Picos Routing and Switching Configuration Guide

[email protected]

[email protected]

Pica8, Inc.

1032 Elwell Court, Suite 105

Palo Alto, CA. 94303

+1 (650) 614-5838

www.pica8.com

PicOS Routing and

Switching Configuration

Guide

October, 2014

Version: 16

© Copyright 2014 Pica8 Inc. Pica8 is a registered trademark of Pica8 Incorporated, PicOS is a trademark

of Pica8 Incorporated. All rights reserved. All other trademarks are property of their respective owners.

Contents

Supported Layer 2 and Layer 3 Protocols 13

Mode Selection, Configuration Backup and Painless Upgrade 14

System Management Configuration 15

File Management Configuration 16

Layer 2 Switching Configuration 17

Layer 3 Routing Configuration 19

IPv4/IPv6 BGP Configuration 20

Multicast Configuration 21

QoS Configuration 22

WRED Configuration 23

Installing New Software on PicOS 24

Zero Touch Provisioning 25

40G Changes to 4*10G in l2/l3 26

Configuration Appendix 27

OpenFlow Configurations in Crossflow Mode 28

Supported Layer 2 and Layer 3 Protocols 29

Mode Selection, Configuration Backup and Painless Upgrade 32

Overview 32

License 32

Terminology 32

Licenses 33

Speed 33

Mode 33

Accessing your Hardware ID 33

Installing the License 34

License Display 36

License Remove 37

Default Login 37

Modify the Pica8 Mode via an interactive Script 39

Modify the Pica8 Mode via the Pica8 Configuration File 40

Trouble shooting the PicOS Mode 40

l2/L3 Configuration backup 41

Painless upgrade 41

System Management Configuration 44

System Management Overview 44

From Linux Shell to L2_L3 Shell 46

Operation Mode and Configuration Mode 46

Commit Failed and Exit Discard 46

Commit confirmed 47

Configuring DHCP and a Static IP Address 47

Configuring DHCP relay 48

Configuring DHCP option82 49

Configuring DHCP snooping 50

Configuring a User Account 50

Configuring Authentication_Authorization_Accounting 51

Configuring SSH and Telnet Parameters 54

Configuring the Log-in ACL 55

Configuring NTP and the Time zone Parameter 55

Configuring the linux-config-unreliable 56

Configuring IPFIX 57

Configuring sFlow 57

Configuring SNMP 59

Configuring the Syslog Log Level 60

Configuring the Syslog Disk and Syslog host 61

Updating the PicOS Software and Platform 62

Displaying System Information 63

Technical Support 67

Flushing ARP and the Neighbor Table 68

Rebooting the System 68

Displaying the Debugging Message 69

System Management Command List 69

File Management Configuration 75

Managing Configuration Files 75

Additional file management commands 77

Additional file function to changing directory 79

Displaying Your Current Configuration 79

Displaying Your configuration of setting 79

Rolling Back a Configuration 80

Management Configuration Files 81

Saving, Applying, Executing and Loading Configuration Files 83

Bash "linux shell" 84

Upgrade 85

Set alias set_vlans as "PicOS commands" 88

File Management Command List 89

Layer 2 Switching Configuration 90

Physical Ethernet Port Configuration 91

Shutting down the Ethernet port 91

Configuring the MTU and Rate-limit 91

Enabling Port Flow Control 92

Split 40GE Ports in 4x10GE Ports 92

Configuring Port Speed 93

Basic Port Configuration 93

Configuring the access/trunk mode 93

Configuring the Native VLANID 94

Adding a Port to a VLAN 95

Creating a VLAN with in the VLAN range 96

VLAN Configuration Example 96

Configuring Switch A 96

Configuring Switch B 97

Static MAC entries and Dynamic MAC Address Learning 98

Configuring a static MAC entry and managing the FDB 99

Port Security Configuration 99

Enabling Port Security 99

Configuring the Maximum Number of Secure Dynamically Learned MAC Addresses 100

Configuring Static Secure MAC Addresses on a Port 100

Configuring Port Security with Sticky MAC Addresses on a Port 101

Configuring Secure MAC Address Aging Time 101

Configuring Port Security Violation Mode on a Port 102

Configuring Port Security Auto-recovery Time 102

Recovering the Port in Error-discard 102

Configuring Port Security Block Mode on a Port 103

Displaying Port Security Settings 103

Disabling Port Security 104

Cut-through Switching Method 105

Configuring your Switch to Store-and-Forward Method 105

Static Link Aggregation Configuration 106

Configuring static LAGs 106

Displaying static LAG information 106

Advanced-resilient Laghash Configuration and Example 106

Advance Laghash Configuration and Example 107

Laghash Configuration and Example 108

Link Aggregation Control Protocol (LACP) Configuration 108

Configuring LACP LAGs 109

Displaying LACP LAG information 109

MLAG Configuration Guide 109

Important things to know about MLAG 110

Configuring MLAG domain-id 110

Configuring MLAG system-id 111

Configuring MLAG peer 111

Configuring MLAG priority 111

Configuring MLAG hello-interval 112

Configuring a Basic MLAG step-by-step procedure 112

Configuring a Basic MLAG example 113

Configuring Switch A with Static and LACP LAG 113

Configuring an Aggregation Interface to VLAN Members 114

Configure the L3 interface IP address 115

Configuring the domain-id and system-id for the MLAG domain. 115

Configuring the peer IP address and the peer-link for the MLAG domain peer 115

Configuring Switch B with Static and LACP LAG 115



Configuring the domain-id and system-id for the MLAG domain 117


Configuring Switch C with LACP and LAG 117


Configuring Server A with NIC1 and NIC2 as Static LAG 119

View the MLAG internal and neighbor status of Switch A 119

View the MLAG internal and neighbor status of Switch B 119

Configuring a MLAG domain with MSTP example 119

Configuring Switch A with LACP LAG 120



Configuring the domain-id and system-id for the MLAG domain. 122


Configuring Switch B with LACP LAG 122



Configuring the domain-id and system-id for the MLAG domain 124


Configuring Switch C and Switch D with LACP LAG 124

Configuring Switch C and Switch D an aggregation interface add to VLAN Members

125

View the MLAG internal and neighbor status of Switch A 125

View the MSTP status of Switch A 126

View the MLAG internal and neighbor status of Switch B 126

View the MSTP status of Switch B 126

Storm Control in Ethernet Port Configuration 126

Configuring Storm Control 127

Configuring LLDP (Link Layer Discovery Protocol) 127

Configuring the LLDP mode 127

Selecting optional TLVs 128

Displaying LLDP information 128

Configuring other parameters 128

Q-in-Q Basic Port Configuration 128

Configuring the Q-in-Q tunneling internal/external mode 129

Configuring Q-in-Q tunneling to map ingress VLANs to service VLANs 129

Configuring Q-in-Q tunneling egress pop service VLANs 131

Q-in-Q Configuration Example 133

Configuration on Provider A 133

Configuration on Provider B 137

MSTP Configuration 141

Enabling spanning tree mode in MSTP 141

Configuring basic global parameters of MSTP 141

Configuring MSTP interface parameters 143

Configuring the BPDU Filter 143

Configuring BPDU root guard 143

Configuring BPDU TCN-guard 144

Disabling/enabling MSTP 144

PVST Configuration 145

Enabling spanning tree mode in PVST 145

Configuring basic VLAN parameters of PVST 146

Configuring PVST interface parameters 146

Configuring the interface mode 146

Disabling/enabling PVST on one VLAN 147

Disabling/enabling PVST 148

MSTP Configuration Example 150



Configuring Switch C 154

Configuring Switch D 154

Configuring Switch E 155





Configuring Switch E 166

PVST Configuration Example 168





Configuring Mirroring 172

Configuring Mirroring to Analyze Traffic 173

Configuring Mirroring Guide 173

Configuring a port as mirroring port 173

Configuring mirroring on egress port or ingress port 173

Configure monitor the flows of egress port 174

Mirroring Configuration Example 174

Buffer Management Configuration 176

Configuring burst mode for a specified port 176

Configuring "cell" and "packet" for a specified port 176

BPDU Tunneling Configuration 177

Configuring BPDU tunneling for STP on an interface 177

Configuring destination multicast MAC address for BPDU packets 177

BPDU Tunneling Configuration Example 177

Configuration on Provider A 178

Configuration on Provider B 179

Configuring Flex Links Preemption Delay 180

Configuring the preemption mode 180

Showing Flex Links on all interfaces 181

Unidirectional Link Dectection Configuration 181

Configuring UDLD mode 181

Enable UDLD globally or on specific port 181

Configuring UDLD message-interval 181

Display UDLD information 182

Configuring IPv6 RA Guard 182

Configuring "trusted-port" 183

Displaying RA guards 183

L2 Switching Command List 184

Layer 3 Routing Configuration 193

Layer 3 VLAN Interface Configuration 193

ARP Configuration 194

Dynamic ARP Inspection---DAI 195

Static Routing Configuration 197

Static Routing Configuration Example 199

RIPv2 Routing Protocol Configuration 202

RIPv2 Routing Configuration Example 203

OSPF Routing Protocol Configuration 206

OSPF Routing Basic Configuration Example 208

OSPF Configuration Example_ NSSA_Stub_Normal 212

OSPF Stub Area_NSSA Summary 215

OSPF Virtual Link Configuration Guide 215

OSPF Area Range Configuration Guide 220

Importing an External Route into an OSPF Area 222

BFD Protocol Configuration 224

BFD Basic Configuration Example 226

Configuring ECMP (Equal-Cost Multipath Routing) 229

Configuring VRRP (Virtual Router Redundancy Protocol) 231

IPv6 Neighbor Configuration 232

IPv6 Static Routing Configuration 233

OSPFv3 Routing Protocol Configuration 234

ACL and Filter Configuration 235

Configuring Control Plane Security policer 237

L3 Routing Command List 239

IPv4/IPv6 BGP Configuration 250

IPv4 BGP configuration 251

BGP Configuration Guide 251

BGP Basic Configuration Example 257

BGP Route Reflector Configuration Example 264

BGP Confederation Configuration Example 269

BGP Load Balancing Configuration Example 275

IPv6 BGP Configuration 281

IPv6 BGP introduction 281

Building Peering Sessions 282

EBGP Peering 284

IBGP Peering 291

Establish bgp peer use 4-byte-as-number 299

Sources of routing updates 306

Injecting Information Dynamically into BGP 306

Injecting Information Statically into BGP 315

BGP attributes 319

The NEXT_HOP Attribute 319

The AS_PATH Attribute 325

The LOCAL_PREF Attribute 327

The MULTI_EXIT_DISC Attribute 332

The COMMUNITY Attribute 336

BGP-4 aggregation 347

Synchronization 355

Controlling large-scale Autonomous system 360

Confederations 360

Route Reflectors 364

Redundancy and Load Balancing 376

Designing Stable Internets 388

Multicast Configuration 398

IGMP Snooping Configuration 398

IGMP Configuration 399

399

Configuring IGMP parameters for the IGMP interface 399

400

Configuring an IGMPv3 interface 400

400

Joining and leaving a group; displaying group information 400

PIM-SM Configuration 401

PIM-SM Configuration Example 402

Multicast Command List 405

QoS Configuration 408

Configuring SP 408

Configuring WFQ 409

Configuring WRR 410

QoS Command List 411

.QoS Configuration 411

QoS Configuration Guide 411

QoS Principle 413

SP Configuration Example 414

WRR configuration Example 416

WFQ Configuration Example 418

WRED Configuration 421

WRED Configuration Guide 421

WRED Principle 422

WRED Configuration Example 422

Installing New Software on PicOS 425

Install GCC on PicOS 425

Install Puppet on PicOS 427

Zero Touch Provisioning 429

Activate or Deactivate ZTP 429

ZTP (Zero Touch Provisioning) 429

Pica8 ZTP API: 433

40G Changes to 4*10G in l2/l3 436

40G Changes to 4*10G in L2/L3 mode on P-5101 436

In L2/L3 mode configure 436

QSFP (8 x 40G+40*10G) 436

SFP (72x 10G) 439

40G Changes to 4*10G in L2/L3 mode on P-5401 443

In L2/L3 mode configure 443

QSFP (32 x 40G) 443

SFP-64 (16 x 40G + 64 x 10G) 445

SFP (8 x 40G + 96 x 10G) 449

Configuration Appendix 456

Other Command List 456

OpenFlow Configurations in Crossflow Mode 457

CrossFlow Mode Introduction 457

command 459

Examples 459

Basic configurations 459

PicOS Routing and Switching Configuration Guide

12

PicOS supports Layer 2 switching protocols (STP, RSTP, MSTP, MAC learning, Q-in-Q) and Layer

3 routing protocols (static routing, RIPv2, OSPF, IGMP, PIM-SM, IPv6). This guide provides

instructions and examples for configuring switches and controllers. This guide is intended for

system administrators and assumes a working knowledge of Layer 2 and Layer 3 protocols.


13

Supported Layer 2 and Layer 3 Protocols


14

Mode Selection, Configuration Backup and

Painless Upgrade

Overview

License

Default Login

Modify the Pica8 Mode via an interactive Script

Modify the Pica8 Mode via the Pica8 Configuration File

Trouble shooting the PicOS Mode

l2/L3 Configuration backup

Painless upgrade


15

System Management Configuration

System Management Overview

From Linux Shell to L2_L3 Shell

Operation Mode and Configuration Mode

Commit Failed and Exit Discard

Commit confirmed

Configuring DHCP and a Static IP Address

Configuring DHCP relay

Configuring DHCP option82

Configuring DHCP snooping

Configuring a User Account

Configuring Authentication_Authorization_Accounting

Configuring SSH and Telnet Parameters

Configuring the Log-in ACL

Configuring NTP and the Time zone Parameter

Configuring the linux-config-unreliable

Configuring IPFIX

Configuring sFlow

Configuring SNMP

Configuring the Syslog Log Level

Configuring the Syslog Disk and Syslog host

Updating the PicOS Software and Platform

Displaying System Information

Technical Support

Flushing ARP and the Neighbor Table

Rebooting the System

Displaying the Debugging Message

System Management Command List


16

File Management Configuration

Managing Configuration Files

Displaying Your Current Configuration

Displaying Your configuration of setting

Rolling Back a Configuration

Management Configuration Files

Saving, Applying, Executing and Loading Configuration Files

Bash "linux shell"

Upgrade

Set alias set_vlans as "PicOS commands"

File Management Command List


17

Layer 2 Switching Configuration

Physical Ethernet Port Configuration

Basic Port Configuration

Static MAC entries and Dynamic MAC Address Learning

Port Security Configuration

Cut-through Switching Method

Static Link Aggregation Configuration

Advanced-resilient Laghash Configuration and Example

Advance Laghash Configuration and Example

Laghash Configuration and Example

Link Aggregation Control Protocol (LACP) Configuration

MLAG Configuration Guide

Configuring a Basic MLAG step-by-step procedure

Configuring a Basic MLAG example

Configuring Switch A with Static and LACP LAG

Configuring Switch B with Static and LACP LAG

Configuring Switch C with LACP and LAG

Configuring Server A with NIC1 and NIC2 as Static LAG

Configuring a MLAG domain with MSTP example

Configuring Switch A with LACP LAG

Configuring Switch B with LACP LAG

Configuring an Aggregation Interface to VLAN Members

Configuring Switch C and Switch D with LACP LAG

Storm Control in Ethernet Port Configuration

Configuring LLDP (Link Layer Discovery Protocol)

Q-in-Q Basic Port Configuration

MSTP Configuration

PVST Configuration

PVST Configuration Example

Configuring Mirroring

Configuring Mirroring Guide

Buffer Management Configuration


18

BPDU Tunneling Configuration

Unidirectional Link Dectection Configuration

Configuring IPv6 RA Guard

L2 Switching Command List


19

Layer 3 Routing Configuration

Layer 3 VLAN Interface Configuration

ARP Configuration

Dynamic ARP Inspection---DAI

Static Routing Configuration

Static Routing Configuration Example

RIPv2 Routing Protocol Configuration

RIPv2 Routing Configuration Example

OSPF Routing Protocol Configuration

OSPF Routing Basic Configuration Example

OSPF Configuration Example_ NSSA_Stub_Normal

OSPF Stub Area_NSSA Summary

OSPF Virtual Link Configuration Guide

OSPF Area Range Configuration Guide

Importing an External Route into an OSPF Area

BFD Protocol Configuration

BFD Basic Configuration Example

Configuring ECMP (Equal-Cost Multipath Routing)

Configuring VRRP (Virtual Router Redundancy Protocol)

IPv6 Neighbor Configuration

IPv6 Static Routing Configuration

OSPFv3 Routing Protocol Configuration

ACL and Filter Configuration

Configuring Control Plane Security policer

L3 Routing Command List


20

IPv4/IPv6 BGP Configuration

IPv4 BGP configuration

BGP Configuration Guide

BGP Basic Configuration Example

BGP Route Reflector Configuration Example

BGP Confederation Configuration Example

BGP Load Balancing Configuration Example

IPv6 BGP Configuration

IPv6 BGP introduction

Building Peering Sessions

EBGP Peering

IBGP Peering

Establish bgp peer use 4-byte-as-number

Sources of routing updates

Injecting Information Dynamically into BGP

Injecting Information Statically into BGP

BGP attributes

The NEXT_HOP Attribute

The AS_PATH Attribute

The LOCAL_PREF Attribute

The MULTI_EXIT_DISC Attribute

The COMMUNITY Attribute

BGP-4 aggregation

Synchronization

Controlling large-scale Autonomous system

Confederations

Route Reflectors

Redundancy and Load Balancing

Designing Stable Internets


21

Multicast Configuration

IGMP Snooping Configuration

IGMP Configuration

PIM-SM Configuration

PIM-SM Configuration Example

Multicast Command List


22

QoS Configuration

Configuring SP

Configuring WFQ

Configuring WRR

QoS Command List

.QoS Configuration

QoS Configuration Guide

QoS Principle

SP Configuration Example

WRR configuration Example

WFQ Configuration Example


23

WRED Configuration

WRED Configuration Guide

WRED Principle

WRED Configuration Example


24

Installing New Software on PicOS

Install GCC on PicOS

Install Puppet on PicOS


25

Zero Touch Provisioning

Activate or Deactivate ZTP

ZTP (Zero Touch Provisioning)

ZTP API description


26

40G Changes to 4*10G in l2/l3

40G Changes to 4*10G in L2/L3 mode on P-5101



27

Configuration Appendix

Other Command List


28

OpenFlow Configurations in Crossflow Mode

The PicOS documents are available on our Pica8 website:

http://www.pica8.com/portal/

http://www.pica8.com/portal/trial.php


29

Supported Layer 2 and Layer 3 Protocols

Table 1 summarizes the supported protocols.

Table 1 Supported Layer 2 and Layer 3 Protocols

Category Features

System

Management&

Administration

Support for clock/date setting and NTP (Network Time Protocol)

Support for inbound IP access via any routed interface

Support for DHCP (Dynamic Host Configuration Protocol); DHCP client,

DHCP relay, DHCP Option82, and DHCP snooping

Support for multiple local user accounts

Support for SSHv2 (Secure Shell) protocol

Ability to enable debugging for a specific module

Support for Read Only and Read Write access SNMP (Simple Network

Management Protocol)

Support for IPFIX (IP Flow Information Export), monitors data flow in

specified server

Device

Configuration,

Software, and File

Management

Support the ability to save the configuration to flash on the device

Support for configuration versioning and rollback; compares the two

configurations for differences

Ability to import/export configuration files, device software, and logs from

a file on a remote server (tftp/scp as options)

Ping and Trace route tool from CLI (command line interface)

SSH and telnet tool from CLI


30

Ability to view and configure MAC/ARP (Address Resolution Protocol)

table information

Layer 2 Forwarding

and Protocol

Support for LLDP (Link Layer Discovery) protocols for detecting devices

on a link

Support for LACP (Link Aggregation Control) protocol and hashing of

traffic using src/Dst (Source/Destination) MAC address, Src/Dst IP

address, and Layer 4 port information and flag

Support for 802.1q trunked interfaces, for both single and LAG (Link

Aggregation Group) interfaces

Support for 802.1q tagged/untagged interfaces and native tags

Support for Q-in-Q

Support for Jumbo Frame

Support for 802.1d STP (Spanning Tree Protocol)

Support for 802.1w RSTP (Rapid STP) and PVST (Per-VLAN STP)

Support for 802.1s MSTP (Multiple Spanning Tree protocol)

Support for functionality of BPDU (Bridge Protocol Data Unit) Guard /

Filter/UDLD (Unidirectional Link Detection)

Support for storm-control for unicast, multicast, broadcast

Support for ingress/egress port mirroring

Support for802.1p in Layer 2 forwarding

Support for Flow control per-interface

Support for IGMP (Internet Group Management Protocol) snooping

enable per-VLAN

Support for IGMP snooping query per-VLAN

Layer 3 Forwarding

and Routing Protocol

Full support for dual stacked IPv4 and IPv6 addressing.


31

Support for 6 members in a Layer 3 LAG (Link Aggregation Group)

interface

Support for IPv4 and IPv6 static route configuration

Support for OSPFv2 (Open Shortest Path First) IPv4 only

Support for stub, normal, and NSSA (Not-So-Stubby Area) OSPF area

types

Support for up to 32 equal-cost routes in OSPF

Support for RIP routing protocol

Support for BGP (Border Gate Protocol) routing and BFD (Bidirectional

Forwarding Detection)

Support for 128 equal-cost routes in the device's routing/forwarding tables

Support for ECMP (Equal-Cost Multi-path) routing with hashing of traffic

using Src/Dst IP and Port

Support the ToS and DSCP (Differentiated Services Code Point) in Layer

3 forwarding

Support for IGMP v1/v2

Support for PIM-SM (Protocol Independent Multicast Routing-Sparse

Mode)

Support for VRRP (Virtual Router Redundancy Protocol)


32

Mode Selection, Configuration Backup and

Painless Upgrade

Overview

License

Default Login





Painless upgrade

Overview

This chapter describes the boot process and the mode selection. Pica8 switches run in two

different modes:

Open vSwitch mode (OVS)

Layer 2 / Layer 3 mode (L2/L3)

In OVS mode, the L2/L3 daemon is not running; only OVS is accessible.

License

PicOS multi-tier licensing allows you to install just the features you need or all the features

provided by PicOS. A license must be installed to enable all switch ports. Download your license at

.http://license.pica8.com/

NOTE: If no license is installed, only the first 4 ports are active.

Terminology

For clarity, the following terms are used throughout this licensing section.

Base License–This license is required on any switch

Bundle–The license that includes all PicOS features. That is, it all three licensesbundles

Evaluation License–There is evaluation license per se. You can evaluate PicOS withoutno

a license, however only the first 4 ports are active (and the management port)

Hardware ID–This ID is needed when you download a license. You can view your switch ID

by executing the license show command license -s

Mode–There are two license modes: switch license and site license

http://license.pica8.com/


33

Type–There are two speed types; 1G and 10G

Licenses

Each license contains unique features. The licenses are:

Base

Network Linux, Layer 2, Multi-chassis Link Aggregation (MLAG), Simple Network Management

Protocol (SNMP), Security, Zero Touch Provisioning (ZTP)and Static Route. This license is

required.

Layer 3

Open Shortest Path First (OSPF), Border Gateway Protocol (BGP), Protocol-Independent Multicast

(PIM), Network Address Translation (NAT), Virtual Extensible LAN (VXLAN)

OpenFlow

Open vSwitch Database Management Protocol (OVSDB), OpenFlow releases 1.3 and 1.4, MPLS,

CrossFlow, VXLAN and CrossFlow

Base, Layer 3, and OpenFlow

This license bundles all the PicOS features into one license

Speed

There are two speeds available for each license.

1GE platform with 52*1GE or 48*1GE+4*10GE

10GE platform with 48*10GE + 4*40GE or 32*40GE

Mode

Switch--Use this to install your license on one switch only

Site--Use this to install the same license on all of your switches at your site

Accessing your Hardware ID

You must have your hardware ID number to download a license. A utility generates your switch's

hardware ID using the license show command license -s

admin@PicOS-OVS$license -sNo license installed. Use below information to create a license.Type: 1GEHardware ID: E385-FB53-4D57-05EB


34

Installing the License

Customers can download the generated license file and copy it to /etc/picos/. In the following

example, the license file js.lic could be generated according to either switch based or site based

and the type is IGE and the feature is Base Product & Layer3 & Open Flow. Hardware ID is unique

for each switch. The switch cannot update a newer PicOS version whose built date is later than the

expired date of the license.

Switch based:

{

"Type": "1GE",

"Feature":["Open Flow", "Base Product", "Layer3"],

"Hardware ID":"8A68-A7AC-D702-70D2",

"Expire Date":"2020-10-28"

}

Site based:

{

"Type": "1GE",

"Feature":["Open Flow", "Base Product", "Layer3"],

"Mode":"site",

"Site Name":"CompanyA",

"Expire Date":"2020-10-28"

}

The license file is js.lic and it can be installed by the new utility, license, with option -i.


35

admin@XorPlus$cd /etc/picosadmin@XorPlus$lltotal 32drwxrwxr-x 2 root xorp 4096 Feb 4 22:00 ./drwxrwxr-x 60 root xorp 4096 Feb 4 21:56 ../-rw-rw-r-- 1 root xorp 26 Feb 4 18:27 fs_status-rw-r--r-- 1 root root 399 Feb 4 21:59 js.lic-rw-rw-r-- 1 root xorp 247 Sep 4 2014 license.conf-rw-rw-r-- 1 root xorp 183 Aug 10 2014 p2files.lst-rw-rw-r-- 1 root xorp 488 Feb 4 18:28 picos_start.conf-rw-r--r-- 1 root root 251 Feb 4 22:00 public.keyadmin@XorPlus$sudo license -i js.licInstall successfully.admin@XorPlus$lltotal 32drwxrwxr-x 2 root xorp 4096 Feb 4 22:00 ./drwxrwxr-x 60 root xorp 4096 Feb 4 21:56 ../-rw-rw-r-- 1 root xorp 26 Feb 4 18:27 fs_status-rw-rw-r-- 1 root xorp 247 Sep 4 2014 license.conf-rw-rw-r-- 1 root xorp 183 Aug 10 2014 p2files.lst-rw-r--r-- 1 root root 382 Feb 4 22:00 pica.lic-rw-rw-r-- 1 root xorp 488 Feb 4 18:28 picos_start.conf-rw-r--r-- 1 root root 251 Feb 4 22:00 public.key-rw-r--r-- 1 root root 251 Feb 4 22:00 switch-public.keyadmin@XorPlus$

If public.key cannot be found:

admin@XorPlus$sudo license -i js.licInstall failed: Cannot find public key.

If license file does not exist :

admin@XorPlus$sudo license -i js.licInstall failed: No such file or directory.

If the header or the key is disrupted:

admin@XorPlus$sudo license -i js.licInstall failed: License or KEY is disrupted.

If license format is invalid:

admin@XorPlus$sudo license -i js.licInstall failed: License format error.

If license file is not compatible with this switch(verify failed):

admin@XorPlus$sudo license -i js.licInstall failed: Invalid license.


36

License Display

Switch based:

admin@XorPlus$license -s{ "Type": "1GE", "Feature": ["Open Flow", "Base Product", "Layer3"], "Expire Date": "2020-10-28", "Hardware ID": "8A68-A7AC-D702-70D2"}

Site based:

admin@XorPlus$license -s{ "Type": "1GE", "Feature": ["Base Product", "Layer3", "Open Flow"], "Expire Date": "2020-10-28", "Hardware ID": "8A68-A7AC-D702-70D2", "Site Name": " google "}

If license is invalid:

admin@XorPlus$license -sInvalid license. Use below information to create a license.Type: 1GEHardware ID: 8A68-A7AC-D702-70D2admin@PicOS-OVS$

If no license had been installed:

admin@XorPlus$license -sNo license installed. Use below information to create a license.Type: 1GEHardware ID: 8A68-A7AC-D702-70D2admin@PicOS-OVS$


37

License Remove

admin@XorPlus$lltotal 32drwxrwxr-x 2 root xorp 4096 Feb 4 22:00 ./drwxrwxr-x 60 root xorp 4096 Feb 4 21:56 ../-rw-rw-r-- 1 root xorp 26 Feb 4 18:27 fs_status-rw-rw-r-- 1 root xorp 247 Sep 4 2014 license.conf-rw-rw-r-- 1 root xorp 183 Aug 10 2014 p2files.lst-rw-r--r-- 1 root root 382 Feb 4 22:00 pica.lic-rw-rw-r-- 1 root xorp 488 Feb 4 18:28 picos_start.conf-rw-r--r-- 1 root root 251 Feb 4 22:00 public.key-rw-r--r-- 1 root root 251 Feb 4 22:00 switch-public.keyadmin@XorPlus$pwd/etc/picosadmin@XorPlus$admin@XorPlus$license -radmin@XorPlus$lltotal 28drwxrwxr-x 2 root xorp 4096 Feb 4 22:05 ./drwxrwxr-x 60 root xorp 4096 Feb 4 21:56 ../-rw-rw-r-- 1 root xorp 26 Feb 4 18:27 fs_status-rw-rw-r-- 1 root xorp 247 Sep 4 2014 license.conf-rw-rw-r-- 1 root xorp 183 Aug 10 2014 p2files.lst-rw-rw-r-- 1 root xorp 488 Feb 4 18:28 picos_start.conf-rw-r--r-- 1 root root 251 Feb 4 22:00 public.key-rw-r--r-- 1 root root 251 Feb 4 22:00 switch-public.keyadmin@XorPlus$

If license is modified or removed, the switch should be reboot and then new license can be

efficient.

Default Login

PicOS has two modes:

L2/L3 Mode (used for minimal Open vSwitch and traditional L2/L3). This is the default mode.

Open vSwitch mode. In this mode the Switch is completely dedicated to Open vSwitch.

The system has two default users: root and admin. The default password for admin is pica8, but by

default the password has expired (so a first user connecting the switch will have to enter a new

password, and new password should have at least 6 characters). Login admin/pica8 will bring the

user in Linux shell in L2/L3 Mode and can use command "cli" launch the L2/L3 CLI. The root

account password is locked (non-existent). This means that users would have to use "sudo" to get

root privilege.


38

XorPlus login: adminPassword: (input default password "pica8")You are required to change your password immediately (root enforced)Changing password for admin.(current) UNIX password: (input "pica8" again)Enter new UNIX password: (input new password: the new password should be noless than six)Retype new UNIX password: (input new password again)admin@XorPlus$admin@XorPlus$admin@XorPlus$cliSynchronizing configuration...OK.Pica8 PicOS Version 2.3.0Welcome to PicOS L2/L3 on XorPlusXorPlus>

If user update the PicOS with saved configuration, we supposed that the user has changed the

password, and it is saved in the configuration file. Then we should not force the user to re-set the

password again. If user update the PicOS without saved configuration, then user need to set the

password.

Saving the configuration and upgrading, user login should not to re-set the password:

XorPlus login: adminPassword: (input the password before upgrading you used)admin@XorPlus$admin@XorPlus$cliSynchronizing configuration...OK.Pica8 PicOS Version 2.3.0Welcome to PicOS L2/L3 on XorPlusXorPlus>

When users forget the password, the password recovery process (throught the console port) is

described in the related documentation.

By default, Telnet services is disable and SSH is enable.

Admin user login via ssh:

Pica8@dev:~$ ssh 192.168.50.10 -l [email protected]'s password:admin@XorPlus$

Admin user login via telnet:

Pica8@dev:~$ telnet 192.168.50.10Trying 192.168.50.10...telnet: Unable to connect to remote host: Connection refused

By default, login with root to telnet or ssh is forbidden. You can enable telnet or ssh root-login allow

if you need.

Enable telnet root-login allow:


39

XorPlus# set system services telnet root-login allowXorPlus# commitMerging the configuration.Commit OK.Save done.

Enable ssh root-login allow:

XorPlus# set system services ssh root-login allowXorPlus# commitMerging the configuration.Commit OK.Save done.


Another option to modify the PicOS mode (OVS or L2/L3) is to use the built-in interactive script that

will modify the PicOS configuration file automatically.

You have to log as root user and use the command "picos_boot". The switch will display the

software menu as follows:

XorPlus login: adminPassword: admin@XorPlus$sudo picos_boot Please configure the default system start-up options:(Press other key if no change)[1] PicOS L2/L3[2] PicOS Open vSwitch/OpenFlow[3] No start-up options * defaultEnter your choice (1,2,3):

Option 1, PicOS L2/L3 is XorPlus. When you choose option1, after a reboot PicOS will load

XorPlus.

Option 2, Open vSwitch (OVS), is an open source project ported to PicOS (refer to PicOS OVS

Configuration Guide for details) when you choose option2, after a reboot PicOS will load Open

vSwitch.

An alternative to reboot the switch is to reload the PicOS service.

To restart the PicOS service, use the command:

service picos restart

This configuration guide is describing the behavior of PicOS in L2/L3 Mode (Option 1).

In L2/L3 mode, the login session should look like the following:


40

Synchronizing configuration...OK.Pica8 PicOS Version 2.1Welcome to PicOS L2/L3 on XorPlus XorPlus>


The PicOS main configuration file can be found at :

/etc/picos/picos_start.conf

To change the mode (OVS or L2/L3), you have to change the Option "picos_start" in this file (via

an editor like vi) and restart the PicOS Service.

picos_start=ovs

With this option, the system will be used in OVS mode.

picos_start=xorpplus

With this option, the system will be used in L2/L3 mode (or XORP Plus).

Once the configuration file has been updated, you need to restart the PicOS service to activate the

modification (or restart the switch).

To restart the PicOS service, use the command:

sudo service picos restart

Once in L2/L3 mode, to start the L2/L3 CLI, you can use the "CLI" commands.

admin@XorPlus$cliSynchronizing configuration...OK.Pica8 PicOS Version 2.4Welcome to PicOS L2/L3 on XorPlusadmin@XorPlus>


In L2/L3 Mode (Or XORP), the XORP system is running.

Example in L2/L3:


41

admin@XorPlus$ps aux | grep xorp | grep -v greproot 16383 0.0 1.2 18100 6596 ? S Jan29 5:26 xorp_policyroot 16385 0.3 2.5 34980 13380 ? Ss Jan29 99:20 /pica/bin/xorp_rtrmgr -d -Llocal0.info -P /var/run/xorp_rtrmgr.pid admin@XorPlus$ps aux | grep ovs | grep -v grep

In OVS Mode, only the OVS daemon is running.

adnib@Fabric-TOR1#ps aux | grep xorp | grep -v grepadmin@Fabric-TOR1#admin@Fabric-TOR1#admin@Fabric-TOR1#ps aux | grep ovs | grep -v greproot 19982 0.1 0.6 19316 3392 ? S Feb14 7:45 ovsdb-server/ovs/ovs-vswitchd.conf.db --remote=ptcp:6653:172.16.0.205--remote=punix:/ovs/var/run/openvswitch/db.sockroot 19984 5.5 2.4 28504 12772 ? Sl Feb14 398:02 ovs-vswitchd--pidfile=ovs-vswitchd.pid --overwrite-pidfileroot 19997 0.0 1.2 25632 6360 ? S Feb14 0:00 ovs-vswitchd: worker process forpid 19984


The L2/L3 configuration is stored in /pica/config/pica_startup.boot.

admin@XorPlus$admin@XorPlus$cd /pica/config/admin@XorPlus$lsadmin pica.conf.06 pica.conf.13 pica.conf.20 pica.conf.27 pica.conf.34 pica.conf.41 pica.conf.48pica.conf pica.conf.07 pica.conf.14 pica.conf.21 pica.conf.28 pica.conf.35 pica.conf.42 pica.conf.49pica.conf.01 pica.conf.08 pica.conf.15 pica.conf.22 pica.conf.29 pica.conf.36 pica.conf.43 pica_startup.bootpica.conf.02 pica.conf.09 pica.conf.16 pica.conf.23 pica.conf.30 pica.conf.37 pica.conf.44pica.conf.03 pica.conf.10 pica.conf.17 pica.conf.24 pica.conf.31 pica.conf.38 pica.conf.45pica.conf.04 pica.conf.11 pica.conf.18 pica.conf.25 pica.conf.32 pica.conf.39 pica.conf.46pica.conf.05 pica.conf.12 pica.conf.19 pica.conf.26 pica.conf.33 pica.conf.40 pica.conf.47

From version PicOS 2.1, the configuration file will be automatically saved.

Painless upgrade


42

Deprecated commands mechanism:The command structure of Xorp will make some change when release a new version image, not just add newcommands, some commands may be removed or replaced by new commands. Our goal is to make the commandstructure more structured and easier for users. So some commands will be marked as deprecated nodes since version2.4. When a command is replaced by a new command, the old one is marked as deprecated node, both these twocommands can be worked on this version, but the old command can’t be auto- completed by tab key or showing by “?”.The old command need to be typed manually when you want to use it. The old one will be removed in the next version.So you need to remove the deprecated nodes when you prepare to upgrade to next version.If there are some deprecated nodes in your configuration, then you will get some information when you commitconfiguration in CLI.

Note: the deprecated nodes must be removed before upgrading to next version.

For example:

1)

On version 2.4, the command of “interface management-ethernet” has been deprecated, replaced

by “system management-ethernet”, both these two command can work on version 2.4, and the

“interface management-ethernet” will be removed on version 2.5.

2)

When you set “interface management -ethernet” in CLI, you will get the following information:

Configure node "interface management-ethernet" has been deprecated in version 2.4, please use

"system management-ethernet" instead.

Note: The prompted information will not disappear until you removed the deprecated commands.

3) Upgrade

When upgrade image from an old verison from a new one with configuration save, then there will

be some configuration nodes have been marked as deprecated in the new version, then you will

get some notice information when you commit in CLI.

For example, upgrade from 2.3 to 2.4 with configuration saved, after upgrading and removing vlan:

XorPlus# delete vlans vlan-id 111Deleting: 111 {}OK XorPlus# commit Commit OK.Configure node "interface management-ethernet" has been deprecated in version2.4, please use "system management-ethernet" instead.Configure node "system syslog host" has been deprecated in version 2.4,please use "system syslog server-ip" instead.Configure node "system syslog port-number" has been deprecated in version2.4, please use "system syslog server-ip" instead.Configure node "system syslog port-protocol" has been deprecated in version2.4, please use "system syslog server-ip" instead.Save done.XorPlus#


43

Note:1) When upgrading image from an old version to a new one with the configuration which has deprecated nodes,upgrading will be failed. You should remove the deprecated nodes on the configuration tree and then upgrading again.2) We do not support painless upgrading by discontinuous version upgrade, for example from 2.3 to 2.5. If you want toupdate to a discontinuous version, please do not save the configuration.

Deprecated nodes list in version 2.4:Configure node “interface management-ethernet, "system syslog host", "system syslog port-number" and "systemsyslog port-protocol" have been deprecated in version 2.4.

For more information about the deprecated node list, please see:http://203.195.202.125:8080/display/picos24sp/Configuring+DHCP+and+a+Static+IP+Addresshttp://203.195.202.125:8080/display/picos24sp/Configuring+the+Syslog+Disk+and+Syslog+host

http://203.195.202.125:8080/display/picos24sp/Configuring+DHCP+and+a+Static+IP+Address

http://203.195.202.125:8080/display/picos24sp/Configuring+the+Syslog+Disk+and+Syslog+host


44

System Management Configuration





Commit confirmed











Configuring IPFIX

Configuring sFlow

Configuring SNMP





Technical Support






This chapter describes the different ways to configure PicOS and walk you through the CLI

configuration.


45

There are 2 CLIs to configure PicOS:

1) The Linux CLI

2) The PicOS CLI

The Linux CLI is a standard debian based bash shell.

A good Bash tutorial can be found at this address:

http://www.tldp.org/LDP/Bash-Beginners-Guide/html/

PicOS added some commands to the standard Bash shell:

Version - This is to give the PicOS version running on the switch

admin@XorPlus$versionCopyright (C) 2009-2014 Pica8, Inc.===================================Hardware Model : P-5101Linux System Version/Revision : 2.5/17907Linux System Released Date : 10/14/2014L2/L3 Version/Revision : 2.5/17907L2/L3 Released Date : 10/14/2014OVS/OF Version/Revision : 2.5/17907OVS/OF Released Date : 10/14/2014

cli - command to move to the PicOS command or launch PicOS CLI commands from the Linux

shell.

admin@XorPlus$cliSynchronizing configuration...OK.Pica8 PicOS Version 2.5Welcome to PicOS L2/L3 on XorPlusadmin@XorPlus>

In the above example the cli command is used to move to the PicOS CLI.

admin@XorPlus$cli -c "show version" Synchronizing configuration...OK.Pica8 PicOS Version 2.5Welcome to PicOS L2/L3 on XorPlusadmin@XorPlus> Execute command: show version.Copyright (C) 2009-2014 Pica8, Inc.===================================Base ethernet MAC Address : 48:6e:73:01:00:01Hardware Model : P-5101Linux System Version/Revision : 2.5/17907Linux System Released Date : 10/14/2014L2/L3 Version/Revision : 2.5/17907L2/L3 Released Date : 10/14/2014

In the above command the cli command is used to launch a command of the picOS CLI from the

Linux shell.

http://www.tldp.org/LDP/Bash-Beginners-Guide/html/


46


Once in the Linux shell, you can use the command "pica_sh" or "cli" (under /pica/bin) to launch the

L2/L3 CLI (or XORP CLI).

admin@Lima$admin@Lima$cliSynchronizing configuration...OK.Pica8 PicOS Version 2.3Welcome to PicOS L2/L3 on LimaLima> Lima> Lima>

From the L2/L3 CLI (or XORP CLI) to come back to the Linux Shell, you can use the "exit"

command.

XorPlus> exitadmin@XorPlus$


Operation mode

By default, the switch's operation mode is activated when it starts up.

Welcome to PicOS L2/L3on XorPlus

XorPlus>

Configuration mode

Activate the configuration mode by entering the configure command. For the remainder of this

document, be sure to enter the configuration mode if you see the XorPlus# prompt.

XorPlus> configure Entering configuration mode.There are no other users in configuration mode.XorPlus#


Exiting the configuration mode uncommitted configurationswithout

Switch to the execution mode from the configuration mode any uncommittedwithout

configurations.

XorPlus# exitXorPlus>


47

Exiting the configuration mode uncommitted configurationswith

Use the exit discard command to enter the execution mode from the configuration mode with any

uncommitted or failed committed configurations.

XorPlus# set interface gigabit-ethernet ge-1/1/1 disable trueXorPlus# exitERROR: There are uncommitted changes.Use "commit" to commit the changes, or "exit discard" to discard them.XorPlus# exit discard XorPlus>

Commit confirmed

User can commit a candidate configuration before this configuration become permanent. By using

"commit confirmed", the system will apply the configuration for ten minutes default. After ten

minutes, the system will roll back to the configuration automatically before user "commit

confirmed". User can configure the roll back time in the CLI, default it is 10 minutes.

Default configure

By default, it will be automatically rolled back to the previous configuration after 600 seconds.

XorPlus# set vlans vlan-id 2XorPlus# commit confirmed Merging the configuration.Will be automatically rolled back in 600 seconds unless confirmed by newcommit.Commit OK.XorPlus#

Modify the rollback confirmation time

XorPlus# set vlans vlan-id 3XorPlus# commit confirmed 100Merging the configuration.Will be automatically rolled back in 100 seconds unless confirmed by newcommit.Commit OK.XorPlus#


Enabling DHCP

By default, DHCP is enabled on the management interface eth0. You can enable DHCP manually

with the following CLI command:


48

XorPlus# set system management-ethernet eth0 address dhcpXorPlus# comCommit OK.Save done.XorPlus#

Configuring a static IP address and gateway

Configure your management interface eth0 with static IP address.

XorPlus# set system management-ethernet eth0 address 10.10.50.139/24XorPlus# set system management-ethernet eth0 gateway 10.10.50.1XorPlus# commit Commit OK.Save done.

Configure node “interface management-ethernet” has been has been deprecated in version 2.4.


Enabling DHCP relay in a VLAN interface

When you enable DHCP relay in a VLAN interface, the switch will relay the received DHCP request

to the specified DHCP server via routing. Normally, the port connects to a DHCP servertrusted

should be a trusted port. You should configure the port using the option.trust true


49

XorPlus# set vlans vlan-id 2XorPlus# set vlans vlan-id 3XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 3XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set vlans vlan-id 3 l3-interface vlan-3XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set vlan-interface interface vlan-2vif vlan-2 address 192.168.1.1prefix-length 24XorPlus# set vlan-interface interface vlan-3vif vlan-3 address 192.168.2.1prefix-length 24XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set protocols dhcp relay vlan-interface vlan-2 disable falseXorPlus# set protocols dhcp relay vlan-interface vlan-2 dhcp-server-address1192.168.2.100XorPlus# set protocols dhcp snooping port ge-1/1/2 trust trueXorPlus# commitWaiting for merging configuration.Commit OK.Save done.


Option82 is a relay agent used to specify the DHCP client location information. The DHCP

option82 is disabled by default. To enable option82, use the option, then use the disable false

command to set the DHCP port information.circuit-id

Enable DHCP option82

XorPlus# set protocols dhcp option82 disable falseXorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus#

Modify the circuit-id of option82

XorPlus# set protocols dhcp relay port ge-1/1/3 circuit-id v100XorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus#


50


DHCP snooping creates a mapping table which includes the IP address, the MAC address, and the

port number. DHCP snooping is disabled by default. The steps below explain how to enable DHCP

snooping, configure the DHCP snooping binding file, trust port (by default the port is untrusted),

and timeout.

Enable DHCP snooping

XorPlus# set protocols dhcp snooping disable falseXorPlus# commit Commit OK.Save done.XorPlus#

Configure DHCP snooping binding file and timeout

XorPlus# set protocols dhcp snooping binding file /tmp/run/dhcp_bind //syncthe dhcp snooping table to diskXorPlus# set protocols dhcp snooping binding timeout 8XorPlus# comMerging the configuration.Commit OK.Save done.

Configure DHCP snooping trust port

XorPlus# set protocols dhcp snooping port ge-1/1/2 trust true //(DHCP replyis trusted), usually, the port connect to DHCP server should be enable this. XorPlus# commitMerging the configuration.Commit OK.Save done.

Display the DHCP snooping table of host information

XorPlus# run show dhcp snooping Total count: 1MAC Address IP Address Port VLAN ID VLAN Interface ----------------- --------------- --------- ------- --------------- 00:1d:09:fa:a1:b4 192.168.1.10 ge-1/1/1 2 vlan2


There are two types of user accounts: super-user and read-only. The newly created user account,

by default, is read-only.

Creating a user class and password


51

XorPlus# set system login user ychen authentication plain-text-password pica8XorPlus#set system login user ychen class super-userXorPlus# commitCommit OK.Save done.XorPlus#

Configuring a telnet announcement

XorPlus# set system login announcement "welcome the switch-1101"XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#


PicOS supports Authentication/Authorization/Accounting (AAA). A user is authenticated by the

AAA server (referred to as "admin" in our guide) and then can configure the switch. PicOS

supports TACACS+ and RADIUS protocols. RADIUS supports only two levels: read-only and

super-user.

Configure the local switch and server as shown below:

Configuring AAA in the switch

Configure the tacacs enable

XorPlus# set system aaa tacacs-plus disable false XorPlus# set system aaa tacacs-plus key pica8 XorPlus# set system aaa tacacs-plus server-ip 10.10.53.53 XorPlus# commitCommit OK.Save done.XorPlus# set system aaa tacacs-plus authorization trueXorPlus# set system aaa tacacs-plus accounting trueXorPlus# commit

Configure the radius enable


52 1.

XorPlus# set system aaa radius authorization disable falseXorPlus# set system aaa radius authorization server-ip 10.10.50.41 shared-keytesting123XorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus#XorPlus# set system aaa radius accounting disable falseXorPlus# set system aaa radius accounting server-ip 10.10.50.41 shared-keytesting123XorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus#

Displaying AAA information

XorPlus# show system aaa tacacs-plusWaiting for building configuration.authorization: trueaccounting: trueserver-ip 10.10.53.53key: "pica8" XorPlus# show system aaa radius Building the configuration.authorization {disable: falseserver-ip 10.10.50.41 {shared-key: "testing123"}}accounting {disable: falseserver-ip 10.10.50.41 {shared-key: "testing123"}}XorPlus#

Configuring the AAA server

Configure the AAA server configuration file as follows:

Tacacs server configuration:

key = pica8


53

1. Accounting File

accounting file = /var/tmp/acctfile

default authentication = file /etc/passwd

user = admin {

member = admins

}

group = admins {

global = cleartext "password"

service = exec {

default attribute = permit

}

}

user = operator {

global = cleartext "operator"

service = exec {


}

}

user = ychen {

global = cleartext "ychen"

member = admins

service = exec {


}

}

Add "/


54

1.

usr/share/freeradius/dictionary.pica8" to radius server before the configuration.

Radius server configuration:

operator Cleartext-Password := "testing"

Service-Type = Framed-User,

Framed-Protocol = PPP,

Framed-IP-Address = 172.16.3.33,

Framed-IP-Netmask = 255.255.255.0,

Framed-Routing = Broadcast-Listen,

Framed-Filter-Id = "std.ppp",

Framed-MTU = 1500,

Framed-Compression = Van-Jacobsen-TCP-IP,

Class = "read-only"

ychen Cleartext-Password := "testing"

Service-Type = Framed-User,

Framed-Protocol = PPP,

Framed-IP-Address = 172.16.3.33,

Framed-IP-Netmask = 255.255.255.0,

Framed-Routing = Broadcast-Listen,

Framed-Filter-Id = "std.ppp",

Framed-MTU = 1500,

Framed-Compression = Van-Jacobsen-TCP-IP,

Class = "super-user"

Following the configuration above, the admin or operator can access the switch via telnet or

SSH.

Any valid CLI commands executed by the admin or operator will be recorded to the

specified accounting file. In our example above, the accounting file is ./var/tmp/acctfile

Configuring the local log-in

XorPlus# set system aaa local disable trueXorPlus# commitCommit OK.Save done.

In the configuration above, you cannot log in to the switch with a local account.


Configuring the SSH connection limit

XorPlus# set system services ssh protocol-version v2 XorPlus# set system services ssh connection-limit 5XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#


55

Disabling telnet service

XorPlus# set system services telnet disable trueXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Enabling and disabling inband service

By default, SSH and telnet with inband interfaces are disabled. You can enable inband services by

entering the command below:

XorPlus# set system inband enable trueXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#


Configuring the log-in ACL

Configure the ALC to control whether remote hosts within specified subnetworks are allowed to log

in to the system. In our example, remote hosts from both subnetworks that we configured may log

in.

XorPlus# set system login-acl network 192.168.1.0/24XorPlus# set system login-acl network 192.168.100.100/32XorPlus#XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#


Configuring the NTP server IP address

The L2/L3 switch synchronizes with the NTP server only when the configuration commands are

committed using the command. You can change the NTP server's IP address, as showncommit

below:


56

XorPlus# set system ntp-server-ip 192.168.10.100XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring the time zone

Configure the time zone as follows (we selected Pacific/Kosrae for our example):

XorPlus# set system timezone Pacific/KosraeXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring the system clock

XorPlus> set date 2012.01.01-23:59Sun Jan 1 23:59:00 UTC 2012XorPlus>.

The clock will be set in the hardware.


PicOS support that clarify the synchronization between Linux shell and xorp.

when chang the linux-config-unreliable, please commit it firstly, and then set other system settings.Do not commit the linux-config-unreliable and system delta at the same time.

You can choose Bash control or xorp control. By default, xorp control in system. As shown below:

1 Xorp control:

XorPlus# set system linux-config-unreliable trueXorPlus# commitCommit OK.Save done.XorPlus# show system linux-config-unreliable: true services { telnet { disable: false } } log-level: "trace"

2) Bash control:


57

XorPlus# set system linux-config-unreliable falseXorPlus# commitCommit OK.Save done.XorPlus# show system linux-config-unreliable: false log-level: "trace"

When you choose bash control, the system settings should be set in bash, not from xorp,

otherwise the system command should be set in xorp.

For example:

XorPlus# show system linux-config-unreliable: false log-level: "trace"XorPlus# set system hostname pica8XorPlus# commitThe system is managed by linuxCommit failed.XorPlus#

Only the following system commands should always be set in PicOS even system is under bash control:system aaa tacacs-plussystem log-levelsystem log-facility

when changing the system control right from xorp control to Bash control, the xorp configurations related to system willbe removed from configuration tree automatically. When changing from Bash conrtol to xopr control, the configurationrelated to system will be read and added into xorp configuration tree automatically.

Configuring IPFIX

Configuring IPFIX parameters

By default, IPFIX is disabled. You can enable IPFIX and configure its parameters as shown below.

Make sure the switch can connect to the IPFIX collector server correctly.

XorPlus# set protocols ipfix collector 192.168.2.10 udp-port 9999XorPlus# set protocols ipfix interfaces ingress ge-1/1/1XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring sFlow

Globally enabling sFlow


58

By default, sFlow is disabled. You can enable sFlow and configure its' parameters. Verify that the

switch can connect to the sFlow collector server, and configure the sFlow and agent-id

at the same time that you enable sFlow, as shown below:source-address

XorPlus# set protocols sflow disable falseXorPlus# set protocols sflow agent-id 10.10.50.248XorPlus# set protocols sflow source-address 10.10.50.248XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring sFlow parameters

You can configure global parameters for sFlow, including agent-id, collector IP, polling-interval,

sampling-rate, and source-address.

XorPlus# set protocols sflow agent-id 10.10.50.248XorPlus# set protocols sflow collector 10.10.50.221 udp-port 6343XorPlus# set protocols sflow polling-interval 30XorPlus# set protocols sflow sampling-rate ingress 2000XorPlus# set protocols sflow sampling-rate egress 2000XorPlus# set protocols sflow header-len 128XorPlus# set protocols sflow source-address 10.10.50.248XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus# run show sflow sFlow : EnabledAgent ID : 10.10.50.248Source Address : 10.10.50.248Sample rate ingress: 1:2000Sample rate egress : 1:2000Polling interval : 30 secondsHeader Length : 128XorPlus#XorPlus# run show sflow collector Collector address UDP-port No of Samples----------------- -------- -------------10.10.50.221 6343 5336XorPlus#

Configuring sFlow on a specific interface

You can configure sFlow parameters on a specific interface:

In the current version, sFlow samples only the ingress traffic of each interface. You can monitor the

traffic with sFlow Trend as follows:


59

Figure 2-1.sFlowTrendtools.

Configuring SNMP

Configuring SNMP parameters

By default, SNMP is disabled. You can enable SNMP and configure its parameters (e.g.

community, contact, location) as shown below:

XorPlus# set protocols snmp community Pica8-data-centerXorPlus# set protocols snmp community Pica8-data-center authorizationread-onlyXorPlus# set protocols snmp contact [email protected]# set protocols snmp location BeijingXorPlus# set protocols snmp trap-group targets 10.10.1.1XorPlus# set protocols snmp trap-group version v2XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring an SNMP ACL

By default, all hosts can the information of the switch. Configure an SNMP ACL tosnmpwalk

control which hosts within the subnetwork can snmpwalk the switch.


60

XorPlus# set system snmp-acl network 1.1.1.0/24XorPlus# set system snmp-acl network 2.2.2.0/24XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring SNMPset

Users can use "snmpset"(OID1.3.6.1.4.1.35098.2.0.0) to load a configuration and can use

"snmpset"(OID 1.3.6.1.4.1.35098.2.1.0) to delete or load a configuration. However, only set&delete

commands can be included in the command batch (which is OID 1.3.6.1.4.1.35098.2.1.0). Other

commands are invalid and ignored. Note that clearing a dependent configuration is not allowed.

XorPlus# set protocols snmp community private authorization read-writeXorPlus# commit Waiting for merging configuration.Commit OK.Save done.

Examples of snmpset application (using one server):

(a) using snmpset to load a filter configuration

root@dev:~# snmpset -v 2c -c private IP .1.3.6.1.4.1.35098.2.0.0 s"tftp:1.1.5.1:/pica8/acl.conf"iso.3.6.1.4.1.35098.2.0.0 = STRING: "tftp:1.1.5.1:/pica8/acl.conf"

(b) using snmpset to delete a filter configuration

root@dev:~# snmpset -v 2c -c private IP .1.3.6.1.4.1.35098.2.1.0 s"tftp:1.1.5.1:/pica8/delete-acl.conf"iso.3.6.1.4.1.35098.2.0.0 = STRING: "tftp:1.1.5.1:/pica8/delete-acl.conf"


Configuring the syslog level

Listed in order from most severe to least severe; there are five system syslog levels: Fatal, Error,

Warning, Info, and Trace. By default, the system is set to the Warning level. You can, of course,

change the log level.

In the example below, the system logs messages from Info, Warning, Error, and Fatal levels since

the system syslog level is set to Info.


61

XorPlus# set system log-level infoXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus# You can display the log messages on the console screen by entering thefollowing command: XorPlus# exitXorPlus> syslog monitor on If the switch's syslog level is Trace, the trace options of the modulesshould be turned on, as illustrated below. You can also turn on the OSPFtrace options for debugging. XorPlus# set protocols ospf4 traceoptions flag all disable falseXorPlus# set system log-level traceXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus# exitXorPlus> syslog monitor on

Configuring the SNMP logging facility

In accordance with the syslog standard, the logging facility can be configured as [0, 7].

XorPlus# set system log-facility 0XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#Oct 17 15:22:42 XorPlus local0.warn : admin logined the switchOct 17 15:22:50 XorPlus local0.warn pica_sh: Tacacs send acct body sendfailed: wrote -1 of 127: Connection refused XorPlus# set system log-facility 2XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Oct 17 15:22:42 XorPlus local2.warn : admin logined the switch


Configuring the syslog host

After you configure the syslog server IP address, the log files will be sent to the syslog server.


62

XorPlus# set system syslog server-ip 192.168.1.1 ?Possible completions: <[Enter]> Execute this command port Remote syslog server port protocol Remote syslog server protocolXorPlus# set system syslog server-ip 192.168.1.1 protocol tcpXorPlus# commit Commit OK.Save done.XorPlus#

Configure node "system syslog host", "system syslog port-number" and "system syslog port-protocol" have beendeprecated in version 2.4.

Configuring syslog for local storage

You can configure syslog messages to be stored in RAM or in a local SD card.

XorPlus# set system syslog local-file diskXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set system syslog local-file ramXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#


You can separate the system's PicOS Platform and PicOS Software and update them respectively.

Generally, rootfs.tar.gz will include both the PicOS Platform and PicOS Software, and pica.tar.gz

will include only the PicOS Software.

Displaying the system version

XorPlus# run show version Copyright (C) 2009-2013 Pica8, Inc.Base ethernet MAC Address : 08:9e:01:61:65:80Hardware model : P-3290PicOS Version : 2.2Revision ID : 10863

Updating the PicOS Software

Step1: Get the pica image and md5 file. (Then modify the md5 file's file name according to

)pica.tar.gz


63

XorPlus> file tftp get remote-file pica_bin.tar.gz local-file pica.tar.gzip-address 1.1.5.6Start to get the 'picos.tar.gz' to '/cftmp/rootfs.tar.gz'.Waiting......Done!XorPlus> file tftp get remote-file pica_bin.tar.gz.md5 local-filepica.tar.gz.md5 ip-address 1.1.5.6Start to get the 'pica_bin.tar.gz.md5' to '/cftmp/pica.tar.gz.md5'.Waiting......Done!XorPlus>

Step2:Reboot the switch.

XorPlus# run request system reboot

The image will be placed under the local installation directory ( ). The system will/cftmp

decompress pica.tar.gz automatically when rebooted, updating only the PicOS Software.

