
5. Add a peer into the group. |
peer ipv6-address group group-name [ as-number as-number ] |
Not added by default. |
Creating a pure EBGP peer group
To create a pure EBGP peer group, you must specify an AS number for the peer group.
If a peer was added into an EBGP peer group, you cannot specify any AS number for the peer group.
To create a pure EBGP peer group:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view. |
ipv6-family |
N/A |
|
4. Create an EBGP peer group. |
group group-name external |
N/A |
|
5. Configure the AS number for the peer group. |
peer group-name as-number as-number |
Not configured by default. |
|
6. Add an IPv6 peer into the peer group. |
peer ipv6-address group group-name |
Not added by default. |
Creating a mixed EBGP peer group
When creating a mixed EBGP peer group, you must create a peer and specify its AS number, which can be different from AS numbers of other peers; however, you cannot specify an AS number for the EBGP peer group.
To create a mixed EBGP peer group:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view. |
ipv6-family |
N/A |
|
4. Create an EBGP peer group. |
group group-name external |
N/A |
|
5. Specify the AS number of an IPv6 peer. |
peer ipv6-address as-number as-number |
Not specified by default. |
|
6. Add the IPv6 peer into the peer group. |
peer ipv6-address group group-name |
Not added by default. |
Configuring IPv6 BGP community
When you configure IPv6 BGP community, you must configure a routing policy to define the community attribute, and apply the routing policy to route advertisement. For routing policy configuration, see "Configuring routing policies."
Advertising community attribute to an IPv6 peer or peer group
|
Command |
Remarks |
|
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view or IPv6 BGP-VPN instance view. |
ipv6-family [ vpn-instance vpn-instance-name ] |
N/A |
|
4. Advertise community attribute to an IPv6 peer or peer group. |
peer { group-name | ipv6-address } advertise-community |
Not advertised by default. The IPv6 BGP-VPN instance view does not support the group-name argument. |
|
5. Advertise extended community attribute to an IPv6 peer or peer group. |
peer { group-name | ipv6-address } advertise-ext-community |
Not advertised by default. The IPv6 BGP-VPN instance view does not support this command. |
Applying a routing policy to routes advertised to a peer or peer group
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view. |
ipv6-family |
N/A |
|
4. Apply a routing policy to routes advertised to an IPv6 peer or peer group. |
peer { group-name | ipv6-address } route-policy route-policy-name export |
Not applied by default. |
Configuring an IPv6 BGP route reflector
Follow these guidelines when you configure an IPv6 BGP route reflector:
· In general, because the route reflector forwards routing information between clients, you are not required to make clients of a route reflector fully meshed. If clients are fully meshed, H3C recommends that you disable route reflection between clients to reduce routing costs.
· If a cluster has multiple route reflectors, you must specify the same cluster ID for these route reflectors to avoid routing loops.
To configure an IPv6 BGP route reflector:
|
Command |
Remarks |
|
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter IPv6 address family view. |
ipv6-family |
N/A |
|
4. Configure the router as a route reflector and specify an IPv6 peer or peer group as a client. |
peer { group-name | ipv6-address } reflect-client |
Not configured by default. |
|
5. Enable route reflection between clients. |
reflect between-clients |
Enabled by default. |
|
6. Configure the cluster ID of the route reflector. |
reflector cluster-id cluster-id |
By default, a route reflector uses its router ID as the cluster ID. |
Configuring 6PE
IPv6 provider edge (6PE) is a transition technology with which Internet service providers (ISPs) can use existing IPv4 backbone networks to provide access capability for sparsely populated IPv6 networks, allowing customer edge (CE) routers in these isolated IPv6 networks to communicate with IPv4 PE routers.
Work mechanism of 6PE:
IPv6 routing information from users is converted into IPv6 routing information with labels and then flooded into IPv4 backbone networks of ISPs through BGP sessions. When IPv6 packets are forwarded, they are labeled when entering tunnels of backbone networks. The tunnels can be GRE tunnels or MPLS LSPs.
IGPs running on ISP networks can be OSPF or IS-IS. IPv6 static routing, IPv6 IGP, or IPv6 EBGP can be used between CE and 6PE.
Figure 1 Network diagram
|
|
NOTE: The P (Provider) router in the above figure refers to a backbone router in the network of a service provider. P is not directly connected with a CE, and is required to have the basic MPLS capability. |
When an ISP wants to utilize the existing IPv4/MPLS network to provide IPv6 traffic switching capability, only the PE routers must be upgraded. Therefore, it is a highly efficient solution. Furthermore, the operation risk of the 6PE technology is very low.
Configuration prerequisites
Before you configure 6PE, complete the following tasks:
· Configure the MPLS basic capability for the IPv4 MPLS backbone. For more information, see MPLS Configuration Guide.
· Configure the IPv6 BGP peer on the PE devices. For more information, see "Configuring BGP."
· If a peer group is to be specified, create the peer group beforehand in BGP view.
