Configuration — IPv4 and Routing Avaya Secure Router …

Configuration — IPv4 and RoutingAvaya Secure Router 2330/4134

Release 10.3.5NN47263-502

Issue 04.03July 2013

© 2013 Avaya Inc.

All Rights Reserved.

Notice

While reasonable efforts have been made to ensure that theinformation in this document is complete and accurate at the time ofprinting, Avaya assumes no liability for any errors. Avaya reserves theright to make changes and corrections to the information in thisdocument without the obligation to notify any person or organization ofsuch changes.

Documentation disclaimer

“Documentation” means information published by Avaya in varyingmediums which may include product information, operating instructionsand performance specifications that Avaya generally makes availableto users of its products. Documentation does not include marketingmaterials. Avaya shall not be responsible for any modifications,additions, or deletions to the original published version ofdocumentation unless such modifications, additions, or deletions wereperformed by Avaya. End User agrees to indemnify and hold harmlessAvaya, Avaya's agents, servants and employees against all claims,lawsuits, demands and judgments arising out of, or in connection with,subsequent modifications, additions or deletions to this documentation,to the extent made by End User.

Link disclaimer

Avaya is not responsible for the contents or reliability of any linkedwebsites referenced within this site or documentation provided byAvaya. Avaya is not responsible for the accuracy of any information,statement or content provided on these sites and does not necessarilyendorse the products, services, or information described or offeredwithin them. Avaya does not guarantee that these links will work all thetime and has no control over the availability of the linked pages.

Warranty

Avaya provides a limited warranty on its hardware and Software(“Product(s)”). Refer to your sales agreement to establish the terms ofthe limited warranty. In addition, Avaya’s standard warranty language,as well as information regarding support for this Product while underwarranty is available to Avaya customers and other parties through theAvaya Support website: http://support.avaya.com. Please note that ifyou acquired the Product(s) from an authorized Avaya reseller outsideof the United States and Canada, the warranty is provided to you bysaid Avaya reseller and not by Avaya. “Software” means computerprograms in object code, provided by Avaya or an Avaya ChannelPartner, whether as stand-alone products or pre-installed on hardwareproducts, and any upgrades, updates, bug fixes, or modified versions.

Licenses

THE SOFTWARE LICENSE TERMS AVAILABLE ON THE AVAYAWEBSITE, HTTP://SUPPORT.AVAYA.COM/LICENSEINFO AREAPPLICABLE TO ANYONE WHO DOWNLOADS, USES AND/ORINSTALLS AVAYA SOFTWARE, PURCHASED FROM AVAYA INC.,ANY AVAYA AFFILIATE, OR AN AUTHORIZED AVAYA RESELLER(AS APPLICABLE) UNDER A COMMERCIAL AGREEMENT WITHAVAYA OR AN AUTHORIZED AVAYA RESELLER. UNLESSOTHERWISE AGREED TO BY AVAYA IN WRITING, AVAYA DOESNOT EXTEND THIS LICENSE IF THE SOFTWARE WAS OBTAINEDFROM ANYONE OTHER THAN AVAYA, AN AVAYA AFFILIATE ORAN AVAYA AUTHORIZED RESELLER; AVAYA RESERVES THERIGHT TO TAKE LEGAL ACTION AGAINST YOU AND ANYONEELSE USING OR SELLING THE SOFTWARE WITHOUT A LICENSE.BY INSTALLING, DOWNLOADING OR USING THE SOFTWARE, ORAUTHORIZING OTHERS TO DO SO, YOU, ON BEHALF OFYOURSELF AND THE ENTITY FOR WHOM YOU ARE INSTALLING,DOWNLOADING OR USING THE SOFTWARE (HEREINAFTERREFERRED TO INTERCHANGEABLY AS “YOU” AND “END USER”),AGREE TO THESE TERMS AND CONDITIONS AND CREATE ABINDING CONTRACT BETWEEN YOU AND AVAYA INC. OR THEAPPLICABLE AVAYA AFFILIATE (“AVAYA”).

Avaya grants you a license within the scope of the license typesdescribed below, with the exception of Heritage Nortel Software, forwhich the scope of the license is detailed below. Where the orderdocumentation does not expressly identify a license type, theapplicable license will be a Designated System License. The applicablenumber of licenses and units of capacity for which the license is grantedwill be one (1), unless a different number of licenses or units of capacityis specified in the documentation or other materials available to you.“Designated Processor” means a single stand-alone computing device.“Server” means a Designated Processor that hosts a softwareapplication to be accessed by multiple users.

Copyright

Except where expressly stated otherwise, no use should be made ofmaterials on this site, the Documentation, Software, or hardwareprovided by Avaya. All content on this site, the documentation and theProduct provided by Avaya including the selection, arrangement anddesign of the content is owned either by Avaya or its licensors and isprotected by copyright and other intellectual property laws including thesui generis rights relating to the protection of databases. You may notmodify, copy, reproduce, republish, upload, post, transmit or distributein any way any content, in whole or in part, including any code andsoftware unless expressly authorized by Avaya. Unauthorizedreproduction, transmission, dissemination, storage, and or use withoutthe express written consent of Avaya can be a criminal, as well as acivil offense under the applicable law.

Third Party Components

“Third Party Components” mean certain software programs or portionsthereof included in the Software that may contain software (includingopen source software) distributed under third party agreements (“ThirdParty Components”), which contain terms regarding the rights to usecertain portions of the Software (“Third Party Terms”). Informationregarding distributed Linux OS source code (for those Products thathave distributed Linux OS source code) and identifying the copyrightholders of the Third Party Components and the Third Party Terms thatapply is available in the Documentation or on Avaya’s website at: http://support.avaya.com/Copyright. You agree to the Third Party Terms forany such Third Party Components.

Note to Service Provider

The Product may use Third Party Components that have Third PartyTerms that do not allow hosting and may need to be independentlylicensed for such purpose.

Preventing Toll Fraud

“Toll Fraud” is the unauthorized use of your telecommunicationssystem by an unauthorized party (for example, a person who is not acorporate employee, agent, subcontractor, or is not working on yourcompany's behalf). Be aware that there can be a risk of Toll Fraudassociated with your system and that, if Toll Fraud occurs, it can resultin substantial additional charges for your telecommunications services.

Avaya Toll Fraud intervention

If you suspect that you are being victimized by Toll Fraud and you needtechnical assistance or support, call Technical Service Center TollFraud Intervention Hotline at +1-800-643-2353 for the United Statesand Canada. For additional support telephone numbers, see the AvayaSupport website: http://support.avaya.com. Suspected securityvulnerabilities with Avaya products should be reported to Avaya bysending mail to: [email protected].

Trademarks

The trademarks, logos and service marks (“Marks”) displayed in thissite, the Documentation and Product(s) provided by Avaya are theregistered or unregistered Marks of Avaya, its affiliates, or other thirdparties. Users are not permitted to use such Marks without prior writtenconsent from Avaya or such third party which may own the Mark.Nothing contained in this site, the Documentation and Product(s)should be construed as granting, by implication, estoppel, or otherwise,

2 Configuration — IPv4 and Routing July 2013Comments? [email protected]

http://support.avaya.com/

http://www.avaya.com/support/LicenseInfo

http://support.avaya.com/Copyright

http://support.avaya.com/Copyright

http://support.avaya.com

mailto:[email protected]?subject=Configuration — IPv4 and Routing

any license or right in and to the Marks without the express writtenpermission of Avaya or the applicable third party.

Avaya is a registered trademark of Avaya Inc.

All non-Avaya trademarks are the property of their respective owners.Linux® is the registered trademark of Linus Torvalds in the U.S. andother countries.

Downloading Documentation

For the most current versions of Documentation, see the AvayaSupport website: http://support.avaya.com.

Contact Avaya Support

See the Avaya Support website: http://support.avaya.com for productnotices and articles, or to report a problem with your Avaya product.For a list of support telephone numbers and contact addresses, go tothe Avaya Support website: http://support.avaya.com, scroll to thebottom of the page, and select Contact Avaya Support.

Configuration — IPv4 and Routing July 2013 3






Contents

Chapter 1: Introduction...................................................................................................... 15Purpose..................................................................................................................................................... 15Related resources..................................................................................................................................... 15

Documentation................................................................................................................................. 15Training............................................................................................................................................ 15Avaya Mentor videos........................................................................................................................ 15Support............................................................................................................................................. 16

Chapter 2: New in this release........................................................................................... 17Features.................................................................................................................................................... 17

IPSLA combined design feature....................................................................................................... 17Other changes........................................................................................................................................... 17

IPv4 ICMP rate limit.......................................................................................................................... 18OSPF inbound filtering..................................................................................................................... 18Enabling proxy arp command update............................................................................................... 18

Chapter 3: IP routing concepts.......................................................................................... 19IP addressing............................................................................................................................................ 19

Subnet addressing........................................................................................................................... 20Static routes.............................................................................................................................................. 21Black hole static routes............................................................................................................................. 22IP enhancements and policies.................................................................................................................. 22

Equal Cost Multipath (ECMP).......................................................................................................... 22Route filtering and IP policies........................................................................................................... 23Prefix list........................................................................................................................................... 26Defining route policies...................................................................................................................... 27Source IP enhancements................................................................................................................. 27IPSLA combined design................................................................................................................... 28

Unified Routing Information Base............................................................................................................. 29IP connectivity protocols........................................................................................................................... 34RIP and OSPF.......................................................................................................................................... 34Loopback IP.............................................................................................................................................. 34Routing over VLAN interfaces................................................................................................................... 36Dial Backup through an external modem.................................................................................................. 36

The Backup DDR mechanism.......................................................................................................... 36Chapter 4: IP routing configuration procedures.............................................................. 39

IP routing commands................................................................................................................................ 39Configuring interface match criterion................................................................................................ 39Configuring match address of a route.............................................................................................. 40Configuring prefix list match entries................................................................................................. 40Configuring source-protocol match metrics...................................................................................... 41Configuring match metric for a route................................................................................................ 41Matching the next-hop address of a route........................................................................................ 42Matching next hop to entries in a prefix list...................................................................................... 42Matching a route type....................................................................................................................... 43Matching a tag value........................................................................................................................ 43


Configuring metric value for a route................................................................................................. 44Enabling route-flap dampening........................................................................................................ 44Configuring the destination value for a destination routing protocol................................................. 45Configuring metric type for a destination routing protocol................................................................ 46Configuring ICMP rate limit.............................................................................................................. 46Configure prefix lists......................................................................................................................... 47Configuring automatic sequencing for prefix lists............................................................................. 48Configure a description for a prefix list............................................................................................. 48Configuring a static route................................................................................................................. 49Associating an IPSLA tracker to a static route................................................................................. 49Configuring an access list................................................................................................................ 50Configuring max route limit............................................................................................................... 50Displaying the max route limit status................................................................................................ 51Clearing an IP prefix list................................................................................................................... 51Resetting the static route IPSLA tracker.......................................................................................... 51

Show commands....................................................................................................................................... 52Displaying IP access lists................................................................................................................. 52Displaying interface information....................................................................................................... 52Displaying a prefix list....................................................................................................................... 55Displaying IP routing protocol process parameters and statistics.................................................... 55Displaying the IP routing table.......................................................................................................... 55Displaying route-map information..................................................................................................... 56Displaying interfaces configured with proxy arp............................................................................... 56Displaying the static route and associated tracker........................................................................... 56

Configuring routing for interfaces.............................................................................................................. 57Configuring the IP address and mask for an interface..................................................................... 57Enabling proxy arp........................................................................................................................... 57Configuring ICMP redirect messages on an interface...................................................................... 58Configuring ICMP destination unreachable messages on an interface............................................ 58

Configuring Dial Backup through an external modem.............................................................................. 58Configuring the global source address..................................................................................................... 60Configuring IPSLA..................................................................................................................................... 61

Creating an SLA profile.................................................................................................................... 61Configuring the SLA register delay time-out..................................................................................... 62Displaying the SLA register delay time-out...................................................................................... 62Attaching an SLA profile to a tracker................................................................................................ 62Clearing an SLA profile.................................................................................................................... 63

Chapter 5: RIP fundamentals............................................................................................. 65Avaya Secure Router 2330/4134 implementation of RIP......................................................................... 65Maintaining routing tables......................................................................................................................... 65Providing RIP security............................................................................................................................... 66Ensuring reachability with split horizon and poison reverse..................................................................... 66Routing Information Protocol..................................................................................................................... 66Triggered RIP............................................................................................................................................ 68RIP scalability enhancements................................................................................................................... 70

Chapter 6: RIP configuration procedures......................................................................... 73Enabling RIP globally................................................................................................................................ 73

6 Configuration — IPv4 and Routing July 2013

Entering key chain management mode.................................................................................................... 73Configuring a key...................................................................................................................................... 74Specifying key chain authentication key receive lifetime.......................................................................... 74Configuring a key password...................................................................................................................... 75Specifying key chain authentication key send lifetime.............................................................................. 76Configuring RIP routing on an IP network................................................................................................. 77Configuring split-horizon........................................................................................................................... 78Configuring route redistribution................................................................................................................. 78Configuring timers..................................................................................................................................... 79Configuring distribution of default routes.................................................................................................. 80Configuring the default metric on a redistributed route............................................................................. 80Configuring a router neighbor................................................................................................................... 81Configuring an interface to suppress routing updates.............................................................................. 81Configuring the routing protocol version................................................................................................... 82Configuring the administrative distance.................................................................................................... 82Configuring a RIP metric........................................................................................................................... 83Configuring multiple next hops for RIP..................................................................................................... 84Configuring routing updates to filter networks........................................................................................... 84Configuring authentication control............................................................................................................ 85Configuring advertisement reception........................................................................................................ 85Configuring packet reception through an interface................................................................................... 86Configuring advertisement transmission................................................................................................... 86Configuring packet transmission through an interface.............................................................................. 87Sending v1 packets to another RIP interface............................................................................................ 88Displaying RIP configuration..................................................................................................................... 88Displaying all configured RIP interfaces................................................................................................... 88Displaying RIP information........................................................................................................................ 89Displaying the RIP database..................................................................................................................... 89Clearing the RIP routing table................................................................................................................... 89Resetting prefix-list entries........................................................................................................................ 90Triggered RIP configuration...................................................................................................................... 90

Configuring triggered RIP for an interface tunnel............................................................................. 90Configuring triggered RIP for an interface bundle............................................................................ 91Triggered RIP configuration examples............................................................................................. 92

Configuring multiple next hops for RIP..................................................................................................... 95RIP scalability enhancements configuration............................................................................................. 95

Configuring default-originate-only for a tunnel interface................................................................... 95Configuring default-originate-only for an interface bundle................................................................ 96Configuring default-originate-only for an Ethernet interface............................................................. 97Configuring default-originate-only for a VLAN.................................................................................. 97Configuration example — RIP scalability enhancements................................................................. 97

Chapter 7: OSPF fundamentals......................................................................................... 101OSPF summary......................................................................................................................................... 101Hierarchical elements................................................................................................................................ 101Designated and backup designated routers............................................................................................. 102Link state database................................................................................................................................... 102LSA types.................................................................................................................................................. 103


Backbone area.......................................................................................................................................... 103Stub areas................................................................................................................................................. 104Not-so-stubby areas (NSSAs)................................................................................................................... 104Transit areas............................................................................................................................................. 104Virtual links................................................................................................................................................ 105Area ranges (route summarization)........................................................................................................... 105Route redistribution (exportation) and policy............................................................................................ 105OSPF inbound filtering.............................................................................................................................. 106Security..................................................................................................................................................... 106ECMP........................................................................................................................................................ 106Router ID................................................................................................................................................... 107Cost metric................................................................................................................................................ 107Passive interfaces..................................................................................................................................... 108OSPF demand circuits.............................................................................................................................. 108OSPF NBMA over Ethernet...................................................................................................................... 109

Broadcast vs non-broadcast networks............................................................................................. 109Open Shortest Path First........................................................................................................................... 110

Overview.......................................................................................................................................... 111Benefits............................................................................................................................................ 111OSPF routing algorithm.................................................................................................................... 111Autonomous system and areas........................................................................................................ 112Neighbors......................................................................................................................................... 114OSPF routers................................................................................................................................... 114Router types..................................................................................................................................... 115OSPF interfaces............................................................................................................................... 116OSPF and IP.................................................................................................................................... 117OSPF packets.................................................................................................................................. 117Link state advertisements................................................................................................................. 118AS external routes............................................................................................................................ 119OSPF virtual links............................................................................................................................. 119Specifying ASBRs............................................................................................................................ 120Metric speed..................................................................................................................................... 121

Chapter 8: OSPF configuration procedures..................................................................... 123Configuring the host name........................................................................................................................ 123Configuring the router ID........................................................................................................................... 123Configuring the loopback address............................................................................................................ 124Enabling OSPF......................................................................................................................................... 124Configuring OSPF interface priority.......................................................................................................... 125Enabling OSPF on an IP interface............................................................................................................ 125Associating an IPSLA tracker to an OSPF interface................................................................................. 126Configuring OSPF area as stub area........................................................................................................ 127Configure the OSPF area default cost...................................................................................................... 127Enable authentication for an OSPF area.................................................................................................. 128Configuring an OSPF area range............................................................................................................. 128Configuring an OSPF network filter list..................................................................................................... 129Configuring a virtual link............................................................................................................................ 130Configure an OSPF not-so-stubby-area................................................................................................... 131


Configuring OSPF Type 7 default origination........................................................................................... 131Restrict redistribution into an OSPF NSSA area....................................................................................... 132Restrict sending of summary LSAs........................................................................................................... 133Configuring an NSSA-ABR translator role................................................................................................ 133Configuring OSPF demand circuits........................................................................................................... 134Configuring redistribution of routes into OSPF......................................................................................... 134Configuring OSPF cost............................................................................................................................. 135Configuring virtual links............................................................................................................................. 136Configuring OSPF authentication............................................................................................................. 136Configuring metric for redistributed routes................................................................................................ 137Configuring OSPF capability features....................................................................................................... 137Logging adjacency state changes............................................................................................................. 138Configuring IP address summaries........................................................................................................... 139Configuring the OSPF compatibility list..................................................................................................... 139Configuring OSPF specifics...................................................................................................................... 140Calculating OSPF interface cost............................................................................................................... 140Configuring routing timers......................................................................................................................... 141Configuring Constrained Shortest Path First (CSPF)............................................................................... 141Configuring maximum allowed DD processes.......................................................................................... 142Configuring suppression of routing updates on an interface..................................................................... 142Configuring the administrative distance.................................................................................................... 143Configuring distribution of default information........................................................................................... 143Configuring OSPF inbound filtering.......................................................................................................... 144Configuring OSPF on an interface............................................................................................................ 145Configuring the authentication key............................................................................................................ 148Configuring the database filter.................................................................................................................. 148Disabling OSPF......................................................................................................................................... 148Configuring the dead interval.................................................................................................................... 149Configuring the hello interval.................................................................................................................... 149Configuring the message digest password............................................................................................... 150Configuring OSPF MTU............................................................................................................................ 150Configuring OSPF to ignore MTU............................................................................................................. 150Configuring the link-state transmit delay................................................................................................... 151Configuring lost link state transmit delay.................................................................................................. 151Configuring the OSPF network type......................................................................................................... 152Configuring OSPF TE metric..................................................................................................................... 152Configuring OSPF NBMA over Ethernet................................................................................................... 153Displaying OSPF parameters and statistics.............................................................................................. 154Displaying border router information......................................................................................................... 154Displaying database summary.................................................................................................................. 155Displaying TE database............................................................................................................................ 155Displaying virtual link information.............................................................................................................. 155Displaying neighbors................................................................................................................................. 155Displaying OSPF routes............................................................................................................................ 156Displaying OSPF interface........................................................................................................................ 156Clearing OSPF processes......................................................................................................................... 156Resetting the OSPF IPSLA tracker........................................................................................................... 157


Chapter 9: VRRP fundamentals......................................................................................... 159VRRP overview......................................................................................................................................... 159Virtual Router Redundancy Protocol......................................................................................................... 159VRRP over VLAN...................................................................................................................................... 162Ping to VRRP virtual IP............................................................................................................................. 162

Chapter 10: VRRP configuration procedures................................................................... 163Configure VRRP per port.......................................................................................................................... 163Configuring the advertisement interval..................................................................................................... 163Configuring the authentication string........................................................................................................ 164Configuring the virtual IP address............................................................................................................. 165Configuring priority.................................................................................................................................... 165Configuring track priority........................................................................................................................... 166Configuring the learn interval.................................................................................................................... 166Configuring a VRRP group description..................................................................................................... 167Configuring the preempt flag..................................................................................................................... 167Associating an IPSLA tracker to the VRRP.............................................................................................. 168Show VRRP information........................................................................................................................... 168Clearing VRRP information....................................................................................................................... 169Configuring VRRP over VLAN.................................................................................................................. 170Configuring ping to VRRP virtual IP.......................................................................................................... 171

Chapter 11: BGP fundamentals......................................................................................... 173BGP concepts........................................................................................................................................... 173

Hierarchical mechanisms................................................................................................................. 173BGP routes, route properties, and updates...................................................................................... 174Policy-based routing......................................................................................................................... 175Route redistribution.......................................................................................................................... 175Security............................................................................................................................................ 176Route reflectors................................................................................................................................ 176Confederations................................................................................................................................. 176Route flap dampening...................................................................................................................... 177Route refresh.................................................................................................................................... 177

BGP planning considerations.................................................................................................................... 178BGP minimum configuration planning.............................................................................................. 178BGP initial session customization planning...................................................................................... 178BGP update processing and advertisement configuration planning................................................. 179BGP optimization planning............................................................................................................... 179MBGP............................................................................................................................................... 179

Chapter 12: BGP configuration procedures..................................................................... 181BGP procedures for a minimum configuration.......................................................................................... 181

Enabling BGP................................................................................................................................... 181BGP procedures for a customized configuration...................................................................................... 181

Configuring MBGP properties.......................................................................................................... 181Configuring a passive session OPEN.............................................................................................. 182Advertising the local router ID as nexthop........................................................................................ 182Comparing the MED value of routes learned from eBGP peers...................................................... 183Removing private AS numbers from route advertisements.............................................................. 183Configuring a BGP Confederation.................................................................................................... 184


Configuring a BGP Route Reflector cluster...................................................................................... 184Configuring soft-reconfiguration on neighbor................................................................................... 185Configuring strict-capability-match on neighbor............................................................................... 186Enabling ECMP................................................................................................................................ 186Enabling an address family for a neighbor....................................................................................... 186Configuring interval for BGP route updates...................................................................................... 187Configuring interval for AS-origination updates................................................................................ 187Advertising capability to a peer........................................................................................................ 188Configuring a default route to originate to neighbor......................................................................... 189Configuring a neighbor description................................................................................................... 189Configuring a distribution list............................................................................................................ 190Disallowing capability negotiation..................................................................................................... 190Allowing EBGP neighbors from indirectly connected networks........................................................ 191Configuring BGP filters..................................................................................................................... 191Enabling BGP on an interface.......................................................................................................... 192Configuring maximum number of prefixes........................................................................................ 193Configuring a neighbor password..................................................................................................... 193Configuring peer-group members.................................................................................................... 194Configuring a prefix list..................................................................................................................... 194Configuring AS number of a remote BGP neighbor......................................................................... 195Configuring a route map to a neighbor............................................................................................. 195Configuring a neighbor as route reflector client................................................................................ 196Configuring a neighbor as route server client................................................................................... 197Sending a community attribute to a neighbor................................................................................... 197Shutting down a neighbor................................................................................................................. 198Configuring BGP neighbor timers..................................................................................................... 198Configuring a routing update source................................................................................................ 199Configuring weight for a BGP neighbor............................................................................................ 199Modifying a default bestpath selection............................................................................................. 200Configuring client-to-client route reflection....................................................................................... 201Configuring a route reflector cluster-id............................................................................................. 201Configuring AS confederation parameters....................................................................................... 202Enabling route flap dampening......................................................................................................... 202Configuring BGP defaults................................................................................................................. 203Enforcing first AS for EBGP routes.................................................................................................. 203Resetting a session when a peer goes down................................................................................... 204Logging neighbor changes............................................................................................................... 204Overriding current router-id.............................................................................................................. 205Configuring background scan interval.............................................................................................. 205Defining the administrative distance................................................................................................. 206Configuring BGP aggregate entries................................................................................................. 207Configuring IGP synchronization...................................................................................................... 207Specifying a BGP announced network............................................................................................. 208Configuring routing timers................................................................................................................ 208Redistributing information from another protocol............................................................................. 209Configuring aggregation on same next hop..................................................................................... 210Configuring RFC1771 compatible path selection mechanism.......................................................... 210


Configuring aggregation on same next hop..................................................................................... 210Configuring a BGP AS path filter...................................................................................................... 211Configuring community list entries................................................................................................... 211Matching a BGP origin code............................................................................................................. 212Matching a BGP AS-path list............................................................................................................ 212Matching a BGP community list....................................................................................................... 213Setting the BGP aggregator attribute............................................................................................... 213Setting the prepend string for a BGP AS-path attribute................................................................... 214Setting the BGP atomic aggregate attribute..................................................................................... 214Setting the BGP community list........................................................................................................ 215Setting the BGP community attribute............................................................................................... 215Setting the BGP local preference path attribute............................................................................... 216Setting the BGP origin code............................................................................................................. 216Setting the BGP originator ID attribute............................................................................................. 217Setting the tag value for a destination routing protocol.................................................................... 217Setting the BGP weight for a routing table....................................................................................... 218Configuring deterministic MED......................................................................................................... 218Accepting an AS path containing my AS.......................................................................................... 219Propagating a BGP attribute unchanged to a neighbor.................................................................... 219Overriding a capability negotiation result......................................................................................... 220Selectively leaking more-specific routes to a neighbor.................................................................... 220Displaying BGP attribute information............................................................................................... 221Displaying routes matching communities......................................................................................... 221Displaying BGP paths...................................................................................................................... 222Displaying cidr-only information....................................................................................................... 222Displaying community information.................................................................................................... 222Displaying neighbor information....................................................................................................... 223Displaying BGP regular expression information............................................................................... 223Displaying BGP community information........................................................................................... 223Displaying scan information............................................................................................................. 224Displaying BGP neighbor status summary....................................................................................... 224Displaying inconsistent AS paths..................................................................................................... 224Displaying detailed dampening information...................................................................................... 224Displaying routes matching route map............................................................................................. 225Displaying routes matching a prefix list............................................................................................ 225Displaying routes matching a filter list.............................................................................................. 226Displaying routes matching a community list................................................................................... 226Displaying routes matching an AS path regular expression............................................................. 226Displaying AS path access lists........................................................................................................ 227Displaying community lists............................................................................................................... 227Resetting all BGP peers................................................................................................................... 227Resetting all BGP peers in IPv4 family............................................................................................. 228Resetting BGP AS number............................................................................................................... 228Resetting BGP peer groups............................................................................................................. 228Resetting BGP neighbor ID.............................................................................................................. 228Resetting BGP dampening............................................................................................................... 229Resetting BGP flap statistics............................................................................................................ 229


Resetting BGP external peers.......................................................................................................... 229Sample BGP configurations...................................................................................................................... 229

Configuring IBGP sessions.............................................................................................................. 229Configuring EBGP sessions............................................................................................................. 232



Chapter 1: Introduction

PurposeThis document provides information you need to configure IPv4 routing.

Related resources

DocumentationSee the Avaya Secure Router 2330/4134 Documentation Roadmap, NN47263-103, for a listof the documentation for this product.

TrainingOngoing product training is available. For more information or to register, you can access theWeb site at http://avaya-learning.com.

Avaya Mentor videosAvaya Mentor is an Avaya-run channel on YouTube that includes technical content on how toinstall, configure, and troubleshoot Avaya products.

Go to http://www.youtube.com/AvayaMentor and perform one of the following actions:

• Enter a key word or key words in the Search Channel to search for a specific productor topic.

• Scroll down Playlists, and click the name of a topic to see the available list of videosposted on the site.


HTTP://AVAYA-LEARNING.COM/

http://www.youtube.com/AvayaMentor

SupportVisit the Avaya Support website at http://support.avaya.com for the most up-to-datedocumentation, product notices, and knowledge articles. You can also search for releasenotes, downloads, and resolutions to issues. Use the online service request system to createa service request. Chat with live agents to get answers to questions, or request an agent toconnect you to a support team if an issue requires additional expertise.

Introduction




Chapter 2: New in this release

The following section details what is new in Avaya Secure Router 2330/4134 Configuration — IPv4 andRouting (NN47263-502) for Release 10.3.5.

Important:In this document, the term Secure Router 2330/4134 is used interchangeably to refer to the SecureRouter 2330 and the Secure Router 4134.

FeaturesSee the following sections for feature related changes.

IPSLA combined design featureRelease 10.3.5 introduces the IPSLA combined design feature that allows you to configureSLA profiles on the secure router based on your requirement and agreed upon IPSLA withyour ISP.

For further information and related procedures, see the following:

• IPSLA combined design on page 28

• Configuring IPSLA on page 61

• Configuring IP routing on page 39

• OSPF configuration procedures on page 123

• VRRP configuration procedures on page 163

Other changesThe following sections identify changes that are not feature related.


IPv4 ICMP rate limitSee Configuring ICMP rate limit on page 46.

This section has been added based on information that was previously documented in theSecure Router 2330/4134 Release Notes.

OSPF inbound filteringPrevious releases supported OSPF filtering of outgoing routes by the redistributecommand. Release 10.3.5 extends this support to incoming OSPF routes and blocks themfrom being sent into the routing table.

For more information, see OSPF inbound filtering on page 106.