Updating the PicOS Platform

Step1:Get the image and md5 file . (Then modify the md5 file's file name according to

)rootfs.tar.gz

XorPlus> file tftp get remote-file picos.tar.gz local-file rootfs.tar.gzip-address 1.1.5.6Start to get the 'picos.tar.gz' to '/cftmp/rootfs.tar.gz'.Waiting......Done!XorPlus> file tftp get remote-file picos.tar.gz.md5 local-filerootfs.tar.gz.md5 ip-address 1.1.5.6Start to get the 'picos.tar.gz.md5' to '/cftmp/rootfs.tar.gz.md5'.Waiting......Done!XorPlus>

Step2:Reboot the switch.(Best to back up configuration file" "/pica/config/pica_startup.bootto directory to avoiding missing file before rebooting)/cftmp


The image will be placed under the local installation directory ( ). The system will/cftmp

decompress automatically when rebooted, updating both the PicOS Platform androotfs.tar.gz

PicOS Software. In version 2.2 , we support using shell script to upgrade. (Please consult

picos-2.2.0-image-upgrade-guide)


You can display your system's information, including fan, power supply unit, and serial number

information.


64

Displaying the system fan

XorPlus>show system fan Sensor Temperature:Sensor 1 Temperature : 42 CentigradeSensor 2 Temperature : 39 CentigradeSensor 3 Temperature : 46 CentigradeSensor 4 Temperature : 33 CentigradeFan Status:Fan 1 speed = 12529 RPM, PWM = 79Fan 2 speed = 12413 RPM, PWM = 79Fan 3 speed = 12300 RPM, PWM = 79

Displaying the system power supply unit

XorPlus> show system rpsu RPSU 1:TEMPERATURE_1 : N/ARPSU 2:TEMPERATURE_1 : 38.00 CentigradeTEMPERATURE_2 : 40.00 CentigradeFAN_SPEED : 10784.0 RPMFAN_PWM : 60

Displaying the system serial number

XorPlus> show system serial-number MotherBoard Serial Number : QTFCXI2460009RPSU 1 Serial Number : N/ARPSU 2 Serial Number : 601G10103C370ZGSFP te-1/1/49 :Vendor Name : PICA8 Serial Number : 78613B10987 Module Type : SR/850nmCable Length : 80mSFP te-1/1/50 :Vendor Name : JESS-LINK Serial Number : 12344D0001 Cable Length : 5mSFP te-1/1/51 :Vendor Name : DELTA Serial Number : 084109000017 Module Type : SR/850nmCable Length : 80mSFP te-1/1/52 :Vendor Name : JESS-LINK Serial Number : 12344D0002 Cable Length : 5m

Displaying additional system information

XorPlus# run show system temperature Temperature: 39 C /102FXorPlus#


65

XorPlus# run show system uptime 01:21:33 up 50 min, load average: 0.04, 0.06, 0.07XorPlus#XorPlus# run show system cpu-usage Cpu usage: 15%XorPlus#XorPlus# run show system dateMon Jan 13 18:11:04 UTC 2014XorPlus# XorPlus# run show system memory-usage total used free shared buffers cachedMem: 515808 185468 330340 0 10320 68312-/+ buffers/cache: 106836 408972Swap: 0 0 0XorPlus# XorPlus# run show system name XorPlusXorPlus#XorPlus# run show system ntp-status Please start the ntp server first!XorPlus#XorPlus# run show system osLinux XorPlus 2.6.27 #1 Thu Feb 13 00:42:23 CST 2014 ppc GNU/LinuxXorPlus# run show system processes brief PID TTY STAT TIME COMMAND1 ? Ss 0:01 init [2] 2 ? S< 0:00 [kthreadd]3 ? S< 0:00 [ksoftirqd/0]4 ? S< 0:00 [watchdog/0]5 ? S< 0:02 [events/0]6 ? S< 0:00 [khelper]48 ? S< 0:00 [kblockd/0]55 ? S< 0:00 [ata/0]56 ? S< 0:00 [ata_aux]58 ? S< 0:00 [kseriod]99 ? S 0:00 [pdflush]101 ? S< 0:00 [kswapd0]147 ? S< 0:00 [aio/0]156 ? S< 0:00 [nfsiod]831 ? S< 0:00 [ftld]853 ? S< 0:00 [rpciod/0]857 ? S< 0:00 [kjournald]2222 ? S 0:00 [pdflush]2356 ? Ss 0:00 /usr/sbin/cron -L 02387 ? Ss 0:00 /usr/sbin/xinetd -pidfile /var/run/xinetd.pid -stayalive-inetd_compat -inetd_ipv62501 ? S 0:03 pica_cardmgr2503 ? S 0:59 pica_sif2649 ? S 0:05 pica_lacp2664 ? Ss 0:00 dhclient -pf /run/dhclient.eth0.pid -lf/var/lib/dhcp/dhclient.eth0.leases eth02666 ? Sl 18:06 pica_lcmgr2672 ? S 0:04 pica_login3166 ? Sl 0:00 /usr/sbin/rsyslogd -c53457 ? S 0:35 pica_mstp3462 ? S 0:02 xorp_policy3464 ? Ss 1:03 /pica/bin/xorp_rtrmgr -d -L local0.info -P/var/run/xorp_rtrmgr.pid3500 tty1 Ss+ 0:00 /sbin/getty 38400 tty13507 tty2 Ss+ 0:00 /sbin/getty 38400 tty23508 tty3 Ss+ 0:00 /sbin/getty 38400 tty33761 ttyS0 Ss+ 0:00 /sbin/getty -s -L ttyS0 115200 ansi4050 ? S 0:57 ovs-vswitchd


66

4422 ? Ss 0:00 in.telnetd: 10.10.50.164423 pts/0 Ss 0:00 login -h 10.10.50.16 -p4424 pts/0 S+ 0:00 -bash4434 pts/0 S+ 0:03 /pica/bin/pica_sh6451 ? Ss 0:00 in.telnetd: 10.10.50.186452 pts/1 Ss 0:00 login -h 10.10.50.18 -p6460 pts/1 S+ 0:00 -bash6469 pts/1 R+ 0:03 /pica/bin/pica_sh15113 pts/1 R 0:00 ps aXorPlus# run show system rollback ?Possible completions:compare Show the difference between tow rolled back configurationsfile Show rolled back configuration filelist Show rolled back file listXorPlus# run show system rollback compare to 023c3< /Last commit : Mon Jan 13 14:13:01 2014 by admin/—> /Last commit : Mon Jan 13 14:11:54 2014 by admin/83,86d82< crossflow {< enable: true< local-control: true< }95,98d90< crossflow {< enable: true< local-control: true< }510,514d501< controller 1 {< protocol: "tcp"< address: 10.10.50.47< port: 6633< }XorPlus#XorPlus# run show system rollback file 02/XORP Configuration File, v1.0//* Copyright (C) 2009-2013 Pica8, Inc.*//Last commit : Mon Jan 13 14:11:54 2014 by admin//PicOS Version : 2.2//Version Checksum: 24226776f6bc5622030e3b7959d612bf/interface {ecmp {max-path: 4hash-mapping {field {ingress-interface {disable: true}vlan {disable: true}ip-protocol {disable: true}ip-source {disable: false}ip-destination {disable: false}port-source {


67

disable: false}port-destination {disable: false}}}}aggregate-balancing {.....................................................................XorPlus# run show system rollback list -rw-rw-r-- 1 root xorp 23478 Jul 7 22:55 /pica/config/pica.conf-rw-rw-r-- 1 root xorp 23595 Jul 7 22:28 /pica/config/pica.conf.01-rw-rw-r-- 1 admin xorp 23595 Jul 7 22:27 /pica/config/pica.conf.02-rw-rw-r-- 1 root xorp 23595 Jul 7 22:26 /pica/config/pica.conf.03XorPlus# run show system users admin pts/0 Jan 13 14:19 (10.10.50.16)admin pts/1 Jan 13 15:03 (10.10.50.18)XorPlus#XorPlus# run show system core-dumps total 0XorPlus#XorPlus# run show system connections Active Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address State User Inode tcp 0 0 127.0.0.1:49152 0.0.0.0:* LISTEN 0 6787 tcp 0 0 127.0.0.1:60833 0.0.0.0:* LISTEN 0 5715 tcp 0 0 127.0.0.1:51714 0.0.0.0:* LISTEN 11 31043 tcp 0 0 127.0.0.1:42179 0.0.0.0:* LISTEN 0 6789 tcp 0 0 127.0.0.1:56484 0.0.0.0:* LISTEN 0 5711 tcp 0 0 127.0.0.1:51044 0.0.0.0:* LISTEN 0 5705 tcp 0 0 127.0.0.1:40421 0.0.0.0:* LISTEN 0 6764 tcp 0 0 127.0.0.1:56263 0.0.0.0:* LISTEN 0 6822 XorPlus# run show system boot-messages Copyright (c) 2009-2014 Pica8 Inc. All rights reserved.Up time: 18:19:41 revision: 2.6.27 Using MPC85xx CDS machine descriptionMemory CAM mapping: CAM0=256Mb, CAM1=256Mb, CAM2=0Mb residual: 0MbLinux version 2.6.27 (root@dev-16-new) (gcc version 4.2.2) #1 Thu Feb 1300:42:23 CST 2014Found legacy serial port 0 for /soc8541@e0000000/serial@4500mem=e0004500, taddr=e0004500, irq=0, clk=330000000, speed=0Found legacy serial port 1 for /soc8541@e0000000/serial@4600mem=e0004600, taddr=e0004600, irq=0, clk=330000000, speed=0

Technical Support

Execute the diagnostic command, , to send the information to Pica8 Supportsshow tech_support

and receive a diagnostic report back from Pica8 technical support.

Executing the diagnostic command


68

XorPlus> show tech_support Start...... Item 1: Display system version finished!Item 2: Display system interface finished!Item 3: Display system configuration finished!Item 4: Display system config files finished!Item 5: Display system process finished!Item 6: Display system fdb table finished!Item 7: Display system fdb entries finished!Item 8: Display system ospf neighbors finished!Item 9: Display system ospf interfaces finished!Item 10: Display system route table finished!Item 11: Get error event from log!Item 12: Display system hard-route table finished!Item 13: Display system hard-route for host finished!Item 14: Dispaly system spanning tree interfaces finished!Item 15: Dispaly system spanning tree bridge finished!Item 16: Display system vlans table finished!Item 17: Display system vlan-interfaces finished!Item 18: Display system core-dump finished!Item 19: Display system uptime finished!Item 20: Display system arp table finished! The information has been stored in /tmp/XorPlus-201307052220-techSupport.log,please forward to [email protected]>


You can manually flush the ARP entry and the IPv6 neighbor table.

Flushing the ARP entry

XorPlus> flush arp allXorPlus> flush arp ip-address 192.168.1.1


Reboot the system as follows:

Rebooting the system


69

XorPlus>request system reboot U-Boot 1.3.0 (Apr 11 2011 - 10:41:10) CPU: 8541, Version: 1.1, (0x80720011)Core: E500, Version: 2.0, (0x80200020)Clock Configuration:CPU: 825 MHz, CCB: 330 MHz,DDR: 165 MHz, LBC: 41 MHzL1: D-cache 32 kB enabledI-cache 32 kB enabledI2C: readyDRAM: InitializingDDR: 512 MBFLASH: 32 MBL2 cache 256KB: enabledSet ethaddr MAC address = 60:eb:69:d2:9c:d8In: serialOut: serialErr: serialNet: TSEC0IDE: Bus 0: OK Device 0: Model: TRANSCEND Firm: 20091130 Ser#: 20100723 C4130E83Type: Hard DiskCapacity: 1911.6 MB = 1.8 GB (3915072 x 512)


You can configure the debugging message in your current window.

Syslog monitor on

XorPlus> syslog monitor on Nov 21 2000 22:27:39 XorPlus local0.warn : [SIF]Interface ge-1/1/3, changedstate to upNov 21 2000 22:27:41 XorPlus local0.warn : root logined the switchNov 21 2000 22:41:18 XorPlus local0.info xinetd[1102]: START: telnet pid=7650from=10.10.50.16Nov 21 2000 22:41:23 XorPlus authpriv.debug login[7651]:pam_unix(login:account): account admin has password changed in futureNov 21 2000 22:41:26 XorPlus local0.warn : admin logined the switchNov 21 2000 22:55:58 XorPlus local0.info xinetd[1102]: START: telnet pid=8039from=10.10.51.16Nov 21 2000 22:56:01 XorPlus authpriv.debug login[8040]:pam_unix(login:account): account root has password changed in futureNov 21 2000 23:31:13 XorPlus local0.info xinetd[1102]: START: telnet pid=9028from=10.10.50.16Nov 21 2000 23:31:16 XorPlus authpriv.debug login[9029]:pam_unix(login:account): account admin has password changed in futureNov 21 2000 23:31:21 XorPlus local0.warn : admin logined the switchXorPlus>


cls

commit


70

delete interface management-ethernet eth0 address

delete interface management-ethernet eth0 gateway

delete system aaa local disable

delete system aaa radius accounting disable

delete system aaa radius authorization disable

delete system aaa tacacs-plus accounting

delete system aaa tacacs-plus auth-type

delete system aaa tacacs-plus authorization

delete system aaa tacacs-plus disable

delete system aaa tacacs-plus key

delete system aaa tacacs-plus port-number

delete system hostname

delete system inband enable

delete system log-facility

delete system log-level

delete system login announcement

delete system login user admin authentication plain-text-password

delete system login user admin class

delete system login user operator authentication plain-text-password

delete system login user operator class

delete system login user root authentication plain-text-password

delete system login user root class

delete system services ssh connection-limit

delete system services ssh disable

delete system services ssh rate-limit

delete system services ssh root-login

delete system services telnet connection-limit

delete system services telnet disable

delete system services telnet rate-limit

delete system syslog host

delete system syslog local-file

delete system syslog port-number

delete system syslog port-protocol

exit configuration-mode

exit discard

help apply

help commit

help create

help delete

help execute

help exit configuration-mode

help exit discard

help help

help load

help quit


71

help rollback

help run

help save

help set

help show all

help status

help top

help up

quit

run clear log bozo

run clear log all

run request system reboot

run set cli idle-timeout <int>

run set cli terminal ansi

run set cli terminal linux

run set cli terminal vt100

run set cli terminal xterm

run set date bozo

run set management-ethernet-speed eth0 <auto>|<int>

run show all_config

run show cli history

run show log date bozo

run show log last-rows <int>

run show running_config

run show system boot-messages

run show system connections

run show system core-dumps

run show system cpu-usage

run show system date

run show system fan

run show system memory-usage

run show system name

run show system ntp-status

run show system os

run show system processes brief

run show system processes detail

run show system rollback compare to <int>

run show system rollback file <int>

run show system rollback list

run show system rpsu

run show system serial-number

run show system temperature

run show system uptime

run show system users

run show task


72

run show tech_support

run show version

run start shell sh

run syslog monitor off

run syslog monitor on

run telnet <ip-address>

set interface management-ethernet eth0 address <ip-address/netmask>

set interface management-ethernet eth0 gateway <ip-address>

set protocols dhcp option82 disable true

set protocols dhcp relay port bozo circuit-id bozo

set protocols dhcp relay vlan-interface bozo dhcp-server-address1 <ip-address>




set protocols dhcp relay vlan-interface bozo disable true

set protocols dhcp snooping binding file bozo

set protocols dhcp snooping binding timeout <int>

set protocols dhcp snooping disable true

set protocols dhcp snooping port bozo trust true

set protocols dhcp traceoptions flag all disable trueset protocols igmp disable true

set protocols sflow agent-id <ip-address>

set protocols sflow collector <ip-address> udp-port <int>

set protocols sflow disable true

set protocols sflow header-len <int>

set protocols sflow interface bozo disable true

set protocols sflow interface bozo header-len <int>

set protocols sflow interface bozo polling-interval <int>

set protocols sflow interface bozo sampling-rate egress <int>

set protocols sflow interface bozo sampling-rate ingress <int>

set protocols sflow polling-interval <int>

set protocols sflow sampling-rate egress <int>

set protocols sflow sampling-rate ingress <int>

set protocols sflow source-address <ip-address>

set protocols sflow traceoptions flag all disable true

set protocols snmp community bozo authorization read-only

set protocols snmp community bozo authorization read-write

set protocols snmp community bozo clients <ip-address>

set protocols snmp contact bozo

set protocols snmp location bozo

set protocols snmp traceoptions flag all disable true

set protocols snmp traceoptions flag general disable true

set protocols snmp traceoptions flag pdu disable true

set protocols snmp trap-group targets <ip-address>

set protocols snmp trap-group version v1

set protocols snmp trap-group version v2set protocols spanning-tree enable true


73

set system aaa local disable true

set system aaa radius accounting disable true

set system aaa radius accounting server-ip <ip-address> port <int>

set system aaa radius accounting server-ip <ip-address> shared-key bozo

set system aaa radius accounting server-ip <ip-address> timeout <int>

set system aaa radius authorization disable true

set system aaa radius authorization server-ip <ip-address> port <int>

set system aaa radius authorization server-ip <ip-address> shared-key bozo

set system aaa radius authorization server-ip <ip-address> timeout <int>

set system aaa tacacs-plus accounting true

set system aaa tacacs-plus auth-type ascii

set system aaa tacacs-plus auth-type chap

set system aaa tacacs-plus auth-type pap

set system aaa tacacs-plus authorization true

set system aaa tacacs-plus disable true

set system aaa tacacs-plus key bozo

set system aaa tacacs-plus port-number <int>

set system aaa tacacs-plus server-ip <ip-address>

set system hostname bozo

set system inband enable true

set system log-facility <int>

set system log-level error

set system log-level fatal

set system log-level info

set system log-level trace

set system log-level warning

set system login announcement bozo

set system login user bozo authentication plain-text-password bozo

set system login user bozo class read-only

set system login user bozo class super-user

set system login user admin authentication plain-text-password bozo

set system login user admin class read-only

set system login user admin class super-user

set system login user operator authentication plain-text-password bozo

set system login user operator class read-only

set system login user operator class super-user

set system login user root authentication plain-text-password bozo

set system login user root class read-only

set system login user root class super-user

set system login-acl network <ip-address/netmask>

set system login-acl network <ipv6-address/netmask>

set system ntp-server-ip <ip-address>

set system remote-config allow-client <ip-address/netmask>

set system services ssh connection-limit <int>

set system services ssh disable true


74

set system services ssh protocol-version v2

set system services ssh rate-limit <int>

set system services ssh root-login allow

set system services ssh root-login deny

set system services telnet connection-limit <int>

set system services telnet disable true

set system services telnet rate-limit <int>

set system snmp-acl network <ip-address/netmask>

set system syslog host <ip-address>

set system syslog local-file disk

set system syslog local-file ram

set system syslog port-number <int>

set system syslog port-protocol tcp

set system syslog port-protocol udp

show all interface management-ethernet eth0

show all system aaa local

show all system aaa radius accounting

show all system aaa radius authorization

show all system aaa tacacs-plus

show all system inband

show all system login user admin authentication

show all system login user operator authentication

show all system login user root authentication

show all system services ssh

show all system services telnet

show all system syslog

show interface management-ethernet eth0

show system aaa local

show system aaa radius accounting

show system aaa radius authorization

show system aaa tacacs-plus

show system inband

show system login user admin authentication

show system login user operator authentication

show system login user root authentication

show system services ssh

show system services telnet

show system syslog

status

top


75

File Management Configuration

This chapter describes the configuration files and how to save, rollback, and manage them.

With our provided scripts, you can configure multiple switches from a centralized management

server.







Bash "linux shell"

Upgrade




You can copy, delete, or rename any configuration files in the system, but do delete the systemnot

files.

Listing directory files

You can display the files of a specified directory:


76

XorPlus> file list /drwxr-xr-x 2 root xorp 4096 Sep 25 00:54 bindrwxr-xr-x 2 root xorp 4096 Sep 24 06:21 bootdrwxr-xr-x 2 root xorp 4096 Sep 23 17:05 cftmp-rwxr-xr-x 1 root xorp 40559 Sep 23 17:05 config.bcmdrwxr-xr-x 4 root root 4096 Sep 25 00:54 devdrwxr-xr-x 7 root xorp 4096 Sep 25 00:55 etcdrwxr-xr-x 4 root xorp 4096 Sep 24 06:21 liblrwxrwxrwx 1 root root 11 Sep 24 06:21 linuxrc -> bin/busyboxdrwxr-xr-x 5 root xorp 4096 Sep 24 06:21 mntdrwxr-xr-x 2 root xorp 4096 Sep 23 17:05 optdrwxr-xr-x 5 root xorp 4096 Sep 24 06:21 ovsdrwxr-xr-x 14 root xorp 4096 Sep 24 06:23 picadr-xr-xr-x 52 root root 0 Jan 1 1970 proc-rwxr-xr-x 1 root xorp 59012 Sep 23 17:05 rc.socdrwxr-xr-x 2 root xorp 4096 Sep 24 06:21 sbindrwxr-xr-x 11 root root 0 Jan 1 1970 sysdrwxrwxrwx 8 root xorp 1024 Sep 25 00:55 tmpdrwxr-xr-x 7 root xorp 4096 Sep 24 06:22 usrdrwxr-xr-x 7 root xorp 4096 Sep 24 06:23 varXorPlus> file list /tmpdrwxrwxr-x 5 root xorp 1024 Sep 25 00:54 homedrwxrwxr-x 2 root xorp 1024 Sep 25 00:54 logdrwx------ 2 root root 12288 Sep 25 00:54 lost+founddrwxrwxr-x 3 root xorp 1024 Sep 25 00:55 rundrwxrwxr-x 2 root xorp 1024 Sep 25 00:54 snmpdrwxrwxr-x 2 root xorp 1024 Sep 25 00:56 system

Displaying file contents

Display the contents of a specified file:


77

-- 1 root root 410 Sep 24 06:23 boot.lst-rw-rw-r-- 1 root xorp 16006 Sep 24 07:44 pica.conf-rw-rw-r-- 1 root xorp 16003 Sep 24 07:22 pica.conf.01-rw-rw-r-- 1 root xorp 15826 Sep 24 07:19 pica.conf.02-rw-rw-r--1 root xorp 15536 Sep 24 07:18 pica.conf.03-rw-rw-r-- 1 root xorp 15915 Sep 24 07:18 pica.conf.04-rw-rw-r-- 1 root xorp 15567 Sep 24 07:09 pica.conf.05-rw-rw-r-- 1 root xorp 15188 Sep 24 06:44 pica.conf.06-rw-rw-r-- 1 root xorp 14953 Sep 24 06:35 pica.conf.07drwxrwxrwx 2 root root 4096 Sep 24 06:25 rootXorPlus> file show /pica/config/pica.conf/*XORP Configuration File, v1.0*/interface {ecmp {max-path: 4hash-mapping {field {ingress-interface {disable: false}vlan {disable: false}ip-protocol {disable: false}ip-source {disable: false}ip-destination {disable: false}port-source {disable: false}port-destination {disable: false}}}}

Additional file management commands

You can also copy, archive, and checksum, compare, rename, and sync files.

XorPlus> file list /pica/config


78

-rw-r--r-- 1 root root 410 Sep 24 06:23 boot.lst-rw-rw-r-- 1 root xorp 16006 Sep 24 07:44 pica.conf-rw-rw-r-- 1 root xorp 16003 Sep 24 07:22 pica.conf.01-rw-rw-r-- 1 root xorp 15826 Sep 24 07:19 pica.conf.02-rw-rw-r-- 1 root xorp 15536 Sep 24 07:18 pica.conf.03-rw-rw-r-- 1 root xorp 15915 Sep 24 07:18 pica.conf.04-rw-rw-r-- 1 root xorp 15567 Sep 24 07:09 pica.conf.05-rw-rw-r-- 1 root xorp 15188 Sep 24 06:44 pica.conf.06-rw-rw-r-- 1 root xorp 14953 Sep 24 06:35 pica.conf.07drwxrwxrwx 2 root root 4096 Sep 24 06:25 rootXorPlus> file copy /pica/config/pica.conf Possible completions:<destination-file> Copy files to and from the routerXorPlus> file copy /pica/config/pica.conf /pica/config/ychen.confXorPlus> file list /pica/config-rw-r--r-- 1 root root 410 Sep 24 06:23 boot.lst-rw-rw-r-- 1 root xorp 16006 Sep 24 07:44 pica.conf-rw-rw-r-- 1 root xorp 16003 Sep 24 07:22 pica.conf.01-rw-rw-r-- 1 root xorp 15826 Sep 24 07:19 pica.conf.02-rw-rw-r-- 1 root xorp 15536 Sep 24 07:18 pica.conf.03-rw-rw-r-- 1 root xorp 15915 Sep 24 07:18 pica.conf.04-rw-rw-r-- 1 root xorp 15567 Sep 24 07:09 pica.conf.05-rw-rw-r-- 1 root xorp 15188 Sep 24 06:44 pica.conf.06-rw-rw-r-- 1 root xorp 14953 Sep 24 06:35 pica.conf.07drwxrwxrwx 2 root root 4096 Sep 24 06:25 root-rw-rw-r-- 1 root root 16006 Sep 25 02:22 ychen.confXorPlus>XorPlus> file rename /pica/config/ychen.conf /pica/config/ychen-1.confXorPlus> file list /pica/config-rw-r--r-- 1 root root 410 Sep 24 06:23 boot.lst-rw-rw-r-- 1 root xorp 16006 Sep 24 07:44 pica.conf-rw-rw-r-- 1 root xorp 16003 Sep 24 07:22 pica.conf.01-rw-rw-r-- 1 root xorp 15826 Sep 24 07:19 pica.conf.02-rw-rw-r-- 1 root xorp 15536 Sep 24 07:18 pica.conf.03-rw-rw-r-- 1 root xorp 15915 Sep 24 07:18 pica.conf.04-rw-rw-r-- 1 root xorp 15567 Sep 24 07:09 pica.conf.05-rw-rw-r-- 1 root xorp 15188 Sep 24 06:44 pica.conf.06-rw-rw-r-- 1 root xorp 14953 Sep 24 06:35 pica.conf.07drwxrwxrwx 2 root root 4096 Sep 24 06:25 root-rw-rw-r-- 1 root root 16006 Sep 25 02:22 ychen-1.confXorPlus>XorPlus> file checksum /pica/config/ychen-1.conf3559192236 16006 /pica/config/ychen-1.confXorPlus>XorPlus> file syncXorPlus>XorPlus> file compare /pica/config/pica.conf /pica/config/pica.conf.01XorPlus> file compare /pica/config/pica.conf /pica/config/pica.conf.013c3< /*Last commit : Mon Jan 13 14:13:01 2014 by admin*/---> /*Last commit : Mon Jan 13 14:12:26 2014 by admin*/510,514d509< controller 1 {< protocol: "tcp"< address: 10.10.50.47< port: 6633< }


79

Additional file function to changing directory

You can change the current directory, its function like "pwd" or "cd".

XorPlus> file cwd Current working directory: /tmp/home/admin XorPlus>XorPlus> file cwd /pica/configXorPlus> file cwd Current working directory: /pica/config XorPlus>


In L2/L3, you can display your non-default configuration with the commands. The commandshow

of " " can display the current configuration's default value. If you want to know the defaultshow all

configuration, you can view the pica_default.boot file. The command of " "show running-config

can show the configuration active on the system.

XorPlus# show vlans {vlan-id 200 {}}XorPlus#XorPlus# show allvlans {vlan-id 200 {description: ""vlan-name: "default"l3-interface: ""}}

XorPlus> show running-config vlans { vlan-id 200 { } }


This command can display which your configuration have set and which you will "set".

XorPlus# show | display setset interface ethernet-switching-options analyzer test input ingress ge-1/1/2set interface ethernet-switching-options analyzer test input egress ge-1/1/2set interface ethernet-switching-options analyzer test output "ge-1/1/3"


80

XorPlus# show | display set set vlans vlan-id 11 set vlans vlan-id 22XorPlus# XorPlus# set vlans vlan-id 33XorPlus# set vlans vlan-id 44XorPlus# set vlans vlan-id 55XorPlus# show | display set set vlans vlan-id 11 set vlans vlan-id 22> set vlans vlan-id 33> set vlans vlan-id 44> set vlans vlan-id 55XorPlus# comMerging the configuration.Commit OK.Save done.# show | display set set vlans vlan-id 11 set vlans vlan-id 22 set vlans vlan-id 33 set vlans vlan-id 44 set vlans vlan-id 55XorPlus#


Each time you commit a configuration in L2/L3, a rollback configuration file is created. For

example, if you commit the configuration 10 times, then ~ is created. Youpica.conf.01 pica.conf.10

can rollback to any one of these configurations when necessary.

The maximum rollback file is limited to 50. The current configuration is located in .pica.conf

XorPlus# rollback 1XorPlus# Loading config file...Config file was loaded successfully.XorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus#

Displaying the different between the current config with destination config file

XorPlus# show | compare rollback 2 [edit vlans]----------------------------------------------------------------------------------------+vlan-id3 {+}XorPlus#


81


You can display, copy, delete, rename, or compare the configuration files as shown below.

. The fileRecover your Current Configuration to the Default Configuration pica_startup.bootdenotes the startup and default configuration file. In current version, you should delete the

file and then rebooting, After restarting, it will recover to the defaultpica_startup.bootconfiguration

XorPlus# run file delete /pica/config/pica_startup.bootXorPlus# run request system reboot

denotes the current configuration file.pica.conf


82

XorPlus> file list pica/config-rw-r-r-- 1 root root 344 Apr 1 02:27 boot.lst-rw-rw-r-- 1 root xorp 10750 Apr 9 09:20 pica.conf-rw-rw-r-- 1 root xorp 10749 Apr 9 09:17 pica.conf.01-rw-rw-r-- 1 root xorp 10619 Apr 9 09:15 pica.conf.02-rw-rw-r-- 1 root xorp 10023 Apr 9 08:56 pica.conf.03-rw-rw-r-- 1 root xorp 9902 Apr 9 08:56 pica.conf.04-rw-rw-r-- 1 root xorp 10238 Apr 9 08:43 pica.conf.05-rw-rw-r-- 1 root xorp 10057 Apr 9 08:43 pica.conf.06-rw-rw-r-- 1 root xorp 11796 Apr 9 08:37 pica.conf.07-rw-rw-r-- 1 root xorp 11796 Apr 9 07:05 pica.conf.08-rw-rw-r-- 1 root xorp 11364 Apr 9 07:02 pica.conf.09-rw-rw-r-- 1 root xorp 10057 Apr 9 07:02 pica.conf.10-rw-rw-r-- 1 root xorp 9625 Apr 9 07:02 pica.conf.11-rw-rw-r-- 1 root xorp 9322 Apr 9 07:02 pica.conf.12-rw-rw-r-- 1 root xorp 10599 Apr 9 06:34 pica.conf.13-rw-rw-r-- 1 root xorp 9947 Apr 9 06:34 pica.conf.14-rw-rw-r-- 1 root xorp 9947 Apr 9 06:34 pica.conf.15-rw-rw-r-- 1 root xorp 9848 Apr 9 06:34 pica.conf.16-rw-rw-r-- 1 root xorp 9947 Apr 9 06:34 pica.conf.17-rw-rw-r-- 1 root xorp 10599 Apr 9 06:33 pica.conf.18-rw-rw-r-- 1 root xorp 9912 Apr 9 06:33 pica.conf.19-rw-rw-r-- 1 root xorp 9702 Apr 9 06:33 pica.conf.20-rw-rw-r-- 1 root xorp 10604 Apr 8 07:47 pica.conf.21-rw-rw-r-- 1 root xorp 10402 Apr 8 07:47 pica.conf.22-rw-rw-r-- 1 root xorp 10402 Apr 8 07:27 pica.conf.23-rw-rw-r-- 1 root xorp 10390 Apr 8 06:47 pica.conf.24-rw-rw-r-- 1 root xorp 10392 Apr 8 06:32 pica.conf.25-rw-rw-r-- 1 root xorp 10023 Apr 8 06:25 pica.conf.26-rw-rw-r-- 1 root xorp 10024 Apr 8 06:08 pica.conf.27-rw-rw-r-- 1 root xorp 10305 Apr 8 03:27 pica.conf.28-rw-rw-r-- 1 root xorp 9774 Apr 8 03:21 pica.conf.29-rw-rw-r-- 1 root xorp 9958 Apr 8 03:20 pica.conf.30-rw-rw-r-- 1 root xorp 9854 Apr 8 03:16 pica.conf.31-rw-rw-r-- 1 root xorp 9567 Apr 8 03:08 pica.conf.32-rw-rw-r-- 1 root xorp 9498 Apr 8 02:57 pica.conf.33-rw-rw-r-- 1 root xorp 9257 Apr 7 10:52 pica.conf.34-rw-rw-r-- 1 root xorp 9073 Apr 7 10:52 pica.conf.35-rw-rw-r-- 1 root xorp 9311 Apr 7 10:46 pica.conf.36-rw-rw-r-- 1 root xorp 9149 Apr 7 10:45 pica.conf.37-rw-rw-r-- 1 root xorp 10750 Apr 9 09:32 pica_startup.bootdrwxrwxrwx 2 root root 4096 Apr 1 02:28 rootXorPlus>XorPlus> file compare /pica/config/pica.conf /pica/config/pica.conf.013c3< /*Last commit : Mon Jan 13 14:13:01 2014 by admin*/---> /*Last commit : Mon Jan 13 14:12:26 2014 by admin*/510,514d509< controller 1 {< protocol: "tcp"< address: 10.10.50.47< port: 6633< }XorPlus>


83


You can the current configuration to a file and load or apply it later. You can save loadoverrideonly a complete configuration file as your new configuration file; however, you can anload mergeincomplete configuration file to your current running configuration. Use the command toexecuteload the configuration. Note that only set, delete and commit commands are included in the

command batch. Other commands are invalid and therefore ignored.

XorPlus# save ychen.confSave done.XorPlus# load override ychen.configPossible completions:<text> Local file nameychen.conf Size: 10750, Last changed: Sat Apr 9 09:52:11 2011 XorPlus# load override ychen.conf XorPlus# Loading config file...Config file was loaded successfully.XorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus#XorPlus# load merge ychen.configPossible completions:<text> Local file nameychen.conf Size: 10750, Last changed: Sat Apr 9 09:52:11 2011 XorPlus# Applying config file...Config file was applied successfully.XorPlus# commit Commit OK.Save done.XorPlus#XorPlus# execute ?Possible completions:<text> Local file nameYchen1.conf Size: 10750, Last changed: Sat Apr 9 09:52:11 2011XorPlus# execute ychen1.conf Waiting for merging configuration.Commit OK.Save done.XorPlus#

The file of ychen.conf content like this:


84

firewall {filter f33 {sequence 1 {from {destination-mac-address: 22:22:22:22:22:22}then {action: "forward"}}input {interface "ge-1/1/1"}}}

The file of ychen1.conf content like this:

delete firewall filter f33commit

Bash "linux shell"

You can execute Linux commands in the PicOS CLI. e.g. display the process of system, create directory, or commands added by other third party software.

XorPlus# run bash "ps" PID TTY TIME CMD5289 ttyS0 00:00:00 bash5301 ttyS0 00:00:03 pica_sh7725 ttyS0 00:00:00 psXorPlus# run bash "pwd"/tmp/home/adminXorPlus>

If the command require multiple parameters, you have to use quotation marks. Here is an example

from the Configuration mode, to check the system configuration file.

TelAviv# run bash "cat /pica/config/pica.conf"/*XORP Configuration File, v1.0*//* Copyright (C) 2009-2013 Pica8, Inc.*//*Last commit : Fri May 9 12:43:39 2014 by admin*//*PicOS Version : 2.3*//*Version Checksum: 6b1435290092ce1b89fb98c06e20e66c*/[...]


85

Upgrade

Upgrading image via shell

By default, there is a shell script named with "upgrade.sh" in " " directory, users can/pica/bin/shellexecute this script by command " " in bash. This script will upgrade the image and back upupgradeconfiguration files automatically. You should according to e topico-2.3.0-image-upgrade-guid

change the image if you need to downgrade. Or you can get the image and md5 file to /cftmp

directory, then rebooting to downgrade (You should back up the configuration file manually if you

need).

Usage:

admin@XorPlus$sudo upgradeUSAGEUpgrade system with local new imageSYNOPSISupgrade image_name [no-md5-check]DESCRIPTIONimage_name - Image should be saved in /cftmpno-md5-check - Disable check of the image file for MD5

Steps:

1) Downloading new image to /cftmp dir. (By default this script will checking image MD5, it needs

MD5 file in /cftmp directory, you can use the parameter of "no-md5-check" to disable MD5

checking, otherwise the script will abort)

2) Synchronize. (After downloading image, you should synchronize the data by the command

"sync" in bash, avoiding losing data and some errors)

3) Executing upgrade script. (The image_name should be consistent with the platform, otherwise

the script will abort)

For example (P-3295 switch):

A: upgrading and checking MD5

admin@XorPlus$upgrade picos-2.2.1-P3295-13912.tar.gzUpgrading P-3295Upgrade P-3295 startedChecking MD5 of imageMD5 Check OK!Back up PicOS configuration files/ovs/ovs-vswitchd.conf.db /pica/config/pica_startup.bootConfig files saved locally as/cftmp/[email protected] in 10 seconds!reboot now!

B: only upgrading, not checking MD5


86

admin@XorPlus$upgrade picos-2.2.1-P3295-13912.tar.gz no-md5-checkUpgrading P-3295Upgrade P-3295 startedBack up PicOS configuration files/ovs/ovs-vswitchd.conf.db /pica/config/pica_startup.bootConfig files saved locally as/cftmp/[email protected] in 10 seconds!reboot now!

Upgrading image via dpkg (Debin Package)

Users can only upgrade the software of PicOS L2/L3 or OVS without rebooting the switch if you

need. User need to get the debin packages from remote host to /cftmp directory firestly, then install

the debin package.

For example (P-3295 switch):

A: install the pica-switching.deb


87

admin@XorPlus$sudo [email protected]:/home/3295/release/pica8/pronto3295/pica-switching-2.0.6.14792-P3295.deb /cftmpThe authenticity of host '1.1.1.1 (1.1.1.1)' can't be established.ECDSA key fingerprint is da:f8:57:72:dc:a0:53:94:4d:22:33:03:b3:6b:e5:e7.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '1.1.1.1' (ECDSA) to the list of known [email protected]'s password: pica-switching-2.0.6.14792-P3295.deb 100% 35MB 3.2MB/s 00:11 admin@XorPlus$cd /cftmp/admin@XorPlus$lspica-switching-2.0.6.14792-P3295.debadmin@XorPlus$admin@XorPlus$versionCopyright (C) 2009-2014 Pica8, Inc.===================================Hardware Model : P-3295PicOS Version : 2.0.6Software Revision : 14790admin@XorPlus$admin@XorPlus$sudo dpkg -i pica-switching-2.0.6.14792-P3295.debSelecting previously unselected package picos-switching.(Reading database ... 16653 files and directories currently installed.)Unpacking picos-switching (from pica-switching-2.0.6.14792-P3295.deb) ...[....] Stopping: PicOS L2/L3...............................................Setting up picos-switching (2.0.6-14792) ...[....] Starting: PicOS L2/L3.......................admin@XorPlus$admin@XorPlus$versionCopyright (C) 2009-2014 Pica8, Inc.===================================Hardware Model : P-3295PicOS Version : 2.0.6Software Revision : 14792admin@XorPlus$admin@XorPlus$cliSynchronizing configuration...OK.Pica8 PicOS Version 2.0.6Welcome to PicOS L2/L3 on XorPlusXorPlus> show version Copyright (C) 2009-2014 Pica8, Inc.Base ethernet MAC Address : 08:9e:01:62:d5:61Hardware Model : P-3295PicOS Version : 2.0.6Revision ID : 14792

B: install the pica-ovs.deb


88

admin@PicOS-OVS$admin@PicOS-OVS$sudo [email protected]:/home/3295/release/pica8/pronto3295/pica-ovs-2.0.6.14792-P3295.deb /cftmpThe authenticity of host '1.1.1.1 (1.1.1.1)' can't be established.ECDSA key fingerprint is da:f8:57:72:dc:a0:53:94:4d:22:33:03:b3:6b:e5:e7.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '1.1.1.1' (ECDSA) to the list of known [email protected]'s password:pica-ovs-2.0.6.14792-P3295.deb 100% 9635KB 9.4MB/s 00:01 admin@PicOS-OVS$admin@PicOS-OVS$cd /cftmp/admin@PicOS-OVS$lspica-ovs-2.0.6.14792-P3295.deb pica-switching-2.0.6.14792-P3295.debadmin@PicOS-OVS$admin@PicOS-OVS$versionCopyright (C) 2009-2014 Pica8, Inc.===================================Hardware Model : P-3295PicOS Version : 2.0.6Software Revision : 14790admin@PicOS-OVS$admin@PicOS-OVS$sudo dpkg -i pica-ovs-2.0.6.14792-P3295.deb(Reading database ... 17228 files and directories currently installed.)Preparing to replace picos-ovs 2.0.6-14972 (usingpica-ovs-2.0.6.14792-P3295.deb) ...[....] Stopping web server: lighttpd.[....] Stopping: PicOS Open vSwitch/OpenFlow.Unpacking replacement picos-ovs ...Setting up picos-ovs (2.0.6-14972) ...[....] Stopping enhanced syslogd: rsyslogd.[....] Starting enhanced syslogd: rsyslogd.[....] Stopping internet superserver: xinetd.[....] Restarting OpenBSD Secure Shell server: sshd.[....] Starting: PicOS Open vSwitch/OpenFlow.[....] Starting web server: lighttpd.admin@PicOS-OVS$versionCopyright (C) 2009-2014 Pica8, Inc.===================================Hardware Model : P-3295PicOS Version : 2.0.6Software Revision : 14792


User can configure an alias for a PicOS command. This CLI is also support multiple parameter. In

other word, user can user the parameter in PicOS CLI e.g. $1,$2…., which will be used in alias

command.


89

XorPlus# set alias set_vlans as "set vlans vlan-id $1"XorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus# set_vlans 10XorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus# set alias set_vlans_interface as " set vlans vlan-id $1 vlan-name$2"XorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus# set_vlans_interface 20 vlan20XorPlus# commit Merging the configuration.Commit OK.Save done.


execute bozo

load bozo

rollback

run bash <command>

run file archive bozo bozo bozo

run file checksum bozo

run file compare bozo bozo

run file copy bozo bozo

run file cwd bozo

run file delete bozo

run file list bozo

run file rename bozo bozo

run file show bozo

run file sync

run file tftp get remote-file bozo local-file bozo ip-address <ip-address>

run file tftp put local-file bozo remote-file bozo ip-address <ip-address>

save bozo

set alias bozo pattern bozo


90

Layer 2 Switching Configuration

This chapter describes the configuration steps of Layer 2 switching, including MAC address

learning, LLDP, LACP, 802.1Q VLAN, flow control, mirroring, storm control, and the Spanning Tree

Protocol (STP/RSTP/MSTP).


























MSTP Configuration

PVST Configuration




91








You can enable (or disable) the Ethernet port, and configure the Ethernet port's MTU, rate-limit,

flow control and change the qe-interface mode.

Shutting down the Ethernet port

Configuring the MTU and Rate-limit

Enabling Port Flow Control

Split 40GE Ports in 4x10GE Ports

Configuring Port Speed

Shutting down the Ethernet port

XorPlus# set interface gigabit-ethernet ge-1/1/1disable trueXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring the MTU and Rate-limit

XorPlus# set interface gigabit-ethernet ge-1/1/1 rate-limiting egresskilobits 10000XorPlus# set interface gigabit-ethernet ge-1/1/1 mtu 1200XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#


92

Enabling Port Flow Control

XorPlus# set interface gigabit-ethernet ge-1/1/1 ether-options flow-controltrueXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Split 40GE Ports in 4x10GE Ports

You can split 40GE ports to multiple 10GE ports using a split cable.

This is done by enable the SFP mode on the relevant port. You can find detail of this command in

the .command reference guide

XorPlus# set interface qe-interface-mode SFPXorPlus# comMerging the configuration.Commit OK.Save done.Qe interface mode changes, please reboot system to make it effect!XorPlus#XorPlus# set interface qe-interface-mode QSFP XorPlus# commit Merging the configuration.Commit OK.Save done.Qe interface mode changes, please reboot system to make it effect!XorPlus#

http://intranet.pica8.com/display/picos24sp/interface+qe-interface-mode


93

Configuring Port Speed

XorPlus# run show interface gigabit-ethernet ge-1/1/1 detailPhysical interface: ge-1/1/1, Enabled, Physical link is UpInterface index: 1Link-level type: Ethernet, MTU: 1514, Speed: 1Gb/s, Duplex: FullSource filtering: Disabled, Flow control: Enabled, Auto-negotiation: EnabledInterface flags: Hardware-Down SNMP-Traps Internal: 0x0Interface rate limit ingress:0, egress:0Current address: c8:0a:a9:04:49:19, Hardware address: c8:0a:a9:04:49:19Traffic statistics:Input Packets............................35748Output Packets...........................35143881241Input Octets.............................3923150Output Octets............................2266956387852MAC statistics:Multicast packets RX and TX..............199565932Broadcast packets RX and TX..............4968094Undersize packets RX and TX..............0Fragments packets RX and TX..............0Packets RX and TX 64 Octets..............35088774487Packets RX and TX 65-127 Octets..........27771Packets RX and TX 128-255 Octets.........2574126Packets RX and TX 256-511 Octets.........52540605Packets RX and TX 512-1023 Octets........0Packets RX and TX 1024-1518 Octets.......0XorPlus# run clear interface statistics all


VLAN tagging (IEEE 802.1Q) is a networking standard that defines the VLAN. You can configure a

port as a trunk or access port. With the native VLAN ID, you can add the port (in trunk mode) to

more than one VLAN.

Access ports belong to native VLANs, while trunk ports belong to more than one VLAN including

the native VLAN.

Configuring the access/trunk mode

XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingport-mode accessXorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingport-mode trunkXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#


94

Configuring the Native VLANID

The native VLANID is the ID of the default VLAN (usually vlan-id 1) in which the port belongs.

Every port should be included in at least one VLAN.

XorPlus# set vlans vlan-id 5XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 5XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus# run show vlans vlan-id 5VLAN ID: 5VLAN Name: default Description: vlan-interface: Number of member ports: 1 Tagged port: NoneUntagged port: ge-1/1/1, XorPlus#


95

Adding a Port to a VLAN

XorPlus# set vlans vlan-id 5XorPlus# set vlans vlan-id 6XorPlus# set vlans vlan-id 7XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingport-mode trunkXorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 5XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 6XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 7XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus# run show vlans VlanID Tag Interfaces------ -------- ------------------------------------------------------1 tagged untagged ge-1/1/2, ge-1/1/3, ge-1/1/4, ge-1/1/5, ge-1/1/6, ge-1/1/7, ge-1/1/8, ge-1/1/9, ge-1/1/10, ge-1/1/11, ge-1/1/12, ge-1/1/13, ge-1/1/14, ge-1/1/15, ge-1/1/16, ge-1/1/17, ge-1/1/18, ge-1/1/19, ge-1/1/20, ge-1/1/21, ge-1/1/22, ge-1/1/23, ge-1/1/24, ge-1/1/25, ge-1/1/26, ge-1/1/27, ge-1/1/28, ge-1/1/29, ge-1/1/30, ge-1/1/31, ge-1/1/32, ge-1/1/33, ge-1/1/34, ge-1/1/35, ge-1/1/36, ge-1/1/37, ge-1/1/38, ge-1/1/39, ge-1/1/40, ge-1/1/41, ge-1/1/42, ge-1/1/43, ge-1/1/44, ge-1/1/45, ge-1/1/46, ge-1/1/47, ge-1/1/48, te-1/1/49, te-1/1/50, te-1/1/51, te-1/1/52, 5 tagged ge-1/1/2, untagged ge-1/1/16 tagged ge-1/1/2, untagged 7 tagged ge-1/1/2,untagged XorPlus#


96

Creating a VLAN with in the VLAN range

You can create VLANs within the VLAN range, and then add ports to theseVLANs. XorPlus# set vlans vlan-id 2-4094XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingport-mode trunkXorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 1-4094XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 1-4094XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingvlan members 1-4094XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

VLAN Configuration Example

In the following topology, the VLANs are configured for each switch.

Figure 4-1.VLAN configuration.

Configuring Switch A

For Switch A, you should configure ge-1/1/1~ge-1/1/4 as access port sand te-1/1/49 as the trunk

port, because the10Gbit link will trunk the traffic of VLAN-2 and VLAN-3.


97

XorPlus# set vlans vlan-id 2XorPlus# set vlans vlan-id 3XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingport-mode accessXorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingport-mode accessXorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingport-mode accessXorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingnative-vlan-id 3XorPlus# set interface gigabit-ethernet ge-1/1/4 family ethernet-switchingport-mode accessXorPlus# set interface gigabit-ethernet ge-1/1/4 family ethernet-switchingnative-vlan-id 3XorPlus#set interface gigabit-ethernet te-1/1/49 family ethernet-switchingport-mode trunkXorPlus#set interface gigabit-ethernet te-1/1/49 family ethernet-switchingvlan members 2XorPlus#set interface gigabit-ethernet te-1/1/49 family ethernet-switchingvlan members 3XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# run show vlans VlanID Tag Interfaces------ -------- ------------------------------------------------------1 tagged untagged ge-1/1/5, ge-1/1/6, ge-1/1/7, ge-1/1/8, ge-1/1/9, ge-1/1/10, ge-1/1/11, ge-1/1/12, ge-1/1/13, ge-1/1/14, ge-1/1/15, ge-1/1/16, ge-1/1/17, ge-1/1/18, ge-1/1/19, ge-1/1/20, ge-1/1/21, ge-1/1/22, ge-1/1/23, ge-1/1/24, ge-1/1/25, ge-1/1/26, ge-1/1/27, ge-1/1/28, ge-1/1/29, ge-1/1/30, ge-1/1/31, ge-1/1/32, ge-1/1/33, ge-1/1/34, ge-1/1/35, ge-1/1/36, ge-1/1/37, ge-1/1/38, ge-1/1/39, ge-1/1/40, ge-1/1/41, ge-1/1/42, ge-1/1/43, ge-1/1/44, ge-1/1/45, ge-1/1/46, ge-1/1/47, ge-1/1/48, te-1/1/49, te-1/1/50, te-1/1/51, te-1/1/52, 2 tagged te-1/1/49, untagged ge-1/1/1, ge-1/1/2, 3 tagged te-1/1/49, untagged ge-1/1/3, ge-1/1/4, XorPlus#

Configuring Switch B

For Switch B, configure ge-1/1/1~ge-1/1/4 as access port sand te-1/1/49 as the trunk port, because

the 10Gbit link will trunk the traffic ofVLAN-2 and VLAN-3.


98

XorPlus# set vlans vlan-id 2XorPlus# set vlans vlan-id 3XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingport-mode accessXorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingport-mode accessXorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingport-mode accessXorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingnative-vlan-id 3XorPlus# set interface gigabit-ethernet ge-1/1/4 family ethernet-switchingport-mode accessXorPlus# set interface gigabit-ethernet ge-1/1/4 family ethernet-switchingnative-vlan-id 3XorPlus#set interface gigabit-ethernet te-1/1/49 family ethernet-switchingport-mode trunkXorPlus#set interface gigabit-ethernet te-1/1/49 family ethernet-switchingvlan members 2XorPlus#set interface gigabit-ethernet te-1/1/49 family ethernet-switchingvlan members 3XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# run show vlans VlanID Tag Interfaces------ -------- ------------------------------------------------------1 tagged untagged ge-1/1/5, ge-1/1/6, ge-1/1/7, ge-1/1/8, ge-1/1/9, ge-1/1/10, ge-1/1/11, ge-1/1/12, ge-1/1/13, ge-1/1/14, ge-1/1/15, ge-1/1/16, ge-1/1/17, ge-1/1/18, ge-1/1/19, ge-1/1/20, ge-1/1/21, ge-1/1/22, ge-1/1/23, ge-1/1/24, ge-1/1/25, ge-1/1/26, ge-1/1/27, ge-1/1/28, ge-1/1/29, ge-1/1/30, ge-1/1/31, ge-1/1/32, ge-1/1/33, ge-1/1/34, ge-1/1/35, ge-1/1/36, ge-1/1/37, ge-1/1/38, ge-1/1/39, ge-1/1/40, ge-1/1/41, ge-1/1/42, ge-1/1/43, ge-1/1/44, ge-1/1/45, ge-1/1/46, ge-1/1/47, ge-1/1/48, te-1/1/49, te-1/1/50, te-1/1/51, te-1/1/52, 2 tagged te-1/1/49, untagged ge-1/1/1, ge-1/1/2, 3 tagged te-1/1/49, untagged ge-1/1/3, ge-1/1/4,


You can configure a static MAC entry in the FDB, and manage dynamic MAC address learning (for

example, configuring aging time or deleting the dynamic MAC addresses entry).


99

Configuring a static MAC entry and managing the FDB

XorPlus# set interface gigabit-ethernet ge-1/1/1 static-ethernet-switchingmac-address 22:22:22:22:22:22 vlan 1XorPlus# set interface ethernet-switching-options mac-table-aging-time 60XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus# run show ethernet-switching table Total entries in switching table: 2Static entries in switching table: 0Dynamic entries in switching table: 2VLAN MAC address Type Age Interfaces---- ----------------- ------- ---- ----------1 00:22:be:96:f2:83 Dynamic 60 ge-1/1/1 1 00:22:be:96:f2:84 Dynamic 60 ge-1/1/2 XorPlus# run clear ethernet-switching table allXorPlus# run show ethernet-switching table Total entries in switching table: 0Static entries in switching table: 0Dynamic entries in switching table: 0VLAN MAC address Type Age Interfaces---- ----------------- ------- ---- ---------- XorPlus#


Port security is a layer two traffic control feature on Pica8 switches. It enables an administrator

configure individual switch ports to allow only a specified number of source MAC addresses

ingressing the port. Port security enables the switch administrator to prevent unauthorized devices

from gaining access to the network. Port security is normally enabled on access layer switches for

this purpose.

Enabling Port Security

Port security is not enabled in default. It can be enabled with default parameters by issuing a single

command on an interface:

XorPlus# set interface gigabit-ethernet ge-1/1/1 port-security mac-limit 10XorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus#


100

Configuring the Maximum Number of Secure Dynamically Learned MAC

Addresses

Users can use port security with dynamically learned MAC addresses to restrict a port's ingress

traffic by limiting the MAC addresses that are allowed to send traffic into the port.

XorPlus# set interface gigabit-ethernet ge-1/1/1 port-security mac-limit 5XorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus# XorPlus# run show port-security address Secure Mac Address Table-----------------------------------------------------Vlan MAC Address Type Interfaces ---- ----------------- ------- ---------- 1 00:00:11:11:11:11 dynamic ge-1/1/1 1 00:00:11:11:11:12 dynamic ge-1/1/1 1 00:00:11:11:11:13 dynamic ge-1/1/1 1 00:00:11:11:11:14 dynamic ge-1/1/1 1 00:00:11:11:11:15 dynamic ge-1/1/1 -----------------------------------------------------MAC age time :300sXorPlus#

Configuring Static Secure MAC Addresses on a Port

Users can use port security with static MAC addresses to restrict a port's ingress traffic by limiting

the MAC addresses that are allowed to send traffic into the port.


101

XorPlus# set interface gigabit-ethernet ge-1/1/1 port-security mac-address00:00:23:23:23:23 vlan 1XorPlus# set interface gigabit-ethernet ge-1/1/1 port-security mac-address00:00:23:23:23:24 vlan 1XorPlus# set interface gigabit-ethernet ge-1/1/1 port-security mac-address00:00:23:23:23:25 vlan 1XorPlus# set interface gigabit-ethernet ge-1/1/1 port-security mac-address00:00:23:23:23:26 vlan 1XorPlus# set interface gigabit-ethernet ge-1/1/1 port-security mac-address00:00:23:23:23:27 vlan 1XorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus# XorPlus# run show port-security address Secure Mac Address Table-----------------------------------------------------Vlan MAC Address Type Interfaces ---- ----------------- ------- ---------- 1 00:00:23:23:23:23 static ge-1/1/1 1 00:00:23:23:23:24 static ge-1/1/1 1 00:00:23:23:23:25 static ge-1/1/1 1 00:00:23:23:23:26 static ge-1/1/1 1 00:00:23:23:23:27 static ge-1/1/1 -----------------------------------------------------MAC age time :300s XorPlus#

Configuring Port Security with Sticky MAC Addresses on a Port

Port security with sticky MAC addresses retains dynamically learned MAC addresses when the link

is down, and restores the MAC addresses when the link ups.

XorPlus# set interface gigabit-ethernet ge-1/1/1 port-security sticky trueXorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus#

Configuring Secure MAC Address Aging Time

The aging time is global whether port security configuring or not.

XorPlus# set interface ethernet-switching-options mac-table-aging-time 100XorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus#


102

Configuring Port Security Violation Mode on a Port

Port security can be configured to take one of four actions upon detecting a violation:

(default) - Frames from MAC addresses other than the allowed addresses are dropped;protect

traffic from allowed addresses is permitted to pass normally; - Like protect mode, butrestrict

generates a syslog message and increases the violation counter; - The interface isshutdown

placed into the error-discard state, blocking all traffic; - The interface is placedshutdown-temp

into the error-discard state and blocking all traffic temporarily, then after 20 seconds (default), the

interface is up.

XorPlus# set interface gigabit-ethernet ge-1/1/1 port-security violation ?Possible completions:protect Drop packets with unknown source addressesrestrict Drop packets with unknown source addresses and log violationshutdown Disable interfaceshutdown-temp Disable interface temporarily(20 seconds for the default)XorPlus# set interface gigabit-ethernet ge-1/1/1 port-security violationrestrict XorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus#

Configuring Port Security Auto-recovery Time

When the port security violation mode configured to shutdown-temp, users can configure the

recovery interval by this command:

XorPlus# set interface ethernet-switching-options port-error-discard timeout30XorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus#

Recovering the Port in Error-discard

When the port security violation mode configured to shutdown, the port will be placed into the

error-discard state after detecting a violation, users can recover the port by this command:

XorPlus# run clear port-security port-error Clear done.XorPlus#


103

Configuring Port Security Block Mode on a Port

Port security can be configured to take one of five block actions:

– All traffic are not permitted to forward normally on egress; – Broadcast packets willall broadcast

be blocked on egress, but unknown uni/multi cast addresses can forwards normally; –multicast

Only the multicast packets will be dropped; - The unknown uni/multi cast packetsuni-multi-cast

will be blocked on egress; - Only the unknown unicast packets will be dropped.unicast

XorPlus# set interface gigabit-ethernet ge-1/1/1 port-security block ?Possible completions:all Block broadcast and unknow addressesbroadcast Block broadcast addressmulticast Block unknow multicast addressesuni-multi-cast Block unknow uni/multi cast addressesunicast Block unknow unicast addressesXorPlus# set interface gigabit-ethernet ge-1/1/1 port-security blockbroadcast XorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus#

Displaying Port Security Settings

To display port security settings, enter this command:


104

XorPlus# run show port-security address Secure Mac Address Table-----------------------------------------------------Vlan MAC Address Type Interfaces ---- ----------------- ------- ---------- 1 00:00:11:11:11:11 dynamic ge-1/1/1 1 00:00:11:11:11:12 dynamic ge-1/1/1 1 00:00:11:11:11:13 dynamic ge-1/1/1 1 00:00:11:11:11:14 dynamic ge-1/1/1 1 00:00:11:11:11:15 dynamic ge-1/1/1 1 00:00:23:23:23:23 static ge-1/1/1 1 00:00:23:23:23:24 static ge-1/1/1 1 00:00:23:23:23:25 static ge-1/1/1 1 00:00:23:23:23:26 static ge-1/1/1 1 00:00:23:23:23:27 static ge-1/1/1 -----------------------------------------------------MAC age time :100sXorPlus# run show port-security brief System MAC limit : 32767 Secure port DynamicMacLim CurrentAddr ViolationCount Action -------------------------------------------------------------------------------ge-1/1/15 10 213940 restrict -------------------------------------------------------------------------------

XorPlus#XorPlus# run show port-security interface gigabit-ethernet ge-1/1/1 Interface ge-1/1/1----------------------------------------Port security : enabledViolation action : restrictBlock type : broadcastSticky : trueDynamic MAC limit : 5Total MAC addresses : 10Configured MAC addresses : 5Sticky MAC addresses : 5Security violation count : 286062XorPlus#

Disabling Port Security

To disable port security, users should enter this command:


105

XorPlus# delete interface gigabit-ethernet ge-1/1/1 port-security Deleting: port-security {mac-limit: 5violation: "restrict"mac-address 00:00:23:23:23:23 {vlan 1 {}}mac-address 00:00:23:23:23:24 {vlan 1 {}}mac-address 00:00:23:23:23:25 {vlan 1 {}}mac-address 00:00:23:23:23:26 {vlan 1 {}}mac-address 00:00:23:23:23:27 {vlan 1 {}}sticky: trueblock: "broadcast"} OK XorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus#


By default, the switch forwards the packets in a cut-through switching method. That is, the switch

begins forwarding a packet before the entire frame is received; normally as soon as the destination

address is processed. This reduces latency and error handling is performed by the destination

devices. You can configure the switch to store-and-forward method with the commands below.