Configuring basic 6PE capabilities
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Specify the AS number for the 6PE peer or peer group. |
peer { ipv4-group-name | ipv4-address } as-number as-number |
Not specified by default. |
|
4. Enter IPv6 address family view. |
ipv6-family |
N/A |
|
5. Enable the 6PE peer or peer group. |
peer { ipv4-group-name | ipv4-address | ipv6-address } enable |
Not enabled by default. |
|
6. Enable the router to exchange labeled IPv6 routes with the 6PE peer or peer group. |
peer { ipv4-group-name | ipv4-address } label-route-capability |
Not enabled by default. |
Configuring optional 6PE capabilities
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Specify the AS number for the 6PE peer or peer group. |
peer { ipv4-group-name | ipv4-address } as-number as-number |
Not specified by default. |
|
4. Enter IPv6 address family view. |
ipv6-family |
N/A |
|
5. Enable the 6PE peer or peer group. |
peer { ipv4-group-name | ipv4-address | ipv6-address } enable |
Not enabled by default. |
|
6. Advertise community attribute to the 6PE peer or peer group. |
peer { group-name | ipv4-address } advertise-community |
Optional. Not advertised by default. |
|
7. Advertise extended community attribute to the 6PE peer or peer group. |
peer { group-name | ipv4-address } advertise-ext-community |
Optional. Not advertised by default. |
|
8. Allow the local AS number to appear in routes from the peer or peer group and specify the repeat times. |
peer { group-name | ipv4-address } allow-as-loop [ number ] |
Optional. Not allowed by default. |
|
9. Specify an AS path ACL to filter routes from or to the 6PE peer or peer group. |
peer { group-name | ipv4-address } as-path-acl as-path-acl-number { import | export } |
Optional. Not configured by default. |
|
10. Advertise a default route to the 6PE peer or peer group. |
peer { group-name | ipv4-address } default-route-advertise [ route-policy route-policy-name ] |
Optional. Not advertised by default. |
|
11. Configure an inbound or outbound IPv6 ACL based filtering policy for the 6PE peer or peer group. |
peer { group-name | ipv4-address } filter-policy acl6-number { import | export } |
Optional. Not configured by default. |
|
12. Add an 6PE peer to an existing peer group. |
peer ipv4-address group group-name [ as-number as-number ] |
Optional. Not added by default. |
|
13. Configure an inbound or outbound IPv6 prefix list based filtering policy for the 6PE peer or peer group. |
peer { group-name | ipv4-address } ipv6-prefix ipv6-prefix-name { import | export } |
Optional. Not configured by default. |
|
14. Keep all routes from the 6PE peer or peer group, including routes not passing the inbound filtering policy. |
peer { group-name | ipv4-address } keep-all-routes |
Optional. Not kept by default. |
|
15. Configure the device as a route reflector and the 6PE peer or peer group as a client. |
peer { group-name | ipv4-address } reflect-client |
Optional. Not configured by default. |
|
16. Configure an upper limit of IPv6 address prefixes that can be received from the 6PE peer or peer group. |
peer { group-name | ipv4-address } route-limit limit [ percentage ] |
Optional. No limitation by default. |
|
17. Apply a routing policy to routes outgoing or incoming from the 6PE peer or peer group. |
peer { group-name | ipv4-address } route-policy route-policy-name { import | export } |
Optional. Not applied by default. |
|
18. Display information about the 6PE peer or peer group. |
display bgp ipv6 peer [ group-name log-info | ipv4-address verbose ] [ | { begin | exclude | include } regular-expression ] |
Optional. Available in any view. |
|
19. Display routes from or to the 6PE peer or peer group. |
display bgp ipv6 routing-table peer ipv4-address { advertised-routes | received-routes } [ network-address prefix-length | statistic ] [ | { begin | exclude | include } regular-expression ] |
Optional. Available in any view. |
|
20. Perform soft reset on the inbound or outbound BGP 6PE connection. |
refresh bgp ipv6 ipv4-address { export | import } |
Optional. Available in user view. |
|
21. Reset a BGP 6PE connection. |
reset bgp ipv6 ipv4-address |
Optional. Available in user view. |
Configuring BFD for IPv6 BGP
IPv6 BGP maintains neighbor relationships based on the keepalive timer and holdtime timer, which are set in seconds. IPv6 BGP defines that the holdtime interval must be at least three times the keepalive interval. This mechanism makes the detection of a link failure rather slow and thus causes a large quantity of packets to be dropped especially when the failed link is a high-speed link. You can enable BFD to detect the link to a peer. BFD can quickly detect any link failure and thus reduce network convergence time.