Enabling proxy arp command updateWith Release 10.3.5, in the section Enabling proxy arp on page 57, the command ipproxy_arp that configured proxy arp under Ethernet is replaced by the command ip proxy-arp that configures proxy arp under both Ethernet and vlan interfaces.

Note:The ip proxy_arp command is still accepted and works properly in existing configurationfiles but the new command ip proxy-arp is stored in new configuration files generatedstarting from Release 10.3.5.

New in this release



Chapter 3: IP routing concepts

The router management features covered in this documentation apply regardless of which routingprotocols are used and include router Internet Protocol (IP) configuration, IP route table management,Address Routing Protocol (ARP) configuration, ARP table management, and Virtual Router RedundancyProtocol (VRRP) configuration. You must be familiar with the basics of routing and IP addresses.

IP addressingAn IP version 4 address consists of 32 bits expressed in a dotted-decimal format (x.x.x.x). TheIP version 4 address space is divided into classes, with classes A, B, and C reserved for unicastaddresses and accounting for 87.5 percent of the 32-bit IP address space. Class D is reservedfor multicast addressing. Table 1: IP addresses on page 19 lists the breakdown of IP addressspace by address range and mask.

Table 1: IP addresses

Class Address range Mask Number ofnetworks

Number ofaddresses per

networkA 0.0.0.0—

127.255.255.255255.0.0.0 128 16777216

B 128.0.0.0—191.255.255.255

255.255.0.0 16384 65536

C 192.0.0.0—223.255.255.255

255.255.255.0 2097152 256

D 224.0.0.0—239.0.0.0

To express an IP address in dotted-decimal notation, you convert each octet of the IP addressto a decimal number and separate the numbers by decimal points. For example, you specifythe 32-bit IP address 10000000 00100000 00001010 10100111 in dotted-decimal notation as128.32.10.167.

Each IP address class, when expressed in binary, has a different boundary point between thenetwork and host portions of the address as illustrated in Figure 1: Network and hostboundaries in IP address classes on page 20. The network portion is a network number fieldfrom 8 through 24 bits. The remaining 8 through 24 bits identify a specific host on thenetwork.


Figure 1: Network and host boundaries in IP address classes

Subnet addressingSubnetworks (or subnets) extend the IP addressing scheme used by an organization to onewith an IP address range for multiple networks. Subnets are two or more physical networksthat share a common network-identification field (the network portion of the 32-bit IPaddress).

You create a subnet address by increasing the network portion to include a subnet address,thus decreasing the host portion of the IP address. For example, in the address 128.32.10.0,the network portion is 128.32, while the subnet is found in the first octet of the host portion(10). A subnet mask is applied to the IP address and identifies the network and host portionsof the address.

Table 2: Subnet masks for class B and class C IP addresses on page 20 illustrates howsubnet masks used with class B and class C addresses can create differing numbers ofsubnets and hosts. This example includes using the zero subnet, which is permitted on anAvaya Secure Router 2330/4134.

Table 2: Subnet masks for class B and class C IP addresses

Numberof bits

Subnet mask Number of subnets(recommended)

Number of hosts persubnet

Class B

2 255.255.192.0 2 16 382

3 255.255.224.0 6 8 190

IP routing concepts



Numberof bits

Subnet mask Number of subnets(recommended)

Number of hosts persubnet

4 255.255.240.0 14 4 094

5 255.255.248.0 30 2 046

6 255.255.252.0 62 1 022

7 255.255.254.0 126 510

8 255.255.255.0 254 254

9 255.255.255.128 510 126

10 255.255.255.192 1 022 62

11 255.255.255.224 2 046 30

12 255.255.255.240 4 094 14

13 255.255.255.248 8 190 6

14 255.255.255.252 16 382 2

Class C

1 255.255.255.128 0 126

2 255.255.255.192 2 62

3 255.255.255.224 6 30

4 255.255.255.240 14 14

5 255.255.255.248 30 6

6 255.255.255.252 62 2

Variable-length subnet masking (VLSM) is the ability to divide your intranet into pieces thatmatch your requirements. Routing is based on the longest subnet mask or network thatmatches. Routing Information Protocol (RIP) version 2 and Open Shortest Path First (OSPF)are routing protocols that support VLSM.

Static routesStatic routes allow you to create routes to a destination IP address manually (see also Blackhole static routes on page 22).

You can use a static default route to specify a route to all networks for which there are noexplicit routes in the Forwarding Information Base or the routing table. This route is by definitiona route with the prefix length of zero (RFC 1812). You can configure the Secure Router2330/4134 with any route through the IP static routing table.

Static routes


Static routes can also be configured with a next hop that is not directly connected, but that hopmust be reachable. Otherwise, the static route is not enabled. The configured gateway can beeither a specific IP address or router interface.

Black hole static routesA black hole static route is a route with an invalid next hop, such that the data packets destinedfor this network are dropped by the router (see also Static routes on page 21).

While aggregating or injecting routes to other routers, the router itself may not have a path tothe aggregated destination. In such cases, the result is a black hole and a routing loop. Toavoid such loops, configure a black hole static route to the destination the router isadvertising.

You can configure a preference value for a black hole route. However, you must configure thatpreference value appropriately, so that when you wish the black hole route to be used, it getselected as the best route.

Before adding a black hole static route, perform a check to ensure that there is no other staticroute to that identical destination in an enabled state. If such a route exists, you cannot addthe black hole route and an error message is displayed.

IP enhancements and policiesThe following sections describe the functioning of IP route policies:

• Equal Cost Multipath (ECMP) on page 22• Route filtering and IP policies on page 23• Prefix list on page 26• Defining route policies on page 27

Equal Cost Multipath (ECMP)With Equal Cost Multipath (ECMP) the Secure Router 2330/4134 can determine up to eightequal-cost paths to the same destination prefix. You can use multiple paths for load sharingof traffic. These multiple paths allow faster convergence to other active paths in case of networkfailure. By maximizing load sharing among equal-cost paths, you can use your links betweenrouters more efficiently when sending IP traffic. Equal Cost Multipath is formed using routesfrom same source or protocol. The Secure Router 2330/4134 supports per-packet or flow-based ECMP.

IP routing concepts



The ECMP feature supports and complements the following protocols and route types:

• Open Shortest Path First (OSPF)

• Routing Information Protocol (RIP)

• Border Gateway Protocol (BGP)

• Static route

• Default route

Route filtering and IP policiesWhen IP traffic is routed by the Secure Router 2330/4134, a number of filters can be appliedto manage, accept, redistribute, and announce policies for unicast routing table information.The filtering process relies on the IP prefix lists in the common routing table managerinfrastructure. Filters apply in different ways to different unicast routing protocols.

Figure 2: Route filtering for unicast routing protocols on page 23 shows how filters are appliedto BGP, RIP, and OSPF protocol.

Figure 2: Route filtering for unicast routing protocols

This section includes the following topics:

• Accept policies and in filters on page 24• Redistribution filters on page 24• Out filters on page 24• Route filtering stages on page 24

IP enhancements and policies


Accept policies and in filters

Accept policies or in filters are applied to incoming traffic to determine whether or not to addthe route to the routing table. Accept policies/in filters are applied in different ways to differentprotocols, as follows:

• RIP and BGP—filters are applied to all incoming route information

• OSPF—filters are applied only to external route information. Internal routing informationis not filtered because otherwise, other routers in the OSPF domain might haveinconsistent databases that could affect the router's view of the network topology.

In a network with multiple routing protocols, the network administrator can prefer specific routesfrom RIP instead of from OSPF. The network prefix is a commonly used match criterion foraccept policies/in filters.

Redistribution filters

Redistribution filters notify changes in the route table to the routing protocol (within the device).With redistribution filters, providing you do not breach the protocol rules, you can choose notto advertise everything that is in the protocol database, or you can summarize or suppressroute information. On the Secure Router 2330/4134, by default, no external routes are leakedto protocols you have not configured.

Out filters

Out filters are applied to outgoing advertisements to neighbors/peers in the protocol domain,to determine whether to announce specific route information. Out filtering applies to RIPupdates and BGP NLRI updates.

Out filtering may be applied to OSPF information at the administrator's discretion but is notrecommended since OSPF routing information must always be consistent across the domain.To restrict the flow of external route information in the OSPF protocol database, applyredistribution filters instead of out filters.

Route filtering stages

Figure 3: Route filtering stages on page 25 shows the three distinct filter stages that areapplied to IP traffic.

IP routing concepts



Figure 3: Route filtering stages

These stages are:

1. Filter stage 1

Filter stage 1 is the accept policy/in filter that is applied to incoming traffic to detectchanges in the dynamic (protocol-learned) routing information, which are thensubmitted to the routing table.

2. Filter stage 2

Filter stage 2 is the redistribution filter that is applied to the entries in the routingtable to the protocol during leaking process.

3. Filter stage 3

Filter stage 3 is the announce policy/out filter that is applied to outgoing traffic withina protocol domain.

Figure 4: Route filtering logic on page 26 shows the logical process for route filtering on theSecure Router 2330/4134.



Figure 4: Route filtering logic

Prefix listWith Secure Router 2330/4134 IP enhancements and policies, you can create one or more IPprefix lists and apply this list to any IP route policy.

IP routing concepts



Important:When you configure a prefix list for a route policy, be sure to add the prefix as A.B.C.D/M.

Defining route policiesAs IP route policies are not tied to a specific protocol, you can define an IP route policy and itsattributes globally, and then apply them individually to interfaces and protocols.

Source IP enhancementsBeginning with Secure Router 2330/4134 Release 10.2, the Secure Router provides supportfor adding source address information to existing services. The services modified to accept asource address are:

• File Transfer• RADIUS• SNMP• SNTP• Syslog• TACACS

The source address parameter is configurable on a global basis, where all the above servicesare configured with the same source address. The exception to this is when the source addressis configured separately for the service, in which case the service configuration takesprecedence. The source address can be configured using the IP address or the interfacename.

To accommodate this enhancement, all router output displays that contain a "source address"field displays the source IP address and the interface name associated with it. If the feature isconfigured by IP address, but has no associated interface specified, the interface shows as"not configured". Likewise, if the feature is configured by interface name, with no IP addressspecified, the IP address shows as "not configured". Global source address information canbe found using the "show system configuration" command.

The new command "source-address" has been added to enable this feature. In the case ofRadius and SNMP, the previous commands (src_address and snmp-source respectively) havebeen deprecated in lieu of this new command.

Because file transfer commands are not stored in a configuration, it uses the global sourceaddress if configured. Each of the file transfer commands accepts a source-address parameterto override the global source address.

Warning:When a source address is configured for a service which is valid (IP address and interfaceassociated with it) and the source-address interface is down, the service can fail to work if



it is bi-directional. By using a loopback interface for the source address which is always up,it ensures that the above problem does not occur.

For information about configuring the Radius or TACACS source address, see Avaya SecureRouter 2330/4134 Security — Configuration and Management (NN47263–600).

For information about configuring the SNMP source address, see Avaya Secure Router2330/4134 Configuration — Network Management (NN47263–602).

For information about configuring the SNTP source address, see Avaya Secure Router2330/4134 Commissioning (NN47263–302).

For information about configuring the Syslog source address, see Avaya Secure Router2330/4134 Troubleshooting (NN47263–700).

Source IP limitations

The following limitations apply to the Source IP feature:

• RADIUS: With RADIUS, the configured source IP address goes into the Network AccessServer (NAS) IP address attribute.

• FTP: For FTP, the source IP feature accepts only the global source IP (system sourceIP) and does not accept an FTP-specific source IP.

• TFTP: The source IP feature is not supported for TFTP in this release.

IPSLA combined designThe IPSLA combined design feature allows you to configure SLA profiles on the secure routerbased on your requirement and agreed upon IPSLA with your ISP. This feature generatescontrol packets, such as ping, at periodic intervals specified in the SLA profile. If the responsedoes not meet the SLA criteria, a tracker down event is generated to all the routing protocols.After receiving a tracker down event, the routing protocols can take some specific routingdecision, like disabling a route that was associated with that tracker.

To receive the tracker event, a routing protocol should register with IPSLA module as a client.This registration process is triggered by configuration like associating a static route with atracker. Once a routing protocol has registered as a client for a specific tracker, it startsreceiving tracker related events, such as tracker down.

IP routing concepts



Unified Routing Information BaseThe Secure Router 2330/4134 supports a unified routing table having both IPv4 unicast routesand MPLS routes. IPv4 unicast routes belong to one of the following categories:

• Connected

• Static

• OSPF

• RIP

• BGP

Similarly, MPLS routes belong to the following categories:

• Static MPLS routes

• RSVP-TE (and mapped routes)

• LDP

Unified Routing Information Base


Figure 5: RIB categories

As the unified route table is the composite table containing route information from all protocols,used in forwarding, only one type of route shall be selected. This selection is based on the‘distance’ property associated with the route. The route with the lower distance value ispreferred for forwarding.

The following table explains the order of selection of route type when more than one route isavailable for the given destination prefix.

Table 3: Selection order

Selection order Type of route Default distance Properties1 Connected 0 Fixed

2 Static IPv4 1 Configurable

3 Static FTN 10 Fixed

4 RSVP 10 Fixed

5 LDP 10 Fixed

6 RSVP MAP route 10 Fixed

IP routing concepts



Selection order Type of route Default distance Properties7 EBGP 20 Configurable

8 OSPF 110 Configurable

9 RIP 120 Configurable

10 IBGP 200 Configurable

Figure 6: Example

In the above topology, RUT-1 will have the unified route table entries as:

Table 4: Unified route table

Type Flag Prefix Next Hop InterfaceConnected *> 1.1.1.1/32 loopback1

Connected *> 10.0.0.0/24 ethernet0/1

Connected *> 127.0.0.0/8 lo0

In RUT-1, adding IPv4 static route (2.2.2.2/32), MPLS static FTN (2.2.2.2/32), configuringRSVP tunnel (LSP1 for 2.2.2.2/32) and running LDP will update Unified RIB as:

Table 5: Updated Unified RIB

Type Flag Prefix Next Hop Interface ...Connected *> 1.1.1.1/32 loopback1

MPLS 2.2.2.2/32 10.0.0.2 ethernet0/1 label 222, CLI-REG

MPLS 2.2.2.2/32 10.0.0.2 ethernet0/1 RSVP-REG,LSP1

MPLS 2.2.2.2/32 10.0.0.2 ethernet0/1 LDP-REG

Static *> 2.2.2.2/32 10.0.0.2 ethernet0/1



Type Flag Prefix Next Hop Interface ...MPLS 3.3.3.3/32 10.0.0.2 ethernet0/1 RSVP-

RSVP_MAP,LSP1

Connected *> 10.0.0.0/24 ethernet0/1

Connected *> 127.0.0.0/8 lo0

Note that the routes are selected to be programmed in FIB as per the distance associated withthe route type.

As the static route type has the lowest distance compared to other types, for the route2.2.2.2/32, static route is preferred for FIB. If the static route is deleted, then MPLS static route(marked as CLI-REG) will be selected for FIB.

The following CLI commands are associated with the unified RIB/FIB:

show ip route

show ip route database

IP routing concepts



The above commands display the unified routing table of the router. “show ip route”displays only the routes that are in FIB and “show ip route database” displays all theroutes in unified routing table and the routes that are selected for FIB and programmed in FIBare marked with “*>”.

show ip route <A.B.C.D>

show ip route <A.B.C.D/M>

The above commands display the unified routing table entry for the route with prefix A.B.C.Dand prefix length M (if provided).



IP connectivity protocolsThis Secure Router 2330/4134 uses various protocols for enhanced and resilient IPconnectivity. These protocols include:

• RIP

• OSPF

• VRRP

• BGP

To learn more about these protocols, see the following sections:

• RIP fundamentals on page 65

• OSPF fundamentals on page 101

• VRRP fundamentals on page 159

• BGP fundamentals on page 173

RIP and OSPFThe Secure Router 2330/4134 supports wire-speed IP routing of frames using one of thefollowing dynamic IP routing protocols:

• RIP version 1 (RFC 1058)

• RIP version 2 (RFC 1723)

• OSPF version 2 (RFC 2328)

Unlike static IP routing, where a manual entry must be made in the routing table to specify arouting path, dynamic IP routing uses a learning approach to determine the paths and routesto other routers. There are two basic types of routing algorithm: distance vector and link state.Routing Information Protocol (RIP) is a distance vector protocol and Open Shortest Path First(OSPF) Protocol is a link state protocol.

Loopback IPLoopback IP (also known as circuitless IP or CLIP) is a virtual interface that is not associatedwith any physical port. You can use the loopback interface to provide uninterrupted connectivityto your router as long as there is an actual path to reach the device.

IP routing concepts



For example, as shown in Figure 7: Routers with IBGP connections on page 35, a physicalpoint-to-point link exists between R1 and R2 along with the associated addresses(195.39.1.1/30 and 195.39.1.2/30). Note also that an Interior Border Gateway Protocol (IBGP)session exists between two additional addresses, 195.39.128.1/30 (CLIP 1) and195.39.281.2/30 (CLIP 2).

CLIP 1 and CLIP 2 represent the virtual loopback addresses that are configured between R1and R2. These virtual interfaces are not associated with the physical link or hardware interface.This allows the IBGP session to continue as long as there is a path between R1 and R2. AnIGP (such as OSPF) is used to route addresses corresponding to the loopback addresses.After all the loopback addresses are learned by the routers in the AS, the IBGP is establishedand routes can be exchanged.

Figure 7: Routers with IBGP connections

The loopback interface is treated as any other IP interface. The network associated with theloopback is treated as a local network attached to the device. This route always exists and thecircuit is always up because there is no physical attachment.

Routes are advertised to other routers in the domain either as external routes using the route-redistribution process or when you enable OSPF in a passive mode to advertise an OSPFinternal route. You can configure the OSPF protocol only on the circuitless IP interface.

When you create a loopback interface, the system software programs a local route with theCPU as destID. The CPU processes all packets that are destined to the loopback interfaceaddress. Any other packets with destination addresses associated with this network (but notto the interface address) are treated as if they are from an unknown host.

A loopback address can be used as source IP address in the IP header when sending remotemonitoring (RMON) traps.

Loopback IP


Routing over VLAN interfacesWith Release 10.2 and later, you can enable RIP, OSPF, BGP, and VRRP on VLANinterfaces.

With Release 10.3.5 and later, you can enable Proxy ARP over VLAN interfaces.

Dial Backup through an external modemDial Backup support is available for the Secure Router 4134 only.

Dial Backup support enables redundancy for routes by using PPP bundles created over adialup connection. The dialup connection becomes active when a primary route goes down.

The Secure Router connects to an external modem through the Aux port and establishes adialup connection to a phone number specified in the backup PPP configuration using a featurecalled Dial-on-Demand Routing (DDR). There are two types of Dial-on-Demand Routing:

• Dial-on-Demand Routing—Dials when traffic needs to traverse a link• Backup Dial-on-Demand Routing—Dials when a designated primary interface goes

down. You can configure a Backup Dial-on-Demand Routing interface by including theappropriate backup commands to a normal DDR interface configuration.

The IP address for the bundle is specified in the bundle configuration.

The Backup DDR mechanismThe Secure Routers use the Floating Static Route mechanism to automatically dialup tobackup another route. To accomplish this, a secondary route is specified in addition to theprimary route, with an administrative distance greater than the primary route. When the primaryinterface is functional, it is used to route traffic. If the primary interface goes down, packets areautomatically sent to the backup interface where they trigger commands to dial a connection.A keepalive time is specified by the user during bundle configuration so that commands areautomatically sent to disconnect a connection when there is no traffic for the allowed keepalivetime period.

To allow this feature to function properly, the following Hayes AT commands are supportedthrough the CLI:

Table 6: Supported Hayes AT commands

S0 Rings to auto answer

IP routing concepts



S1 Ring counter

S7 Wait for carrier after dialing

S9 Carrier detect response time

S10 Lost carrier hang up delay

Table 7: Programmed modem default settings

S2 Escape character

S3 Carriage return character

S4 Line feed character

S37 Line connection speed

V1 Result code is sent in work form

X1 Sends OK, CONNECT, RING, NO CARRIER, ERROR, NOANSWER and CONNECT SPEED

Table 8: Operation commands

A Cause modem to go off hook, works with ring detection

D Dial digit

E0 Echo off

H0 On hook

H1 Off hook

N1 Enable auto mode

+++ Mode change between data or command mode

Users have the option of creating multiple PPP backup bundles containing differentconfiguration criteria and specifying them by order of priority. At this time, the Secure Routerscontain only one Aux port, however the design of the feature is easily scalable should the optionof multiple Aux ports become available.

The modems currently supported by this feature include Creative Blaster V9.2, Diamond SupraMax V9.2 and Best Data 56 K v9.2/v4.4.

Dial Backup through an external modem


IP routing concepts



Chapter 4: IP routing configurationprocedures

This section describes CLI commands that you use to configure Layer 3 (routing) functions in your AvayaSecure Router 2330/4134.

• For conceptual information about Layer 3 routing functions, see IP routing concepts on page 19.

IP routing commandsThe IP routing commands configure general characteristics of the router.

Configuring interface match criterionUse the following procedure to configure interface match criterion.

Before configuring match criterion, you first need to configure the route map using the route-map command. The match interface command specifies the next-hop interface name of a routeto be matched.

Use the no form of this command to remove the specified match criterion.

Procedure steps

1. Enter configuration mode:

configure terminal2. Specify a route map:

route-map <route-map-name> [deny|permit] <1-65535>3. To specify match criterion, enter:

[no] match interface <ifname>Table 9: Variable definition

Variable Value<ifname> Specifies the interface you want to match.


Configuring match address of a routeUse the following procedure to configure the match address of a route.

Use the no form of this command to remove the IP address entry.

Procedure steps



route-map <route-map-name> [deny|permit] <1-65535>3. To specify an address, enter:

[no] match ip address <accesslistid>Table 10: Variable definition

Variable Value<accesslistid> The access list to match. Can be specified as:

• <WORD> - The name of the access list

• <1 - 199> - The IP access list number

• <1300 - 2699> - The expanded-range IP access listnumber

Configuring prefix list match entriesUse the following procedure to specify the match entries of prefix lists.

Use the no form of this command to disable this function.

Procedure steps



route-map <route-map-name> [deny|permit] <1-65535>3. To specify a prefix list, enter:

[no] match ip address prefix-list <listname>

IP routing configuration procedures



Table 11: Variable definition

Variable Value<listname> The IP address prefix list name.

Configuring source-protocol match metricsUse the following procedure to specify match source protocols.


Procedure steps



route-map <route-map-name> [deny|permit] <1-65535>3. To specify a source protocol to match, enter:

[no] match source-protocol <protocol>Table 12: Variable definition

Variable Value<protocol> The protocol to match. Possible values are:

• bgp - Match BGP source protocol

• connected - Match all connected protocols

• ospf - Match OSPF source protocol

• rip - Match RIP source protocol

• static - Match all static protocols

Configuring match metric for a routeUse the following procedure to configure a route metric value.


Procedure steps


IP routing commands



route-map <route-map-name> [deny|permit] <1-65535>3. To specify a metric value, enter:

[no] match metric <metric>Table 13: Variable definition

Variable Value<metric> The metric value, in the range 0 to 4294967295.

Matching the next-hop address of a routeUse the following procedure to configure the next-hop address of a route to specific accesslist criteria.


Procedure steps



route-map <route-map-name> [deny|permit] <1-65535>3. Specify the criteria to match:

[no] match ip next-hop {<1-99>|<1300-2699>|<name>}Table 14: Variable definition

Variable Value<1-99> The IP access list number.

<1300-2699> The IP extended access list number.

<name> The IP access list name.

Matching next hop to entries in a prefix listUse the following procedure to configure next-hop entries to those in a prefix list.





Procedure steps



route-map <route-map-name> [deny|permit] <1-65535>3. Specify the prefix list to match against:

[no] match ip next-hop prefix-list <name>Table 15: Variable definition

Variable Value<name> The IP prefix list name.

Matching a route typeUse the following procedure to specify a specific route-type to match.


Procedure steps



route-map <route-map-name> [deny|permit] <1-65535>3. Specify the route type to match:

[no] match route-type external {<type-1>|<type-2>}Table 16: Variable definition

Variable Value<type-1> Match OSPF external type 1 metrics.

<type-2> Match OSPF external type 2 metrics.

Matching a tag valueUse the following procedure to specify a specific tag value to match.


IP routing commands


Procedure steps



route-map <route-map-name> [deny|permit] <1-65535>3. Specify the tag value to match:

[no] match tag <value>Table 17: Variable definition

Variable Value<value> The tag value in the range 0 to 4294967295.

Configuring metric value for a routeUse the following procedure to specify a metric value for a route.


Procedure steps



route-map <route-map-name> [deny|permit] <1-65535>3. To set the metric value, enter:

[no] set metric <metric>Table 18: Variable definition

Variable Value<metric> The metric value for the route, in the range 0 to

4294967295.

Enabling route-flap dampeningUse the following procedure to enable route-flap dampening.





Procedure steps



route-map <route-map-name> [deny|permit] <1-65535>3. Enable route-flap dampening:

[no] set dampening <reach> <reuse> <suppress> <duration><unreach>


Variable Value<duration> The maximum duration to suppress a stable route (minutes)

in the range 1 to 255.

<reach> The reachability half-life time for the penalty (minutes) in therange 1 to 45.

<reuse> The value to start reusing a route in the range 1 to 20000.

<suppress> The value to start suppressing a route in the range 1 to20000.

<unreach> The unreachability half-life time for the penalty (minutes) inthe range 1 to 45.

Configuring the destination value for a destination routing protocolUse the following procedure to configure the destination value for a destination routingprotocol.


Procedure steps



route-map <route-map-name> [deny|permit] <1-65535>3. Configure the destination value:

[no] set metric {<metric>|<value>}

IP routing commands



Variable Value<metric> Add (+number) or subtract (-number) metric value.

<value> The metric value in the range 0 to 4294967295.

Configuring metric type for a destination routing protocolUse the following procedure to configure the metric type for a destination routing protocol.


Procedure steps



route-map <route-map-name> [deny|permit] <1-65535>3. Configure the metric type:

[no] set metric-type {<type-1>|<type-2>}Table 21: Variable definition

Variable Value<type-1> Match OSPF external type 1 metrics.

<type-2> Match OSPF external type 2 metrics.

Configuring ICMP rate limitUse this command to configure ICMPv4 rate limit.

Procedure steps

1. Enter Configuration mode.

configure terminal2. Configure the ICMP rate limit.

ip icmp rate-limit <rate-limit>




Table 22: Variable definitions

Variable Value<rate-limit> Specifies the time interval for sending ICMP

messages in milliseconds (default : 500ms,0 disables rate limit). Acceptable values arein the range: 0 - 1000000

Configure prefix listsUse the following procedure to configure IP prefix lists.

Procedure steps

1. Enter configuration mode.

configure terminal2. To configure an IP prefix list, enter:

ip prefix-list <listname> [seq <seq-num>] {deny|permit} {any| <address> [le <max-prefix-length>] [ge <min-prefix-length>]}


Variable Value<listname> The name of the prefix list.

<seq-num> The sequence number in the range 1 to 4294967295.

{deny|permit} Reject or forward packets.

any Any prefix match. Equivalent to specifying 0.0.0.0/0 withmaximum prefix length of 32.

<address> The IP Prefix/Length of the network to permit or deny.

le <max-prefix-length> The maximum prefix length.

ge <min-prefix-length> The minimum prefix length.

Configuring load balancing for equal cost routes

Use the following procedure to specify a load balancing policy for equal cost routes.

Procedure steps


IP routing commands


configure terminal2. To specify the policy, enter:

ip load-balancing policy [per-flow|per-packet]

Configuring automatic sequencing for prefix listsUse the following procedure to configure automatic sequencing for IP prefix lists.

With this feature enabled, if you do not specify a sequence number for a new prefix list, therouter automatically generates and assigns a sequence number to the prefix list.

By default, automatic sequencing is enabled.

To disable automatic sequencing, use the no form of this command.

Procedure steps


configure terminal2. To configure automatic sequencing for an IP prefix list, enter:

[no] ip prefix-list sequence-number

Configure a description for a prefix listUse the following procedure to configure a description for an IP prefix list.

Procedure steps


configure terminal2. To configure a description for an IP prefix list, enter:

ip prefix-list <listname> description <description>Table 24: Variable definition

Variable Value<listname> The name of the prefix list.

<description> Specifies the description for the prefix list.




Configuring a static routeUse the following procedure to configure a static IP route.

Use the no form of this command to disable the distance for static routes of a subnet mask.

Procedure steps


configure terminal2. To configure the IP route, enter:

[no] ip route <destprefix> <ipaddressmask> <gatewayip|interface> <distvalue>


Variable Value<address> The IP destination prefix for the route to be added.

<mask> The IP destination prefix mask for the route to be added.

<gatewayip> The IP gateway address of the route to be added.

<interface> The name of the interface.

<distvalue> The distance value for the route, in the range 1 to 255.

Associating an IPSLA tracker to a static routeUse the following procedure to associate an IPSLA tracker to a static IP route.

Procedure steps


configure terminal2. To configure the static IP route and associate the IPSLA tracker to the static route,

enter:

ip route <netaddr/mask> <gateway> track <IPSLA tracker Tag>Table 26: Variable definition

Variable Value<netaddr/mask> IP address and subnet mask of the destination network.

<gateway> IP address or interface name of the gateway.

IP routing commands


Variable Value< IPSLA tracker Tag> Unique tag number of the IPSLA tracker.

Configuring an access listUse the following procedure to configure an access list.