Configuring your Switch to Store-and-Forward Method

XorPlus# set interface cut_through_mode falseXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#


106


You can configure up to 48 LAGs in L2/L3, and each LAG can have up to 8 member ports.

Both static and LACP LAGs can support the hashing of traffic using the Src/Dst MAC address, the

Src/DstIP address, and Layer 4 port information.

If all member ports of a LAN are link-down, the LAG will be link-down. The LAG will become

link-up when at least one member port is link-up.

The logical function and configuration of LAGs are same as those of a physical port.

Configuring static LAGs

XorPlus# set interface aggregate-ethernet ae1XorPlus# set interface gigabit-ethernet ge-1/1/1 ether-options 802.3ad ae1XorPlus# set interface gigabit-ethernet ge-1/1/2 ether-options 802.3ad ae1XorPlus# set interface gigabit-ethernet ge-1/1/3 ether-options 802.3ad ae1XorPlus# set interface gigabit-ethernet ge-1/1/4 ether-options 802.3ad ae1XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Displaying static LAG information

XorPlus# run show interface aggregate-ethernet ae1 Physical interface: ae1, Enabled, Physical link is UpInterface index: 53Link-level type: Ethernet, MTU: 1514, Speed: Auto, Duplex: AutoSource filtering: Disabled, Flow control: Enabled, Auto-negotiation: EnabledInterface flags: Hardware-Down SNMP-Traps Internal: 0x0Current address: c8:0a:a9:9e:14:9f, Hardware address: c8:0a:a9:9e:14:9fTraffic statistics:Input Packets............................176Output Packets...........................16Input Octets.............................12888Output Octets............................1594Aggregated link protocol: STATICMembers Status Port Speed--------- -------- ----------ge-1/1/1 Down Auto ge-1/1/2 Down Auto ge-1/1/3 Up Auto ge-1/1/4 Up Auto


Configure the laghash mode as advanced-resilient.In default,the hash-mapping field disable false

all.The user can configure the hash-mapping field a ccording to the situation.When one port in the

lag down,the traffic in the other ports will not .redistribution


107

Configuration

set interface aggregate-ethernet ae10 hash-mapping mode advanced-resilient

Example

1.Configure one lag with three ports

set interface gigabit-ethernet ge-1/1/1 ether-options 802.3ad ae10 set interface gigabit-ethernet ge-1/1/2 ether-options 802.3ad ae10 set interface gigabit-ethernet ge-1/1/3 ether-options 802.3ad ae10

2.Configure the lag hash mode ethernet-destination-only

set interface aggregate-ethernet ae10 hash-mapping mode advanced-resilient

3.Configure the hash-mapping field

set interface aggregate-balancing hash-mapping field ip-destination disablefalse set interface aggregate-balancing hash-mapping field ip-source disablefalse


Configure the laghash mode as advanced.In default,the hash-mapping field disable false all.The

user can configure the hash-mapping field a ccording to the situation.When the port in the lag

down,the traffic redistribution.

Configuration

set interface aggregate-ethernet ae1 hash-mapping mode advance

Example




set interface aggregate-ethernet ae10 hash-mapping mode advance

3.Configure the hash-mapping field


108

set interface aggregate-balancing hash-mapping fieldethernet-destination-address disable false set interface aggregate-balancing hash-mapping fieldethernet-source-address disable false


Configure the laghash mode as ethernet-destination-only.When the lag receive the packets with

increasing destination-mac-address,the traffic hash.

Configuration

set interface aggregate-ethernet ae1 hash-mapping modeethernet-destination-only

Example




set interface aggregate-ethernet ae10 hash-mapping modeethernet-destination-only

3.send destination-mac-address increasing packets to the lag ae10


LACP (802.3ad) provides the dynamic link aggregation function.

The LACPDU includes the LACP system priority, the system MAC, the port priority and I.D. The

port, included in the LACP LAG, will transmit the LACPDU to its neighbors.

The configuration of the LACP LAG is similar to that of the static LAG.

denotes that the LAG is up only when no fewer than the defined number ofmin-selected-port

ports are up. Below, our defined number is 4.


109

Configuring LACP LAGs

XorPlus# set interface aggregate-ethernet ae1aggregated-ether-options lacpenable trueXorPlus# set interface aggregate-ethernet ae1 aggregated-ether-optionsmin-selected-port 4XorPlus# set interface gigabit-ethernet ge-1/1/1 ether-options 802.3ad ae1XorPlus# set interface gigabit-ethernet ge-1/1/2 ether-options 802.3ad ae1XorPlus# set interface gigabit-ethernet ge-1/1/3 ether-options 802.3ad ae1XorPlus# set interface gigabit-ethernet ge-1/1/4 ether-options 802.3ad ae1XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Displaying LACP LAG information

XorPlus# run show interface aggregate-ethernet ae1 Physical interface: ae1, Enabled, Physical link is DownInterface index: 53Description: Link-level type: Ethernet, MTU: 1514, Speed: Auto, Duplex: AutoSource filtering: Disabled, Flow control: Enabled, Auto-negotiation: EnabledInterface flags: Hardware-Down SNMP-Traps Internal: 0x0Current address: 60:eb:69:d2:9c:d7, Hardware address: 60:eb:69:d2:9c:d7Traffic statistics:5 sec input rate 0 bits/sec, 0 packets/sec5 sec output rate 0 bits/sec, 0 packets/secInput Packets............................0Output Packets...........................0Input Octets.............................0Output Octets............................0Aggregated link protocol: LACPMinimum number of selected ports: 4Members Status Port Speed--------- ---------- ----------ge-1/1/1 up(active) Auto ge-1/1/2 up(active) Auto ge-1/1/3 up(active) Auto ge-1/1/4 up(active) Auto


Traditionally, an aggregation interface is a logical interface that is used to increase the bandwidth

or availability by users of more than one physical interface in a switch. Multi-chassis LAG (MLAG)

can form a logical aggregation interface to multiple switches.


110

In Figure 1-1, switch A and C are connected by link A; switch B and C is connected by link B. In

switch C, link A and B has formed an aggregation interface to balance the traffic. In the meanwhile,

switch A and B has formed a MLAG using link A and B. For communication, such as MAC entries,

between the members of the MLAG and are learned by the MLAG must need be synchronized. In

Figure 1 synchronization between switch A and B, and link C are used to connect switch A and B

as the channel interface. The number of links which connect switch A and C or B and C cannot be

more than 1.

Important things to know about MLAG

There are two issues in the MLAG: MAC entry synchronization and broadcast traffic control. MAC

entry synchronization means that the MAC entry learned by the interface must be synchronized by

the peer switch. In current version, we only support 2 nodes in a MLAG and use L2 traffic to

communicate between the nodes.

Figure 1-1

Configuring MLAG domain-id

The command assigns an MLAG ID to an aggregation interface. MLAG neighbordomain-id

switches form an MLAG when each switch configures the same MLAG-ID to an aggregation

interface. Only one MLAG domain-id can be assigned to an aggregation interface. The same

MLAG domain-id cannot be assigned to more than one aggregation interface.


111

XorPlus# set interface aggregate-ethernet ae22 aggregated-ether-options mlagdomain-id 1XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring MLAG system-id

The command specifies the local chassis system's MAC address for an MLAG domainsystem-id

and is used in LACP aggregation as source system MAC address.

XorPlus# set interface aggregate-ethernet ae22 aggregated-ether-options mlagsystem-ide8:9a:8f:50:3d:30XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring MLAG peer

The command specifies the neighbor's IP address for a MLAG domain. The MLAGpeer

synchronized messages is sent to the neighbor IP address.

XorPlus# set interface aggregate-ethernet ae22 aggregated-ether-options mlagpeer 10.0.0.1peer-link "ae24"XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring MLAG priority

The priority use master/slave negotiation between the two neighbor switch. The commandpriority

assigns a MLAG domain.


112

XorPlus# set interface aggregate-ethernet ae22 aggregated-ether-options mlagpriority 4096XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus# set protocols bgp peer 192.168.49.1 export send-networkXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring MLAG hello-interval

The command configures the hello message, in both directions, between MLAGhello-interval

neighbors. If the neighbor switch is pinged four times, and the hello-interval does not receive the

message, the MLAG neighbor switches revert to their independent state.

XorPlus# set interface aggregate-ethernet ae22 aggregated-ether-options mlaghello-interval 60XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#



113

1.

2.

3.

4.

5.

6.

7.

8.

Configure the number of LAGs on Switch C. Add member interfaces to the aggregated

ethernet interfaces on Switch C.

Configure the number of MLAG member LAGs on both Switch A and Switch B. Add member

interfaces to the aggregated ethernet interfaces on on both Switch A and Switch B.

Configure the number of MLAG peer-link LAGs on both Switch A and Switch B. Add

member interfaces to the aggregated ethernet interfaces on on both Switch A and Switch B.

Configure the L3 interface IP address on both Switch A and Switch B for peer-to-peer

communication.

Configure the same domain-id number on both MLAG peers on Switch A and Switch B.

Configure not the same system-id on both MLAG peers on Switch A and Switch B.

Configure the peer IP address for MLAG peer connect on both Switch A and Switch B.

Configure the LAGs for MLAG peer-link connects on both Switch A and Switch B.


Figure 2 illustrates MLAG configured between Switch A and Switch B; the MLAG connections

between the neighboring switches as well as two Network Devices.

The MLAG switches connect through a LACP LAG to Switch C.

The MLAG switches connect through a static LAG to Server A.

Figure 2



114

XorPlus# set interface aggregate-ethernet ae1 aggregated-ether-options lacpenable trueXorPlus# set interface aggregate-ethernet ae2XorPlus# set interface aggregate-ethernet ae3XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set interface gigabit-ethernet ge-1/1/1 ether-options 802.3ad ae1XorPlus# set interface gigabit-ethernet ge-1/1/2 ether-options 802.3ad ae2XorPlus# set interface gigabit-ethernet te-1/1/49 ether-options 802.3ad ae3XorPlus# set interface gigabit-ethernet te-1/1/50 ether-options 802.3ad ae3XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#


XorPlus# set protocols spanning-tree enable falseXorPlus# set vlans vlan-id 15XorPlus# set vlans vlan-id 16XorPlus# set vlans vlan-id 4094 l3-interface 4094XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set interface aggregate-ethernet ae1 family ethernet-switchingport-mode trunkXorPlus# set interface aggregate-ethernet ae1 family ethernet-switching vlanmembers 15XorPlus# set interface aggregate-ethernet ae1 family ethernet-switching vlanmembers 16XorPlus# set interface aggregate-ethernet ae2 family ethernet-switchingport-mode trunkXorPlus# set interface aggregate-ethernet ae2 family ethernet-switching vlanmembers 15XorPlus# set interface aggregate-ethernet ae2 family ethernet-switching vlanmembers 16XorPlus# set interface aggregate-ethernet ae3 family ethernet-switchingport-mode trunkXorPlus# set interface aggregate-ethernet ae3 family ethernet-switching vlanmembers 15XorPlus# set interface aggregate-ethernet ae3 family ethernet-switching vlanmembers 16XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#


115

Configure the L3 interface IP address

XorPlus# set vlan-interface interface 4094 vif 4094 address 10.10.0.1prefix-length 24XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring the domain-id and system-id for the MLAG domain.

XorPlus# set interface aggregate-ethernet ae1 aggregated-ether-options mlagdomain-id 1XorPlus# set interface aggregate-ethernet ae1 aggregated-ether-options mlagsystem-id e8:9a:8f:50:3d:30XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set interface aggregate-ethernet ae2 aggregated-ether-options mlagdomain-id 2XorPlus# set interface aggregate-ethernet ae2 aggregated-ether-options mlagsystem-id e8:9a:8f:50:3d:30XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring the peer IP address and the peer-link for the MLAG domain peer

XorPlus# set interface aggregate-ethernet ae1 aggregated-ether-options mlagpeer10.10.0.2peer-link "ae3"XorPlus# set interface aggregate-ethernet ae2 aggregated-ether-options mlagpeer10.10.0.2peer-link "ae3"XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#



116

XorPlus# set interface aggregate-ethernet ae1 aggregated-ether-options lacpenable trueXorPlus# set interface aggregate-ethernet ae2XorPlus# set interface aggregate-ethernet ae3XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set interface gigabit-ethernet ge-1/1/1 ether-options 802.3ad ae1XorPlus# set interface gigabit-ethernet ge-1/1/2 ether-options 802.3ad ae2XorPlus# set interface gigabit-ethernet te-1/1/49 ether-options 802.3ad ae3XorPlus# set interface gigabit-ethernet te-1/1/50 ether-options 802.3ad ae3XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#




117



Configuring the domain-id and system-id for the MLAG domain

XorPlus# set interface aggregate-ethernet ae1 aggregated-ether-options mlagdomain-id 1XorPlus# set interface aggregate-ethernet ae1 aggregated-ether-options mlagsystem-id c8:0a:a9:9e:14:a4XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set interface aggregate-ethernet ae2 aggregated-ether-options mlagdomain-id 2XorPlus# set interface aggregate-ethernet ae2 aggregated-ether-options mlagsystem-id c8:0a:a9:9e:14:a4XorPlus# commitWaiting for merging configuration.Commit OK.Save done.





118

XorPlus# set interface aggregate-ethernet ae1 aggregated-ether-options lacpenable trueXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set interface gigabit-ethernet ge-1/1/1 ether-options 802.3ad ae1XorPlus# set interface gigabit-ethernet ge-1/1/2 ether-options 802.3ad ae1XorPlus# commitWaiting for merging configuration.Commit OK.Save done.


XorPlus# set protocols spanning-tree enable falseXorPlus# set vlans vlan-id 15XorPlus# set vlans vlan-id 16XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set interface aggregate-ethernet ae1 family ethernet-switchingport-mode trunkXorPlus# set interface aggregate-ethernet ae1 family ethernet-switching vlanmembers 15XorPlus# set interface aggregate-ethernet ae1 family ethernet-switching vlanmembers 16XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#


119


View the MLAG internal and neighbor status of Switch A

SwitchA# run show mlag internal Domain-id Local-LAG Flood MAC-sync State Role--------------------------------------------------------2 ae1 false true FULL MASTER1 ae2 false true FULL MASTER SwitchA# run show mlag peer 1Peer System-id State Link-status--------------------------------------------------------10.10.0.2c8:0a:a9:9e:14:a4 FULL UP SwitchA# run show mlag peer 2Peer System-id State Link-status--------------------------------------------------------10.10.0.2c8:0a:a9:9e:14:a4 FULL UP XorPlus#

View the MLAG internal and neighbor status of Switch B

SwitchB# run show mlag internal Domain-id Local-LAG Flood MAC-sync State Role--------------------------------------------------------2 ae1 false true FULL MASTER1 ae2 false true FULL MASTER SwitchB# run show mlag peer 1Peer System-id State Link-status--------------------------------------------------------10.10.0.1e8:9a:8f:50:3d:30 FULL UP SwitchB# run show mlag peer 2Peer System-id State Link-status--------------------------------------------------------10.10.0.1e8:9a:8f:50:3d:30 FULL UP XorPlus#


Figure 2 illustrates MLAG configured between Switch A and Switch B; the MLAG connections

between the neighboring switches as well as two Network Devices.

The MLAG switches connect through a LACP LAG to Switch C.

The MLAG switches connect through a LACP LAG to Switch D.

Figure 3


120


XorPlus# set interface aggregate-ethernet ae1 aggregated-ether-options lacpenable trueXorPlus# set interface aggregate-ethernet ae2aggregated-ether-options lacpenable trueXorPlus# set interface aggregate-ethernet ae3XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set interface gigabit-ethernet ge-1/1/1 ether-options 802.3ad ae1XorPlus# set interface gigabit-ethernet ge-1/1/2 ether-options 802.3ad ae2XorPlus# set interface gigabit-ethernet te-1/1/49 ether-options 802.3ad ae3XorPlus# set interface gigabit-ethernet te-1/1/50 ether-options 802.3ad ae3XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#


121






122

Configuring the domain-id and system-id for the MLAG domain.

XorPlus# set interface aggregate-ethernet ae1 aggregated-ether-options mlagdomain-id 1XorPlus# set interface aggregate-ethernet ae1 aggregated-ether-options mlagsystem-id e8:9a:8f:50:3d:30XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set interface aggregate-ethernet ae2 aggregated-ether-options mlagdomain-id 2XorPlus# set interface aggregate-ethernet ae2 aggregated-ether-options mlagsystem-id e8:9a:8f:50:3d:30XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#





123

XorPlus# set interface aggregate-ethernet ae1 aggregated-ether-options lacpenable trueXorPlus# set interface aggregate-ethernet ae2aggregated-ether-options lacpenable trueXorPlus# set interface aggregate-ethernet ae3XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set interface gigabit-ethernet ge-1/1/1 ether-options 802.3ad ae1XorPlus# set interface gigabit-ethernet ge-1/1/2 ether-options 802.3ad ae2XorPlus# set interface gigabit-ethernet te-1/1/49 ether-options 802.3ad ae3XorPlus# set interface gigabit-ethernet te-1/1/50 ether-options 802.3ad ae3XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#




124



Configuring the domain-id and system-id for the MLAG domain

XorPlus# set interface aggregate-ethernet ae1 aggregated-ether-options mlagdomain-id 1XorPlus# set interface aggregate-ethernet ae1 aggregated-ether-options mlagsystem-id c8:0a:a9:9e:14:a4XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set interface aggregate-ethernet ae2 aggregated-ether-options mlagdomain-id 2XorPlus# set interface aggregate-ethernet ae2 aggregated-ether-options mlagsystem-id c8:0a:a9:9e:14:a4XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#





125

XorPlus# set interface aggregate-ethernet ae1 aggregated-ether-options lacpenable trueXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set interface gigabit-ethernet ge-1/1/1 ether-options 802.3ad ae1XorPlus# set interface gigabit-ethernet ge-1/1/2 ether-options 802.3ad ae1XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring Switch C and Switch D an aggregation interface add to VLAN

Members

XorPlus# set protocols spanning-tree enable falseXorPlus# set vlans vlan-id 15XorPlus# set vlans vlan-id 16XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set interface aggregate-ethernet ae1 family ethernet-switchingport-mode trunkXorPlus# set interface aggregate-ethernet ae1 family ethernet-switching vlanmembers 15XorPlus# set interface aggregate-ethernet ae1 family ethernet-switching vlanmembers 16XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

View the MLAG internal and neighbor status of Switch A

SwitchA# run show mlag internal Domain-id Local-LAG Flood MAC-sync State Role--------------------------------------------------------2 ae1 false true FULL MASTER1 ae2 false true FULL MASTER SwitchA# run show mlag peer 1Peer System-id State Link-status--------------------------------------------------------10.10.0.2c8:0a:a9:9e:14:a4 FULL UP SwitchA# run show mlag peer 2Peer System-id State Link-status--------------------------------------------------------10.10.0.2c8:0a:a9:9e:14:a4 FULL UP XorPlus#


126

View the MSTP status of Switch A

SwitchA# run show spanning-tree mstp interface MSTP Spanning Tree Interface Status for instance 0Interface Port ID Designated Designated Bridge Ext Port Int Port State RolePort ID ID Cost Cost---------- --------- ---------- ----------------------- --------- ------------------------ --------------- ae1 128.53 128.53 0.e8:9a:8f:50:3d:30 20000 20000 FORWARDING DESIGNATEDae2 128.54 128.54 0.e8:9a:8f:50:3d:30 20000 20000 FORWARDING DESIGNATED ae3 128.55 128.55 0.e8:9a:8f:50:3d:30 2000 2000 FORWARDING EDGE

View the MLAG internal and neighbor status of Switch B

SwitchB# run show mlag internal Domain-id Local-LAG Flood MAC-sync State Role--------------------------------------------------------2 ae1 false true FULL MASTER1 ae2 false true FULL MASTER SwitchB# run show mlag peer 1Peer System-id State Link-status--------------------------------------------------------10.10.0.1e8:9a:8f:50:3d:30 FULL UP SwitchB# run show mlag peer 2Peer System-id State Link-status--------------------------------------------------------10.10.0.1e8:9a:8f:50:3d:30 FULL UP XorPlus#

View the MSTP status of Switch B

SwitchA# run show spanning-tree mstp interface MSTP Spanning Tree Interface Status for instance 0Interface Port ID Designated Designated Bridge Ext Port Int Port State RolePort ID ID Cost Cost---------- --------- ---------- ----------------------- --------- ------------------------ --------------- ae1 128.53 128.53 0.e8:9a:8f:50:3d:30 20000 20000 FORWARDING DESIGNATEDae2 128.54 128.54 0.e8:9a:8f:50:3d:30 20000 20000 FORWARDING DESIGNATED ae3 128.55 128.55 0.e8:9a:8f:50:3d:30 2000 2000 FORWARDING EDGE


You can configure unicast, multicast, and broadcast storm control in packets per second.


127

Configuring Storm Control

XorPlus# set interface gigabit-ethernet ge-1/1/1 storm-control broadcast pps10000XorPlus# set interface gigabit-ethernet ge-1/1/1 storm-control multicastpps10000XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#


LLDP is a standard link-layer discovery protocol which can broadcast its capability, IP address, ID,

and interface name as TLVs (Type/Length/Value) in LLDP PDUs (Link Layer Discovery Protocol

Data Units).

An LLDP PDU includes 4 basic TLVs and several optional TLVs. Basic TLVs include the Chassis

ID, Port ID, TTL and End TLVs.

In L2/L3, you can select the following optional TLVs:

Table 3-1. Supported TLVs of L2/L3.

TLV Name Description

mac-phy-cfg MAC address of the system

management-address Management IP address of the system

port-description The port description of system

port-vlan The VLAN ID of the port

system-capabilities System capability (e.g. switching, routing)

system-description System description

system-name System name

Configuring the LLDP mode

LLDP supports 4 modes: TxRx, Tx_only, Rx_only, and Disabled. In TxRx mode, the system

transmits receives LLDPDUs. In Tx_only, the system only transmits LLDPDUs. In Rx_only, theand

system only receives LLDPDUs. In Disabled, the system will not transmit or receive any LLDPDUs.

You can configure the system as shown below:


128

XorPlus# set protocols lldp enable trueXorPlus# set protocols lldp interface te-1/1/1 working-mode tx_rx XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Selecting optional TLVs

XorPlus# set protocols lldp tlv-select mac-phy-cfg trueXorPlus# set protocols lldp tlv-select management-address trueXorPlus# set protocols lldp tlv-select port-description true XorPlus# set protocols lldp tlv-select system-capabilities trueXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Displaying LLDP information

XorPlus# show protocols lldpWaiting for building configuration.enable: truetlv-select {}

Configuring other parameters

You can configure other parameters in a similar manner; for example, advertisement-interval,

hold-time-multiplier, reinit-delay, and transmit-delay.


Q-in-Q tunneling allows service providers on Ethernet access networks to extend a Layer2

Ethernet connection between two customer sites. You can also use Q-in-Q tunneling to segregate

or bundle customer traffic into fewer VLANs, or different VLANs, by adding another layer of 802.1Q

tags.

Q-in-Q tunneling is useful when you have overlapping VLAN IDs, because the 802.1Q VLAN tags

are prepended by the service VLAN tag. The L2/L3implementation of Q-in-Q tunneling supports

the IEEE 802.1ad standard.

The Q-in-Q tunneling external mode belongs to basic Q-in-Q, while the Q-in-Q tunneling internal

mode belongs to selective Q-in-Q.


129

Configuring the Q-in-Q tunneling internal/external mode

By default, Q-in-Q is disabled. You can enable it as shown below:

XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingdot1q-tunneling internalXorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingdot1q-tunneling modeexternal XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring Q-in-Q tunneling to map ingress VLANs to service VLANs

Selective Q-in-Q tunneling allows you to add different customer VLAN tags, based on different

service VLAN tags.


130

XorPlus# set vlans vlan-id 100XorPlus# set vlans vlan-id 200XorPlus# set vlans vlan-id 300XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingport-mode trunkXorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 300XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingdot1q-tunnelingmodeinternal XorPlus# set vlans dot1q-tunneling ingress t1 from untag enabled trueXorPlus# set vlans dot1q-tunneling ingress t1 then customer-vlan 10XorPlus# set vlans dot1q-tunneling ingress t1 then service-vlan 100XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingdot1q-tunneling ingress t1XorPlus# commit XorPlus# set vlans dot1q-tunneling ingress t2 from one-tag customer-vlan-list20XorPlus# set vlans dot1q-tunneling ingress t2 then service-vlan 200XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingdot1q-tunneling ingress t2XorPlus# commit XorPlus# set vlans dot1q-tunneling ingress t3 from one-tag customer-vlan-list30XorPlus# set vlans dot1q-tunneling ingress t3 then service-vlan 300XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingdot1q-tunneling ingress t3XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# run show interface gigabit-ethernet ge-1/1/1 dot1q-tunnelingDot1q Tunneling Mode: none, Ether Type: 0x8100Ingress: t1Untagged-type Enabled: trueOne-tagged-type Customer Vlan: Double-tagged-type Service Vlan: 0New Service Vlan: 100New Customer Vlan: 10Ingress: t2Untagged-type Enabled: falseOne-tagged-type Customer Vlan: 20Double-tagged-type Service Vlan: 0New Service Vlan: 200New Customer Vlan: 0Ingress: t3Untagged-type Enabled: falseOne-tagged-type Customer Vlan: 30Double-tagged-type Service Vlan: 0New Service Vlan: 300New Customer Vlan: 0XorPlus#


131

Configuring Q-in-Q tunneling egress pop service VLANs

Selective Q-in-Q tunneling allows you to delete different customer VLAN tags, based on different

service VLAN tags.


132

XorPlus# set vlans vlan-id 100XorPlus# set vlans vlan-id 200XorPlus# set vlans vlan-id 300XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingport-mode trunkXorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 300XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 100 XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingdot1q-tunneling mode internalXorPlus# commit XorPlus# set vlans dot1q-tunneling egress t1 from customer-vlan 10XorPlus# set vlans dot1q-tunneling egress t1 from service-vlan 100XorPlus# set vlans dot1q-tunneling egress t1 then action noneXorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingdot1q-tunneling egress t1XorPlus# commit XorPlus# set vlans dot1q-tunneling egress t2 from customer-vlan 20XorPlus# set vlans dot1q-tunneling egress t2 from service-vlan 200XorPlus# set vlans dot1q-tunneling egress t2 then action oneXorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingdot1q-tunneling egress t2XorPlus# commit XorPlus# set vlans dot1q-tunneling egress t3 from customer-vlan 30XorPlus# set vlans dot1q-tunneling egress t3 from service-vlan 300XorPlus# set vlans dot1q-tunneling egress t3 then action oneXorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingdot1q-tunneling egress t3XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# run show interface gigabit-ethernet ge-1/1/1 dot1q-tunnelingDot1q Tunneling Mode: internal, Ether Type: 0x8100Egress: t1Service Vlan: 100Customer Vlan: 10Action: Strip both tagsEgress: t2Service Vlan: 200Customer Vlan: 20Action: Retain the customer vlan tagEgress: t3Service Vlan: 300Customer Vlan: 30Action: Retain the customer vlan tagXorPlus#


133

Q-in-Q Configuration Example

The configuration of Q-in-Q is shown in Fig. 4-2.

Figure 4-2.Q-in-Q configuration.

Configuration on Provider A

Configure VLAN 100 as the default VLAN of Gigabit Ethernet ge-1/1/1, and enable the Q-in-Q

tunneling internal mode on Gigabit Ethernet ge-1/1/1.

The configure the untagged frames received by the port with the customer VLAN tag30 and service

VLAN tag 100.

Finally, configure the customer VLAN tag 10 frames received by the port with the service VLAN tag

100.


134

XorPlus# set vlans vlan-id 100XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 100 XorPlus# set vlans dot1q-tunneling ingress t1 from untag enabled trueXorPlus# set vlans dot1q-tunneling ingress t1 then customer-vlan 30XorPlus# set vlans dot1q-tunneling ingress t1 then service-vlan 100XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingdot1q-tunneling ingress t1XorPlus# commit XorPlus# set vlans dot1q-tunneling ingress t2 from one-tag customer-vlan-list10XorPlus# set vlans dot1q-tunneling ingress t2 then service-vlan 100XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingdot1q-tunneling ingress t2XorPlus# commit XorPlus# set vlans dot1q-tunneling egress t3 from customer-vlan 10XorPlus# set vlans dot1q-tunneling egress t3 from service-vlan 100XorPlus# set vlans dot1q-tunneling egress t3 then action oneXorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingdot1q-tunneling egress t3XorPlus# commit XorPlus# set vlans dot1q-tunneling egress t4 from customer-vlan 30XorPlus# set vlans dot1q-tunneling egress t4 from service-vlan 100XorPlus# set vlans dot1q-tunneling egress t4 then action noneXorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingdot1q-tunneling egress t4XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingdot1q-tunneling modeinternalXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# run show interface gigabit-ethernet ge-1/1/1 dot1q-tunnelingDot1q Tunneling Mode: internal, Ether Type: 0x8100Ingress: t1Untagged-type Enabled: trueOne-tagged-type Customer Vlan: Double-tagged-type Service Vlan: 0New Service Vlan: 100New Customer Vlan: 30Ingress: t2Untagged-type Enabled: falseOne-tagged-type Customer Vlan: 10Double-tagged-type Service Vlan: 0New Service Vlan: 100New Customer Vlan: 0Egress: t3Service Vlan: 100Customer Vlan: 10Action: Retain the customer vlan tagEgress: t4Service Vlan: 100Customer Vlan: 30Action: Strip both tagsXorPlus#


135



Then configure the untagged frames received by the port with the customer VLAN tag 30 and

service VLAN tag 200.

Finally configure the customer VLAN tag 20 frames, received by the port with the service VLAN

Tag 200.


136

XorPlus# set vlans vlan-id 200XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 200 XorPlus# set vlans dot1q-tunneling ingress t5 from untag enabled trueXorPlus# set vlans dot1q-tunneling ingress t5 then customer-vlan 30XorPlus# set vlans dot1q-tunneling ingress t5 then service-vlan 200XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingdot1q-tunneling ingress t5XorPlus# commit XorPlus# set vlans dot1q-tunneling ingress t6 from one-tag customer-vlan-list20XorPlus# set vlans dot1q-tunneling ingress t6 then service-vlan 200XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingdot1q-tunneling ingress t6XorPlus# commit XorPlus# set vlans dot1q-tunneling egress t7 from customer-vlan 20XorPlus# set vlans dot1q-tunneling egress t7 from service-vlan 200XorPlus# set vlans dot1q-tunneling egress t7 then action oneXorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingdot1q-tunneling egress t7XorPlus# commit XorPlus# set vlans dot1q-tunneling egress t8 from customer-vlan 30XorPlus# set vlans dot1q-tunneling egress t8 from service-vlan 200XorPlus# set vlans dot1q-tunneling egress t8 then action noneXorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingdot1q-tunneling egress t8XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingdot1q-tunneling modeinternal XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# run show interface gigabit-ethernet ge-1/1/2 dot1q-tunnelingDot1q Tunneling Mode: internal, Ether Type: 0x8100Ingress: t5Untagged-type Enabled: trueOne-tagged-type Customer Vlan: Double-tagged-type Service Vlan: 0New Service Vlan: 200New Customer Vlan: 30Ingress: t6Untagged-type Enabled: falseOne-tagged-type Customer Vlan: 20Double-tagged-type Service Vlan: 0New Service Vlan: 200New Customer Vlan: 0Egress: t7Service Vlan: 200Customer Vlan: 20Action: Retain the customer vlan tagEgress: t8Service Vlan: 200Customer Vlan: 30Action: Strip both tagsXorPlus#


137

Configure VLAN 100/200 as the trunk port of Gigabit Ethernet te-1/1/49, and enable the Q-in-Q

tunneling internal mode.

XorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switchingport-mode trunkXorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switchingdot1q-tunneling modeinternalXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# run show interface gigabit-ethernet te-1/1/49 dot1q-tunnelingDot1q Tunneling Mode: internal, Ether Type: 0x8100

Configuration on Provider B



The configure the untagged frames received by the port with the customer VLAN tag 30 and


Finally, configure the customer VLAN tag 10 frames received by the port with the service VLAN tag

100.


138

XorPlus# set vlans vlan-id 100XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 100 XorPlus# set vlans dot1q-tunneling ingress t1 from untag enabled trueXorPlus# set vlans dot1q-tunneling ingress t1 then customer-vlan 30XorPlus# set vlans dot1q-tunneling ingress t1 then service-vlan 100XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingdot1q-tunneling ingress t1XorPlus# commit XorPlus# set vlans dot1q-tunneling ingress t2 from one-tag customer-vlan-list10XorPlus# set vlans dot1q-tunneling ingress t2 then service-vlan 100XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingdot1q-tunneling ingress t2XorPlus# commit XorPlus# set vlans dot1q-tunneling egress t3 from customer-vlan 10XorPlus# set vlans dot1q-tunneling egress t3 from service-vlan 100XorPlus# set vlans dot1q-tunneling egress t3 then action oneXorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingdot1q-tunneling egress t3XorPlus# commit XorPlus# set vlans dot1q-tunneling egress t4 from customer-vlan 30XorPlus# set vlans dot1q-tunneling egress t4 from service-vlan 100XorPlus# set vlans dot1q-tunneling egress t4 then action noneXorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingdot1q-tunneling egress t4XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingdot1q-tunneling modeinternal XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# run show interface gigabit-ethernet ge-1/1/1 dot1q-tunnelingDot1q Tunneling Mode: internal, Ether Type: 0x8100Ingress: t1Untagged-type Enabled: trueOne-tagged-type Customer Vlan: Double-tagged-type Service Vlan: 0New Service Vlan: 100New Customer Vlan: 30Ingress: t2Untagged-type Enabled: falseOne-tagged-type Customer Vlan: 10Double-tagged-type Service Vlan: 0New Service Vlan: 100New Customer Vlan: 0Egress: t3Service Vlan: 100Customer Vlan: 10Action: Retain the customer vlan tagEgress: t4Service Vlan: 100Customer Vlan: 30Action: Strip both tagsXorPlus#


139


tunneling internal mode on Gigabit Ethernet 1/1/2.

Then configure the untagged frames received by the port with the customer VLAN tag 30 and


Finally, configure the customer VLAN tag 20 frames received by the port with the service VLAN

Tag 200.


140

XorPlus# set vlans vlan-id 200XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 200 XorPlus# set vlans dot1q-tunneling ingress t5 from untag enabled trueXorPlus# set vlans dot1q-tunneling ingress t5 then customer-vlan 30XorPlus# set vlans dot1q-tunneling ingress t5 then service-vlan 200XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingdot1q-tunneling ingress t5XorPlus# commit XorPlus# set vlans dot1q-tunneling ingress t6 from one-tag customer-vlan-list20XorPlus# set vlans dot1q-tunneling ingress t6 then service-vlan 200XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingdot1q-tunneling ingress t6XorPlus# commit XorPlus# set vlans dot1q-tunneling egress t7 from customer-vlan 20XorPlus# set vlans dot1q-tunneling egress t7 from service-vlan 200XorPlus# set vlans dot1q-tunneling egress t7 then action oneXorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingdot1q-tunneling egress t7XorPlus# commit XorPlus# set vlans dot1q-tunneling egress t8 from customer-vlan 30XorPlus# set vlans dot1q-tunneling egress t8 from service-vlan 200XorPlus# set vlans dot1q-tunneling egress t8 then action noneXorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingdot1q-tunneling egress t8XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingdot1q-tunneling mode internal XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# run show interface gigabit-ethernet ge-1/1/2 dot1q-tunnelingDot1q Tunneling Mode: internal, Ether Type: 0x8100Ingress: t5Untagged-type Enabled: trueOne-tagged-type Customer Vlan: Double-tagged-type Service Vlan: 0New Service Vlan: 200New Customer Vlan: 30Ingress: t6Untagged-type Enabled: falseOne-tagged-type Customer Vlan: 20Double-tagged-type Service Vlan: 0New Service Vlan: 200New Customer Vlan: 0Egress: t7Service Vlan: 200Customer Vlan: 20Action: Retain the customer vlan tagEgress: t8Service Vlan: 200Customer Vlan: 30Action: Strip both tagsXorPlus#


141

Configure VLAN 100/200 as the trunk port of Gigabit Ethernet te-1/1/49, and enable the Q-in-Q

tunneling internal mode.

XorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switchingport-mode trunkXorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switchingdot1q-tunneling modeinternalXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# run show interface gigabit-ethernet te-1/1/49 dot1q-tunnelingDot1q Tunneling Mode: internal, Ether Type: 0x8100XorPlus#

MSTP Configuration

802.1D, 802.1w, and 802.1s are spanning tree protocols that can avoid the loop in Layer2. You

can configure the parameters of MSTP, including bridge-priority, forward-delay, max-age, and

hello-time interval.

Enabling spanning tree mode in MSTP

XorPlus# set protocols spanning-tree force-version 3XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring basic global parameters of MSTP

When configuring global parameters, make sure to set the forward delay to greater than

Max-Age/2 + 1, or the commit will fail.

XorPlus# set protocols spanning-tree mstp bridge-priority 4096XorPlus# set protocols spanning-tree mstp forward-delay 20XorPlus# set protocols spanning-tree mstp hello-time 2XorPlus# set protocols spanning-tree mstp max-age 20XorPlus# set protocols spanning-tree mstp max-hops 8XorPlus# set protocols spanning-tree mstp configuration-name test1XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# run show spanning-tree mstp bridge Bridge Spanning Tree Parameters


142

Enabled Protocol: MSTPRoot ID: 4096.08:9e:01:39:1a:feExternal Root Path Cost: 0CIST Regional Root ID: 4096.08:9e:01:39:1a:feRoot Port: CIST Internal Root Path Cost: 0Hello Time: 2Maximum Age: 20Forward Delay: 20Remaining Hops: 8Bridge Configuration Name: test1Bridge Configuration Digest: ac36177f50283cd4b83821d8ab26de62Number of Topology Changes: 13Time Since Last Topology Change: 0 days 00:00:31Local ParametersBridge ID: 4096.08:9e:01:39:1a:feHello Time: 2Maximum Age: 20Forward Delay: 20Remaining Hops: 8XorPlus#XorPlus# set vlans vlan-id 100XorPlus# set vlans vlan-id 200XorPlus# set vlans vlan-id 300XorPlus# set vlans vlan-id 400XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus# set protocols spanning-tree mstp msti 1XorPlus# set protocols spanning-tree mstp msti 2XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set protocols spanning-tree mstp msti 1 vlan 100XorPlus# set protocols spanning-tree mstp msti 1 vlan 200XorPlus# set protocols spanning-tree mstp msti 2 vlan 300XorPlus# set protocols spanning-tree mstp msti 2 vlan 400XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# run show spanning-tree mstp bridge Bridge Spanning Tree ParametersEnabled Protocol: MSTPRoot ID: 4096.08:9e:01:39:1a:feExternal Root Path Cost: 0CIST Regional Root ID: 4096.08:9e:01:39:1a:feRoot Port: CIST Internal Root Path Cost: 0Hello Time: 2Maximum Age: 20Forward Delay: 20Remaining Hops: 8Bridge Configuration Name: test1Bridge Configuration Digest: 8b5d98ca042bad0d7fa5f18744f4755dMsti 1 Member VLANs:100, 200, Msti 2 Member VLANs:300, 400, Number of Topology Changes: 14


143

Time Since Last Topology Change: 0 days 00:02:49Local ParametersBridge ID: 4096.08:9e:01:39:1a:feHello Time: 2Maximum Age: 20Forward Delay: 20Remaining Hops: 8XorPlus#

Configuring MSTP interface parameters

XorPlus# set protocols spanning-tree mstp interface ge-1/1/1external-path-cost 30000XorPlus# set protocols spanning-tree mstp interface ge-1/1/1internal-path-cost 10000XorPlus# set protocols spanning-tree mstp interface ge-1/1/1 edge trueXorPlus# set protocols spanning-tree mstp interface ge-1/1/1 modepoint-to-point XorPlus# set protocols spanning-tree mstp interface ge-1/1/1 port-priority100XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# run show spanning-tree mstp interface Spanning Tree Interface Parameters for Instance 0Interface Port ID Designated Designated Bridge Ext Port Int Port State RolePort ID ID Cost Cost---------- --------- ---------- ----------------------- --------- ------------------- ------ge-1/1/1 96.1 96.1 8192.08:9e:01:39:1a:fe 30000 10000 FORWARDING EDGE

Configuring the BPDU Filter

The BPDU filter prevents the bridge from using BPDUs for STP calculations. The switch then

ignores any BPDUs that it receives.

XorPlus# set protocols spanning-tree mstp interface ge-1/1/1 bpdu-filter trueXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring BPDU root guard

If a switch port receives a higher bridge-priority BPDU, it will ignore the BPDU and keep the current

root-bridge as the root-bridge.


144

XorPlus# set protocols spanning-tree mstp interface ge-1/1/1 root-guard trueXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring BPDU TCN-guard

When a port is configured with TCN-guard, the port does not process or propagate any topology

change information received on the configured port.

XorPlus# set protocols spanning-tree mstp interface ge-1/1/1 tcn-guard trueXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Disabling/enabling MSTP

If you disable MSTP, the port will stay in forwarding status and cease to send BPDUs.


145

XorPlus# set protocols spanning-tree enable falseXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# XorPlus# run show spanning-tree mstp interface Spanning Tree Interface Parameters for Instance 0Interface Port ID Designated Designated Bridge Ext Port Int Port State RolePort ID ID Cost Cost--------- ------- ---------- ----------------------- -------- ------------------ -------------ge-1/1/1 96.1 96.1 8192.08:9e:01:39:1a:fe 30000 10000 FORWARDING MSTPDISABLEDge-1/1/2 128.2 128.2 8192.08:9e:01:39:1a:fe 20000 20000 FORWARDING MSTPDISABLEDge-1/1/13 128.13 128.13 8192.08:9e:01:39:1a:fe 20000 20000 FORWARDING MSTPDISABLED XorPlus# set protocols spanning-tree enable trueXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# XorPlus# run show spanning-tree mstp interface Spanning Tree Interface Parameters for Instance 0Interface Port ID Designated Designated Bridge Ext Port Int Port State RolePort ID ID Cost Cost--------- ------- ---------- ----------------------- -------- ------------------ -----------ge-1/1/1 96.1 96.1 8192.08:9e:01:39:1a:fe 30000 10000 FORWARDING EDGE ge-1/1/2 128.2 128.2 8192.08:9e:01:39:1a:fe 20000 20000 FORWARDING EDGE ge-1/1/13 128.13 128.13 8192.08:9e:01:39:1a:fe 20000 20000 FORWARDINGDESIGNATED

PVST Configuration

802.1D, 802.1w, and 802.1s are spanning tree protocols that \avoid the loop in Layer2. You can

configure the parameters of PVST, including bridge-priority, forward-delay, max-age, and

hello-time interval.

Enabling spanning tree mode in PVST

XorPlus# set protocols spanning-tree force-version 4XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#


146

Configuring basic VLAN parameters of PVST

When configuring basic VLAN parameters, set the forward delay to greater than Max-Age/2 + 1, or

the commit will fail.

XorPlus# set protocols spanning-tree pvst vlan 2 bridge-priority 4096XorPlus# set protocols spanning-tree pvst vlan 2 forward-delay 20XorPlus# set protocols spanning-tree pvst vlan 2 hello-time 4XorPlus# set protocols spanning-tree pvst vlan 2 max-age 30XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# XorPlus# run show spanning-tree pvst bridge vlan 2PVST Bridge Parameters for VLAN 2Root Bridge: 4098.08:9e:01:61:65:71Root Cost: 0Root Port: Hello Time: 4Max Age: 30Forward Delay: 20Time Since Last Topology Change: 0 days 00:02:55Local ParametersBridge ID: 4098.08:9e:01:61:65:71Hello Time: 4Maximum Age: 30Forward Delay: 20

Configuring PVST interface parameters

XorPlus# set protocols spanning-tree pvst vlan 2 interface ge-1/1/1 path-cost555555XorPlus# set protocols spanning-tree pvst vlan 2 interface ge-1/1/1port-priority 200XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# run show spanning-tree pvst interface vlan 2Rapid PVST+ Spanning Tree Interface Status for VLAN 2Interface Port ID Designated Designated Bridge Port Cost State RolePort ID ID---------- --------- ---------- ----------------------- --------- -------------------------ge-1/1/1 192.1 192.1 4098.08:9e:01:61:65:71 555555 FORWARDING EDGE

Configuring the interface mode

You can configure the interface mode as point-to-point or shared.


147

XorPlus# set protocols spanning-tree pvst interface ge-1/1/1 modepoint-to-point XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set protocols spanning-tree pvst interface ge-1/1/1 mode shared XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Disabling/enabling PVST on one VLAN

You can disable or enable the spanning tree protocol PVST on a single designated VLAN.


148

XorPlus# set protocols spanning-tree pvst vlan 2 enable falseXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# run show spanning-tree pvst bridge vlan 2PVST Bridge Parameters for VLAN 2Root Bridge: 32769.08:9e:01:61:65:71Root Cost: 0Root Port: Hello Time: 2Max Age: 20Forward Delay: 15Time Since Last Topology Change: 15804 days 23:00:11Local ParametersBridge ID: 32769.08:9e:01:61:65:71Hello Time: 2Maximum Age: 20Forward Delay: 15XorPlus# set protocols spanning-tree pvst vlan 2 enable trueXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# XorPlus# run show spanning-tree pvst bridge vlan 2PVST Bridge Parameters for VLAN 2Root Bridge: 4098.08:9e:01:61:65:71Root Cost: 0Root Port: Hello Time: 4Max Age: 30Forward Delay: 20Time Since Last Topology Change: 0 days 00:00:21Local ParametersBridge ID: 4098.08:9e:01:61:65:71Hello Time: 4Maximum Age: 30Forward Delay: 20XorPlus#

Disabling/enabling PVST

You cannot disable the spanning tree protocol PVST with just the command. Toenable false

disable PVST, configure the spanning tree mode in MSTP/RSTP/STP and then disable thefirst

spanning tree. After the spanning tree is disabled, the port will stay in "forwarding" status and

cease to send BPDUs.


149

XorPlus# set protocols spanning-tree enable falseXorPlus# commitWaiting for merging configuration.Commit Failed102 Command failed Cannot disable spanning tree under PVST mode[XorPlus#XorPlus# exit discard XorPlus> configure Entering configuration mode.There are no other users in configuration mode.XorPlus# XorPlus# set protocols spanning-tree force-version 2XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set protocols spanning-tree enable falseXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# XorPlus# set protocols spanning-tree force-version 4XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set protocols spanning-tree enable trueXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# run show spanning-tree Bridge Spanning Tree ParametersEnabled Protocol: PVSTRoot ID: 32769.08:9e:01:61:65:71Root Path Cost: 0Designated Bridge ID: 32769.08:9e:01:61:65:71Root Port: Hello Time: 2Maximum Age: 20Forward Delay: 15Number of Topology Changes: 1Time Since Last Topology Change: 0 days 00:00:09Local ParametersBridge ID: 32769.08:9e:01:61:65:71Hello Time: 2Maximum Age: 20Forward Delay: 15


150

MSTP Configuration Example

There are two examples of MSTP configuration. In our first example, VLAN 100 is mapped to

MSTI-1, and VLAN 200 is mapped to MSTI-2. The entire topology belongs to only one MSTP

domain, named . Switch A is the root of the network.region1

To achieve load balancing, VLAN 100 should be in MSTI-1 (Fig. 4-4), and VLAN 200 should be in

MSTI-2 (Fig. 4-5).

Figure 4-3.MSTP configuration.

Figure 4-4. MSTI-1 topology for VLAN 100.


151

Figure 4-5. MSTI-2 topology for VLAN 200.


For Switch A, configure ge-1/1/1~ge-1/1/3 as trunk ports, and as members of VLAN 100 and VLAN

200.


152

XorPlus# set vlans vlan-id 100XorPlus# set vlans vlan-id 200XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingvlan members 200XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set protocols spanning-tree mstp msti 1 vlan 100XorPlus# set protocols spanning-tree mstp msti 2 vlan 200XorPlus# set protocols spanning-tree mstp configuration-name region1XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus# To make sure that Switch A is the root of the network and the regional rootof MSTI-1, configure it as the higher priority. XorPlus# set protocols spanning-tree mstp bridge-priority 0XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus# set protocols spanning-tree mstp msti 1 bridge-priority 4096XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#


Configure ge-1/1/1~ge-1/1/3 as trunk ports, and as members of VLAN 100 and VLAN 200.


153

XorPlus# set vlans vlan-id 100XorPlus# set vlans vlan-id 200XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingvlan members 200XorPlus#XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set protocols spanning-tree mstp msti 1 vlan 100XorPlus# set protocols spanning-tree mstp msti 2 vlan 200XorPlus# set protocols spanning-tree mstp configuration-name region1XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

To verify that Switch B is the regional root of MSTI-2, and that ge-1/1/2 and ge-1/1/3 are in

blocking status in MSTI-1, configure a higher MSTI-2 priority, and a large value for

internal-path-cost in MSTI-1.

XorPlus# set protocols spanning-tree mstp msti 2 bridge-priority 4096XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set protocols spanning-tree mstp msti 1 interface ge-1/1/2 cost10000000XorPlus# set protocols spanning-tree mstp msti 1 interface ge-1/1/3 cost10000000XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#


154

Configuring Switch C


XorPlus# set vlans vlan-id 100XorPlus# set vlans vlan-id 200XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 200XorPlus#XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set protocols spanning-tree mstp msti 1 vlan 100XorPlus# set protocols spanning-tree mstp msti 2 vlan 200XorPlus# set protocols spanning-tree mstp configuration-name region1XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

To set ge-1/1/1 and ge-1/1/2 in forwarding status in MSTI-1, configure a lower value for

internal-path-cost.

To set ge-1/1/1 in blocking status in MSTI-2, configure a higher value for internal-path-cost.

XorPlus# set protocols spanning-tree mstp msti 1 interface ge-1/1/1 cost 1000XorPlus# set protocols spanning-tree mstp msti 1 interface ge-1/1/2 cost 1000XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus# set protocols spanning-tree mstp msti 2 interface ge-1/1/1 cost100000 XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring Switch D



155


To set ge-1/1/1 in blocking status in MSTI-2 and ge-1/1/2 in blocking status in MSTI-1, configure a

large value for internal-path-cost.

XorPlus# set protocols spanning-tree mstp msti 2 interface ge-1/1/1 cost10000000XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus# set protocols spanning-tree mstp msti 1 interface ge-1/1/2 cost10000000XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring Switch E



156


To set ge-1/1/1 and ge-1/1/2 in forwarding status in MSTI-2, configure a lower value for

internal-path-cost.

To set ge-1/1/2 in blocking status in MSTI-1, configure a large value for internal-path-cost.

XorPlus# set protocols spanning-tree mstp msti 2 interface ge-1/1/1 cost 1000XorPlus# set protocols spanning-tree mstp msti 2 interface ge-1/1/2 cost 1000XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus# set protocols spanning-tree mstp msti 1 interface ge-1/1/2 cost10000000XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

In the second example, there are two regions. In region 1, VLAN 100 is mapped to MSTI-1, VLAN

200 is mapped to MSTI-2, and VLAN 300 is mapped to MSTI-3. In region 2, VLAN 200 is mapped

to MSTI-2, and VLAN 400 is mapped to MSTI-4. Switch A is the root of the entire network. The

topologies of the VLANs are presented in Fig. 4-6 through 4-10.


157

Figure 4-6. MSTP configuration.

Figure 4-7.Topologyfor VLAN 100.


158




159



For Switch A, configure ge-1/1/1~ge-1/1/2 as trunk ports, and as members of VLAN 100, VLAN

200, VLAN 300, and VLAN 400.


160

XorPlus# set vlans vlan-id 100XorPlus# set vlans vlan-id 200XorPlus# set vlans vlan-id 300XorPlus# set vlans vlan-id 400XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 300XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 400XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 200 XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 300XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 400XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set protocols spanning-tree mstp msti 1 vlan 100XorPlus# set protocols spanning-tree mstp msti 2 vlan 200XorPlus# set protocols spanning-tree mstp msti 3 vlan 300XorPlus# set protocols spanning-tree mstp configuration-name region1XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus# To verify that Switch A is the root of the network and the regional root ofMSTI-1, configure it as the higher priority. XorPlus# set protocols spanning-tree mstp bridge-priority 0XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus# set protocols spanning-tree mstp msti 1 bridge-priority 4096XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#


Configure ge-1/1/1~ge-1/1/3 as trunk ports, and as members of VLAN 100, VLAN 200, VLAN 300,

and VLAN 400.


161

XorPlus# set vlans vlan-id 100XorPlus# set vlans vlan-id 200XorPlus# set vlans vlan-id 300XorPlus# set vlans vlan-id 400XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 300XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 400XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 300XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 400XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingvlan members 300XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingvlan members 400XorPlus#XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set protocols spanning-tree mstp msti 1 vlan 100XorPlus# set protocols spanning-tree mstp msti 2 vlan 200XorPlus# set protocols spanning-tree mstp msti 3 vlan 300XorPlus# set protocols spanning-tree mstp configuration-name region1XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

To verify that Switch B is the regional root of MSTI-2, and that ge-1/1/1 is in blocking status in

MSTI-3 configure a higher MSTI-2 priority, and a large value for internal-path-cost in MSTI-3.


162

XorPlus# set protocols mstp msti 2 bridge-priority 4096XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set protocols mstp msti 3 interface ge-1/1/1 cost 10000000XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#



and VLAN 400.


163

XorPlus# set vlans vlan-id 100XorPlus# set vlans vlan-id 200XorPlus# set vlans vlan-id 300XorPlus# set vlans vlan-id 400XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 300XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 400XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 300XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 400XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingvlan members 300XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingvlan members 400XorPlus#XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set protocols spanning-tree mstp msti 1 vlan 100XorPlus# set protocols spanning-tree mstp msti 2 vlan 200XorPlus# set protocols spanning-tree mstp msti 3 vlan 300XorPlus# set protocols spanning-tree mstp configuration-name region1XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

To verify that Switch C is the regional root of MSTI-3, ge-1/1/1 is in blocking status in MSTI-2, and

that ge-1/1/2 is in blocking status in MSTI-1, you should configure a higher MSTI-3 priority, and

large values for internal-path-costs of ge-1/1/1 in MSTI-2 and ge-1/1/2 in MSTI-1.


164

XorPlus# set protocols spanning-tree mstp msti 3 bridge-priority 4096XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set protocols spanning-tree mstp msti 2 interface ge-1/1/1 cost10000000XorPlus# set protocols spanning-tree mstp msti 1 interface ge-1/1/2 cost10000000XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#



and VLAN 400.


165

XorPlus# set vlans vlan-id 100XorPlus# set vlans vlan-id 200XorPlus# set vlans vlan-id 300XorPlus# set vlans vlan-id 400XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 300XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 400XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 300XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 400XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingvlan members 300XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingvlan members 400XorPlus#XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set protocols spanning-tree mstp msti 2 vlan 200XorPlus# set protocols spanning-tree mstp msti 4 vlan 400XorPlus# set protocols spanning-tree mstp configuration-name region2XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

To verify that Switch D is the regional root of MSTI-2 and the root of CIST, configure a higher

MSTI-2 priority and bridge priority.


166

XorPlus# set protocols spanning-tree mstp bridge-priority 16384XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus# set protocols spanning-tree mstp msti 2 bridge-priority 4096XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#



and VLAN 400.


167

XorPlus# set vlans vlan-id 100XorPlus# set vlans vlan-id 200XorPlus# set vlans vlan-id 300XorPlus# set vlans vlan-id 400XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 300XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 400XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 300XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 400XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingvlan members 300XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingvlan members 400XorPlus#XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set protocols spanning-tree mstp msti 2 vlan 200XorPlus# set protocols spanning-tree mstp msti 4 vlan 400XorPlus# set protocols spanning-tree mstp configuration-name region2XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

To verify that Switch E is the regional root of MSTI-4, configure a higher MSTI-4 priority.

XorPlus# set protocols spanning-tree mstp msti 4 bridge-priority 4096XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#


168


The following topology is an example of a PVST configuration. Switches A and B are in the

aggregation layer, and switches C and D are in the access layer. Configure switch A as the root

bridge of VLAN 100 and VLAN 200, switch B as the root bridge of VLAN 300, and switch C as the

root bridge of VLAN 400.

Figure 4-11. PVST configuration.


For Switch A, configure ge-1/1/1~ge-1/1/3 as trunk ports, and ge-1/1/1 as a member of VLANs

100, 200, 300, and 400; ge-1/1/2 as a member of VLANs 200 and 300; and ge-1/1/3 as a member

of VLANs 100 and 200.


169

XorPlus# set vlans vlan-id 100XorPlus# set vlans vlan-id 200XorPlus# set vlans vlan-id 300XorPlus# set vlans vlan-id 400XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 300XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 400XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 300XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingvlan members 200XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set protocols spanning-tree force-version 4XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

To verify that Switch A is the root bridge of VLANs 100 and 200, configure VLANs 100 and 200 as

the higher priority.

XorPlus# set protocols spanning-tree pvst vlan 100 bridge-priority 0 XorPlus# set protocols spanning-tree pvst vlan 200 bridge-priority 0 XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#


Configure ge-1/1/1~ge-1/1/3 as trunk ports, and ge-1/1/1 as a member of VLANs 100, 200, 300,

and 400; ge-1/1/2 as a member of VLANs 100 and 200; and ge-1/1/3 as a member of VLANs 200

and 300.


170

XorPlus# set vlans vlan-id 100XorPlus# set vlans vlan-id 200XorPlus# set vlans vlan-id 300XorPlus# set vlans vlan-id 400XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 300XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 400XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingvlan members 300XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set protocols spanning-tree force-version 4XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

To verify that Switch B is the root bridge of VLAN 300, configure VLAN 300 as the higher priority.

XorPlus# set protocols spanning-tree pvst vlan 300 bridge-priority 0 XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#


Configure ge-1/1/1~ge-1/1/3 as trunk ports, and ge-1/1/1 as a member of VLANs 200 and

400,ge-1/1/2 as a member of VLANs 100 and 200, and ge-1/1/3 as a member of VLANs 100 and

200.


171

XorPlus# set vlans vlan-id 100XorPlus# set vlans vlan-id 200XorPlus# set vlans vlan-id 400XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 400XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingvlan members 200XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set protocols spanning-tree force-version 4XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

To verify that Switch C is the root bridge of VLAN 400, configure VLAN 400 as the higher priority.