After a link failure occurs, BFD might detect the failure before the system performs GR and as a result, GR will fail. Therefore, if GR capability is enabled for IPv6 BGP, use BFD with caution. For more information about BFD, see High Availability Configuration Guide.
|
|
IMPORTANT: Before configuring BFD for IPv6 BGP, you must enable BGP. |
To enable BFD for a BGP peer:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enable BGP and enter BGP view. |
bgp as-number |
Not enabled by default. |
|
3. Enter IPv6 address family view or IPv6 BGP-VPN instance view. |
ipv6-family [ vpn-instance vpn-instance-name ] |
N/A |
|
4. Enable BFD for the specified BGP peer. |
peer ipv6-address bfd |
Not enabled for any BGP peer by default. |
Displaying and maintaining IPv6 BGP
Displaying BGP
Resetting IPv6 BGP connections
|
Task |
Command |
Remarks |
|
Perform soft reset on IPv6 BGP connections. |
refresh bgp ipv6 { ipv4-address | ipv6-address | all | external | group group-name | internal } { export | import } |
Available in user view. |
|
Reset IPv6 BGP connections. |
reset bgp ipv6 { as-number | ipv4-address | ipv6-address | all | external | group group-name | internal } |
Available in user view. |
Clearing IPv6 BGP information
|
Task |
Command |
Remarks |
|
Clear dampened IPv6 BGP routing information and release suppressed routes. |
reset bgp ipv6 dampening [ ipv6-address prefix-length ] |
Available in user view. |
|
Clear IPv6 BGP route flap information. |
reset bgp ipv6 flap-info [ ipv6-address/prefix-length | as-path-acl as-path-acl-number | regexp as-path-regexp ] reset bgp ipv6 peer-ipv6-address flap-info |
Available in user view. |
IPv6 BGP configuration examples
|
|
IMPORTANT: By default, Ethernet, VLAN, and aggregate interfaces are down. Before configuring these interfaces, bring them up by using the undo shutdown command. |
Some examples for IPv6 BGP configuration are similar to those of BGP4. For more information, see "Configuring BGP."
Basic IPv6 BGP configuration
Network requirements
All switches in Figure 2 run IPv6 BGP. Between Switch A and Switch B is an EBGP connection. Switch B, Switch C, and Switch D are fully meshed through IBGP connections.
Configuration procedure
1. Configure IPv6 addresses for interfaces. (Details not shown.)
2. Configure IBGP connections:
# Configure Switch B.
<SwitchB> system-view
[SwitchB] ipv6
[SwitchB] bgp 65009
[SwitchB-bgp] router-id 2.2.2.2
[SwitchB-bgp] ipv6-family
[SwitchB-bgp-af-ipv6] peer 9:1::2 as-number 65009
[SwitchB-bgp-af-ipv6] peer 9:3::2 as-number 65009
[SwitchB-bgp-af-ipv6] quit
[SwitchB-bgp] quit
# Configure Switch C.
<SwitchC> system-view
[SwitchC] ipv6
[SwitchC] bgp 65009
[SwitchC-bgp] router-id 3.3.3.3
[SwitchC-bgp] ipv6-family
[SwitchC-bgp-af-ipv6] peer 9:3::1 as-number 65009
[SwitchC-bgp-af-ipv6] peer 9:2::2 as-number 65009
[SwitchC-bgp-af-ipv6] quit
[SwitchC-bgp] quit
# Configure Switch D.
<SwitchD> system-view
[SwitchD] ipv6
[SwitchD] bgp 65009
[SwitchD-bgp] router-id 4.4.4.4
[SwitchD-bgp] ipv6-family
[SwitchD-bgp-af-ipv6] peer 9:1::1 as-number 65009
[SwitchD-bgp-af-ipv6] peer 9:2::1 as-number 65009
[SwitchD-bgp-af-ipv6] quit
[SwitchD-bgp] quit
3. Configure the EBGP connection:
# Configure Switch A.
<SwitchA> system-view
[SwitchA] ipv6
[SwitchA] bgp 65008
[SwitchA-bgp] router-id 1.1.1.1
[SwitchA-bgp] ipv6-family
[SwitchA-bgp-af-ipv6] peer 10::1 as-number 65009
[SwitchA-bgp-af-ipv6] quit
[SwitchA-bgp] quit
# Configure Switch B.
[SwitchB] bgp 65009
[SwitchB-bgp] ipv6-family
[SwitchB-bgp-af-ipv6] peer 10::2 as-number 65008
# Display IPv6 peer information on Switch B.
[SwitchB] display bgp ipv6 peer
BGP local router ID : 2.2.2.2
Local AS number : 65009
Total number of peers : 3 Peers in established state : 3
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
10::2 65008 3 3 0 0 00:01:16 Established
9:3::2 65009 2 3 0 0 00:00:40 Established
9:1::2 65009 2 4 0 0 00:00:19 Established
# Display IPv6 peer information on Switch C.
[SwitchC] display bgp ipv6 peer
BGP local router ID : 3.3.3.3
Local AS number : 65009
Total number of peers : 2 Peers in established state : 2
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
9:3::1 65009 4 4 0 0 00:02:18 Established
9:2::2 65009 4 5 0 0 00:01:52 Established
Switch A and Switch B have established an EBGP connection; Switch B, C, and D have established IBGP connections with each other.