Procedure steps


configure terminal2. To configure the access list, enter:

[no] access-list <listname> {permit {<prefix> [exact-match]|any}| deny {<prefix> [exact-match]|any}| remark <comment>}


Variable Value<listname> A name for the access list.

<prefix> The IP prefix (network/length) to match.

<comment> Description of the access list, up to 100 characters.

[no] Removes the access list configuration.

Configuring max route limitUse the following procedure to configure the system max route limit.

Procedure steps


configure terminal2. To configure the max route limit, enter:

system max-route-limit <WORD>

Note:The max route limit configuration takes effect only after rebooting the securerouter.

By default the max route limit is set to small IPv4 prefixes. However, if you areusing BGP to learn the internet routing table, you must first configure the max-




route-limit to large and then reboot the system for the configuration to takeeffect.


Variable Value<WORD> Enter the max route limit.

Valid values:

• small (default)

• large

Displaying the max route limit statusUse the following procedure to display the max route limit status.

Procedure stepsTo display the max route limit status, enter:

show system max-route-limit

Clearing an IP prefix listUse the following procedure to clear an IP prefix list.

Procedure steps

Clear the IP prefix list.

clear ip prefix-list <list> [<prefix>]Table 29: Variable definition

Variable Value<list> The IP prefix list to clear.

<prefix> The specific IP prefix/length to clear from the prefix list.

Resetting the static route IPSLA trackerUse the following procedure to reset the static route IPSLA tracker.

Procedure steps


IP routing commands


configure terminal2. To reset the static route IPSLA tracker, enter:

clear ip route track <IPSLA Tracker Tag>Table 30: Variable definition

Variable Value<IPSLA Tracker Tag> Unique tag number of the IPSLA tracker.

Show commandsThe show IP commands display the general IP characteristics of the router.

Displaying IP access listsUse the following procedure to display IP access lists.

Procedure steps

To display IP access lists, enter:

show ip access-list <name>Table 31: Variable definition

Variable Value<name> The name of the access list you want to display.

Displaying interface informationUse the following procedure to display interface information.

Note:

With Release 10.2 and later, the interface display includes the highest supported capability foreach interface: FE for Fast Ethernet and GE for Gigabit Ethernet.

Procedure steps

1. To display interface information, enter:




show ip interfaces2. To display information only about a specific interface, enter:

show ip interfaces interface <ifname>3. To display a summary of the interface information, enter:

show ip interfaces brief [interface <ifname>]4. To display information for a specific Ethernet interface, enter:

show interface ethernet <slot/port>5. To display information for all Ethernet interfaces, enter:

show interface ethernetsTable 32: Variable definition

Variable Value<ifname> The interface name for which you want to display

information.

Show commands


Figure 8: show ip interface command output

Figure 9: show ip interface ethernet command output




Displaying a prefix listUse the following procedure to display a prefix list.

Procedure steps

To display prefix list information, enter:

show ip prefix-list [<name>|detail|summary]Table 33: Variable definition

Variable Value<name> The name of the prefix list you want to display.

Displaying IP routing protocol process parameters and statisticsUse the following procedure to display IP routing protocol process parameters and statistics.

Procedure steps

To display parameters and statistics, enter:

show ip protocols [bgp|ospf|rip]

Displaying the IP routing tableUse the following procedure to display the IP routing table.

Procedure steps

To display the IP routing table, enter:

show ip route [routetype]Table 34: Variable definition

Variable Value<routetype> Optional route-type information to display. Possible options

are:

• A.B.C.D - The network in the IP routing table to display.

• bgp - Display BGP information.

• connected - Display connected route information.

• database - The IP routing table database to display.

Show commands


Variable Value

• mpls - Display MPLS information

• ospf - Display OSPF information.

• rip - Display RIP information.

• static - Display static information.

• summary - Display a summary of all routes.

Displaying route-map informationUse the following procedure to display route-map information.

Procedure steps

To display route-map information, enter:

show route-map [routemap]Table 35: Variable definition

Variable Value[routemap] Optionally display route-map information to display by

specifying a route-map name.

Displaying interfaces configured with proxy arpUse the following procedure to display the interfaces that are configured with proxy arp.

Procedure steps

To display the interfaces that are configured with proxy arp, enter:

show ip proxy-arp

Displaying the static route and associated trackerUse the following procedure to display the static route and associated tracker.

Procedure stepsTo display the static route and associated tracker, enter:

show ip route tracker




Configuring routing for interfacesThis section describes some of the generic port-related IP routing commands. Other portcommands are included in sections of this manual that describe commands that are used witha specific protocol or feature. These commands apply to both Ethernet and WAN interfaces.

Configuring the IP address and mask for an interfaceUse the following procedure to configure the IP address and subnet mask for an interface.

Procedure steps


configure terminal2. Enter interface mode.

interface <interface>3. To configure the IP address and subnet mask, enter:

ip address <address> <mask>Table 36: Variable definition

Variable Value<address> The IP address for the interface.

<mask> The subnet mask for the interface.

Enabling proxy arpUse the following procedure to enable proxy arp for Ethernet and vlan interfaces.

Procedure steps



interface <interface>3. To enable proxy arp, enter:

ip proxy-arp

Configuring routing for interfaces


Configuring ICMP redirect messages on an interfaceUse the following procedure to configure ICMP redirect messages on an interface.

Use the no form of this command to disable.

Procedure steps



interface <interface>3. To enable ICMP redirect messages, enter:

[no] ip redirects

Configuring ICMP destination unreachable messages on aninterface

Use the following procedure to enable ICMP destination unreachable messages on aninterface.

Use the no form of this command to disable this feature.

Procedure steps



interface <interface>3. To enable ICMP destination unreachable messages, enter:

[no] ip unreachables

Configuring Dial Backup through an external modemUse the following procedure to configure Dial Backup through an external modem.




Procedure steps

1. To configure dial backup, enter Configuration Mode.

configure terminal2. Create a dialer.

dialer <name>3. Configure the UART baud rate.

async uart rate <baudrate>4. Configure the UART parity setting.

async uart parity <setting>5. Configure UART stop bits.

async uart stopbits <stopbits>6. Configure the phone number to be called by the modem.

async modem phone-num <number>7. Configure the number of rings before answering.

async modem answer <rings>8. Configure the number of rings to wait during call setup.

async modem call-set-timeout <rings>9. Configure the dial method.

async modem dial-method {tone | pulse}10. Configure using an AT string.

modem async at <at_string>11. Enable the async configuration.

async modem enable12. Configure the dialer idle-timeout interval.

idle-timeout <timeout>13. Configure management CLI service mode.

answer-mode [enable | disable] [priority {high | low}]14. Exit back a level.

exit15. To attach to a bundle, create a bundle.

interface bundle <bundlename>16. Configure the bundle to use the dialer.

Configuring Dial Backup through an external modem


link dialer <dialer>17. Continue normal configuration of the bundle.


Variable Value<at_string> Specifies the AT string used to configure the dialer.

<baudrate> Specifies the Baud rate of the modem. Default is 56000.

<bundlename> Specifies the name of the bundle.

<databits> Specifies the number of databits. Default is 8.

<dialer> Specifies the dialer name to link, maximum 8 characters.

<name> Specifies the dialer name, maximum 8 characters.

<number> Specifies the phone number, maximum length 25 characters,with or without hyphens. Prepending p or t indicates pulse ortone dialing.

<rings> Specifies the number of rings, in the range 1–255.

<setting> Specifies the parity setting—none, even, or odd. Default isnone.

<stopbits> Specifies the number of stopbits—1, 2, or 3. Default is 1.

<timeout> Specifies the idle timeout time, in the range 1–6000. Defaultis 180.

Configuring the global source addressUse the following procedure to configure source addresses on services.

Procedure steps

1. To configure source addresses for a service, enter Configuration Mode.

configuration terminal2. Configure the global source address.

system source-address <[ip-address]|[interface-name]>Table 38: Variable definitions

Variable Value[ip-address] Specifies the source address by IP address.

[interface-name] Specifies the source address by interface name.




Configuring IPSLAThis section describes commands for configuring the IPSLA feature. Other commands areincluded in sections of this manual that describe commands that are used with a specificprotocol or feature.

Creating an SLA profileUse the following procedure to create and configure an SLA profile.

Procedure steps


configure terminal2. Create an SLA profile.

sla profile <profile-id>3. Configure ICMP echo parameters for the SLA profile.

icmp-echo <ip-address>4. Configure the effect type and action type for the SLA profile.

action <effect-type> [<action-type>]5. Configure the threshold violation type.

threshold-type <type>6. Configure the SLA profile threshold values.

threshold-value <value1> <value2>Table 39: Variable definition

Variable Value<profile-id> ID of the profile to be configured. Valid range is 1- 1000.

<ip-address> IP address of the destination system.

<effect-type> The SLA variable that has to be monitored.Valid: jitter-average,jitter-average-srcdest, jitter-average-dest-src, jitter-max-positive-src-dest, jitter-max-positive-dest-src, jitter-max-negative-src-dest, jitter-max-negative-dest-src, delay-average, delay-average-src-dest, delay-average-dest-src, delaymax-src-dest, delay-max-dest-src,packet-loss, packet-out-of-order, packet-late-arrival,response-time, or response-time-average.

Configuring IPSLA


Variable Value<action-type> The action to be taken when the monitored variable exceeds

the range.Valid: console-logging (default), syslog, or trap.

<type> Threshold type to be configured.Valid: immediate, average, consecutive, or xofy.

<value1> Threshold Value1. Valid: 1-10000

<value2> Threshold Value2. Valid: 1-10000

Configuring the SLA register delay time-outUse the following procedure to configure the SLA register delay time-out.

Procedure steps


configure terminal2. To configure the SLA register delay time-out, enter:

sla-register-delay <timeout>Table 40: Variable definition

Variable Value<timeout> The time-out for sla registration delay in seconds. The values

range from 60 to 1800 seconds. (Default: 300 seconds)

Displaying the SLA register delay time-outUse the following procedure to display the SLA register delay time-out.

Procedure stepsTo display the SLA register delay time-out, enter:

show ip sla register-delay

Attaching an SLA profile to a trackerUse the following procedure to attach an SLA profile to a tracker.




Procedure steps


configure terminal2. Enable the tracker.

track <tracker-object-id>3. Attach an SLA profile to the tracker.

service-sla-profile <sla-profile-id>4. Exit the tracker.

exit trackTable 41: Variable definition

Variable Value<tracker-object-id> ID of the tracker to be enabled. Valid range is 1- 500.

<sla-profile-id> ID of the SLA profile to be attached with the tracker. Validrange is 1- 1000.

Clearing an SLA profileUse the following procedure to clear an SLA profile.

Procedure steps


configure terminal2. Clear the SLA profile.

clear sla profile [<1-1000> | all]Table 42: Variable definition

Variable Value[<1-1000> | all] Specifies the SLA profile statistics to clear. You can specify

an id from the valid range from 1 through 1000. Specifyingall clears all the configured SLA profiles.

Configuring IPSLA





Chapter 5: RIP fundamentals

Routing Information Protocol (RIP) is a distance vector protocol that dynamically learns the available pathsto other routers. To RIP, the best path to a destination is the one with the fewest hops. RIP computesdistance as a metric, usually the number of hops (or routers) from the source node to the target node.

Avaya Secure Router 2330/4134 implementation of RIPRIP works well for small- to medium-sized networks, where the longest path is 15 hops. A nodeconnected directly to the router has a metric of zero; an unreachable node has a metric of 16.When used as a provider edge (PE), the Avaya Secure Router 2330/4134 supports RIP onaccess ports that interface with customer edge (CE) devices.

RIPv1 advertises addresses without subnet masking. RIPv2 advertises more explicitly, basedon the subnet mask. The Avaya Secure Router 2330/4134 supports RIPv2 with backwardscompatibility for RIPv1.

Maintaining routing tablesRouting tables have to be maintained to track changes in the network. For example, routersfail, better routes become available, and sometimes routes have to be purged. RIP uses thefollowing timers to keep the routing tables current:

• Update timer -- Routers within an autonomous system exchange routing informationthrough periodic RIP updates. The update timer controls the frequency of these updates.The Avaya Secure Router 2330/4134 default is to send out a RIP update every 30seconds.

• Expiration timer -- RIP expects an update every 30 seconds from its neighbors. If it doesnot receive an update in that time, RIP waits for a specified expiration time beforedeclaring a route invalid. The expiration timer enables you to balance the need to allowtime for occasional lost update messages and the need to purge stale routes quickly. TheAvaya Secure Router 2330/4134 default is to wait 180 seconds.

• Triggered update timer -- When routes change, the Avaya Secure Router 2330/4134sends a RIP update almost immediately instead of waiting for its regular update message.This helps to speed up network convergence. The triggered update timer is set to wait for5 seconds to avoid a storm of triggered updates.


Providing RIP securityRIP supports the following two security mechanisms that prevent unauthorized routers fromforming adjacencies:

• Simple text password -- This method transmits simple passwords in clear text, and ismeant only to protect against honest neighbors.

• MD5 authentication -- This mechanism provides more protection than a simple passwordand has a greater probability of detecting hostile messages.

Note that you must be running RIPv2 to enable MD5 authentication. The default is none.

Ensuring reachability with split horizon and poisonreverse

Problems arise when routers claim reachability for a destination network to the neighbor fromwhich the route was learned. This creates a loop where neighbors advertise erroneousroutes.

The Avaya Secure Router 2330/4134 supports the following two mechanisms that help ensurethe reachability of routes:

• Split horizon -- This mechanism omits routes learned from one neighbor in updates sentto that neighbor. Split horizon minimizes routing overhead, but may cause slowerconvergence.

• Split horizon with poison reverse -- This mechanism includes routes learned from oneneighbor in updates sent to that neighbor. However, it sets the metric to 16, which breaksthe erroneous loop immediately. Poison reverse speeds up convergence, but it increasesrouting overhead. Avaya Secure Router 2330/4134 enables split horizon with poisonreverse by default.

Routing Information ProtocolIn routed environments, routers communicate with one another to track available routes.Routers can learn about available routes dynamically using the Routing Information Protocol(RIP). The Secure Router 2330/4134 software implements standard RIP for exchangingTransmission Control Protocol (TCP)/IP route information with other routers.

RIP uses broadcast User Datagram Protocol (UDP) data packets to exchange routinginformation. By default, each router advertises routing information by sending a routing

RIP fundamentals



information update every 30 seconds (one interval). If a router does not receive an update fromanother router within 180 seconds (six intervals), it marks the routes served by the nonupdatingrouter as being unusable. If no update is received within an additonal 120 seconds (fourintervals), the router removes all routing table entries for the nonupdating router. All of theseintervals are user-configurable values.

RIP is known as a distance vector protocol. The vector is the network number and next hop,and the distance is the cost associated with the network number. RIP identifies networkreachability based on cost, and cost is defined as hop count. One hop is considered to be thedistance from one router to the next. This cost or hop count is known as the metric (Figure 10:Hop count or metric in RIP on page 67).

Figure 10: Hop count or metric in RIP

RIP version 1 was distributed in the early years of the Internet and advertised default classaddress without subnet masking. RIP version 2 advertises more explicitly, based on the subnetmask.

The Secure Router 2330/4134 supports RIP version 2, which advertises routing table updatesusing multicast instead of broadcasting. RIP version 2 supports variable length subnet masks(VLSM) and triggered updates of routers. RIP version 2 sends mask information. If informationabout a network is not received for 180 seconds, the metric associated with the network risesto infinity (U)—the metric resets to 16, which means the network becomes unreachable. Ifinformation about a network is not received for an additional 120 seconds (four updateintervals), it is removed from the routing table. You can change the default timers by using the'timers basic' command at the 'router rip' command level.

A directly connected network has a metric of zero. An unreachable network has a metric of 16.Therefore, the highest metric between any two networks can be 15 hops or 15 routers.

Routing Information Protocol


Triggered RIPDemand Circuits are Point-to-Point links whose costs are calculated based on usage. Forexample, ISDN charges can be based both on connect time and on bytes/packets transmitted.For this reason, demand circuits are brought up only when there is data to be sent out and torndown when the link is idle. However, enabling routing protocols on demand circuits can preventthem from going down because of the periodic keep-alive or update messages they send.

Even on fixed point-to-point interfaces like T1/E1, the overhead of periodic RIP transmissionscan seriously interrupt normal data transfer, simply due to the quantity of information whichhits the line every 30 seconds.

The Secure Router avoids these problems in RIP by supporting RFC 2091, which defines RIPextensions to support Demand Circuits. With the Triggered RIP feature enabled, RIP sendsinformation on the Point-to-Point interfaces only when there has been an update to the routingdatabase. This feature increases efficiency of the RIP protocol over Point-to-Point interfacesby reducing the amount of control traffic and also allows RIP to be enabled on Dial on Demandcircuits like ISDN by suppressing periodic RIP updates.

Triggered RIP is not applicable on LANs.

Triggered RIP operationIn compliance with RFC 2091, the Secure Router can store multiple alternative next hops inthe RIP database. Storing multiple next hops ensures the following:

• routing information will not be lost or discarded• all alternative routes are retained• RIP convergence time is decreased by quickly switching over to the stored alternative

path• alternative next hops to a prefix learned by the RIP protocol are saved whether or not the

next hops are preferred in the routing tableWhen you enable the storage of multiple next hops for RIP, the Secure Router can also storeone or more ECMP preferred next hops. This does not impact existing ECMP functionality withRIP.

The multiple next hops for RIP feature is disabled by default.

Triggered RIP (RFC 2091) supports an acknowledgement and retransmission system for theimplementation of RIP for demand circuits.

Triggered RIP supports the following RIP control packet types:

• Update request• Update Response• Update Acknowledgement

RIP fundamentals



When you enable triggered RIP on a WAN bundle or tunnel, the Secure Router transmits RIPupdates on the interface only when one of the following conditions is met:

• If the RIP router receives an update-request packet from a RIP peer, the complete RIPdatabase is sent to the RIP peer.

• If changes occur in the routing database related to any of the RIP interfaces, the modifiedinformation is sent over the triggered RIP interface.

• When a Secure Router is powered on and enabled with RIP for the first time, the completeRIP database is sent to the RIP peer.

When you enable triggered RIP on an interface, the route entries received on the interface aremarked as permanent in the RIP database, and the route entries do not time out.

The implementation of triggered RIP requires that RIP store information about multiple nexthops to any destination. With Triggered RIP enabled and multiple next hops enabled at the‘router rip’ level, RIP can store multiple non-preferred next hops to a destination along withone or more (in case of ECMP) preferred next hops. Storing next hop information that is notpreferred causes RIP to converge faster than normal.

The following diagram shows a branch office (BO) connected to a home office site (HO) bySecure Routers with redundant IPSec tunnels. The primary IPSec tunnel is running over a T1/E1 link and the backup tunnel is running over an ISDN link. RIP is enabled on both the primarytunnel and backup tunnels, with triggered RIP enabled on the backup tunnel.

Figure 11: Triggered RIP on a demand circuit

Multiple next hops operationIn compliance with RFC 2091, the Secure Router can store multiple alternative next hops inthe RIP database. Storing multiple next hops ensures the following:

• routing information will not be lost or discarded• all alternative routes are retained• RIP convergence time is decreased by quickly switching over to the stored alternative

path• alternative next hops to a prefix learned by the RIP protocol are saved whether or not the

next hops are preferred in the routing tableWhen you enable the storage of multiple next hops for RIP, the Secure Router can also storeone or more ECMP preferred next hops. This does not impact existing ECMP functionality with

Triggered RIP


RIP. For example, in the Triggered RIP on a demand circuit diagram above, because of theoffset-list configuration at BO-R, the branch office receives routes announced by HO-1 with ametric of 5, and routes announced by HO-2 with a metric of 10. The higher metric of HO-1routes makes them preferred over HO-2 routes.

With the multiple next hop feature disabled on BO-R, that router discards routes received fromHO-2. Therefore, because triggered RIP is enabled on the backup tunnel, BO-R would neverhave an alternate path if the primary tunnel fails.

With the multiple next hop feature enabled on BO-R, the RIP database on BO-R stores bothnext hops, but feeds only HO-1 routes to the routing table on BO-R. If the primary tunnel fails,RIP finds the alternate path through the backup tunnel to the same prefix, and programs theroute into the routing table on BO-R.

The multiple next hops feature is disabled by default.

Triggered RIP considerations and limitationsWhen you plan to implement the triggered RIP feature, you must be aware of the followingtriggered RIP considerations and limitations:

• Triggered RIP must be enabled on both ends of an interface to function.• Triggered RIP is only supported on bundle and tunnel interfaces.• Triggered RIP cannot be enabled on interfaces configured as passive.• Triggered RIP cannot be enabled on interfaces configured to block send or receive RIP

packets.• Multiple next-hop:

- During redistribution with RIP, if the redistributed prefix clashes with a RIP learntprefix, all the alternative next hops learnt for the prefix are deleted, and all the multiplenext hops learnt by RIP are lost. If the alternative path was enabled with triggeredRIP, the nexthop is lost permanently because periodic RIP updates are suppressedon triggered RIP interfaces. This is also applicable for a RIP originated default route(using the default-information-originate command).

- Multiple next hops are not learned for a redistributed prefix and for the RIP injecteddefault route (using the default-information-originate command at the‘router rip’ level).

- Enabling or disabling of the multiple next hop feature resets the RIP state on allSecure Router interfaces and re-initiates route synchronization with all RIP peers.

RIP scalability enhancementsThe Secure Router can support a hub and spoke topology as a common deployment scenarioto connect multiple Branch Offices (spokes) to a Head Office (hub). This scenario requires theestablishment of VPN tunnels between the hub and spokes and support for dynamic routingprotocols over the VPN tunnels.

Previously, the Secure Router was utilized for applications that required the exchange ofseveral thousand routes, but over few interfaces. Beginning with release 10.3, the hub and

RIP fundamentals



spoke topology can be scaled up to support a larger number of interfaces, but with only a fewroutes exchanged. To facilitate the desired scalability and throughput goals in this scenario,the Secure Router supports a new RIP parameter called default-originate-only.

Default-originate-only is a RIP interface option that you can use to enable the sending of onlya default route through an interface, suppressing all the other routes on a RIP router.

Default route propagationWith the RIP hub and spoke routing topology, each individual spoke (branch office device)must be able to reach every other spoke connected to the same hub (head office). Spokerouters send all routing information to the hub router, but the hub router is not required to sendlearned routing information to all spokes. Instead, the hub router can send only default routinginformation to spoke routers, forcing the spokes to route all outgoing traffic to the hub router.

To achieve this behavior, the Secure Router supports the default-originate-only RIP parameter.This parameter allows a hub interface to send only a default route to the spoke routers insteadof sending all the RIP routes. Enabling this parameter reduces the time required to send routeupdates to each spoke, thereby accelerating convergence.

The reduced time to send updates on each interface allows for the scaling of RIP interfaceson the Secure Router 4134 acting as a hub, from the previous value of approximately 15interfaces to 500 interfaces.

Behavior with triggered RIPIf you enable the default-originate-only parameter on a Secure Router interfacerunning triggered RIP, the router directs the RIP peer to begin timing out all routes previouslysent on that interface. After the RIP peer starts timing out routes, the Secure Router sends adefault route to the peer.

If you disable the default-originate-only parameter on a Secure Router interfacerunning triggered RIP, the router directs the RIP peer to time out the default route previouslysent on that interface. After the RIP peer starts timing out routes, the Secure Router sends allother routes to the peer.

RIP scalability enhancements


RIP fundamentals



Chapter 6: RIP configuration procedures

This section describes how to configure the Routing Information Protocol (RIP) on an Avaya Secure Router2330/4134. Before you configure an interface, you must globally enable RIP for all interfaces. RIPinterfaces that you later create inherit these global configuration property settings. However, to customizeRIP on an interface, you can override the global settings.

This section documents the configuration commands and some operational commands. For a completelist of show, clear, and other operational commands, refer to Avaya Secure Router 2330/4134 CommandLine Reference (NN47263–502).

Enabling RIP globallyEnable RIP to use the Avaya Secure Router 2330/4134 in a RIP network.

Use the no form of this command to disable RIP.

Procedure steps


configure terminal2. Enable RIP.

[no] router rip

Entering key chain management modeUse the following procedure to enter key chain management mode and configure a key chainwith a key chain name.

Procedure steps


configure terminal2. Enter key chain management mode.

key chain <keyname>



Variable Value<keyname> The name of the key chain to manage.

Configuring a keyUse the following procedure to manage, add and delete authentication keys in a key-chain.

Procedure steps



key chain <keyname>3. Configure the key.

key <keyidTable 44: Variable definition


<keyid> The key id number in the range 0 to 21474836647.

Specifying key chain authentication key receive lifetime.Use the following procedure to specify the time period during which the authentication keyreceived on a key chain is received as valid.

Procedure steps




RIP configuration procedures



key <keyid4. Specify the lifetime.

accept-lifetime <start> <end>Table 45: Variable definition

Variable Value<end> Specify the end time using the following rule: {<TIME>|

<duration>|infinite}. Variable as follows:

• TIME - HH:MM:SS DAY MONTH YEAR:

- HH:MM:SS - of the day when accept-lifetime starts, inhours, minutes and seconds.

- DAY - The day of the month to start (1-31)

- MONTH - The month to start specified by the first threeletters, for example, Jan.

- YEAR - The year to start (1993-2035)

• duration - The duration of the key in seconds(1-21474836646)

• infinite - Never expires.

<keyname> The name of the key chain to manage.


<start> Specify the start time in the format HH:MM:SS DAY MONTHYEAR

• HH:MM:SS - of the day when accept-lifetime starts, inhours, minutes and seconds.

• DAY - The day of the month to start (1-31)

• MONTH - The month to start specified by the first threeletters, for example, Jan.

• YEAR - The year to start (1993-2035)

Configuring a key passwordUse the following procedure to define the key password.

Procedure steps


Configuring a key password




key <keyid>4. Configure the key password.

key-string <password>Table 46: Variable definition



<password> A string of characters to be used as a password by the key.

Specifying key chain authentication key send lifetime.Use the following procedure to specify the time period during which the authentication key senton a key chain is received as valid.

Procedure steps




key <keyid>4. Specify the lifetime.

send-lifetime <start> <end>Table 47: Variable definition

Variable Value<end> Specify the end time using the following rule: {<TIME>|

<duration>|infinite}. Variable as follows:




Variable Value

• TIME - HH:MM:SS DAY MONTH YEAR:

- HH:MM:SS - of the day when accept-lifetime starts, inhours, minutes and seconds.

- DAY - The day of the month to start (1-31)

- MONTH - The month to start specified by the first threeletters, for example, Jan.

- YEAR - The year to start (1993-2035)

• duration - The duration of the key in seconds(1-21474836646)

• infinite - Never expires.

<keyname> The name of the key chain to manage.


<start> Specify the start time in the format HH:MM:SS DAY MONTHYEAR

• HH:MM:SS - of the day when accept-lifetime starts, inhours, minutes and seconds.

• DAY - The day of the month to start (1-31)

• MONTH - The month to start specified by the first threeletters, for example, Jan.

• YEAR - The year to start (1993-2035)

Configuring RIP routing on an IP networkUse the following procedure to secify a network as one that runs RIP.

Use the no form of this command to remove the specified network as one that runs RIP.

Procedure steps



router rip3. Enable RIP for the interface.

[no] network {<A.B.C.D/M>|<interface>}

Configuring RIP routing on an IP network



Variable Value<A.B.C.D/M> Specifies the IP address prefix and length of this IP

network.

<interface> Ethernet or WAN interface name. Example: Ethernet0/1 orwan1.

Configuring split-horizonUse the following procedure to configure split horizon to prevent loops by not advertisingerroneous routes from neighbors.


Procedure steps



interface <interface>3. Enable split-horizon with poison reverse.

[no] ip rip split-horizon [poisoned]Table 49: Variable definition

Variable Value<interface> Interface name. Example: Ethernet 0/1

[poisoned] Performs split-horizon with poisoned reverse.

Configuring route redistributionUse the following procedure to redistribute information from other routing protocols.


Procedure steps






router rip3. Redistribute routes.

[no] redistribute {<connected>|<static>|<ospf>|<bgp>}[metric] [routemap]


Variable Value<connected> Redistribute from connected routes

<static> Redistribute from static routes

<ospf> Redistribute from Open Shortest Path First (OSPF)

<bgp> Redistribute from Border Gateway Protocol (BGP)

[metric] Metric <0-16> Specifies metric value to be used inredistributing information

[routemap] Specifies route-map to be used to redistributes information

Configuring timersUse the following procedure to adjust routing network timers.

Use the no form of this command to return to default setting.

Procedure steps



router rip3. Enable timers.

[no] timers basic <update> <timeout> <garbage>Table 51: Variable definition

Variable Value<update> <5-2147483647> Specifies the routing table update timer in

seconds. The default is 30 seconds.

Configuring timers


Variable Value<timeout> <5-2147483647> Specifies the routing information timeout

timer in seconds. The default is 180 seconds. After thisinterval has elapsed and no updates for a route are received,the route is declared invalid.

<garbage> <5-2147483647> Specifies the routing garbage collectiontimer in seconds. The default is 120 seconds. If a routeremains invalid for the period specified by this variable, it ispermanently removed from the routing table.

Configuring distribution of default routesUse the following procedure to specify a default route into RIP.


Procedure steps



router rip3. Distribute a default route.

[no] default-information originate

Configuring the default metric on a redistributed routeUse the following procedure to specify a metric value on a redistributed route.


Procedure steps



router rip3. Set the default metric value.




[no] default-metric <1-16>

Configuring a router neighborUse the following procedure to configure a router neighbor.