XorPlus# set protocols spanning-tree pvst vlan 400 bridge-priority 0 XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#


Configure ge-1/1/1~ge-1/1/3 as trunk ports, and ge-1/1/1 as a member of VLANs 200 and 400,

ge-1/1/2 as a member of VLANs 200 and 300, and ge-1/1/3 as a member of VLANs 200 and 300.


172

XorPlus# set vlans vlan-id 200XorPlus# set vlans vlan-id 300XorPlus# set vlans vlan-id 400XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingvlan members 400XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingvlan members 300XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingport-mode trunk XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingvlan members 200XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingvlan members 300XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set protocols spanning-tree force-version 4XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#


You can configure one (1) mirror to analyze traffic. Configure the source/destination port (also

referred to as the input/output port).

: The output(mirroring) port can belong to any VLAN, and will not participate in Layer2 orNote

Layer3 forwarding.


173

Configuring Mirroring to Analyze Traffic

XorPlus# set interface ethernet-switching-options analyzer 111 input egressge-1/1/1 XorPlus# set interface ethernet-switching-options analyzer 111 input ingressge-1/1/1 XorPlus# set interface ethernet-switching-options analyzer 111 input egressge-1/1/2XorPlus# set interface ethernet-switching-options analyzer 111 input ingressge-1/1/2XorPlus# set interface ethernet-switching-options analyzer 111 outputge-1/1/3XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus# run show analyzer 111 Analyzer name: 111 Output interface: <ge-1/1/3>Ingress monitored interfaces: <ge-1/1/1><ge-1/1/2>Egress monitored interfaces: <ge-1/1/1><ge-1/1/2>XorPlus#


You can configure a port as mirroring port,which port can analyze the traffic of egress port or

ingress port.

Configuring a port as mirroring port

When you configure mirroring,you must configure a port as mirror firstly.

XorPlus# set interface ethernet-switching-options analyzer 111 outputge-1/1/1XorPlus# commitWaiting for merging configuration.Commit OK.Save done.

Configuring mirroring on egress port or ingress port

After configure a port as mirroring port,we should use it to monitor the flows of egress port or

ingress port.

Configure monitor the flows of ingress port:


174

XorPlus# set interface ethernet-switching-options analyzer 111 input ingressge-1/1/2XorPlus# commitWaiting for merging configuration.Commit OK.Save done.

Configure monitor the flows of egress port

XorPlus# set interface ethernet-switching-options analyzer 111 input egressge-1/1/3XorPlus# commitWaiting for merging configuration.Commit OK.Save done.

Mirroring Configuration Example

As shown in Fig 1,ge-1/1/1 is ingress port, and ge-1/1/2 is egress port,ge-1/1/3 is mirroring port.In

this example,the mirroring port can analyze the flows of egress port and ingress port.


175

1.

2.

3.

4.

5.

6.

Fig 1. Configure Mirroring

Configure mirroring port

Configure mirroring port,this port can be used for analyzing the traffic of egress or ingress port.In

this example,ge-1/1/3 is mirroring port.

XorPlus# set interface ethernet-switching-options analyzer 111 outputge-1/1/3XorPlus# commitWaiting for merging configuration.Commit OK.Save done

Configuring mirroring on egress or ingress port

Configuring mirroring on egress or ingress port.In this example,the egress port is ge-1/1/2,the

ingress port is ge-1/1/1.

XorPlus# set interface ethernet-switching-options analyzer 111 input ingressge-1/1/1XorPlus# set interface ethernet-switching-options analyzer 111 input egressge-1/1/2XorPlus# commitWaiting for merging configuration.Commit OK.Save done.

Generate traffic

PC1 sends traffic to PC2.The expected result is that PC3 can monitor the traffic from the ingress

port ge-1/1/1 and the engress port ge-1/1/2.

Note:

The mirroring port can belong to any VLAN,and this port can both trunk port or access port,

and will not participate in Layer2 or Layer3 forwarding.

The egress port or ingress port can be access port or trunk port.

When you send untagged packets,the priority of mirroring is higher than adding tag.

When you receive tagged packets,the priority of mirroring is higher than removing tag.

The mirroring port can also analyze BPDU/LACP/LLDP packets.

When you configure ACL for ingress/egress port,the priority of mirroring is higher than filter.


176


The switch provides a buffer for traffic to avoid dropping packets. You can configure "cell"burst

and "packet" to control buffer management. In general, you do not need to configure parameters

for "cell" and "packet," because the switch contains their default parameters.

You can, however, configure the switch to be in burst mode for burst traffic, which will dynamically

allocate the "cell" and "packet" for each port and queue.

Configuring burst mode for a specified port

XorPlus# set interface ethernet-switching-options bufferburst-mode enabletrueXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring "cell" and "packet" for a specified port

XorPlus# set interface ethernet-switching-options buffer cell queue 1guaranteed-ratio 10XorPlus#set interface ethernet-switching-options buffer cell queue 1shared-ratio 30XorPlus# set interface ethernet-switching-options buffer cell shared-ratio 50XorPlus# set interface ethernet-switching-options buffer celltotal-shared-ratio 80XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set interface ethernet-switching-options buffer packet queue 1guaranteed-ratio 10XorPlus#set interface ethernet-switching-options buffer packet queue 1shared-ratio 40XorPlus# set interface ethernet-switching-options buffer packet shared-ratio60XorPlus# set interface ethernet-switching-options buffer packettotal-shared-ratio 80XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#


177


As a Layer2 tunneling technology, BPDU tunneling enables Layer2 protocol packets from

geographically dispersed customer networks to be transparently transmitted over specific tunnels

across a service provider network.

Configuring BPDU tunneling for STP on an interface

XorPlus# set interface gigabit-ethernet ge-1/1/37 family ethernet-switchingbpdu-tunneling protocol stpXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring destination multicast MAC address for BPDU packets

XorPlus# set interface bpdu-tunneling destination-mac 01:0E:00:00:00:01XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

BPDU Tunneling Configuration Example

In the following topology, we provide an example of configuring BPDU tunneling.


178

Figure4-12. BPDU Tunneling Configuration.

Configuration on Provider A

Configure VLAN 100 as the default VLAN of Gigabit Ethernet ge-1/1/1, and enable BPDU tunneling

on Gigabit Ethernet ge-1/1/1.

XorPlus# set vlans vlan-id 100XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 100XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingbpdu-tunnelingprotocol stpXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#




Configure VLAN 200 as the default VLAN of Gigabit Ethernet te-1/1/49.

XorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switchingport-mode trunkXorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switchingvlan members 200XorPlus# commitWaiting for merging configuration.Commit OK.Save done.


179

Configure the destination multicast MAC address for BPDUs as 01:0E:00:00:00:1.


Configuration on Provider B







Configure VLAN 200 as the default VLAN of Gigabit Ethernet te-1/1/49.

XorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switchingport-mode trunk


180

XorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switchingvlan members 100XorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switchingvlan members 200XorPlus# commitWaiting for merging configuration.Commit OK.Save done.

Configure the destination multicast MAC address for BPDUs as 01:0E:00:00:00:1.


Configuring Flex Links Preemption Delay

You can configure two physical ports or two LAGs as Flex Links, or one physical port and one LAG

as Flex Links.

XorPlus# set interface gigabit-ethernet ge-1/1/1 backup-port interface ae1XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set interface gigabit-ethernet ge-1/1/1 backup-port delay 10 XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set interface aggregate-ethernet ae2 backup-port interface ae3XorPlus# commitWaiting for merging configuration.Commit OK.Save done.

Configuring the preemption mode

By default, the preemption mode is "forced," and the active interface is preferred. Beyond that, you

can configure the "bandwidth" or "off" mode. The "bandwidth" mode calls for a higher bandwidth

interface, and the "off" mode turns off preemption.

XorPlus# set interface gigabit-ethernet ge-1/1/1 backup-port mode bandwidth XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#


181

Showing Flex Links on all interfaces

You can view the state of your Flex Links interfaces:

XorPlus# run show interface flexlink Active Interface Backup Interface Mode Delay(seconds)----------------- ----------------- --------- --------------ge-1/1/1(up) ge-1/1/2(standby) bandwidth 10XorPlus#


Unidirectional Link Dectection (UDLD) supports two modes of operation: normal (the default) and

aggressive. In normal mode, UDLD can detect unidirectional links due to misconnected interfaces.

In aggressive mode, UDLD can also detect unidirectional links due to one-way traffic, twisted-pair

links and misconnected interfaces. You can enable UDLD globally or on specific ports.

Configuring UDLD mode

XorPlus# set protocols udld aggressive trueXorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus# set protocols udld interface ge-1/1/1 aggressive trueXorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus#

Enable UDLD globally or on specific port

XorPlus# set protocols udld disable falseXorPlus# commit Commit OK.Save done.XorPlus# set protocols udld interface ge-1/1/1 disable falseXorPlus# commit Commit OK.Save done.XorPlus#

Configuring UDLD message-interval

XorPlus# set protocols udld message-interval 20XorPlus# commit Commit OK.


182

Save done.XorPlus#

Display UDLD information

XorPlus# run show udld Interface ge-1/1/1----------------------------------------Udld enabled, aggressive modeCurrent bidirectional state: undeterminedCurrent phase: linkdownMessage interval: 7sTimeout interval: 5s

Interface ge-1/1/2----------------------------------------Udld enabled, aggressive modeCurrent bidirectional state: undeterminedCurrent phase: linkdownMessage interval: 7sTimeout interval: 5s

Interface ge-1/1/3----------------------------------------Udld enabled, aggressive modeCurrent bidirectional state: undeterminedCurrent phase: linkdownMessage interval: 7sTimeout interval: 5s


When the switch receives an ingress router advertisement (RA) message, it will attempt to match

the message via the RA guard. If the ingress port has the RA guard applied but is not a trusted

port, the applied VLAN ID will be matched first. If the RA tag is matched with the VLAN ID, the RA

guard will continue matching conditions to determine whether to forward or drop the RA message.

If the RA tag is matched with the VLAN ID, the applied interface will be matched (followed bynot

the subsequent conditions).

You can configure the RA guard policy using hop-limit, managed-config-flag, other-config-flag,

prefix, source-ipv6-addr, and source-mac-addr options.

XorPlus# set protocols neighbour ra-guard 1 hop-limit 1XorPlus# set protocols neighbour ra-guard 1 managed-config-flag falseXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set protocols neighbour ra-guard 2 prefix 2001:1:1:1::/64XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set protocols neighbour ra-guard 3 source-mac-addr 22:22:22:22:22:22


183

XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring "trusted-port"

You can apply the RA guard to physical interfaces, LAGs, or VLANs; no more than one RA guard

can be applied to one interface. The RAs will be forwarded only if all conditions are matched, but if

"trusted-port" has been configured for the RA guard, then RAs will be forwarded on the trusted port

regardless.

XorPlus# set protocols neighbour ra-guard term 1 interface ge-1/1/1XorPlus# set protocols neighbour ra-guard term 1 interface ae1XorPlus# set protocols neighbour ra-guard term 1 vlan-id 2XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#set protocols neighbour ra-guard trusted-port ge-1/1/1XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set protocols neighbour ra-guard term 2 vlan-id 3XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Displaying RA guards

XorPlus# run show raguard Raguard: 1cur hop limit : 1..10managed configuration : Unsetother configuration : Setsource mac address :22:22:22:22:22:22source ipv6 address :fe80::/64prefix :2001:1:1:1::/64interface : ge-1/1/1, ae1vlan : 2packet dropped: 0packet total : 0 Raguard: 2vlan : 3packet dropped: 0packet total : 0 trusted port:


184

ge-1/1/1 XorPlus#


delete interface aggregate-balancing hash-mapping field ethernet-destination-address disable

delete interface aggregate-balancing hash-mapping field ethernet-source-address disable

delete interface aggregate-balancing hash-mapping field ethernet-type disable

delete interface aggregate-balancing hash-mapping field ingress-interface disable

delete interface aggregate-balancing hash-mapping field ip-destination disable

delete interface aggregate-balancing hash-mapping field ip-protocol disable

delete interface aggregate-balancing hash-mapping field ip-source disable

delete interface aggregate-balancing hash-mapping field port-destination disable

delete interface aggregate-balancing hash-mapping field port-source disable

delete interface aggregate-balancing hash-mapping field vlan disable

delete interface cut-through-mode

delete interface gigabit-ethernet <port> description

delete interface gigabit-ethernet <port> disable

delete interface gigabit-ethernet <port> mtu

delete interface gigabit-ethernet <port> power-preemphasis-level

delete interface gigabit-ethernet <port> snmp-trap

delete interface gigabit-ethernet <port> speed

delete protocols lacp priority

delete protocols spanning-tree enable

delete protocols spanning-tree force-version

delete vlans vlan-id <int> description

delete vlans vlan-id <int> l3-interface

delete vlans vlan-id <int> vlan-name

request mstp mcheck

run clear ethernet-switching table all

run clear ethernet-switching table <port>

run clear interface statistics all

run clear interface statistics <port>

run clear lacp statistics gigabit-ethernet <port>

run clear spanning-tree statistics <port>

run show analyzer

run show ethernet-switching interfaces brief

run show ethernet-switching interfaces detail

run show ethernet-switching interfaces <port> brief

run show ethernet-switching interfaces <port> detail

run show ethernet-switching table brief

run show ethernet-switching table detail

run show ethernet-switching table interfaces <port> brief

run show ethernet-switching table interfaces <port> detail

run show ethernet-switching table multicast brief


185

run show ethernet-switching table multicast detail

run show ethernet-switching table multicast interfaces <port> brief

run show ethernet-switching table multicast interfaces <port> detail

run show interface bpdu-tunneling

run show interface brief

run show interface detail

run show interface diagnostics optics all

run show interface diagnostics optics <port>

run show interface flexlink

run show interface gigabit-ethernet <port> brief

run show interface gigabit-ethernet <port> detail

run show interface gigabit-ethernet <port> dot1q-tunneling

run show interface management-ethernet eth0

run show lacp internal gigabit-ethernet <port>

run show lacp neighbor gigabit-ethernet <port>

run show lacp statistics gigabit-ethernet <port>

run show mlag internal <int>

run show mlag neighbour <int>

run show mroute

run show neighbors brief

run show neighbors management-ethernet eth0

run show raguard name bozo

run show spanning-tree mstp bridge cist

run show spanning-tree mstp interface cist

run show spanning-tree pvst bridge vlan <int>

run show spanning-tree pvst interface vlan <int>

run show spanning-tree rstp bridge

run show spanning-tree rstp interface

run show spanning-tree statistics interface <port>

run show spanning-tree stp bridge

run show spanning-tree stp interface

run show vlans brief

run show vlans detail

run show vlans vlan-id <int>

set firewall filter bozo input interface bozo

set firewall filter bozo input vlan-interface bozo

set firewall filter bozo output interface bozo

set firewall filter bozo output vlan-interface bozo

set firewall filter bozo sequence <int> description bozo

set firewall filter bozo sequence <int> from destination-address-ipv4 <ip-address/netmask>

set firewall filter bozo sequence <int> from destination-address-ipv6 <ipv6-address/netmask>

set firewall filter bozo sequence <int> from destination-mac-address <mac-address>

set firewall filter bozo sequence <int> from destination-port <int>

set firewall filter bozo sequence <int> from ether-type <int>

set firewall filter bozo sequence <int> from ip trust-mode dscp


186

set firewall filter bozo sequence <int> from ip trust-mode inet-precedence

set firewall filter bozo sequence <int> from ip value <int>

set firewall filter bozo sequence <int> from protocol icmp code <int>

set firewall filter bozo sequence <int> from protocol icmp type <int>

set firewall filter bozo sequence <int> from protocol igmp

set firewall filter bozo sequence <int> from protocol ip

set firewall filter bozo sequence <int> from protocol ospf

set firewall filter bozo sequence <int> from protocol others <int>

set firewall filter bozo sequence <int> from protocol tcp flags ack true

set firewall filter bozo sequence <int> from protocol tcp flags fin true

set firewall filter bozo sequence <int> from protocol tcp flags psh true

set firewall filter bozo sequence <int> from protocol tcp flags rst true

set firewall filter bozo sequence <int> from protocol tcp flags syn true

set firewall filter bozo sequence <int> from protocol tcp flags tcp-established true

set firewall filter bozo sequence <int> from protocol tcp flags tcp-initial true

set firewall filter bozo sequence <int> from protocol tcp flags urg true

set firewall filter bozo sequence <int> from protocol udp

set firewall filter bozo sequence <int> from source-address-ipv4 <ip-address/netmask>

set firewall filter bozo sequence <int> from source-address-ipv6 <ipv6-address/netmask>

set firewall filter bozo sequence <int> from source-mac-address <mac-address>

set firewall filter bozo sequence <int> from source-port <int>

set firewall filter bozo sequence <int> from vlan <int>

set firewall filter bozo sequence <int> log interval <int>

set firewall filter bozo sequence <int> then action discard

set firewall filter bozo sequence <int> then action forward

set firewall system-output disable true

set firewall traceoptions disable true

set interface aggregate-balancing hash-mapping field ethernet-destination-address disable true

set interface aggregate-balancing hash-mapping field ethernet-source-address disable true

set interface aggregate-balancing hash-mapping field ethernet-type disable true

set interface aggregate-balancing hash-mapping field ingress-interface disable true

set interface aggregate-balancing hash-mapping field ip-destination disable true

set interface aggregate-balancing hash-mapping field ip-protocol disable true

set interface aggregate-balancing hash-mapping field ip-source disable true

set interface aggregate-balancing hash-mapping field port-destination disable true

set interface aggregate-balancing hash-mapping field port-source disable true

set interface aggregate-balancing hash-mapping field vlan disable true

set interface aggregate-ethernet bozo aggregated-ether-options flow-control true

set interface aggregate-ethernet bozo aggregated-ether-options lacp enable true

set interface aggregate-ethernet bozo aggregated-ether-options min-selected-port <int>

set interface aggregate-ethernet bozo aggregated-ether-options mlag disable true

set interface aggregate-ethernet bozo aggregated-ether-options mlag hello-interval <int>

set interface aggregate-ethernet bozo aggregated-ether-options mlag mac <mac-address>

set interface aggregate-ethernet bozo aggregated-ether-options mlag mlag-id <int>

set interface aggregate-ethernet bozo aggregated-ether-options mlag neighbour <mac-address>


187

channel bozo

set interface aggregate-ethernet bozo aggregated-ether-options mlag node-id <int>

set interface aggregate-ethernet bozo aggregated-ether-options mlag priority <int>

set interface aggregate-ethernet bozo backup-port delay <int>

set interface aggregate-ethernet bozo backup-port interface bozo

set interface aggregate-ethernet bozo backup-port mode bandwidth

set interface aggregate-ethernet bozo backup-port mode forced

set interface aggregate-ethernet bozo backup-port mode off

set interface aggregate-ethernet bozo description bozo

set interface aggregate-ethernet bozo disable true

set interface aggregate-ethernet bozo family ethernet-switching dot1q-tunneling egress bozo

set interface aggregate-ethernet bozo family ethernet-switching dot1q-tunneling ether-type 0x8100

set interface aggregate-ethernet bozo family ethernet-switching dot1q-tunneling ether-type 0x88a8



set interface aggregate-ethernet bozo family ethernet-switching dot1q-tunneling ingress bozo

set interface aggregate-ethernet bozo family ethernet-switching dot1q-tunneling mode external

set interface aggregate-ethernet bozo family ethernet-switching dot1q-tunneling mode internal

set interface aggregate-ethernet bozo family ethernet-switching dot1q-tunneling mode none

set interface aggregate-ethernet bozo family ethernet-switching native-vlan-id <int>

set interface aggregate-ethernet bozo family ethernet-switching port-mode access

set interface aggregate-ethernet bozo family ethernet-switching port-mode trunk

set interface aggregate-ethernet bozo family ethernet-switching vlan members bozo

set interface aggregate-ethernet bozo hash-mapping field ethernet-destination-address disable

true

set interface aggregate-ethernet bozo hash-mapping field ethernet-source-address disable true

set interface aggregate-ethernet bozo hash-mapping field ethernet-type disable true

set interface aggregate-ethernet bozo hash-mapping field ingress-interface disable true

set interface aggregate-ethernet bozo hash-mapping field ip-destination disable true

set interface aggregate-ethernet bozo hash-mapping field ip-protocol disable true

set interface aggregate-ethernet bozo hash-mapping field ip-source disable true

set interface aggregate-ethernet bozo hash-mapping field port-destination disable true

set interface aggregate-ethernet bozo hash-mapping field port-source disable true

set interface aggregate-ethernet bozo hash-mapping field vlan disable true

set interface aggregate-ethernet bozo hash-mapping mode advance

set interface aggregate-ethernet bozo hash-mapping mode ethernet-destination-only

set interface aggregate-ethernet bozo hash-mapping mode ethernet-source-destination

set interface aggregate-ethernet bozo hash-mapping mode ethernet-source-only

set interface aggregate-ethernet bozo hash-mapping mode ip-destination-only

set interface aggregate-ethernet bozo hash-mapping mode ip-source-destination

set interface aggregate-ethernet bozo hash-mapping mode ip-source-only

set interface aggregate-ethernet bozo mtu <int>

set interface aggregate-ethernet bozo snmp-trap true

set interface aggregate-ethernet bozo static-ethernet-switching mac-address <mac-address> vlan

<int>


188

set interface aggregate-ethernet bozo storm-control broadcast pps <int>

set interface aggregate-ethernet bozo storm-control multicast pps <int>

set interface aggregate-ethernet bozo storm-control unicast pps <int>

set interface cut-through-mode true

set interface bpdu-tunneling destination-mac <mac-address>

set interface ethernet-switching-options analyzer bozo input egress bozo

set interface ethernet-switching-options analyzer bozo input ingress bozo

set interface ethernet-switching-options analyzer bozo output bozo

set interface ethernet-switching-options buffer queue-limit <int>

set interface ethernet-switching-options mac-table-aging-time <int>

set interface gigabit-ethernet <port> backup-port delay <int>

set interface gigabit-ethernet <port> backup-port interface bozo

set interface gigabit-ethernet <port> backup-port mode bandwidth

set interface gigabit-ethernet <port> backup-port mode forced

set interface gigabit-ethernet <port> backup-port mode off

set interface gigabit-ethernet <port> description bozo

set interface gigabit-ethernet <port> disable true

set interface gigabit-ethernet <port> ether-options 802.3ad ae1

set interface gigabit-ethernet <port> ether-options flow-control true

set interface gigabit-ethernet <port> family ethernet-switching bpdu-tunneling protocol stp

set interface gigabit-ethernet <port> family ethernet-switching dot1q-tunneling egress bozo

set interface gigabit-ethernet <port> family ethernet-switching dot1q-tunneling ether-type 0x8100

set interface gigabit-ethernet <port> family ethernet-switching dot1q-tunneling ether-type 0x88a8



set interface gigabit-ethernet <port> family ethernet-switching dot1q-tunneling ingress bozo

set interface gigabit-ethernet <port> family ethernet-switching dot1q-tunneling mode external

set interface gigabit-ethernet <port> family ethernet-switching dot1q-tunneling mode internal

set interface gigabit-ethernet <port> family ethernet-switching dot1q-tunneling mode none

set interface gigabit-ethernet <port> family ethernet-switching native-vlan-id <int>

set interface gigabit-ethernet <port> family ethernet-switching port-mode access

set interface gigabit-ethernet <port> family ethernet-switching port-mode trunk

set interface gigabit-ethernet <port> family ethernet-switching vlan members bozo

set interface gigabit-ethernet <port> mtu <int>

set interface gigabit-ethernet <port> power-preemphasis-level <int>

set interface gigabit-ethernet <port> rate-limiting egress kilobits <int>

set interface gigabit-ethernet <port> rate-limiting ingress kilobits <int>

set interface gigabit-ethernet <port> snmp-trap true

set interface gigabit-ethernet <port> speed <auto>|<int>

set interface gigabit-ethernet <port> static-ethernet-switching mac-address <mac-address> vlan

<int>

set interface gigabit-ethernet <port> storm-control broadcast pps <int>

set interface gigabit-ethernet <port> storm-control multicast pps <int>

set interface gigabit-ethernet <port> storm-control unicast pps <int>

set interface gigabit-ethernet <port> wred queue <int> drop_probability <int>


189

set interface gigabit-ethernet <port> wred queue <int> ecn_thresh <int>

set interface gigabit-ethernet <port> wred queue <int> enable true

set interface gigabit-ethernet <port> wred queue <int> max_thresh <int>

set interface gigabit-ethernet <port> wred queue <int> min_thresh <int>

set protocols lacp interface bozo priority <int>

set protocols lacp priority <int>

set protocols lacp traceoptions flag all disable true

set protocols lacp traceoptions flag configuration disable true

set protocols lacp traceoptions flag message-in disable true

set protocols lacp traceoptions flag message-out disable true

set protocols lacp traceoptions flag state-change disable true

set protocols lldp advertisement-interval <int>

set protocols lldp enable true

set protocols lldp hold-time-multiplier <int>

set protocols lldp interface bozo status bozo

set protocols lldp reinit-delay <int>

set protocols lldp tlv-select mac-phy-cfg true

set protocols lldp tlv-select management-address true

set protocols lldp tlv-select port-description true

set protocols lldp tlv-select port-vlan true

set protocols lldp tlv-select system-capabilities true

set protocols lldp tlv-select system-description true

set protocols lldp tlv-select system-name true

set protocols lldp traceoptions flag all disable true

set protocols lldp traceoptions flag configuration disable true

set protocols lldp traceoptions flag message-in disable true

set protocols lldp traceoptions flag message-out disable true

set protocols lldp traceoptions flag state-change disable true

set protocols lldp transmit-delay <int>set protocols neighbour aging-time <int>

set protocols neighbour ra-guard term bozo from hop-limit <int>

set protocols neighbour ra-guard term bozo from managed-config-flag true

set protocols neighbour ra-guard term bozo from other-config-flag true

set protocols neighbour ra-guard term bozo from prefix <ipv6-address/netmask>

set protocols neighbour ra-guard term bozo from source-ipv6-addr <ipv6-address/netmask>

set protocols neighbour ra-guard term bozo from source-mac-addr <mac-address>

set protocols neighbour ra-guard term bozo interface bozo

set protocols neighbour ra-guard term bozo vlan-id <int>

set protocols neighbour ra-guard trusted-port bozo

set protocols spanning-tree force-version <int>

set protocols spanning-tree mstp bridge-priority <int>

set protocols spanning-tree mstp configuration-name bozo

set protocols spanning-tree mstp forward-delay <int>

set protocols spanning-tree mstp hello-time <int>

set protocols spanning-tree mstp interface bozo bpdu-filter true

set protocols spanning-tree mstp interface bozo edge true


190

set protocols spanning-tree mstp interface bozo external-path-cost <int>

set protocols spanning-tree mstp interface bozo internal-path-cost <int>

set protocols spanning-tree mstp interface bozo manual-forwarding true

set protocols spanning-tree mstp interface bozo mode point-to-point

set protocols spanning-tree mstp interface bozo mode shared

set protocols spanning-tree mstp interface bozo port-priority <int>

set protocols spanning-tree mstp interface bozo root-guard true

set protocols spanning-tree mstp interface bozo tcn-guard true

set protocols spanning-tree mstp max-age <int>

set protocols spanning-tree mstp max-hops <int>

set protocols spanning-tree mstp msti <int> bridge-priority <int>

set protocols spanning-tree mstp msti <int> interface bozo cost <int>

set protocols spanning-tree mstp msti <int> interface bozo port-priority <int>

set protocols spanning-tree mstp msti <int> vlan <int>

set protocols spanning-tree mstp revision-level <int>

set protocols spanning-tree pvst interface bozo mode point-to-point

set protocols spanning-tree pvst interface bozo mode shared

set protocols spanning-tree pvst vlan <int> bridge-priority <int>

set protocols spanning-tree pvst vlan <int> enable true

set protocols spanning-tree pvst vlan <int> forward-delay <int>

set protocols spanning-tree pvst vlan <int> hello-time <int>

set protocols spanning-tree pvst vlan <int> interface bozo path-cost <int>

set protocols spanning-tree pvst vlan <int> interface bozo port-priority <int>

set protocols spanning-tree pvst vlan <int> max-age <int>

set protocols spanning-tree rstp bridge-priority <int>

set protocols spanning-tree rstp forward-delay <int>

set protocols spanning-tree rstp hello-time <int>

set protocols spanning-tree rstp interface bozo bpdu-filter true

set protocols spanning-tree rstp interface bozo edge true

set protocols spanning-tree rstp interface bozo mode point-to-point

set protocols spanning-tree rstp interface bozo mode shared

set protocols spanning-tree rstp interface bozo path-cost <int>

set protocols spanning-tree rstp interface bozo port-priority <int>

set protocols spanning-tree rstp interface bozo root-guard true

set protocols spanning-tree rstp interface bozo tcn-guard true

set protocols spanning-tree rstp max-age <int>

set protocols spanning-tree stp bridge-priority <int>

set protocols spanning-tree stp forward-delay <int>

set protocols spanning-tree stp hello-time <int>

set protocols spanning-tree stp interface bozo bpdu-filter true

set protocols spanning-tree stp interface bozo edge true

set protocols spanning-tree stp interface bozo mode point-to-point

set protocols spanning-tree stp interface bozo mode shared

set protocols spanning-tree stp interface bozo path-cost <int>

set protocols spanning-tree stp interface bozo port-priority <int>


191

set protocols spanning-tree stp interface bozo root-guard true

set protocols spanning-tree stp interface bozo tcn-guard true

set protocols spanning-tree stp max-age <int>

set protocols spanning-tree traceoptions interface bozo all disable true

set protocols spanning-tree traceoptions interface bozo bridge-detection-machine disable true

set protocols spanning-tree traceoptions interface bozo configuration disable true

set protocols spanning-tree traceoptions interface bozo events disable true

set protocols spanning-tree traceoptions interface bozo message-in disable true

set protocols spanning-tree traceoptions interface bozo message-out disable true

set protocols spanning-tree traceoptions interface bozo port-information-machine disable true

set protocols spanning-tree traceoptions interface bozo port-migration-machine disable true

set protocols spanning-tree traceoptions interface bozo port-receive-machine disable true

set protocols spanning-tree traceoptions interface bozo port-role-selection-machine disable true

set protocols spanning-tree traceoptions interface bozo port-role-transition-machine disable true

set protocols spanning-tree traceoptions interface bozo port-state-transition-machine disable true

set protocols spanning-tree traceoptions interface bozo port-transmit-machine disable true

set protocols spanning-tree traceoptions interface bozo state-machine-variables disable true

set protocols spanning-tree traceoptions interface bozo timers disable true

set protocols spanning-tree traceoptions interface bozo topology-change-machine disable trueset

protocols

set protocols udld aggressive true

set protocols udld disable true

set protocols udld interface bozo aggressive true

set protocols udld interface bozo disable true

set protocols udld message-interval <int>

set protocols udld traceoptions all disable true

set protocols udld traceoptions configuration disable true

set protocols udld traceoptions event disable true

set protocols udld traceoptions packet disable true

set protocols udld traceoptions raw-packet disable true

set protocols udld traceoptions state-change disable true

set protocols vrrp interface bozo vif bozo vrid <int> disable true

set vlans dot1q-tunneling egress bozo from service-vlan <int>

set vlans dot1q-tunneling egress bozo then action change

set vlans dot1q-tunneling egress bozo then action none

set vlans dot1q-tunneling egress bozo then action one

set vlans dot1q-tunneling egress bozo then action two

set vlans dot1q-tunneling egress bozo then service-vlan <int>

set vlans dot1q-tunneling ingress bozo from double-tag service-vlan <int>

set vlans dot1q-tunneling ingress bozo from one-tag customer-vlan-list bozo

set vlans dot1q-tunneling ingress bozo from untag enabled true

set vlans dot1q-tunneling ingress bozo then customer-vlan <int>

set vlans dot1q-tunneling ingress bozo then service-vlan <int>set vlans traceoptions flag all disable

true

set vlans vlan-id <int> description bozo


192

set vlans vlan-id <int> l3-interface bozo

set vlans vlan-id <int> vlan-name bozo

set vlans vlan-id bozo description bozo

set vlans vlan-id bozo l3-interface bozo

set vlans vlan-id bozo vlan-name bozo

show all interface aggregate-balancing hash-mapping field ethernet-destination-address

show all interface aggregate-balancing hash-mapping field ethernet-source-address

show all interface aggregate-balancing hash-mapping field ethernet-type

show all interface aggregate-balancing hash-mapping field ingress-interface

show all interface aggregate-balancing hash-mapping field ip-destination

show all interface aggregate-balancing hash-mapping field ip-protocol

show all interface aggregate-balancing hash-mapping field ip-source

show all interface aggregate-balancing hash-mapping field port-destinatio

show all interface aggregate-balancing hash-mapping field port-source

show all interface aggregate-balancing hash-mapping field vlan

show all interface gigabit-ethernet <port>

show all protocols lacp

show all protocols spanning-tree

show all vlans vlan-id <int>

show interface aggregate-balancing hash-mapping field ethernet-destination-address

show interface aggregate-balancing hash-mapping field ethernet-source-address

show interface aggregate-balancing hash-mapping field ethernet-type

show interface aggregate-balancing hash-mapping field ingress-interface

show interface aggregate-balancing hash-mapping field ip-destination

show interface aggregate-balancing hash-mapping field ip-protocol

show interface aggregate-balancing hash-mapping field ip-source

show interface aggregate-balancing hash-mapping field port-destination

show interface aggregate-balancing hash-mapping field port-source

show interface aggregate-balancing hash-mapping field vlan

show interface gigabit-ethernet <port>

show protocols lacp

show protocols spanning-tree

show vlans vlan-id <int>


193

Layer 3 Routing Configuration

This chapter describes the configuration steps of Layer 3 routing, including static routing, RIPv2,

OSPFv2, VRRP, and ECMP.


ARP Configuration
























The Layer 3 interface is a VLAN interface. You should create a VLAN and a VLAN interface before

configuring the Layer 3 interface.

You can configure the IP address and prefix length for the VLAN interface.

When all the member ports in the VLAN are link-down, the VLAN interface will be link-down. The

VLAN interface will be link-up when at least one of the member ports are link-up.


194

XorPlus# set vlans vlan-id 2XorPlus# set vlans vlan-id 3XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 3XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set vlans vlan-id 3 l3-interface vlan-3XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set vlan-interface interface vlan-2 vif vlan-2 address 192.168.1.1prefix-length 24XorPlus# set vlan-interface interface vlan-3 vif vlan-3 address 192.168.2.1prefix-length 24XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# run show vlan-interface vlan-2 Hwaddr C8:0A:A9:9E:14:9F, Vlan:2, State:DOWN Inet addr: 192.168.1.1/24fe80::ca0a:a9ff:fe9e:149f/64Traffic statistics:IPv4 Input Packets............................0IPv4 Forwarding Packets.......................0IPv6 Input Packets............................0IPv6 Forwarding Packets.......................0 vlan-3 Hwaddr C8:0A:A9:9E:14:9F, Vlan:3, State:UP Inet addr: 192.168.2.1/24fe80::ca0a:a9ff:fe9e:149f/64Traffic statistics:IPv4 Input Packets............................0IPv4 Forwarding Packets.......................0IPv6 Input Packets............................0IPv6 Forwarding Packets.......................0 XorPlus#

ARP Configuration

Configuring ARP aging time

In the default setting, the ARP aging time is 1200 seconds.

XorPlus# set protocols arp aging-time 600XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring a static ARP entry


195

XorPlus# set vlans vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 2XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set vlan-interface interface vlan-2 address 192.168.1.1prefix-length 24XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#set protocols arp interface vlan-2 address 192.168.1.1 mac-address22:22:22:22:22:22XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#


DAI is a security feature that validates ARP packets in a network. DAI intercepts, and discards

ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from

some man-in-the-middle attacks.

DAI ensures that only valid ARP requests and responses are relayed. The switch performs these

activities:

•Intercepts all ARP requests and responses on untrusted ports

•Verifies that each of these intercepted packets has a valid IP-to-MAC address binding before

updating the local ARP cache or before forwarding the packet to the appropriate destination

•Drops invalid ARP packets

DAI determines the validity of an ARP packet based on valid IP-to-MAC address bindings stored in

a trusted database, the DHCP snooping binding database. This database is built by DHCP

snooping if DHCP snooping is enabled on the VLANs and on the switch. If the ARP packet is

received on a trusted interface, the switch forwards the packet without any checks. On untrusted

interfaces, the switch forwards the packet only if it is valid.

DAI associates a trust state with each interface on the switch. Packets arriving on trusted

interfaces bypass all DAI validation checks, and those arriving on untrusted interfaces undergo the

DAI validation process.

In a typical network configuration, you configure all switch ports connected to host ports as

untrusted and configure all switch ports connected to switches as trusted. With this configuration,

all ARP packets entering the network from a given switch bypass the security check. No other

validation is needed at any other place in the VLAN or in the network.

When configuring DAI, follow these guidelines and restrictions:

•DAI is an ingress security feature; it does not perform any egress checking.

•DAI is not effective for hosts connected to switches that do not support DAI or that do not have

this feature enabled. Because man-in-the-middle attacks are limited to a single Layer 2 broadcast

domain, separate the domain with DAI checks from the one with no checking. This action secures

the ARP caches of hosts in the domain enabled for DAI.

•DAI depends on the entries in the DHCP snooping binding database to verify IP-to-MAC address

bindings in incoming ARP requests and ARP responses. Make sure to enable DHCP snooping to


196

permit ARP packets that have dynamically assigned IP addresses.,

•DAI is supported on access ports, trunk ports.lag ports.

DAI Configuration example

Figure-DAI

(1). Step 1: Eable DHCP snooping on Switch

You can enable dhcp snooping on the egress port, the port connected to DHCP Server.

Enable dhcp snooping

XorPlus# set protocols dhcp snooping disable falseXorPlus# commit Commit OK.Save done.XorPlus#

Set the interface to trust mode

XorPlus# set protocols dhcp snooping port te-1/1/50 trust trueXorPlus# commit Commit OK.Save done.XorPlus#

(2). Step 2: enable DAI

You can enable DAI on the port connect to the host

XorPlus# set protocols arp interface vlan-900 inspection disable falseXorPlus# commit Merging the configuration.Commit OK.XorPlus#

(3). Step 3: Check arp inspection table

When the host got an ip address from the DHCP server and the switch have enabled dhcp

snooping, it will created a table, IP-MAC-port binded table , the entry in this table was trusted ,all

other ARP packet will be discarded not in this table(The arp packet must be according with the arp

inspection table, interface . ip address .Mac address must be identified )


197

XorPlus# run show arp inspection Total count : 1Interface DAI Address HW Address --------- -------- --------------- -----------------vlan-900 Enabled 192.168.9.5 0:1e:c9:bb:d3:35


In L2/L3, all routing entries will be configured to the ASIC switching chip if the outgoing

VLAN-interface is link-up, and the outgoing physical port is learning.

Traffic that can be routed will have a route entry in the RIB and the ARP of the next hop; the

outgoing interface should be link-up. The traffic will then be soft-routed (i.e., routed by the switch's

CPU).

When the switch learns the MAC address of the next-hop, the switch will forward the traffic with

the ASIC chip.

Confgure static route

XorPlus# set vlans vlan-id 2XorPlus# set vlans vlan-id 3XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 3XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set vlans vlan-id 3 l3-interface vlan-3XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set vlan-interface interface vlan-2 vif vlan-2 address 192.168.1.1prefix-length 24XorPlus# set vlan-interface interface vlan-3 vif vlan-2 address 192.168.2.1prefix-length 24XorPlus# set protocols static route 10.10.1.0/24 next-hop 192.168.2.5XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# run show route table ipv4 unicast final 10.10.1.0/24 [static(1)/1]> to 192.168.2.5 viavlan-3/vlan-3192.168.1.0/24 [connected(0)/0]> via vlan-2/vlan-2192.168.2.0/24 [connected(0)/0]> via vlan-3/vlan-3XorPlus#XorPlus# run show route forward-route ipv4 all Destination NetMask NextHopMac Port --------------- --------------- ----------------- ---------10.10.1.0 255.255.255.0 00:1E:68:37:EF:7D ge-1/1/2192.168.1.0 255.255.255.0 C8:0A:A9:04:49:28 connected192.168.2.0 255.255.255.0 C8:0A:A9:04:49:28 connected


198

With the command, all the route entries in the ASIC chip will beshow route forward-routeipv4 all

displayed. Following the command, all routes in the RIB of theshow route table ipv4 unicastfinal

kernel will be displayed.

Confgure max-route-limit

Before configuring max-route-limit, check the forward-route table:

XorPlus# run show route forward-route ipv4 allDestination NetMask NextHopMac Port --------------- --------------- ----------------- ---------192.168.1.0 255.255.255.0 04:7D:7B:62:93:FF connected192.168.2.0 255.255.255.0 04:7D:7B:62:93:FF connected192.168.3.0 255.255.255.0 04:7D:7B:62:93:FF connected192.168.20.0 255.255.255.0 04:7D:7B:62:93:FF connected192.168.100.0 255.255.255.0 04:7D:7B:62:93:FF connectedTotal route count:5XorPlus#XorPlus# run show route forward-route ipv6 allDestination NetMask NextHopMac Port --------------------------------------- --------------------------------------- ----------------- ---------5001:: ffff:ffff:ffff:ffff:: 04:7D:7B:62:93:FF connected2001:: ffff:ffff:ffff:ffff:: 04:7D:7B:62:93:FF connected7001:: ffff:ffff:ffff:ffff:: C8:0A:A9:AE:0A:66 te-1/1/3 6001:: ffff:ffff:ffff:ffff:: C8:0A:A9:AE:0A:66 te-1/1/3 Total route count:4XorPlus#

After configuring max-route-limit:

XorPlus# set interface max-route-limit 1 XorPlus# commMerging the configuration.Commit OK.Save done.Maximum of route limit changes, please reboot system to make it effect!XorPlus#

Check the forward-route table:

XorPlus# run show route forward-route ipv4 allDestination NetMask NextHopMac Port --------------- --------------- ----------------- ---------192.168.1.0 255.255.255.0 04:7D:7B:62:93:FF connected192.168.2.0 255.255.255.0 04:7D:7B:62:93:FF connected192.168.3.0 255.255.255.0 04:7D:7B:62:93:FF connected192.168.20.0 255.255.255.0 04:7D:7B:62:93:FF connected192.168.100.0 255.255.255.0 04:7D:7B:62:93:FF connectedTotal route count:5XorPlus#XorPlus# run show route forward-route ipv6 all


199

Destination NetMask NextHopMac Port --------------------------------------- --------------------------------------- ----------------- ---------5001:: ffff:ffff:ffff:ffff:: 04:7D:7B:62:93:FF connected2001:: ffff:ffff:ffff:ffff:: 04:7D:7B:62:93:FF connectedTotal route count:2XorPlus#

Note: The switch support 12k ipv4 routes most and 6k ipv6 routes most, one ipv6 route is equal to

two ipv4 routes. The directly-connected routes are not excepted to route limit.


An example of configuration with static routing is shown in Fig. 5-1.

Host A and Host B should be able to communicate with each other.

Host A and Host B should be able to communicate with the gateway (e.g., access Internet).

Figure 5-1. Static routing configuration.


For Switch A, you should configure 3 VLAN interfaces for networks 10.10.1.1/24, 10.10.3.1/24, and

10.10.6.1/24. You should also configure a static route to10.10.2.0/24, and a default route.

XorPlus# set vlans vlan-id 2XorPlus# set vlans vlan-id 3XorPlus# set vlans vlan-id 4XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 3XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingnative-vlan-id 4


200

XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set vlans vlan-id 3 l3-interface vlan-3XorPlus# set vlans vlan-id 4 l3-interface vlan-4XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set vlan-interface interface vlan-2 vif vlan-2 address 10.10.1.1prefix-length 24XorPlus# set vlan-interface interface vlan-3 vif vlan-2 address 10.10.3.1prefix-length 24XorPlus# set vlan-interface interface vlan-4vif vlan-2 address 10.10.6.1prefix-length 24XorPlus# set protocols static route 10.10.2.0/24 next-hop 10.10.6.2XorPlus# set protocols static route 0.0.0.0/0 next-hop 10.10.3.2XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

You can verify the route entry in the RIB as follows:

XorPlus# run show route table ipv4 unicast final0.0.0.0/0 [static(1)/1]> to 10.10.3.2 via vlan-3/vlan-310.10.2.0/24[static(1)/1]> to 10.10.6.2 via vlan-4/vlan-410.10.1.0/24 [connected(0)/0]> via vlan-2/vlan-210.10.3.0/24 [connected(0)/0]> via vlan-3/vlan-310.10.6.0/24 [connected(0)/0]> via vlan-4/vlan-4XorPlus#


Configure 3 VLAN interfaces for networks 10.10.2.1/24, 10.10.4.1/24, and 10.10.6.2/24. Then

configure a static route to 10.10.1.0/24, and a default route.

XorPlus# set vlans vlan-id 2XorPlus# set vlans vlan-id 3XorPlus# set vlans vlan-id 4XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 3XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingnative-vlan-id 4XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set vlans vlan-id 3 l3-interface vlan-3XorPlus# set vlans vlan-id 4 l3-interface vlan-4XorPlus# commitWaiting for merging configuration.Commit OK.Save done.


201

XorPlus# set vlan-interface interface vlan-2 vif vlan-2 address 10.10.2.1prefix-length 24XorPlus# set vlan-interface interface vlan-3 vif vlan-2 address 10.10.4.1prefix-length 24XorPlus# set vlan-interface interface vlan-4vif vlan-2 address 10.10.6.1prefix-length 24XorPlus# set protocols static route 10.10.1.0/24 next-hop 10.10.6.1XorPlus# set protocols static route 0.0.0.0/0 next-hop 10.10.4.2XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

You can verify the route entry in the RIB:

XorPlus# run show route table ipv4 unicast final0.0.0.0/0 [static(1)/1]> to 10.10.4.2 via vlan-3/vlan-310.10.1.0/24[static(1)/1]> to 10.10.6.1 via vlan-4/vlan-410.10.2.0/24 [connected(0)/0]> via vlan-2/vlan-210.10.4.0/24 [connected(0)/0]> via vlan-3/vlan-310.10.6.0/24 [connected(0)/0]> via vlan-4/vlan-4XorPlus#


Configure 3 VLAN interfaces for networks 10.10.3.2/24, 10.10.4.2/24, and 10.10.5.2/24. Then

configure a static route to 10.10.1.0/24, and a default route.

XorPlus# set vlans vlan-id 2XorPlus# set vlans vlan-id 3XorPlus# set vlans vlan-id 4XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 3XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingnative-vlan-id 4XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set vlans vlan-id 3 l3-interface vlan-3XorPlus# set vlans vlan-id 4 l3-interface vlan-4XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set vlan-interface interface vlan-2vif vlan-2 address 10.10.3.2prefix-length 24XorPlus# set vlan-interface interface vlan-3vif vlan-3 address 10.10.4.2prefix-length 24XorPlus# set vlan-interface interface vlan-4vif vlan-4 address 10.10.5.2prefix-length 24XorPlus# set protocols static route 10.10.1.0/24 next-hop 10.10.3.1


202

XorPlus# set protocols static route 10.10.2.0/24 next-hop 10.10.4.1XorPlus# set protocols static route 10.10.6.0/24 next-hop 10.10.3.1XorPlus# set protocols static route 0.0.0.0/0 next-hop 10.10.5.1XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

You can verify the route entry in the RIB:

XorPlus# run show route table ipv4 unicast final0.0.0.0/0 [static(1)/1]> to 10.10.5.1 via vlan-4/vlan-410.10.1.0/24[static(1)/1]> to 10.10.3.1 via vlan-2/vlan-210.10.2.0/24[static(1)/1]> to 10.10.4.1 via vlan-3/vlan-310.10.6.0/24[static(1)/1]> to 10.10.3.1 via vlan-2/vlan-210.10.3.0/24 [connected(0)/0]> via vlan-2/vlan-210.10.4.0/24 [connected(0)/0]> via vlan-3/vlan-310.10.5.0/24 [connected(0)/0]> via vlan-4/vlan-4XorPlus#


In L2/L3, RIPv2 is supported.

A policy statement is used to specify which route entry will be distributed. For example, you can

distribute the static route or the connected route to a neighbor. You can also specify the distributed

route metric.

You can configure the RIPv2 interface parameters (accept-default-route, advertise-default-route,

deletion-delay, request-interval, update-interval).

XorPlus# set vlans vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 2XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set vlan-interface interface vlan-2vif vlan-2 address 192.168.1.1prefix-length 24XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set vlans vlan-id 3XorPlus# set vlans vlan-id 3 l3-interface vlan-3XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 3XorPlus# set vlan-interface interface vlan-3vif vlan-3 address 192.168.2.1prefix-length 24XorPlus# set protocols static route 9.9.9.0/24 next-hop 192.168.2.2XorPlus# commitWaiting for merging configuration.


203

Commit OK.Save done.XorPlus# set policy policy-statement connected-to-rip term export fromprotocol connectedXorPlus# set policy policy-statement connected-to-rip term export then metric0XorPlus# set policy policy-statement static-to-rip term export from protocolstaticXorPlus# set policy policy-statement static-to-rip term export then metric 1XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set protocols rip interface vlan-2vif vlan-2 address 192.168.1.1XorPlus# set protocols rip export "connected-to-rip,static-to-rip"XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

You can verify the RIP configuration:

XorPlus# run show rip status all * RIP on vlan-2vlan-2 192.168.1.1 Status: enabledXorPlus#XorPlus# run show rip statistics all * RIP on vlan-2vlan-2 192.168.1.1 Status: enabled Counter Value -------------------------------- ---------------- Requests Sent 7 Updates Sent 6 Triggered Updates Sent 1 Non-RIP Updates Sent 0 Total Packets Received 0 Request Packets Received 0 Update Packets Received 0 Bad Packets Received 0 Authentication Failures 0 Bad Routes Received 0 Non-RIP Requests Received 0


An example of configuring RIPv2 is shown in Fig. 5-2.

Host A and Host B should be able to communicate with each other with an RIP route.

Host A and Host B should be able to communicate with the gateway (e.g., access Internet) with

RIP.


204

Figure 5-2. RIPv2 routing configuration.


For Switch A, configure 2 VLAN interfaces for networks 10.10.1.1/24 and 10.10.3.1/24. You should

also configure an RIP interface in network 10.10.3.1/24. Switch A should accept the default route,

which is advertised by Switch C.

XorPlus# set vlans vlan-id 2XorPlus# set vlans vlan-id 3XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 3XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set vlans vlan-id 3 l3-interface vlan-3XorPlus# set vlan-interface interface vlan-2vif vlan-2 address 10.10.1.1prefix-length 24XorPlus# set vlan-interface interface vlan-3vif vlan-3 address 10.10.3.1prefix-length 24XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set policy policy-statement connected-to-rip term export fromprotocol connectedXorPlus# set policy policy-statement connected-to-rip term export then metric0XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set protocols rip interface vlan-3 address 10.10.3.1XorPlus# set protocols rip export "connected-to-rip"XorPlus# set protocols rip interface vlan-3vif vlan-3 address 10.10.3.1accept-default-route trueXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#


205


Configure 2 VLAN interfaces for networks 10.10.1.1/24 and 10.10.3.1/24. Then configure an RIP

interface in network 10.10.3.1/24. Switch B should accept the default route, which is advertised by

Switch C.

XorPlus# set vlans vlan-id 2XorPlus# set vlans vlan-id 3XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 3XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set vlans vlan-id 3 l3-interface vlan-3XorPlus# set vlan-interface interface vlan-2vif vlan-2 address 10.10.2.1prefix-length 24XorPlus# set vlan-interface interface vlan-3vif vlan-2 address 10.10.4.1prefix-length 24XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set policy policy-statement connected-to-rip term export fromprotocol connectedXorPlus# set policy policy-statement connected-to-rip term export then metric0XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set protocols rip interface vlan-3vif vlan-3 address 10.10.4.1XorPlus# set protocols rip export "connected-to-rip"XorPlus# set protocols rip interface vlan-3vif vlan-3 address 10.10.4.1accept-default-route trueXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#


Configure 3 VLAN interfaces for networks 10.10.3.2/24, 10.10.4.2/24, and 10.10.5.2/24. You

should also configure a default route and 2 RIP interfaces.

XorPlus# set vlans vlan-id 2XorPlus# set vlans vlan-id 3XorPlus# set vlans vlan-id 4XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 3XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingnative-vlan-id 4


206

XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set vlans vlan-id 3 l3-interface vlan-3XorPlus# set vlans vlan-id 4 l3-interface vlan-4XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set vlan-interface interface vlan-2vif vlan-2 address 10.10.3.2prefix-length 24XorPlus# set vlan-interface interface vlan-3vif vlan-3 address 10.10.4.2prefix-length 24XorPlus# set vlan-interface interface vlan-4vif vlan-4 address 10.10.5.2prefix-length 24XorPlus# set protocols static route 0.0.0.0/0 next-hop 10.10.5.1XorPlus# set protocols rip interface vlan-2vif vlan-2 address 10.10.3.2XorPlus# set protocols rip interface vlan-2vif vlan-2 address 10.10.3.2advertise-default-route trueXorPlus# set protocols rip interface vlan-3vif vlan-3 address 10.10.4.2XorPlus# set protocols rip interface vlan-3vif vlan-3 address 10.10.4.2advertise-default-route trueXorPlus# set protocols rip export "connected-to-rip"XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Verifying the RIP Configuration

You can verify the RIP configuration of the switches as shown below. (In our example, we verify

the RIP peer and the RIP route table in Switch A.)

XorPlus# run show rip peer Address Interface State Hello Rx Hello Tx Last Hello--------------- --------------- ------ ---------- ---------- ----------10.10.3.2vlan-3/vlan-3 Up 0 0 00:41:44 XorPlus#XorPlus# run show route table ipv4 unicast rip 0.0.0.0/0[rip(120)/1]> to 10.10.3.2 via vlan-3/vlan-310.10.2.0/24 [rip(120)/1]> to 10.10.3.2 via vlan-3/vlan-310.10.4.0/24 [rip(120)/1]> to 10.10.3.2 via vlan-3/vlan-3


In L2/L3, OSPFv2 is supported.

XorPlus supports normal areas, stub areas, and not-so-stubby areas (NSSAs) in OSPF.

Configuring the router ID


207

The router ID should be configured first when you configure OSPF.

The router ID is a string similar to the IP address, and should be unique in the OSPF domain. You

should not change the router ID after completing the configuration.

XorPlus# set protocols ospf4 router-id 1.1.1.1XorPlus# commitWaiting for merging configuration.Commit OK.Save done

.

Configuring an OSPF area and area-type

Area 0.0.0.0 is the backbone area of OSPF; each OSPF domain should have the area 0.0.0.0.

Area types include normal, stub, and NSSA.

XorPlus# set protocols ospf4 area 0.0.0.0 area-type normalXorPlus# set protocols ospf4 area 1.1.1.1 area-type stubXorPlus# set protocols ospf4 area 2.2.2.2 area-type nssaXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring OSPF interfaces

After configuring an OSPF area, configure OSPF interfaces in the area. These interfaces will

transmit and receive LSAs to calculate the route.

XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set vlans vlan-id 3 l3-interface vlan-3XorPlus# set vlan-interface interface vlan-2 vif vlan-2 address 10.10.60.10prefix-length 24XorPlus# set vlan-interface interface vlan-3 vif vlan-3 address 10.10.61.10prefix-length 24XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 3XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan-2 vif vlan-2 address10.10.60.10XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan-3 vif vlan-3 address10.10.61.10XorPlus# set protocols ospf4 router-id 1.1.1.1XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# run show ospf4 interface Interface State Area DR ID BDR ID Nbrs--------- -------- --------------- --------------- --------------- ----


208

vlan-2 DR 0.0.0.0 1.1.1.1 0.0.0.0 0 vlan-3 DR 0.0.0.0 1.1.1.1 0.0.0.0 0

Configuring additional OSPF interface parameters

You can also configure additional OSPF interface parameters (hello interval, interface-cost, static

neighbor, priority, retransmit-interval, router-dead-interval, transmit-delay).

XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan-2 vif vlan-2 address10.10.60.10 hello-interval 5XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan-2 vif vlan-2 address10.10.60.10 interface-cost 8XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan-2 vif vlan-2 address10.10.60.10 transmit-delay 2XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# run show ospf4 interface detail Interface vlan-2/vlan-2, State DR, Area 0.0.0.0DR ID 1.1.1.1, BDR ID 0.0.0.0, Nbrs 0Network Type BROADCAST, Address 10.10.60.10, Mask 255.255.255.0, Cost 8DR addr 10.10.60.10, BDR addr 0.0.0.0, Priority 128Hello 10, Dead 40, ReXmit 5, NORMAL


Fig.5-3 presents an example of configuring OSPF routing. Switch A and Switch B are located in

the backbone area, 0.0.0.0. There are two non-backbone areas, 1.1.1.1 and 2.2.2.2.

Switch D will obtain the routes of networks 10.10.1.0/24, 10.10.3.0/24, and 10.10.9.0/24,through

the

LSAs sent from its neighbors. Switch C will obtain the routes of networks 10.10.1.0/24,

10.10.2.0/24, and 10.10.8.0/24, according to LSAs sent from its neighbors.

Figure 5-3. OSPF basic routing configuration.


209


For switch A, configure 2 VLAN interfaces for networks 10.10.1.1/24 and 10.10.2.1/24. You should

also configure area 0.0.0.0, which includes network 10.10.1.1/24, and area 0.0.0.1, which includes

network 10.10.2.1/24.

XorPlus# set vlans vlan-id 2XorPlus# set vlans vlan-id 3XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 3XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set vlans vlan-id 3 l3-interface vlan-3XorPlus# set vlan-interface interface vlan-2vif vlan-2 address 10.10.1.1prefix-length 24XorPlus# set vlan-interface interface vlan-3vif vlan-3 address 10.10.2.1prefix-length 24XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set protocols ospf4 router-id 1.1.1.1XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan-2vif vlan-2 address10.10.1.1XorPlus# set protocols ospf4 area 0.0.0.1 interface vlan-3vif vlan-3 address10.10.2.1XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#


Configure 2 VLAN interfaces for networks 10.10.1.2/24 and 10.10.3.1/24. Then configure area

0.0.0.0, which includes network 10.10.1.2/24, and area 0.0.0.3, which includes network

10.10.3.1/24.

XorPlus# set vlans vlan-id 2XorPlus# set vlans vlan-id 3XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 3XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set vlans vlan-id 3 l3-interface vlan-3XorPlus# set vlan-interface interface vlan-2vif vlan-2 address 10.10.1.2prefix-length 24XorPlus# set vlan-interface interface vlan-3vif vlan-3 address 10.10.3.1prefix-length 24XorPlus# commitWaiting for merging configuration.Commit OK.Save done.


210

XorPlus# set protocols ospf4 router-id 2.2.2.2XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan-2vif vlan-2 address10.10.1.2XorPlus# set protocols ospf4 area 0.0.0.2 interface vlan-3vif vlan-3 address10.10.3.1XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#


Configure just one OSPF interface, in area 0.0.0.2.

XorPlus# set vlans vlan-id 2XorPlus# set vlans vlan-id 3XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 3XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set vlans vlan-id 3 l3-interface vlan-3XorPlus# set vlan-interface interface vlan-2vif vlan-2 address 10.10.3.2prefix-length 24XorPlus# set vlan-interface interface vlan-3vif vlan-3 address 10.10.9.1prefix-length 24XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set protocols ospf4 router-id 3.3.3.3XorPlus# set protocols ospf4 area 0.0.0.2 interface vlan-2vif vlan-2 address10.10.3.2XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#



XorPlus# set vlans vlan-id 2XorPlus# set vlans vlan-id 3XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 3XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set vlans vlan-id 3 l3-interface vlan-3XorPlus# set vlan-interface interface vlan-2vif vlan-2 address 10.10.2.2prefix-length 24XorPlus# set vlan-interface interface vlan-3vif vlan-3 address 10.10.8.1prefix-length 24


211

XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set protocols ospf4 router-id 4.4.4.4XorPlus# set protocols ospf4 area 0.0.0.1 interface vlan-2vif vlan-2 address10.10.2.2XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Verifying the OSPF configuration

You can verify the OSPF configuration of a switch by checking its OSPF neighbor.