IPv6 BGP route reflector configuration
Network requirements
In Figure 3, Switch B receives an EBGP update and sends it to Switch C, which is configured as a route reflector with two clients: Switch B and Switch D.
Switch B and Switch D need not establish an IBGP connection because Switch C reflects updates between them.
Configuration procedure
1. Configure IPv6 addresses for VLAN interfaces. (Details not shown.)
2. Configure basic IPv6 BGP:
# Configure Switch A.
<SwitchA> system-view
[SwitchA] ipv6
[SwitchA] bgp 100
[SwitchA-bgp] router-id 1.1.1.1
[SwitchA-bgp] ipv6-family
[SwitchA-bgp-af-ipv6] peer 100::2 as-number 200
[SwitchA-bgp-af-ipv6] network 1:: 64
#Configure Switch B.
<SwitchB> system-view
[SwitchB] ipv6
[SwitchB] bgp 200
[SwitchB-bgp] router-id 2.2.2.2
[SwitchB-bgp] ipv6-family
[SwitchB-bgp-af-ipv6] peer 100::1 as-number 100
[SwitchB-bgp-af-ipv6] peer 101::1 as-number 200
[SwitchB-bgp-af-ipv6] peer 101::1 next-hop-local
# Configure Switch C.
<SwitchC> system-view
[SwitchC] ipv6
[SwitchC] bgp 200
[SwitchC-bgp] router-id 3.3.3.3
[SwitchC-bgp] ipv6-family
[SwitchC-bgp-af-ipv6] peer 101::2 as-number 200
[SwitchC-bgp-af-ipv6] peer 102::2 as-number 200
# Configure Switch D.
<SwitchD> system-view
[SwitchD] ipv6
[SwitchD] bgp 200
[SwitchD-bgp] router-id 4.4.4.4
[SwitchD-bgp] ipv6-family
[SwitchD-bgp-af-ipv6] peer 102::1 as-number 200
3. Configure Switch C as a route reflector, and configure Switch B and Switch D as its clients.
[SwitchC-bgp-af-ipv6] peer 101::2 reflect-client
[SwitchC-bgp-af-ipv6] peer 102::2 reflect-client
4. Verify the configuration.
Execute the display bgp ipv6 routing-table command on Switch B and Switch D. Both of them have learned the network 1::/64.
IPv6 BGP IPsec policy configuration
Network requirements
In Figure 4, configure IPv6 BGP on the switches. Switches A and B establish an IBGP relationship. Switches B and C establish an EBGP relationship.
Configure IPsec policies on the switches to authenticate and encrypt protocol packets.
Configuration procedure
1. Configure IP addresses for interfaces. (Details not shown.)
2. Configure the IBGP connection:
# Configure Switch A.
<SwitchA> system-view
[SwitchA] ipv6
[SwitchA] bgp 65008
[SwitchA-bgp] router-id 1.1.1.1
[SwitchA-bgp] ipv6-family
[SwitchA-bgp-af-ipv6] group ibgp internal
[SwitchA-bgp-af-ipv6] peer 1::2 group ibgp
[SwitchA-bgp-af-ipv6] quit
[SwitchA-bgp] quit
# Configure Switch B.
<SwitchB> system-view
[SwitchB] ipv6
[SwitchB] bgp 65008
[SwitchB-bgp] router-id 2.2.2.2
[SwitchB-bgp] ipv6-family
[SwitchB-bgp-af-ipv6] group ibgp internal
[SwitchB-bgp-af-ipv6] peer 1::1 group ibgp
[SwitchB-bgp-af-ipv6] quit
[SwitchB-bgp] quit
3. Configure the EBGP connection:
# Configure Switch C.
<SwitchC> system-view
[SwitchC] ipv6
[SwitchC] bgp 65009
[SwitchC-bgp] router-id 3.3.3.3
[SwitchC-bgp] ipv6-family
[SwitchC-bgp-af-ipv6] group ebgp external
[SwitchC-bgp-af-ipv6] peer 3::1 as-number 65008
[SwitchC-bgp-af-ipv6] peer 3::1 group ebgp
[SwitchC-bgp-af-ipv6] quit
[SwitchC-bgp] quit
# Configure Switch B.
[SwitchB-bgp] ipv6-family
[SwitchB-bgp-af-ipv6] group ebgp external
[SwitchB-bgp-af-ipv6] peer 3::2 as-number 65009
[SwitchB-bgp-af-ipv6] peer 3::2 group ebgp
[SwitchB-bgp-af-ipv6] quit
[SwitchB-bgp] quit
4. Configure IPsec policies:
# On Switch A, create an IPsec proposal named tran1, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1; create an IPsec policy named policy001, specify the manual mode for it, reference IPsec proposal tran1, set the SPIs of the inbound and outbound SAs to 12345, and the keys for the inbound and outbound SAs using ESP to abcdefg.