Use the no form of this command to disable the specific router.

Procedure steps



router rip3. Enter the address of the neighbor.

[no] neighbor <address>Table 52: Variable definition

Variable Value<address> The address of the neighbor.

Configuring an interface to suppress routing updatesUse the following procedure to configure an interface to suppress routing updates.


Procedure steps



router rip3. Specify the interface you want to suppress routing updates.

[no] passive-interface <interface>

Configuring a router neighbor



Variable Value<interface> The interface you want to suppress routing updates.

Configuring the routing protocol versionUse the following procedure to set the routing protocol version that is used globally by therouter.

Use the no form of this command to restore the default version (v2).

Procedure steps



router rip3. Set the routing protocol version.

[no] version <version>Table 54: Variable definition

Variable Value<version> The routing protocol version, 1 or 2.

Configuring the administrative distanceUse the following procedure to set the administrative distance.


Procedure steps






router rip3. Set the administrative distance.

[no] distance <distancevalue> [A.B.C.D/M [accesslist]]Table 55: Variable definition

Variable Value<distancevalue> The administrative distance value.

Configuring a RIP metricUse the following procedure to add an offset to in and out metrics to routes learned throughRIP.

Use the no form of this command to remove the offset list.

Procedure steps



router rip3. Modify the RIP metric.

[no] offset-list <name> <direction> <metricvalue><interfacename>


Variable Value<name> The access list name.

<direction> Direction of updates. In or out.

<metricvalue> The metric value to modify.

<interfacename> The interface name.

Configuring a RIP metric


Configuring multiple next hops for RIPUse this procedure to enable or disable the storage of multiple alternative next hops to anyprefix in the RIP database.

Procedure steps


configure terminal2. Enter RIP Configuration mode.

router rip3. Configure multiple next hops.

[no] multi-nexthopThe following message appears:

Enable/Disable of multi-nexthop will reset the RIP instance.Do you want to continue? (y/n):

Configuring routing updates to filter networksUse the following procedure to filter incoming or outgoing route updates using the access-listor the prefix-list.


Procedure steps



router rip3. To specify filter information, enter:

[no] distribute-list [<prefix>|<accesslist>] <direction><interface>





Variable Value<prefix> Filter prefixes in routing updates.

<accesslist> The access list name.

<direction> Direction to filter routing updates, in or out.

<interface> The interface name.

Configuring authentication controlUse the following procedure to configure authentication control.

Use the no form of this command to disable the feature.

Procedure steps


configure terminal2. Enter Interface mode:

interface <interface>3. To configure authentication control, enter:

[no] ip rip authentication <authtype>Table 58: Variable definition

Variable Value<authtype> The type of authentication. Possible types are:

• keychain <name of keychain> - Keychainauthentication

• mode <md5|text> - Mode authentication

• string <name of string> - String authentication

Configuring advertisement receptionUse the following procedure to specify the version of RIP that can be received on the interface.This configuration overrides the 'version' command.

Configuring authentication control


Use the no form of this command to use the setting established by the version command.

Procedure steps



interface <interface>3. To configure advertisement reception, enter:

[no] ip rip receive version <version>Table 59: Variable definition

Variable Value<version> Specifies the version of RIP to receive, 1 (RIPv1), 2 (RIPv2),

or 1 2 (both).

Configuring packet reception through an interfaceUse the following procedure to enable receiving packets through a specified interface.


Procedure steps



interface <interface>3. To configure an interface to receive packets, enter:

[no] ip rip receive-packet

Configuring advertisement transmissionUse the following procedure to specify the version of RIP packets that are sent out of aninterface.

Use the no form of this command to use the global RIP version control rules.




Procedure steps



interface <interface>3. To configure advertisement transmission, enter:

[no] ip rip send version <version>Table 60: Variable definition

Variable Value<version> The RIP version to send. Possible values are:

• 1 (RIPv1)

• 2 (RIPv2)

• 1-compatible

Configuring packet transmission through an interfaceUse the following procedure to enable sending packets through the specified interface.


Procedure steps



interface <interface>3. To enable packet sending on the interface, enter:

[no] ip rip send-packet

Configuring packet transmission through an interface


Sending v1 packets to another RIP interfaceUse the following procedure to send RIP version 1 compatible packets from a version 2 RIPinterface to other RIP interfaces. This method forces RIPv2 to broadcast packets instead ofmulticasting them.

Use the no form of this command to use the global RIP version control rules.

Procedure steps



interface <interface>3. To enable packet sending on the interface, enter:

[no] ip rip send version 1-compatible

Displaying RIP configurationUse the following procedure to display RIP process parameters and statistics.

Procedure steps

Show RIP protocol information.

show ip protocols rip

Displaying all configured RIP interfacesUse the following procedure to display information about all configured RIP interfaces. Youcan specify an interface name to display information about a specific interface.

Procedure steps

Show RIP interface information.




show ip rip interface <interface>

Displaying RIP informationUse the following procedure to display RIP routes.

Procedure steps

Show RIP information.

show ip rip

Displaying the RIP databaseUse the following procedure to show the RIP database.

Procedure steps

Show the RIP database.

show ip rip database

Clearing the RIP routing tableUse the following procedure to clear the RIP routing table.

Procedure steps

Clear the RIP routing table.

clear ip rip route [<A.B.C.D/M>|static|connected|rip|ospf|bgp|all]


Variable Value<A.B.C.D/M> Removes entries which exactly match this destination

address from RIP routing table.

static Removes static entries from the RIP routing table.

connected Removes entries for connected routes from the RIP routingtable.

Displaying RIP information


Variable Valuerip Removes only RIP routes from the RIP routing table.

ospf Removes only OSPF routes from the RIP routing table.

bgp Removes only BGP routes from the RIP routing table.

all Clears the entire RIP routing table.

Resetting prefix-list entriesUse the following procedure to reset the hit count to zero in the prefix-list entries.

Procedure steps

Reset the hit counter to zero.

clear ip prefix-list <word> <A.B.C.D/M>Table 62: Variable definition

Variable Value<A.B.C.D/M> Removes entries which exactly match this destination

address from RIP routing table.

<word> The name of the prefix list.

Triggered RIP configurationThe information in this section describes the steps you can use to configure triggered RIP fora Secure Router tunnel interface or an interface bundle.

Configuring triggered RIP for an interface tunnelUse this procedure to enable or disable triggered RIP for an interface tunnel. Triggered RIP isdisabled by default.

Procedure steps


configure terminal2. Select an interface tunnel:




interface tunnel <tunnel_name>3. To enable or disable triggered RIP for the tunnel, enter:

[no] ip rip triggered [retransmit-interval <5 | 20> | poll-interval <5 | 180>]

Variable definitions

Variable Value

retransmit-interval <5 – 20> Specifies the request and responseretransmit interval. Values range fro 5 to 20seconds. The default value is 5 seconds.

poll-interval <5 – 180> Specifies the poll interval. Values range from5 to 180 seconds. The default value is 10seconds.

Configuring triggered RIP for an interface bundleUse this procedure to enable or disable triggered RIP for an interface bundle. Triggered RIPis disabled by default.

Procedure steps

1. Enter Configuration Mode.


interface bundle <bundle_name>3. To enable or disable triggered RIP for the bundle, enter:

[no] ip rip triggered [retransmit-interval <5 | 20> | poll-interval <5 | 180>]

Variable definitions

Variable Value

retransmit-interval <5 – 20> Specifies the request and responseretransmit interval. Values range from 5 to 20seconds. The default value is 5 seconds.

poll-interval < 5 – 180> Specifies the poll interval. Values range from5 to 180 seconds. The default value is 10seconds.

Triggered RIP configuration


Triggered RIP configuration examples

Configuration example — Triggered RIP implementation on a demand circuit

Triggered RIP support is required to suppress periodic RIP update messages when RIP isenabled on ISDN interfaces.

In the following diagram, the branch office (BO) is connected to the home office site (HO) bySecure Routers with redundant IPSec tunnels. One IPSec tunnel is running as the primarytunnel over a T1/E1 link and the backup tunnel is running over an ISDN link. RIP is enabledon both the primary tunnel and the backup tunnel between the BO and HO Secure Routers.The backup tunnel between HO-R2 and BO-R is enabled with Triggered RIP.

Figure 12: Triggered RIP implementation on a demand circuit

Routes received over the primary and backup tunnels are differentiated by attaching theinterface specific metric to the received routes, using the RIP offset-list feature. This ensuresthat routes learned over the primary tunnel have a higher precedence than routes receivedover the backup tunnel and data traffic from BO chooses the primary tunnel over the backuptunnel.

During the BO router bootup, RIP directs packets across the backup tunnel, which brings upthe ISDN link. After RIP synchronization is complete RIP becomes quiet on the backup tunneland data traverses the primary tunnel. After the ISDN idle timeout is exhausted, the ISDN linkbrings itself down. BO and HO RIP routes are synchronized over the primary tunnel.

If there are any subsequent changes to the RIP routing database on BO or HO routers thatrequire the propagation of information about the change to the RIP peer over the backup tunnel,the ISDN link is brought up and closed after the synchronization is complete.

If the primary tunnel fails, routes learned over the backup tunnel (those with a higher metric)are activated and directed to the FIB. The backup ISDN circuit is activated to send the changedRIP routing information and over the backup tunnel and to transmit data between BO and HOas required.




Configuration stepsTo configure the branch office branch office Secure Router (BO-R) in the Triggered RIPimplementation on a demand circuit diagram above, perform the following steps.

1. To configure the Ethernet interface, enter:configure terminalinterface ethernet 0/2ip address 100.1.1.1 24exit

2. To configure the primary interface bundle, enter:interface bundle PRIMARYlink t1 2/1encapsulation pppip address 10.0.0.1 24exit

3. To configure the ISDN interface bundle, enter:interface bundle ISDNlink bri 2/1:1-2encapsulation pppip address 20.0.0.1 24isdncallednum 121212exit isdnexit

4. To configure the primary tunnel, enter:interface tunnel primip address 110.0.0.1 24tunnel source 10.0.0.1tunnel destination 10.0.0.2exit

5. To configure the backup tunnel, enter:interface tunnel backip address 120.0.0.1 24ip rip triggeredtunnel source 20.0.0.1tunnel destination 20.0.0.2exit

6. Configure the primary and backup IP routesip route 10.0.0.0/24 PRIMARYip route 20.0.0.0/24 ISDN

7. To configure RIP, enter:access-list rip permit any router rip network primnetwork backredistribute connectedoffset-list rip in 5 primoffset-list rip in 10 backexit

Triggered RIP configuration


Configuration example — Triggered RIP on any Point-to-Point interface

When triggered RIP is enabled on any point to point interface, control traffic is significantlyreduced, increasing the effective available bandwidth for data traffic on that interface.

In the following diagram, the branch office (BO) has a Secure Router with an IPSec tunnel tothe home office (HO) router, running over a T1/E1 link. Triggered RIP is enabled on the tunnelinterface for both BO and HO routers.

Figure 13: Triggered RIP on any Point-to-Point interface

During the BO router bootup, the RIP protocol directs packets across the tunnel. After RIPsynchronization is complete, RIP becomes quiet on the tunnel. After initial RIP synchronization,if there are any subsequent changes to the RIP routing database on BO or HO routers thatrequire the propagation of information about the change to the RIP peer, only RIP sends routeupdates over the tunnel.

Configuration stepsThe following steps provide sample configuration for the branch office Secure Router (BO-R)in the point-to-point interface shown in the Triggered RIP on any Point-to-Point interfacediagram above.

1. To configure the Ethernet interface, enterinterface ethernet 0/2ip address 100.1.1.1 24exit

2. To configure the WAN interface bundle, enter:interface bundle wanlink t1 2/1encapsulation pppip address 10.0.0.1 24exit

3. To configure the tunnel, enter:interface tunnel boToHoip address 110.0.0.1 24ip rip triggeredtunnel source 10.0.0.1




tunnel destination 10.0.0.2exit

4. To configure the WAN IP route, enter:ip route 10.0.0.0/24 wan

5. To configure RIP, enter:router ripnetwork boToHoredistribute connectedexit

Configuring multiple next hops for RIPUse this procedure to enable or disable the storage of multiple alternative next hops to anyprefix in the RIP database.

Procedure steps


configure terminal2. Enter RIP Configuration mode.

router rip3. Configure multiple next hops.

[no] multi-nexthopThe following message appears:

Enable/Disable of multi-nexthop will reset the RIP instance.Do you want to continue? (y/n):

RIP scalability enhancements configurationThe information in this section describes the steps required to configure RIP scalabilityenhancements for Secure Router tunnel interfaces, interface bundles, Ethernet interfaces, andVLANs.

Configuring default-originate-only for a tunnel interfaceUse this procedure to enable or disable the ability for a Secure Router to send only default RIProute information to a network peer over tunnel interfaces.

Configuring multiple next hops for RIP


Procedure steps



interface tunnel <tunnel_name>3. To enable or disable RIP route default originate only, enter:

[no] ip rip default-originate-only [metric <1 | 15>]Variable definitions

Variable Value

metric <1 – 15> Specifies the metric value to be used inredistributing information. Values range from1 to 15.

Configuring default-originate-only for an interface bundleUse this procedure to enable or disable the ability for a Secure Router to send only default RIProute information to a network peer on an interface bundle.

Procedure steps



interface bundle <bundle_name>3. To enable or disable RIP route default originate only, enter:

[no] ip rip default-originate-only [metric <1 – 15>]Variable definitions

Variable Value

metric <1 – 15> Specifies the metric value to be used inredistributing information. Values range from1 to 15.




Configuring default-originate-only for an Ethernet interfaceUse this procedure to enable or disable the ability for a Secure Router to send only default RIProute information to one or more network peers on an Ethernet interface.

Procedure steps


configure terminal2. Select an Ethernet interface:

interface ethernet <ethernet_name>3. To enable or disable RIP route default originate only, enter:

[no] ip rip default-originate-only [metric <1 | 15>]

Configuring default-originate-only for a VLANUse this procedure to enable or disable the ability for a Secure Router to send only default RIProute information to one or more network peers on a VLAN.

Procedure steps


configure terminal2. Select a VLAN:

interface vlan <vlan_name>3. To enable or disable RIP route default originate only, enter:

[no] ip rip default-originate-only [metric <1 | 15>]Table 63: Variable definition

Variable Valuemetric <1 – 15> Specifies the metric value to be used in redistributing

information. Values range from 1 to 15.

Configuration example — RIP scalability enhancementsYou can use the default-originate-only parameter to configure a RIP interface on aSecure Router to send only the default route to a network peer.

RIP scalability enhancements configuration


In the following diagram, hub and spoke routing topology is used to connect the hub SecureRouter at the head office (HO-R) to three branch office Secure Routers (B0-1, B0-2, and B0-3).The branch office routers are the spokes.

Figure 14: RIP scalability enhancements

With default-originate-only enabled on the interfaces between HO-R and BO-1, BO-2,and BO-3, only the default route is sent periodically from HO-R to the BO spokes. However,BO-1, BO-2, and BO-3 send their RIP routes to HO-R, which maintains and propagates thisinformation further into the RIP cloud.

For the RIP topology shown in the RIP scalability enhancements figure, where all theinterfaces have default-originate-only enabled, if triggered RIP is enabled and a RIPinterface on BO-2 (Ethernet 0/2) goes down, the following steps occur:

• BO-2 sends an update to HO-R, reporting that the Ethernet 0/2 route is down with a metricof 16.

• The HO-R database is updated, but HO-R does not send a triggered update on any ofthe interfaces because all the interfaces have default-originate-only enabled.

Configuration stepsTo configure the head office Secure Router (HO-R) for the scenario shown in the RIPscalability enhancements diagram above, perform the following steps.

1. To configure the Ethernet interface, enter:configure terminalinterface ethernet 0/2ip address 100.1.1.1 24exit

2. To configure the WAN interface bundle, enter:interface bundle wanlink t1 2/1encapsulation pppip address 10.0.0.1 24exit

3. To configure the interface tunnel between HO-R and BO-1, enter:interface tunnel hoToBo1ip address 110.0.0.1 24




ip rip default-originate-onlytunnel source 10.0.0.1tunnel destination 11.0.0.2exit

4. To configure the interface tunnel between HO-R and BO-2, enter:interface tunnel hoToBo2ip address 120.0.0.1 24ip rip default-originate-onlytunnel source 10.0.0.1tunnel destination 12.0.0.2exit

5. To configure the interface tunnel between HO-R and BO-3, enter:interface tunnel hoToBo3ip address 130.0.0.1 24ip rip default-originate-onlytunnel source 10.0.0.1tunnel destination 13.0.0.2exit

6. To configure the WAN IP routes, enter:ip route 11.0.0.0/24 wan ip route 12.0.0.0/24 wanip route 13.0.0.0/24 wan

7. To enable RIP on the interface tunnels, enter:router ripnetwork hoToBo1network hoToBo2network hoToBo3redistribute connectedexit

RIP scalability enhancements configuration





Chapter 7: OSPF fundamentals

Open Shortest Path First (OSPF) is a link state protocol that determines the best path for routing IP trafficover a TCP/IP network based on distance between nodes and several quality parameters. OSPF providesless router-to-router update traffic than the RIP protocol, which is a distance vector protocol.

OSPF summaryOpen Shortest Path First (OSPF) is a dynamic, hierarchical protocol designed to supportrouting in an IP network within a single autonomous system (AS). OSPF is a link state protocolthat uses configurable metrics associated with the speed, reliability, and delay of a network.OSPF also supports policy-based routing within an AS.

The Avaya Secure Router 2330/4134 implementation of OSPF uses a process-id forsupporting multiple instances of OSPF in the same system. The process-id has only localsignificance and is a number between 1 and 65535.

Hierarchical elementsAn OSPF network consists of an AS, areas, and routers.

An OSPF area is an IP subnet, typically identified by a unique IP subnetwork (subnet) number,also called the area ID. OSPF hides the topology of an area from the rest of the AS, facilitatinga significant reduction in routing (overhead) traffic within the AS, and protecting routers withinthe area from bad routing data.

OSPF routers reduce and restrict the amount of internal and external link state information thatis flooded through the AS by dividing the AS into areas. The central area, called a backbone,distributes link state information among areas.

Neighbors can form an adjacency for exchanging link state information. When two routers forma full adjacency, they go through a process called database exchange to synchronize theirtopological databases. When their databases are synchronized, the routers are said to be fullyadjacent. From this point on, only link state information is passed between the routers, thusconserving bandwidth. Routers connected by a point-to-point network always form anadjacency. Also, every router on a multiaccess network forms an adjacency relationship withthe designated router and the backup designated router.


OSPF supports point-to-point and broadcast interfaces. Interfaces are also known as links.Two OSPF routers that each have an interface to the same network are called neighbors.Routers that have interfaces to at least two areas are Area Border Routers (ABRs). Routersthat have interfaces to at least two different ASs are Autonomous System Boundary Routers(ASBRs). When two or more areas exist, the backbone area must be one of the areas.

Designated and backup designated routersWhen OSPF runs over a broadcast medium, it elects one router on that medium to serve asdesignated router (DR). This router floods routing information for that network segment intothe network.

Also on a broadcast medium, OSPF elects a backup designated router (BDR). If the DR fails,the BDR assumes the responsibilities of the DR.

Each router running OSPF has a configurable priority setting for DR/BDR election. OSPF electsas DR the router with the highest priority value. A priority value of 0 means that a router is noteligible to be the DR. Once elected, the DR choice remains, even if a better router comes intothe network. No DR election recurs unless the current DR and its BDR fails.

Link state databaseWhen an OSPF router first joins a network, it uses the OSPF Hello protocol to discover itsneighbors. Neighbors may form adjacencies for the purpose of exchanging routing information.Not all neighbor pairs can become adjacent. Adjacencies form by synchronizing the neighbors’topology databases through the database exchange process. Two routers become fullyadjacent by fully synchronizing their topology databases. Only adjacent routers exchangerouting information, thereby conserving bandwidth. Also, an authentication mechanismprevents unauthorized neighbors from establishing adjacencies.

Each OSPF router generates state information about its directly connected links (interfaces)and adjacencies and advertises this information in Link State Advertisement (LSA) packets.Other routers receive the LSAs, learn this information, and flood it throughout the areas inwhich they have interfaces. Each OSPF router builds a Link State Database (LSDB) from thisinformation. Each ABR has one LSDB for each area in which it has an interface.

Each OSPF router uses its LSDB to calculate the shortest path to each destination in the AS,with itself at the root of each path. This is accomplished by means of Dijkstra’s Shortest PathFirst (SPF) algorithm. The SPF tree, also known as the best path tree, is then submitted to therouting table as OSPF routes. When a network topology change occurs, OSPF recalculatesthe shortest path tree. The network has converged when all OSPF routers have recalculatedtheir routing tables as a result of a change in the topology.

OSPF fundamentals



LSA typesTo achieve and maintain convergence among routers within the AS, OSPF floods differentLSA types into the routing domain. Every LSA has a Link State ID (LSID) field.

Table 64: LSA types

Type 1 LSA (RouterLSA)

Originated by each router in an area. A single router LSA describesthe state and cost of all the router's links (interfaces) to the area. TheLSID contains the router ID of the originating router.

Type 2 LSA (NetworkLSA)

Originated by the DR for each broadcast network to describe all therouters attached to the network, including the DR itself. The LSIDcontains the IP interface address of the designated router for thenetwork.

Type 3 LSA (ABRSummary LSA)

Originated by ABRs to describe routes to networks within the area,facilitating the summarization (condensation) of routing informationat area borders. The LSID contains the destination IP networknumber of the originating ABR.

Type 4 LSA (ASBRSummary LSA)

Originated by ASBRs to describe routes to AS boundary routers,facilitating the summarization (condensation) of routing informationat AS boundaries. The LSID contains the router ID of the originatingASBR.

Type 5 LSA(ASexternal LSA)

Originated by ASBRs to describe routes to destinations external tothe AS, and to describe a default route for the AS. Routers internalto the AS use the default route when no specific route exists to theexternal destination. The LSID contains either the default route(0.0.0.0) or the specific network number of the externaldestination.

Type 7 LSA (NSSAASexternal LSA)

Originated by ASBRs to describe routes to destinations external tothe AS, only for routers within an NSSA. NSSA ABRs translate theseType 7 LSAs to Type 5 LSAs and flood them into the OSPFbackbone area.

Type 10 LSA (OSPFopaque LSA)

Carries traffic engineering parameters. These parameters are usedin CSPF (Constrained Short Path First) calculations to provide a bestpath for traffic engineering applications such as RSVP-TE.

Backbone areaThe OSPF backbone area is the special OSPF Area 0 (often written as Area 0.0.0.0). TheOSPF backbone always contains all area border routers. The backbone is responsible fordistributing routing information between non-backbone areas. The backbone (connectivity)

LSA types


must be contiguous. However, it need not be physically contiguous; backbone connectivity canbe established/maintained through the configuration of virtual links.

Stub areasA stub area is an OSPF area that does not import external routing information, but may importinter-area route summaries. However, route summaries for this stub area are still originatedby the ABR to the backbone. Routing from this type of area to networks outside of the area isbased on a default route originated by the area’s ABR into the stub area. All routers inside astub area must be configured as stub routers. ASBRs cannot be configured as stub routersbecause, in that case, external routing information would not be flooded into the area. Also, astub area cannot be used as a transit area for virtual links.

The Avaya Secure Router 2330/4134 supports stub areas and the ability to advertise a defaultroute with a metric, as well as the option of importing summary routes into the area. By default,summary routes are imported into stub areas, and a default route is flooded into the area. Anadministrator can prevent this behavior and disallow the import of summary LSAs.

Not-so-stubby areas (NSSAs)A not-so-stubby area (RFCs 1587 and 3101) is an OSPF area that allows external routes tobe flooded (advertised) into the area as Type-7 LSAs from an ASBR connected to the NSSA.In this case, the ASBR originates the Type- 7 LSA and floods it into the NSSA from externalnetwork destinations. The NSSA ABR translates each Type-7 LSA into a Type-5 LSA andfloods it into the adjacent area. Unlike stub areas, all OSPF summary routes (Type-3 LSAs)can be imported into the NSSA area. An administrator can disable the import mechanism. Ifdisabled, OSPF sends a default summary.

A default route cannot be originated into the area as a Type-3 LSA, but rather as a Type-7LSA. This avoids the situation where the router prefers a Type-3 default route over a morespecific Type-7 route.

Transit areasA transit area supports virtual links to other areas disconnected from the OSPF backbone.

OSPF fundamentals



Virtual linksA virtual link consists of two ABRs, a transit area across which virtual link data can pass, andthe logical connection between the two ABRs. A virtual link through a transit area allows OSPFto distribute inter-area route summaries and external routing information.

With virtual links, OSPF can remove topological restrictions on area layout within an AS. Shouldthe backbone area become disconnected, some areas of the AS may become unreachable.Virtual links can be used to avoid or work around this problem and allow such areas to maintainconnectivity to the backbone.

On either end of the virtual link to a remote area, configure the router ID of the remote ABRand the area ID of the intervening transit area. OSPF treats the virtual link as a point-to-pointnetwork belonging to the backbone and linking the two ABRs. Virtual links cannot be configuredthrough a stub area or NSSA area.

Area ranges (route summarization)To reduce the number of advertisements for networks contained within an area configured onan OSPF router, configure an area range, which is a contiguous range of network addressescontained within an area. Configure multiple contiguous ranges for any OSPF ABR in yournetwork. The router can advertise these as summary routes associated with a specific OSPFarea.

Route redistribution (exportation) and policyAn OSPF router uses export policies to determine which non-OSPF routes to redistribute(export) into the OSPF routing domain. For example, an OSPF ASBR uses an export policy todetermine which non-OSPF routes to redistribute into the OSPF AS, as external routes.

The Avaya Secure Router 2330/4134 export policies support matching conditions and actionsthat you can apply only at the OSPF global level. By default, if you do not explicitly referencea configured export policy, OSPF imports all routes from the protocol.

Virtual links


OSPF inbound filteringThe Secure Router supports both outbound and inbound OSPF filtering.

• Outbound filtering uses route maps to filter outgoing routes that are sent by the OSPFredistribute command.

• Inbound filtering also uses route maps, but they are used to filter incoming OSPF routesand block them from being sent into the routing table. The new OSPF distribute-list command accepts a route map to specify what routes to accept.

Both commands accept route-map, which consists of access list entries of routes to permitand deny.

For information on configuring this feature, see Configuring OSPF inbound filtering onpage 144.

SecurityOSPF supports two authentication types: simple password authentication and MD5cryptographic authentication. When configured, these mechanisms prevent unauthorizedrouters from forming adjacencies with the routing entity.

The Avaya Secure Router 2330/4134 supports simple password and MD5 for OSPF security.(The default is none.) You can configure authentication at the OSPF area and individualinterface levels of the configuration hierarchy. Configuring security at a lower level of the OSPFhierarchy overrides security configured at the next-higher level of the hierarchy.

ECMPThe OSPF protocol maintains and evaluates multiple equal-cost routes to all destinations. Allof the multiple routes are of the same type (for example, intra-area, inter-area, type 1 external,or type 2 external), cost, and area association. However, each route may specify a differentnext hop and advertising router. For broadcast networks, the next hop includes the IP addressof the next router (if any) in the path toward the destination.

The OSPF standard states no requirement that a router keep track of all possible equal-costroutes to a destination, but the Avaya Secure Router 2330/4134 tracks and evaluates up toeight ECMP routes.

OSPF submits ECMP routes to the routing table, but is not affected by the ECMP configuredlimit, which only determines the number of ECMP routes downloaded to the forwarding

OSPF fundamentals



information base (FIB) table of best routes. When more than eight ECMP paths exist to adestination, the FIB of the routing engine contains only the first eight routes that OSPFsubmitted.

Router IDOSPF uses the router ID in LSAs. Because router ID is a critical attribute that must be a uniqueloopback address within the network, OSPF restarts when the router ID changes. The AvayaSecure Router 2330/4134 restarts OSPF if an administrator changes the router ID.

Cost metricOSPF uses metrics to calculate the cost of the paths. Specifically, two configurable parametersrelate to the cost: the reference bandwidth, and the metric. The link terminated by any OSPFinterface has some inherent available bandwidth that determines its relative cost whencalculating best routes to any IP destination. This applies to any link between OSPFneighbors.

OSPF uses the reference bandwidth as a basis for indicating the cost (relative bandwidthcapability) of any OSPF area interface. By default, the reference bandwidth for OSPF is100,000,000 b/s (100 Mb/s), and the cost of any OSPF interface is (reference_bandwidth/link_bandwidth), resulting in a unitless or relative cost metric value. Each OSPF interface hasa default cost metric value of 1, but the implied bandwidth of the interface depends on thereference-bandwidth and link-bandwidth values.

On the Avaya Secure Router 2330/4134, you can accept the default reference-bandwidth valueor configure a more accurate value as the basis for all OSPF interface costs:

• If you configure a metric, then the cost assumes the metric value, irrespective of whetheryou configured a reference bandwidth value.

• If a reference bandwidth has been configured, then OSPF computes the cost as(reference bandwidth/link bandwidth), where link bandwidth is that of the underlying layer2 interface.

• If both metric and reference bandwidth have not been configured, then the redistributedroutes have a default metric value of 10, which can also be configured manually.

Router ID


Passive interfacesOSPF allows a directly attached interface to be configured as a passive interface or passivelink. OSPF does not run on a passive interface, but OSPF running globally on the routingengine still advertises the interface as an internal route.

A passive interface is different from disabling OSPF on an interface. OSPF advertises passiveinterfaces and does not advertise disabled interfaces.