Below, switch A has two OSPF neighbor interfaces, 10.10.1.2 and 10.10.2.2.

XorPlus# run show ospf4 neighbor Address Interface State Router ID Pri Dead--------------- --------------------- -------- --------------- ----- ----10.10.1.2vlan-2/vlan-2 Full 2.2.2.2 1 32 10.10.2.2vlan-3/vlan-3 Full 4.4.4.4 1 32 Then check the OSPF database as shown below: XorPlus# run show ospf4 database OSPF link state database, Area 0.0.0.0Type ID Adv Rtr Seq Age Opt Cksum Len------- ---------------- --------------- ---------- ---- — ------ —Router *1.1.1.1 1.1.1.1 0x8000025a 394 0x2 0xf2bb 48 Network *10.10.1.1 1.1.1.1 0x80000180 394 0x2 0xc0b9 32 Network *10.10.2.1 1.1.1.1 0x80000180 394 0x2 0xc0b9 32Router 2.2.2.2 2.2.2.2 0x8000023e 339 0x2 0x3024 36 Network 10.10.3.1 2.2.2.2 0x80000180 394 0x2 0xc0b9 32Router 3.3.3.33.3.3.3 0x8000023e 339 0x2 0x3024 36Network 10.10.9.1 3.3.3.3 0x80000180 394 0x2 0xc0b9 32Router 4.4.4.44.4.4.4 0x8000023e 339 0x2 0x3024 36Network 10.10.8.1 4.4.4.4 0x80000180 394 0x2 0xc0b9 32 OSPF link state database, Area 0.0.0.2Type ID Adv Rtr Seq Age Opt Cksum Len------- ---------------- --------------- ---------- ---- — ------ —Router *1.1.1.1 1.1.1.1 0x8000025a 394 0x2 0xf2bb 48 Network *10.10.1.1 1.1.1.1 0x80000180 394 0x2 0xc0b9 32 Network *10.10.2.1 1.1.1.1 0x80000180 394 0x2 0xc0b9 32Router 2.2.2.2 2.2.2.2 0x8000023e 339 0x2 0x3024 36 Network 10.10.3.1 2.2.2.2 0x80000180 394 0x2 0xc0b9 32Router 3.3.3.33.3.3.3 0x8000023e 339 0x2 0x3024 36 Network 10.10.9.1 3.3.3.3 0x80000180 394 0x2 0xc0b9 32Router 4.4.4.44.4.4.4 0x8000023e 339 0x2 0x3024 36Network 10.10.8.1 4.4.4.4 0x80000180 394 0x2 0xc0b9 32 Finally, you can check the OSPF route in the RIB of switch A. XorPlus#XorPlus# run show route table ipv4 unicast osfp 10.10.3.0/24 [ospf(110)/2]> to 10.10.1.2 via vlan-2/vlan-2


212


The configurations of an OSPF NSSA and a stub area are shown in Fig. 5-4.

Switch D will obtain the routes of networks 10.10.1.0/24, 10.10.3.0/24, and 10.10.9.0/24,

according to the

LSAs received from its neighbors. Switch C will obtain the routes of networks 10.10.1.0/24,

10.10.2.0/24, and10.10.8.0/24, according to the LSAs received from its neighbors.

The figure below does not include RIP or BGP configurations.

Figure 5-4. OSPF NSSA, stub area configurations.


For switch A, configure 2 VLAN interfaces for networks 10.10.1.1/24 and 10.10.2.1/24. You should

also configure area 0.0.0.0, which includes network 10.10.1.1/24,and area 0.0.0.1, which includes

network 10.10.2.1/24.

XorPlus# set vlans vlan-id 2XorPlus# set vlans vlan-id 3XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 3XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set vlans vlan-id 3 l3-interface vlan-3XorPlus# set vlan-interface interface vlan-2vif vlan-2 address 10.10.1.1prefix-length 24XorPlus# set vlan-interface interface vlan-3vif vlan-3 address 10.10.2.1prefix-length 24XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set protocols ospf4 router-id 1.1.1.1XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan-2vif vlan-2 address10.10.1.1


213

XorPlus# set protocols ospf4 area 0.0.0.1 interface vlan-3vif vlan-3 address10.10.2.1XorPlus# set protocols ospf4 area 0.0.0.1 area-type nssaXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#


Configure 2 VLAN interfaces for networks 10.10.1.2/24 and 10.10.3.1/24. Then configure area

0.0.0.0, which includes network 10.10.1.2/24, and stub area 0.0.0.3, which includes network

10.10.3.1/24.

XorPlus# set vlans vlan-id 2XorPlus# set vlans vlan-id 3XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 3XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set vlans vlan-id 3 l3-interface vlan-3XorPlus# set vlan-interface interface vlan-2vif vlan-2 address 10.10.1.2prefix-length 24XorPlus# set vlan-interface interface vlan-3vif vlan-3 address 10.10.3.1prefix-length 24XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set protocols ospf4 router-id 2.2.2.2XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan-2vif vlan-2 address10.10.1.2XorPlus# set protocols ospf4 area 0.0.0.2 interface vlan-3vif vlan-3 address10.10.3.1XorPlus# set protocols ospf4 area 0.0.0.2area-type stubXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#



XorPlus# set vlans vlan-id 2XorPlus# set vlans vlan-id 3XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 3XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set vlans vlan-id 3 l3-interface vlan-3


214

XorPlus# set vlan-interface interface vlan-2vif vlan-2 address 10.10.3.2prefix-length 24XorPlus# set vlan-interface interface vlan-3vif vlan-3 address 10.10.9.1prefix-length 24XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set protocols ospf4 router-id 3.3.3.3XorPlus# set protocols ospf4 area 0.0.0.2 interface vlan-2vif vlan-2 address10.10.3.2XorPlus# set protocols ospf4 area 0.0.0.2area-type stubXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#


Configure just one OSPF interface, in area 0.0.0.1. Switch D should import the RIP or BGP route

from the RIB, and distribute it to other areas.

XorPlus# set vlans vlan-id 2XorPlus# set vlans vlan-id 3XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 3XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set vlans vlan-id 3 l3-interface vlan-3XorPlus# set vlan-interface interface vlan-2vif vlan-2 address 10.10.2.2prefix-length 24XorPlus# set vlan-interface interface vlan-3vif vlan-3 address 10.10.8.1prefix-length 24XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set policy policy-statement rip-ospf term rip from protocol ripXorPlus# set policy policy-statement rip-ospf term rip then external-type 2XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set protocols ospf4 router-id 4.4.4.4XorPlus# set protocols ospf4 area 0.0.0.1 interface vlan-2vif vlan-2 address10.10.2.2XorPlus# set protocols ospf4 area 0.0.0.1 area-type nssaXorPlus# set protocols ospf4 export rip-ospfXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#


215


By default external routes and inter-area routes will be injected into stub areas or NSSAs. You can

utilize the parameter to prevent external orinter-area routes from beingsummaries disable true

injected into stub areas or NSSAs. You can also use set protocols ospf4 area <area-id>

to create a default route entry.default-lsa disable false

Figure 5-5. OSPF Stub area/NSSA summary: area 1.1.1.1 should be a stub area or an NSSA


XorPlus# set vlans vlan-id 500 l3-interface vlan-500 XorPlus# set vlan-interface interface vlan-500 vif vlan-500 address192.168.1.2 prefix-length 30XorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switchingnative-vlan-id 500XorPlus# set protocols ospf4 router-id 1.1.1.1XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan-500 vif vlan-500address 192.168.1.2XorPlus# commitWaiting for merging configuration.Commit OK.Save Done.XorPlus#


The single backbone area (area 0.0.0.0) cannot be disconnected, or certain areas of the

Autonomous System will become unreachable. To establish and maintain connectivity of the

backbone, virtual links can be configured through non-backbone areas. Virtual links serve to

connect physically separate components of the backbone.

The two endpoints of a virtual link are Area Border Routers (ARBs). The virtual link must be

configured in both routers. The configuration information in each router consists of the other virtual

endpoint (the other ARB), and the non-backbone area that the two routers have in common (called

the transit area). Virtual links cannot be configured through stub areas.

Enable OSPF on Switch A, B, C, and D at the beginning. There is no route entry from the

backbone area (0.0.0.0) to area 2.2.2.2.


216

Figure 5-7. Virtual link configuration.


XorPlus# set vlans vlan-id 500 l3-interface vlan-500 XorPlus# set vlan-interface interface vlan-500 vif vlan-500 address192.168.1.2 prefix-length 30XorPlus# set interface gigabit-ethernet ge-1/1/47 family ethernet-switchingnative-vlan-id 500 XorPlus# set protocols ospf4 router-id 1.1.1.1 XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan-500 vif vlan-500address 192.168.1.2 XorPlus#commitWaiting for merging configuration.Commit OK.Save Done.XorPlus#


XorPlus# set vlans vlan-id 400 l3-interface vlan-400 XorPlus# set vlan-interface interface vlan-400 vif vlan-400 address172.25.150.250 prefix-length 30XorPlus# set vlans vlan-id 500 l3-interface vlan-500 XorPlus# set vlan-interface interface vlan-500 vif vlan-500 address192.168.1.1 prefix-length 30XorPlus# set interface gigabit-ethernet ge-1/1/48 family ethernet-switchingnative-vlan-id 500 XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 400XorPlus# set protocols ospf4 router-id 4.4.4.4XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan-500 vif vlan-500address 192.168.1.1XorPlus# set protocols ospf4 area 1.1.1.1 interface vlan-400 vif vlan-400address 172.25.150.250XorPlus#commitWaiting for merging configuration.Commit OK.Save Done.XorPlus#



217

XorPlus# set vlans vlan-id 300 l3-interface vlan-300 XorPlus# set vlan-interface interface vlan-300 vif vlan-300 address172.25.150.246 prefix-length 30XorPlus# set vlans vlan-id 400 l3-interface vlan-400 XorPlus# set vlan-interface interface vlan-400 vif vlan-400 address172.25.150.249 prefix-length 30XorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switchingnative-vlan-id 300 XorPlus# set interface gigabit-ethernet te-1/1/51 family ethernet-switchingnative-vlan-id 400 XorPlus# set protocols ospf4 router-id 3.3.3.3XorPlus# set protocols ospf4 area 2.2.2.2 interface vlan-300 vif vlan-300address 172.25.150.246 XorPlus# set protocols ospf4 area 1.1.1.1 interface vlan-400 vif vlan-400address 172.25.150.249XorPlus#commitWaiting for merging configuration.Commit OK.Save Done.XorPlus#


XorPlus# set vlans vlan-id 300 l3-interface vlan-300 XorPlus# set vlan-interface interface vlan-300 vif vlan-300 address172.25.150.245 prefix-length 30XorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switchingnative-vlan-id 300XorPlus# set protocols ospf4 router-id 2.2.2.2XorPlus# set protocols ospf4 area 2.2.2.2 interface vlan-300 vif vlan-300address 172.25.150.245XorPlus#commitWaiting for merging configuration.Commit OK.Save Done.XorPlus#

Enable virtual links on the Area Border Routers (Switch B and Switch C). After this step, there will

be a route entry from the backbone area, 0.0.0.0, to area 2.2.2.2.


XorPlus# set protocols ospf6 area 0.0.0.0 virtual-link 3.3.3.3 transmit-area1.1.1.1XorPlus#commitWaiting for merging configuration.Commit OK.Save Done.XorPlus#



218

XorPlus# set protocols ospf6 area 0.0.0.0 virtual-link 4.4.4.4 transmit-area1.1.1.1XorPlus#commitWaiting for merging configuration.Commit OK.Save Done.XorPlus#

Checking an IPv6 OSPF

Check ipv6 ospf neighbor on Switch B

XorPlus# run show ospf4 neighbor Address Interface State Router ID Pri Dead--------------------- -------- --------------- ----- ----192.168.1.2 vlan-500/vlan-500 Full 1.1.1.1 128 34 172.25.150.249 vlan-400/vlan-400 Full 3.3.3.3 128 36 172.25.150.249 vlink/3.3.3.3 Init 3.3.3.3 0 0


XorPlus# set vlans vlan-id 500 l3-interface vlan-500XorPlus# set vlan-interface interface vlan-500 vif vlan-500 address192.168.1.1 prefix-length 30XorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switchingnative-vlan-id 500XorPlus# set protocols ospf4 router-id 4.4.4.4XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan-100 vif vlan-500address 192.168.1.1XorPlus# set vlans vlan-id 400 l3-interface vlan-400XorPlus# set vlan-interface interface vlan-400 vif vlan-400 address172.25.150.250 prefix-length 30XorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switchingnative-vlan-id 400XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan-400 vif vlan-400address 172.25.150.250XorPlus#commitWaiting for merging configuration.Commit OK.Save Done.XorPlus#


XorPlus# set vlans vlan-id 400 l3-interface vlan-400XorPlus# set vlan-interface interface vlan-400 vif vlan-400 address172.25.150.249 prefix-length 30XorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switchingnative-vlan-id 400XorPlus# set protocols ospf4 router-id 3.3.3.3XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan-400 vif vlan-400address 172.25.150.249


219

XorPlus#commitWaiting for merging configuration.Commit OK.Save Done.XorPlus#

Configuring area 1.1.1.1 as a stub area or NSSA

XorPlus# set protocols ospf4 area 1.1.1.1 area-type <normal | stub | nssa>XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Check route table on DUT3,there will be route entry to backbone area 192.168.1.0/30

XorPlus# run show route forward-route ipv4 all Destination NetMask NextHopMac Port--------------- ----------------- ---------172.25.150.248 255.255.255.252 08:9E:01:62:D5:61 connected192.168.1.0 255.255.255. 252 60:EB:69:9B:BE:31 te-1/1/51Total route count:2

Disabling the summary function on ABR(DUT2 area 1.1.1.1)

XorPlus# set protocols ospf4 area 1.1.1.1 summaries disable trueXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Check route table on DUT3,the route entry to backone area was lost

XorPlus# run show route forward-route ipv4 all Destination NetMask NextHopMac Port--------------- ----------------- ---------172.25.150.248 255.255.255.252 08:9E:01:62:D5:61 connectedTotal route count:1

Enabel default-lsa function on ABR(DUT2)

XorPlus# run show route forward-route ipv4 all Destination NetMask NextHopMac Port--------------- ----------------- ---------172.25.150.248 255.255.255.252 08:9E:01:62:D5:61 connected0.0.0.0 0.0.0.0 60:EB:69:9B:BE:31 te-1/1/51Total route count:2


220


OSPF should aggregate the route entries from the backbone area into a non-backbone area, or

from a non-backbone area into the backbone area. Route aggregation works only on the ABR.

You can use the "advertise disable" parameter to restrain ABR route aggregation. The ABR will

generate route aggregation by default after you configure , and the packet is routed toarea-range

the best (the longest or most specific) match.

Figure 5-6. OSPF area range configuration.


XorPlus# set vlans vlan-id 500 l3-interface vlan-500 XorPlus# set vlan-interface interface vlan-500 vif vlan-500 address192.168.1.2 prefix-length 30XorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switchingnative-vlan-id 500XorPlus# set protocols ospf4 router-id 1.1.1.1XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan-500 vif vlan-500address 192.168.1.2XorPlus#commitWaiting for merging configuration.Commit OK.Save Done.XorPlus#


XorPlus# set vlans vlan-id 500 l3-interface vlan-500XorPlus# set vlan-interface interface vlan-500 vif vlan-500 address192.168.1.1 prefix-length 30XorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switchingnative-vlan-id 500XorPlus# set protocols ospf4 router-id 4.4.4.4XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan-100 vif vlan-500address 192.168.1.1XorPlus# set vlans vlan-id 400 l3-interface vlan-400XorPlus# set vlan-interface interface vlan-400 vif vlan-400 address172.25.150.250 prefix-length 30XorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switching


221

native-vlan-id 400XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan-400 vif vlan-400address 172.25.150.250XorPlus#commitWaiting for merging configuration.Commit OK.Save Done.XorPlus#


XorPlus# set vlans vlan-id 400 l3-interface vlan-400XorPlus# set vlan-interface interface vlan-400 vif vlan-400 address172.25.150.249 prefix-length 30XorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switchingnative-vlan-id 400XorPlus# set protocols ospf4 router-id 3.3.3.3XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan-400 vif vlan-400address 172.25.150.249XorPlus#commitWaiting for merging configuration.Commit OK.Save Done.XorPlus#

Checking the route table on Switch C

There will be a 30-bit route entry,192.168.1.0/30.

XorPlus# run show route forward-route ipv4 all Destination NetMask NextHopMac Port --------------- --------------- ----------------- ---------172.25.150.248 255.255.255.252 08:9E:01:62:D5:61 connected192.168.1.0 255.255.255. 252 60:EB:69:9B:BE:31 te-1/1/51Total route count:2

Configuring area-range on ABR(DUT2)

XorPlus# set protocols ospf4 area 0.0.0.0 area-range 192.168.1.0/24 advertisetrueXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Checking the route table on DUT3

The route entry 192.168.1.0/30 will be replaced by 192.168.1.0/24.


222

XorPlus# run show route forward-route ipv4 all Destination NetMask NextHopMac Port --------------- --------------- ----------------- ---------172.25.150.248 255.255.255.252 08:9E:01:62:D5:61 connected192.168.1.0 255.255.255. 0 60:EB:69:9B:BE:31 te-1/1/51Total route count:2


Figure 5-8. Importing an external route into an OSPF area.


XorPlus# set vlans vlan-id 500 l3-interface vlan-500 XorPlus# set vlan-interface interface vlan-500 vif vlan-500 address192.168.1.2 prefix-length 30XorPlus# set interface gigabit-ethernet ge-1/1/47 family ethernet-switchingnative-vlan-id 500 XorPlus# set protocols ospf4 router-id 1.1.1.1 XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan-500 vif vlan-500address 192.168.1.2 XorPlus#commitWaiting for merging configuration.Commit OK.Save Done.XorPlus#


XorPlus# set vlans vlan-id 400 l3-interface vlan-400 XorPlus# set vlan-interface interface vlan-400 vif vlan-400 address172.25.150.250 prefix-length 30XorPlus# set vlans vlan-id 500 l3-interface vlan-500 XorPlus# set vlan-interface interface vlan-500 vif vlan-500 address192.168.1.1 prefix-length 30XorPlus# set interface gigabit-ethernet ge-1/1/48 family ethernet-switchingnative-vlan-id 500 XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 400XorPlus# set protocols ospf4 router-id 4.4.4.4XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan-500 vif vlan-500address 192.168.1.1XorPlus# set protocols ospf4 area 1.1.1.1 interface vlan-400 vif vlan-400address 172.25.150.250


223

1.

2.

3.

XorPlus#commitWaiting for merging configuration.Commit OK.Save Done.XorPlus#


XorPlus# set vlans vlan-id 300 l3-interface vlan-300 XorPlus# set vlan-interface interface vlan-300 vif vlan-300 address172.25.150.246 prefix-length 30XorPlus# set vlans vlan-id 400 l3-interface vlan-400 XorPlus# set vlan-interface interface vlan-400 vif vlan-400 address172.25.150.249 prefix-length 30XorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switchingnative-vlan-id 300 XorPlus# set interface gigabit-ethernet te-1/1/51 family ethernet-switchingnative-vlan-id 400 XorPlus# set protocols ospf4 router-id 3.3.3.3XorPlus# set protocols ospf4 area 2.2.2.2 interface vlan-300 vif vlan-300address 172.25.150.246 XorPlus# set protocols ospf4 area 1.1.1.1 interface vlan-400 vif vlan-400address 172.25.150.249XorPlus#commitWaiting for merging configuration.Commit OK.Save Done.XorPlus#

Configuring an external route import policy on Switch C

Configure external static route.

XorPlus# set protocols static route 192.168.6.0/24 next-hop172.25.150.245XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Configure policy to import external route

XorPlus# set policy policy-statement static term 1 from protocol staticXorPlus# set policy policy-statement static then acceptXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Using policy on ospf


224

3.

4.

XorPlus# set protocols ospf4 export staticXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Check route table on Switch A , there will be route entry 192.168.6.0/24

XorPlus# run show route forward-route ipv4 all Destination NetMask NextHopMac Port --------------- --------------- ----------------- ---------192.168.1.0 255.255.255.252 C8:0A:A9:AE:0A:66 connected172.25.150.248 255.255.255.252 60:EB:69:9B:BE:31 te-1/1/47192.168.6.0 255.255.255.0 60:EB:69:9B:BE:31 te-1/1/47Total route count:3


BFD supports for OSPF, BGP, static route and ECMP.

Configuring the mode

There are two BFD modes: active and passive.

The BFD will send protocol messages initiatively in active mode, and passively in passive mode.

XorPlus# set protocols bfd mode active XorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus# set protocols bfd mode passive XorPlus# commit Commit OK.Save done.XorPlus#

Configuring detect-multiplier, min-receive-interval and min-transmit-interval

Detect-multiplier: a detection timeout multiple, it is used in calculating detection timeout time by the

detector; min-receive-interval: the minimum sending interval of the BFD packet supported by the

local side; min-transmit-interval: the minimum receiving interval of the BFD packet supported by

the local side.

XorPlus# set protocols bfd interface vlan25 detect-multiplier 5XorPlus# set protocols bfd interface vlan25 min-transmit-interval 1000XorPlus# set protocols bfd interface vlan25 min-receive-interval 2000XorPlus# commit Merging the configuration.


225

Commit OK.Save done.XorPlus#

Enable BFD on L3 interface

Enable BFD on the VLAN interface.

XorPlus# set protocols bfd interface vlan25 disable falseXorPlus# commit Commit OK.Save done.XorPlus#

Enable BFD supporting for OSPF4

Enable BFD to support for protocol OSPF4.

XorPlus# set protocols ospf4 area 1.1.1.1 interface vlan-25 vif vlan-25address 125.125.25.6 bfd disable falseXorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus#

Enable BFD supporting for OSPF6

Enable BFD to support for protocol OSPF6.

XorPlus# set protocols ospf6 area 1.1.1.1 interface vlan-23 vif vlan-23 bfddisable falseXorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus#

Enable BFD supporting for BGP

Enable BFD to support for protocol BGP.

XorPlus# set protocols bgp peer 125.125.25.1 bfd disable falseXorPlus# commit Merging the configuration.Commit OK.XorPlus#


226

Enable BFD supporting for static route

Enable BFD to support for protocol static route.

XorPlus# set protocols static route 201.201.20.0/24 next-hop 113.113.13.1XorPlus# set protocols static route 201.201.20.0/24 bfd trueXorPlus# commit Commit OK.Save done.XorPlus#

Enable BFD supporting for ECMP

Enable BFD to support for protocol ECMP.

XorPlus# set protocols static route 201.201.20.0/24 next-hop 113.113.13.1XorPlus# set protocols static route 201.201.20.0/24 bfd trueXorPlus# commit Commit OK.Save done.XorPlus# set protocols static route 201.201.20.0/24 qualified-next-hop115.115.15.1 bfd trueXorPlus# set protocols static route 201.201.20.0/24 qualified-next-hop115.115.15.1 metric 1XorPlus# commit Commit OK.Save done.XorPlus#


Fig.5-9 presents an example of configuring BFD supporting for OSPF4. Switch A and Switch B are

located in the backbone area, 0.0.0.0.

Figure 5-9. BFD basic configuration.



227

For switch A, configure one VLAN interface for networks123.123.10.1/24. You should also

configure area 0.0.0.0, which includes network 123.123.10.1/24 and 123.123.10.6/24, and enable

BFD on OSPF4 and VLAN interface.

XorPlus# set vlans vlan-id 10XorPlus# set vlans vlan-id 10 l3-interface vlan10XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 10XorPlus# set vlan-interface interface vlan10 vif vlan10 address 123.123.10.1prefix-length 24XorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus# set protocols ospf4 router-id 1.1.1.1XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan10 vif vlan10 address123.123.10.1 bfd disable falseXorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus# set protocols bfd interface vlan10 disable falseXorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus#


For switch B, configure one VLAN interface for networks123.123.10.6/24. You should also

configure area 0.0.0.0, which includes network 123.123.10.1/24 and 123.123.10.6/24, and enable

BFD on OSPF4 and VLAN interface.

XorPlus# set vlans vlan-id 10XorPlus# set vlans vlan-id 10 l3-interface vlan-10XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 10XorPlus# set vlan-interface interface vlan-10 vif vlan-10 address123.123.10.6 prefix-length 24XorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus# set protocols ospf4 router-id 2.2.2.2XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan-10 vif vlan-10address 123.123.10.6 bfd disable falseXorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus# set protocols bfd interface vlan-10 disable falseXorPlus# commit Merging the configuration.


228


Verifying the BFD configuration

You can verify the BFD configuration of a switch by checking its BFD neighbor.

XorPlus# run show bfd neighbor ipv4Detect Transmit Local Address Remote Address Interface State Time(ms) Interval(ms) Multiplier--------------- --------------- --------- --------- -------- ----------------------123.123.10.1 123.123.10.6 vlan10 Up 1500 500 3 XorPlus#

Fig.5-10 presents an example of configuring BFD supporting for static route.

Figure 5-10. BFD basicconfiguration


For switch A, configure one VLAN interface for networks123.123.10.1/24. You should also

configure static route whose next hop direct to network 123.123.10.6/24, and enable BFD on static

route and VLAN interface.

XorPlus# set vlans vlan-id 10XorPlus# set vlans vlan-id 10 l3-interface vlan10XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 10XorPlus# set vlan-interface interface vlan10 vif vlan10 address 123.123.10.1prefix-length 24XorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus# set protocols static route 200.200.10.0/24 next-hop 123.123.10.6XorPlus# set protocols static route 200.200.10.0/24 bfd trueXorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus# set protocols bfd interface vlan10 disable falseXorPlus# commit Merging the configuration.


229



For switch B, configure one VLAN interface for networks123.123.10.6/24. You should also

configure static route whose next hop direct to network 123.123.10.1/24, and enable BFD on static

route and VLAN interface.

XorPlus# set vlans vlan-id 10XorPlus# set vlans vlan-id 10 l3-interface vlan-10XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 10XorPlus# set vlan-interface interface vlan-10 vif vlan-10 address123.123.10.6 prefix-length 24XorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus# set protocols static route 178.178.10.0/24 next-hop 123.123.10.1XorPlus# set protocols static route 178.178.10.0/24 bfd trueXorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus# set protocols bfd interface vlan-10 disable falseXorPlus# commit Merging the configuration.Commit OK.Save done.XorPlus#

Verifying the BFD configuration

You can verify the BFD configuration of a switch by checking its BFD neighbor.

XorPlus# run show bfd neighbor ipv4Detect Transmit Local Address Remote Address Interface State Time(ms) Interval(ms) Multiplier--------------- --------------- --------- --------- -------- ----------------------123.123.10.1 123.123.10.6 vlan10 Up 1500 500 3 XorPlus#


In L2/L3, ECMP is supported. The maximum ECMP outgoing port group is 4*128. If you configure

each ECMP route to have up to 4 equal-cost paths, for example, then the maximum ECMP

outgoing port group support is 128. If you configure each ECMP route to have up to 16 equal-cost

paths, the maximum ECMP outgoing port group support is 32. Several different ECMP routes can

share the same outgoing port group.

After configuring the ECMP equal-cost path maximum, reboot the switch to make it available.


230

Configuring the equal-cost path maximum

XorPlus# set interface ecmp path_max 8XorPlus# commit Waiting for merging configuration.Commit OK.Save done.ECMP max path changes, please reset the box!XorPlus# run request system reboot The system is going down NOW!Sending SIGTERM to all processesSending SIGKILL to all processesRequesting system rebootRestarting system.rstcr compatible register does not exist!uses the mpc8541's gpio to do a reset.U-Boot 1.3.0 (Sep 8 2010 - 17:20:00)CPU: 8541, Version: 1.1, (0x80720011)Core: E500, Version: 2.0, (0x80200020)Clock Configuration:CPU: 825 MHz, CCB: 330 MHz,DDR: 165 MHz, LBC: 41 MHzL1: D-cache 32 kB enabledI-cache 32 kB enabledI2C: readyDRAM: Initializing

Configuring static ECMP routing

XorPlus# set vlans vlan-id 2XorPlus# set vlans vlan-id 3XorPlus# set vlans vlan-id 4XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/4 family ethernet-switchingnative-vlan-id 3XorPlus# set interface gigabit-ethernet ge-1/1/5 family ethernet-switchingnative-vlan-id 4XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set vlans vlan-id 3 l3-interface vlan-3XorPlus# set vlans vlan-id 4 l3-interface vlan-4XorPlus# set vlan-interface interface vlan-2 address 10.10.60.10prefix-length 24XorPlus# set vlan-interface interface vlan-3 address 10.10.61.10prefix-length 24XorPlus# set vlan-interface interface vlan-4 address 10.10.62.10prefix-length 24XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set protocols static route 10.10.51.0/24 next-hop 10.10.61.20XorPlus# set protocols static route 10.10.51.0/24 qualified-next-hop10.10.62.20 metric 1XorPlus# commit


231

Waiting for merging configuration.Commit OK.Save done.XorPlus# You can che

ck the static ECMP route for 10.10.51.0/24 in the RIB.

XorPlus# run show route table ipv4 unicast final 10.10.51.0/24 [static(1)/1]> to 10.10.61.20 via vlan-3/vlan-310.10.51.0/24 [static(1)/1]> to 10.10.62.20 via vlan-4/vlan-410.10.60.0/24 [connected(0)/0]> via vlan-2/vlan-210.10.61.0/24 [connected(0)/0]> via vlan-3/vlan-310.10.62.0/24 [connected(0)/0]> via vlan-4/vlan-4

Configuring ECMP hash fields

In the default setting, all fields are hashed by "ip-source," "port-destination," "port-source," and

"vlan". You can enable additional fields as shown below:

XorPlus# set interface ecmp hash-mapping field ingress-interface disablefalseXorPlus# set interface ecmp hash-mapping field ip-destination disable falseXorPlus# set interface ecmp hash-mapping field ip-protocol disable falseXorPlus# set interface ecmp hash-mapping field ip-source disable falseXorPlus# set interface ecmp hash-mapping field port-destination disable falseXorPlus# set interface ecmp hash-mapping field port-source disable falseXorPlus# set interface ecmp hash-mapping field vlan disable falseXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#


In L2/L3, VRRP is supported, for both preempt and non-preempt parameters.

Configuring VRRP

In the configuration below, a virtual router with IP 192.168.1.5/24 has been created. You can

configure VRRP preemption and the VRRP priority.

XorPlus# set vlans vlan-id 2XorPlus# set vlans vlan-id 3XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 2


232

XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingnative-vlan-id 3XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set vlans vlan-id 3 l3-interface vlan-3XorPlus# set vlan-interface interface vlan-2 vif vlan-2 address 192.168.1.1prefix-length 24XorPlus# set vlan-interface interface vlan-3 vif vlan-3 address 192.168.2.1prefix-length 24XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set protocols vrrp interface vlan-2 vrid 1XorPlus# set protocols vrrp interface vlan-2 vif vlan-2 vrid 1 ip 192.168.1.5prefix-length 24XorPlus# set protocols vrrp interface vlan-2 vif vlan-2 vrid 1 preempt trueXorPlus# set protocols vrrp interface vlan-2 vif vlan-2 vrid 1 priority 100XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# You can c

check the VRRP configuration.

XorPlus# run show vrrp vlan-2Interface vlan-2Vif vlan-2VRID 1State masterMaster IP 192.168.1.1XorPlus#


Configuring the IPv6 neighbor aging time

You can configure the IPv6 neighbor aging time. The neighbor will be removed after the timer has

expired.

XorPlus# set protocols neighbour aging-time 480XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring a static IPv6 neighbor

You can configure a static IPv6 neighbor in a specified interface.

XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set protocols neighbour interface vlan-2 vif vlan-2 address 2001::01


233

mac-address 22:22:22:22:22:22XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# run show ipv6-neighbors static aging-time(seconds): 480Address HW Address Interface--------------------------------------- ----------------- ---------2001::1 22:22:22:22:22:22 vlan-2 XorPlus#

Configuring IPv6 router advertisement

You can manually enable router advertisement messages.

XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set vlan-interface interface vlan1 router-advertisement disablefalseXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#


In L2/L3, IPv6 static routing is supported. The IPv6 for OSPFv3 and RIPng will be supported soon.

In P-3290 and P-3780, you should configure the link-local IPv6 address, otherwise all the IPv6

interfaces will share the same link-local address. This problem will be fixed in a future version.

Configuring a static route for IPv6

You can configure the link-local address and global address for a VLAN interface.

XorPlus# set vlans vlan-id 2XorPlus# set vlans vlan-id 3XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/4 family ethernet-switchingnative-vlan-id 3XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set vlans vlan-id 3 l3-interface vlan-3XorPlus# set vlan-interface interface vlan-2vif vlan-2 address2001:db8:3c4d:5:60:ff:73:87 prefix-length 64XorPlus# set vlan-interface interface vlan-2vif vlan-2 addressfe80::ca0a:a9ff:fe04:4931 prefix-length 64XorPlus# set vlan-interface interface vlan-3vif vlan-3 address2001:db8:3c4d:6:0:ff:73:87 prefix-length 64XorPlus# set vlan-interface interface vlan-3vif vlan-3 addressfe80::ca0a:a9ff:4:4932 prefix-length 64XorPlus# commitWaiting for merging configuration.Commit OK.


234

Save done.XorPlus# set protocols static route 2001:db8:3c4d:7::/64 next-hop2001:db8:3c4d:5:60:d6ff:73:89XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Then verify the IPv6 static route in the RIB:

XorPlus# run show route table ipv6 unicast final 2001:db8:3c4d:5::/64[connected(0)/0]> via vlan-2/vlan-22001:db8:3c4d:6::/64[connected(0)/0]> via vlan-3/vlan-3fe80::/64 [connected(0)/0]> via vlan-3/vlan-3fe80::/64 [connected(0)/0]> via vlan-2/vlan-2


In XorPlus, OSPFv3 is supported.

Configuring the router ID

XorPlus# set protocols ospf6 instance-id 1

XorPlus# commit

Waiting for merging configuration.

Commit OK.

Save done.

Configuring an OSPF area and area-type

Area 0.0.0.0 is the backbone area of OSPF; each OSPF domain should have the area 0.0.0.0.

Area types includes normal, stub, and NSSA.

XorPlus# set protocols ospf6 area 0.0.0.0 area-type normalXorPlus# set protocols ospf6 area 1.1.1.1 area-type stubXorPlus# set protocols ospf6 area 2.2.2.2 area-type nssaXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring OSPF interfaces


235

XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set vlans vlan-id 3 l3-interface vlan-3XorPlus# set vlan-interface interface vlan-2 vif vlan-2 address 2001::15prefix-length 64XorPlus# set vlan-interface interface vlan-3 vif vlan-3 address 2002::15prefix-length 64XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 3XorPlus# set protocols ospf6 area 0.0.0.0 interface vlan-2 vif vlan-2 address2001::15XorPlus# set protocols ospf6 area 0.0.0.0 interface vlan-3 vif vlan-3 address2002::15XorPlus# set protocols ospf6 instance-id 1XorPlus# set protocols ospf6 router-id 1.1.1.1XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# run show ospf6 interface Interface State Area DR ID BDR ID Nbrs--------- -------- --------------- --------------- --------------- ----vlan-2 Down 0.0.0.0 0.0.0.0 0.0.0.0 0 vlan-3 Down 0.0.0.0 0.0.0.0 0.0.0.0 0

Configuring additional OSPF interface parameters

You can also configure additional OSPF interface parameters (hello-interval, interface-cost, static

neighbor, priority, retransmit-interval, router-dead-interval, and transmit-delay).

XorPlus# set protocols ospf6 area 0.0.0.0 interface vlan-2 vif vlan-2hello-interval 10XorPlus# set protocols ospf6 area 0.0.0.0 interface vlan-2 vif vlan-2interface-cost 8XorPlus# set protocols ospf6 area 0.0.0.0 interface vlan-2 vif vlan-2transmit-delay 2XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#


In L2/L3, ACLs support destination-address-ipv4, destination-address-ipv6,

destination-mac-address, destination-port, ether-type, ip, protocol, source-address-ipv4,

source-address-ipv6, source-mac-address, source-port, and vlan-id.

TCP flags are also supported. These ACLs can be applied to physical ports, LAG ports, and VLAN

interfaces. One ACL can be applied to multiple ports (the properties of the ports can be same or

different), but only one port can be matched to one ACL.


236

Configuring ACLs

XorPlus# set firewall filter bad-net sequence bad-1 from source-address-ipv41.1.1.0/24 XorPlus# set firewall filter bad-net sequence bad-1 then action discard XorPlus# set firewall filter bad-net sequence bad-2 from source-address-ipv41.1.2.0/24 XorPlus# set firewall filter bad-net sequence bad-2 then action discard XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set firewall filter bad-net input interface ge-1/1/1 XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus# set firewall filter bad-net input interface ae1 XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

When the switch receives a packet in ingress and egress, it will attempt to match ACLs by

sequence number, with smaller values representing higher priorities. If the matched ACL's action is

"forward" or "discard," the switch will forward or discard the packet and will not match the

remaining ACLs. If there is no matching ACL, the packet will be dropped.

Configuring ACLs in VLANs

Every member port in the VLAN interface will be applied with the ACLs configured in the VLAN

interface.

XorPlus# set firewall filter bad-net sequence bad-1 from source-address-ipv41.1.1.0/24 XorPlus# set firewall filter bad-net sequence bad-1 then action discard XorPlus# set firewall filter bad-net sequence bad-2 from source-address-ipv41.1.2.0/24 XorPlus# set firewall filter bad-net sequencebad-2 then action discard XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set firewall filter bad-netinput vlan-interface vlan-2XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring ACL discard TCP ACK


237

You can configure ACL TCP flags

(ACK/FIN/PSH/RST/SYN/URG/TCP-ESTABLISHED/TCP-INITIAL) to specify what action

(forward/discard) to perform on which packets (true/false).

XorPlus# set firewall filter bad-net sequence bad-1 then action discard XorPlus# set firewall filter bad-net sequence bad-1 from protocol tcp flagsack trueXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set firewall filter bad-net output interface ge-1/1/1 XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring ACL logging for match statistics

XorPlus# set firewall filter bad-net sequence bad-1 then action discard XorPlus# set firewall filter bad-net sequence bad-1 fromdestination-address-ipv4 192.168.100.0/24XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set firewall filter bad-net input interface ge-1/1/1XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set firewall filter bad-net sequence bad-1 log interval 10XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# run syslog monitor onXorPlus#


Control plane security is an application of firewall policer on switches PicOS that allows the

configuration of firewall policies that rate limit the traffic handled by the main CPU of the network

device. This protects the control plane of the switch from direct denial-of-service attacks. With

Control plane security, these firewall policies are configured to permit, block, or rate limit the

packets handled by the main CPU.

Control plane security can be applied in management interface and inbound interface. Create

firewall filter on the ASIC to protect the Control Plane and modify the IPFilter for inband interface,

and create IPFilter configure for management interface.


238

Control Plane security Rate Limits and Actions Examples:

Filter class Rate-limit(pps) Conform Action Exceed Action

ARP 100 Transmit Drop

ICMP 100 Transmit Drop

OSPF null Transmit Transmit

BGP null Transmit Transmit

ssh null Transmit Transmit

telnet null Transmit Transmit

Tacacs null Transmit Transmit

ntp null Transmit Transmit

snmp null Transmit Transmit

default 200 Transmit Drop


set firewall policer 100pps if-exceeding rate-limit 100set firewall policer 100pps if-exceeding burst-limit 5set firewall policer 100pps then action discardset firewall policer 200pps if-exceeding rate-limit 200set firewall policer 200pps if-exceeding burst-limit 10set firewall policer 200pps then action discardConfiguring Control Plane Security filterset firewall filter f1 sequence 0 from ether-type 2054set firewall filter f1 sequence 0 then policer 100ppsset firewall filter f1 sequence 1 from protocol icmpset firewall filter f1 sequence 1 then policer 100ppsset firewall filter f1 sequence 2 from protocol ospfset firewall filter f1 sequence 2 from destination-address-ipv4 224.0.0.5/32set firewall filter f1 sequence 2 then action forwardset firewall filter f1 sequence 3 from protocol ospfset firewall filter f1 sequence 3 from destination-address-ipv4 224.0.0.5/32set firewall filter f1 sequence 3 then action forwardset firewall filter f1 sequence 4 from protocol tcpset firewall filter f1 sequence 4 from source-port 179set firewall filter f1 sequence 4 then action forwardset firewall filter f1 sequence 5 from protocol tcpset firewall filter f1 sequence 5 from destination-port 179set firewall filter f1 sequence 5 then action forwardset firewall filter f1 sequence 6 from protocol tcpset firewall filter f1 sequence 6 from source-port 22


239

set firewall filter f1 sequence 6 then action forwardset firewall filter f1 sequence 7 from protocol tcpset firewall filter f1 sequence 7 from destination-port 22set firewall filter f1 sequence 7 then action forwardset firewall filter f1 sequence 8 from protocol tcpset firewall filter f1 sequence 8 from source-port 23set firewall filter f1 sequence 8 then action forwardset firewall filter f1 sequence 9 from protocol tcpset firewall filter f1 sequence 9 from destination-port 23set firewall filter f1 sequence 9 then action forwardset firewall filter f1 sequence 10 from protocol tcpset firewall filter f1 sequence 10 from source-port 49set firewall filter f1 sequence 10 then action forwardset firewall filter f1 sequence 11 from protocol tcpset firewall filter f1 sequence 11 from destination-port 49set firewall filter f1 sequence 11 then action forwardset firewall filter f1 sequence 12 from protocol udpset firewall filter f1 sequence 12 from source-port 123set firewall filter f1 sequence 12 then action forwardset firewall filter f1 sequence 13 from protocol udpset firewall filter f1 sequence 13 from destination-port 123set firewall filter f1 sequence 13 then action forwardset firewall filter f1 sequence 14 from protocol udpset firewall filter f1 sequence 14 from source-port 161set firewall filter f1 sequence 14 then action forwardset firewall filter f1 sequence 15 from protocol udpset firewall filter f1 sequence 15 from destination-port 161set firewall filter f1 sequence 15 then action forwardset firewall filter f1 sequence 16 from protocol udpset firewall filter f1 sequence 16 from source-port 162set firewall filter f1 sequence 16 then action forwardset firewall filter f1 sequence 17 from protocol udpset firewall filter f1 sequence 17 from destination-port 162set firewall filter f1 sequence 17 then action forwardset firewall filter f1 sequence 100 fromset firewall filter f1 sequence 100 then policer 200pps


delete interface ecmp hash-mapping field ingress-interface disable

delete interface ecmp hash-mapping field ip-destination disable

delete interface ecmp hash-mapping field ip-protocol disable

delete interface ecmp hash-mapping field ip-source disable

delete interface ecmp hash-mapping field port-destination disable

delete interface ecmp hash-mapping field port-source disable

delete interface ecmp hash-mapping field vlan disable

delete interface ecmp max-path

delete vlan-interface loopback address 127.0.0.1 prefix-length

delete vlan-interface loopback address ::1 prefix-length

run clear arp all

run clear arp ip-address <ip-address>

run clear neighbor all

run clear neighbor ipv6-address <ipv6-address>

run clear vlan-interface statistics loopback

run flush arp all


240

run flush arp ip-address <ip-address>

run flush neighbor all

run flush neighbor ipv6-address <ipv6-address>

run ping <ip-address> <int> deadline <int> source 0x1 interval <int> tos <int> ttl <int> size <int>

run ping <ip-address> <int> interval <int>

run ping <ip-address> <int> pattern <int>

run ping <ip-address> <int> size <int>

run ping <ip-address> <int> source 0x1

run ping <ip-address> <int> tos <int>

run ping <ip-address> <int> ttl <int>

run ping6 <ipv6-address> <int> deadline <int> source 0x1 interval <int> ttl <int> size <int>

run ping6 <ipv6-address> <int> interval <int>

run ping6 <ipv6-address> <int> pattern <int>

run ping6 <ipv6-address> <int> size <int>

run ping6 <ipv6-address> <int> source 0x1

run ping6 <ipv6-address> <int> ttl <int>

run show arp brief

run show arp inspection brief

run show arp management-ethernet eth0

run show policy network4-list

run show policy policy-statement

run show route admin distance ipv4 unicast

run show route admin distance ipv6 unicast

run show route forward-host brief

run show route forward-host ipv4 <ip-address>

run show route forward-host ipv4 all

run show route forward-host ipv6 <ip-address>

run show route forward-host ipv6 all

run show route forward-route brief

run show route forward-route ipv4 <ip-address/netmask>

run show route forward-route ipv4 all

run show route forward-route ipv6 <ip-address/netmask>

run show route forward-route ipv6 all

run show route table ipv4 unicast connected brief

run show route table ipv4 unicast connected detail

run show route table ipv4 unicast connected terse

run show route table ipv4 unicast ebgp brief

run show route table ipv4 unicast ebgp detail

run show route table ipv4 unicast ebgp terse

run show route table ipv4 unicast final brief

run show route table ipv4 unicast final detail

run show route table ipv4 unicast final terse

run show route table ipv4 unicast ibgp brief

run show route table ipv4 unicast ibgp detail

run show route table ipv4 unicast ibgp terse


241

run show route table ipv4 unicast ospf brief

run show route table ipv4 unicast ospf detail

run show route table ipv4 unicast ospf terse

run show route table ipv4 unicast ospf winners brief

run show route table ipv4 unicast ospf winners detail

run show route table ipv4 unicast ospf winners terse

run show route table ipv4 unicast rip brief

run show route table ipv4 unicast rip detail

run show route table ipv4 unicast rip terse

run show route table ipv4 unicast rip winners brief

run show route table ipv4 unicast rip winners detail

run show route table ipv4 unicast rip winners terse

run show route table ipv4 unicast static brief

run show route table ipv4 unicast static detail

run show route table ipv4 unicast static terse

run show route table ipv6 unicast connected brief

run show route table ipv6 unicast connected detail

run show route table ipv6 unicast connected terse

run show route table ipv6 unicast ebgp brief

run show route table ipv6 unicast ebgp detail

run show route table ipv6 unicast ebgp terse

run show route table ipv6 unicast final brief

run show route table ipv6 unicast final detail

run show route table ipv6 unicast final terse

run show route table ipv6 unicast ibgp brief

run show route table ipv6 unicast ibgp detail

run show route table ipv6 unicast ibgp terse

run show route table ipv6 unicast ospf brief

run show route table ipv6 unicast ospf detail

run show route table ipv6 unicast ospf terse

run show route table ipv6 unicast ospf winners brief

run show route table ipv6 unicast ospf winners detail

run show route table ipv6 unicast ospf winners terse

run show route table ipv6 unicast ripng brief

run show route table ipv6 unicast ripng detail

run show route table ipv6 unicast ripng terse

run show route table ipv6 unicast ripng winners brief

run show route table ipv6 unicast ripng winners detail

run show route table ipv6 unicast ripng winners terse

run show route table ipv6 unicast static brief

run show route table ipv6 unicast static detail

run show route table ipv6 unicast static terse

run show vlan-interface brief

run show vlan-interface interface loopback

run traceroute <ip-address>


242

run traceroute6 <ipv6-address>

set interface ecmp hash-mapping field ingress-interface disable true

set interface ecmp hash-mapping field ip-destination disable true

set interface ecmp hash-mapping field ip-protocol disable true

set interface ecmp hash-mapping field ip-source disable true

set interface ecmp hash-mapping field port-destination disable true

set interface ecmp hash-mapping field port-source disable true

set interface ecmp hash-mapping field vlan disable true

set interface ecmp max-path <int>

set policy as-path-list bozo elements bozo

set policy community-list bozo elements bozo

set policy network4-list bozo network <ip-address/netmask> modifier bozo

set policy network6-list bozo network <ipv6-address/netmask> modifier bozo

set policy policy-statement bozo term bozo from as-path bozo

set policy policy-statement bozo term bozo from as-path-list bozo

set policy policy-statement bozo term bozo from community bozo

set policy policy-statement bozo term bozo from community-list bozo

set policy policy-statement bozo term bozo from external-type <int>

set policy policy-statement bozo term bozo from localpref <int>

set policy policy-statement bozo term bozo from med <int>

set policy policy-statement bozo term bozo from metric <int>

set policy policy-statement bozo term bozo from neighbor <ip-address>

set policy policy-statement bozo term bozo from network4 <ip-address/netmask>

set policy policy-statement bozo term bozo from network4-list bozo

set policy policy-statement bozo term bozo from network6 <ipv6-address/netmask>

set policy policy-statement bozo term bozo from network6-list bozo

set policy policy-statement bozo term bozo from nexthop4 <ip-address>

set policy policy-statement bozo term bozo from nexthop6 <ipv6-address>

set policy policy-statement bozo term bozo from origin <int>

set policy policy-statement bozo term bozo from prefix-length4 <int>

set policy policy-statement bozo term bozo from prefix-length6 <int>

set policy policy-statement bozo term bozo from protocol bgp

set policy policy-statement bozo term bozo from protocol connected

set policy policy-statement bozo term bozo from protocol ospf4

set policy policy-statement bozo term bozo from protocol ospf6

set policy policy-statement bozo term bozo from protocol ripng

set policy policy-statement bozo term bozo from protocol static

set policy policy-statement bozo term bozo from tag <int>

set policy policy-statement bozo term bozo then accept

set policy policy-statement bozo term bozo then aggregate-brief-mode true

set policy policy-statement bozo term bozo then aggregate-prefix-len <int>

set policy policy-statement bozo term bozo then as-path-expand <int>

set policy policy-statement bozo term bozo then as-path-prepend <int>

set policy policy-statement bozo term bozo then community bozo

set policy policy-statement bozo term bozo then community-add bozo


243

set policy policy-statement bozo term bozo then community-del bozo

set policy policy-statement bozo term bozo then external-type <int>

set policy policy-statement bozo term bozo then localpref <int>

set policy policy-statement bozo term bozo then med <int>

set policy policy-statement bozo term bozo then med-remove true

set policy policy-statement bozo term bozo then metric <int>

set policy policy-statement bozo term bozo then nexthop4 <ip-address>

set policy policy-statement bozo term bozo then nexthop4-var peer-address

set policy policy-statement bozo term bozo then nexthop4-var self

set policy policy-statement bozo term bozo then nexthop6 <ipv6-address>

set policy policy-statement bozo term bozo then nexthop6-var peer-address

set policy policy-statement bozo term bozo then nexthop6-var self

set policy policy-statement bozo term bozo then origin <int>

set policy policy-statement bozo term bozo then reject

set policy policy-statement bozo term bozo then tag <int>

set policy policy-statement bozo term bozo to as-path bozo

set policy policy-statement bozo term bozo to as-path-list bozo

set policy policy-statement bozo term bozo to community bozo

set policy policy-statement bozo term bozo to external-type <int>

set policy policy-statement bozo term bozo to localpref <int>

set policy policy-statement bozo term bozo to med <int>

set policy policy-statement bozo term bozo to metric <int>

set policy policy-statement bozo term bozo to neighbor <ip-address>

set policy policy-statement bozo term bozo to network4 <ip-address/netmask>

set policy policy-statement bozo term bozo to network4-list bozo

set policy policy-statement bozo term bozo to network6 <ipv6-address/netmask>

set policy policy-statement bozo term bozo to network6-list bozo

set policy policy-statement bozo term bozo to nexthop4 <ip-address>

set policy policy-statement bozo term bozo to nexthop6 <ipv6-address>

set policy policy-statement bozo term bozo to origin <int>

set policy policy-statement bozo term bozo to prefix-length4 <int>

set policy policy-statement bozo term bozo to prefix-length6 <int>

set policy policy-statement bozo term bozo to tag <int>

set policy policy-statement bozo term bozo to was-aggregated true

set policy policy-statement bozo then accept

set policy policy-statement bozo then reject

set protocols arp aging-time <int>

set protocols arp interface bozo address <ip-address> mac-address <mac-address>

set protocols arp interface bozo inspection disable true

set protocols arp interface bozo proxy disable true

set protocols arp traceoptions disable true

set protocols bfd interface bozo detect-multiplier <int>

set protocols bfd interface bozo disable true

set protocols bfd interface bozo min-echo-receive-interval <int>

set protocols bfd interface bozo min-receive-interval <int>


244

set protocols bfd interface bozo min-transmit-interval <int>

set protocols bfd mode active

set protocols bfd mode passive

set protocols bfd traceoptions flag config disable true

set protocols bfd traceoptions flag event disable true

set protocols bfd traceoptions flag fsm disable true

set protocols bfd traceoptions flag packet disable true

set protocols bfd traceoptions flag raw-packet disable true

set protocols ipfix interfaces egress <port>

set protocols ipfix interfaces ingress <port>

set protocols ipfix traceoptions flag all disable true

set protocols neighbour interface bozo address <ipv6-address> mac-address <mac-address>

set protocols neighbour interface bozo proxy disable true

set protocols neighbour traceoptions disable true

set protocols ospf4 area <ip-address> area-range <ip-address/netmask> advertise true

set protocols ospf4 area <ip-address> area-type normal

set protocols ospf4 area <ip-address> area-type nssa

set protocols ospf4 area <ip-address> area-type stub

set protocols ospf4 area <ip-address> default-lsa disable true

set protocols ospf4 area <ip-address> default-lsa metric <int>

set protocols ospf4 area <ip-address> interface bozo link-type broadcast

set protocols ospf4 area <ip-address> interface bozo link-type p2m

set protocols ospf4 area <ip-address> interface bozo link-type p2p

set protocols ospf4 area <ip-address> interface bozo vif bozo address <ip-address> authentication

md5 <int> end-time bozo


md5 <int> max-time-drift <int>


md5 <int> max-time-drift <int>


md5 <int> password bozo


md5 <int> start-time bozo


simple-password bozo

set protocols ospf4 area <ip-address> interface bozo vif bozo address <ip-address> bfd disable

true

set protocols ospf4 area <ip-address> interface bozo vif bozo address <ip-address> disable true

set protocols ospf4 area <ip-address> interface bozo vif bozo address <ip-address> hello-interval

<int>

set protocols ospf4 area <ip-address> interface bozo vif bozo address <ip-address> interface-cost

<int>

set protocols ospf4 area <ip-address> interface bozo vif bozo address <ip-address> neighbor

<ip-address> router-id <ip-address>

set protocols ospf4 area <ip-address> interface bozo vif bozo address <ip-address> passive


245

disable true

set protocols ospf4 area <ip-address> interface bozo vif bozo address <ip-address> passive host

true

set protocols ospf4 area <ip-address> interface bozo vif bozo address <ip-address> priority <int>

set protocols ospf4 area <ip-address> interface bozo vif bozo address <ip-address>

retransmit-interval <int>

set protocols ospf4 area <ip-address> interface bozo vif bozo address <ip-address>

router-dead-interval <int>

set protocols ospf4 area <ip-address> interface bozo vif bozo address <ip-address> transmit-delay

<int>

set protocols ospf4 area <ip-address> summaries disable true

set protocols ospf4 area <ip-address> virtual-link <ip-address> authentication md5 <int> end-time

bozo

set protocols ospf4 area <ip-address> virtual-link <ip-address> authentication md5 <int>

max-time-drift <int>

set protocols ospf4 area <ip-address> virtual-link <ip-address> authentication md5 <int>

max-time-drift <int>

set protocols ospf4 area <ip-address> virtual-link <ip-address> authentication md5 <int> password

bozo

set protocols ospf4 area <ip-address> virtual-link <ip-address> authentication md5 <int> start-time

bozo

set protocols ospf4 area <ip-address> virtual-link <ip-address> authentication simple-password

bozo

set protocols ospf4 area <ip-address> virtual-link <ip-address> hello-interval <int>

set protocols ospf4 area <ip-address> virtual-link <ip-address> retransmit-interval <int>

set protocols ospf4 area <ip-address> virtual-link <ip-address> router-dead-interval <int>

set protocols ospf4 area <ip-address> virtual-link <ip-address> transmit-area <ip-address>

set protocols ospf4 area <ip-address> virtual-link <ip-address> transmit-delay <int>

set protocols ospf4 export bozo

set protocols ospf4 import bozo

set protocols ospf4 ip-router-alert true

set protocols ospf4 rfc1583-compatibility true

set protocols ospf4 router-id <ip-address>

set protocols ospf4 traceoptions flag adjacency-event disable true

set protocols ospf4 traceoptions flag all disable true

set protocols ospf4 traceoptions flag config disable true

set protocols ospf4 traceoptions flag database-description disable true

set protocols ospf4 traceoptions flag event disable true

set protocols ospf4 traceoptions flag flooding disable true

set protocols ospf4 traceoptions flag hello disable true

set protocols ospf4 traceoptions flag lsa-ack disable true

set protocols ospf4 traceoptions flag lsa-generation disable true

set protocols ospf4 traceoptions flag lsa-request disable true

set protocols ospf4 traceoptions flag lsa-update disable true

set protocols ospf4 traceoptions flag packets disable true


246

set protocols ospf4 traceoptions flag retransmission disable true

set protocols ospf4 traceoptions flag route disable true

set protocols ospf4 traceoptions flag spt disable true

set protocols ospf4 traceoptions flag timer disable true

set protocols ospf6 area <ip-address> area-range <ipv6-address/netmask> advertise true

set protocols ospf6 area <ip-address> area-type normal

set protocols ospf6 area <ip-address> area-type nssa

set protocols ospf6 area <ip-address> area-type stub

set protocols ospf6 area <ip-address> default-lsa disable true

set protocols ospf6 area <ip-address> default-lsa metric <int>

set protocols ospf6 area <ip-address> interface bozo link-type broadcast

set protocols ospf6 area <ip-address> interface bozo link-type p2m

set protocols ospf6 area <ip-address> interface bozo link-type p2p

set protocols ospf6 area <ip-address> interface bozo vif bozo address <ipv6-address> disable true

set protocols ospf6 area <ip-address> interface bozo vif bozo bfd disable true

set protocols ospf6 area <ip-address> interface bozo vif bozo disable true

set protocols ospf6 area <ip-address> interface bozo vif bozo hello-interval <int>

set protocols ospf6 area <ip-address> interface bozo vif bozo interface-cost <int>

set protocols ospf6 area <ip-address> interface bozo vif bozo neighbor <ipv6-address> router-id

<ip-address>

set protocols ospf6 area <ip-address> interface bozo vif bozo passive true

set protocols ospf6 area <ip-address> interface bozo vif bozo priority <int>

set protocols ospf6 area <ip-address> interface bozo vif bozo retransmit-interval <int>

set protocols ospf6 area <ip-address> interface bozo vif bozo router-dead-interval <int>

set protocols ospf6 area <ip-address> interface bozo vif bozo transmit-delay <int>

set protocols ospf6 export bozo

set protocols ospf6 import bozo

set protocols ospf6 instance-id <int>

set protocols ospf6 ip-router-alert true

set protocols ospf6 router-id <ip-address>

set protocols ospf6 traceoptions flag adjacency-event disable true

set protocols ospf6 traceoptions flag all disable true

set protocols ospf6 traceoptions flag config disable true

set protocols ospf6 traceoptions flag database-description disable true

set protocols ospf6 traceoptions flag event disable true

set protocols ospf6 traceoptions flag flooding disable true

set protocols ospf6 traceoptions flag hello disable true

set protocols ospf6 traceoptions flag lsa-ack disable true

set protocols ospf6 traceoptions flag lsa-generation disable true

set protocols ospf6 traceoptions flag lsa-request disable true

set protocols ospf6 traceoptions flag lsa-update disable true

set protocols ospf6 traceoptions flag packets disable true

set protocols ospf6 traceoptions flag retransmission disable true

set protocols ospf6 traceoptions flag route disable true

set protocols ospf6 traceoptions flag spt disable true


247

set protocols ospf6 traceoptions flag timer disable true

set protocols pimsm4 bootstrap cand-bsr scope-zone <ip-address/netmask> bsr-priority <int>

set protocols rip export bozo

set protocols rip import bozo

set protocols rip interface bozo vif bozo address <ip-address> accept-default-route true

set protocols rip interface bozo vif bozo address <ip-address> accept-non-rip-requests true

set protocols rip interface bozo vif bozo address <ip-address> advertise-default-route true

set protocols rip interface bozo vif bozo address <ip-address> authentication md5 <int> end-time

bozo

set protocols rip interface bozo vif bozo address <ip-address> authentication md5 <int> password

bozo

set protocols rip interface bozo vif bozo address <ip-address> authentication md5 <int> start-time

bozo

set protocols rip interface bozo vif bozo address <ip-address> authentication simple-password

bozo

set protocols rip interface bozo vif bozo address <ip-address> deletion-delay <int>

set protocols rip interface bozo vif bozo address <ip-address> disable true

set protocols rip interface bozo vif bozo address <ip-address> horizon none

set protocols rip interface bozo vif bozo address <ip-address> horizon split-horizon-poison-rever

set protocols rip interface bozo vif bozo address <ip-address> interpacket-delay <int>

set protocols rip interface bozo vif bozo address <ip-address> metric <int>

set protocols rip interface bozo vif bozo address <ip-address> passive true

set protocols rip interface bozo vif bozo address <ip-address> request-interval <int>

set protocols rip interface bozo vif bozo address <ip-address> request-interval <int>

set protocols rip interface bozo vif bozo address <ip-address> route-timeout <int>

set protocols rip interface bozo vif bozo address <ip-address> triggered-delay <int>

set protocols rip interface bozo vif bozo address <ip-address> triggered-jitter <int>

set protocols rip interface bozo vif bozo address <ip-address> update-interval <int>

set protocols rip interface bozo vif bozo address <ip-address> update-jitter <int>

set protocols rip traceoptions flag all disable true

set protocols static interface-route <ip-address/netmask> metric <int>

set protocols static interface-route <ip-address/netmask> next-hop-interface bozo

set protocols static interface-route <ip-address/netmask> next-hop-router <ip-address>

set protocols static interface-route <ip-address/netmask> next-hop-vif bozo

set protocols static interface-route <ip-address/netmask> qualified-next-hop-interface bozo

qualified-next-hop-vif bozo metric <int>

set protocols static interface-route <ip-address/netmask> qualified-next-hop-interface bozo

qualified-next-hop-vif bozo next-hop-router <ip-address

set protocols static interface-route <ipv6-address/netmask> metric <int>

set protocols static interface-route <ipv6-address/netmask> next-hop-interface bozo

set protocols static interface-route <ipv6-address/netmask> next-hop-router <ipv6-address>

set protocols static interface-route <ipv6-address/netmask> next-hop-vif bozo

set protocols static interface-route <ipv6-address/netmask> qualified-next-hop-interface bozo

qualified-next-hop-vif bozo metric <int>

set protocols static interface-route <ipv6-address/netmask> qualified-next-hop-interface bozo


248

qualified-next-hop-vif bozo next-hop-router <ipv6-address>

set protocols static route <ip-address/netmask> bfd true

set protocols static route <ip-address/netmask> metric <int>

set protocols static route <ip-address/netmask> next-hop <ip-address>

set protocols static route <ip-address/netmask> qualified-next-hop <ip-address> bfd true

set protocols static route <ip-address/netmask> qualified-next-hop <ip-address> metric <int>

set protocols static route <ipv6-address/netmask> bfd true

set protocols static route <ipv6-address/netmask> metric <int>

set protocols static route <ipv6-address/netmask> next-hop <ipv6-address>

set protocols static route <ipv6-address/netmask> qualified-next-hop <ipv6-address> bfd true

set protocols static route <ipv6-address/netmask> qualified-next-hop <ipv6-address> metric <int>

set protocols static traceoptions flag all disable true

set protocols vrrp interface bozo vif bozo vrid <int> interval <int>

set protocols vrrp interface bozo vif bozo vrid <int> ip <ip-address> prefix-length <int>

set protocols vrrp interface bozo vif bozo vrid <int> preempt true

set protocols vrrp interface bozo vif bozo vrid <int> priority <int>

set vlan-interface interface bozo router-advertisement disable true

set vlan-interface interface bozo vif bozo address <ip-address> prefix-length <int>

set vlan-interface interface bozo vif bozo address <ipv6-address> prefix-length <int>

set vlan-interface interface bozo vif bozo description bozo

set vlan-interface loopback address 127.0.0.1 prefix-length <int>

set vlan-interface loopback address ::1 prefix-length <int>

set vlan-interface loopback address <ip-address> prefix-length <int>

set vlan-interface loopback address <ipv6-address> prefix-length <int>

set vlan-interface traceoptions flag rib disable true

set vlan-interface traceoptions flag xrl disable trueset vlans dot1q-tunneling egress bozo from

customer-vlan <int>

show all interface ecmp hash-mapping field ingress-interface

show all interface ecmp hash-mapping field ip-destination

show all interface ecmp hash-mapping field ip-protocol

show all interface ecmp hash-mapping field ip-source

show all interface ecmp hash-mapping field port-destination

show all interface ecmp hash-mapping field port-source

show all interface ecmp hash-mapping field vlan

show all multicast-interface

show all policy

show all vlan-interface loopback address 127.0.0.1

show all vlan-interface loopback address ::1

show interface ecmp hash-mapping field ingress-interface

show interface ecmp hash-mapping field ip-destination

show interface ecmp hash-mapping field ip-protocol

show interface ecmp hash-mapping field ip-source

show interface ecmp hash-mapping field port-destination

show interface ecmp hash-mapping field port-source

show interface ecmp hash-mapping field vlan


249

show policy

show vlan-interface loopback address 127.0.0.1

show vlan-interface loopback address ::1


250

IPv4/IPv6 BGP Configuration

BGP protocol










EBGP Peering

IBGP Peering





BGP attributes






BGP-4 aggregation

Synchronization


Confederations

Route Reflectors




251




Configuring a BGP router ID

The router ID should be configured first when you configure BGP. The router ID is a string similar

to the IP address, and is the identifier of a BGP router in an AS. You should not change the router

ID after completing the configuration.