[SwitchA] ipsec proposal tran1
[SwitchA-ipsec-proposal-tran1] encapsulation-mode transport
[SwitchA-ipsec-proposal-tran1] transform esp
[SwitchA-ipsec-proposal-tran1] esp encryption-algorithm des
[SwitchA-ipsec-proposal-tran1] esp authentication-algorithm sha1
[SwitchA-ipsec-proposal-tran1] quit
[SwitchA] ipsec policy policy001 10 manual
[SwitchA-ipsec-policy-manual-policy001-10] proposal tran1
[SwitchA-ipsec-policy-manual-policy001-10] sa spi outbound esp 12345
[SwitchA-ipsec-policy-manual-policy001-10] sa spi inbound esp 12345
[SwitchA-ipsec-policy-manual-policy001-10] sa string-key outbound esp abcdefg
[SwitchA-ipsec-policy-manual-policy001-10] sa string-key inbound esp abcdefg
[SwitchA-ipsec-policy-manual-policy001-10] quit
# On Switch B, create an IPsec proposal named tran1, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1; create an IPsec policy named policy001, specify the manual mode for it, reference IPsec proposal tran1, set the SPIs of the inbound and outbound SAs to 12345, and the keys for the inbound and outbound SAs using ESP to abcdefg; create an IPsec proposal named tran2, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1; create an IPsec policy named policy002, specify the manual mode for it, reference IPsec proposal tran2, set the SPIs of the inbound and outbound SAs to 54321, and the keys for the inbound and outbound SAs using ESP to gfedcba.
[SwitchB] ipsec proposal tran1
[SwitchB-ipsec-proposal-tran1] encapsulation-mode transport
[SwitchB-ipsec-proposal-tran1] transform esp
[SwitchB-ipsec-proposal-tran1] esp encryption-algorithm des
[SwitchB-ipsec-proposal-tran1] esp authentication-algorithm sha1
[SwitchB-ipsec-proposal-tran1] quit
[SwitchB] ipsec policy policy001 10 manual
[SwitchB-ipsec-policy-manual-policy001-10] proposal tran1
[SwitchB-ipsec-policy-manual-policy001-10] sa spi outbound esp 12345
[SwitchB-ipsec-policy-manual-policy001-10] sa spi inbound esp 12345
[SwitchB-ipsec-policy-manual-policy001-10] sa string-key outbound esp abcdefg
[SwitchB-ipsec-policy-manual-policy001-10] sa string-key inbound esp abcdefg
[SwitchB-ipsec-policy-manual-policy001-10] quit
[SwitchB] ipsec proposal tran2
[SwitchB-ipsec-proposal-tran2] encapsulation-mode transport
[SwitchB-ipsec-proposal-tran2] transform esp
[SwitchB-ipsec-proposal-tran2] esp encryption-algorithm des
[SwitchB-ipsec-proposal-tran2] esp authentication-algorithm sha1
[SwitchB-ipsec-proposal-tran2] quit
[SwitchB] ipsec policy policy002 10 manual
[SwitchB-ipsec-policy-manual-policy002-10] proposal tran2
[SwitchB-ipsec-policy-manual-policy002-10] sa spi outbound esp 54321
[SwitchB-ipsec-policy-manual-policy002-10] sa spi inbound esp 54321
[SwitchB-ipsec-policy-manual-policy002-10] sa string-key outbound esp gfedcba
[SwitchB-ipsec-policy-manual-policy002-10] sa string-key inbound esp gfedcba
[SwitchB-ipsec-policy-manual-policy002-10] quit
# On Switch C, create an IPsec proposal named tran2, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1; create an IPsec policy named policy002, specify the manual mode for it, reference IPsec proposal tran2, set the SPIs of the inbound and outbound SAs to 54321, and the keys for the inbound and outbound SAs using ESP to gfedcba.