A passive interface is also different from exporting a directly attached route into OSPF. OSPFadvertises passive interfaces as OSPF internal routes.

OSPF demand circuitsOSPF demand circuits are point-to-point links. The costs vary with usage. An example is anISDN basic-rate service, whereby charges can be based both on connect time and on bytes/packets transmitted.

OSPF routers transmit two types of routing protocol traffic. First, the routers send Hello packetsover each link periodically for neighbor discovery and maintenance. Second, routers exchangeOSPF LSAs to achieve and maintain link-state database synchronization. The OSPF demandcircuit extensions remove the periodic nature of both traffic types. These extensions reducethe amount of OSPF routing traffic, by removing all OSPF protocol traffic from demand circuitsafter the routing domain is in a steady state. The OSPF demand circuit extensions are specifiedin RFC 1793. With demand circuits, routers send OSPF Hellos and LSAs until thesynchronization of the initial link-state database. To remove the periodic nature of OSPFdatabase synchronization, the router does not flood periodic refreshes of LSAs over thedemand circuits. When a router receives a new LSA instance, it compares the contents of thenew instance with the current LSA copy in the router database. If the contents have notchanged, the router does not flood the new LSA over attached demand circuits. If the contentsof an LSA change, the router floods the LSA over the demand circuit.

When a router suppresses LSAs on the demand circuit, there is no LSA refresh. In this case,the neighboring routers normally age out the LSAs. To prevent the routers on the other sideof the demand circuit from aging out an LSA, the router indicates that the LSA must not beaged by setting the DoNotAge bit when flooding the LSA over the demand circuit. TheDoNotAge bit is a significant bit in the LSA Age field. LSAs that have the DoNotAge bit set arenot aged because the router holds them in the OSPF link-state database.

LSAs in regular OSPF areas can have the DoNotAge set only if every router in the OSPFdomain is capable of DoNotAge processing. If a router in a remote regular area cannot processDoNotAge LSAs, this information must be conveyed to all other Demand Circuit capablerouters, so that they do not mistakenly flood DoNotAge LSAs. To achieve this, area border

OSPF fundamentals



routers transmit the existence of DoNotAge-incapable routers across area boundaries, usingindication-LSAs after one of the attached areas receives an LSA from a DoNotAge-incapablerouters. Indication-LSAs are type-4-summary LSAs (also called ASBR-summary-LSAs), listingthe area border router itself as the described ASBR, with the LSA cost set to LSInfinity and theDC-bit set to clear.

OSPF NBMA over EthernetThe Secure Router 2330/4134 supports OSPF non-broadcast multi-access (NBMA) overEthernet. While it is well known that OSPF operates in peer-to-peer and broadcast networks,its role in another kind of network can be just as important. A non-broadcast network operatesbetween point-to-point and broadcast networks, and does not include broadcast or multicastfunctionality. Its purpose is to connect more than two devices to the same physical mediadevice and, by nature, it is multi-access. Some examples of this are Frame Relay networks,ATM networks and x.25 networks.

To achieve this functionality, some components of OSPF have been modified in an attempt tomirror functionality found in OSPF broadcast networks. Two modes of operation on these typesof OSPF networks are NBMA and P2MP. When using NBMA, operation over a broadcastnetwork is emulated by OSPF. The NBMA network has a router designated to originate anetwork LSA. NBMA mode is the most efficient way to run OSPF over non-broadcast networks,both in terms of link-state database size and in terms of the amount of routing protocoltraffic.

When deploying OSPF on a network, neighbor discovery is achieved using multicast hellopackets. Designated Routers (DR) and Backup Designated Routers (BDR) are elected for eachmulticast network to optimize adjacency building. All routers in a segment communicate directlywith a DR or BDR for proper adjacency. For a neighbor to be successfully discovered on asegment, broadcast and multicast packet sending must be allowed on the network.

When using NBMA technology, neighbors are not discovered automatically due to the non-broadcast nature of the feature. Instead, OSPF attempts to designate a DR and a BDR, butthe election fails because no neighbors are discovered. To overcome this issue, neighborsmust be manually configured.

Broadcast vs non-broadcast networksOne difference between broadcast and non-broadcast networks is in the functionality of thehello protocol. On a broadcast network, a router advertises itself using hello packets allowingitself to be discovered dynamically. These packets include the router's DR identity and a listof routers who have recently sent Hello packets. On NBMA networks, some configuration musttake place before successful operation of the hello protocol. Routers that are potential DRshave a list of all other routers currently attached. If a DR candidate, a router sends Hello packetsto other candidates in an attempt to find a DR. If elected DR, a router sends hello packets toall other routers on the network. To minimize the number of hello packets sent, the number ofeligible routers on a NBMA network should be kept to a minimum.

OSPF NBMA over Ethernet


The behavior of router's hello packet sending depends on its status as potential DR. If eligible,it must send hello packets to eligible neighbors periodically. If the router becomes the DR orBDR, it expands distribution of hello packets to include all neighbors, regardless of eligibility.If a router is not eligible, it must send hello packets to the DR and BDR periodically, along withsending a reply hello packet to any hello packet received from an eligible neighbor. Frequencyof hello packets depends on a neighbor's state. When down, hello packets are sent at PollInterval, otherwise they are sent at Hello Interval.

Another difference comes when identifying a neighbor address. In a point-to-point network orvirtual link, the neighbor is identified by router ID. However, in a broadcast, point-to-multipointor NBMA network, the neighbor is identified by IP source address.

Finally, in an OSPF operation specific to NBMA, OSPF generates a start event to a neighborafter the neighbor command is issued. Then hello packets begin to be sent to a neighbor usingthe Hello Interval as a frequency. This causes the neighbor to receive an ATTEMPT messagethat indicates no recent information has been received from the neighbor and that a greatereffort is to be to contact that neighbor. To achieve this, up to four hello packets are sent to theneighbor. If no response is received, a DOWN state is entered, where packet frequency isreduced to that of the Poll Interval.

Open Shortest Path FirstOpen Shortest Path First (OSPF) is an Interior Gateway Protocol (IGP) that distributes routinginformation between routers belonging to a single autonomous system (AS). Intended for usein large networks, OSPF is a link state protocol, which supports IP subnets and the tagging ofexternally derived routing information.


• Overview on page 111• Benefits on page 111• OSPF routing algorithm on page 111• Autonomous system and areas on page 112• Neighbors on page 114• OSPF routers on page 114• Router types on page 115• OSPF interfaces on page 116• OSPF and IP on page 117• OSPF packets on page 117• AS external routes on page 119• OSPF virtual links on page 119

OSPF fundamentals



• Specifying ASBRs on page 120• Metric speed on page 121

OverviewIn an OSPF network, each router maintains a link state database that describes the topologyof the autonomous system (AS). The database contains the local state for each router in theAS, including the router's usable interfaces and reachable neighbors. Each router periodicallychecks for changes in its local state and shares any changes detected by flooding link stateadvertisements (LSA) throughout the AS. Routers synchronize their topological databasesbased on the sharing of information from LSAs.

From the topological database, each router constructs a shortest-path tree, with itself as theroot. The shortest-path tree gives the optimal route to each destination in the AS. Routinginformation from outside the AS appears on the tree as leaves.

OSPF routes IP traffic based solely on the destination IP address and subnet mask, and IPTOS contained in the IP packet header.

BenefitsIn large networks OSPF offers the following benefits:

• Fast convergence

In the event of topological changes, OSPF recalculates routes quickly.

• Minimal routing protocol traffic

Unlike distance vector routing protocols such as RIP, OSPF generates a minimum ofrouting protocol traffic.

• Load sharing

OSPF provides support for equal-cost multipath routing. If several equal-cost routes to adestination exist, traffic is distributed equally among them.

OSPF routing algorithmA separate copy of the OSPF routing algorithm (Dijkstra) runs in each area. Routers that areconnected to multiple areas run multiple copies of the algorithm. The sequence of processesgoverned by the routing algorithm is as follows:

Open Shortest Path First


1. When a router starts, it initializes the OSPF data structures and then waits forindications from lower-level protocols that the router interfaces are functional.

2. A router then uses the Hello Protocol to discover neighbors. On point-to-point andbroadcast networks the router dynamically detects its neighbors by sending hellopackets to the multicast address AllSPFRouters.

3. On all multiaccess networks (broadcast or nonbroadcast), the Hello Protocol alsoelects a designated router (DR) for the network.

4. The router attempts to form adjacencies with some of its neighbors. On multiaccessnetworks, the DR determines which routers become adjacent. This behavior doesnot occur if a router is configured as a passive interface, because passive interfacesdo not form adjacencies.

5. Adjacent neighbors synchronize their topological databases.

6. The router periodically advertises its link state, and also does so when its local statechanges. LSAs include information about adjacencies, enabling quick detection ofdead routers on the network.

7. LSAs are flooded throughout the area, ensuring that all routers in an area haveexactly the same topological database.

8. From this database each router calculates a shortest-path tree, with itself as root.This shortest-path tree in turn yields a routing table for the protocol.

Autonomous system and areasThe autonomous system (AS) can be subdivided into areas that group together contiguousnetworks, routers connected to these networks, and attached hosts. Each area has its owntopological database, which is invisible from outside the area. Routers within an area knownothing of the detailed topology of other areas. Subdividing the AS into areas significantlyreduces the amount of routing protocol traffic as compared to treating the entire AS, as a singlelink state domain.

You can attach a router to more than one area. When you do so, you can maintain a separatetopological database for each connected area. Two routers within the same area maintain anidentical topological database for that area. Each area is assigned a unique area ID and thearea ID 0.0.0.0 is reserved for the backbone area.

Packets are routed in the AS based on their source and destination addresses. If the sourceand destination of a packet reside in the same area intra-area routing is used. If the sourceand destination of a packet reside in different areas inter-area routing is used. Intra-area routingprotects the area from bad routing information because no routing information obtained fromoutside the area can be used. Inter-area routing must pass through the backbone area, whichis described in the following section.

OSPF fundamentals




• Backbone area on page 113• Stub area on page 113• Not so stubby area (NSSA) on page 114

Backbone area

The backbone area consists of the following network types:

• Networks and attached routers that are not contained in any other area

• Routers that belong to multiple areas

The backbone is usually contiguous but you can create a noncontiguous area by configuringvirtual links.

You can configure virtual links between any two backbone routers that have an interface to acommon nonbackbone area. Virtual links belong to the backbone and use intra-area routingonly. For more information on virtual links, see OSPF virtual links on page 119.

The backbone is responsible for distributing routing information between areas. The topologyof the backbone area is invisible to other areas, while it knows nothing of the topology of thoseareas.

In inter-area routing, a packet travels along three contiguous paths in a point-to-multipointconfiguration, as follows:

1. An intra-area path from the source to an area border router (ABR)

2. A backbone path between the source and destination areas

3. Another intra-area path to the destination

The OSPF routing algorithm finds the set of such paths that has the smallest cost. The topologyof the backbone dictates the backbone paths used between areas. Inter-area paths areselected by examining the routing table summaries for each connected ABR. The OSPFbehavior was modified according to OSPF standards so that OSPF routes cannot be learnedthrough an area border router (ABR) unless it is connected to the backbone or through a virtuallink.

Stub area

A stub area is configured at the edge of the OSPF routing domain and has only one ABR. Astub area does not receive LSAs for routes outside the AS, reducing the size of its link statedatabase. A packet destined outside the stub area is routed to the ABR, which examines itbefore forwarding the packet to its destination. The network behind a passive interface istreated as a stub area, and does not form adjacencies. It is advertised into the OSPF area asan internal route.



Not so stubby area (NSSA)

A not so stubby area prevents the flooding of external LSAs into the area by replacing themwith a default route. An NSSA can import small stub (non-OSPF) routing domains into OSPF.Like stub areas, NSSAs are at the edge of an OSPF routing domain. Non-OSPF routingdomains are attached to the NSSAs, forming NSSA transit areas. Accessing the addressingscheme of small stub domains permits the NSSA border router to also perform manualaggregation.

NeighborsIn an OSPF network, any two routers that have an interface to the same network are neighbors.Routers use the Hello Protocol to discover their neighbors and maintain neighbor relationships.On a broadcast or point-to-point network, the Hello Protocol dynamically discoversneighbors.

The Hello Protocol provides bidirectional communication between neighbors. PeriodicallyOSPF routers send out hello packets over all interfaces. Included in these hello packets is thefollowing information:

• The router priority• The router Hello Timer and Dead Timer values• A list of routers that sent this router hello packets on this interface• The router choice for designated router (DR) and backup designated router (BDR)

Bidirectional communication is determined when one router discovers itself listed in itsneighbor's hello packet.

Neighbor adjacencies

Neighbors can form an adjacency to exchange routing information. When two routers form anadjacency, they go through a database exchange process to synchronize their topologicaldatabases. When their databases are synchronized, the routers are said to be fully adjacent.Bandwidth is conserved because, from this point on, only routing change information is passedbetween the adjacent routers.

All routers connected by a point-to-point network or a virtual link always form an adjacency.

OSPF routersTo limit the amount of routing protocol traffic, the Hello Protocol elects a designated router(DR) and a backup designated router (BDR) on each multiaccess network. Instead ofneighboring routers forming adjacencies and swapping link state information with each other(which on a large network can mean a lot of routing protocol traffic), all routers on the network

OSPF fundamentals



form adjacencies with the DR and the BDR only and send link state information to them. TheDR redistributes this information to every other adjacent router.

When operating in backup mode, the BDR receives link state information from all routers onthe network and listens for acknowledgements. If the DR fails, the BDR can transition quicklyto the role of DR because its routing tables are up-to-date.

Router typesRouters in an OSPF network can take on different roles depending on how you configure them.Table 65: Router types in an OSPF network on page 115 describes the router types you canconfigure in an OSPF network.

Table 65: Router types in an OSPF network

Router Type DescriptionAS boundary router(ASBR)

A router attached at the edge of an OSPF network is called anAS boundary router (ASBR). An ASBR generally has one ormore interfaces that run an inter-domain routing protocol suchas BGP. In addition, any router distributing static routes or RIProutes into OSPF is considered an ASBR. The ASBR forwardsexternal routes into the OSPF domain. In this way, routersinside the OSPF network learn about destinations outside theirdomain.

Area border router (ABR) A router attached to two or more areas inside an OSPF networkis considered an area border router (ABR). ABRs play animportant role in OSPF networks by condensing the amount ofOSPF information that is disseminated.

Internal router (IR) A router that has interfaces only within a single area inside anOSPF network is considered an internal router (IR). UnlikeABRs, IRs have topological information only about the area inwhich they are contained.

Designated router (DR) In a broadcast network a single router is elected to be thedesignated router (DR) for that network. A DR assumes theresponsibility of making sure all routers on the network aresynchronized with one another and also advertises that networkto the rest of the AS.

Backup designated router(BDR)

A backup designated router (BDR) is elected in addition to thedesignated router (DR) and, in the event of failure of the DR,can assume its role quickly.



OSPF interfacesAn OSPF interface, or link, is configured on an IP interface. In the Secure Router 2330/4134,an IP interface is a single link (router port). The state information associated with the interfaceis obtained from the underlying lower level protocols and the routing protocol itself.

On a Secure Router 2330/4134, OSPF interfaces are designated as one of the following types:

• broadcast (active)• passive

The Secure Router 2330/4134 supports OSPF on the following interface types:

1. Ethernet (Operates in broadcast network mode only)2. WAN bundles: PPP, MLPPP, FR, MFR, HDLC (Operates in point-to-point network

mode only.)3. Loopback (Operates in passive mode only)4. IP-IP, GRE, and IPsec tunnels (operates over point-to-point tunnels only)

Important:When an OSPF interface is enabled, you cannot change its interface type. You must firstdisable the interface. You can then change its type and reenable it.


• Broadcast interface on page 116• Passive interface on page 116

Broadcast interface

Broadcast interfaces support many attached routers and can address a single physicalmessage to all attached broadcast routers (sent to AllSPFRouters and AllDRouters).

Broadcast interfaces discover neighboring routers dynamically using the OSPF Hello Protocol.Each pair of routers on a broadcast network, such as an Ethernet, communicate directly.

Passive interface

The objective of the passive interface is to enable an interface to advertise into an OSPFdomain while limiting its adjacencies.

OSPF fundamentals



When changing the interface type value to passive, it is advertised into the OSPF domain asan internal stub network with the following behaviors:

• does not send hello packets into the OSPF domain

• does not receive hello packets from the OSPF domain

• does not form adjacencies in the OSPF domain

With the passive interface feature, the interface requires only a new interface type value toallow it to be advertised as an OSPF internal route. Without the passive interface feature, toadvertise a network into OSPF and not form OSPF adjacencies, it must be configured as anon-OSPF interface and the local network must be redistributed as an AS-external LSA.

OSPF and IPOSPF runs in conjunction with IP, which means that an OSPF packet is sent with an IP datapacket header. The protocol field in the IP header is set to 89, which identifies it as OSPF,distinguishing it from other packets that use an IP header.

A destination in an OSPF route advertisement is expressed as an IP address and a variable-length mask. Taken together, the address and the mask indicate the range of destinations towhich the advertisement applies.

The ability to specify a range of networks allows OSPF to send one summary advertisementthat represents multiple destinations. For example, a summary advertisement for thedestination 128.185.0.0 with a mask of 255.255.0.0 describes a single route to destinations128.185.0.0 to 128.185.255.255.

OSPF packetsAll OSPF packets start with a 24 octet header that contains information about the OSPFversion, the packet type and length, the ID of the router transmitting the packet, and the ID ofthe OSPF area from which the packet is sent. An OSPF packet is one of the following types:

• Hello packets

Hello packets are transmitted between neighbors and are never forwarded. The HelloProtocol requires routers to send hello packets to neighbors at pre-defined hello intervals.If hello packets are not received by a neighbor router within the specified dead interval,the neighbor router declares the other router dead.

• Database description (DD) packets

DD packets are exchanged when a link is first established between neighboring routerswhich synchronize their link state databases.

• Link state request packets



Link state request packets describe one or more link state advertisements that a routeris requesting from its neighbor. Routers send link state requests if the information receivedin DD packets from a neighbor is not consistent with its own link state database.

• Link state update packets

Link state update packets contain one or more link state advertisements, and are sentfollowing a change in network conditions.

• Link state acknowledgement packets

Link state acknowledgement packets are sent to acknowledge receipt of link stateupdates and contain the headers of the link state advertisements that were received.

Link state advertisementsOSPF does not require each router to send its entire routing table to its neighbors. Instead,each OSPF router floods only link state change information in the form of link stateadvertisements (LSA) throughout the area or AS. LSAs in OSPF are one of the following fivetypes:

• Router links advertisement

A router links advertisement is flooded only within the area and contains information aboutneighbor routers and the LANs to which the router is attached. A backbone router canflood router link advertisements within the backbone area.

• Network links advertisement

A network links advertisement is generated by a DR on a LAN, listing all routers on thatLAN and flooding only within the area. A backbone DR can flood network linksadvertisements within the backbone area.

• Network summary link advertisement

A network summary link advertisement is flooded into an area by an ABR that describesnetworks that are reachable outside the area. An ABR attached to two areas generatesa different network summary link advertisement for each of these areas. ABRs alsogenerate area summary link advertisements containing information about destinationswithin an area, which are flooded to the backbone area.

• AS boundary router (ASBR) summary link advertisement

An ASBR summary link advertisement describes the cost of the path to an ASBR fromthe router generating the advertisement.

• AS external link advertisement

An AS external link advertisement is sent by an ASBR to describe the cost of the path toa destination outside the AS from the ASBR generating the advertisement. Thisinformation is flooded to all routers in the AS.

OSPF fundamentals



AS external routesOSPF considers the following routes to be AS external (ASE) routes:

• A route to a destination outside the AS

• A static route

• A default route

• A route derived by RIP

• A directly connected network not running OSPF

OSPF virtual linksOn an OSPF network, a Secure Router 2330/4134 that is acting as an ABR must be connecteddirectly to the backbone. If no physical connection is available, you can configure a virtual linkmanually.

Figure 15: Virtual link between ABRs through a transit area on page 119 shows how toconfigure a virtual link between the ABR in area 2.2.2.2 and the ABR in area 0.0.0.0.

Figure 15: Virtual link between ABRs through a transit area

To configure a virtual link between the ABRs in area 1 and area 3, you define area 2 as thetransit area between the other two areas, and identify R2 as the neighbor router through whichR3 must send information to reach the backbone through R1.



Specifying ASBRsASBRs advertise non-OSPF routes into OSPF domains so that they can be passed alongthroughout the OSPF routing domain. A router can function as an ASBR if one or more of itsinterfaces is connected to a non-OSPF network (for example, RIP, BGP, or EGP).

An ASBR router imports external routes into the OSPF domain by using AS-external LSAs(LSA type 5) originated by the ASBR.

AS-external LSAs flood across area borders. When an ASBR imports external routes, it importsOSPF route information using external type 1 or type 2 metrics. This gives a four-level routinghierarchy, as shown in Table 66: ASBR routing hierarchy on page 120, according to routingpreference.

Table 66: ASBR routing hierarchy

Level Description1 Intra-area routing

2 Inter-area routing

3 External type 1 metrics

4 External type 2 metrics

This results in a routing preference from most preferred to least preferred of:

• routing within an OSPF area• routing within the OSPF domain• routing within the OSPF domain and external routes with external type 1 metrics• routing within the OSPF domain and external routes with external type 2 metrics

For example, an ASBR can import RIP routes into OSPF with external type 1 metrics. AnotherASBR can import Internet routes and advertise a default route with an external type 2 metric.This results in RIP-imported routes having a higher preference than the Internet-importeddefault routes. In reality, BGP Internet routes must use external type 2 metrics, whereas RIPimported routes must use external type 1 metrics.

The reason for this is that routes imported into OSPF as external type 1 are from InternalGateway Protocols (IGP) whose external metric is comparable to OSPF metrics. With externaltype 1 metrics, OSPF adds the internal cost of the ASBR to the external metric. ExteriorGateway Protocols (EGP), whose metric is not comparable to OSPF metrics, use external type2 metrics. For External type 2 metrics, only the internal OSPF cost to the ASBR router is usedin the routing decision.

To conserve resources, you can limit the number of ASBRs in your network or specificallycontrol which routers perform as ASBRs to control traffic flow.

OSPF fundamentals



Types of OSPF areas

Table 67: OSPF LSA area types on page 121 displays the various LSA types exchangedbetween areas. LSAs are used to share link state information among routers; there are sevendifferent types. They typically contain information about the router and its neighbors and aregenerated periodically to ensure connectivity or generated upon the change in state of a routeror link (that is, up or down).

Table 67: OSPF LSA area types

LSAType

Description Area of distribution

1 Type 1 LSAs are called router LSAs and are originatedby a router to describe its set of active interfaces andneighbors.

Only within the samearea.

2 Type 2 LSAs are called network LSAs and describesa network segment such as broadcast or point-to-point. In a broadcast network, network LSAs areoriginated by the designated router (DR).

Only within the samearea.

3 Type 3 LSAs are called network-summary LSAs andare originated by the area border router (ABR) todescribe the networks within an area.

Passed between areas.

4 Type 4 LSAs are called ASBR-summary LSAs andadvertises the location of the ASBRs from area toarea.


5 Type 5 LSAs are called AS-external LSAs. Thisdescribes networks outside of the OSPF domain andare originated by the ASBR and passed betweenareas. In stub and NSSA, type 5 LSA routes arereplaced with a single default route.


6 Type 6 LSAs are called group-membership LSAs.They are used to identify the location of multicastgroup members in multicast OSPF.


7 Type 7 LSAs are used in OSPF NSSAs to importexternal routes.

Translated betweenareas.

Metric speedFor OSPF, the best path to a destination is the path that offers the least-cost metric delay. InOSPF, cost metrics are configurable, so you can specify preferred paths. You can configuremetric speed globally or for specific ports and interfaces on your network. In addition, you cancontrol redistribution options between non-OSPF interfaces and OSPF interfaces.



Default metric speeds are assigned for different port types, such as 10 Mbit/s or 100 Mbit/sports. On a Secure Router 2330/4134, you can specify a new metric speed for an IP interface.The IP interface is a router port.

OSPF fundamentals



Chapter 8: OSPF configuration procedures

Configuring the host nameUse the following procedure to configure the router host name.

Procedure steps


configure terminal2. Set the host name.

hostname <router>Table 68: Variable definition

Variable Value<router> Host name of the router.

Configuring the router IDUse the following procedure to configure the router ID.

Procedure steps


configure terminal2. Set the router ID.

router-id <loopback>Table 69: Variable definition

Variable Value<loopback> The router identifier address. The router-id must be a valid

loopback address.


Configuring the loopback addressUse the following procedure to configure the loopback address.

Procedure steps


configure terminal2. Enter Loopback Interface mode.

interface loopback <bundle>3. Set the loopback address.

ip address <A.B.C.D>Table 70: Variable definition

Variable Value<A.B.C.D> The interface loopback address.

<bundle> The loopback bundle name.

Enabling OSPFUse the following procedure to enter router mode and specify an OSPF process toconfigure.

Procedure steps


configure terminal2. Specify an OSPF process to configure.

router ospf <process-id>Table 71: Variable definition

Variable Value<process-id> The OSPF process-id you want to configure, in the range 1

to 65535.

OSPF configuration procedures



Configuring OSPF interface priorityUse the following procedure to configure the priority for an interface. Default value is 1.

Procedure steps



interface <interface>3. Set the priority.

ip ospf priority <priority>Table 72: Variable definition


<priority> Interface priority. Range is 0 to 255. Default is 1.

Enabling OSPF on an IP interfaceUse the following procedure to configure OSPF for an IP interface.

Procedure steps


configure terminal2. Enable OSPF.

router ospf <process-id>3. Configure OSPF for the IP interface.

network <networkaddress> area <areaid>Table 73: Variable definition

Variable Value<process-id> <1-65535> Any positive integer identifying a routing process.

The process ID should be unique for each routing process.

Configuring OSPF interface priority


Variable Value<networkaddress> Network address to configure. Can be IPv4 network

address<A.B.C.D> or IPv4 network address with prefixlength <A.B.C.D/M>.

<areaid> The area ID. Can be in IPv4 address format <A.B.C.D> or as4 octets <0-4294967295> unsigned integer value

Associating an IPSLA tracker to an OSPF interfaceUse the following procedure to associate an IPSLA tracker to an OSPF interface.

Procedure steps


configure terminal2. To enter the interface mode, and configure interface properties, enter:

interface <IFNAME>3. To associate the IPSLA tracker to the OSPF interface, enter:

ip ospf track <IPSLA tracker Tag>Table 74: Variable definition

Variable Value<IFNAME> Name of the interface for which the properties are to be

configured.

< IPSLA tracker Tag> Unique tag number of the IPSLA tracker.The track command is added on the following interfaces toenable tracker on each interface:

• ATM Bundle

• FR Bundle

• Bundle IP interface

• ethernet interface

• tunnel interface

• VLAN interface




Configuring OSPF area as stub areaUse the following procedure to configure OSPF area as a stub.

Procedure steps



router ospf <process-id>3. Configure the OSPF area as a stub.

area <area-id> stub [no-summary]Table 75: Variable definition

Variable Value<area-id> The OSPF area id specified in integer (1 to 4294967295) or

IP address (A.B.C.D) format.

[no-summary] Specifies to not inject inter-area routes into the stub.

<process-id> The unique OSPF process ID in the range 1 to 65535.

Configure the OSPF area default costUse the following procedure to specify the summary-default cost of a NSSA or stub area.

Procedure steps



router ospf <process-id>3. Set the default cost for the area.

area <area-id> default-cost <cost>

Configuring OSPF area as stub area





<cost> An integer specifying the stub's advertised default summarycost in the range 0 to 16777215.


Enable authentication for an OSPF areaUse the following procedure to enable authentication for an OSPF area.

Procedure steps



router ospf <process-id>3. Enable authentication for an OSPF area.

area <area-id> authentication [message-digest]Table 77: Variable definition



[message-digest] Use message-digest authentication.


Configuring an OSPF area rangeUse the following procedure to configure an OSPF area range.

Procedure steps






router ospf <process-id>3. Configure the area range.

area <area-id> range <A.B.C.D/M> [<advertise>|<not-advertise>]


Variable Value<advertise> Advertise the range.

<area-id> The OSPF area id specified in integer (1 to 4294967295) orIP address (A.B.C.D) format.

<not-advertise> Do not advertise the range.

<A.B.C.D/M> The area range prefix in address/mask format.


Configuring an OSPF network filter listUse the following procedure to configure an OSPF filter list.

Procedure steps



router ospf <process-id>3. Configure the OSPF filter list.

area <area-id> filter-list {<access>|<prefix>} <listname>{<in>|<out>}


Variable Value<access> Filter networks by access list.


<in> Filter networks sent to the specified area.

Configuring an OSPF network filter list


Variable Value<listname> The name of the IP prefix or access list.

<out> Filter networks sent from the specified area.

<prefix> Filter networks by prefix list.


Configuring a virtual linkUse the following procedure to configure a virtual link and define its parameters.

Procedure steps



router ospf <process-id>3. Configure the virtual link.

area <area-id> virtual-link <A.B.C.D>[authentication <null>|<message-digest>][dead-interval <interval>][hello-interval <interval>][retransmit-interval <interval>][transmit-delay <interval>][authentication-key <key>][message-digest-key]


Variable Value<A.B.C.D> The IP address of the virtual link neighbor.


<authentication> Enable authentication for this OSPF area virtual link.

<authentication-key> Specify the authentication key.

<dead-interval> Specify the dead router detection interval.




Variable Value<hello-interval> Specify the hello packet interval.