By default, the BGP router ID is not configured.

XorPlus# set protocols bgp bgp-id 1.1.1.1XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring BGP local-AS

The local AS (autonomous system) should be configured first when you configure BGP.

The AS_Path attribute records all the AS's that a route passes through from the source to the

destination, following the order of vectors.

XorPlus# set protocols bgp local-as 100XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring external BGP peering

If the AS number of the specified peer is different from the local AS number during the

configuration of BGP peers, an EBGP peer is configured.

To establish point-to-point connections between peer autonomous systems, configure a BGP

session on each interface of a point-to-point link. Generally, such sessions are made at network

exit points with neighboring hosts outside the AS.

XorPlus# set protocols bgp local-as 100XorPlus# set protocols bgp peer 192.168.49.1 as 200XorPlus# set protocols bgp peer 192.168.49.1 next-hop-self trueXorPlus# set protocols bgp peer 192.168.49.1 local-ip 192.168.49.2XorPlus# commit Waiting for merging configuration.Commit OK.


252

Save done.XorPlus#

Configuring internal BGP peering

If the AS number of the specified peer is the same as the local AS number during the configuration

of BGP peers, an IBGP peer is configured.

XorPlus# set protocols bgp local-as 100XorPlus# set protocols bgp peer 192.168.49.1 as 100XorPlus# set protocols bgp peer 192.168.49.1 next-hop-self trueXorPlus# set protocols bgp peer 192.168.49.1 local-ip 192.168.49.2XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring the BGP Local Preference

Internal BGP (IBGP) sessions use a metric called the local preference, which is carried in IBGP

update packets in the path attribute LOCAL_PREF. When an autonomous system (AS) has

multiple routes to another AS, the local preference indicates the degree of preference for one route

over the other routes. Expectedly, the route with the highest local preference value is preferred.

XorPlus# set policy policy-statement send-network term t1 from network4172.168.200.0/24XorPlus# set policy policy-statement send-network term t1 from protocol bgpXorPlus# set policy policy-statement send-network term t1 then localpref 200XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus# set protocols bgp peer 192.168.49.1 export send-networkXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring BGP MED

The multi-exit discriminator (MED) helps determine the optimal route for the incoming traffic of an

AS, and is similar to the metric used in IGP. When a BGP device obtains multiple routes to the

same destination address but with different next hops from EBGP peers, the BGP device selects

the route with the smallest MED value as the optimal route.

XorPlus# set policy policy-statement send-network term t1 from network4172.168.200.0/24XorPlus# set policy policy-statement send-network term t1 from protocol bgp


253

XorPlus# set policy policy-statement send-network term t1 then med 200XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus# set protocols bgp peer 192.168.49.1 export send-networkXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring BGP next hop

When an Autonomous System Boundary Router (ASBR) forwards the route learned from an

EBGP peer to an IBGP peer, the ASBR, by default, does not change the next hop of the route.

When the IBGP peer receives this route, it finds the next hop unreachable, sets the route to

inactive, and does not use this route to guide traffic forwarding.

To enable the IBGP peer to use this route to guide traffic forwarding, configure the ASBR to set its

IP address as the next hop of the route when the ASBR forwards this route to the IBGP peer. After

the IBGP peer receives this route from the ASBR, it finds the next hop of the route reachable, sets

the route to active, and uses this route to guide traffic forwarding.

When a BGP route changes, BGP needs to iterate the indirect next hop of the route again. If no

restriction is imposed on the iterated route, BGP may iterate the next hop to an incorrect

forwarding path, causing traffic loss. Configure routing policy-based route iteration to prevent traffic

loss.

XorPlus# set protocols bgp local-as 100XorPlus# set protocols bgp peer 192.168.49.1 as 100XorPlus# set protocols bgp peer 192.168.49.1 next-hop-self trueXorPlus# set protocols bgp peer 192.168.49.1 local-ip 192.168.49.2XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring BGP route reflectors

To ensure the connectivity between IBGP peers within an AS, you need to establish fullmesh

connections between the IBGP peers. When there are many IBGP peers, it is costly to establish a

fullymeshed network. A route reflector (RR) can solve this problem.

A cluster ID can help prevent routing loops between multiple RRs within a cluster, and between

clusters. When a cluster has multiple RRs, the same cluster ID must be configured for all RRs

within the cluster.

If full-mesh IBGP connections are established between clients of multiple RRs, route reflection

between clients is not required and wastes bandwidth resources. In this case, prohibit route

reflection between clients to reduce the network burden.

Within an AS, an RR transmits routing information and forwards traffic. When an RR connects to a


254

large number of clients and non-clients, many CPU resources are consumed if the RR transmits

routing information and forwards traffic simultaneously. This also reduces route transmission

efficiency. To improve route transmission efficiency, prohibit BGP from adding preferred routes to

IP routing tables on the RR, enabling the RR to only transmit routing information.

XorPlus# set protocols bgp local-as 100XorPlus# set protocols bgp peer 192.168.49.1 as 100XorPlus# set protocols bgp peer 192.168.49.1 next-hop-self trueXorPlus# set protocols bgp peer 192.168.49.1 local-ip 192.168.49.2XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set protocols bgp route-reflector cluster-id 16.16.16.16XorPlus# set protocols bgp route-reflector disable falseXorPlus# set protocols bgp peer 192.168.49.1 client trueXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring BGP confederations

A confederation divides an AS into sub-AS's, which establish EBGP connections. Within each

sub-AS, IBGP peers establish fullmesh connections or have an RR configured. On a large BGP

network, configuring a confederation can reduce the number of IBGP connections, simplify routing

policy management, and improve route advertisement efficiency.

XorPlus# set protocols bgp local-as 65533XorPlus# set protocols bgp peer 192.168.49.1 as 65533XorPlus# set protocols bgp peer 192.168.49.1 next-hop-self trueXorPlus# set protocols bgp peer 192.168.49.1 local-ip 192.168.49.2XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set protocols bgp confederation identifier 2000XorPlus# set protocols bgp confederation disable falseXorPlus# set protocols bgp peer 192.168.49.1 confederation-member trueXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring the BGP connect timer

Hold timers can be configured for all peers. The proper maximum interval at which Keep alive

messages are sent is one third the hold time.


255

XorPlus# set protocols bgp peer 192.168.49.1 holdtime 30XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring MD5 authentication for TCP connections

Configure Message Digest5 (MD5) authentication on a TCP connection between two BGP peers.

The two peers must have the same configured password to establish TCP connections.

XorPlus# set protocols bgp peer 192.168.11.10 md5-password pica8XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring EBGP fast-external-fallover

This feature allows BGP to immediately respond to a fault on an interface, and delete the direct

EBGP sessions on the interface without waiting for the hold timer to expire. It implements rapid

BGP network convergence.

By default, EBGP fast-external-fallover is disabled.

XorPlus# set protocols bgp fast-external-fallover disable falseXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring BGP route summarization

BGP supports automatic route summarization and manual route summarization. Manual route

summarization takes precedence over automatic route summarization.

Configure automatic route summarization as follows:

XorPlus# set protocols bgp auto-summary trueXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

bgp auto-summary true summarizes the routes exported by BGP.

To configure manual route summarization:


256

XorPlus# set protocols bgp aggregate network4 192.168.1.0/24 suppress-detailtrueXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring BGP to advertise default routes to peers

The BGP device can be configured to send only a default route, with the local address as the next

hop address, to its peer, regardless of whether there are default routes in the local routing table.

XorPlus# set protocols bgp peer 192.168.11.10 default-route-advertise XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring BGP to remove private AS numbers

Private autonomous system (AS) numbers that range from 64512 to 65535 are used to conserve

globally unique AS numbers. BGP can remove private AS numbers from updates to a peer.

XorPlus# set protocols bgp peer 192.168.11.10 public-as-onlyXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring BGP AS loop

Repeated local AS numbers are allowed in routes. In the default setting, however, repeated local

AS numbers are not allowed.

XorPlus# set protocols bgp peer 192.168.11.10 allow-as-loop trueXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring BGP load balancing


257

If multiple paths to a destination exist, you can configure load balancing over such paths to

improve link utilization.

Enable BGP load balancing:

XorPlus# set protocols bgp multipath disable falseXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

BGP will not load balance across multiple paths by default. This is acceptable if you are

multi-homed to a single AS, but what if you are multi-homed to different AS path? In that case, you

cannot load balance across theoretically equal paths. Enter the BGP multipath path-relax

command:

XorPlus# set protocols bgp multipath path-relax trueXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#


As shown in Fig. 5-9, BGP runs between switches. An EBGP connection is established between

Switch A and Switch B, and IBGP fullmesh connections are established between Switch B, Switch

C, and Switch D.

Configure IBGP connections between Switch B, Switch C, and Switch D.

Configure an EBGP connection between Switch A and Switch B.

Figure 5-9. BGP configuration.


258


Configure the VLAN that each interface belongs to.

XorPlus# set vlans vlan-id 10 l3-interface 10XorPlus# set vlans vlan-id 20 l3-interface 20XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 10XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 20XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Configure the VLAN interfaces and assign them IP addresses.

XorPlus# set vlan-interface interface 10 vif 10 address 192.168.10.1prefix-length 24XorPlus# set vlan-interface interface 20 vif 20 address 192.168.20.1prefix-length 24XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Configure an EBGP connection.

XorPlus# set protocols bgp bgp-id 1.1.1.1XorPlus# set protocols bgp local-as 100XorPlus# set protocols bgp peer 192.168.20.2 as 200XorPlus# set protocols bgp peer 192.168.20.2 local-ip 192.168.20.1XorPlus# set protocols bgp peer 192.168.20.2 next-hop-self trueXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#



XorPlus# set vlans vlan-id 20 l3-interface 20XorPlus# set vlans vlan-id 30 l3-interface 30XorPlus# set vlans vlan-id 40 l3-interface 40XorPlus# commit


259

Waiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 20XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingnative-vlan-id 30XorPlus# set interface gigabit-ethernet ge-1/1/4 family ethernet-switchingnative-vlan-id 40XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#


XorPlus# set vlan-interface interface 20 vif 20 address 192.168.20.2prefix-length 24XorPlus# set vlan-interface interface 30 vif 30 address 192.168.30.1prefix-length 24XorPlus# set vlan-interface interface 40 vif 40 address 192.168.40.1prefix-length 24XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Configure EBGP and IBGP connections.

XorPlus# set protocols bgp bgp-id 2.2.2.2XorPlus# set protocols bgp local-as 200XorPlus# set protocols bgp peer 192.168.20.1 as 100XorPlus# set protocols bgp peer 192.168.20.1 local-ip 192.168.20.2XorPlus# set protocols bgp peer 192.168.20.1 next-hop-self trueXorPlus# set protocols bgp peer 192.168.30.2 as 200XorPlus# set protocols bgp peer 192.168.30.2 local-ip 192.168.30.1XorPlus# set protocols bgp peer 192.168.30.2 next-hop-self trueXorPlus# set protocols bgp peer 192.168.40.2 as 200XorPlus# set protocols bgp peer 192.168.40.2 local-ip 192.168.40.1XorPlus# set protocols bgp peer 192.168.40.2 next-hop-self trueXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#



XorPlus# set vlans vlan-id 40 l3-interface 40XorPlus# set vlans vlan-id 50 l3-interface 50XorPlus# commit


260

Waiting for merging configuration.Commit OK.Save done.XorPlus# set interface gigabit-ethernet ge-1/1/4 family ethernet-switchingnative-vlan-id 40XorPlus# set interface gigabit-ethernet ge-1/1/5 family ethernet-switchingnative-vlan-id 50XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#



Configure an IBGP connection.

XorPlus# set protocols bgp bgp-id 3.3.3.3XorPlus# set protocols bgp local-as 200XorPlus# set protocols bgp peer 192.168.40.1 as 200XorPlus# set protocols bgp peer 192.168.40.1 local-ip 192.168.40.2XorPlus# set protocols bgp peer 192.168.40.1 next-hop-self trueXorPlus# set protocols bgp peer 192.168.50.1 as 200XorPlus# set protocols bgp peer 192.168.50.1 local-ip 192.168.50.2XorPlus# set protocols bgp peer 192.168.50.1 next-hop-self trueXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#



XorPlus# set vlans vlan-id 30 l3-interface 30XorPlus# set vlans vlan-id 50 l3-interface 50XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingnative-vlan-id 30XorPlus# set interface gigabit-ethernet ge-1/1/5 family ethernet-switchingnative-vlan-id 50XorPlus# commit


261

Waiting for merging configuration.Commit OK.Save done.XorPlus#





Viewing BGP peer statuses on Switch B

XorPlus# run show bgp peers detail Peer 2: local 192.168.10.2/179 remote 192.168.10.1/179Peer ID: 1.1.1.1Peer State: ESTABLISHEDAdmin State: STARTNegotiated BGP Version: 4Peer AS Number: 100Updates Received: 20, Updates Sent: 2Messages Received: 634, Messages Sent: 611Time since last received update: 1685 secondsNumber of transitions to ESTABLISHED: 1Time since last entering ESTABLISHED state: 15995 secondsRetry Interval: 120 secondsHold Time: 90 seconds, Keep Alive Time: 30 secondsConfigured Hold Time: 90 seconds, Configured Keep Alive Time: 30 secondsMinimum AS Origination Interval: 0 secondsMinimum Route Advertisement Interval: 0 seconds Peer 2: local 192.168.30.1/179 remote 192.168.30.2/179Peer ID: 4.4.4.4Peer State: ESTABLISHEDAdmin State: START


262

Negotiated BGP Version: 4Peer AS Number: 100Updates Received: 20, Updates Sent: 2Messages Received: 634, Messages Sent: 611Time since last received update: 1685 secondsNumber of transitions to ESTABLISHED: 1Time since last entering ESTABLISHED state: 15995 secondsRetry Interval: 120 secondsHold Time: 90 seconds, Keep Alive Time: 30 secondsConfigured Hold Time: 90 seconds, Configured Keep Alive Time: 30 secondsMinimum AS Origination Interval: 0 secondsMinimum Route Advertisement Interval: 0 seconds Peer 3: local 192.168.40.1/179 remote 192.168.40.2/179Peer ID: 3.3.3.3Peer State: ESTABLISHEDAdmin State: STARTNegotiated BGP Version: 4Peer AS Number: 100Updates Received: 20, Updates Sent: 2Messages Received: 634, Messages Sent: 611Time since last received update: 1685 secondsNumber of transitions to ESTABLISHED: 1Time since last entering ESTABLISHED state: 15995 secondsRetry Interval: 120 secondsHold Time: 90 seconds, Keep Alive Time: 30 secondsConfigured Hold Time: 90 seconds, Configured Keep Alive Time: 30 secondsMinimum AS Origination Interval: 0 secondsMinimum Route Advertisement Interval: 0 secondsXorPlus#

Configuring Switch A to advertise route 192.168.10.0/24

XorPlus# set policy policy-statement direct-to-bgp term t1 from protocolconnected XorPlus# set policy policy-statement direct-to-bgp term t1 from network4192.168.10.0/24XorPlus# set policy policy-statement direct-to-bgp term t1 then accept XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set protocols bgp export direct-to-bgpXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

View the BGP routing table of Switch B:

XorPlus# run show bgp routes Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path


263

------ ------- ---- -------*> 192.168.10.0/24 192.168.20.1 1.1.1.1 100 ?XorPlus#

View the BGP routing table of Switch C:

XorPlus# run show bgp routes Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path------ ------- ---- -------192.168.10.0/24 192.168.20.1 2.2.2.2 100 ?XorPlus#

The preceding command output display that the route to destination 192.168.10.0/24 becomes

invalid because the next hop address of this route is unreachable.

Configuring Switch B to advertise a connected route

XorPlus# set policy policy-statement direct-to-bgp term t1 from protocolconnected XorPlus# set policy policy-statement direct-to-bgp term t1 then accept XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set protocols bgp export direct-to-bgpXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Then ping 192.168.10.1 on Switch C:

XorPlus# run ping 192.168.10.1PING 192.168.10.1 (192.168.10.1) 56(84) bytes of data.64 bytes from 192.168.10.1: icmp_req=1 ttl=63 time=4.68 ms64 bytes from 192.168.10.1: icmp_req=2 ttl=63 time=4.46 ms64 bytes from 192.168.10.1: icmp_req=3 ttl=63 time=5.35 ms64 bytes from 192.168.10.1: icmp_req=4 ttl=63 time=4.52 ms64 bytes from 192.168.10.1: icmp_req=5 ttl=63 time=4.51 ms 192.168.10.1 ping statistics —5 packets transmitted, 5 received, 0% packet loss, time 4017msrtt min/avg/max/mdev = 4.460/4.709/5.358/0.338 msXorPlus#

View the BGP routing table of Switch C:

XorPlus# run show bgp routes Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path


264

------ ------- ---- -------192.168.10.0/24 192.168.20.1 2.2.2.2 100 ?*> 192.168.20.0/24 192.168.40.1 2.2.2.2?*>192.168.30.0/24 192.168.40.1 2.2.2.2?XorPlus#


The IBGP network should be formed without interrupting fullmesh BGP connections between

Switch B, Switch C, and Switch D, and call for simplified device configuration and management.

Configure Switch B, Switch C, and Switch D to have IBGP connections. Between Switch A and

Switch B should be an EBGP connection.

Configure Switch C as a route reflector with clients Switch B and Switch D.

Figure 5-10. BGP route reflector.





265









XorPlus# set vlan-interface interface 20 vif 20 address 192.168.20.2prefix-length 24XorPlus# set vlan-interface interface 40 vif 40 address 192.168.40.1prefix-length 24XorPlus# commitWaiting for merging configuration.


266


Configure EBGP and IBGP connections.

XorPlus# set policy policy-statement p2 term t1 from protocol bgpXorPlus#XorPlus# set policy policy-statement p2 term t1 from network4 192.168.10.0/24XorPlus# set policy policy-statement p2 term t1 then nexthop4 192.168.40.1 XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set protocols bgp bgp-id 2.2.2.2XorPlus# set protocols bgp local-as 200XorPlus# set protocols bgp peer 192.168.20.2 as 100XorPlus# set protocols bgp peer 192.168.20.1 local-ip 192.168.20.2XorPlus# set protocols bgp peer 192.168.20.1 next-hop-self trueXorPlus# set protocols bgp peer 192.168.40.2 as 200XorPlus# set protocols bgp peer 192.168.40.2 local-ip 192.168.40.1XorPlus# set protocols bgp peer 192.168.40.2 next-hop-self trueXorPlus# set protocols bgp export p2XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#



XorPlus# set vlans vlan-id 40 l3-interface 40XorPlus# set vlans vlan-id 50 l3-interface 50XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set interface gigabit-ethernet ge-1/1/4 family ethernet-switchingnative-vlan-id 40XorPlus# set interface gigabit-ethernet ge-1/1/5 family ethernet-switchingnative-vlan-id 50XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#


XorPlus# set vlan-interface interface 40 vif 40 address 192.168.40.2prefix-length 24XorPlus# set vlan-interface interface 50 vif 50 address 192.168.50.2prefix-length 24


267

XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#



Configure IBGP connections for the route reflector clients.

XorPlus# set protocols bgp route-reflector cluster-id 3.3.3.3 XorPlus# set protocols bgp route-reflector disable falseXorPlus# set protocols bgp peer 192.168.40.1 client trueXorPlus# set protocols bgp peer 192.168.50.1 client trueXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#






268



XorPlus# set protocols bgp bgp-id 4.4.4.4XorPlus# set protocols bgp local-as 200XorPlus# set protocols bgp peer 192.168.30.1 as 200XorPlus# set protocols bgp peer 192.168.30.1 local-ip 192.168.30.2XorPlus# set protocols bgp peer 192.168.30.1next-hop-self trueXorPlus# set protocols bgp peer 192.168.50.2 as 200XorPlus# set protocols bgp peer 192.168.50.2 local-ip 192.168.50.1XorPlus# set protocols bgp peer 192.168.50.2 next-hop-self trueXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Verifying configurations


XorPlus# run show bgp routes Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path------ ------- ---- -------*> 192.168.10.0/24 192.168.20.11.1.1.1200 ?XorPlus#

View the BGP routing table of Switch D:

XorPlus# run show bgp routes detail 192.168.10.0/24From peer: 3.3.3.3Route: Not UsedOrigin: INCOMPLETEAS Path: 200Nexthop: 192.168.40.1Multiple Exit Discriminator: 0Local Preference: 100Originator ID: 2.2.2.2Cluster List: 3.3.3.3


269


Configure a BGP confederation on each switch in AS 200 to divide AS 200 into two sub-AS's: AS

65010 and AS 65011. To reduce the number of IBGP connections, three switches in AS 65010

establish fullmesh IBGP connections.

Configure BGP confederation members Switch A, Switch B, Switch C, and Switch D. Between

Switch A and Switch D is an EBGP connection within AS 200.

Configure Switch A to connect without AS 200 to Switch E.

Figure 5-11. BGP confederation configuration.



XorPlus# set vlans vlan-id 20 l3-interface 20XorPlus# set vlans vlan-id 30 l3-interface 30XorPlus# set vlans vlan-id 40 l3-interface 40XorPlus# set vlans vlan-id 60 l3-interface 60XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 20XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingnative-vlan-id 30XorPlus# set interface gigabit-ethernet ge-1/1/4 family ethernet-switching


270

native-vlan-id 40XorPlus# set interface gigabit-ethernet ge-1/1/6 family ethernet-switchingnative-vlan-id 60XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#


XorPlus# set vlan-interface interface 20 vif 20 address 192.168.20.2prefix-length 24XorPlus# set vlan-interface interface 30 vif 30 address 192.168.30.1prefix-length 24XorPlus# set vlan-interface interface 40 vif 40 address 192.168.40.1prefix-length 24XorPlus# set vlan-interface interface 60 vif 60 address 192.168.60.1prefix-length 24XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Configure EBGP and IBGP connections within confederation AS 200.

XorPlus# set protocols bgp bgp-id 2.2.2.2XorPlus# set protocols bgp local-as 65010XorPlus# protocols bgp confederation identifier 200XorPlus# protocols bgp confederation disable falseXorPlus# set protocols bgp peer 192.168.30.2 as 65010XorPlus# set protocols bgp peer 192.168.30.2 local-ip 192.168.30.1XorPlus# set protocols bgp peer 192.168.30.2 next-hop-self trueXorPlus# set protocols bgp peer 192.168.30.2 confederation-member trueXorPlus# set protocols bgp peer 192.168.40.2 as 65010XorPlus# set protocols bgp peer 192.168.40.2 local-ip 192.168.40.1XorPlus# set protocols bgp peer 192.168.40.2 next-hop-self trueXorPlus# set protocols bgp peer 192.168.40.2 confederation-member trueXorPlus# set protocols bgp peer 192.168.60.2 as 65011XorPlus# set protocols bgp peer 192.168.60.2 local-ip 192.168.60.1XorPlus# set protocols bgp peer 192.168.60.2 next-hop-self trueXorPlus# set protocols bgp peer 192.168.60.2 confederation-member trueXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Configure an EBGP connection without confederation AS 200.

XorPlus# set protocols bgp peer 192.168.20.2 as 100XorPlus# set protocols bgp peer 192.168.20.1 local-ip 192.168.20.2XorPlus# set protocols bgp peer 192.168.20.1 next-hop-self trueXorPlus# commitWaiting for merging configuration.


271







Configure an IBGP connection within confederation AS 200.

XorPlus# set protocols bgp bgp-id 3.3.3.3XorPlus# set protocols bgp local-as 65010XorPlus# protocols bgp confederation identifier 200XorPlus# protocols bgp confederation disable falseXorPlus# set protocols bgp peer 192.168.40.1 as 65010XorPlus# set protocols bgp peer 192.168.40.1 local-ip 192.168.40.2XorPlus# set protocols bgp peer 192.168.40.1 next-hop-self trueXorPlus# set protocols bgp peer 192.168.40.1 confederation-member trueXorPlus# set protocols bgp peer 192.168.50.1 as 65010XorPlus# set protocols bgp peer 192.168.50.1 local-ip 192.168.50.2XorPlus# set protocols bgp peer 192.168.50.1 next-hop-self trueXorPlus# set protocols bgp peer 192.168.50.1 confederation-member trueXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#


272






Configure an IBGP connection within confederation AS 200.

XorPlus# set protocols bgp bgp-id 4.4.4.4XorPlus# set protocols bgp local-as 65010XorPlus# protocols bgp confederation identifier 200XorPlus# protocols bgp confederation disable falseXorPlus# set protocols bgp peer 192.168.30.1 as 65010XorPlus# set protocols bgp peer 192.168.30.1 local-ip 192.168.30.2XorPlus# set protocols bgp peer 192.168.30.1 next-hop-self trueXorPlus# set protocols bgp peer 192.168.30.1 confederation-member trueXorPlus# set protocols bgp peer 192.168.50.2 as 65010XorPlus# set protocols bgp peer 192.168.50.2 local-ip 192.168.50.1XorPlus# set protocols bgp peer 192.168.50.2 next-hop-self trueXorPlus# set protocols bgp peer 192.168.50.2 confederation-member trueXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#



273


XorPlus# set vlans vlan-id 60 l3-interface 60XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set interface gigabit-ethernet ge-1/1/6 family ethernet-switchingnative-vlan-id 60XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#



Configure an EBGP connection within confederation AS 200.

XorPlus# set protocols bgp bgp-id 5.5.5.5XorPlus# set protocols bgp local-as 65011XorPlus# protocols bgp confederation identifier 200XorPlus# protocols bgp confederation disable falseXorPlus# set protocols bgp peer 192.168.60.2 as 65010XorPlus# set protocols bgp peer 192.168.60.2 local-ip 192.168.60.1XorPlus# set protocols bgp peer 192.168.60.2 next-hop-self trueXorPlus# set protocols bgp peer 192.168.60.2 confederation-member trueXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#



XorPlus# set vlans vlan-id 10 l3-interface 10XorPlus# set vlans vlan-id 20 l3-interface 20XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 10XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switching


274

native-vlan-id 20XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#





Verifying the configuration


XorPlus# run show bgp routes detail 192.168.10.0/24From peer: 2.2.2.2Route: Not UsedOrigin: INCOMPLETEAS Path: 100Nexthop: 192.168.20.1Multiple Exit Discriminator: 0Local Preference: 100 View the BGP routing table of Switch D: XorPlus# run show bgp routes detail 192.168.10.0/24From peer: 15.15.15.15Route: Not UsedOrigin: INCOMPLETEAS Path: (65010) 100Nexthop: 192.168.30.2Local Preference: 100


275


Configure load balancing on Switch A.

Configure EBGP connections between Switch B and Switch A, and between Switch B and Switch

D.

Configure EBGP connections between Switch C and Switch A, and between Switch C and Switch

D.

Figure 5-12. BGP load balancing.



XorPlus# set vlans vlan-id 30 l3-interface vlan30XorPlus# set vlans vlan-id 40 l3-interface vlan40XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 30XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 40XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#


XorPlus# set vlan-interface interface vlan30 vif vlan30 address 192.168.30.1prefix-length 24XorPlus# set vlan-interface interface vlan40 vif vlan40 address 192.168.40.1


276

prefix-length 24XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#


XorPlus# set protocols bgp bgp-id 1.1.1.1XorPlus# set protocols bgp local-as 100XorPlus# set protocols bgp peer 192.168.30.2 as 200XorPlus# set protocols bgp peer 192.168.30.2 local-ip 192.168.30.1XorPlus# set protocols bgp peer 192.168.40.2 as 300XorPlus# set protocols bgp peer 192.168.40.2 local-ip 192.168.30.1XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#



XorPlus# set vlans vlan-id 20 l3-interface vlan20XorPlus# set vlans vlan-id 30 l3-interface vlan30XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 30XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 20XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#


XorPlus# set vlan-interface interface vlan20 vif vlan20 address 192.168.20.2prefix-length 24XorPlus# set vlan-interface interface vlan30 vif vlan30 address 192.168.30.2prefix-length 24XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#



277






XorPlus# set vlan-interface interface vlan40 vif vlan40 address 192.168.40.2prefix-length 24XorPlus# set vlan-interface interface vlan50 vif vlan50 address 192.168.50.2prefix-length 24XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# Configure an EBGP connection. XorPlus# set protocols bgp bgp-id 3.3.3.3XorPlus# set protocols bgp local-as 300XorPlus# set protocols bgp peer 192.168.40.1 as 100XorPlus# set protocols bgp peer 192.168.40.1 local-ip 192.168.40.2XorPlus# set protocols bgp peer 192.168.50.1 as 400XorPlus# set protocols bgp peer 192.168.50.1 local-ip 192.168.50.2XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#


278



XorPlus# set vlans vlan-id 10 l3-interface vlan10XorPlus# set vlans vlan-id 20 l3-interface vlan20XorPlus# set vlans vlan-id 50 l3-interface vlan50XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 10XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 20XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switchingnative-vlan-id 50XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#


XorPlus# set vlan-interface interface vlan10 vif vlan10 address 192.168.10.1prefix-length 24XorPlus# set vlan-interface interface vlan20 vif vlan20 address 192.168.20.1prefix-length 24XorPlus# set vlan-interface interface vlan50 vif vlan50 address 192.168.50.1prefix-length 24XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#



Viewing BGP peer statuses on Switch B


279

XorPlus# run show bgp peers detail Peer 2: local 192.168.20.2/179 remote 192.168.20.1/39912Peer ID: 1.1.1.1Peer State: ESTABLISHEDAdmin State: STARTNegotiated BGP Version: 4Peer AS Number: 100Updates Received: 20, Updates Sent: 2Messages Received: 634, Messages Sent: 611Time since last received update: 1685 secondsNumber of transitions to ESTABLISHED: 1Time since last entering ESTABLISHED state: 15995 secondsRetry Interval: 120 secondsHold Time: 90 seconds, Keep Alive Time: 30 secondsConfigured Hold Time: 90 seconds, Configured Keep Alive Time: 30 secondsMinimum AS Origination Interval: 0 secondsMinimum Route Advertisement Interval: 0 seconds Peer 2: local 192.168.30.2/16808 remote 192.168.30.1/179Peer ID: 4.4.4.4Peer State: ESTABLISHEDAdmin State: STARTNegotiated BGP Version: 4Peer AS Number: 100Updates Received: 20, Updates Sent: 2Messages Received: 634, Messages Sent: 611Time since last received update: 1685 secondsNumber of transitions to ESTABLISHED: 1Time since last entering ESTABLISHED state: 15995 secondsRetry Interval: 120 secondsHold Time: 90 seconds, Keep Alive Time: 30 secondsConfigured Hold Time: 90 seconds, Configured Keep Alive Time: 30 secondsMinimum AS Origination Interval: 0 secondsMinimum Route Advertisement Interval: 0 seconds

Viewing BGP peer statuses on Switch C

XorPlus# run show bgp peers detail Peer 2: local 192.168.40.2/179 remote 192.168.40.1/38815Peer ID: 1.1.1.1Peer State: ESTABLISHEDAdmin State: STARTNegotiated BGP Version: 4Peer AS Number: 100Updates Received: 20, Updates Sent: 2Messages Received: 634, Messages Sent: 611Time since last received update: 1685 secondsNumber of transitions to ESTABLISHED: 1Time since last entering ESTABLISHED state: 15995 secondsRetry Interval: 120 secondsHold Time: 90 seconds, Keep Alive Time: 30 secondsConfigured Hold Time: 90 seconds, Configured Keep Alive Time: 30 secondsMinimum AS Origination Interval: 0 secondsMinimum Route Advertisement Interval: 0 seconds Peer 2: local 192.168.50.2/49923 remote 192.168.50.1/179Peer ID: 4.4.4.4Peer State: ESTABLISHEDAdmin State: STARTNegotiated BGP Version: 4Peer AS Number: 100


280

Updates Received: 20, Updates Sent: 2Messages Received: 634, Messages Sent: 611Time since last received update: 1685 secondsNumber of transitions to ESTABLISHED: 1Time since last entering ESTABLISHED state: 15995 secondsRetry Interval: 120 secondsHold Time: 90 seconds, Keep Alive Time: 30 secondsConfigured Hold Time: 90 seconds, Configured Keep Alive Time: 30 secondsMinimum AS Origination Interval: 0 secondsMinimum Route Advertisement Interval: 0 seconds

Configuring Switch D to advertise route 192.168.10.0/24

Configure Switch A to enable BGP multipath:

XorPlus# set protocols bgp multipath disable falseXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Configure Switch D to advertise route 192.168.10.0/24:

XorPlus# set policy policy-statement direct-to-bgp term t1 from protocolconnected XorPlus# set policy policy-statement direct-to-bgp term t1 from network4192.168.10.0/24XorPlus# set policy policy-statement direct-to-bgp term t1 then accept XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# set protocols bgp export direct-to-bgpXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

View the BGP routing table of Switch A:

XorPlus# run show bgp routes Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path------ ------- ---- -------*> 192.168.10.0/24 192.168.30.2 2.2.2.2 200 400 ?192.168.10.0/24 192.168.40.2 3.3.3.3 200 400 ?XorPlus#

As expected, Switch A is not load balancing because it does not view the paths as "equal," but as

different AS paths.


281

Configuring BGP multipath path-relax on Switch A

XorPlus# set protocols bgp multipath path-relax trueXorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

View the BGP routing table and IP routing table of Switch A:

XorPlus# run show bgp routes Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path------ ------- ---- -------*> 192.168.10.0/24 192.168.30.2 2.2.2.2 200 400 ?*> 192.168.10.0/24 192.168.40.2 3.3.3.3 200 400 ?XorPlus# XorPlus# run show route table ipv4 unicast ebgp 192.168.10.0/24 [ebgp(20)/0]> to 192.168.30.2 via vlan30/vlan30192.168.10.0/24 [ebgp(20)/0]> to 192.168.40.2 via vlan40/vlan40XorPlus# XorPlus#




BGP is a path vector protocol used to carry routing information between autonomous systems.The

term path vector comes from the fact that BGP routing information carries a sequence of AS

numbers that identifies the path of ASs that a network prefix has traversed. The path information

associated with the prefix is used to enable loop prevention.

BGP uses TCP as its transport protocol (port 179). This ensures that all the transport reliability

(such as retransmission) is taken care of by TCP and does not need to be implemented in BGP,

thereby simplifying the complexity associated with designing reliability into the protocol itself.

Routers that run a BGP routing process are often referred to as BGP speakers. Two BGP

speakers that form a TCP connection between one another for the purpose of exchanging routing

information are referred to as neighbors or peers. Peer routers exchange open messages to

determine the connection parameters.These messages are used to communicate values such as

the BGP speaker's version number.


282

BGP also provides a mechanism to gracefully close a connection with a peer. In other words,in the

event of a disagreement between the peers, be it resultant of configuration,incompatibility, operator

intervention, or other circumstances, a NOTIFICATION error message is sent, and the peer

connection does not get established or is torn down if it's already established. The benefit of this

mechanism is that both peers understand that the connection could not be established or

maintained and do not waste resources that would otherwise be required to maintain or blindly

reattempt to establish the connection. The graceful close mechanism simply ensures that all

outstanding messages, primarily NOTIFICATION error messages, are delivered before the TCP

session is closed.

Initially, when a BGP session is established between a set of BGP speakers, all candidate BGP

routes are exchanged, After the session has been established and the initial route exchange has

occurred, only incremental updates are sent as network information changes.

Routes are advertised between a pair of BGP routers in UPDATE messages. The UPDATE

message contains, among other things, a list of <length, prefix> tuples that indicate the list of

destinations that can be reached via a BGP speaker. The UPDATE message also contains the

path attributes, which include such information as the degree of preference for a particular route

and the list of ASs that the route has traversed.

In the event that a route becomes unreachable, a BGP speaker informs its neighbors by

withdrawing the invalid route. withdrawn routes are part of the UPDATE message. These routes

are no longer available for use. If information associated with a route has changed, or a new path

for the same prefix has been selected, a withdrawal is not required; it is enough to just advertise a

replacement route.

If no routing changes occur, the routers exchange only KEEPALIVE packets.

KEEPALIVE messages are sent periodically between BGP neighbors to ensure that the connection

is kept alive. KEEPALIVE packets (19 bytes each) should not cause any strain on the router CPU

or link bandwidth, because they consume a minimal amount of bandwidth.


Commands References:

XorPlus#set protocols bgp bgp-id <ipv4 address>

Note:This command is to configure a bgp-id , it indicate a bgp router uniquely.

XorPlus#set protocols bgp local-as <as-number>

Note :This commad it to configure a as-number ,it tell us which as the bgp router in ,it should be

expressed use a two-byte length digit or use a 4-byte length digit <0-4294967295> or

<0..65535>.<0..65535>.

XorPlus# set protocols bgp peer <peer-ipv6-address> as <peer-as-number>


283

Note :This command is to specify an bgp peer and it’s as-number.

XorPlus# set protocols bgp peer <peer-ipv6-address> local-ip<local-ipv6-address>

Note :This command is to specify the local ipv6 address for bgp peer session.

XorPlus# set protocols bgp peer <peer-ipv6-address> ipv6-unicast <true/false>

Note : IPV6 bgp route will be propagated to it’s bgp peer after enable ipv6-unicast.

XorPlus# set protocols bgp peer <peer-ipv6-address> ipv4-unicast <true/false>

Note :The ipv4 bgp route entry should be propagated via bgp update packet , ipv4-unicast was

disabled by default.

XorPlus# set protocols bgp peer <peer-ipv6-address> default-route-advertisedisable <true/false>

Note : It will advertise a default route entry to it’s bgp peer after you enabled

default-route-advertise.

XorPlus# set protocols bgp peer <peer-ipv6-address> allow-as-loop<true/false>

Note :It will receive the bgp route entry with it’s own as number , by default ,the bgp route entry

with it’s own as number will be droped for prevent loops.

XorPlus# set protocols bgp peer <peer-ipv6-address> holdtime <0 or 3-65535>

Note :This command is to set the hold-timer value ,and the keepavlive timer will be holdtime/3

,holdtime should be 0 , it means ,the bgp peering session will not expired any more ,and holdtime

also should be the digit 3-65535.

XorPlus# set protocols bgp peer <peer-ipv6-address> md5-password <text>

Note :This command is to configure a md5-password ,the two peers must have the same

md5-password.

XorPlus# set protocols bgp peer <peer-ipv6-address> next-hop-self<true/false>

Note :This command is to enable next-hop-self when you configure IBGP peer session ,the

next-hop will be set it’s own ipv6 address after you enabled next-hop-self.


284

XorPlus# set protocols bgp peer <peer-ipv6-address> prefix-limit maximum<1-12000>

Note :This command is to set the maximum bgp route entry limit for one bgp peer.

XorPlus# set protocols bgp peer <peer-ipv6-address> public-as-only<true/false>

Note :The private as-number will be removed from the as-path if the private as number in the

as-path after you enabled public-as-only.

EBGP Peering

EBGP Peering:

Directly connected peer

Non-Directly connected peer

Establish ebgp peer use loopback interface

(1)Directly connected peer

Figure 1-4

Step 1:Configure bgp-id and local-as

SwitchA:

XorPlus# set protocols bgp bgp-id 6.6.6.6XorPlus# set protocols bgp local-as "6"

SwitchB:


Step 2:Configure bgp peer

SwitchA:


285

XorPlus# set protocols bgp peer 3003::2 local-ip "3003::1"XorPlus# set protocols bgp peer 3003::2 as "9"XorPlus# set protocols bgp peer 3003::2 ipv6-unicast true

SwitchB:


Step 3:Enable ipv6-unicast

SwitchA:

XorPlus# set protocols bgp peer 3003::2 ipv6-unicast true

SwitchB:


Step 4:Check bgp peer status:

SwitchA:

XorPlus# run show bgp peers detail 3003::2Peer 1: local 3003::1/179 remote 3003::2/53149 Peer ID: 9.9.9.9 Peer State: ESTABLISHED Admin State: START Negotiated BGP Version: 4 Peer AS Number: 9 Updates Received: 0, Updates Sent: 0 Messages Received: 3, Messages Sent: 3 Time since last received update: n/a Number of transitions to ESTABLISHED: 1 Time since last entering ESTABLISHED state: 33 seconds Retry Interval: 120 seconds Hold Time: 90 seconds, Keep Alive Time: 30 seconds Configured Hold Time: 90 seconds, Configured Keep Alive Time: 30 seconds Minimum AS Origination Interval: 0 seconds Minimum Route Advertisement Interval: 0 seconds

SwitchB:

XorPlus# run show bgp peers detail 3003::1Peer 1: local 3003::2/53149 remote 3003::1/179 Peer ID: 6.6.6.6 Peer State: ESTABLISHED Admin State: START Negotiated BGP Version: 4 Peer AS Number: 6 Updates Received: 0, Updates Sent: 0 Messages Received: 3, Messages Sent: 3 Time since last received update: n/a Number of transitions to ESTABLISHED: 1


286

Time since last entering ESTABLISHED state: 41 seconds Retry Interval: 120 seconds Hold Time: 90 seconds, Keep Alive Time: 30 seconds Configured Hold Time: 90 seconds, Configured Keep Alive Time: 30 seconds Minimum AS Origination Interval: 0 seconds Minimum Route Advertisement Interval: 0 seconds

(2) Establish EBGP via non-direct-connected interfaces

Figure 1-5

Step 1:SwitchA SwitchB SwitchC Enable OSPFV3

SwitchA:

XorPlus#set protocols ospf6 instance-id 1XorPlus#set protocols ospf6 router-id 9.9.9.9XorPlus#set protocols ospf6 area 0.0.0.0 interface vlan500 vif vlan500address 5005::1XorPlus#set protocols ospf6 area 0.0.0.0 interface vlan300 vif vlan300address 3003::2

SwitchB:


SwitchC:

XorPlus#set protocols ospf6 instance-id 1XorPlus#set protocols ospf6 router-id 26.26.26.26XorPlus#set protocols ospf6 area 0.0.0.0 interface vlan100 vif vlan100address 1001::2


287

Step 2:Check ospfv3 status on SwitchB

XorPlus# run show ospf6 neighborAddress Interface State Router ID Pri Dead--------------------------------------- --------------------- -------- --------------- ----- ----fe80::ca0a:a9ff:204:4928 vlan100/vlan100 Full 26.26.26.26 128 35 fe80::ca0a:a9ff:5ae:a66 vlan300/vlan300 Full 9.9.9.9 128 38

Note:Two ospf6 neighbor all established

Step 3:Check the route table on SwitchA SwitchC

Note:there should be 3003::/64 route entry on SwitchC,and 1001::/64 should in SwitchA’s route

table:

SwitchA:

XorPlus# run show route forward-route ipv6 allDestination NetMask NextHopMac Port --------------------------------------- --------------------------------------- ----------------- ---------2001:: ffff:ffff:ffff:ffff:: C8:0A:A9:AE:0A:66 connected4001:: ffff:ffff:ffff:ffff:: C8:0A:A9:AE:0A:66 connected3003:: ffff:ffff:ffff:ffff:: C8:0A:A9:AE:0A:66 connected1001:: ffff:ffff:ffff:ffff:: 04:7D:7B:62:93:FF te-1/1/466006:: ffff:ffff:ffff:ffff:: C8:0A:A9:AE:0A:66 connected5005:: ffff:ffff:ffff:ffff:: C8:0A:A9:AE:0A:66 connected1001:: ffff:ff00:: 04:7D:7B:62:93:FF te-1/1/46

SwitchC:

XorPlus# run show route forward-route ipv6 allDestination NetMask NextHopMac Port --------------------------------------- --------------------------------------- ----------------- ---------3003:: ffff:ffff:ffff:ffff:: 04:7D:7B:62:93:FF te-1/1/496006:: ffff:ffff:ffff:ffff:: C8:0A:A9:04:49:28 connected2002:: ffff:ffff:ffff:ffff:: C8:0A:A9:04:49:28 connected5005:: ffff:ffff:ffff:ffff::


288

04:7D:7B:62:93:FF te-1/1/491001:: ffff:ff00:: C8:0A:A9:04:49:28 connected

Step 4:Configure EBGP on SwitchA SwitchC

SwitchA:

XorPlus#set protocols bgp bgp-id 9.9.9.9XorPlus#set protocols bgp local-as "9"XorPlus#set protocols bgp peer 1001::2 local-ip "3003::2"XorPlus#set protocols bgp peer 1001::2 as "26"XorPlus#set protocols bgp peer 1001::2 ipv6-unicast true

SwitchC:


Step 5:Check bgp peer status

XorPlus# run show bgp peers detailPeer 1: local 3003::2/60737 remote 1001::2/179 Peer ID: 26.26.26.26 Peer State: ESTABLISHED Admin State: START Negotiated BGP Version: 4 Peer AS Number: 26 Updates Received: 0, Updates Sent: 0 Messages Received: 2, Messages Sent: 2 Time since last received update: n/a Number of transitions to ESTABLISHED: 2 Time since last entering ESTABLISHED state: 13 seconds Retry Interval: 120 seconds Hold Time: 90 seconds, Keep Alive Time: 30 seconds Configured Hold Time: 90 seconds, Configured Keep Alive Time: 30 seconds Minimum AS Origination Interval: 0 seconds Minimum Route Advertisement Interval: 0 seconds

(3)Establish ebgp peer use loopback interface


289

Figure 1-6

Step 1:Configure loopback interface

SwitchA:

XorPlus# set vlan-interface loopback address 6666::6 prefix-length 128

SwitchB:


Step 2:Configure static route on SwitchA SwitchB

SwitchA:

XorPlus#set protocols static route 9999::9/128 next-hop 3003::2XorPlus# run show route forward-host ipv6 allAddress HWaddress Port --------------------------------------- ----------------- ---------9999::9 C8:0A:A9:AE:0A:66 te-1/1/463003::2 C8:0A:A9:AE:0A:66 te-1/1/466666::6 04:7D:7B:62:93:FF connected

SwitchB:

XorPlus# set protocols static route 6666::6/128 next-hop 3003::1XorPlus# run show route forward-host ipv6 allAddress HWaddress Port --------------------------------------- ----------------- ---------3003::1 04:7D:7B:62:93:FF te-1/1/469999::9 C8:0A:A9:AE:0A:66 connected6666::6 04:7D:7B:62:93:FF te-1/1/46

Step 3: Configure bgp-id and local-as

Note :The two parameters must commit at the same time it will commit failed if lack either of the

two

SwitchA:


290

XorPlus#set protocols bgp bgp-id 6.6.6.6XorPlus#set protocols bgp local-as "6"

SwitchB:


Step 4:Configure one bgp peer

SwitchA:

XorPlus#set protocols bgp peer 9999::9 local-ip "6666::6"XorPlus#set protocols bgp peer 9999::9 as "9"

SwitchB:

XorPlus#set protocols bgp peer 6666::6 local-ip "9999::9"XorPlus#set protocols bgp peer 6666::6 as "6


SwitchA:


SwitchB:



SwitchA:

XorPlus# run show bgp peers detail 9999::9Peer 1: local 6666::6/33573 remote 9999::9/179 Peer ID: 9.9.9.9 Peer State: ESTABLISHED Admin State: START Negotiated BGP Version: 4 Peer AS Number: 9 Updates Received: 1, Updates Sent: 0 Messages Received: 48, Messages Sent: 48 Time since last received update: 1218 seconds Number of transitions to ESTABLISHED: 4 Time since last entering ESTABLISHED state: 1238 seconds Retry Interval: 120 seconds Hold Time: 90 seconds, Keep Alive Time: 30 seconds Configured Hold Time: 90 seconds, Configured Keep Alive Time: 30 seconds Minimum AS Origination Interval: 0 seconds Minimum Route Advertisement Interval: 0 seconds


291

SwitchB:


IBGP Peering

IBGP Peering:

Directly connected peer

Non-Directly connected peer

Establish bgp peer use loopback interface

(1)Directly connected peer

Figure 1-1



two

SwitchA:



292

SwitchB:


Step 2:Configure one bgp peer

SwitchA:


SwitchB:



SwitchA:

XorPlus#set protocols bgp peer 3003::2 ipv6-unicast true

SwitchB:

XorPlus#set protocols bgp peer 3003::1 ipv6-unicast true

Step 4:Enable next-hop-self

SwitchA:

XorPlus#set protocols bgp peer 3003::2 next-hop-self true

SwitchB:


Step 5:Check bgp peer status on SwitchA SwitchB

SwitchA:

XorPlus# run show bgp peers detail 3003::2Peer 1: local 3003::1/179 remote 3003::2/39351


293

Peer ID: 9.9.9.9 Peer State: ESTABLISHED Admin State: START Negotiated BGP Version: 4 Peer AS Number: 9 Updates Received: 1, Updates Sent: 0 Messages Received: 27, Messages Sent: 26 Time since last received update: 669 seconds Number of transitions to ESTABLISHED: 1 Time since last entering ESTABLISHED state: 669 seconds Retry Interval: 120 seconds Hold Time: 90 seconds, Keep Alive Time: 30 seconds Configured Hold Time: 90 seconds, Configured Keep Alive Time: 30 seconds Minimum AS Origination Interval: 0 seconds Minimum Route Advertisement Interval: 0 secondsXorPlus#

SwitchB:


(2) Non-Directly connected peer

Figure 1-2


294

Step 1:SwitchA SwitchB SwitchC Enable OSPFV3

SwitchA:


SwitchB:


SwitchC:


Step 2:Check ospfv3 status on SwitchB

XorPlus# run show ospf6 neighborAddress Interface State Router ID Pri Dead--------------------------------------- --------------------- -------- --------------- ----- ----fe80::ca0a:a9ff:204:4928 vlan100/vlan100 Full 26.26.26.26 128 35 fe80::ca0a:a9ff:5ae:a66 vlan300/vlan300 Full 9.9.9.9 128 38

Note:Two ospf6 neighbor all established

Step 3:Check the route table on SwitchA SwitchC

Note:there should be 3003::/64 route entry on SwitchC,and 1001::/64 should in SwitchA’s

route table:

SwitchA:

XorPlus# run show route forward-route ipv6 allDestination NetMask NextHopMac Port


295

--------------------------------------- --------------------------------------- ----------------- ---------2001:: ffff:ffff:ffff:ffff:: C8:0A:A9:AE:0A:66 connected4001:: ffff:ffff:ffff:ffff:: C8:0A:A9:AE:0A:66 connected3003:: ffff:ffff:ffff:ffff:: C8:0A:A9:AE:0A:66 connected1001:: ffff:ffff:ffff:ffff:: 04:7D:7B:62:93:FF te-1/1/466006:: ffff:ffff:ffff:ffff:: C8:0A:A9:AE:0A:66 connected5005:: ffff:ffff:ffff:ffff:: C8:0A:A9:AE:0A:66 connected1001:: ffff:ff00:: 04:7D:7B:62:93:FF te-1/1/46

SwitchC:

XorPlus# run show route forward-route ipv6 allDestination NetMask NextHopMac Port --------------------------------------- --------------------------------------- ----------------- ---------3003:: ffff:ffff:ffff:ffff:: 04:7D:7B:62:93:FF te-1/1/496006:: ffff:ffff:ffff:ffff:: C8:0A:A9:04:49:28 connected2002:: ffff:ffff:ffff:ffff:: C8:0A:A9:04:49:28 connected5005:: ffff:ffff:ffff:ffff:: 04:7D:7B:62:93:FF te-1/1/491001:: ffff:ff00:: C8:0A:A9:04:49:28 connected

Step 4:Configure IBGP on SwitchA SwitchC

SwitchA:


SwitchC:



SwitchA:


296


Note:As the peer 3003::2 could be connected via ospf6,there are route table for network

3003::/64

(3)Establish bgp peer use loopback interface

Figure 1-3

Step 1:Configure loopback interface

SwitchA:

XorPlus#set vlan-interface loopback address 6666::6 prefix-length 128

SwitchB:


Step 2:Configure static route on SwitchA SwitchB

SwitchA:


297

XorPlus#set protocols static route 9999::9/128 next-hop 3003::2XorPlus# run show route forward-host ipv6 allAddress HWaddress Port --------------------------------------- ----------------- ---------9999::9 C8:0A:A9:AE:0A:66 te-1/1/463003::2 C8:0A:A9:AE:0A:66 te-1/1/466666::6 04:7D:7B:62:93:FF connected

SwitchB:

XorPlus# set protocols static route 6666::6/128 next-hop 3003::1XorPlus# run show route forward-host ipv6 allAddress HWaddress Port --------------------------------------- ----------------- ---------3003::1 04:7D:7B:62:93:FF te-1/1/469999::9 C8:0A:A9:AE:0A:66 connected6666::6 04:7D:7B:62:93:FF te-1/1/46

Step 3: Configure bgp-id and local-as


two

SwitchA:


SwitchB:



SwitchA:


SwitchB:

XorPlus#set protocols bgp peer 6666::6 local-ip "9999::9"XorPlus#set protocols bgp peer 6666::6 as "9


SwitchA:



298

SwitchB:


Step 6:Enable next-hop-self

SwitchA:


SwitchB:


Step 7:check bgp peer status

SwitchA:

XorPlus# run show bgp peers detail 9999::9Peer 1: local 6666::6/60097 remote 9999::9/179 Peer ID: 9.9.9.9 Peer State: ESTABLISHED Admin State: START Negotiated BGP Version: 4 Peer AS Number: 9 Updates Received: 0, Updates Sent: 0 Messages Received: 3, Messages Sent: 3 Time since last received update: n/a Number of transitions to ESTABLISHED: 3 Time since last entering ESTABLISHED state: 38 seconds Retry Interval: 120 seconds Hold Time: 90 seconds, Keep Alive Time: 30 seconds Configured Hold Time: 90 seconds, Configured Keep Alive Time: 30 seconds Minimum AS Origination Interval: 0 seconds Minimum Route Advertisement Interval: 0 secondsXorPlus#

SwitchB:

XorPlus# run show bgp peers detail 6666::6Peer 1: local 9999::9/179 remote 6666::6/60097 Peer ID: 6.6.6.6 Peer State: ESTABLISHED Admin State: START Negotiated BGP Version: 4 Peer AS Number: 9 Updates Received: 0, Updates Sent: 0 Messages Received: 4, Messages Sent: 5 Time since last received update: n/a Number of transitions to ESTABLISHED: 3 Time since last entering ESTABLISHED state: 62 seconds Retry Interval: 120 seconds Hold Time: 90 seconds, Keep Alive Time: 30 seconds


299

Configured Hold Time: 90 seconds, Configured Keep Alive Time: 30 seconds Minimum AS Origination Interval: 0 seconds Minimum Route Advertisement Interval: 0 seconds


Case 1:One peer enable 4-byte-as-number , Another peer didn’t enable 4-byte-as-number

Figure 1-7

Step 1:Enable 4-Byte-AS-Number on SwitchB

SwitchB:

XorPlus# set protocols bgp enable-4byte-as-numbers true


SwitchA:


SwitchB:

XorPlus#set protocols bgp bgp-id 6.6.6.6XorPlus#set protocols bgp local-as "6.0"


Note :You must use a special as number 23456 , if local didn’t enable 4-Byte-AS-Number,but it’s

peer already enable 4-Byte-AS-Number.