[SwitchC] ipsec proposal tran2
[SwitchC-ipsec-proposal-tran2] encapsulation-mode transport
[SwitchC-ipsec-proposal-tran2] transform esp
[SwitchC-ipsec-proposal-tran2] esp encryption-algorithm des
[SwitchC-ipsec-proposal-tran2] esp authentication-algorithm sha1
[SwitchC-ipsec-proposal-tran2] quit
[SwitchC] ipsec policy policy002 10 manual
[SwitchC-ipsec-policy-manual-policy002-10] proposal tran2
[SwitchC-ipsec-policy-manual-policy002-10] sa spi outbound esp 54321
[SwitchC-ipsec-policy-manual-policy002-10] sa spi inbound esp 54321
[SwitchC-ipsec-policy-manual-policy002-10] sa string-key outbound esp gfedcba
[SwitchC-ipsec-policy-manual-policy002-10] sa string-key inbound esp gfedcba
[SwitchC-ipsec-policy-manual-policy002-10] quit
5. Apply IPsec policies to IBGP peers:
# Configure Switch A.
[SwitchA] bgp 65008
[SwitchA-bgp] ipv6-family
[SwitchA-bgp-af-ipv6] peer 1::2 ipsec-policy policy001
[SwitchA-bgp-af-ipv6] quit
[SwitchA-bgp] quit
# Configure Switch B.
[SwitchB] bgp 65008
[SwitchB-bgp] ipv6-family
[SwitchB-bgp-af-ipv6] peer 1::1 ipsec-policy policy001
[SwitchB-bgp-af-ipv6] quit
[SwitchB-bgp] quit
6. Apply IPsec policies to EBGP peers:
# Configure Switch C.
[SwitchC] bgp 65009
[SwitchC-bgp] ipv6-family
[SwitchC-bgp-af-ipv6] peer ebgp ipsec-policy policy002
[SwitchC-bgp-af-ipv6] quit
[SwitchC-bgp] quit
# Configure Switch B.
[SwitchB] bgp 65008
[SwitchB-bgp] ipv6-family
[SwitchB-bgp-af-ipv6] peer ebgp ipsec-policy policy002
[SwitchB-bgp-af-ipv6] quit
[SwitchB-bgp] quit
7. Verify the configuration:
# Display detailed IPv6 BGP peer information.
[SwitchB] display bgp ipv6 peer verbose
BGP Peer is 1::1, remote AS 65008,
Type: IBGP link
BGP version 4, remote router ID 1.1.1.1
BGP current state: Established, Up for 00h01m51s
BGP current event: RecvKeepalive
BGP last state: OpenConfirm
Port: Local – 1029 Remote - 179
Configured: Active Hold Time: 180 sec Keepalive Time: 60 sec
Received : Active Hold Time: 180 sec
Negotiated: Active Hold Time: 180 sec
Peer optional capabilities:
Peer support bgp multi-protocol extended
Peer support bgp route refresh capability
Address family IPv4 Unicast: advertised and received
Received: Total 0 messages, Update messages 0
Sent: Total 0 messages, Update messages 0
Maximum allowed prefix number: 4294967295
Threshold: 75%
Minimum time between advertisement runs is 30 seconds
Optional capabilities:
Route refresh capability has been enabled
ORF advertise capability based on prefix (type 64):
Local: both
Negotiated: send
Peer Preferred Value: 0
IPsec policy name: policy001, SPI :12345
Routing policy configured:
No routing policy is configured
BGP Peer is 3::2, remote AS 65009,
Type: EBGP link
BGP version 4, remote router ID 3.3.3.3
BGP current state: Established, Up for 00h01m51s
BGP current event: RecvKeepalive
BGP last state: OpenConfirm
Port: Local – 1029 Remote - 179
Configured: Active Hold Time: 180 sec Keepalive Time: 60 sec
Received : Active Hold Time: 180 sec
Negotiated: Active Hold Time: 180 sec
Peer optional capabilities:
Peer support bgp multi-protocol extended
Peer support bgp route refresh capability
Address family IPv4 Unicast: advertised and received
Received: Total 0 messages, Update messages 0
Sent: Total 0 messages, Update messages 0
Maximum allowed prefix number: 4294967295
Threshold: 75%
Minimum time between advertisement runs is 30 seconds
Optional capabilities:
Route refresh capability has been enabled
ORF advertise capability based on prefix (type 64):
Local: both
Negotiated: send
Peer Preferred Value: 0
IPsec policy name: policy002, SPI :54321
Routing policy configured:
No routing policy is configured
The output shows that both IBGP and EBGP neighbor relationships have been established and all protocol packets are protected by IPsec.
Configuring BFD for IPv6 BGP
Network requirements
As shown in Figure 5, configure OSPFv3 as the IGP in AS 200.
Establish two IBGP connections between Switch A and Switch C. When both links are working, Switch C adopts the link Switch A<—>Switch B<—>Switch C to exchange packets with network 1200::0/64. Configure BFD over the link. Then if the link fails, BFD can quickly detect the failure and notify it to IPv6 BGP. Then the link Switch A<—>Switch D<—>Switch C takes effect immediately.
|
Device |
Interface |
IP address |
Device |
Interface |
IP address |
|
Switch A |
Vlan-int100 |
3000::1/64 |
Switch C |
Vlan-int101 |
3001::3/64 |
|
|
Vlan-int200 |
2000::1/64 |
|
Vlan-int201 |
2001::3/64 |
|
Switch B |
Vlan-int100 |
3000::2/64 |
Switch D |
Vlan-int200 |
2000::2/64 |
|
|
Vlan-int101 |
3001::2/64 |
|
Vlan-int201 |
2001::2/64 |
Configuration procedure
1. Configure IP addresses for interfaces. (Details not shown.)
2. Configure OSPFv3 to make sure that Switch A and Switch C are reachable to each other. (Details not shown.)
3. Configure IPv6 BGP on Switch A:
# Establish two IBGP connections between Switch A and Switch C.
<SwitchA> system-view
[SwitchA] bgp 200
[SwitchA-bgp] ipv6-family
[SwitchA-bgp-af-ipv6] network 1200:: 64
[SwitchA-bgp-af-ipv6] peer 3001::3 as-number 200
[SwitchA-bgp-af-ipv6] peer 2001::3 as-number 200
[SwitchA-bgp-af-ipv6] quit
# When the two links between Switch A and Switch C are both up, Switch C adopts the link Switch A<—>Switch B<—>Switch C to exchange packets with network 1200::0/64. (Set a higher MED value for route 1200::0/64 sent to peer 2001::3 on Switch A.)