<interval> The interval, in the range 1 to 65535.

<key> The authentication key.

<message-digest> Specify to use message-digest authentication.

<message-digest-key> Specifies the message digest key.

<null> Specifies to use null authentication.


<retransmit-interval> Specify the LSA retransmit interval.

<transmit-delay> Specify the LSA transmittion delay.

Configure an OSPF not-so-stubby-areaUse the following procedure to configure an OSPF not-so-stubby-area.

Procedure steps



router ospf <process-id>3. Configure the OSPF not-so-stubby-area.

area <area-id> nssaTable 81: Variable definition




Configuring OSPF Type 7 default originationUse the following procedure to originate Type 7 defaults into a NSSA area.

Configure an OSPF not-so-stubby-area


Procedure steps



router ospf <process-id>3. Configure Type 7 default origination.

area <area-id> nssa default-information-originateTable 82: Variable definition




Restrict redistribution into an OSPF NSSA areaUse the following procedure to restrict redistribution into an OSPF NSSA area.

Procedure steps



router ospf <process-id>3. Restrict redistribution in the OSPF NSSA area.

area <area-id> nssa no-redistributionTable 83: Variable definition







Restrict sending of summary LSAsUse the following procedure to restrict sending summary LSAs into a NSSA.

Procedure steps



router ospf <process-id>3. Restrict sending of summary LSAs.

area <area-id> nssa no-summaryTable 84: Variable definition




Configuring an NSSA-ABR translator roleUse the following procedure to configure the NSSA-ABR translator role.

Procedure steps



router ospf <process-id>3. Set the NSSA-ABR translator role.

area <area-id> nssa translator-role {<always>|<candidate>|<never>}

Restrict sending of summary LSAs



Variable Value<always> Always translate NSSA-LSA to Type-5 LSA.


<candidate> Translate NSSA-LSA to Type-5 LSA if elected.

<never> Never translate NSSA-LSA.


Configuring OSPF demand circuitsUse the following procedure to configure an interface as an OSPF demand circuit. By default,no OSPF demand circuits are configured.

Procedure steps

1. To enter configuration mode, enter:

configure terminal2. To specify the interface to configure, enter:

interface <interface>3. To configure the interface as an OSPF demand circuit, enter:

[no] ip ospf demand-circuitTable 86: Variable definition

Variable Value[no] Disables OSPF demand circuit

Configuring redistribution of routes into OSPFUse the following procedure to redistribute routes from other protocols into OSPF.

Procedure steps






router ospf <process-id>3. Redistribute a route.

redistribute <protocol>Table 87: Variable definition



<protocol> Protocol to redistribute.

Configuring OSPF costUse the following procedure to make a route the preferred route by changing its cost.

Procedure steps



router ospf <process-id>3. Exit.

exit4. Enter interface mode.

interface <interface>5. Configure cost.

ip ospf cost <cost>Table 88: Variable definition



<interface> Interface name. Example: Ethernet 0/1

Configuring OSPF cost


Variable Value<cost> <1-65535> Specifies the link-state metric. The default value

is 10.

Configuring virtual linksUse the following procedure to connect a temporarily disjointed non-backbone area to abackbone area, or repair a non-contiguous backbone area.

Procedure steps



router ospf <process-id>3. Define interfaces on which OSPF runs and associate them.

area <areaid> virtual-link <address>Table 89: Variable definition



<areaid> Area ID in IPv4 address format <a.b.c.d> or as 4 octetsunsigned integer value <0-4294967295>.

<address> Address to link.

Configuring OSPF authenticationUse the following procedure to send and receive OSPF packets with the specifiedauthentication method.

Procedure steps






interface <interface>3. Enable authentication.

ip ospf authenticationTable 90: Variable definition


Configuring metric for redistributed routesUse the following procedure to set the metric of redistributed routes

Procedure steps



router ospf <process-id>3. Set the metric of redistributed routes.

default-metric <value>Table 91: Variable definition

Variable Value<value> The default metric value, in the range 0 to 16777214.

Configuring OSPF capability featuresUse the following procedure to enable a specific OSPF feature.

Procedure steps



Configuring metric for redistributed routes


router ospf <process-id>3. Enable a specific feature.

capability <feature>Table 92: Variable definition

Variable Value<feature> The feature to enable. Possible values are:

• cspf - Constrained Shortest Path First

• opaque - Opaque LSA

• traffic-engineering - OSPF Traffic Engineeringextension

Logging adjacency state changesUse the following procedure to configure the Avaya Secure Router 4134 to log changes inOSPF adjacency state.

With the log-adjacency-changes command, all state changes can be logged by using thedetail parameter. Use the no form of this command to disable this function.

The OSPF adjacency change messages are logged at the notification priority level of thesyslog. By default, the syslog does not log the adjacency state changes messages. To enablelogging of OSPF adjacency state changes, you must configure the syslog to log the notification-level messages.

Procedure steps



router ospf <process-id>3. To log adjacency state changes, enter:

log-adjacency-changes [detail] exit4. To enable logging of notification level routing messages (which include OSPF

adjacency state change messages), enter:

system logging syslog module routing local0 notice




Configuring IP address summariesUse the following procedure to summarize or suppress external routes with the specifiedaddress range.

Procedure steps



router ospf <process-id>3. To configure IP address summaries, enter:

summary-address <A.B.C.D/M> [not-advertise] [tag <value>]Table 93: Variable definition

Variable Value<A.B.C.D/M> The range of addresses given as IPv4 starting address and

a mask indicating the range.

[not-advertise] Suppresses external routes.

[tag] Specify a tag.

<value> The tag value, in the range 0 to 4294967295.

Configuring the OSPF compatibility listUse the following procedure to configure the OSPF compatibility list.

Procedure steps



router ospf <process-id>3. Configure the compatibility list.

compatible rfc1583

Configuring IP address summaries


Configuring OSPF specificsUse the following procedure to specify the OSPF ABR type.

Procedure steps



router ospf <process-id>3. Specify the ABR type.

ospf abr-type <type>Table 94: Variable definition

Variable Value<type> Type of implementation. Possible choices are:

• cisco - Alternative ABR, Cisco implementation

• ibm - Alternative ABR, IBM implementation

• standard - Standard behavior

Calculating OSPF interface costUse the following procedure to modify the reference bandwidth used to calculate the OSPFcost.

Procedure steps



router ospf <process-id>3. Calculate the interface cost.

auto-cost reference-bandwidth <bandwidth>





Variable Value<bandwidth> Reference bandwidth in terms of Mbits per second, in the

range 1 to 4294967.

Configuring routing timersUse the following procedure to adjust routing timers.

Procedure steps



router ospf <process-id>3. Adjust timers.

timers spf <delay> <hold>Table 96: Variable definition

Variable Value<delay> Delay between receiving a change to SPF calculation, in the

range 0 to 2147483647.

<hold> Hold time between consecutive SPF calculations, in therange 0 to 2147483647.

Configuring Constrained Shortest Path First (CSPF)Use the following procedure to configure the CSPF default computation retry interval and tiebreak method.

Procedure steps



Configuring routing timers


router ospf <process-id>3. To set the CSPF default computation retry interval, enter:

cspf default-retry-interval <interval>4. To set the CSPF tie-break method, enter:

cspf tie-break <random|least-fill|most-fill>Table 97: Variable definition

Variable Value<interval> The default computation interval, in the range 1 to 3600.

Configuring maximum allowed DD processesUse the following procedure to specify the maximum number allowed to process DDconcurrently.

Procedure steps



router ospf <process-id>3. To specify the maximum number, enter:

max-concurrent-dd <maxprocess>Table 98: Variable definition

Variable Value<maxprocess> Maximum number of DD processes.

Configuring suppression of routing updates on aninterface

Use the following procedure to suppress routing updates on an interface




Procedure steps



router ospf <process-id>3. To configure the interface to suppress routing updates, enter:

passive-interface <interface>Table 99: Variable definition

Variable Value<interface> The interface you want to suppress routing updates.

Configuring the administrative distanceUse the following procedure to define an administrative distance.

Procedure steps



router ospf <process-id>3. To define the administrative distance, enter:

distance <distance>Table 100: Variable definition

Variable Value<distance> The OSPF administrative distance, in the range 1 to 255.

Configuring distribution of default informationUse the following procedure to control distribution of default information.

Configuring the administrative distance


Procedure steps



router ospf <process-id>3. To control distribution, enter:

default-information originate [always] [metric <0-16777214>][metric-type [1|2]] [route-map <name>]

Configuring OSPF inbound filteringUse this procedure and configuration example to block inbound OSPF traffic.

In this example, the head office is using an SR4134 with two interfaces.

• Ethernet 0/1 is an untrusted interface that has a number of site-to-site VPN tunnels.

• Ethernet 0/2 is the interface that OSPF interfaces with the head office OSPF network.

The remote networks on the VPN site-to-site tunnels must be blocked so that the VPN site-to-site tunnels work.

Procedure

1. Enter the Global configuration mode:configure terminal

2. Configure the untrusted Ethernet:interface ethernet 0/1

3. Specify to request default route:ip address 150.29.30.30 29

4. Exit the Ethernet configuration mode:exit

5. Configure the trusted Ethernet:interface ethernet 0/2

6. Specify to request default route:ip address 130.20.1.1 24

7. Exit the Ethernet configuration mode:exit

8. Specify the default static route:




ip route 0.0.0.0/0 150.29.30.19. Specify a network to block in the access list:

access-list ospf-list-in deny 133.22.1.0/2410. Specify another network to block in the access list:

access-list ospf-list-in deny 133.23.1.0/2411. Specify another network to block in the access list:

access-list ospf-list-in deny 133.24.1.0/2412. Allow the other networks through in the access list:

access-list ospf-list-in permit any13. Specify the route map:

route-map ospf-filter-in permit 114. Specify the access list to match against:

match ip address ospf-list-in15. Exit the route map configuration mode:

exit16. Specify router-id for OSPF:

router-id 1.1.1.117. Enter the OSPF configuration mode:

router ospf 118. Specify the corp network:

network 130.20.1.0 0.0.0.255 area 019. Specify the routes to block:

distribution-list route-map ospf-filter-in in20. Exit the OSPF configuration mode:

exit21. Exit the Global configuration mode:

exit

Configuring OSPF on an interfaceUse the following procedure to configure OSPF on an interface.

Configuring OSPF on an interface


Procedure steps


configure terminal2. Enter Interface Mode.

interface <interface>3. To configure OSPF features on the interface, enter:

ip ospf[authentication][authentication-key <WORD>] [cost <1 - 65535>][database-filter all out][dead-interval <1 - 65535>][debug packet <dd | detail | hello | ls-ack | ls-request | ls-update | recv | send>][demand-circuit][disable all][hello-interval <1 - 65535>][message-digest-key <1 - 255>][mtu <576 - 65535>][mtu-ignore][network <broadcast | non-broadcast | point-to-multipoint |point-to-point>][priority <0 - 255>][retransmit-interval <1 - 3600>][te-metric <1 - 65535>][transmit-delay <1 - 3600>]


Variable Value[authentication] Enable authentication for this OSPF area

virtual link.

[authentication-key <WORD>] Specifies the authentication password key.

[database-filter all out] Filters OSPF LSA during synchronizationand flooding




Variable Value[dead-interval <1 - 65535>] Specify the dead router detection interval.

[debug packet <dd | detail | hello | ls-ack | ls-request | ls-update | recv | send>]

Accesses OSPF packet debug commands.

• dd - OSPF database description

• detail - detail OSPF information

• hello - OSPF hello

• ls-ack - OSPF link state acknowledgment

• ls-request - OSPF link state request

• ls-update - OSPF link state update

• recv - packet received

• send - packet sent

[demand-circuit] Specifies OSPF demand circuit.

[disable all ] Disables OSPF.

[hello-interval <1 - 65535>] Specify the hello packet interval.

[message-digest-key <1 - 255>] Specifies the message digest authenticationpassword (key).

[mtu <576 - 65535>] Specifies the MTU size.

[mtu-ignore] Ignores the MTU in DBD packets.

[network <broadcast | non-broadcast | point-to-multipoint | point-to-point>]

Specifies network type.

• broadcast - specifies an OSPF broadcastmulti-access network

• non-broadcast - specifies an OSPF NBMAnetwork

• point-to-multipoint - specifies an OSPFpoint to multiple point network

• point-to-point - specifies an OSPF point topoint network

priority <0-255> The unique OSPF process ID in the range 1to 65535.

[retransmit-interval <1-3600>] Specify the LSA retransmit interval.

[te-metric <1-65535>] OSPF TE metric information.

[transmit-delay <1-3600>] Specifies the link state transmittion delay.

Configuring OSPF on an interface


Configuring the authentication keyUse the following procedure to configure the authentication password.

Procedure steps



interface <interface>3. To configure the authentication password, enter:

ip ospf authentication-key <key>Table 102: Variable definition

Variable Value<key> The OSPF password (key).

Configuring the database filterUse the following procedure to filter OSPF LSA during synchronization and flooding.

Procedure steps



interface <interface>3. To configure the database filter, enter:

ip ospf database-filter all out

Disabling OSPFUse the following procedure to disable OSPF.




Procedure steps



interface <interface>3. To disable OSPF on the interface, enter:

ip ospf disable all

Configuring the dead intervalUse the following procedure to configure the interval after which a neighbor is declareddead.

Procedure steps



interface <interface>3. To set the dead-interval, enter:

ip ospf dead-interval [1-65535]

Configuring the hello intervalUse the following procedure to configure the time between HELLO packets.

Procedure steps



interface <interface>3. To specify the interval between HELLO packets, enter:

ip ospf hello-interval [1-65535]

Configuring the dead interval


Configuring the message digest passwordUse the following procedure to specify the message digest authentication password.

Procedure steps



interface <interface>3. To specify the message digest authentication password, enter:

ip ospf message-digest-key [1-255] md5 <password>Table 103: Variable definition

Variable Value<password> The OSPF password.

Configuring OSPF MTUUse the following procedure to specify the OSPF interface Maximum Transmission Units(MTU).

Procedure steps



interface <interface>3. To specify the MTU, enter:

ip ospf mtu [576-65535]

Configuring OSPF to ignore MTUUse the following procedure to set OSPF to ignore the MTU in DBD packets.




Procedure steps



interface <interface>3. To ignore MTU, enter:

ip ospf mtu-ignore

Configuring the link-state transmit delayUse the following procedure to specify the OSPF link state transmit delay.

Procedure steps



interface <interface>3. To specify the transmit delay, enter:

ip ospf transmit-delay [1-3600]

Configuring lost link state transmit delayUse the following procedure to specify the time between retransmitting lost link stateadvertisements.

Procedure steps



interface <interface>3. To specify the retransmit interval, enter:

ip ospf retransmit-interval [1-3600]

Configuring the link-state transmit delay


Configuring the OSPF network typeUse the following procedure to specify the OSPF network type.

Procedure steps



interface <interface>3. To specify the network type, enter:

ip ospf network <type>Table 104: Variable definition

Variable Value<type> The OSPF network type. Possible values are:

• broadcast - broadcast multi-access network

• point-to-point - point to point network

Configuring OSPF TE metricUse the following procedure to configure the OSPF te-metric.

Procedure steps



interface <interface>3. To specify the te-metric, enter:

ip ospf te-metric [1-65535]




Configuring OSPF NBMA over EthernetUse the following procedure to configure OSPF NBMA over Ethernet. There are three maincomponents to configuring OSPF NBMA. First, you specify the interface network type. This isfollowed by specifying neighbors and a poll interval.

Procedure steps

1. To configure OSPF NBMA, enter Configuration Mode.

configure terminal2. Specify a router ID for OSPF.

router-id <X.X.X.X>3. Enable OSPF.

router ospf <process-id>4. Configure the OSPF area.

area <areaid>5. Enable OSPF on a network.

network <network>6. Exit from OSPF configuration mode.

exit7. Select an interface in the OSPF network.

interface <interface-type> <interface>8. Configure the OSPF network type.

ip ospf network <network-type>9. Exit the interface configuration mode.

exit10. Enter OSPF router configuration mode.

router ospf11. Configure neighbors, repeating this step for each neighbor you want to add.

neighbor <A.B.C.D>12. Configure the poll interval.

poll_interval <interval>

Configuring OSPF NBMA over Ethernet



Variable Value<A.B.C.D> Specifies the IP address.

<areaid> Specifies the OSPF area ID.

<process-id> Specifies the OSPF process ID; value ranges from 1–65535.

<interface> Specifies the interface to work with.

<interface-type> Specifies the type of the interface.

<interval> Specifies the poll interval.

<network> Specifies the network number <A.B.C.D> or the IP networkprefix <A.B.C.D/M>.

<X.X.X.X> Specifies the router ID IP address.

<network-type> Specifies the OSPF network type. Available options are:

• broadcast—OSPF broadcast multi-access

• non-broadcast—OSPF NBMA network

• point-to-multipoint—OSPF point-to-multipoint network

• point-to-point—OSPF point-to-point network

Displaying OSPF parameters and statisticsUse the following procedure to show IP routing protocol process parameters and statistics.

Procedure steps

To show OSPF parameters and statistics, enter:

show ip protocols ospf

Displaying border router informationUse the following procedure to show border and boundary router information.

Procedure steps

To show border and boundary router information, enter:




show ip ospf border-routers

Displaying database summaryUse the following procedure to show the OSPF database summary.

Procedure steps

To show the OSPF database summary, enter:

show ip ospf database

Displaying TE databaseUse the following procedure to show the OSPF te-database.

Procedure steps

To show the te-database, enter:

show ip ospf te-database

Displaying virtual link informationUse the following procedure to show OSPF virtual link information.

Procedure steps

To show virtual link information, enter:

show ip ospf virtual-links

Displaying neighborsUse the following procedure to show router neighbor information.

Procedure steps

Display information for neighbor routers.

Displaying database summary


show ip ospf neighbor

Displaying OSPF routesUse the following procedure to display OSPF routes learned from neighbors.

Procedure steps

Display OSPF routes.

show ip ospf route

Displaying OSPF interfaceUse the following procedure to display OSPF interface information.

Procedure steps

Display OSPF information.

show ip ospf interface {<IFNAME> | brief}Table 106: Variable definition

Variable Value<IFNAME> Interface name. For example: ethernet 0/1. Displays the

OSPF interface information in detail.

brief Displays the OSPF interface information in brief.

Clearing OSPF processesUse the following procedure to clear OSPF process information.

Procedure steps

1. To clear an individual process, enter:

clear ip ospf <processid>2. To clear all OSPF processes, enter:

clear ip ospf process





Variable Value<processid> The OSPF process to clear.

Resetting the OSPF IPSLA trackerUse the following procedure to reset the OSPF IPSLA tracker.

Procedure steps


configure terminal2. To reset the OSPF IPSLA tracker, enter:

clear ip ospf track <IPSLA Tracker Tag>Table 108: Variable definition

Variable Value<IPSLA Tracker Tag> Unique tag number of the IPSLA tracker.

Resetting the OSPF IPSLA tracker





Chapter 9: VRRP fundamentals

VRRP overviewIn statically routed networks, when a router fails, all the network devices connected to thisrouter are unable to have traffic routed. Typically this means these devices cannot reach theInternet or other networks.

IPv4’s Virtual Router Redundancy Protocol (VRRP) eliminates this single point of failure bydynamically assigning virtual routers that can provide network connectivity in the event theprimary router fails. One virtual router is designated as the Master which is assigned the IPaddresses of connected devices. The Master router can manage multiple primary andsecondary IP addresses.

Alternate virtual routers (up to 254) are designated as backup virtual routers in the event theMaster fails. Each backup is configured with a priority setting that determines the order in whichbackup routers take over in the event the Master fails. When the Master router fails, the backuprouter with the highest priority number will preempt all other backup routers in assuming theduties of the Master router. If you disable the preempt feature (using the no vrrp preemptcommand), the backup virtual router that is configured as the Master virtual router will remainsuch until the original Master virtual router recovers.

The mechanism by which virtual routers in the same network communicate status and priorityis through VRRP advertisements from the Master virtual router. VRRP uses the assignedmulticast address 224.0.0.18. By default, these advertisements are sent every second, but youcan configure the interval.

In addition to maintaining network connectivity when a router fails, VRRP allows networkadministrators to share routing duties with multiple routers thereby reducing the impact ofheavy traffic loads.

Virtual Router Redundancy ProtocolBecause end stations are often configured with a static default gateway IP address, a loss ofthe default gateway router causes a loss of connectivity to the remote networks.

The Virtual Router Redundancy Protocol (VRRP) (RFC 2338) is designed to eliminate thesingle point of failure that can occur when the single static default gateway router for an end


station is lost. VRRP introduces the concept of a virtual IP address (transparent to users)shared between two or more routers connecting the common subnet to the enterprise network.With the virtual IP address as the default gateway on end hosts, VRRP provides a dynamicdefault gateway redundancy in the event of failover.

The VRRP router controlling the IP addresses associated with a virtual router is called theprimary router and forwards packets to these IP addresses. The election process provides adynamic transition of forwarding responsibility if the primary router becomes unavailable.

In the configuration example shown in Figure 16: Virtual Router Redundancy Protocolconfiguration on page 160, the first three hosts install a default route to R1 (virtual router 1)and the other three hosts install a default route to R2 (virtual router 2).

This configuration not only has the effect of load sharing the outgoing traffic, but it also providesfull redundancy. If either router fails, the other router assumes responsibility for bothaddresses.

Figure 16: Virtual Router Redundancy Protocol configuration

Each Avaya Secure Router 4134 can support up to 255 virtual routers. VRRP uses thefollowing terms:

• VRRP router—a router running the VRRP protocol

• Virtual router—an abstract object acting as the default router for one or more hosts,consisting of a virtual router ID and a set of addresses

• IP address owner—the VRRP router that has virtual router IP addresses as real interfaceaddresses (This router is the one that responds to packets sent to this IP address.)

VRRP fundamentals



• Primary IP address—an IP address selected from the real addresses and used as thesource address of packets sent from the router interface (The virtual primary router sendsVRRP advertisements using this IP address as the source.)

• Virtual router master—the router assuming responsibility for forwarding packets sent tothe IP address associated with the virtual router and answering ARP requests for theseIP addresses. The IP address owner always becomes the virtual router master.

• Virtual router backup—the virtual router that becomes the primary router if the currentprimary router fails

When a VRRP router is initialized, if it is the IP address owner, its priority is 255 and it sendsa VRRP advertisement. The VRRP router also broadcasts a gratuitous ARP request containingthe virtual router MAC address for each IP address associated with the virtual router. TheVRRP router then transitions to the controlling state.

In the controlling state, the VRRP router functions as the forwarding router for the IP addressesassociated with the virtual router. It responds to ARP requests for these IP addresses, forwardspackets with a destination MAC address equal to the virtual router MAC address, and acceptsonly packets addressed to IP addresses associated with the virtual router if it is the IP addressowner. If the priority is not 255, the router transitions to the backup state to ensure that all layer2 switches in the down path relearn the new origin of the VRRP MAC addresses.

In the backup state, a VRRP router monitors the availability and state of the primary router. Itdoes not respond to ARP requests and must discard packets with a MAC address equal to thevirtual router MAC address. It does not accept packets addressed to IP addresses associatedwith the virtual router. If a shutdown occurs, it transitions back to the initialize state. If theprimary router goes down, the backup router sends the VRRP advertisement and ARP requestdescribed in the preceding paragraph and transitions to the controlling state.

Whenever a packet is redirected on the same IP subnet on which it is received, the AvayaSecure Router 2330/4134 sends an Internet Control Messages Protocol (ICMP) redirectpacket data unit (PDU) to the IP address source of the packet. ICMP redirect uses the VRRPIP subnet as the source IP address for the end stations using the VRRP IP address as the nexthop.

If an advertisement timer fires, the router sends an advertisement. If an advertisement isreceived with a 0 priority, the router sends an advertisement. The router transitions to thebackup state:

• If the priority is greater than the local priority

• if it is the same as the local priority and the primary IP address of the sender is greaterthan the local primary IP address.

Otherwise, it discards the advertisement. If a shutdown occurs, the primary router sends aVRRP advertisement with a priority of 0 and transitions to the initialize state.

Virtual Router Redundancy Protocol


VRRP over VLANThe Secure Router 2330/4134 supports VRRP over VLAN interfaces. By design, VRRPeliminates a common point of failure present in static routing environments by specifying anelection protocol to dynamically assign routing responsibility to a VRRP router on a LAN. VRRPis used to maintain availability at the IP address level. In a VRRP setup, one router is electedthe master. When the master goes down, backup routers hold an election for a replacement.VRRP is applicable only to primary ethernet interfaces and VLAN interfaces, with a maximumof 50 VRRP groups for each router. You can configure a maximum of 10 VRRP groups perinterface.

The nature of VRRP has several routers performing as one virtual router that has a VirtualRouter ID and virtual IP addresses. Any of these routers can act as master at any time, providedit wins the election. The master sends advertisements to backup routers informing them of itsstate. If advertisements fail to be received, an election is called. The backup with the highestpriority value wins and assumes position as master. The interval at which these advertisementsare sent is configurable through CLI.

The Secure Router 2330/4134 also supports VRRP interface monitoring on VLAN interfaces.VRRP groups can be configured to monitor external interfaces in case they go down. Thereason for this is to calculate VRRP priority based on a router's tracking priority. When a router'sexternal interface goes down, the number value given to tracking priority is subtracted fromthe VRRP priority value, giving it a new priority and ultimately affecting its chances in anelection.

Ping to VRRP virtual IPSecure Router 2330/4134 supports replies to ping packets sent to the VRRP virtual IP.

If a Secure Router is the master of the VRRP address but the VRRP address is virtual, in otherwords, the physical interface of the master 2330/4134 does not equal the VRRP address, youcan configure the router to allow the VRRP master to respond to a ping to the VRRP address.This is accomplished through the CLI using the vrrp-virtualip configuration command.

VRRP fundamentals



Chapter 10: VRRP configurationprocedures

Configure VRRP per portUse the following procedure to configure VRRP on a port.

Use the no form of this command to remove this setting.

Procedure steps



interface <interface>3. Specify the VRRP group number.

vrrp [1-255]4. Enable VRRP on port.

enableTable 109: Variable definition


<vrid> A unique integer value that represents the virtual router ID inthe range 1 to 254. The virtual router acts as the default routerfor one or more assigned addresses.

Configuring the advertisement intervalUse the following procedure to configure the time, in seconds, between sending advertisementmessages.



Procedure steps




vrrp [1-255]4. To configure the advertisement interval, enter:

advertisement_interval [1-255]

Configuring the authentication stringUse the following procedure to specify the authentication string used to authenticate VRRPpackets received from other routers in a group.


Procedure steps




vrrp [1-255]4. To specify the authentication string, enter:

authentication <key>Table 110: Variable definition

Variable Value<key> The authentication string, maximum 8 characters.

VRRP configuration procedures



Configuring the virtual IP addressUse the following procedure to configure IP addresses associated with this virtual router.


Procedure steps




vrrp [1-255]4. To specify the IP address of the virtual router, enter:

ipaddr <address>Table 111: Variable definition

Variable Value<address> The IP address of the virtual router.

Configuring priorityUse the following procedure to set the priority level of the router within a VRRP group.


Procedure steps




vrrp [1-255]4. To set the priority level, enter:

Configuring the virtual IP address


priority [1-254]

Configuring track priorityUse the following procedure to configure tracked interface and track priority.


Procedure steps




vrrp [1-255]4. To configure the tracked interface and priority, enter:

track interface <interface name> track_priority <priority>Table 112: Variable definition

Variable Value<interface name> The name of the interface to track.

<priority> The priority given to the track.

Configuring the learn intervalUse the following procedure to configure the backup router to learn the advertisement intervalfrom the master.


Procedure steps



interface <interface>




3. Specify the VRRP group number.

vrrp [1-255]4. To configure the backup router to learn the advertisement interval from the master,

enter:

learn_adv_interval

Configuring a VRRP group descriptionUse the following procedure to set a description message for VRRP group.


Procedure steps




vrrp [1-255]4. To configure a VRRP group description, enter:

description "description text"

Configuring the preempt flagUse the following procedure to set the preempt flag.


Procedure steps




Configuring a VRRP group description


vrrp [1-255]4. To set the preempt flag, enter:

preempt

Associating an IPSLA tracker to the VRRPUse the following procedure to associate an IPSLA tracker to a VRRP.

Procedure steps




vrrp [1-255]4. To associate the IPSLA tracker to the VRRP, enter:

track <sla_tracker_id> <track_priority>Table 113: Variable definition

Variable Value<interface> Name of the interface. For example, bundle, ethernet, or vlan

<sla_tracker_id> Unique ID of the IPSLA tracker

<track_priority> Priority of the tracker

Show VRRP informationUse the following procedure to show the status of configured VRRP functionality.

Procedure steps

Show information.




show vrrp [mode <summary>|<detailed>] [interface <ifnum>][group <all>|<groupnum>]


Variable Value<all> Display all group information.

<detailed> Display detailed information.

<ifnum> The interface number to display.

[interface] The VRRP interface.

[group] The VRRP group. Range is 1 - 255.

<groupnum> The group number to display.

[mode] The display mode. Summary or detailed. Default issummary.

<summary> Display summary information.

Clearing VRRP informationUse the following procedure to clear VRRP information.

Procedure steps

Clear VRRP information.

clear vrrp [interface <ifnum>] [group <all>|<groupnum>]Table 115: Variable definition

Variable Value<all> Clear all VRRP groups.

<ifnum> The interface number to clear.

[interface] Clear a VRRP interface.

[group] Clear a VRRP group.

<groupnum> The group number to clear.