SwitchA:

XorPlus#set protocols bgp peer 3003::1 local-ip "3003::2"XorPlus#set protocols bgp peer 3003::1 as "23456"XorPlus#set protocols bgp peer 3003::1 ipv6-unicast true


300

SwitchB:



SwitchA:


SwitchB:


Step 5:SwitchB Distribute a bgp route entry , then check the bgp route table on SwitchA

SwitchB BGP route table:

XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete


301

Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::9/128 3003::2 0.0.0.0 ?XorPlus# run show bgp routes ipv6 detail9999::9/128 From peer: 0.0.0.0 Route: Winner Origin: INCOMPLETE AS Path: Nexthop: 3003::2 Local Preference: 100XorPlus#

SwitchA BGP route table:


Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::9/128 3003::1 6.6.6.6 23456 ?XorPlus# run show bgp routes ipv6 detail9999::9/128 From peer: 6.6.6.6 Route: Winner Origin: INCOMPLETE AS Path: 23456 Nexthop: 3003::1 Multiple Exit Discriminator: 0 Local Preference: 100 AS4 Path: 6.0XorPlus#

Note : We can see that ,the as-path is 23456 the bgp route entry came from SwitchB, as SwitchA

didn’t support 4-Byte-AS-Number.

Case 2:Two peer all enable 4-byte-as-number

Figure 1-8

Step 1:Enable 4-Byte-AS-Number on SwitchA SwitchB


302

SwitchA:


SwitchB:


Step 2:Configure bgp-id and 4-Byte-AS-Number

SwitchA:


SwitchB:


Step 3:Configure BGP Peer

SwitchA:

XorPlus#set protocols bgp peer 3003::1 local-ip "3003::2"XorPlus#set protocols bgp peer 3003::1 as "1.1"XorPlus#set protocols bgp peer 3003::1 ipv6-unicast true

SwitchB:

XorPlus#set protocols bgp peer 3003::2 local-ip "3003::1"XorPlus#set protocols bgp peer 3003::2 as "1.0"XorPlus#set protocols bgp peer 3003::2 ipv6-unicast true

Step 4:Check BGP Peer Status

SwitchA:

XorPlus# run show bgp peers detail 3003::1Peer 1: local 3003::2/50552 remote 3003::1/179 Peer ID: 6.6.6.6 Peer State: ESTABLISHED Admin State: START Negotiated BGP Version: 4 Peer AS Number: 65537 Updates Received: 0, Updates Sent: 0 Messages Received: 5, Messages Sent: 5 Time since last received update: n/a Number of transitions to ESTABLISHED: 7 Time since last entering ESTABLISHED state: 89 seconds Retry Interval: 120 seconds Hold Time: 90 seconds, Keep Alive Time: 30 seconds


303

Configured Hold Time: 90 seconds, Configured Keep Alive Time: 30 seconds Minimum AS Origination Interval: 0 seconds Minimum Route Advertisement Interval: 0 seconds

SwitchB:


Step 5:SwitchB distribute one bgp route entry to SwitchB,then check the bgp route table:

Swit chB BGP route table:


Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::9/128 3003::2 0.0.0.0 ?XorPlus# run show bgp routes ipv6 detail9999::9/128 From peer: 0.0.0.0 Route: Winner Origin: INCOMPLETE AS Path: Nexthop: 3003::2 Local Preference: 100XorPlus#



Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::9/128 3003::1 6.6.6.6


304

1.1 ?XorPlus# run show bgp routes ipv6 detail9999::9/128 From peer: 6.6.6.6 Route: Winner Origin: INCOMPLETE AS Path: 1.1 Nexthop: 3003::1 Multiple Exit Discriminator: 0 Local Preference: 100

Case 3:Two peer all enable 4-byte-as-number

Figure 1-9

Step 1:Enable 4-Byte-AS-Number on SwitchA SwitchB

SwitchA:


SwitchB:


Step 2:Configure bgp-id and 4-Byte-AS-Number

SwitchA:


SwitchB:


Step 3:Configure BGP Peer

SwitchA:


305


SwitchB:


Step 4:Check BGP Peer Status

SwitchA:XorPlus# run show bgp peers detail 3003::1Peer 1: local 3003::2/179 remote 3003::1/52689 Peer ID: 6.6.6.6 Peer State: ESTABLISHED Admin State: START Negotiated BGP Version: 4 Peer AS Number: 65537 Updates Received: 1, Updates Sent: 0 Messages Received: 4, Messages Sent: 4 Time since last received update: 32 seconds Number of transitions to ESTABLISHED: 9 Time since last entering ESTABLISHED state: 32 seconds Retry Interval: 120 seconds Hold Time: 90 seconds, Keep Alive Time: 30 seconds Configured Hold Time: 90 seconds, Configured Keep Alive Time: 30 seconds Minimum AS Origination Interval: 0 seconds Minimum Route Advertisement Interval: 0 seconds

SwitchB:


Step 5:SwitchB distribute one bgp route entry to SwitchB,then check the bgp route table:

Swit chB BGP route table:


306


Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::9/128 3003::2 0.0.0.0 ?XorPlus#XorPlus#XorPlus# run show bgp routes ipv6 detail9999::9/128 From peer: 0.0.0.0 Route: Winner Origin: INCOMPLETE AS Path: Nexthop: 3003::2 Local Preference: 100



Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::9/128 3003::1 6.6.6.6 1.1 ?XorPlus# run show bgp routes ipv6 detail9999::9/128 From peer: 6.6.6.6 Route: Winner Origin: INCOMPLETE AS Path: 1.1 Nexthop: 3003::1 Multiple Exit Discriminator: 0 Local Preference: 100


Routes can be injected dynamically or statically into BGP. The choice of method depends on the

number and stability of routes.


Configuration Commands References:

XorPlus# set policy policy-statement <Policy-name> term <Term-name> fromprotocol <bgp/connected/ospf4/ospf6/rip/static>

Note :This command is to specify a policy name and specify a protocol you want to operate.


307

XorPlus# set policy policy-statement <Policy-name> term <Term-name> then<action>

Note :This command is to specify a action for the policy-name.

XorPlus# set protocols bgp export <Policy-name>

Note :This command is to export a special policy which you have defined by the Policy-name.

XorPlus# set protocols bgp peer <Peer-IPV6-Address> export <Policy-Name>

Note :This command is to export the defined Policy on a special BGP Peer ,and the exported bgp

route just propagate to this special BGP Peer.

We should Injecting information Dynamically into BGP via Route Policy,

And we just could use export routing policy to injecting external route information daynamically into

BGP ,You should reference the section Routing Plicy for more detail about policy.

Configure Example 1:

The following example show that the policy applied on the global of bgp.

Figure 1-10

Step 1:SwitchA SwitchB enable ospfv3

SwitchA:

XorPlus# set protocols ospf6 instance-id 1XorPlus# set protocols ospf6 router-id 1.1.1.1XorPlus# set protocols ospf6 area 0.0.0.0 interface vlan500 vif vlan500address 5005::2

SwitchB:



308

Step 2:Check ospfv3 neighbor status on SwitchB:

Note :OSPFv3 have been established.

XorPlus# run show ospf6 neighborAddress Interface State Router ID Pri Dead--------------------------------------- --------------------- -------- --------------- ----- ----fe80::200:5ff:fe6c:f993 vlan500/vlan500 Full 1.1.1.1 0 37

Step 3:SwitchA propagate two ospfv3 route to SwitchB,then check ospf route table on

SwitchB

Note :We can see two ospfv3 route entry: 8888::/64 8888:0:0:1::/64

XorPlus# run show route table ipv6 unicast ospf8888::/64 [ospf(110)/1] > to fe80::200:5ff:fe6c:f993 via vlan500/vlan5008888:0:0:1::/64 [ospf(110)/1] > to fe80::200:5ff:fe6c:f993 via vlan500/vlan500XorPlus# run show route forward-route ipv6 allDestination NetMask NextHopMac Port --------------------------------------- --------------------------------------- ----------------- ---------3003:: ffff:ffff:ffff:ffff:: C8:0A:A9:AE:0A:66 connected5005:: ffff:ffff:ffff:ffff:: C8:0A:A9:AE:0A:66 connected4001:: ffff:ffff:ffff:ffff:: 04:7D:7B:62:93:FF te-1/1/462001:: ffff:ffff:ffff:ffff:: C8:0A:A9:AE:0A:66 connected8888:: ffff:ffff:ffff:ffff:: 00:00:05:6C:F9:93 te-1/1/448888:0:0:1:: ffff:ffff:ffff:ffff:: 00:00:05:6C:F9:93 te-1/1/44

Step 4:SwitchB SwtichC Enable IBGP

SwitchB:

XorPlus# set protocols bgp bgp-id 9.9.9.9XorPlus# set protocols bgp local-as "9"XorPlus# set protocols bgp peer 3003::1 local-ip "3003::2"XorPlus# set protocols bgp peer 3003::1 as "9"XorPlus# set protocols bgp peer 3003::1 ipv6-unicast trueXorPlus# set protocols bgp peer 3003::1 next-hop-self true

SwitchC:

XorPlus# set protocols bgp bgp-id 6.6.6.6XorPlus# set protocols bgp local-as "9"XorPlus# set protocols bgp peer 3003::2 local-ip "3003::1"


309

XorPlus# set protocols bgp peer 3003::2 as "9"XorPlus# set protocols bgp peer 3003::2 ipv6-unicast trueXorPlus# set protocols bgp peer 3003::2 next-hop-self true


SwitchB:

XorPlus# run show bgp peers detail 3003::1Peer 1: local 3003::2/50235 remote 3003::1/179 Peer ID: 6.6.6.6 Peer State: ESTABLISHED Admin State: START Negotiated BGP Version: 4 Peer AS Number: 9 Updates Received: 2, Updates Sent: 0 Messages Received: 6, Messages Sent: 4 Time since last received update: 63 seconds Number of transitions to ESTABLISHED: 3 Time since last entering ESTABLISHED state: 63 seconds Retry Interval: 120 seconds Hold Time: 90 seconds, Keep Alive Time: 30 seconds Configured Hold Time: 90 seconds, Configured Keep Alive Time: 30 seconds Minimum AS Origination Interval: 0 seconds Minimum Route Advertisement Interval: 0 seconds

SwitchC:


Step 6:Check bgp route table on SwitchB , the bgp route table should be NULL


Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------XorPlus#


310

Step 7:Configure a policy to Injecting ospfv3 route entry into IPV6 BGP on SwitchB

SwitchB:

XorPlus# set policy policy-statement ospfintobgp term 1 from protocol ospf6 XorPlus# set policy policy-statement ospfintobgp term 1 then accept

Step 8:Apply the policy Step 6 defined to BGP

Note :The ospfv3 route entry will be injecting into bgp route table after apply the policy on BGP

SwitchB:

XorPlus# set protocols bgp export ospfintobgpXorPlus# commitMerging the configuration.Commit OK.Save done.XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete

Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 8888::/64 fe80::200:5ff:fe6c:f993 0.0.0.0 ?*> 8888:0:0:1::/64 fe80::200:5ff:fe6c:f993 0.0.0.0 ?

SwitchC:


Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 8888::/64 3003::2 9.9.9.9 ?*> 8888:0:0:1::/64 3003::2 9.9.9.9 ?XorPlus#


The following example show that the policy appied on the special peer ,BGP route entry will just

propagate to this special bgp peer ,not propagate to other bgp peer beside this one.


311

Figure 1-11


SwitchA:


SwitchB:






SwitchB


312

Note :We can see two ospfv3 route entry: 8888::/64 8888:0:0:1::/64.

XorPlus# run show route table ipv6 unicast ospf8888::/64 [ospf(110)/1] > to fe80::200:5ff:fe6c:f993 via vlan500/vlan5008888:0:0:1::/64 [ospf(110)/1] > to fe80::200:5ff:fe6c:f993 via vlan500/vlan500XorPlus# run show route forward-route ipv6 allDestination NetMask NextHopMac Port --------------------------------------- --------------------------------------- ----------------- ---------3003:: ffff:ffff:ffff:ffff:: C8:0A:A9:AE:0A:66 connected5005:: ffff:ffff:ffff:ffff:: C8:0A:A9:AE:0A:66 connected4001:: ffff:ffff:ffff:ffff:: 04:7D:7B:62:93:FF te-1/1/462001:: ffff:ffff:ffff:ffff:: C8:0A:A9:AE:0A:66 connected8888:: ffff:ffff:ffff:ffff:: 00:00:05:6C:F9:93 te-1/1/448888:0:0:1:: ffff:ffff:ffff:ffff:: 00:00:05:6C:F9:93 te-1/1/44

Step 4:SwitchB SwitchC Enable EBGP,SwitchB SwitchD Enable EBGP

SwitchB:

XorPlus#set protocols bgp bgp-id 9.9.9.9XorPlus#set protocols bgp local-as "9"XorPlus#set protocols bgp peer 3003::1 local-ip "3003::2"XorPlus#set protocols bgp peer 3003::1 as "6"XorPlus#set protocols bgp peer 3003::1 ipv6-unicast trueXorPlus#set protocols bgp peer 4004::2 local-ip "4004::1"XorPlus#set protocols bgp peer 4004::2 as "100"XorPlus#set protocols bgp peer 4004::2 ipv6-unicast true

SwitchC:


SwitchD:

XorPlus#set protocols bgp bgp-id 100.100.100.100XorPlus#set protocols bgp local-as 100XorPlus#set protocols bgp peer 4004::1 local-ip "4004::2"XorPlus#set protocols bgp peer 4004::1 as 9XorPlus#set protocols bgp peer 4004::1 ipv6-unicast true

Step 5:Check bgp peer status on SwitchB


313

Note :We can see that bgp peer all established.

SwitchB:

XorPlus# run show bgp peers detail 3003::1Peer 1: local 3003::2/179 remote 3003::1/41512 Peer ID: 6.6.6.6 Peer State: ESTABLISHED Admin State: START Negotiated BGP Version: 4 Peer AS Number: 6 Updates Received: 0, Updates Sent: 5 Messages Received: 56, Messages Sent: 62 Time since last received update: n/a Number of transitions to ESTABLISHED: 5 Time since last entering ESTABLISHED state: 1426 seconds Retry Interval: 120 seconds Hold Time: 90 seconds, Keep Alive Time: 30 seconds Configured Hold Time: 90 seconds, Configured Keep Alive Time: 30 seconds Minimum AS Origination Interval: 0 seconds Minimum Route Advertisement Interval: 0 secondsXorPlus# run show bgp peers detail 4004::2Peer 1: local 4004::1/34116 remote 4004::2/179 Peer ID: 100.100.100.100 Peer State: ESTABLISHED Admin State: START Negotiated BGP Version: 4 Peer AS Number: 100 Updates Received: 1, Updates Sent: 0 Messages Received: 8, Messages Sent: 7 Time since last received update: 120 seconds Number of transitions to ESTABLISHED: 2 Time since last entering ESTABLISHED state: 144 seconds Retry Interval: 120 seconds Hold Time: 90 seconds, Keep Alive Time: 30 seconds Configured Hold Time: 90 seconds, Configured Keep Alive Time: 30 seconds Minimum AS Origination Interval: 0 seconds Minimum Route Advertisement Interval: 0 secondsXorPlus#

Step 6:Check bpg route table on SwitchB SwitchC SwitchD,they all should be NULL

SwitchB:


Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------

SwitchC:



314


SwitchD:

XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------

Step 7:Configure a policy to Injecting ospfv3 route entry into IPV6 BGP on SwitchB

SwitchB:

XorPlus# set policy policy-statement ospfintobgp term 1 from protocol ospf6 XorPlus# set policy policy-statement ospfintobgp term 1 then accept

Step 8:Apply the policy on the special bgp peer

Note :BGP route will just propagate to the special bgp peer ,will not propagate to other bgp peer , if

we apply the policy on peer 3003::1 ,so the bgp route will propagated to SwitchC ,but will not

propagate to peer 4004::2 on SwitchD ,so we can see the bgp route entry on SwitchC,but the bgp

route table on SwitchD still be NULL.

SwitchB:

XorPlus# set protocols bgp peer 3003::1 export ospfintobgpXorPlus# commitMerging the configuration.Commit OK.Save done.XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete

Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 8888::/64 fe80::200:5ff:fe6c:f993 0.0.0.0 ?*> 8888:0:0:1::/64 fe80::200:5ff:fe6c:f993 0.0.0.0 ?XorPlus#

SwitchC:



315

Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 8888::/64 3003::2 9.9.9.9 9?*> 8888:0:0:1::/64 3003::2 9.9.9.9 9?

Note :The bgp route table just propagate to peer 3003::1,so we can see the bgp route entry

from peer 3003::2

SwitchD:



Note :The bgp route entry didn’t propagate to peer 4004::2,so the bgp route table is null on

SwitchD.


Listing prefixes with the network command has the same drawbacks as dynamic

redistribution. If a route that is listed with the network command goes down, BGP will send an

update; if the route comes back, BGP will send another update. If this behavior continues,the IGP

instability will translate into BGP instabilities. The only way around this is to use a combination of

statically defined prefixes in conjunction with the network command. This will ensure that the

prefixes will always remain in the IP routing tables and will always be advertised.

Configuration Commands References:

XorPlus# set protocols bgp network6 <IPV6-Network>

Note :This command is to advertise a special IPV6 Network statically.


316

Figure 1-12


SwitchA:


SwitchB:






SwitchB

Note :We can see two ospfv3 route entry: 8888::/64 8888:0:0:1::/64.

XorPlus# run show route table ipv6 unicast ospf8888::/64 [ospf(110)/1] > to fe80::200:5ff:fe6c:f993 via vlan500/vlan5008888:0:0:1::/64 [ospf(110)/1] > to fe80::200:5ff:fe6c:f993 via vlan500/vlan500 XorPlus# run show route forward-route ipv6 all


317

Destination NetMask NextHopMac Port --------------------------------------- --------------------------------------- ----------------- ---------3003:: ffff:ffff:ffff:ffff:: C8:0A:A9:AE:0A:66 connected5005:: ffff:ffff:ffff:ffff:: C8:0A:A9:AE:0A:66 connected4001:: ffff:ffff:ffff:ffff:: 04:7D:7B:62:93:FF te-1/1/462001:: ffff:ffff:ffff:ffff:: C8:0A:A9:AE:0A:66 connected8888:: ffff:ffff:ffff:ffff:: 00:00:05:6C:F9:93 te-1/1/448888:0:0:1:: ffff:ffff:ffff:ffff:: 00:00:05:6C:F9:93 te-1/1/44

Step 4:SwitchB SwitchC Enable EBGP,SwitchB SwitchD Enable EBGP

SwitchB:

XorPlus# set protocols bgp bgp-id 9.9.9.9XorPlus# set protocols bgp local-as "9"XorPlus# set protocols bgp peer 3003::1 local-ip "3003::2"XorPlus# set protocols bgp peer 3003::1 as "6"XorPlus# set protocols bgp peer 3003::1 ipv6-unicast true

SwitchC:


Step 5:Check bgp peer status on SwitchB

Note :We can see that bgp peer all established.

SwitchB:



318

Step 6:Check bpg route table on SwitchB SwitchC SwitchD,they all should be NULL

SwitchB:



SwitchC:



Step 7:Injecting a special network into bgp via “Network” command

Note :We inject network 8888::/64 into bgp via network command and the network 8888::/64 is

reachable, as the entry 8888::/64 is in ospfv3 route table.

XorPlus# set protocols bgp network6 8888::/64

Step 8:Check bgp roué table on SwitchB SwitchC

SwitchB:


Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 8888::/64 :: 0.0.0.0 i

SwitchC:


Prefix Nexthop Peer AS Path ---------------------------- ------------------------ ---------------


319

------------*> 8888::/64 3003::2 9.9.9.9 9i

Step 9:SwitchA withdrawn the route entry 8888::/64

As the network 8888::/64 is not reachable, So the network will not install into bgp route table.

SwitchB ospfv3 route table:

XorPlus# run show route table ipv6 unicast ospfXorPlus#

SwitchB bgp route table:



BGP attributes

In this section, we will discuss how the different BGP attributes are used.


(1)Configure Example 1:

Case 1:The NEXT_HOP will be the NEXT_HOP of the external Neighbor

As the following example illustrated, SwitchA distribute 7777::/64 to SwitchB, we can see the

next_hop is 5005::02 on SwitchB, and the next_hop also 5005::2 on SwitchC, but it will not active

as SwitchC didn’t know how to reach 5005::2 ,So you must tell SwitchC how to reach the next_hop

5005::2 via IGP.


320

Figure 1-13

Step 1:SwitchA SwitchB Enable EBGP ,SwitchB SwitchC Enable IGP

SwitchA:

XorPlus# set protocols bgp bgp-id 33.33.33.33XorPlus# set protocols bgp local-as 10XorPlus# set protocols bgp peer 5005::1 local-ip "5005::2"XorPlus# set protocols bgp peer 5005::1 as 9XorPlus# set protocols bgp peer 5005::1 ipv6-unicast true

SwitchB:

XorPlus# set protocols bgp bgp-id 9.9.9.9XorPlus# set protocols bgp local-as "9"XorPlus# set protocols bgp peer 3003::1 local-ip "3003::2"XorPlus# set protocols bgp peer 3003::1 as "9"XorPlus# set protocols bgp peer 3003::1 ipv6-unicast trueXorPlus# set protocols bgp peer 5005::2 local-ip "5005::1"XorPlus# set protocols bgp peer 5005::2 as "10"XorPlus# set protocols bgp peer 5005::2 ipv6-unicast true

SwitchC:


Step 2:SwitchA propagate a bgp route entry 7777::/64 to SwitchB

Note :Check the bgp route table on SwitchB, The next_hop should be 5005::2. And the next_hop

also is 5005::2 and it’s not reachable on SwitchC, So the bgp route entry 7777::/64 is inactive.

SwitchB:

XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 7777::/64 5005::2 33.33.33.33 10 i

SwitchC:



321

Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------* 7777::/64 5005::2 9.9.9.9 10 i

Step 3:Configure a static route to the destination 5005::2/64,and specify the next_hop

3003::1/64 on SwitchC

SwitchC:

XorPlus# set protocols static route 5005::/64 next-hop 3003::2XorPlus# run show route forward-route ipv6 allDestination NetMask NextHopMac Port --------------------------------------- --------------------------------------- ----------------- ---------2001:: ffff:ffff:ffff:ffff:: 04:7D:7B:62:93:FF connected3003:: ffff:ffff:ffff:ffff:: 04:7D:7B:62:93:FF connected5005:: ffff:ffff:ffff:ffff:: C8:0A:A9:AE:0A:66 te-1/1/467777:: ffff:ffff:ffff:ffff:: C8:0A:A9:AE:0A:66 te-1/1/46

Step 4:Check bgp route table on SwitchC,the bgp route entry 7777::/64 already active as the

next_hop 5005:;2 was reachable and it is install into route table.

XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 7777::/64 5005::2 9.9.9.9 10 iXorPlus#XorPlus# run show route forward-route ipv6 allDestination NetMask NextHopMac Port --------------------------------------- --------------------------------------- ----------------- ---------2001:: ffff:ffff:ffff:ffff:: 04:7D:7B:62:93:FF connected3003:: ffff:ffff:ffff:ffff:: 04:7D:7B:62:93:FF connected5005:: ffff:ffff:ffff:ffff:: C8:0A:A9:AE:0A:66 te-1/1/467777:: ffff:ffff:ffff:ffff:: C8:0A:A9:AE:0A:66 te-1/1/46


Case 2:


322

Use the “set protocols bgp peer <Peer-IPV6-Address> next-hop-self true” command to force the

router to advertise itself.

Figure 1-14

Step 1:SwitchA SwitchB Enable EBGP ,SwitchB SwitchC Enable IGP

SwitchA:


SwitchB:


SwitchC:



Note :Check the bgp route table on SwitchB, The next_hop should be 5005::2.

And the next_hop also is 5005::2 and it’s not reachable on SwitchC, So the bgp route entry

7777::/64 is inactive.

SwitchB:


323


Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 7777::/64 5005::2 33.33.33.33 10 i

SwitchC:


Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------* 7777::/64 5005::2 9.9.9.9 10 i

Step 3:Enable Next-hop-self on SwitchB

Note :After enable next-hop-self on SwitchB, the next-hop will be forced to modified by itself ipv6

address.

SwitchB:

XorPlus# set protocols bgp peer 3003::1 next-hop-self trueXorPlus# commitMerging the configuration.Commit OK.Save done.XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete


SwitchC:


Prefix Nexthop Peer AS Path ---------------------------- ------------------------ ---------------


324

------------*> 7777::/64 3003::2 9.9.9.9 10 i

Note :We can see that the next-hop have been set as 3003::2.


Case 3:The NEXT_HOP always is the peer ipv6 address who advertise it.

Figure 1-15

Step 1:SwitchA SwitchB Enable EBGP

SwitchA:


SwitchB:



Note :Check the bgp route table on SwitchB, The next_hop should be 5005::2.

SwitchB:


Prefix Nexthop Peer AS Path


325

---------------------------- ------------------------ --------------- ------------*> 7777::/64 5005::2 33.33.33.33 10 i


AS_PATH is a list of as number that the bgp route passed ,Router will electe the shortest

AS_PATH as the best path when other attribute is the same .

If you use private as-number(64512-65534),we can remove the private as-number from the

AS_PATH to prevent the leakage of private AS numbers into the Internet.

Figure 1-16

Step 1:SwitchA SwitchB Enable EBGP,SwitchB SwitchC Enable EBGP,and SwitchA use a

private as-number 65534

SwitchA:

XorPlus# set protocols bgp bgp-id 33.33.33.33XorPlus# et protocols bgp local-as 10XorPlus# set protocols bgp peer 5005::1 local-ip "5005::2"XorPlus# set protocols bgp peer 5005::1 as 65534XorPlus# set protocols bgp peer 5005::1 ipv6-unicast true

SwitchB:


SwitchC:



326


Step 2:Check bgp peer status on SwitchB:

SwitchB:

XorPlus# run show bgp peers detail 3003::1Peer 1: local 3003::2/50985 remote 3003::1/179 Peer ID: 6.6.6.6 Peer State: ESTABLISHED Admin State: START Negotiated BGP Version: 4 Peer AS Number: 6 Updates Received: 0, Updates Sent: 1 Messages Received: 4, Messages Sent: 5 Time since last received update: n/a Number of transitions to ESTABLISHED: 8 Time since last entering ESTABLISHED state: 69 seconds Retry Interval: 120 seconds Hold Time: 90 seconds, Keep Alive Time: 30 seconds Configured Hold Time: 90 seconds, Configured Keep Alive Time: 30 seconds Minimum AS Origination Interval: 0 seconds Minimum Route Advertisement Interval: 0 secondsXorPlus# run show bgp peers detail 5005::2Peer 1: local 5005::1/36229 remote 5005::2/179 Peer ID: 33.33.33.33 Peer State: ESTABLISHED Admin State: START Negotiated BGP Version: 4 Peer AS Number: 10 Updates Received: 1, Updates Sent: 0 Messages Received: 9, Messages Sent: 8 Time since last received update: 156 seconds Number of transitions to ESTABLISHED: 3 Time since last entering ESTABLISHED state: 156 seconds Retry Interval: 120 seconds Hold Time: 90 seconds, Keep Alive Time: 30 seconds Configured Hold Time: 90 seconds, Configured Keep Alive Time: 30 seconds Minimum AS Origination Interval: 0 seconds Minimum Route Advertisement Interval: 0 seconds

Step 3:SwitchA propagate a bgp route entry 7777::/64

Note :The as-path should be 65534 on SwitchB,and the as-path should be 9 65534 on SwitchC.

SwitchB:




327

SwitchC:


Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 7777::/64 3003::2 9.9.9.9 65534 10 i

Step 4:Rove private as-number from AS_PATH

Note :The private as-number should be removed from as-path after enable public-as-only ,And it

just remove the private as-number when the private as-number is it’s own.

SwitchB:

XorPlus# set protocols bgp peer 3003::1 public-as-only trueXorPlus# commitMerging the configuration.Commit OK.Save done.XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete

Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 7777::/64 5005::2 33.33.33.33 10 iXorPlus#

SwitchC:


Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 7777::/64 3003::2 9.9.9.9 10 iXorPlus#




328

XorPlus# set protocols bgp local-preference <0- 4294967295>

Note :This command is to set the value of local-preference It also affects the BGP decision

process. If multiple paths for the same prefix are available, the path with the larger local preference

value is preferred. LOCAL_PREF is an AS-wide attribute at the highest level of the BGP decision

process; it is considered before the AS path length. A longer path with a larger local preference is

preferred over a shorter path with a smaller local preference.

Figure 1-17

Step 1:Configure BGP as TOPO displayed

SwitchA:

XorPlus# set protocols bgp bgp-id 6.6.6.6XorPlus# set protocols bgp local-as 9XorPlus# set protocols bgp peer 1001::2 local-ip "1001::1"XorPlus# set protocols bgp peer 1001::2 as "9"XorPlus# set protocols bgp peer 1001::2 ipv6-unicast trueXorPlus# set protocols bgp peer 3003::2 local-ip "3003::1"XorPlus# set protocols bgp peer 3003::2 as "9"XorPlus# set protocols bgp peer 3003::2 ipv6-unicast true

SwitchB:


329

XorPlus# set protocols bgp bgp-id 26.26.26.26XorPlus# set protocols bgp local-as "9"XorPlus# set protocols bgp peer 1001::1 local-ip "1001::2"XorPlus# set protocols bgp peer 1001::1 as 9XorPlus# set protocols bgp peer 1001::1 next-hop-self trueXorPlus# set protocols bgp peer 1001::1 ipv6-unicast trueXorPlus# set protocols bgp peer 2002::2 local-ip "2002::1"XorPlus# set protocols bgp peer 2002::2 as "12"XorPlus# set protocols bgp peer 2002::2 ipv6-unicast true

SwitchC:

XorPlus# set protocols bgp bgp-id 9.9.9.9XorPlus# set protocols bgp local-as "9"XorPlus# set protocols bgp peer 3003::1 local-ip "3003::2"XorPlus# set protocols bgp peer 3003::1 as 9XorPlus# set protocols bgp peer 3003::1 next-hop-self trueXorPlus# set protocols bgp peer 3003::1 ipv6-unicast trueXorPlus# set protocols bgp peer 5005::2 local-ip "5005::1"XorPlus# set protocols bgp peer 5005::2 as "10"XorPlus# set protocols bgp peer 5005::2 ipv6-unicast true

SwitchD:


SwitchE:


Step 2:SwitchD SwitchE propagate bgp route entry 9999::/64 to SwitchB SwitchC

Note:check the bgp route table on SwitchA.

SwitchB:


SwitchC:


330


SwitchA:

XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------* 9999::/64 1001::2 26.26.26.26 12 i*> 9999::/64 3003::2 9.9.9.9 10 iXorPlus# run show bgp routes ipv6 detail9999::/64 From peer: 9.9.9.9 Route: Winner Origin: IGP AS Path: 10 Nexthop: 3003::2 Local Preference: 1009999::/64 From peer: 26.26.26.26 Route: Not Used Origin: IGP AS Path: 12 Nexthop: 1001::2 Local Preference: 100XorPlus#

Note:We can see that the Local-Preference all is 100 the two bgp route entry.

Step 3:Modify the Local-Preference value on SwitchB

SwitchB:

XorPlus# set protocols bgp local-preference 200

SwitchA:



331

Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------* 9999::/64 3003::2 9.9.9.9 10 i*> 9999::/64 1001::2 26.26.26.26 12 iXorPlus# run show bgp routes ipv6 detail9999::/64 From peer: 9.9.9.9 Route: Not Used Origin: IGP AS Path: 10 Nexthop: 3003::2 Local Preference: 1009999::/64 From peer: 26.26.26.26 Route: Winner Origin: IGP AS Path: 12 Nexthop: 1001::2 Local Preference: 200XorPlus#

Note:We can see that the best route is come from SwitchB,as the bgp route entry from SwitchB

have bigger Local-Preference value,it will select the bgp route entry with smaller Local-Preference

value if other attribute all have the same priority.

Step 4:Modify the Local-Preference bigger than SwitchB on SwitchC

SwitchC:

XorPlus# set protocols bgp local-preference 300

SwitchA:

XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------* 9999::/64 1001::2 26.26.26.26 12 i*> 9999::/64 3003::2 9.9.9.9 10 iXorPlus# run show bgp routes ipv6 detail9999::/64 From peer: 9.9.9.9 Route: Winner Origin: IGP AS Path: 10 Nexthop: 3003::2 Local Preference: 3009999::/64 From peer: 26.26.26.26


332

Route: Not Used Origin: IGP AS Path: 12 Nexthop: 1001::2 Local Preference: 200XorPlus#

Note :We can see that the bgp speaker select the bgp route entry with bigger Local-Preference.


This section demonstrates how MED can be used by one AS to influence routing decisions of

another AS.

Figure 1-18

Step 1:Configure BGP as TOPO displayed

SwitchA:


SwitchB:


333


SwitchC:


SwitchD:


SwitchE:


Step 2:SwitchD SwitchE propagate bgp route entry 9999::/64 to SwitchB SwitchC

Note:check the bgp route table on SwitchA.

SwitchB:


SwitchC:


334


SwitchA:

XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------* 9999::/64 1001::2 26.26.26.26 912 i*> 9999::/64 3003::2 9.9.9.9 910 iXorPlus#XorPlus# run show bgp routes ipv6 dePossible completions: <IPNet> Print BGP IPv6 routes of specified prefix detail Print detailed BGP IPv6 routesXorPlus# run show bgp routes ipv6 detail9999::/64 From peer: 9.9.9.9 Route: Winner Origin: IGP AS Path: 9 10 Nexthop: 3003::2 Multiple Exit Discriminator: 0 Local Preference: 1009999::/64 From peer: 26.26.26.26 Route: Not Used Origin: IGP AS Path: 9 12 Nexthop: 1001::2 Multiple Exit Discriminator: 0 Local Preference: 100

Note:We can see that the MED all is 0 the two bgp route entry.

Step 3:Modify the MED value on SwitchC

SwitchC:

XorPlus# set protocols bgp med 100

SwitchA:


335

XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------* 9999::/64 3003::2 9.9.9.9 910 i*> 9999::/64 1001::2 26.26.26.26 912 iXorPlus# run show bgp routes ipv6 detail9999::/64 From peer: 26.26.26.26 Route: Winner Origin: IGP AS Path: 9 12 Nexthop: 1001::2 Multiple Exit Discriminator: 0 Local Preference: 1009999::/64 From peer: 9.9.9.9 Route: Not Used Origin: IGP AS Path: 9 10 Nexthop: 3003::2 Multiple Exit Discriminator: 100 Local Preference: 100XorPlus#

Note:We can see that the best route is come from SwitchB,as the bgp route entry from SwitchB

have smaller MED value,it will select the bgp route entry with smaller MED value if other attribute

all have the same priority.

Step 4:Modify the MED bigger than SwitchC

SwitchB:

XorPlus# set protocols bgp med 200

SwitchA:

XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------* 9999::/64 1001::2 26.26.26.26 912 i*> 9999::/64 3003::2 9.9.9.9 910 iXorPlus# run show bgp routes ipv6 detail9999::/64 From peer: 9.9.9.9 Route: Winner


336

Origin: IGP AS Path: 9 10 Nexthop: 3003::2 Multiple Exit Discriminator: 100 Local Preference: 1009999::/64 From peer: 26.26.26.26 Route: Not Used Origin: IGP AS Path: 9 12 Nexthop: 1001::2 Multiple Exit Discriminator: 200 Local Preference: 100

Note :We can see that the bgp speaker select the bgp route entry with smaller MED.



XorPlus#set protocols bgp peer <Peer-ipv6-address> advertise communitydisable <true/false>

Note :This Comand is to enable bgp speaker to advertise well known community attribute

NO_EXPORT (0xFFFFFF01) NO_ADVERTISE (0xFFFFFF02) NO_EXPORT_SUBCONFED

(0xFFFFFF03).

XorPlus#set protocols bgp peer <Peer-ipv6-address> advertise community-extdisable <true/false>

Note :This Command is to enable bgp speaker advertise unkown community attribute.

A community is a group of destinations which share some common property.Each autonomous

system administrator may define which communities a destination belongs to. By default, all

destinations belong to the general Internet community.

the COMMUNITIES path attribute is an optional transitive attribute of variable length. The attribute

consists of a set of four octet values, each of which specify a community. All routes with this

attribute belong to the communities listed in the attribute.

The COMMUNITIES attribute has Type Code 8.

Communities are treated as 32 bit values, however for administrative assignment, the following

presumptions may be made:

The community attribute values ranging from 0x0000000 through 0x0000FFFF and 0xFFFF0000

through 0xFFFFFFFF are hereby reserved.The rest of the community attribute values shall be

encoded using an autonomous system number in the first two octets. The semantics of the final

two octets may be defined by the autonomous system (e.g. AS690 may define research,

educational and commercial community values that may be used for policy routing as defined by

the operators of that AS using community attribute values 0x02B20000 through 0x02B2FFFF).


337

A BGP speaker may use this attribute to control which routing information it accepts, prefers or

distributes to other neighbors.

A BGP speaker receiving a route that does not have the COMMUNITIES path attribute may

append this attribute to the route when propagating it to its peers.

A BGP speaker receiving a route with the COMMUNITIES path attribute may modify this attribute

according to the local policy.

Aggregation

If a range of routes is to be aggregated and the resultant aggregates attribute section does not

carry the ATOMIC_AGGREGATE attribute, then

the resulting aggregate should have a COMMUNITIES path attribute which contains all

communities from all of the aggregated routes.

Well-known Communities

The following communities have global significance and their operations shall be implemented in

any community-attribute-aware BGP speaker.

NO_EXPORT (0xFFFFFF01):

All routes received carrying a communities attribute containing this value MUST NOT be advertised

outside a BGP confederation boundary (a stand-alone autonomous system that

is not part of a confederation should be considered a confederation itself).

NO_ADVERTISE (0xFFFFFF02)


to other BGP peers.

NO_EXPORT_SUBCONFED (0xFFFFFF03)


to external BGP peers (this includes peers in other members autonomous

systems inside a BGP confederation).

Because communities are not propagated to internal or external BGP neighbors by default, the

command “set protocols bgp peer <peer-ipv6-address> advertise community-ext disable true ” and

“set protocols bgp peer <peer-ipv6-address> advertise community disable true” in order for the

assigned community to be sent out.


The following example is to show you that ,7777::/64 will not advertise to EBGP peer,8888::/64 will

not advertise to any bgp peer(IBGP,EBGP) ,and 9999::/64 will not advertise to EBGP bgp peer

(include confederation ebgp peer).


338

Figure 1-19

Step 1:SwitchA SwitchB Enable EBGP,SwitchB SwitchC Enable EBGP,SwitchB SwitchD

Enable IBGP

SwitchA:

XorPlus#set protocols bgp bgp-id 33.33.33.33XorPlus#set protocols bgp local-as 10XorPlus#set protocols bgp peer 5005::1 local-ip 5005::2XorPlus#set protocols bgp peer 5005::1 as 9XorPlus#set protocols bgp peer 5005::1 ipv6-unicast true

SwitchB:

XorPlus#set protocols bgp bgp-id 9.9.9.9XorPlus#set protocols bgp local-as 9XorPlus#set protocols bgp peer 3003::1 local-ip 3003::2XorPlus#set protocols bgp peer 3003::1 as 6XorPlus#set protocols bgp peer 3003::1 public-as-only trueXorPlus#set protocols bgp peer 3003::1 advertise community disable falseXorPlus#set protocols bgp peer 3003::1 ipv6-unicast trueXorPlus#set protocols bgp peer 4004::2 local-ip 4004::1XorPlus#set protocols bgp peer 4004::2 as 9XorPlus#set protocols bgp peer 4004::2 next-hop-self trueXorPlus#set protocols bgp peer 4004::2 ipv6-unicast trueXorPlus#set protocols bgp peer 5005::2 local-ip 5005::1XorPlus#set protocols bgp peer 5005::2 as 10XorPlus#set protocols bgp peer 5005::2 ipv6-unicast true

SwitchC:

XorPlus#set protocols bgp bgp-id 6.6.6.6XorPlus#set protocols bgp local-as 6


339

XorPlus#set protocols bgp peer 3003::2 local-ip 3003::1XorPlus#set protocols bgp peer 3003::2 as 9XorPlus#set protocols bgp peer 3003::2 ipv6-unicast true

SwitchD:

XorPlus#set protocols bgp bgp-id 100.100.100.100XorPlus#set protocols bgp local-as 9XorPlus#set protocols bgp peer 4004::1 local-ip 4004::2XorPlus#set protocols bgp peer 4004::1 as 9XorPlus#set protocols bgp peer 4004::1 next-hop-self trueXorPlus#set protocols bgp peer 4004::1 ipv6-unicast true

Step 2:SwitchA propagate three bgp route entry to SwitchB

Note :SwitchA propagate three bgp route entry 7777::/64 with community NO_EXPORT ,it will not

advertise to any EBGP peer,8888::/64 with community NO_ADVERTISE, 9999::/64 will not

advertise to any bgp peer,with community NO_EXPORT_SUBCONFED ,it will not advertise to any

ebgp peer include confederation ebgp peer.So SwitchC will receive no bgp route entry ,as SwitchB

and SwitchC is EBGP peer,but SwitchD will receive 7777::/64 and 9999::/64,because,SwitchB and

SwitchD is IBGP peer,as 8888::/64 with community NO_ADVERTISE ,it will not advertise to any

bgp peer,so SwitchD just can’t receive 8888::/64.


XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 7777::/64 5005::2 33.33.33.33 10 i*> 8888::/64 5005::2 33.33.33.33 10 i*> 9999::/64 5005::2 33.33.33.33 10 iXorPlus# run show bgp routes ipv6 detail7777::/64 From peer: 33.33.33.33 Route: Winner Origin: IGP AS Path: 10 Nexthop: 5005::2 Local Preference: 300 Community: 0xffffff01[NO_EXPORT]8888::/64 From peer: 33.33.33.33 Route: Winner Origin: IGP AS Path: 10 Nexthop: 5005::2 Local Preference: 300 Community: 0xffffff02[NO_ADVERTISE]9999::/64


340

From peer: 33.33.33.33 Route: Winner Origin: IGP AS Path: 10 Nexthop: 5005::2 Local Preference: 300 Community: 0xffffff03[NO_EXPORT_SUBCONFED]XorPlus#

SwitchC bgp route table:

XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------XorPlus#

SwitchD bgp route table:

XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 7777::/64 4004::1 9.9.9.9 10 i*> 9999::/64 4004::1 9.9.9.9 10 iXorPlus# run show bgp routes ipv6 detail7777::/64 From peer: 9.9.9.9 Route: Winner Origin: IGP AS Path: 9 10 Nexthop: 4004::1 Local Preference: 3009999::/64 From peer: 9.9.9.9 Route: Winner Origin: IGP AS Path: 9 10 Nexthop: 4004::1 Local Preference: 300XorPlus#

Step 3:Enable advertise community on SwitchB


341

Note :Community value will not advertise to it’s bgp peer by default,but we can Enable bgp speaker

to advertise community to it’s bgp peer,the command “set protocols bgp peer <peer-ipv6-address>

advertise community-ext disable true ” will advertise unkown community to it’s bgp peer and the

command “set protocols bgp peer <peer-ipv6-address> advertise community disable true” will

advertise well-known community to it’s bgp peer.

SwitchB:

XorPlus# set protocols bgp peer 4004::2 advertise community disable false

Note :The community will be sent out after Enable advertise community .

Step 4:Check the community value of the bgp route entry on SwitchD

SwitchD:

XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 7777::/64 4004::1 9.9.9.9 10 i*> 9999::/64 4004::1 9.9.9.9 10 iXorPlus# run show bgp routes ipv6 detail7777::/64 From peer: 9.9.9.9 Route: Winner Origin: IGP AS Path: 9 10 Nexthop: 4004::1 Local Preference: 300 Community: 0xffffff01[NO_EXPORT]9999::/64 From peer: 9.9.9.9 Route: Winner Origin: IGP AS Path: 9 10 Nexthop: 4004::1 Local Preference: 300 Community: 0xffffff03[NO_EXPORT_SUBCONFED]XorPlus#

Note :We can see the community after Step 3


This example is to show you that,the bgp route entry with Community

NO_EXPORT_SUBCONFED will not advertise to EBGP peer include Confederation EBGP

peer.The more detail information about Conderation please reference the section Confederation.


342

Figure 1-20

Step 1:SwitchA SwitchB Enable EBGP,SwitchB SwitchC Enable Confederation,SwitchB

SwitchD Enable EBGP

SwitchA:


SwitchB:

XorPlus#set protocols bgp bgp-id 9.9.9.9XorPlus#set protocols bgp local-as 65534XorPlus#set protocols bgp confederation identifier 9XorPlus#set protocols bgp peer 3003::1 local-ip 3003::2XorPlus#set protocols bgp peer 3003::1 as 65533XorPlus#set protocols bgp peer 3003::1 confederation-member trueXorPlus#set protocols bgp peer 3003::1 public-as-only trueXorPlus#set protocols bgp peer 3003::1 advertise community disable falseXorPlus#set protocols bgp peer 3003::1 ipv6-unicast trueXorPlus#set protocols bgp peer 4004::2 local-ip 4004::1XorPlus#set protocols bgp peer 4004::2 as 100XorPlus#set protocols bgp peer 4004::2 next-hop-self trueXorPlus#set protocols bgp peer 4004::2 advertise community disable falseXorPlus#set protocols bgp peer 4004::2 ipv6-unicast trueXorPlus#set protocols bgp peer 5005::2 local-ip 5005::1XorPlus#set protocols bgp peer 5005::2 as 10XorPlus#set protocols bgp peer 5005::2 ipv6-unicast true

SwitchC:


343

XorPlus#set protocols bgp bgp-id 6.6.6.6XorPlus#set protocols bgp local-as 65533XorPlus#set protocols bgp peer 3003::2 local-ip 3003::1XorPlus#set protocols bgp peer 3003::2 as 65534XorPlus#set protocols bgp peer 3003::2 confederation-member trueXorPlus#set protocols bgp peer 3003::2 ipv6-unicast true

SwitchD:


Step 2:SwitchA propagate three bgp route to SwitchB

Note : SwitchA propagate three bgp route entry to SwitchB :7777::/64 with community

NO_EXPORT ,8888::/64 with community NO_ADVERTISE 9999::/64 with community

NO_EXPORT_SUBCONFED,7777::/64 will not advertise to EBGP Peer,so SwitchD will not receive

this bgp route entry,But SwitchC will receive this entry,8888::/64 will not advertise to any BGP

Peer,so SwitchC SwitchD all will not receive this entry,9999::/64 will not advertise to EBGP

Peer,include Confederation EBGP Peer,so SwitchC SwitchD all will not receive this entry.


XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 7777::/64 5005::2 33.33.33.33 10 i*> 8888::/64 5005::2 33.33.33.33 10 i*> 9999::/64 5005::2 33.33.33.33 10 iXorPlus# run show bgp routes ipv6 detail7777::/64 From peer: 33.33.33.33 Route: Winner Origin: IGP AS Path: 10 Nexthop: 5005::2 Local Preference: 300 Community: 0xffffff01[NO_EXPORT]8888::/64 From peer: 33.33.33.33 Route: Winner Origin: IGP AS Path: 10 Nexthop: 5005::2 Local Preference: 300 Community: 0xffffff02[NO_ADVERTISE]9999::/64


344

From peer: 33.33.33.33 Route: Winner Origin: IGP AS Path: 10 Nexthop: 5005::2 Local Preference: 300 Community: 0xffffff03[NO_EXPORT_SUBCONFED]XorPlus#



Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------* 7777::/64 5005::2 9.9.9.9 10 iXorPlus# run show bgp routes ipv6 detail7777::/64 From peer: 9.9.9.9 Route: Not Used Origin: IGP AS Path: 10 Nexthop: 5005::2 Local Preference: 100 Community: 0xffffff01[NO_EXPORT]XorPlus#

SwitchD bgp route table:XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete



This Example is to show you how to set community attribute value via policy.


345

Figure 1-21

Step 1:SwitchA SwitchB Establish OSPFV3

Note :SwitchA SwitchB Establish ospv3 and SwitchA propagate one ospfv3 route 8888::/64 to

SwitchB.

SwitchA:


SwitchB:


Step 2:SwitchB SwitchC Establish EBGP

SwitchB:


SwitchC:


Step 3:Check ospf route table on SwitchB:


346

XorPlus# run show route table ipv6 unicast ospf8888::/64 [ospf(110)/1] > to fe80::200:5ff:fe6c:f993 via vlan500/vlan5008888:0:0:1::/64 [ospf(110)/1] > to fe80::200:5ff:fe6c:f993 via vlan500/vlan500

Step 4:Configure a policy to export ospfv3 into bgp and set community 9:6 to this bgp route

entry

SwitchB:

XorPlus#set policy policy-statement ospfintobgp term 1 from protocol "ospf6"XorPlus#set policy policy-statement ospfintobgp term 1 to origin 2XorPlus#set policy policy-statement ospfintobgp term 1 then community "9:6"

Step 5:Apply the policy to BGP on SwitchB

Note : The unknow community will not advertise to it’s bgp peer,so you must enable “advertise

community-ext”.

SwitchB:

XorPlus#set protocols bgp export ospfintobgpXorPlus#set protocols bgp peer 3003::1 advertise community-ext disable false

Step 6:Check the community of the bgp route table on SwitchC,it should be 9:6

SwitchC:


Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 8888::/64 3003::2 9.9.9.9 9?XorPlus# run show bgp routes ipv6 detail8888::/64 From peer: 9.9.9.9 Route: Winner Origin: INCOMPLETE AS Path: 9 Nexthop: 3003::2 Multiple Exit Discriminator: 0 Local Preference: 100 Community: 0x90006[9:6]XorPlus#


347

BGP-4 aggregation

Command References:

XorPlus# set protocols bgp aggregate network6 <IPV6-Network>

Note :This command is to set ipv6 route aggregation.the route with different MED value shouldn’t

be aggregated.

XorPlus# set protocols bgp aggregate network6 <IPV6-Network> suppress-detail<true/false>

Note :This command is to enable or disable suppress-detail bgp route entry ,The detail bgp route

entry were suppressed by default.

XorPlus#set protocols bgp aggregate network6 <IPV6-Network> brief-mode<true/false>

Note :This command is to create AS_SET when the bgp route entry have different AS_PATH

before aggregation.

The following examples demonstrate different methods of aggregation that are seen on the

Internet. The way aggregates are formed and advertised and whether they carry with them

more-specific routes will influence traffic patterns and sizes of BGP routing tables.Remember that

aggregation applies to routes that exist in the BGP routing table. An aggregate can be sent if at

least one more-specific route of that aggregate exists in the BGP table.

Route aggregation at border or core routers can also reduce the potential unpleasant side effects

associated with IGP injection into BGP. With aggregation, multiple route entries are injected into

BGP as a summary aggregate. Single route instability in any single element of the aggregate does

not affect the stability of the aggregate itself.

IPV6 BGP just support manual aggregation ,auto-summary just for IPV4 BGP.

(1) Aggregate Only, Suppressing the More-Specific by default

Note :The specific route entry will be suppressed after configure route aggregation by default.


348

Figure 1-22

Step 1:Configure BGP as topo showed

SwitchA:

XorPlus# set protocols bgp bgp-id 33.33.33.33XorPlus# set protocols bgp local-as 10XorPlus# set protocols bgp peer 5005::1 local-ip 5005::2XorPlus# set protocols bgp peer 5005::1 as 9XorPlus# set protocols bgp peer 5005::1 ipv6-unicast true

SwitchB:

XorPlus# set protocols bgp bgp-id 9.9.9.9XorPlus# set protocols bgp local-as 9XorPlus# set protocols bgp peer 6006::2 local-ip 6006::1XorPlus# set protocols bgp peer 6006::2 as 9XorPlus# set protocols bgp peer 6006::2 next-hop-self trueXorPlus# set protocols bgp peer 6006::2 ipv6-unicast trueXorPlus# set protocols bgp peer 3003::1 local-ip 3003::2XorPlus# set protocols bgp peer 3003::1 as 6XorPlus# set protocols bgp peer 3003::1 ipv6-unicast trueXorPlus# set protocols bgp peer 5005::2 local-ip 5005::1XorPlus# set protocols bgp peer 5005::2 as 10XorPlus# set protocols bgp peer 5005::2 ipv6-unicast true

SwitchC:


SwitchD:


349

XorPlus# set protocols bgp bgp-id 26.26.26.26XorPlus# set protocols bgp local-as 9XorPlus# set protocols bgp peer 1001::1 local-ip 1001::2XorPlus# set protocols bgp peer 1001::1 as 6XorPlus# set protocols bgp peer 1001::1 ipv6-unicast trueXorPlus# set protocols bgp peer 2002::2 local-ip 2002::1XorPlus# set protocols bgp peer 2002::2 as 12XorPlus# set protocols bgp peer 2002::2 ipv6-unicast trueXorPlus# set protocols bgp peer 6006::1 local-ip 6006::2XorPlus# set protocols bgp peer 6006::1 as 9XorPlus# set protocols bgp peer 6006::1 next-hop-self trueXorPlus# set protocols bgp peer 6006::1 ipv6-unicast true

SwitchE:

XorPlus# set protocols bgp bgp-id 6.6.6.6XorPlus# set protocols bgp local-as 6XorPlus# set protocols bgp peer 1001::2 local-ip 1001::1XorPlus# set protocols bgp peer 1001::2 as 9XorPlus# set protocols bgp peer 1001::2 ipv6-unicast trueXorPlus# set protocols bgp peer 3003::2 local-ip "3003::1"XorPlus# set protocols bgp peer 3003::2 as 9XorPlus# set protocols bgp peer 3003::2 ipv6-unicast trueXorPlus# set protocols bgp peer 4004::2 local-ip 4004::1XorPlus# set protocols bgp peer 4004::2 as 100XorPlus# set protocols bgp peer 4004::2 ipv6-unicast true

SwitchF:


Step 2:SwitchA propagate bgp route entry 9999::/64 to SwitchB,SwitchC propagate bgp

route entry 9999:0:0:1::/64 to SwitchD

Note :Check bgp route table on SwitchE,there should be two bgp route entry from different as-path.

SwitchE:

XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999:0:0:1::/64 3003::2 9.9.9.9 912 i*> 9999::/64 1001::2 26.26.26.26 910 i* 9999:0:0:1::/64 1001::2 26.26.26.26 912 iXorPlus#


350

SwitchF:

XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999:0:0:1::/64 4004::1 6.6.6.6 69 12 i*> 9999::/64 4004::1 6.6.6.6 69 10 iXorPlus#

Step 3:Configuure Route aggregation on SwitchE

Note :The specific route entry was suppressed by default,and you can cancel suppress specific

route by command “set protocols bgp aggregate network6 <IPV6-Network> suppress-detail false”

SwitchE:

XorPlus# set protocols bgp aggregate network6 9999::/40

Check bgp route table on SwitchF:

XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::/40 4004::1 6.6.6.6 6iXorPlus# XorPlus# run show bgp routes ipv6 detail9999::/40 From peer: 6.6.6.6 Route: Winner Origin: IGP AS Path: 6 Nexthop: 4004::1 Multiple Exit Discriminator: 0 Local Preference: 100 Aggregator: 6.6.6.6

Note :We can see the aggregated ipv6 network 9999::/40 on SwitchF,and the Aggregator is 6.6.6.6

who create this aggregated network and the as-path is the as number that who create this

aggregated network.

Step 4:Disable suppress-detail


351

Note : In some cases, more-specific routes, in addition to the aggregate, need to be passed

(leaked) to a neighboring AS. This is usually done in ASs multihomed to a single provider. An AS

(the provider) that gets the more-specific routes would be able to make a better decision about

which way to reach the route.

SwitchE:

XorPlus# set protocols bgp aggregate network6 9999::/40 suppress-detail false

Check the bgp route table on SwitchF:

XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::/40 4004::1 6.6.6.6 6i*> 9999:0:0:1::/64 4004::1 6.6.6.6 69 12 i*> 9999::/64 4004::1 6.6.6.6 69 10 iXorPlus#XorPlus# run show bgp routes ipv6 detail9999::/40 From peer: 6.6.6.6 Route: Winner Origin: IGP AS Path: 6 Nexthop: 4004::1 Multiple Exit Discriminator: 0 Local Preference: 100 Aggregator: 6.6.6.69999::/64 From peer: 6.6.6.6 Route: Winner Origin: IGP AS Path: 6 9 10 Nexthop: 4004::1 Multiple Exit Discriminator: 0 Local Preference: 1009999:0:0:1::/64 From peer: 6.6.6.6 Route: Winner Origin: IGP AS Path: 6 9 12 Nexthop: 4004::1 Multiple Exit Discriminator: 0 Local Preference: 100

Note :We can see that the specific route entry didn’t suppressed after disable suppress-detail.

(2)Loss of Information Inside Aggregates


352

Aggregation causes loss of granularity. The detailed information that exists in the specific prefixes

will be lost when summarized in the form of aggregates. The purpose of an AS_SET is to attempt

to preserve the attributes carried in the specific routes in a mathematical SET that gives a better

idea of the elements of the aggregate.

Note :This example is to show you creat as_set when the as_path is different before the bgp route

entry were aggregated.It will not creat as_set by default.