¡ Create IPv6 ACL 2000 to permit 1200::0/64 to pass.
[SwitchA] acl ipv6 number 2000
[SwitchA-acl6-basic-2000] rule permit source 1200::0 64
[SwitchA-acl6-basic-2000] quit
¡ Create two route policies, apply_med_50 and apply_med_100. Policy apply_med_50 sets the MED for route 1200::0/64 to 50. Policy apply_med_100 sets that to 100.
[SwitchA] route-policy apply_med_50 permit node 10
[SwitchA-route-policy] if-match ipv6 address acl 2000
[SwitchA-route-policy] apply cost 50
[SwitchA-route-policy] quit
[SwitchA] route-policy apply_med_100 permit node 10
[SwitchA-route-policy] if-match ipv6 address acl 2000
[SwitchA-route-policy] apply cost 100
[SwitchA-route-policy] quit
¡ Apply routing policy apply_med_50 to routes outgoing to peer 3001::3, and apply routing policy apply_med_100 to routes outgoing to peer 2001::3.
[SwitchA] bgp 200
[SwitchA-bgp] ipv6-family
[SwitchA-bgp-af-ipv6] network 1200:: 64
[SwitchA-bgp-af-ipv6] peer 3001::3 route-policy apply_med_50 export
[SwitchA-bgp-af-ipv6] peer 2001::3 route-policy apply_med_100 export
# Configure BFD over the link to peer 3001::3 so that when the link Switch A<—>Switch B<—>Switch C fails, BFD can quickly detect the failure and notify it to IPv6 BGP, and then the link Switch A<—>Switch D<—>Switch C takes effect immediately.
[SwitchA-bgp-af-ipv6] peer 3001::3 bfd
[SwitchA-bgp-af-ipv6] quit
[SwitchA-bgp] quit
4. Configure IPv6 BGP on Switch C.
<SwitchC> system-view
[SwitchC] bgp 200
[SwitchC-bgp] ipv6-family
[SwitchC-bgp-af-ipv6] peer 3000::1 as-number 200
[SwitchC-bgp-af-ipv6] peer 3000::1 bfd
[SwitchC-bgp-af-ipv6] peer 2000::1 as-number 200
[SwitchC-bgp-af-ipv6] quit
[SwitchC-bgp] quit
5. Configure BFD parameters (you can use default BFD parameters instead):
# Configure Switch A.
[SwitchA] bfd session init-mode active
[SwitchA] interface vlan-interface 100
¡ Configure the minimum interval for transmitting BFD control packets as 500 milliseconds.
[SwitchA-Vlan-interface100] bfd min-transmit-interval 500
¡ Configure the minimum interval for receiving BFD control packets as 500 milliseconds.
[SwitchA-Vlan-interface100] bfd min-receive-interval 500
¡ Configure the detect multiplier as 7.
[SwitchA-Vlan-interface100] bfd detect-multiplier 7
¡ Configure the BFD authentication mode as plain-text authentication, and set the authentication key to ibgpbfd.
[SwitchA-Vlan-interface100] bfd authentication-mode simple 1 ibgpbfd
[SwitchA-Vlan-interface100] quit
# Configure Switch C.
[SwitchC] bfd session init-mode active
[SwitchC] interface vlan-interface 101
¡ Configure the minimum interval for transmitting BFD control packets as 500 milliseconds.
[SwitchC-Vlan-interface101] bfd min-transmit-interval 500
¡ Configure the minimum interval for receiving BFD control packets as 500 milliseconds.
[SwitchC-Vlan-interface101] bfd min-receive-interval 500
¡ Configure the detect multiplier as 7.
[SwitchC-Vlan-interface101] bfd detect-multiplier 7
¡ Configure the BFD authentication mode as plain-text authentication, and set the authentication key to ibgpbfd.
[SwitchC-Vlan-interface101] bfd authentication-mode simple 1 ibgpbfd
[SwitchC-Vlan-interface101] return
6. Verify the configuration:
The following operations are made on Switch C. Operations on Switch A and Switch B are similar. (Details not shown.)
# Display detailed BFD session information.
<SwitchC> display bfd session verbose
Total session number: 1 Up session number: 1 Init mode: Active
IPv6 Session working under Ctrl mode:
Local Discr: 17 Remote Discr: 13
Source IP: 3001::3 Destination IP: 3000::1
Session State: Up Interface: Vlan-interface101
Min Trans Inter: 500ms Act Trans Inter: 500ms
Min Recv Inter: 500ms Act Detect Inter: 3000ms
Recv Pkt Num: 57 Send Pkt Num: 53
Running Up for: 00:00:06 Auth mode: Simple
Connect Type: Direct Board Num: 0
Protocol: BGP6
Diag Info: No Diagnostic
The output shows that a BFD session is established between Switch A's VLAN-interface 100 and Switch C's VLAN-interface 101 and that BFD runs correctly.