Clearing VRRP information


Configuring VRRP over VLANUse the following procedure to configure VRRP over VLAN.

Procedure steps

1. To configure VRRP over VLAN, enter Configuration Mode.

configuration terminal2. Enter VLAN database configuration mode.

vlan database3. Create the VLAN.

vlan <vid>4. Exit VLAN database configuration mode.

exit5. Select a port to add to the VLAN.

interface <interface-type> <slot/port>6. Add the port to the VLAN.

switchport mode <mode> allowed vlan <vids>7. Exit from interface configuration mode.

exit8. Select the VLAN interface.

interface vlan vlan <vid>9. Assign an IP address to the VLAN

ip address <A.B.C.D> <subnet-mask>10. Specify a VRRP group.

vrrp <group>11. Specify a virtual IP address.

ipaddr <virtual IP>12. Configure tracking.

track <interface> <priority>13. Configure a priority level.

priority <level>14. Enable VRRP.




enableTable 116: Variable definitions

Variable Value<A.B.C.D> <subnet-mask> Specifies the IP address and subnet mask of the sub-

interface.

<group> Specifies the VRRP group number, in the range 1–255.

<interface> Specifies the interface to work with.

<interface-type> <slot/port> Specifies the interface type, slot, and port of the VLANmember port.

<level> Specifies the priority level, in the range 1–254.

<mode> Specifies the Layer 2 interface mode. Possible choices are:

• access

• hybrid

• trunk

• l2vpn

<priority> Specifies the track priority.

<type> Specifies the type of encapsulation to apply.

<vid> Specifies the VLAN ID.

<virtual IP> Specifies the virtual IP address to be used.

Configuring ping to VRRP virtual IPUse the following procedure to configure ping to VRRP virtual IP.

Procedure steps

1. To enter the configuration mode, enter:

configuration terminal2. To select ping to virtual IP configuration, enter:

vrrp-virtualip3. To enable ping to virtual IP, enter:

allow-ping4. To disable ping to virtual IP, enter:

Configuring ping to VRRP virtual IP


no allow-ping5. To display the status of ping to virtual IP, enter:

show vrrp virtualip-setting




Chapter 11: BGP fundamentals

The Border Gateway Protocol (BGP) is routing protocol used for routing between Autonomous Systems.The main purpose of the Border Gateway Protocol (BGP) is to exchange network-layer reachabilityinformation (NLRI) among IP routers in different autonomous systems, for example, between ISPs. Anautonomous system (AS) is a set of interconnected networks administered by a single authority, and withcertain routing behaviors determined by common routing policies.

Because BGP routes traffic between networks, it is also referred to as External BGP (EBGP) as opposedto routing protocols like RIP and OSPF that route traffic within a network and are referred to as InteriorGateway Protocols (IGP). BGP can also be used as an IGP (routing within a single AS, and in this caseis referred to as Interior BGP (IBGP).

The primary characteristics of BGP are its scalability and stability. For these reasons, BGP is the routingprotocol typically used by Internet Service Providers to route over the Internet.

A protocol that allows BGP to maximize the efficiency of routing tables is classless interdomain routing(CIDR). CIDR is used by BGP to reduce the size of the Internet routing tables. CIDR allows BGP to manageblocks of IP address as single routing table entries. For example, the IP address block 200.1.x.x is 256Class C address blocks, 200.1.0.x through 200.1.255.x. Without CIDR, routers would have to advertise256 Class C address blocks to BGP peers. With CIDR, BGP can advertise one block, 200.1.x.x.

BGP also maximizes routing efficiency by only exchanging full routing information when connections arefirst established. Thereafter, only changes to routing tables are sent to neighbors. Also BGP onlyadvertises optimal routes.

BGP concepts

Hierarchical mechanismsA BGP network consists of BGP peers, peer groups, communities, and extendedcommunities.

Multiple BGP neighbors can be assigned to a peer group. The peer group is internal if all of itsmember peers reside within an AS. The peer group is external if all of its member peers resideoutside the AS. The peers within a peer group share the same configuration, including routingpolicies. Any peer assigned to a peer group automatically inherits any configuration andpolicies established for the peer group, but an administrator can override certain attributes ofthis configuration at the individual peer level.


A BGP community is a collection of destinations larger than a BGP peer group. BGP identifiesmembers of a community by means of a community attribute inserted in the route to eachcommunity destination. As with a BGP peer group, the BGP community can be an efficientmechanism to identify a large number of routes to which an administrator can apply commonrouting policies. The community attribute identifies the AS of origin and specific ID of thecommunity to which the route (or community destination) belongs.

BGP identifies members of an extended community by means of extended communityattributes. As with any BGP community, the BGP extended community is also an efficientmechanism for identifying a set of routes to which an administrator can apply common routingpolicies.

BGP routes, route properties, and updatesWithin BGP, a route is a path to a network destination by way of intervening BGP peers. BGProuters advertise routes (or send route updates) with the following path attributes or properties:

• The BGP origin —Identifies the type of BGP peer that originated the route advertisement(an iBGP or eBGP peer).

• The BGP community — Identifies the AS of origin and BGP community in which thedestination network resides. The community ID can be a numeric value or one of the well-known BGP community names. How a BGP peer handles a received route associatedwith a well-known community depends on the community name:

- no-advertise (Do not advertise this route to any other BGP peers.)

- no-export (Do not advertise this route outside a confederation boundary.)

- no-export-subconfed (Do not advertise this route to external BGP peers, includingthose in the local BGP confederation.)

• The BGP next hop — Identifies the address of the next BGP peer along the advertisedpath to the destination network.

• The BGP AS path — Identifies the sequence of ASs traversed along the advertised pathto the destination network. A BGP peer that originates an advertisement inserts its ownAS number into the AS path value, unless the update is advertised to a peer in the sameAS, in which case the originating peer sends the route with an empty AS path value. Anyexternal peer receiving an update adds its own local AS number to the AS path valuebefore redistributing the route to another peer. This is a mechanism for accumulating anaccurate AS path value. If any BGP peer receives a BGP update that already containsthat peer’s local AS number in the AS path field, the router discards the route, therebypreventing the establishment of routing loops in the network.

• The BGP local preference — Identifies the metric value assigned by a BGP router toadvertise its relative preference for a particular route to a destination network. Thisattribute has significance only to iBGP peers in the same AS, as the advertising peer.External peers ignore any local preference value advertised from a BGP router in another

BGP fundamentals



AS. Any iBGP peer can override an advertised local preference value with its ownpreferred value before importing the route into the BGP RIB.

• The BGP multi-exit discriminator (MED) — Identifies the metric value assigned by a BGProuter to advertise its relative preference for a particular route into its local AS. If that AShas multiple entry points, then an eBGP peer can compare MED values advertised inroutes to the same destination in the target AS. The eBGP peer can then prefer to usethe route with the lowest advertised MED value.

An administrator can set routing policies that use any or all of these properties to influence thebehaviors of BGP configured on a Avaya Secure Router 2330/4134.

Policy-based routingBGP uses import and export routing policies to control the types of routes advertised from therouting table, or accepted into the routing table, respectively.

Export policies allow BGP to advertise certain routes that match defined (default or configured)criteria. Export policies also enable BGP to alter the properties of certain routes beforeadvertising them.

BGP import policies allow BGP to filter route updates received, and to assign properties toaccepted routes before installing them into the routing table. An administrator can createrouting policies to prefer, modify, or redistribute routes associated with a:

• BGP peer

• BGP peer group

• BGP community

• BGP extended community

Route redistributionBGP can redistribute, to its domain, routes learned by other dynamic and static routingprotocols. BGP then advertises these routes to its external peers according to any export policyconfigured. Note that connected routes and loopback addresses are not automaticallyredistributed, but an administrator can use policies to export such routes.

BGP supports the redistribution of routing information from other routing protocols such as RIP,OSPF, and static routes. BGP attributes of the routes can be altered by applying a routingpolicy during redistribution.

Note that routes are redistributed only if they are in the forwarding table (that is, they are activeroutes). The Avaya Secure Router 2330/4134 does not support extensions that allow BGP tosend out routes that are not active routes.

BGP concepts


SecurityBGP can authenticate peerings and routing protocol exchanges. Authentication guaranteesthat BGP imports routing information from trusted peers only. An administrator can configurea password for this purpose. By default, authentication security is disabled.

Route reflectorsRoute Reflectors and Confederations are two different techniques used to solve the sameproblem of full iBGP meshing.

BGP systems generally require full-mesh connectivity within an AS to facilitate redistributionof external routes to all routers in the same AS. However, scaling issues can arise within anAS that contains a significant number of BGP routers because they all exchange the sameinformation with each other, causing an unacceptable amount of BGP control traffic. To avoidthis scenario, an administrator can configure Route Reflectors to decrease the BGP controltraffic inside the AS.

A Route Reflector is a cluster of BGP devices within an AS, with one system serving as a RouteReflector server and other BGP systems serving as client peers. The server redistributesintracluster routing information to its client peers. Outside the cluster, non-client peers receiveintercluster routing information from the server. Non-client peers may also be RouteReflectors.

ConfederationsConfederations and Route Reflectors are two different techniques used to solve the sameproblem of full iBGP meshing.

One solution to the requirement of full-mesh connectivity between iBGP peers consists ofsplitting an AS into several sub-ASs that together form a confederation. Each sub-AS containsa collection of fully-meshed iBGP peers. BGP routers on a sub-AS border communicate withother sub-AS border routers using a smaller number of eBGP sessions. Therefore,implementing a confederation substantially simplifies the requirement for 1-to-n connectivityamong all peers within an AS, resulting in less control traffic and more available routerresources and bandwidth for user data traffic within the AS.

To external ASs, the confederation looks like a single AS with a single AS number, which isthe confederation identifier. The confederation hides the sub- AS numbers from peers outsidethe local AS. Because the confederation looks to external peers like a single AS, processingof AS path attributes such as next hop, local-preference, and MED occur in the normalmanner.

BGP fundamentals



Route flap dampeningA route is flapping when its state oscillates from available to unavailable to availableperiodically. An available route resides in the router FIB, whereas an unavailable route hasbeen withdrawn from the router FIB. Every time a route flaps, BGP assigns to that route apenalty that is cumulative. When the penalty reaches a certain limit (called the suppress limit),BGP suppresses (stops advertising) the flapping route. However, as route availabilitystabilizes, BGP also actively reduces the penalty value for that route by half, at a period definedby a half-life attribute. Once the penalty value diminishes below a reuse threshold value, BGPcan resume advertising (reusing) the route.

When route flapping occurs, BGP systems generate too many route update messages, therebyreducing the efficiency of peers in the network. By damping route flaps, BGP generates fewerroute updates, thereby helping to optimize BGP operation in peers and in the network.

Route refreshWhen any import policies for the local BGP peer change, all of the routes advertised by aremote peer must be re-evaluated against all existing (including new and modified) importpolicies. One way to perform this operation is for the local peer, at great expense of availableresources, to:

• Maintain a real-time database of all routes advertised by remote peers, at the expense oflocal memory and CPU resources.

• Reapply all import policies to the above routes.

• Import into the BGP RIB-IN table only those routes accepted by the latest BGP importpolicies on the local peer.

Instead of the above approach, the route-refresh feature enables the local peer to:

• Not maintain a real-time database of all routes advertised by remote peers, saving localmemory and CPU resources.

• Request a remote peer to resend all of the routes currently in its RIB-OUT table. Uponreceiving the requested routes, the local peer can reapply all of its current import policies.The RIB-OUT table contains the routes that the router announces to adjacent peers.

• Import into the BGP RIB-IN table only those routes qualified by the latest local BGP importpolicies on the local peer. The RIB-IN table contains the routes that the router learns fromadjacent peers.

A BGP speaker uses the BGP Capabilities Advertisement to advertise to peers at sessionOPEN its ability to originate and correctly process route-refresh messages. By using the BGP-CAP mechanism, the BGP speaker will send route-refresh messages only to peers that alsosupport the feature.

BGP concepts


BGP planning considerationsAn administrator can plan for the different stages of BGP configuration by obtaining certainkey information from the detailed network design plan. For the purpose of grouping relatedconfiguration tasks, the stages of BGP configuration planning are:

• BGP minimum configuration planning• BGP initial session customization planning• BGP update processing and advertisement configuration planning• BGP optimization planning

BGP minimum configuration planningBefore you begin BGP minimum configuration, determine the following from your networkdesign plan:

• The AS number in which the local BGP peer resides.

• The address families to be supported by the local BGP peer. (By default, BGP supportsthe IPv4 address family, but can also support the IPv6 address family.)

• The names of BGP groups you want to configure on this router.

• For each BGP neighbor, its peer type (internal iBGP or external eBGP).

• The number of any AS in which BGP peers reside.

• The IP addresses of the local and remote BGP peers in each group. (By default, theaddress of the local peer is its router-id.)

• The names of any routing policies necessary to allow certain other BGP peers to connectdynamically, or as needed, to the local peer.

BGP initial session customization planningBefore customizing the behavior or sessions between the local and any remote BGP peers,you should finish the minimum configuration of the Avaya Secure Router 2330/4134 local BGPpeer. The administrator should then additionally determine from the network design plan thesesettings for each static or dynamic peer configured on the local BGP router:

• BGP session OPEN type (active or passive)

• BGP connection type (direct or multihop)

BGP fundamentals



• Authentication password• Session timer settings (default or customized)

BGP update processing and advertisement configuration planningAfter BGP minimum configuration and initial session customization, you can customize howthe local peer must process received updates and outgoing advertisements. From the networkdesign plan, determine if the local BGP peer must:

• Advertise the local router ID as nexthop (to all, group, or specific peers)• Advertise no aggregator ID in updates (to all, group, or specific peers)• Advertise MED values (to all, group, or specific peers)• Compare MED values in routes learned from eBGP peers• Remove a private AS number from routes• Replace the peer AS number with the local AS number in updates received from peers• Keep routes that contain the local AS number• Accept routes containing the local AS number n times• Allow default or set customized maximum routes and session teardown criteria for each

address family

BGP optimization planningTo help optimize BGP operations, determine from the network design plan if the local BGPpeer:

• Is part of an AS confederation• Is part of a Route Reflector cluster• Is part of any specific communities or extended communities• Has requirements for customized import and export policies• Should support damping for flapping routes• Should support the BGP Route Refresh capability

MBGPBGP Multicast (MBGP) allows BGP to connect multicast topologies within and outside anAS.

Routers implementing the MBGP feature carry two separate sets of routing information forunicast and multicast routing. Multicast protocols such as Protocol Independent Multicast

BGP planning considerations


(PIM ) use this multicast routing information to build multicast distribution trees. Using MBGP,you can direct all the multicast traffic to designated access points other than normal unicastforwarding paths. Combined with the power of BGP policies, MBGP controls over the multicasttraffic inside as well as outside the AS. MBGP supports most applicable unicast BGP CLIcommands, with the exception that MBGP routes are not redistributed to other protocols andBGP routes are not redistributed to MBGP. To configure multicast BGP, specify the IPv4multicast address family (using the address-family command) before configuring the desiredBGP property (the default address family is unicast).

BGP fundamentals



Chapter 12: BGP configuration procedures

BGP procedures for a minimum configuration

Enabling BGPUse the following procedure to enable BGP to support the exchange of routes betweenautonomous systems.

This procedure enables BGP with mainly default configuration values. Any peer groups createdunder BGP inherit these default values. You can choose to override (customize) many of theseBGP global values at the BGP group or individual peer level.

Use the no form of this command to revert.

Procedure steps


configure terminal2. Enter router mode and specify the BGP AS number.

router bgp <1-65535>

BGP procedures for a customized configuration

Configuring MBGP propertiesUse the following procedure to specify the IPv4 multicast address-family to configure MBGPproperties.

Procedure steps




router bgp <1-65535>3. For multicast configuration, specify the IPv4 multicast address family (default family

is IPv4 unicast):

address-family ipv4 multicast

Configuring a passive session OPENUse the following procedure to configure a passive session OPEN if you do not want BGP tosend the active OPEN message to another peer to establish a BGP session.

The local peer waits for the remote peer to initiate the BGP session and responds accordingly.(By default, BGP actively initiates session OPEN with another peer.)


Procedure steps




is IPv4 unicast):

address-family ipv4 multicast4. Set the session to passive.

[no] neighbor <A.B.C.D|X:X::X:X|tag> passive

Advertising the local router ID as nexthopUse the following procedure to advertise the local router ID as the next hop to force iBGP peersand/or eBGP Confederation Peers in the local AS to use that local node as the next hop forrouting traffic to destinations outside the AS.


Procedure steps


BGP configuration procedures





is IPv4 unicast):

address-family ipv4 multicast4. Advertise as next hop.

[no] neighbor <A.B.C.D|X:X::X:X|tag> next-hop-self

Comparing the MED value of routes learned from eBGP peersUse the following procedure to compare the multi-exit discriminator (MED) value of routeslearned from eBGP peers so that the Avaya Secure Router 2330/4134 can select the routewith the lowest advertised MED value.


Procedure steps



router bgp <1-65535>3. Configure to always compare MED values.

[no] bgp always-compare-med

Removing private AS numbers from route advertisementsUse the following procedure to remove private AS numbers from route advertisements to avoidpropogating those routes to other BGP peers. When an ISP’s local eBGP peer receives a routeupdate message from an eBGP peer on a private AS, the ISP’s peer must remove the privateAS numbers.


Procedure steps






is IPv4 unicast):

address-family ipv4 multicast4. Remove private AS numbers from route advertisements.

[no] neighbor <A.B.C.D|X:X::X:X|tag> remove-private-AS

Configuring a BGP ConfederationUse the following procedure to configure a BGP confederation to avoid the scaling issues thatthe full-mesh connectivity requirement causes.

A confederation splits a major AS into multiple sub-ASs. Although each sub-AS contains agroup of fully-meshed iBGP peers, the sub-AS BGP border router communicates with othersub-AS BGP border routers using a smaller number of eBGP sessions. Together, the sub-ASsand their respective peers form a confederation, which appears to external ASs as a singleAS.


Procedure steps



router bgp <1-65535>3. Configure a confederation.

bgp confederation <id>4. Configure confederation peer AS numbers

[no] bgp confederation peers <AS-numbers>Table 117: Variable definition

Variable Value<id> Identifier name.

Configuring a BGP Route Reflector clusterUse the following procedure to configure a BGP Route Reflector cluster to achieve full iBGPmeshing within a large AS.




With this configuration, an administrator subdivides an AS into peer clusters.


Procedure steps



router bgp <1-65535>3. Configure a cluster-id.

[no] bgp cluster-id <cluster-id>Table 118: Variable definition

Variable Value<cluster-id> Cluster identifier.

Configuring soft-reconfiguration on neighborUse the following procedure to configure the router software to start storing updates.


Procedure steps




is IPv4 unicast):

address-family ipv4 multicast4. Configure the router software to start storing updates.

[no] neighbor <A.B.C.D|X:X::X:X|tag> soft-reconfigurationinbound



Configuring strict-capability-match on neighborUse the following procedure to close the BGP connection if capability value does notcompletely match to remote peer.


Procedure steps



router bgp <1-65535>3. Configuring strict-capability-match on a neighbor.

[no] neighbor <A.B.C.D|X:X::X:X|tag> strict-capability-match

Enabling ECMPUse the following procedure to enable ECMP processing.


Procedure steps




is IPv4 unicast):

address-family ipv4 multicast4. Enable ECMP processing.

[no] ebgp-ecmp

Enabling an address family for a neighborUse the following procedure to activate the current address family for the supplied neighbor.

Use the no form of this command to clear this setting.




Procedure steps




is IPv4 unicast):

address-family ipv4 multicast4. To activate the address family, enter:

[no] neighbor <A.B.C.D|X:X::X:X|tag> activate

Configuring interval for BGP route updatesUse the following procedure to configure the minimum interval between sending BGP routingupdates.


Procedure steps



router bgp <1-65535>3. To set the minimum advertisement interval, enter:

[no] neighbor <A.B.C.D|X:X::X:X|tag> advertisement-interval<interval>


Variable Value<interval> The advertisement interval, in seconds, in the range 0 to

600.

Configuring interval for AS-origination updatesUse the following procedure to set the minimum interval between sending AS-originationrouting updates.




Procedure steps



router bgp <1-65535>3. To set the minimum interval, enter:

[no] neighbor <A.B.C.D|X:X::X:X|tag> as-origination-interval<interval>


Variable Value<interval> The minimum interval, in seconds, in the range 1 to 600.

Advertising capability to a peerUse the following procedure to advertise capabilities to a neighbor.


Procedure steps




is IPv4 unicast):

address-family ipv4 multicast4. To advertise a capability, enter:

[no] neighbor <A.B.C.D|X:X::X:X|tag> capability <dynamic|orf|route-refresh>


Variable Value<dynamic> Advertise dynamic capability to this neighbor.

<orf> Advertise ORF capability to this neighbor.




Variable Value<route-refresh> Advertise route-refresh capability to this neighbor.

Configuring a default route to originate to neighborUse the following procedure to originate a default route to the specified neighbor.


Procedure steps




is IPv4 unicast):

address-family ipv4 multicast4. To configure a default route, enter:

[no] neighbor <A.B.C.D|X:X::X:X|tag> default-originateroute-map <mapname>


Variable Value<mapname> The route-map name.

Configuring a neighbor descriptionUse the following procedure to configure a neighbor description.


Procedure steps



router bgp <1-65535>3. To configure the description, enter:



[no] neighbor <A.B.C.D|X:X::X:X|tag> description<description>


Variable Value<description> A short description of this neighbor, up to 80 characters.

Configuring a distribution listUse the following procedure to filter updates to and from the specified neighbor.


Procedure steps




is IPv4 unicast):

address-family ipv4 multicast4. To filter updates, enter:

[no] neighbor <A.B.C.D|X:X::X:X|tag> distribute-list<identifier>


Variable Value<identifier> The distribute list identifier. Possible values are:

• IP access list number, in the range 1 to 199

• Expanded range IP access list number, in the range 1300to 2699

• The IP access list name

Disallowing capability negotiationUse the following procedure to disallow capability negotiation with the specified neighbor.





Procedure steps



router bgp <1-65535>3. To disallow capability negotiation, enter:

[no] neighbor <A.B.C.D|X:X::X:X|tag> dont-capability-negotiate

Allowing EBGP neighbors from indirectly connected networksUse the following procedure to allow EBGP neighbors not on directly connected networks.


Procedure steps



router bgp <1-65535>3. To allow EBGP neighbors, enter:

[no] neighbor <A.B.C.D|X:X::X:X|tag> ebgp-multihop <maxhop>Table 125: Variable definition

Variable Value<maxhop> The maximum hop count, in the range 1 to 255.

Configuring BGP filtersUse the following procedure to establish BGP filters.


Procedure steps






is IPv4 unicast):

address-family ipv4 multicast4. Establish BGP filters.

[no] neighbor <A.B.C.D|X:X::X:X|tag> filter-list <listname><in|out>


Variable Value<in> Filter incoming routes.

<listname> The AS path access list name.

<out> Filter outgoing routes.

Enabling BGP on an interfaceUse the following procedure to enable BGP on an interface.


Procedure steps



router bgp <1-65535>3. Enable BGP on an interface.

[no] neighbor <A.B.C.D|X:X::X:X|tag> interface <interface>Table 127: Variable definition

Variable Value<interface> The interface for which you want to enable BGP.




Configuring maximum number of prefixesUse the following procedure to set the maximum number of prefixes accepted from thespecified peer.


Procedure steps




is IPv4 unicast):

address-family ipv4 multicast4. Set the maximum number of prefixes.

[no] neighbor <A.B.C.D|X:X::X:X|tag> maximum-prefix<maxprefix>


Variable Value<maxprefix> The maximum number of prefixes, in the range 1 to

4294967295.

Configuring a neighbor passwordUse the following procedure to set a password for the specified neighbor.


Procedure steps



router bgp <1-65535>3. Set a password for the specified neighbor.

[no] neighbor <A.B.C.D|X:X::X:X|tag> password <password>




Variable Value<password> The password for the specified neighbor.

Configuring peer-group membersUse the following procedure to add the specified interface as a peer-group member.


Procedure steps




is IPv4 unicast):

address-family ipv4 multicast4. Add a peer-group member.

[no] neighbor <A.B.C.D|X:X::X:X|tag> peer-group <groupname>Table 130: Variable definition

Variable Value<groupname> The name of the peer group to join.

Configuring a prefix listUse the following procedure to filter updates to and from the specified neighbor.


Procedure steps



router bgp <1-65535>




3. For multicast configuration, specify the IPv4 multicast address family (default familyis IPv4 unicast):

address-family ipv4 multicast4. Configure the prefix list.

[no] neighbor <A.B.C.D|X:X::X:X|tag> prefix-list <name> <in|out>


Variable Value<in> Filter incoming updates.

<name> The name given to the prefix list.

<out> Filter outgoing updates.

Configuring AS number of a remote BGP neighborUse the following procedure to set the AS number of a remote BGP neighbor.


Procedure steps



router bgp <1-65535>3. Set the AS number.

[no] neighbor <A.B.C.D|X:X::X:X|tag> remote-as <asnumber>Table 132: Variable definition

Variable Value<asnumber> The AS number of the specified remote BGP neighbor, in the

range 1 to 65535.

Configuring a route map to a neighborUse the following procedure to apply a route map to the specified neighbor.




Procedure steps




is IPv4 unicast):

address-family ipv4 multicast4. Configure the route map.

[no] neighbor <A.B.C.D|X:X::X:X|tag> route-map <mapname> <in|out>


Variable Value<in> Apply route map to incoming routes.

<mapname> The name of the route map.

<out> Apply route map to outbound routes.

Configuring a neighbor as route reflector clientUse the following procedure to configure the specified neighbor as a route reflector client. Usethe no form of this command to disable this function.


Procedure steps




is IPv4 unicast):

address-family ipv4 multicast4. Configure as route reflector client.

[no] neighbor <A.B.C.D|X:X::X:X|tag> route-reflector-client




Configuring a neighbor as route server clientUse the following procedure to configure the specified neighbor as a route server client.


Procedure steps




is IPv4 unicast):

address-family ipv4 multicast4. Configure as router server client.

[no] neighbor <A.B.C.D|X:X::X:X|tag> route-server-client

Sending a community attribute to a neighborUse the following procedure to send a community attribute to the specified neighbor.


Procedure steps




is IPv4 unicast):

address-family ipv4 multicast4. Send the community attribute.

[no] neighbor <A.B.C.D|X:X::X:X|tag> send-community <both|extended|standard>




Variable Value<both> Send Standard and Extended Community attributes.

<extended> Send Extended Community attributes.

<standard> Send Standard Community attributes.

Shutting down a neighborUse the following procedure to administratively shutdown any active sessions for the specifiedneighbor and clear all related routing data.


Procedure steps



router bgp <1-65535>3. Shutdown the neighbor.

[no] neighbor <A.B.C.D|X:X::X:X|tag> shutdown

Configuring BGP neighbor timersUse the following procedure to configure BGP per-neighbor timers.


Procedure steps



router bgp <1-65535>3. Configure BGP neighbor timers.

[no] neighbor <A.B.C.D|X:X::X:X|tag> timers <keepalive>[connect <interval>]





Variable Value[connect] Configure the neighbor connect timer.

<interval> The connect timer interval, in the range 1 to 65535.

<keepalive> The keepalive interval for the specified neighbor, in the range0 to 65535.

Configuring a routing update sourceUse the following procedure to configure a source for the specified neighbor's routingupdates.


Procedure steps



router bgp <1-65535>3. Configure the update source.

[no] neighbor <A.B.C.D|X:X::X:X|tag> update-source <source>Table 136: Variable definition

Variable Value<source> The interface name or address of the update source.

Configuring weight for a BGP neighborUse the following procedure to configure the weight for the specified BGP neighbor.


Procedure steps






is IPv4 unicast):

address-family ipv4 multicast4. Configure the weight.

[no] neighbor <A.B.C.D|X:X::X:X|tag> weight <weight>Table 137: Variable definition

Variable Value<weight> The default weight, in the range 0 to 65535.

Modifying a default bestpath selectionUse the following procedure to modify the default bestpath selection.


Procedure steps



router bgp <1-65535>3. To modify the default selection, enter:

[no] bgp bestpath [as-path ignore] [compare-confed-aspath][compare-routerid] [med [confed] [missing-as-worst]]


Variable Value[as-path ignore] Ignore as-path length in selecting a route.

[compare-confed-aspath] Allow comparing confederation AS path length.

[compare-routerid] Compare router-id for identical EBGP paths.

[confed] Compare MED among confederation paths.

[med] Configure MED attribute.

[missing-as-worst] Treat missed MED as the least preferred one.




Configuring client-to-client route reflectionUse the following procedure to configure client-to-client route reflection.


Procedure steps



router bgp <1-65535>3. To configure route reflection, enter:

[no] bgp client-to-client reflection

Configuring a route reflector cluster-idUse the following procedure to configure the route reflector cluster-id.


Procedure steps



router bgp <1-65535>3. To configure the cluster-id, enter:

[no] bgp cluster-id <id>Table 139: Variable definition

Variable Value<id> The route reflector cluster-id. Can be configured as 32bit

quantity, in the range 1 to 4294967295 or in IP addressformat.



Configuring AS confederation parametersThe following procedure describes how to configure confederation parameters.


Procedure steps



router bgp <1-65535>3. To configure confederation parameters, enter:

[no] bgp confederation [identifer <asnumber>] [peers <peer>]Table 140: Variable definition

Variable Value[identifer <asnumber>] Configure confederation by AS number, in the range 1 to

65535.

[peers <peer>] Configure confederation by peer AS by listing each peernumber, in the range 1 to 65535, followed by a space, up toa maximum of 255 entries.

Enabling route flap dampeningThe following procedure describes how to enable and configure route flap dampening.


Procedure steps




is IPv4 unicast):

address-family ipv4 multicast4. To enable and configure flap dampening, enter:




[no] bgp dampening [route-map <mapname>] [<hltime> <reuse><suppress> <duration> <uhltime>]


Variable Value<duration> Maximum duration to suppress a stable route.

<hltime> Reachability half-life time for a penalty, in minutes.

<reuse> Value to start reusing a route.

[route-map <mapname>] Configure route-map criteria by map name.

<suppress> Value to start suppressing a route.

<uhltime> Unreachability half-life time for a penalty, in minutes.

Configuring BGP defaultsThe following procedure describes how to configure BGP defaults.


Procedure steps



router bgp <1-65535>3. To configure BGP defaults, enter:

[no] bgp default [ipv4-unicast] [local-preference <value>]Table 142: Variable definition

Variable Value[ipv4-unicast] Activate IPv4 unicast for a peer by default.

[local-preference <value>] Configure the local preference value, in the range 0 to4294967295. The higher the value, the more preferred.

Enforcing first AS for EBGP routesThe following procedure describes how to enforce the first AS for an EBGP route.




Procedure steps



router bgp <1-65535>3. To enforce the first AS, enter:

[no] bgp enforce-first-as

Resetting a session when a peer goes downThe following procedure describes how to immediately reset a session if a link to a directlyconnected external peer goes down.


Procedure steps



router bgp <1-65535>3. To configure the session to reset, enter:

[no] bgp fast-external-failover

Logging neighbor changesThe following procedure describes how to configure logging neighbor changes.

Use the no form of the bgp log-neighbor-changes command to clear this setting.

The BGP neighbor change messages are logged at the notification priority level of the syslog.By default, the syslog does not log the neighbor changes messages. To enable logging of BGPneighbor changes, you must configure the syslog to log the notification-level messages.

Procedure steps






router bgp <1-65535>3. To log neighbor changes, enter:

[no] bgp log-neighbor-changes exit4. To enable logging of notification level routing messages (which include BGP

neighbor change messages), enter:

system logging syslog module routing local0 notice

Overriding current router-idThe following procedure describes how to override the current router identifier and resetpeers.


Procedure steps



router bgp <1-65535>3. To override the router id, enter:

[no] bgp router-id <id>Table 143: Variable definition

Variable Value<id> The manually configured router identifier, in IP address

format.

Configuring background scan intervalThe following procedure describes how to configure the background scan interval, inseconds.


Procedure steps






is IPv4 unicast):

address-family ipv4 multicast4. To set the scan interval, enter:

[no] bgp scan-time <interval>Table 144: Variable definition

Variable Value<interval> The scan interval, in seconds, in the range 10 to 60. Default

is 60.

Defining the administrative distanceThe following procedure describes how to configure the administrative distance.


Procedure steps




is IPv4 unicast):

address-family ipv4 multicast4. To configure the administrative distance, enter:

[no] distance [<distance>] [bgp <ext> <int> <local>]Table 145: Variable definition

Variable Value[bgp] Configure the BGP distance.

[<distance>] Configure the administrative distance, in the range 1 to255.

<ext> Distance for routes external to the AS, in the range 1 to255.




Variable Value<int> Distance for routes internal to the AS, in the range 1 to

255.

<local> Distance for local routes, in the range 1 to 255.

Configuring BGP aggregate entriesThe following procedure describes how to configure BGP aggregate entries.


Procedure steps




is IPv4 unicast):

address-family ipv4 multicast4. To configure aggregate entries, enter:

[no] aggregate-address <prefix> [as-set] [summary-only]Table 146: Variable definition

Variable Value[as-set] Generate AS set path information.

[summary-only] Filter more specific routes from updates.

Configuring IGP synchronizationThe following procedure describes how to configure BGP to perform IGP synchronization.


Procedure steps






is IPv4 unicast):

address-family ipv4 multicast4. To configure synchronization, enter:

[no] synchronization

Specifying a BGP announced networkThe following procedure describes how to specify a network to announce via BGP.


Procedure steps




is IPv4 unicast):

address-family ipv4 multicast4. To specify a network, enter:

[no] network [<prefix>] [synchronization]Table 147: Variable definition

Variable Value<prefix> IP prefix of the network. Length is optional.

[synchronization] Perform IGP synchronization on network routes.

Configuring routing timersThe following procedure describes how to configure routing keepalive and holdtime timers.


Procedure steps






router bgp <1-65535>3. To configure timers, enter:

[no] timers bgp <keepalive> <holdtime>Table 148: Variable definition

Variable Value<holdtime> The hold timer value, in the range 0 to 65535.

<keepalive> The keepalive interval, in the range 0 to 65535.

Redistributing information from another protocolThe following procedure describes how to redistribute information from another protocol.


Procedure steps




is IPv4 unicast):

address-family ipv4 multicast4. To redistribute information, enter:

[no] redistribute <protocol> route-map <mapname>Table 149: Variable definition

Variable Value<mapname> The pointer to route-map entries.

<protocol> The protocol you want to redistribute from. Possible choicesare:

• connected - redistribute from connected routes.

• ospf - redistribute from OSPF routes.



Variable Value

• rip - redistribute from RIP routes.

• static - redistribute from Static routes.

Configuring aggregation on same next hopThe following procedure describes how to configure BGP to perform aggregation only whenthe next hop matches the specified IP address. Use the no form of this command to clear thissetting.

Procedure steps


configure terminal2. To configure aggregation, enter:

[no] bgp aggregate-nexthop-check

Configuring RFC1771 compatible path selection mechanismThe following procedure describes how to set RFC1771 compatible path selectionmechanism.. Use the no form of this command to clear this setting.

Procedure steps



[no] bgp rfc1771-path-select

Configuring aggregation on same next hopThe following procedure describes how to set the Strict RFC1771 setting. Use the no form ofthis command to clear this setting.

Procedure steps






[no] bgp rfc1771-strict

Configuring a BGP AS path filterThis procedure describes how to configure a BGP autonomous system path filter. Use the noform of this command to clear this setting.

Procedure steps


configure terminal2. To configure the BGP AS system path filter, enter:

[no] ip as-path access-list <name> [deny|permit]Table 150: Variable definition

Variable Value<name> Regular expression access list name.

Configuring community list entriesThis procedure describes how to add a community list entry. Use the no form of this commandto clear this setting.

Procedure steps


configure terminal2. To add the community list entry, enter:

[no] ip community-list <name> [permit|deny]Table 151: Variable definition

Variable Value<name> The community list name.



Matching a BGP origin codeThis procedure describes how to match a BGP origin code. Use the no form of this commandto clear this setting.

Procedure steps

1. Enter configuration mode: configure terminal2. Specify a route map: route-map <route-map-name> [deny|permit]

<1-65535>3. Specify the origin to match: [no] match origin {<egp>|<igp>|

<incomplete>}Table 152: Variable definition

Variable Value<egp> Match from a remote egp origin.

<igp> Match from a local igp origin.

<incomplete> Match from an unknown origin.

Matching a BGP AS-path listThis procedure describes how to match a BGP AS-path list. Use the no form of this commandto clear this setting.

Procedure steps



route-map <route-map-name> [deny|permit] <1-65535>3. Specify the AS-path list to match against:

[no] match as-path <list>Table 153: Variable definition

Variable Value<list> The AS-path access list to match against.




Matching a BGP community listThis procedure describes how to match a BGP community list. Use the no form of thiscommand to clear this setting.

Procedure steps



route-map <route-map-name> [deny|permit] <1-65535>3. Specify the community list to match against:

[no] match community <list> [exact-match]Table 154: Variable definition

Variable Value[exact-match] Do an exact match of communities.

<list> The community list to match against.

Setting the BGP aggregator attributeThis procedure describes how to set the BGP aggregator attribute. Use the no form of thiscommand to clear this setting.

Procedure steps



route-map <route-map-name> [deny|permit] <1-65535>3. Set the BGP aggregator attribute:

[no] set aggregator as <asnum> <address>Table 155: Variable definition

Variable Value<address> The IP address of the aggregator.

<asnum> The AS number of the aggregator.



Setting the prepend string for a BGP AS-path attributeThis procedure describes how to set the prepend string for a BGP AS-path attribute. Use theno form of this command to clear this setting.

Procedure steps



route-map <route-map-name> [deny|permit] <1-65535>3. Set the prepend string for a BGP AS-path attribute:

[no] set as-path {[tag]|[prepend <list>]}Table 156: Variable definition

Variable Value<list> A list of AS-path numbers, separated by spaces, to a max list

size of 255. Valid range of AS-path numbers is 1 to 65535.

[prepend] Prepend to the AS-path.

[tag] Set the tag as an AS-path attribute.

Setting the BGP atomic aggregate attributeThis procedure describes how to set the BGP atomic aggregate attribute. Use the no form ofthis command to clear this setting.

Procedure steps



route-map <route-map-name> [deny|permit] <1-65535>3. Set the BGP atomic aggregate attribute:

[no] set atomic-aggregate




Setting the BGP community listThis procedure describes how to set the BGP community list. Use the no form of this commandto clear this setting.

Procedure steps



route-map <route-map-name> [deny|permit] <1-65535>3. Set the BGP community list:

[no] set comm-list <list> [delete]Table 157: Variable definition

Variable Value[delete] Deletes matching communities.

<list> The community list name.

Setting the BGP community attributeThis procedure describes how to set the BGP community attribute. Use the no form of thiscommand to clear this setting.

Procedure steps



route-map <route-map-name> [deny|permit] <1-65535>3. Set the BGP community attribute:

[no] set community [community-number <number>] [internet][local-AS] [no-advertise] [no-export] [additive]


Variable Value[additive] Add to an existing community.



Variable Value[community-number] Specify a community number.

[internet] Specify as a well known community.

[local-AS] Do not send outside the local AS.

[no-advertise] Do not advertise to any peer.

[no-export] Do not export to next AS.

<number> The community number in aa:nn format.

Setting the BGP local preference path attributeThis procedure describes how to set the BGP local preference path attribute. Use the no formof this command to clear this setting.

Procedure steps



route-map <route-map-name> [deny|permit] <1-65535>3. Set the BGP local preference path attribute:

[no] set local-preference <prefval>Table 159: Variable definition

Variable Value<prefval> The preference value in the range 0 to 4294967295.

Setting the BGP origin codeThis procedure describes how to set the BGP origin code. Use the no form of this commandto clear this setting.

Procedure steps






route-map <route-map-name> [deny|permit] <1-65535>3. Set the BGP origin code:

[no] set origin {[egp]|[igp]|[incomplete]}Table 160: Variable definition

Variable Value[egp] Set the origin as a remote EGP.

[igp] Set the origin as a local IGP.

[incomplete] Set the origin as unknown heritage.

Setting the BGP originator ID attributeThis procedure describes how to set the BGP originator ID attribute. Use the no form of thiscommand to clear this setting.

Procedure steps



route-map <route-map-name> [deny|permit] <1-65535>3. Set the BGP originator ID attribute:

[no] set originator-id <A.B.C.D>Table 161: Variable definition

Variable Value<A.B.C.D> The IP address of the originator.

Setting the tag value for a destination routing protocolThis procedure describes how to set the tag value for a destination routing protocol. Use theno form of this command to clear this setting.

Procedure steps





route-map <route-map-name> [deny|permit] <1-65535>3. Set the tag value for a destination routing protocol:

[no] set tag <value>Table 162: Variable definition

Variable Value<value> The tag value, in the range 0 to 4294967295.

Setting the BGP weight for a routing tableThis procedure describes how to set the BGP weight for a routing table. Use the no form ofthis command to clear this setting.

Procedure steps



route-map <route-map-name> [deny|permit] <1-65535>3. Set the BGP weight for a routing table:

[no] set weight <value>Table 163: Variable definition

Variable Value<value> The weight value, in the range 0 to 4294967295.

Configuring deterministic MEDThis procedure describes how to compare MED variable when choosing routes advertised bydifferent peers in the same AS. Multi Exit Discriminator (MED) is used in best path selectionby BGP. MED is compared after BGP attributes weight, local preference, AS-path and originhave been compared and are equal. Use the no form of this command to clear this setting.

Procedure steps






router bgp <1-65535>3. Enable deterministic MED:

[no] bgp deterministic-med

Accepting an AS path containing my ASThis procedure describes how to accept an AS path containing the current AS. Use the noform of this command to clear this setting.

Procedure steps

1. Enter configuration mode: configure terminal2. Enter router mode and specify the BGP AS number.


is IPv4 unicast):

address-family ipv4 multicast4. Configure to accept the AS-path.

[no] neighbor <A.B.C.D|X:X::X:X|tag> allowas-in <numoccur>Table 164: Variable definition

Variable Value<numoccur> The number of occurrences of the AS number, in the range

1 to 10.

Propagating a BGP attribute unchanged to a neighborThis procedure describes how to propagate a BGP attribute unchanged to the specifiedneighbor. You must specify remote-as or peer-group settings first. Use the no form of thiscommand to clear this setting.

Procedure steps






is IPv4 unicast):

address-family ipv4 multicast4. Configure to propagate a BGP attribute unchanged.

[no] neighbor <A.B.C.D|X:X::X:X|tag> attribute-unchanged{<as-path>|<med>|<next-hop>}


Variable Value<as-path> Use the as-path attribute.

<med> Use the MED attribute.

<next-hop> Use the next-hop attribute.

Overriding a capability negotiation resultThis procedure describes how to override a capability negotiation result. Use the no form ofthis command to clear this setting.

Procedure steps



router bgp <1-65535>3. Override a capability negotiation result.

[no] neighbor <A.B.C.D|X:X::X:X|tag> override-capabilityTable 166: Variable definition

Variable Value<value> The weight value, in the range 0 to 4294967295.

Selectively leaking more-specific routes to a neighborThis procedure describes how to selectively leak more-specific routes to a particular neighbor.Use the no form of this command to clear this setting.




Procedure steps




is IPv4 unicast):

address-family ipv4 multicast4. Leak routes to a neighbor.

[no] neighbor <A.B.C.D|X:X::X:X|tag> unsuppress-map <map>Table 167: Variable definition

Variable Value<map> The name of the route-map used to select routes to be

unsuppressed.

Displaying BGP attribute informationThe following procedure describes how to display BGP attribute information.

Procedure steps

To display BGP attribute information, enter:

show bgp ipv4 [unicast|multicast] attribute-info

Displaying routes matching communitiesThe following procedure describes how to display routes matching specific communities.

Procedure steps

To display routes matching a specified community, enter:

show bgp ipv4 [unicast|multicast] community <number> [local-AS][no-advertise] [no-export]


Variable Value<number> The community number is AA:NN format.



Variable Value[local-AS] Do not send outside the local AS.

[no-export] Do not export to the next AS.

[no-advertise] Do not advertise to any peer.

Displaying BGP pathsThe following procedure describes how to display BGP path information.

Procedure steps

To display BGP path information, enter:

show bgp ipv4 [unicast|multicast] paths

Displaying cidr-only informationThe following procedure describes how to display BGP cidr-only information.

Procedure steps

To display cidr-only information, enter:

show bgp ipv4 [unicast|multicast] cidr-only

Displaying community informationThe following procedure describes how to display information on routes matching thecommunity. To modify the lines displayed, use the | (output modifier token) ; to save the outputto a file use the > output redirection token.

Procedure steps

To display community information, enter:

show bgp ipv4 [unicast|multicast] community <type> <exact-match>


Variable Value<exact-match> Specifies that Router display the exact match of the

communities.




Variable Value<type> Possible values are:

• AA:NN - Specifies a valid value for a community number.

• local-AS - Do not send outside local AS (well-knowncommunity).

• no-advertise - Do not advertise to any peer (well-knowncommunity).

• no-export - Do not export to next AS (well-knowncommunity).

Displaying neighbor informationThe following procedure describes how to display neighbor information.

Procedure steps

To display neighbor information, enter:

show bgp ipv4 [unicast|multicast] neighbors

Displaying BGP regular expression informationThe following procedure describes how to display BGP regular expression information.

Procedure steps

To display regular expression information, enter:

show bgp ipv4 [unicast|multicast] quote-regexp

Displaying BGP community informationThe following procedure describes how to display BGP community information.

Procedure steps

To display community information, enter:



show bgp ipv4 [unicast|multicast] community-info

Displaying scan informationThe following procedure describes how to display scan information.

Procedure steps

To display scan information, enter:

show bgp ipv4 [unicast|multicast] scan

Displaying BGP neighbor status summaryThe following procedure describes how to display a BGP neighbor status summary.

Procedure steps

To display a neighbor status summary, enter:

show bgp ipv4 [unicast|multicast] summary

Displaying inconsistent AS pathsThe following procedure describes how to display inconsistent AS paths.

Procedure steps

To display inconsistent AS paths, enter:

show bgp ipv4 [unicast|multicast] inconsistent-as

Displaying detailed dampening informationThe following procedure describes how to display detailed dampening information.

Procedure steps

To display detailed dampening information, enter:




show bgp ipv4 [unicast|multicast] dampening <type>Table 170: Variable definition

Variable Value<type> The type of dampening information to display. Possible

choices are:

• dampened-paths - Display paths suppressed due todampeninġ.

• flap-statistics - Display flap statistics of routes.

• parameters - Display details of configured dampeningparameters.

Displaying routes matching route mapThe following procedure describes how to display routes that match a particular route map.

Procedure steps

To display routes, enter:

show bgp ipv4 [unicast|multicast] route-map <mapname>Table 171: Variable definition

Variable Value<mapname> The route map to match against.

Displaying routes matching a prefix listThe following procedure describes how to display routes that match a particular prefix list.

Procedure steps


show bgp ipv4 [unicast|multicast] prefix-list <listname>Table 172: Variable definition

Variable Value<listname> The prefix list to match against.



Displaying routes matching a filter listThe following procedure describes how to display routes matching a particular filter list.

Procedure steps


show bgp ipv4 [unicast|multicast] filter-list <listname>Table 173: Variable definition

Variable Value<listname> The filter list to match against.

Displaying routes matching a community listThe following procedure describes how to display routes matching a particular communitylist.

Procedure steps


show bgp ipv4 [unicast|multicast] community-list <listname>Table 174: Variable definition

Variable Value<listname> The community list to match against.

Displaying routes matching an AS path regular expressionThe following procedure describes how to display routes matching an AS path regularexpression.

Procedure steps





show bgp ipv4 [unicast|multicast] regexp <expression>Table 175: Variable definition

Variable Value<expression> A regular expression used to match the BGP AS paths.

Displaying AS path access listsThis procedure describes how to list AS path access lists.

Procedure steps

To display AS path access lists, enter:

show ip as-path-access-list <name>Table 176: Variable definition

Variable Value<name> The name of the AS path access list you want to display.

Displaying community listsThis procedure describes how to display a community list.

Procedure steps

To display the community list, enter:

show ip community-list <name>Table 177: Variable definition

Variable Value<name> The name of the community list you want to display.

Resetting all BGP peersThe following procedure describes how to reset all BGP peers in the IPv4 address family.

Procedure steps

To clear all IPv4 BGP peers, enter:



clear bgp ipv4 *

Resetting all BGP peers in IPv4 familyThe following procedure describes how to reset all BGP peers in the IPv4 address family.

Procedure steps

To clear all IPv4 BGP peers, enter:

clear bgp ipv4 {unicast|multicast} [in|out|soft] [prefix-filter]

Resetting BGP AS numberThe following procedure describes how clear peers in a BGP AS.

Procedure steps

To clear all IPv4 BGP AS number, enter:

clear bgp ipv4 {unicast|multicast} <AS-number> [in|out|soft][prefix-filter]

Resetting BGP peer groupsThe following procedure describes how to reset BGP peer groups.

Procedure steps

To clear all IPv4 BGP peer groups, enter:

clear bgp ipv4 {unicast|multicast} peer-group <groupname> [in|out|soft] [prefix-filter]

Resetting BGP neighbor IDThe following procedure describes how to reset BGP neighbor address.

Procedure steps

To clear all IPv4 BGP neighbor ID, enter:




clear bgp ipv4 {unicast|multicast} <A.B.C.D> [in|out|soft][prefix-filter]

Resetting BGP dampeningThe following procedure describes how to reset BGP dampening.

Procedure steps

To clear all IPv4 BGP dampening, enter:

clear bgp ipv4 {unicast|multicast} dampening <A.B.C.D|A.B.C.D/M>

Resetting BGP flap statisticsThe following procedure describes how to reset flap statistics.

Procedure steps

To clear all IPv4 BGP flap statistics, enter:

clear bgp ipv4 {unicast|multicast} flap-statistics <A.B.C.D|A.B.C.D/M>

Resetting BGP external peersThe following procedure describes how to reset external peers.

Procedure steps

To clear all IPv4 BGP flap statistics, enter:

clear bgp ipv4 {unicast|multicast} external [in|out|soft][prefix-filter]

Sample BGP configurations

Configuring IBGP sessionsAn IBGP Session is established between 2 BGP peers if they both belong to the sameautonomous system number. They need not be directly connected to make any peer



relationship. IBGP Sessions need to be fully meshed to get EBGP routes advertised to all peersin the autonomous system.

Configuring an IBGP Session between 2 Avaya Secure Routers

CONFIGURATION OF AVAYA1:conf term interface bundle ToNT2 linkt1 1/1 encapsulation ppp ip address40.40.40.1 255.255.255.0 exit routerbgp 100 neighbor 40.40.40.2 remote-as 100 exit

CONFIGURATION OF AVAYA2:conf term interface bundle ToNT1 linkt1 1/1 encapsulation ppp ip address40.40.40.2 255.255.255.0 exit router bgp 100 neighbor 40.40.40.1remote-as 100 exit

The above configuration should bring up an IBGP Session between AVAYA1 and AVAYA2.

Configuring an IBGP Session between an Avaya Router and a 3rd PartyRouter

CONFIGURATION OF AVAYA1:conf term interface bundle To3rd linkt1 2/1encapsulation pppip address30.30.30.1 255.255.255.0exitrouterbgp 100neighbor 30.30.30.3 remote-as 100exit




CONFIGURATION OF 3RD PARTY ROUTER:interface Serial3/0ip address 30.30.30.3 255.255.255.0encapsulation pppexitrouterbgp 100neighbor 30.30.30.1 remote-as 100exit

The above configuration should bring up an IBGP Session between AVAYA1 and the 3rd partyrouter.

Configuring an IBGP Multi-Hop Session between 2 Avaya Secure Routers

CONFIGURATION OF AVAYA1:conf term interface bundle ToNT2 linkt1 1/1 encapsulation ppp ip address40.40.40.1 255.255.255.0 exit interfaceloopback 1 ip address 60.60.60.1 255.255.255.255 exit ip route 60.60.60.2 255.255.255.25540.40.40.2 1 router bgp 100 neighbor60.60.60.2 remote-as 100 exit exit

CONFIGURATION OF AVAYA2:conf term interface bundle ToNT1 linkt1 1/1 encapsulation ppp ip address40.40.40.2 255.255.255.0 exit interfaceloopback 1 ip address 60.60.60.2 255.255.255.255 exit ip route 60.60.60.1 255.255.255.25540.40.40.2 1 router bgp 100 neighbor60.60.60.1 remote-as 100 exit

Note in the above configuration we have added an ip route command to reach the other sideloopback interface. We need to have a route to reach the bgp peer address, either through astatic route or through any other protocol like rip or ospf.

Reachability to the peer address has been achieved, but the session is still in an Active state.The BGP Session is not established because there is one thing that is missing still. When BGPInitiates a connection with another peer, it would always use its outgoing interface as its sourceaddress. In this case AVAYA2 would use 40.40.40.2 and AVAYA1 would use 40.40.40.1. ButBGP is configured with neighbor address as 60.60.60.1 in AVAYA2 and 60.60.60.2 in AVAYA1instead of 40.40.40.1 and .2. So we need to instruct BGP to use 60.60.60.1 and .2 as sourceaddress instead of 40.40.40.x

By putting an update-source command under the neighbor, BGP would start using the60.60.60.x address.SR4134> conf term SR4134/configure> router bgp 100 SR4134/configure/router/bgp 100> neighbor 60.60.60.2 update-source 1SR4134_2> conf term SR4134_2/configure> router bgp 100 SR4134_2/configure/router/bgp 100> neighbor 60.60.60.1 update-source 1



Configuring an IBGP Multi-Hop Session between an Avaya Router and a 3rdParty Router

CONFIGURATION OF AVAYA1conf term interface bundle To3rd link t1 2/1 encapsulation ppp ip address 30.30.30.1 24 exit interface loopback 1ip address 60.60.60.2 32 exit ip route 60.60.60.3 255.255.255.255 30.30.30.3 1 router bgp 100 neighbor 60.60.60.3 remote-as 100 neighbor 60.60.60.3 update-source 1 exit

CONFIGURATION OF 3RD PARTY ROUTERinterface Loopback1ip address 60.60.60.3 255.255.255.255 interface Serial3/0 ip address 30.30.30.3255.255.255.0 encapsulation ppp exit ip route 60.60.60.1 255.255.255.255 30.30.30.1 1 router bgp 100 neighbor 60.60.60.1 remote-as 100 neighbor 60.60.60.1 update-source loopback 1 exit

By adding update-source on AVAYA1 and the 3rdPartyRouter, we can establish an IBGPsession between AVAYA and the 3rdPartyRouter.

Configuring EBGP sessionsAn EBGP Session is established between 2 BGP peers if they belong to two differentautonomous system numbers. They need to be directly connected to make a peer relationship.If an EBGP Peer is not directly connected and it is of Multi-hops away, it has to be speciallyconfigured under that neighbor to take care of peer relationship.

Configuring an EBGP Session between 2 Avaya Secure Routers

CONFIGURATION OF AVAYA1:conf term interface bundle ToNT2 link t1 1/1 encapsulation ppp




ip address 40.40.40.1 255.255.255.0 exit router bgp 100 neighbor 40.40.40.2 remote-as 200

CONFIGURATION OF AVAYA2:conf term interface bundle ToNT1 link t1 1/1 encapsulation ppp ip address 40.40.40.2 255.255.255.0 exit routerbgp 200 neighbor 40.40.40.1 remote-as 100

The above configuration should bring up an EBGP Session between AVAYA1 and AVAYA2.

Configuring an EBGP Session between an Avaya Router and a 3rd PartyRouter

CONFIGURATION OF AVAYA1:conf term interface bundle To3rd link t1 2/1 encapsulation ppp ip address 30.30.30.1 255.255.255.0 exit router bgp 100 neighbor 30.30.30.3 remote-as 200

CONFIGURATION OF 3RDPARTYROUTER:interface Serial3/0 ip address 30.30.30.3 255.255.255.0 encapsulation ppp exit router bgp 200 neighbor 30.30.30.1 remote-as 100

The above configuration should bring up an EBGP Session between AVAYA1 and3rdPartyRouter.

Configuring an EBGP Multi-Hop Session between an Avaya Router and a 3rdParty Router

CONFIGURATION OF AVAYA1:conf term interface bundle To3rd linkt1 2/1 encapsulation ppp ip address30.30.30.1 255.255.255.0



exit interface loopback 1 ip address 60.60.60.2 32 exit ip route 60.60.60.3 255.255.255.255 30.30.30.3 1 router bgp 100 neighbor 60.60.60.3 remote-as 200 neighbor 60.60.60.3 ebgp-multihop neighbor 60.60.60.3 update-source 1

On an IBGP Multihop session we need to take care of only the update-source for getting theBGP to an Established state, but in case of EBGP neighbors we have to specify the sessionto be EBGP_MULTIHOP in their neighbor configuration itself.

CONFIGURATION OF 3RDPARTYROUTER:interface Loopback1 ip address 60.60.60.3 255.255.255.255 interface Serial3/0 ip address 30.30.30.3 255.255.255.0 encapsulation ppp exit ip route 60.60.60.1 255.255.255.255 30.30.30.1 1 router bgp 200 neighbor 60.60.60.1 remote-as 100 neighbor 60.60.60.1 ebgp-multihop neighbor 60.60.60.1 update-source loopback 1

The above configuration should bring up an EBGP Session over multi-hop between AVAYA1and 3rdPartyRouter.

Configuring an EBGP Multi-Hop Session between 2 Avaya Secure Routers

CONFIGURATION OF AVAYA1:conf terminterface bundle ToNT2 linkt1 1/1 encapsulation ppp ip address40.40.40.1 255.255.255.0exit interfaceloopback 1 ip address 60.60.60.1 255.255.255.255 exit ip route 60.60.60.2 255.255.255.25540.40.40.2 1 router bgp 100 neighbor60.60.60.2 remote-as 200 neighbor 60.60.60.2 update_source 1 neighbor 60.60.60.2 ebgp-multihop

On an IBGP Multihop session we need to take care of only the update_source for getting theBGP to an Established state, but in case of EBGP neighbors we have to specify the sessionto be EBGP_MULTIHOP in their neighbor configuration itself.




CONFIGURATION OF AVAYA2:conf term interface bundle ToNT1 link t1 1/1 encapsulation ppp ip address40.40.40.2 255.255.255.0 exit interface loopback 1 ip address 60.60.60.2 255.255.255.255 exit ip route 60.60.60.1 255.255.255.255 40.40.40.2 1 router bgp 200 neighbor 60.60.60.1 remote-as 100 neighbor 60.60.60.1 update-source 1 neighbor 60.60.60.1 ebgp-multihop






Documents

Configuration — IPv4 and Routing Avaya Secure Router …