# Display IPv6 peer information on Switch C.
<SwitchC> display bgp ipv6 peer
BGP local router ID : 1.1.1.1
Local AS number : 200
Total number of peers : 2 Peers in established state : 2
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
2000::1 200 7 10 0 0 00:01:05 Established
3000::1 200 7 10 0 0 00:01:34 Established
The output shows that Switch A and Switch C have established the neighbor relationship.
# Display routes destined for 1200::0/64 on Switch C.
<SwitchC> display ipv6 routing-table 1200::0 64 verbose
Routing Table :
Summary Count : 2
Destination : 1200:: PrefixLength : 64
NextHop : 3000::1 Preference : 255
RelayNextHop : 3001::2 Tag : 0H
Neighbor : 3000::1 ProcessID : 0
Interface : Vlan-interface101 Protocol : BGP4+
State : Active Adv Cost : 50
Tunnel ID : 0x0 Label : NULL
Age : 4538sec
Destination : 1200:: PrefixLength : 64
NextHop : 2000::1 Preference : 255
RelayNextHop : 2001::2 Tag : 0H
Neighbor : 2000::1 ProcessID : 0
Interface : Vlan-interface201 Protocol : BGP4+
State : Invalid Adv Cost : 100
Tunnel ID : 0x0 Label : NULL
Age : 4515sec
The output shows that Switch A and Switch C communicate through Switch B, and Switch C has two routes to reach network 1200::0/64: Switch C<—>Switch B<—>Switch A, which is the currently active route; Switch C<—>Switch D<—>Switch A, which is the backup route. Then the link Switch C<—>Switch B<—>Switch A fails.
# Enable BFD debugging on Switch C.
<SwitchC> debugging bfd scm
<SwitchC> debugging bfd event
<SwitchC> debugging bgp bfd
<SwitchC> terminal monitor
<SwitchC> terminal debugging
%Nov 5 11:42:24:172 2009 SwitchC BFD/5/BFD_CHANGE_FSM: Sess[3001::3/3000::1, 13/17,VLAN101,Ctrl], Sta: UP->DOWN, Diag: 1
%Nov 5 11:42:24:172 2009 SwitchC BGP/5/BGP_STATE_CHANGED: 3000::1 state is changed from ESTABLISHED to IDLE.
*Nov 5 11:42:24:187 2009 SwitchC RM/6/RMDEBUG: BGP_BFD: Recv BFD DOWN msg, Src IP 3001::3, Dst IP 3000::1, Instance ID 0.
*Nov 5 11:42:24:187 2009 SwitchC RM/6/RMDEBUG: BGP_BFD: Reset BGP session 3000::1 for BFD session down.
*Nov 5 11:42:24:187 2009 SwitchC RM/6/RMDEBUG: BGP_BFD: Send DELETE msg to BFD, Connection type DIRECT, Src IP 3001::3, Dst IP 3000::1, Instance ID 0.
The output shows that Switch C can quickly detect the failure on Switch B.
# Display routes destined for 1200::0/64 on Switch C.
<SwitchC> display ipv6 routing-table 1200::0 64 verbose
Routing Table :
Summary Count : 1
Destination : 1200:: PrefixLength : 64
NextHop : 2000::1 Preference : 255
RelayNextHop : 2001::2 Tag : 0H
Neighbor : 2000::1 ProcessID : 0
Interface : Vlan-interface201 Protocol : BGP4+
State : Active Adv Cost : 100
Tunnel ID : 0x0 Label : NULL
Age : 4635sec
The output shows that Switch A and Switch C communicate through Switch D, and Switch C has one route to reach network 1200::0/64, that is, Switch C<—>Switch D<—>Switch A.
Troubleshooting IPv6 BGP configuration
IPv6 BGP peer relationship not established
Symptom
Display BGP peer information by using the display bgp ipv6 peer command. The state of the connection to the peer cannot become established.
Analysis
To become IPv6 BGP peers, any two routers must establish a TCP session using port 179 and exchange open messages successfully.
Solution
1. Use the display current-configuration configuration bgp command to verify that the peer's AS number is correct.
2. Use the display bgp ipv6 peer command to verify that the peer's IPv6 address is correct.
3. If a loopback interface is used, verify that the loopback interface is specified with the peer connect-interface command.
4. If the peer is not directly connected, verify that the peer ebgp-max-hop command is configured.
5. Verify that a valid route to the peer is available.
6. Use the ping command to test the connectivity to the peer.
7. Use the display tcp ipv6 status command to verify the TCP connection is normal.
8. Verify that no ACL is configured to disable TCP port 179.