Figure 1-23

Step 1:Configure BGP as topo showed

SwitchA:


SwitchB:

XorPlus# set protocols bgp bgp-id 9.9.9.9XorPlus# set protocols bgp local-as 9XorPlus# set protocols bgp peer 6006::2 local-ip 6006::1XorPlus# set protocols bgp peer 6006::2 as 9XorPlus# set protocols bgp peer 6006::2 next-hop-self trueXorPlus# set protocols bgp peer 6006::2 ipv6-unicast trueXorPlus# set protocols bgp peer 3003::1 local-ip 3003::2XorPlus# set protocols bgp peer 3003::1 as 6XorPlus# set protocols bgp peer 3003::1 ipv6-unicast trueXorPlus# set protocols bgp peer 5005::2 local-ip 5005::1XorPlus# set protocols bgp peer 5005::2 as 10XorPlus# set protocols bgp peer 5005::2 ipv6-unicast true

SwitchC:


353


SwitchD:

XorPlus# set protocols bgp bgp-id 26.26.26.26XorPlus# set protocols bgp local-as 9XorPlus# set protocols bgp peer 1001::1 local-ip 1001::2XorPlus# set protocols bgp peer 1001::1 as 6XorPlus# set protocols bgp peer 1001::1 ipv6-unicast trueXorPlus# set protocols bgp peer 2002::2 local-ip 2002::1XorPlus# set protocols bgp peer 2002::2 as 12XorPlus# set protocols bgp peer 2002::2 ipv6-unicast trueXorPlus# set protocols bgp peer 6006::1 local-ip 6006::2XorPlus# set protocols bgp peer 6006::1 as 9XorPlus# set protocols bgp peer 6006::1 next-hop-self trueXorPlus# set protocols bgp peer 6006::1 ipv6-unicast true

SwitchE:

XorPlus# set protocols bgp bgp-id 6.6.6.6XorPlus# set protocols bgp local-as 6XorPlus# set protocols bgp peer 1001::2 local-ip 1001::1XorPlus# set protocols bgp peer 1001::2 as 9XorPlus# set protocols bgp peer 1001::2 ipv6-unicast trueXorPlus# set protocols bgp peer 3003::2 local-ip "3003::1"XorPlus# set protocols bgp peer 3003::2 as 9XorPlus# set protocols bgp peer 3003::2 ipv6-unicast trueXorPlus# set protocols bgp peer 4004::2 local-ip 4004::1XorPlus# set protocols bgp peer 4004::2 as 100XorPlus# set protocols bgp peer 4004::2 ipv6-unicast true

SwitchF:


Step 2:SwitchA propagate bgp route entry 9999::/64 to SwitchB,SwitchC propagate bgp

route entry 9999:0:0:1::/64 to SwitchD

Note :Check bgp route table on SwitchE,there should be two bgp route entry from different as-path.

SwitchE:

XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ ---------------


354

------------*> 9999:0:0:1::/64 3003::2 9.9.9.9 912 i*> 9999::/64 1001::2 26.26.26.26 910 i* 9999:0:0:1::/64 1001::2 26.26.26.26 912 iXorPlus#

SwitchF:

XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999:0:0:1::/64 4004::1 6.6.6.6 69 12 i*> 9999::/64 4004::1 6.6.6.6 69 10 iXorPlus#

Step 3:Configuure Route aggregation on SwitchE

Note :The bgp speaker will not create AS_SET by default,you can enable the bgp speaker create

AS_SET via command “set protocols bgp aggregate network6 <IPV6-Network> brief-mode false”.

SwitchE:

XorPlus# set protocols bgp aggregate network6 9999::/40

Check bgp route table on SwitchF:

XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::/40 4004::1 6.6.6.6 6iXorPlus#XorPlus# run show bgp routes ipv6 detail9999::/40 From peer: 6.6.6.6 Route: Winner Origin: IGP AS Path: 6 Nexthop: 4004::1 Multiple Exit Discriminator: 0 Local Preference: 100 Aggregator: 6.6.6.6


355

Note :We can see the aggregated ipv6 network 9999::/40 on SwitchF,and the Aggregator is 6.6.6.6

who create this aggregated network and the as-path is the as number that who create this

aggregated network.

Step 4:Create AS_SET

Note :It will not Create AS_SET by default.

SwitchE:

XorPlus# set protocols bgp aggregate network6 9999::/40 brief-mode false

Check the bgp route table on SwitchF:

XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::/40 4004::1 6.6.6.6 6{9 10} iXorPlus#XorPlus# run show bgp routes ipv6 detail9999::/40 From peer: 6.6.6.6 Route: Winner Origin: IGP AS Path: 6 {9 10} Nexthop: 4004::1 Multiple Exit Discriminator: 0 Local Preference: 100 Aggregator: 6.6.6.6

Synchronization

Commands Reference:

XorPlus# set protocols bgp synchronization <true/false>

Note :This command is to Enable or Disable synchronization , synchronization is disabled by

default.

By definition, the default behavior of BGP requires that it must be synchronized with the IGP before

BGP may advertise transit routes to external ASs. It is important that your AS be consistent about

the routes it advertises to avoid unnecessarily black-holing traffic. For example, if an IBGP speaker

were to advertise a route to an external peer before all routers within your AS had learned about

the route through the IGP, your AS could receive traffic to destinations for which some of the

routers might not yet have the information to reach.


356

Whenever a router receives an update about a destination from an IBGP peer, the router tries to

verify internal reachability for that destination before advertising it to other EBGP peers.The router

does this by checking the destination prefix first to see if a route to the next-hop router exists and

second to see if a destination prefix in the IGP exists. This router check indicates whether

non-BGP routers can deliver traffic to that destination. Assuming that the IGP recognizes that

destination, the router announces it to other EBGP peers. Otherwise, the router treats the

destination prefix as not being synchronized with the IGP and does not advertise it.

The BGP rule states that a BGP router should not advertise to external neighbors destinations

learned from IBGP neighbors unless those destinations are also known via an IGP. This is known

as synchronization. If a router knows about these destinations via an IGP, it assumes that the route

has already been propagated inside the AS, and internal reachability is ensured.

The consequence of injecting BGP routes inside an IGP is costly. Redistributing routes from BGP

into the IGP will result in major overhead on the internal routers, primarily from an IGP scalability

perspective, because (as discussed earlier) IGPs are not designed to handle that many routes.

Besides, carrying all external routes inside an AS is not necessary. Routing can easily be

accomplished by having internal non-BGP routers default to one of the BGP routers.Of course, this

will result in suboptimal routing because there is no guarantee that the shortest path for each route

will be used, but this cost is minimal compared to maintaining thousands of routes inside the AS.

Of course, managing default routes in a situation such as this can be extremely complex and may

very well result in routing loops.

Most BGP implementations, however, offer a software knob that lets the network operator disable

synchronization. As you might suspect, configuring “set protocols bgp synchronization false” will

tell BGP to override the synchronization requirement and allow it to advertise routes learned via

IBGP, irrespective of the existence of an IGP route. In practice, most situations allow

synchronization to be safely turned off on border routers, assuming that all transit routers in the AS

are running fully meshed IBGP. In this situation, internal reachability is guaranteed because a route

that is learned via EBGP on any border router will automatically be passed on via BGP to all transit

routers.

That said, by far the most common configuration in Internet-connected networks is to disable BGP

synchronization and rely on a full mesh of IBGP routers. The thought of injecting tens of thousands

of routes into an IGP is quite frightening.


357

Figure-1 1-24

Step 1:SwitchB SwitchC SwitchD Establish ospfv3

SwitchB:


SwitchC:


SwitchD:


Step 2:SwitchA SwitchB establish EBGP,SwitchB SwitchC establish IGP,SwitchC SwitchE

establish EBGP

SwitchA:



358

SwitchB:


SwitchC:

XorPlus#set protocols bgp bgp-id 6.6.6.6XorPlus#set protocols bgp local-as "2"XorPlus#set protocols bgp peer 6006::1 local-ip "1001::1"XorPlus#set protocols bgp peer 6006::1 as "2"XorPlus#set protocols bgp peer 6006::1 next-hop-self trueXorPlus#set protocols bgp peer 6006::1 ipv6-unicast trueXorPlus#set protocols bgp peer 4004::2 local-ip "4004::1"XorPlus#set protocols bgp peer 4004::2 as "3"XorPlus#set protocols bgp peer 4004::2 ipv6-unicast true

SwitchE:


Step 3:Enable Synchronization on SwitchC

Note :If the route entry couldn’t reachable via IGP,it will not install into bgp route table.

SwitchC:

XorPlus# set protocols bgp synchronization true

Check SwitchB bgp route table:

XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::/64 5005::2 33.33.33.33 1iXorPlus#

Check SwitchC bgp route table:


359



Check the ospfv3 route table:

XorPlus# run show route table ipv6 unicast ospf6006::/64 [ospf(110)/2] > to fe80::ca0a:a9ff:304:4928 via vlan100/vlan100

Note :We can see that, the bgp route table is null,as the bgp route entry 9999::/64 didn’t in IGP

route table,so It will not install into bgp route table.

Step 4:Configure a policy export the bgp route entry 9999::/64 into ospfv3 on SwitchB

SwitchB:

XorPlus#set policy policy-statement bgpintoospf term 1 from protocol "bgp"XorPlus#set policy policy-statement bgpintoospf term 1 then acceptXorPlus# set protocols ospf6 export bgpintoospf

Check the ospfv3 route table on SwitchC

SwitchC ospfv3 route table:

XorPlus# run show route table ipv6 unicast ospf6006::/64 [ospf(110)/2] > to fe80::ca0a:a9ff:304:4928 via vlan100/vlan100XorPlus# run show route table ipv6 unicast ospf6006::/64 [ospf(110)/2] > to fe80::ca0a:a9ff:304:4928 via vlan100/vlan1009999::/64 [ospf(110)/3] > to fe80::ca0a:a9ff:304:4928 via vlan100/vlan100

Step 5:Check the bgp route table on SwitchC

Note :The bgp route entry 9999::/64 should have install into bgp route table as the route entry

9999::/64 have been in OSPFV3 route table.

SwitchC BGP route table:



360

* 9999::/64 5005::2 9.9.9.9 1i


Route reflectors—

A method of managing expanding mesh requirements in large autonomous systems (ASs) by

using selected routers as focal points for internal BGP sessions.

Confederations—

A method of managing expanding mesh requirements in large ASs by creating sub-ASs.

Confederations

Commadns References:

XorPlus# set protocols bgp confederation disable [true/false]

Note:This Command is to enable/disable bgp confederation.

XorPlus# set protocols bgp confederation identifier[confederation-identifier]

Note:This Command is to configure a bgp confederation identifier, It’s used for establish EBPG

Peer, It’s an 2-byte or 4-byte AS number.

XorPlus# set protocols bgp peer [Peer-IPV6 address] confederation-member[true/false]

Note:This Command is to specify one bgp peer as a confederation member.

XorPlus# set protocols bgp local-as [AS-Nunmber]

Note:This Command is to configure a private local-as number,used for establish internal

confederation EBGP.

A confederation is another way to deal with the explosion of an IBGP mesh within an AS.As with

route reflection, confederations are recommended only for cases in which IBGP peering involves a

large number of IBGP peering sessions per router.

BGP confederations are based on the concept that an AS can be broken into multiple

sub-ASs.Inside each sub-AS, all the rules of IBGP apply. All BGP routers inside the sub-AS, for

example, must be fully meshed. Because each sub-AS has a different AS number, external BGP

must run between them. Although EBGP is used between sub-ASs, routing inside the

confederation behaves like IBGP routing in a single AS. In other words, the next hop, MED,and

local preference information is preserved when crossing the sub-AS boundaries. To the outside

world, a confederation looks like a single AS.


361

All the sub-ASs are shielded from the outside world and can be given any AS numbers. The

numbers could be chosen from the private AS range (64512 to 65534, as designated in RFC 1930)

in order not to use up any formal AS numbers.

As mentioned previously, inside the sub-AS an IBGP full mesh is used. EBGP is used between the

sub-ASs as well as between the confederation itself and outside ASs.

Confederations can easily detect routing loops inside the whole AS because EBGP is run between

sub-ASs. The AS path list is a loop-avoidance mechanism used to detect routing updates leaving

one sub-AS and attempting to reenter the same sub-AS. A routing update that tries to reenter a

sub-AS it originated from will be detected because the sub-AS will see its own sub-AS number

listed in the update's AS path.

Figure 2-5

Step 1:SwitchB SwitchC SwitchD configure as confederation menber

SwitchB:

XorPlus# set protocols bgp bgp-id 9.9.9.9XorPlus# set protocols bgp local-as "65531"XorPlus# set protocols bgp confederation identifier "6"XorPlus# set protocols bgp peer 3003::1 local-ip "3003::2"XorPlus# set protocols bgp peer 3003::1 as "65531"XorPlus# set protocols bgp peer 3003::1 next-hop-self trueXorPlus# set protocols bgp peer 3003::1 confederation-member trueXorPlus# set protocols bgp peer 3003::1 ipv6-unicast true

SwitchC:


362

XorPlus# set protocols bgp bgp-id 6.6.6.6XorPlus# set protocols bgp local-as "65531"XorPlus# set protocols bgp confederation identifier "6"XorPlus# set protocols bgp peer 1001::2 local-ip "1001::1"XorPlus# set protocols bgp peer 1001::2 as "65532"XorPlus# set protocols bgp peer 1001::2 next-hop-self trueXorPlus# set protocols bgp peer 1001::2 client trueXorPlus# set protocols bgp peer 1001::2 confederation-member trueXorPlus# set protocols bgp peer 1001::2 ipv6-unicast trueXorPlus# set protocols bgp peer 3003::2 local-ip "3003::1"XorPlus# set protocols bgp peer 3003::2 as "65531"XorPlus# set protocols bgp peer 3003::2 next-hop-self trueXorPlus# set protocols bgp peer 3003::2 confederation-member trueXorPlus# set protocols bgp peer 3003::2 ipv6-unicast true

SwitchD:

XorPlus# set protocols bgp bgp-id 26.26.26.26XorPlus# set protocols bgp local-as "65532"XorPlus# set protocols bgp confederation identifier "6"XorPlus# set protocols bgp peer 1001::1 local-ip "1001::2"XorPlus# set protocols bgp peer 1001::1 as "65531"XorPlus# set protocols bgp peer 1001::1 next-hop-self trueXorPlus# set protocols bgp peer 1001::1 confederation-member trueXorPlus# set protocols bgp peer 1001::1 ipv6-unicast true

Step 2:SwitchA SwitchB configure EBGP,SwitchC SwitchE configue EBGP

SwitchA:


SwitchB:


SwitchD:

XorPlus# set protocols bgp peer 4004::2 local-ip "4004::1"XorPlus# set protocols bgp peer 4004::2 as 100XorPlus# set protocols bgp peer 4004::2 next-hop-self trueXorPlus# set protocols bgp peer 4004::2 ipv6-unicast true

SwitchE:

XorPlus# set protocols bgp bgp-id 100.100.100.100XorPlus# set protocols bgp local-as 100


363

XorPlus# set protocols bgp peer 4004::1 local-ip "4004::2"XorPlus# set protocols bgp peer 4004::1 as 6XorPlus# set protocols bgp peer 4004::1 ipv6-unicast true

Step 3:SwitchA distribute one bgp route entry, then check the bgp route table on SwitchB

SwitchC SwitchD SwitchE


XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::/64 5005::2 33.33.33.33 10 iXorPlus# run show bgp routes ipv6 detail9999::/64 From peer: 33.33.33.33 Route: Winner Origin: IGP AS Path: 10 Nexthop: 5005::2 Local Preference: 100XorPlus#


XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::/64 3003::2 9.9.9.9 10 iXorPlus# run show bgp routes ipv6 detail9999::/64 From peer: 9.9.9.9 Route: Winner Origin: IGP AS Path: 10 Nexthop: 3003::2 Local Preference: 100XorPlus#




364

------------*> 9999::/64 1001::1 6.6.6.6 (65531) 10 iXorPlus# run show bgp routes ipv6 detail9999::/64 From peer: 6.6.6.6 Route: Winner Origin: IGP AS Path: (65531) 10 Nexthop: 1001::1 Local Preference: 100XorPlus#

Note:We can see that the as-path include the Confederation ebgp as number 65531

SwitchE bgp route table:

XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::/64 4004::1 6.6.6.6 6 10iXorPlus# run show bgp routes ipv6 detail9999::/64 From peer: 6.6.6.6 Route: Winner Origin: IGP AS Path: 6 10 Nexthop: 4004::1 Local Preference: 100XorPlus#

Note:We can see taht ,the Confederation as number 65531 was removed from the as-path when it

outbound the AS to it’s EBGP Peer.

Route Reflectors

Route Reflectors Commands References:

XorPlus# set protocols bgp route-reflector disable [true/false]

Note:This Command is to enable/disable route-reflectors.

XorPlus# set protocols bgp route-reflector cluster-id [cluster-id]

Note:This Command is to specify a cluster-id.

XorPlus# set protocols bgp peer [bgp peer id] client [true/false]


365

Note:This Command is to specify one bgp peer as RR’s Client.

In some Internet service provider (ISP) networks, the internal BGP mesh can become quite large

(more than 100 internal BGP sessions per router), which strongly suggests that some new peering

mechanism be implemented. The concept is based on the idea of specifying a route reflector

router to act as a focal point for internal BGP sessions. Multiple (client) BGP routersconcentration

can peer with a central server (the route reflector), and then route reflectors peer with one another.

Although the BGP rule states that routes learned via one IBGP speaker can't be advertised to

another IBGP speaker, route reflection allows the route reflector servers to "reflect" routes as

described later, thereby relaxing the IBGP full-mesh constraints.

The route reflector is a router that performs the route reflection function. The IBGP peers of the

route reflector fall under two categories— and A route reflector and its clientsclients nonclients.

form a All peers of the route reflector that are not part of the cluster are nonclients.cluster.

Nonclients (standard IBGP speakers) are still required to be fully meshed with one another and the

route reflector because they follow the normal IBGP advertisement rules, although they no longer

need to peer with the clients of the route reflectors. Clients should not peer with internal speakers

outside their associated cluster.

The route reflector function is implemented only on the route reflector; all clients and nonclients are

normal BGP peers that have no notion of the route reflector. Route reflector clients are considered

as such only because the route reflector lists them as clients.

Any route reflector that receives multiple routes for the same destination employs the usual BGP

decision process to pick the overall best path. The best path would be propagated inside the AS

based on the following rules of operation:

If the route is received from a nonclient peer, reflect to clients only.

If the route is received from a client peer, reflect to all nonclient peers and also to client

peers.

If the route is received from an EBGP peer, reflect to all client and nonclient peers.

Because route reflection is a concept that applies only internally to an AS, routers external to the

AS, which would receive UPDATEs via EBGP, are considered nonclients and follow normal

nonclient behavior with respect to sending and receiving UPDATEs.

The Route Reflector Preserves IBGP Attributes

The route reflector concept does not change IBGP behavior—the route reflector is not allowed to

modify the attributes of the reflected IBGP routes. The NEXT_HOP attribute, for example, remains

the same when an IBGP route is exchanged between RRs. This is necessary to avoid loops inside

the AS.

Avoiding Loops

BGP relies on the information in the AS path to facilitate loop detection. A BGP update that

attempts to reenter the AS it was originated from will be dropped by the border router of the source

AS With the introduction of route reflectors, there is a potential for routing loops within an AS. A


366

routing update that leaves a cluster may reenter the cluster. Loops inside the AS cannot be

detected by the traditional AS path approach because routing updates do not have an originating

AS path signature. Therefore, when route reflectors are deployed, BGP offers two extra measures

for loop avoidance inside the AS—using an ORIGINATOR_ID and using a CLUSTER_LIST.

Using an ORIGINATOR_ID

The ORIGINATOR_ID is a 4-byte, optional, nontransitive BGP attribute (type code 9). This attribute

carries the ROUTER_ID of the route's originator in the local AS and is to be added to the UPDATE

message by the route reflector. If the update comes back to the originator because of poor

configuration, the originator should discard it.

The CLUSTER_LIST

The CLUSTER_LIST is an optional, nontransitive BGP attribute (type code 10). Each clusteris

represented with a CLUSTER_ID.A CLUSTER_LIST is a sequence of CLUSTER_IDs that contain

path information regarding the list of clusters that an UPDATE has traversed. When a route

reflector sends a route from its clients to nonclients outside the cluster, it appends the local

CLUSTER_ID to the CLUSTER_LIST, or creates the list if one is not present. If the route reflector

receives an UPDATE whose CLUSTER_LIST contains the local CLUSTER_ID value, the UPDATE

message should be discarded. Thus, the CLUSTER_LIST provides loop avoidance inside an AS,

whereas the AS_PATH list, discussed earlier, facilitates loop avoidance for UPDATEs traversing

multiple, external ASs.


Figure 2-1

Step 1:Configure IBGP

SwitchA:

XorPlus# set protocols bgp bgp-id 6.6.6.6XorPlus# set protocols bgp local-as "6"XorPlus# set protocols bgp peer 3003::2 local-ip "3003::1"


367

XorPlus# set protocols bgp peer 3003::2 as "6"XorPlus# set protocols bgp peer 3003::2 next-hop-self trueXorPlus# set protocols bgp peer 3003::2 ipv6-unicast true

SwitchB:

XorPlus# set protocols bgp bgp-id 9.9.9.9XorPlus# set protocols bgp local-as "6"XorPlus# set protocols bgp peer 3003::1 local-ip "3003::2"XorPlus# set protocols bgp peer 3003::1 as "6"XorPlus# set protocols bgp peer 3003::1 next-hop-self trueXorPlus# set protocols bgp peer 3003::1 ipv6-unicast true

Step 2:Configure SwitchA as RR and configure Cluster-ID

XorPlus# set protocols bgp route-reflector disable falseXorPlus# set protocols bgp route-reflector cluster-id 6.6.6.6

Step 3:Specify One bgp peer as RR’s Client

XorPlus# set protocols bgp peer 3003::2 client true

Step 4:Check bgp peer status:

SwitchA:

XorPlus# run show bgp peers detailPeer 2: local 3003::1/179 remote 3003::2/33239 Peer ID: 9.9.9.9 Peer State: ESTABLISHED Admin State: START Negotiated BGP Version: 4 Peer AS Number: 6 Updates Received: 1, Updates Sent: 6 Messages Received: 102, Messages Sent: 108 Time since last received update: 2611 seconds Number of transitions to ESTABLISHED: 4 Time since last entering ESTABLISHED state: 2611 seconds Retry Interval: 120 seconds Hold Time: 90 seconds, Keep Alive Time: 30 seconds Configured Hold Time: 90 seconds, Configured Keep Alive Time: 30 seconds Minimum AS Origination Interval: 0 seconds Minimum Route Advertisement Interval: 0 seconds

SwitchB:

XorPlus# run show bgp peers detailPeer 1: local 3003::2/33239 remote 3003::1/179 Peer ID: 6.6.6.6 Peer State: ESTABLISHED Admin State: START Negotiated BGP Version: 4 Peer AS Number: 6 Updates Received: 6, Updates Sent: 1


368

Messages Received: 123, Messages Sent: 118 Time since last received update: 1079 seconds Number of transitions to ESTABLISHED: 9 Time since last entering ESTABLISHED state: 2988 seconds Retry Interval: 120 seconds Hold Time: 90 seconds, Keep Alive Time: 30 seconds Configured Hold Time: 90 seconds, Configured Keep Alive Time: 30 seconds Minimum AS Origination Interval: 0 seconds Minimum Route Advertisement Interval: 0 seconds


BGP Reflector Configuration examples.

1.RR will propagate bgp route to all it’s Client and Non-client peer:

Figure 2-2

Step 1:Configure IBGP on SwitchA SwitchB SwitchC SwitchD

SwitchA:

XorPlus# set protocols bgp bgp-id 6.6.6.6XorPlus# set protocols bgp local-as "6"XorPlus# set protocols bgp peer 1001::2 local-ip "1001::1"XorPlus# set protocols bgp peer 1001::2 as "6"XorPlus# set protocols bgp peer 1001::2 next-hop-self trueXorPlus# set protocols bgp peer 1001::2 ipv6-unicast trueXorPlus# set protocols bgp peer 3003::2 local-ip "3003::1"XorPlus# set protocols bgp peer 3003::2 as "6"XorPlus# set protocols bgp peer 3003::2 next-hop-self trueXorPlus# set protocols bgp peer 3003::2 ipv6-unicast trueXorPlus# set protocols bgp peer 4004::2 local-ip "4004::1"XorPlus# set protocols bgp peer 4004::2 as "6"XorPlus# set protocols bgp peer 4004::2 next-hop-self trueXorPlus# set protocols bgp peer 4004::2 ipv6-unicast true


369

SwitchB:


SwitchC:


SwitchD:


Step 2:Configure SwitchA as RR and configure Cluster-ID

XorPlus# set protocols bgp route-reflector disable falseXorPlus# set protocols bgp route-reflector cluster-id 6.6.6.6

Step 3:Specify SwitchB SwitchC as RR’s Client

XorPlus# set protocols bgp peer 3003::2 client trueXorPlus# set protocols bgp peer 4004::2 client true

Step 4:SwitchB distribute a bgp route,then RR will propagate to all it’s client(SwitchC) and

non-client(SwitchD)


XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::/64 5005::2 33.33.33.33 10 iSwitch A bgp route table:XorPlus# run show bgp routes ipv6


370

Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::/64 3003::2 9.9.9.9 10 i

Check the bgp route table of SwitchC,we can see that the Client got a bgp route entry from RR.


XorPlus# run show bgp routes ipv6 detail9999::/64 From peer: 6.6.6.6 Route: Winner Origin: IGP AS Path: 10 Nexthop: 4004::1 Multiple Exit Discriminator: 1000 Local Preference: 100 Originator ID: 9.9.9.9 Cluster List: 6.6.6.6

Check the bgp route table of SwitchD,we can see that Non-Client(SwitchD) got a bgp route entry

from RR


XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::/64 1001::1 6.6.6.6 10 iXorPlus# run show bgp routes ipv6 detail9999::/64 From peer: 6.6.6.6 Route: Winner Origin: IGP AS Path: 10 Nexthop: 1001::1 Multiple Exit Discriminator: 1000 Local Preference: 100 Originator ID: 9.9.9.9 Cluster List: 6.6.6.6


2.A route from a nonclient peer is advertised to all clients.it means the route entry from a non-client

peer will not advertised to RR’s non-client peer:


371

Figure 2-3

Step 1:Configure IBGP on SwitchA SwitchB SwitchC SwitchD

SwitchA:


SwitchB:

XorPlus# set protocols bgp bgp-id 6.6.6.6XorPlus# set protocols bgp local-as "6"XorPlus# set protocols bgp peer 1001::2 local-ip "1001::1"XorPlus# set protocols bgp peer 1001::2 as "6"XorPlus# set protocols bgp peer 1001::2 next-hop-self trueXorPlus# set protocols bgp peer 1001::2 ipv6-unicast trueXorPlus# set protocols bgp peer 3003::2 local-ip "3003::1"XorPlus# set protocols bgp peer 3003::2 as "6"XorPlus# set protocols bgp peer 3003::2 next-hop-self trueXorPlus# set protocols bgp peer 3003::2 ipv6-unicast trueXorPlus# set protocols bgp peer 4004::2 local-ip "4004::1"XorPlus# set protocols bgp peer 4004::2 as "6"XorPlus# set protocols bgp peer 4004::2 next-hop-self trueXorPlus# set protocols bgp peer 4004::2 ipv6-unicast true

SwitchC:



372

XorPlus# set protocols bgp peer 1001::1 local-ip "1001::2"XorPlus# set protocols bgp peer 1001::1 as "6"XorPlus# set protocols bgp peer 1001::1 next-hop-self trueXorPlus# set protocols bgp peer 1001::1 ipv6-unicast true

SwitchD:


Step 2:Enable route-reflector on SwitchB and specify SwitchC as it’s client

XorPlus# set protocols bgp route-reflector disable falseXorPlus# set protocols bgp route-reflector cluster-id 6.6.6.6XorPlus# set protocols bgp peer 1001::2 client true

Step 3:SwitchA distribute two bgp route entry,then check the bgp route table on SwitchB

SwitchC SwitchD,we can see that SwitchB will not advertise these bgp route entry to it’s

non-client peer(SwitchD)


XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::/64 3003::2 9.9.9.9 10 i*> 9999:0:0:1::/64 3003::2 9.9.9.9 10 iXorPlus# run show bgp routes ipv6 detail9999::/64 From peer: 9.9.9.9 Route: Winner Origin: IGP AS Path: 10 Nexthop: 3003::2 Local Preference: 1009999:0:0:1::/64 From peer: 9.9.9.9 Route: Winner Origin: IGP AS Path: 10 Nexthop: 3003::2 Local Preference: 100XorPlus#



373

XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::/64 1001::1 6.6.6.6 10 i*> 9999:0:0:1::/64 1001::1 6.6.6.6 10 iXorPlus# run show bgp routes ipv6 detail9999::/64 From peer: 6.6.6.6 Route: Winner Origin: IGP AS Path: 10 Nexthop: 1001::1 Local Preference: 100 Originator ID: 9.9.9.9 Cluster List: 6.6.6.69999:0:0:1::/64 From peer: 6.6.6.6 Route: Winner Origin: IGP AS Path: 10 Nexthop: 1001::1 Local Preference: 100 Originator ID: 9.9.9.9 Cluster List: 6.6.6.6XorPlus#



Note:The bgp route table on SwitchD should be NULL,as the bgp route entry from non-client will

not advertise to it’s non-client peer.


3.Multistage bgp reflector:


374

Figure 2-4

Step 1:Configure IBGP on SwitchA SwitchB SwitchC

SwitchA:


SwitchB:

XorPlus# set protocols bgp bgp-id 6.6.6.6XorPlus# set protocols bgp local-as "6"XorPlus# set protocols bgp peer 1001::2 local-ip "1001::1"XorPlus# set protocols bgp peer 1001::2 as "6"XorPlus# set protocols bgp peer 1001::2 next-hop-self trueXorPlus# set protocols bgp peer 1001::2 ipv6-unicast trueXorPlus# set protocols bgp peer 3003::2 local-ip "3003::1"XorPlus# set protocols bgp peer 3003::2 as "6"XorPlus# set protocols bgp peer 3003::2 next-hop-self trueXorPlus# set protocols bgp peer 3003::2 ipv6-unicast true

SwitchC:



375

XorPlus# set protocols bgp peer 1001::1 local-ip "1001::2"XorPlus# set protocols bgp peer 1001::1 as "6"XorPlus# set protocols bgp peer 1001::1 next-hop-self trueXorPlus# set protocols bgp peer 1001::1 ipv6-unicast true

Step 2:Configure SwitchA as first-level RR ,SwitchB is SwitchA’s Client

SwitchA:


Step 3:Configure SwitchB as the second-level RR,SwitchC is SwitchB’s Client

SwitchB:


Step 4:SwitchA got a bgp route entry from an EBGP peer,then check the bgp route table on

SwitchA SwitchB SwitchC,

SwitchA bgp route table:

XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::/64 5005::2 33.33.33.33 10 iXorPlus# run show bgp routes ipv6 detail9999::/64 From peer: 33.33.33.33 Route: Winner Origin: IGP AS Path: 10 Nexthop: 5005::2 Multiple Exit Discriminator: 1000 Local Preference: 100XorPlus#

Check the bgp route table of SwitchB,we can see the router-id of SwitchA




376

------------*> 9999::/64 3003::2 9.9.9.9 10 iXorPlus# run show bgp routes ipv6 detail9999::/64 From peer: 9.9.9.9 Route: Winner Origin: IGP AS Path: 10 Nexthop: 3003::2 Multiple Exit Discriminator: 1000 Local Preference: 100 Originator ID: 33.33.33.33 Cluster List: 9.9.9.9XorPlus#

Check the bgp route table of SwitchC,we can see that the router-id of SwitchB was add into cluster

list


XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::/64 1001::1 6.6.6.6 10 iXorPlus# run show bgp routes ipv6 detail9999::/64 From peer: 6.6.6.6 Route: Winner Origin: IGP AS Path: 10 Nexthop: 1001::1 Multiple Exit Discriminator: 1000 Local Preference: 100 Originator ID: 33.33.33.33 Cluster List: 6.6.6.6, 9.9.9.9XorPlus#


BGP Load Balance Commands references:

XorPlus# set protocols bgp multipath disable [true/false]

Note:This command is to enable/disable Load Balance when it have multiple connections to the

same destination and all the bgp route entry have the same as-path values.

XorPlus# set protocols bgp multipath path-relax [true/false]


377

Note:This command is to enable/disable path-relax ,when it have multiple connections to the same

destination and they have the different as-path,if you enable path-relax,they also could form Load

Balance.

Under normal conditions, when a BGP speaker receives identical paths for a prefix from an

adjacent AS, only one path will be selected as the best path (normally the one with the lowest BGP

ROUTER_ID value) and will be installed in the routing table. If BGP multipath is enabled, multiple

paths can be installed in the IP routing table,By default,just all the bgp route have the same

as-paths ,they can form Load Balance,but if you enable path-relax,the bgp route have the different

as-paths,they also can form Load Balance.

(1)Configure example 1:Redundancy

when a BGP speaker receives identical paths for a prefix from an adjacent AS, only one path will

be selected as the best path and will be installed in the routing table,When the primary failed,the

backup one will be selected as the best path and will be installed in the routing table.

Figure 3-1


378

Step 1:SwitchA SwitchC configure EBGP,SwitchB SwitchD configure EBGP,SwitchC

SwitchD cofnigure IBGP,SwitchC SwitchE configure EBGP, SwitchD SwitchE configure

EBGP,SwitchE SwitchF configure EBGP,SwitchA SwitchB in AS 10,SwitchC SwitchD in AS

9,SwitchE in as 6,SwitchF in AS 100

SwitchA:

XorPlus# set protocols bgp bgp-id 33.33.33.33XorPlus# set protocols bgp local-as 10XorPlus# set protocols bgp peer 5005::1 local-ip 5005::2"XorPlus# set protocols bgp peer 5005::1 as 9XorPlus# set protocols bgp peer 5005::1 ipv6-unicast true

SwitchB:


SwitchC:

XorPlus# set protocols bgp bgp-id 9.9.9.9XorPlus# set protocols bgp local-as "9"XorPlus# set protocols bgp peer 3003::1 local-ip "3003::2"XorPlus# set protocols bgp peer 3003::1 as "6"XorPlus# set protocols bgp peer 3003::1 ipv6-unicast trueXorPlus# set protocols bgp peer 5005::2 local-ip "5005::1"XorPlus# set protocols bgp peer 5005::2 as "10"XorPlus# set protocols bgp peer 5005::2 ipv6-unicast trueXorPlus# set protocols bgp peer 6006::2 local-ip "6006::1"XorPlus# set protocols bgp peer 6006::2 as "9"XorPlus# set protocols bgp peer 6006::2 next-hop-self trueXorPlus# set protocols bgp peer 6006::2 ipv6-unicast true

SwitchD:


SwitchE:


379

XorPlus# set protocols bgp bgp-id 6.6.6.6XorPlus# set protocols bgp local-as "6"XorPlus# set protocols bgp peer 1001::2 local-ip "1001::1"XorPlus# set protocols bgp peer 1001::2 as "9"XorPlus# set protocols bgp peer 1001::2 ipv6-unicast trueXorPlus# set protocols bgp peer 3003::2 local-ip "3003::1"XorPlus# set protocols bgp peer 3003::2 as "9"XorPlus# set protocols bgp peer 3003::2 ipv6-unicast trueXorPlus# set protocols bgp peer 4004::2 local-ip "4004::1"XorPlus# set protocols bgp peer 4004::2 as "100"XorPlus# set protocols bgp peer 4004::2 ipv6-unicast true

SwitchF:


Step 2:SwitchA SwitchB distribute bgp route entry 9999::/64,then check the bgp route table

on SwitchC SwitchD,SwitchE


XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::/64 5005::2 33.33.33.33 10 i* 9999::/64 6006::2 26.26.26.26 10 i


XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------* 9999::/64 6006::1 9.9.9.9 10 i*> 9999::/64 2002::2 44.44.44.44 10 i

SwichE BGP route table:



380

Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::/64 3003::2 9.9.9.9 910 i* 9999::/64 1001::2 26.26.26.26 910 i

Step 3.The primary link down,then the bgp route entry from the backup link will be the best

route ,then check the bgp route table on SwitchE


(2)Configure example 2:Load Balance(bgp route have the same as-apth)

when a BGP speaker receives identical paths for a prefix from an adjacent AS,If BGP multipath is

enabled, multiple paths can be installed in the IP routing table.


381

Figure 3-2

Step 1:SwitchA SwitchC configure EBGP,SwitchB SwitchD configure EBGP,SwitchC


EBGP,SwitchE SwitchF configure EBGP,SwitchA SwitchB in AS 10,SwitchC SwitchD in AS

9,SwitchE in as 6,SwitchF in AS 100

SwitchA:


SwitchB:


382


SwitchC:


SwitchD:


SwitchE:


SwitchF:

XorPlus# set protocols bgp bgp-id 100.100.100.100XorPlus# set protocols bgp local-as 100


383

XorPlus# set protocols bgp peer 4004::1 local-ip "4004::2"XorPlus# set protocols bgp peer 4004::1 as 6XorPlus# set protocols bgp peer 4004::1 ipv6-unicast true


on SwitchC SwitchD,SwitchE.





SwichE BGP route table:


Step 3.Enable Multipath on SwitchE then check bgp route table,it will form Load Balance,as

the two bgp route entry have the same as-path

XorPlus#set protocols bgp multipath disable false

SwitchE BGP route table:


384

XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::/64 1001::2 26.26.26.26 910 i*> 9999::/64 3003::2 9.9.9.9 910 iXorPlus# run show route forward-route ipv6 allDestination NetMask NextHopMac Port --------------------------------------- --------------------------------------- ----------------- ---------2001:: ffff:ffff:ffff:ffff:: 04:7D:7B:62:93:FF connected4004:: ffff:ffff:ffff:ffff:: 04:7D:7B:62:93:FF connected1001:: ffff:ffff:ffff:ffff:: 04:7D:7B:62:93:FF connected3003:: ffff:ffff:ffff:ffff:: 04:7D:7B:62:93:FF connected9999:: ffff:ffff:ffff:ffff:: C8:0A:A9:AE:0A:66 te-1/1/469999:: ffff:ffff:ffff:ffff:: C8:0A:A9:04:49:28 te-1/1/48

(3)Configure example 3:Load Balance(bgp route have different as-path)

when a BGP speaker receives identical paths for a prefix from an adjacent AS,If BGP multipath is

enabled, multiple paths can be installed in the IP routing table:


385

Figure 3-3

1)..Step 1:SwitchA SwitchC configure EBGP,SwitchB SwitchD configure EBGP,SwitchC


EBGP,SwitchE SwitchF configure EBGP,SwitchA in AS 10, SwitchB in AS 12,SwitchC

SwitchD in AS 9,SwitchE in as 6,SwitchF in AS 100

SwitchA:


SwitchB:

XorPlus# set protocols bgp bgp-id 44.44.44.44XorPlus# set protocols bgp local-as 12XorPlus# set protocols bgp peer 2002::1 local-ip 2002::2"


386

XorPlus# set protocols bgp peer 2002::1 as 9XorPlus# set protocols bgp peer 2002::1 ipv6-unicast true

SwitchC:


SwitchD:


SwitchE:


SwitchF:



387


on SwitchC SwitchD,SwitchE



SwitchD BGP route table:


SwitchE BGP route table:


Step 3:Enable Multipath and enable path-relax on SwitchE(as the two bgp route have

different as-path,if it want to form Load Balance,it must enable path-relax and enable

multipath at the same time), then check the bgp route talbe on SwitchE,it will form Load

Balance.

XorPlus# set protocols bgp multipath disable falseXorPlus# set protocols bgp multipath path-relax trueXorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete


388

Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::/64 1001::2 26.26.26.26 912 i*> 9999::/64 3003::2 9.9.9.9 910 iXorPlus# run show route forward-route ipv6 allDestination NetMask NextHopMac Port --------------------------------------- --------------------------------------- ----------------- ---------2001:: ffff:ffff:ffff:ffff:: 04:7D:7B:62:93:FF connected4004:: ffff:ffff:ffff:ffff:: 04:7D:7B:62:93:FF connected1001:: ffff:ffff:ffff:ffff:: 04:7D:7B:62:93:FF connected3003:: ffff:ffff:ffff:ffff:: 04:7D:7B:62:93:FF connected9999:: ffff:ffff:ffff:ffff:: C8:0A:A9:AE:0A:66 te-1/1/469999:: ffff:ffff:ffff:ffff:: C8:0A:A9:04:49:28 te-1/1/48

Step 4:Check the bgp route table on SwitchF,the bgp route entry was got from SwitchE,and

it’s the first one arrived SwitchE

XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::/64 4004::1 6.6.6.6 6 912 i


(1)Route Dampening

Route Dampening Command Reference:

XorPlus# set protocols bgp damping disable [true/false]

Note :This command is to Enable/Disable route dampening.

XorPlus# set protocols bgp damping half-life [1-45 minutes]

Note :This Command is to set the A configurable numeric value that describes the amount of time

that must elapse to reduce the penalty by one-half ,the default value is 15 minutes.


389

XorPlus# set protocols bgp damping max-suppress [1-720 minutes]

Note :This Command is to set the max-suppress timer ,It’s default value is 60 minutes.

XorPlus# set protocols bgp damping reuse [1-20000 seconds]

Note : This Commands is to set A configurable numeric value that is compared with the penalty. If

the penalty is less than the reuse limit, a suppressed route that is up will no longer be suppressed,

the default value is 750.

XorPlus# set protocols bgp damping suppress [1-20000 seconds]

Note : This Commands is to set A numeric value that is compared with the penalty. If the penalty is

greater than the suppress limit, the route is suppressed ,the default value is 3000.

Another mechanism for controlling route instability is A route that appears androute dampening.

disappears intermittently causes BGP UPDATE and WITHDRAWN messages to be repeatedly

propagated on the Internet. The tremendous amount of routing traffic generated can use up all the

link's bandwidth and drive up CPU utilization of routers.

Dampening categorizes routes as well either or A well-behaved route showsbehaved ill behaved.

a high degree of stability during an extended period of time. On the other hand, an illbehaved route

experiences a high level of instability in a short period of time. Ill-behaved routes should be

penalized in a way that is proportional to the route's expected future instability. An unstable route

should be suppressed (not advertised) until there is some degree of confidence that the route has

become stable.

A route's recent history is used as a basis for estimating future stability. To track a route history, it

is essential to track the number of times the route has flapped over a period of time.Under route

dampening, each time a route flaps, it is given a penalty. Whenever the penalty reaches a

predefined threshold, the route is suppressed. The route can continue to accrue penalties even

after it is suppressed. The more frequently a route oscillates in a short amount of time, the faster

the route is suppressed.

Similar criteria are put in place to unsuppress a route and start readvertising it. An algorithm is

implemented to decay (reduce) the penalty value exponentially.

•Penalty—

An incremented numeric value that is assigned to a route each time it flaps.

•Half-life—

A configurable numeric value that describes the amount of time that must elapse to reduce the

penalty by one-half.

•Suppress limit—

A numeric value that is compared with the penalty. If the penalty is greater than the suppress limit,

the route is suppressed.

•Reuse limit—


390

A configurable numeric value that is compared with the penalty. If the penalty is less than the reuse

limit, a suppressed route that is up will no longer be suppressed.

• max-suppress timer—

It is the maximum time the bgp route was suppressed.

The following figure illustrates the process of assessing a penalty to a route every time it flaps. The

penalty is exponentially decayed according to parameters such as the half-life. The half-life

parameter can be changed by the administrator to reflect the oscillation history of a route: A longer

half-life might be desirable for a route that has a habit of oscillating frequently. A larger half-life

value would cause the penalty to decay more slowly, which translates into a route's being

suppressed longer.

Figure 4-1 Route Dampening Penalty Assessment


Figure 4-2

Step 1:SwitchA SwitchB Establishing EBGP

SwitchA:


391


SwitchB:


Step 2:SwitchA propagate a bgp route entry 9999::/64 to SwitchB,then check the bgp route

table on SwitchB


XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::/64 3003::2 9.9.9.9 910 iXorPlus# run show bgp routes ipv6 deatilInvalid IPNetXorPlus# run show bgp routes ipv6 detail9999::/64 From peer: 9.9.9.9 Route: Winner Origin: IGP AS Path: 9 10 Nexthop: 3003::2 Multiple Exit Discriminator: 0 Local Preference: 100XorPlus#

Step 3:Enable BGP Route Dampening on SwitchB

XorPlus#set protocols bgp damping disable false

Note:The default half-life: 15 ,The default max-suppress: 60 ,The default reuse: 750,The default

suppress: 3000.



392

*> 9999::/64 3003::2 9.9.9.9 910 iXorPlus# run show bgp routes ipv6 detail9999::/64 From peer: 9.9.9.9 Route: Winner Origin: IGP AS Path: 9 10 Nexthop: 3003::2 Multiple Exit Discriminator: 0 Local Preference: 100XorPlus#

Step 4:Withdrawn and update the bgp route entry on SwitchA and repeat the operation three

times , then check the bgp route table ,the bgp route entry should be suppressed after the

third times.

The first time:


XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::/64 3003::2 9.9.9.9 910 iXorPlus# run show bgp routes ipv6 detail9999::/64 From peer: 9.9.9.9 Route: Winner Origin: IGP AS Path: 9 10 Nexthop: 3003::2 Multiple Exit Discriminator: 0 Local Preference: 100XorPlus#

The Second time:

XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::/64 3003::2 9.9.9.9 910 iXorPlus# run show bgp routes ipv6 detail9999::/64 From peer: 9.9.9.9 Route: Winner Origin: IGP AS Path: 9 10 Nexthop: 3003::2


393

Multiple Exit Discriminator: 0 Local Preference: 100XorPlus#

The Third time:

XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------XorPlus#

Note : We can see that the bgp route was suppressed on SwitchB the third time you withdrawn the

bgp route entry , and the bgp route entry will be recover after 60 minutes.

60 minutes later :

XorPlus# run show bgp routes ipv6Status Codes: * valid route, > best routeOrigin Codes: i IGP, e EGP, ? incomplete Prefix Nexthop Peer AS Path ---------------------------- ------------------------ --------------- ------------*> 9999::/64 3003::2 9.9.9.9 910 iXorPlus# run show bgp routes ipv6 detail9999::/64 From peer: 9.9.9.9 Route: Winner Origin: IGP AS Path: 9 10 Nexthop: 3003::2 Multiple Exit Discriminator: 0 Local Preference: 100XorPlus#

4.2 BGP fast-external-fallover

BGP fast-external-fallover Commands References:

XorPlus#set protocols bgp fast-external-fallover disable [true/false]

Note:BGP fast-external-fallover is enabled by default , The BGP fast-external-fallover command is

used to disable or enable fast-external-fallover for BGP peering sessions with directly connected

external peers ,the session is immediately reset if link goes down , only directly connected peering

sessions are supported.

If BGP fast-external-fallover is disabled , The BGP routing process will wait until the default hold

timer expires to reset the peering session.



394

Figure 4-3

Step 1:SwitchA SwitchB Establishing EBGP

SwitchA:


SwitchB:


Then check bgp peer status on SwitchA SwitchB:

SwitchA:


SwitchB:


395

XorPlus# run show bgp peers detailPeer 2: local 3003::1/38709 remote 3003::2/179 Peer ID: 9.9.9.9 Peer State: ESTABLISHED Admin State: START Negotiated BGP Version: 4 Peer AS Number: 9 Updates Received: 7, Updates Sent: 0 Messages Received: 18, Messages Sent: 11 Time since last received update: 227 seconds Number of transitions to ESTABLISHED: 1 Time since last entering ESTABLISHED state: 255 seconds Retry Interval: 120 seconds Hold Time: 90 seconds, Keep Alive Time: 30 seconds Configured Hold Time: 90 seconds, Configured Keep Alive Time: 30 seconds Minimum AS Origination Interval: 0 seconds Minimum Route Advertisement Interval: 0 seconds

Step 2:Shutdown the link BGP peer connected then check the bgp peer status,the bgp peer

will be down immediately as bgp fast-external-fallover is enable by default.

XorPlus# set interface gigabit-ethernet te-1/1/46 disable trueXorPlus# commitMerging the configuration.Commit OK.Save done.XorPlus# run show bgp peers detail 3003::2Peer 1: local 3003::1/179 remote 3003::2/179 Peer ID: none Peer State: CONNECT Admin State: START Negotiated BGP Version: n/a Peer AS Number: 9 Updates Received: 0, Updates Sent: 0 Messages Received: 0, Messages Sent: 0 Time since last received update: n/a Number of transitions to ESTABLISHED: 1 Time since last in ESTABLISHED state: 11 seconds Retry Interval: 120 seconds Hold Time: n/a, Keep Alive Time: n/a Configured Hold Time: 90 seconds, Configured Keep Alive Time: 30 seconds Minimum AS Origination Interval: 0 seconds Minimum Route Advertisement Interval: 0 secondsXorPlus#

Step 3:Up the Link bgp peer connected and disable bgp fast-external-fallover on SwitchA

XorPlus# set interface gigabit-ethernet te-1/1/46 disable falseXorPlus# commitMerging the configuration.Commit OK.Save done.XorPlus# set protocols bgp fast-external-fallover disable trueXorPlus# commitMerging the configuration.Commit OK.Save done.XorPlus#XorPlus# run show bgp peers detail 3003::2


396

Peer 1: local 3003::1/52347 remote 3003::2/179 Peer ID: 9.9.9.9 Peer State: ESTABLISHED Admin State: START Negotiated BGP Version: 4 Peer AS Number: 9 Updates Received: 1, Updates Sent: 0 Messages Received: 3, Messages Sent: 2 Time since last received update: 4 seconds Number of transitions to ESTABLISHED: 2 Time since last entering ESTABLISHED state: 4 seconds Retry Interval: 120 seconds Hold Time: 90 seconds, Keep Alive Time: 30 seconds Configured Hold Time: 90 seconds, Configured Keep Alive Time: 30 seconds Minimum AS Origination Interval: 0 seconds Minimum Route Advertisement Interval: 0 seconds

Step 4:Shutdown the link bgp peer connected,then check the bgp peer status,the bgp peer

will not down immediately but it will goes down after 90 seconds

XorPlus# set interface gigabit-ethernet te-1/1/46 disable trueXorPlus# commitMerging the configuration.Commit OK.Save done.XorPlus# run show bgp peers detail 3003::2Peer 1: local 3003::1/52347 remote 3003::2/179 Peer ID: 9.9.9.9 Peer State: ESTABLISHED Admin State: START Negotiated BGP Version: 4 Peer AS Number: 9 Updates Received: 1, Updates Sent: 0 Messages Received: 7, Messages Sent: 7 Time since last received update: 139 seconds Number of transitions to ESTABLISHED: 2 Time since last entering ESTABLISHED state: 139 seconds Retry Interval: 120 seconds Hold Time: 90 seconds, Keep Alive Time: 30 seconds Configured Hold Time: 90 seconds, Configured Keep Alive Time: 30 seconds Minimum AS Origination Interval: 0 seconds Minimum Route Advertisement Interval: 0 secondsXorPlus#

90 seconds later :

XorPlus# run show bgp peers detail 3003::2Peer 1: local 3003::1/179 remote 3003::2/179 Peer ID: none Peer State: ACTIVE Admin State: START Negotiated BGP Version: n/a Peer AS Number: 9 Updates Received: 0, Updates Sent: 0 Messages Received: 0, Messages Sent: 0 Time since last received update: n/a Number of transitions to ESTABLISHED: 2 Time since last in ESTABLISHED state: 34 seconds Retry Interval: 120 seconds


397

Hold Time: n/a, Keep Alive Time: n/a Configured Hold Time: 90 seconds, Configured Keep Alive Time: 30 seconds Minimum AS Origination Interval: 0 seconds Minimum Route Advertisement Interval: 0 secondsXorPlus#


398

Multicast Configuration

This chapter describes IGMP, PIM-SM, and IGMP Snooping configurations.


IGMP Configuration





In L2/L3, IGMPv2 Snooping and IGMPv2Snooping Querier are both supported.

IGMP snooping basic configuration

In the default setting, the switch disables IGMP snooping. You should globally enable IGMP per

VLAN.

XorPlus# set protocols igmp-snooping enable trueXorPlus# set protocols igmp-snooping vlan-id 1 enable trueXorPlus# set protocols igmp-snooping vlan-id 1 mrouter interface ge-1/1/3XorPlus# set protocols igmp-snooping vlan-id 1 querier other-querier-timer 1XorPlus# set protocols igmp-snooping vlan-id 1 static group 238.255.0.1interface ge-1/1/2XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# run show igmp-snooping vlan 1Vlan 1:----------------------------------------------IGMP snooping : EnabledIGMPv2 fast leave : DisabledIGMP querier state : DisabledIGMP querier source ip address : 0.0.0.0IGMP other querier timer : 1IGMP querier version : 2 XorPlus#

IGMP snooping querier

For multicast traffic in Layer2, enable an IGMP snooping querier in the VLAN.

XorPlus# set protocols igmp-snooping vlan-id 1 querier enable trueXorPlus# set protocols igmp-snooping vlan-id 1 querier address 10.10.1.1XorPlus# set protocols igmp-snooping vlan-id 1 querier version 2XorPlus# commitWaiting for merging configuration.Commit OK.


399

Save done.XorPlus#XorPlus# run show igmp-snooping querier Vlan IP Address IGMP Version-------- ------------------ ------------1 10.10.1.1 v2 XorPlus#

IGMP Configuration

In XorPlus, IGMPv1/v2/v3 is supported.

Configuring an IGMP interface

Enable the multicast interface before enabling the IGMP interface.

XorPlus# set vlans vlan-id 2 l3-interface vlan2XorPlus# set vlans vlan-id 3 l3-interface vlan3XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 3XorPlus# set vlan-interface interface vlan2 vif vlan2 address 10.10.60.10prefix-length 24XorPlus# set vlan-interface interface vlan3 vif vlan3 address 10.10.61.10prefix-length 24XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set multicast-interface interface vlan2 vif vlan2disable falseXorPlus# set multicast-interface interface vlan3 vif vlan2 disable falseXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set protocols igmp interface vlan2 vif vlan2XorPlus# set protocols igmp interface vlan3 vif vlan3XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# run show igmp interface Interface State Querier Timeout Version Groups ------------ -------- --------------- --------- --------- --------vlan2 UP 10.10.60.10 None 2 2 vlan3 UP 10.10.61.10 None 2 2 XorPlus#

Configuring IGMP parameters for the IGMP interface

XorPlus# set protocols igmp interface vlan2 vif vlan2query-interval 4XorPlus# set protocols igmp interface vlan2 vifvlan2query-last-member-interval 3


400

XorPlus# set protocols igmp interface vlan2 vif vlan2query-response-interval100XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring an IGMPv3 interface

You can configure IGMPv3 in a specified interface.

XorPlus# set protocols igmp interface vlan3 vif vlan3version 3XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# run show igmp interface Interface State Querier Timeout Version Groups ------------ -------- --------------- --------- --------- --------vlan2 UP 10.10.60.10 None 2 2 vlan3 UP 10.10.61.10 None 3 2

Joining and leaving a group; displaying group information

If you send an IGMPv2 report to VLAN 2, and an IGMPv3 report to VLAN 3, for example, you can

display the group information of the switch. You should not have to worry about 224.0.0.2,

224.0.0.22, etc., which are used for the system (e.g. OSPF, RIP).

XorPlus# run show igmp group Interface Group Source LastReported Timeout V State------------ --------------- --------------- ------------ ------- - -----vlan2 224.0.0.2 0.0.0.0 10.10.60.10 92 2 E vlan2 224.0.0.22 0.0.0.0 10.10.60.10 101 2 E vlan2 238.255.0.1 0.0.0.0 10.10.60.100 61 2 E vlan3 224.0.0.2 0.0.0.0 10.10.61.10 205 3 E vlan3 224.0.0.22 0.0.0.0 10.10.61.10 205 3 E vlan3 238.255.0.2 0.0.0.0 10.10.61.100 0 3 I vlan3 238.255.0.2 20.20.20.20 10.10.61.100 257 3 F

If you send a Ieaving message for the above group, the specified group will be removed.

XorPlus# run show igmp group Interface Group Source LastReported Timeout V State------------ --------------- --------------- ------------ ------- - -----vlan2 224.0.0.2 0.0.0.0 10.10.60.10 88 2 E vlan2 224.0.0.22 0.0.0.0 10.10.60.10 105 2 E vlan3 224.0.0.2 0.0.0.0 10.10.61.10 227 3 E vlan3 224.0.0.22 0.0.0.0 10.10.61.10 227 3 E XorPlus#


401


In L2/L3, PIM-SM is supported.

PIM-SM basic configuration

Before configuring a PIM-SM interface, you should enable a multicast interface.

You can then configure a candidate-RP and a candidate-BSR. For configuring the candidate-BSR,

"scope-zone" denotes the zone of the multicast group, which is included in the multicast domain.

XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set vlans vlan-id 3 l3-interface vlan-3XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 3XorPlus# set vlan-interface interface vlan-2vif vlan-2address 10.10.60.10prefix-length 24XorPlus# set vlan-interface interface vlan-3vif vlan-3 address 10.10.61.10prefix-length 24XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set multicast-interface interface vlan-2vif vlan-2 disable falseXorPlus# set multicast-interface interface vlan-3vif vlan-3 disable falseXorPlus# set multicast-interface interface register_vif disable falseXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set protocols igmp interface vlan-3XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set protocols pimsm4 interface vlan-2vif vlan-2 disable falseXorPlus# set protocols pimsm4 interface vlan-3vif vlan-3 disable falseXorPlus# set protocols pimsm4 interface register_vif disable falseXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set protocols pimsm4 bootstrap cand-bsr scope-zone 224.0.0.0/4cand-bsr-by-vif-name vlan-3XorPlus# set protocols pimsm4 bootstrap cand-rp group-prefix 237.0.0.0/8cand-rp-by-vif-name vlan-2XorPlus# set protocols pimsm4 bootstrap cand-rp group-prefix 231.0.0.0/8cand-rp-by-vif-name vlan-3XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#

Static RP configuration


402

You can also configure static RP instead of BSR or dynamic RP.

XorPlus# set protocols pimsm4 static-rps rp 10.10.60.10 group-prefix238.0.0.0/8 rp-priority 10XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#


In the following topology, Switch B is the C-BSR and C-RP. Host A is a receiver for multicast traffic,

and Host B is a multicast source that will send the multicast traffic.

You'll need to configure ge-1/1/2 as an IGMP interface in switch A for Host A.

In this example, the static route in the RIB will be used by PIM-SM.

Figure 8-1. PIM-SM multicast routing configuration.


For switch A, configure ge-1/1/2 as an IGMP interface, andge-1/1/1 as a PIM-SM interface.

XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set vlans vlan-id 3 l3-interface vlan-3XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 3XorPlus# set vlan-interface interface vlan-2vif vlan-2 address 10.10.1.1prefix-length 24XorPlus# set vlan-interface interface vlan-3vif vlan-3 address 10.10.3.1prefix-length 24XorPlus# commitWaiting for merging configuration.Commit OK.


403

Save done.XorPlus# set multicast-interface interface vlan-2vif vlan-2 disable falseXorPlus# set multicast-interface interface vlan-3vif vlan-3 disable falseXorPlus# set multicast-interface interface register_vif disable falseXorPlus# set protocols igmp interface vlan-3XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set protocols pimsm4 interface vlan-2vif vlan-2 disable falseXorPlus# set protocols pimsm4 interface vlan-3vif vlan-3 disable falseXorPlus# set protocols pimsm4 interface register_vif disable falseXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#set protocols static route 10.10.2.0/24 next-hop 10.10.1.2XorPlus#set protocols static route 10.10.4.0/24 next-hop 10.10.1.2XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# run show pim interface Interface State Mode V PIMstate Priority DRaddr Neighbors---------- -------- ------ - -------- -------- --------------- ---------vlan-2 UP Sparse 2 DR 1 10.10.1.1 0 vlan-3 UP Sparse 2 DR 1 10.10.3.1 0 register_vif UP Sparse 2 DR 1 10.10.1.1 0 XorPlus#XorPlus# run show igmp interface Interface State Querier Timeout Version Groups ------------ -------- --------------- --------- --------- --------vlan-2 DISABLED 10.10.1.1 None 2 0 vlan-3 UP 10.10.3.1 None 2 3


Configure 2 PIM-SM interfaces, ge-1/1/1 and ge-1/1/2. You will also need to configure a candidate

BSR and a candidate RP.

XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set vlans vlan-id 3 l3-interface vlan-3XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 3XorPlus# set vlan-interface interface vlan-2vif vlan-2 address 10.10.1.2prefix-length 24XorPlus# set vlan-interface interface vlan-3vif vlan-3 address 10.10.2.2prefix-length 24XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set multicast-interface interface vlan-2vif vlan-2 disable falseXorPlus# set multicast-interface interface vlan-3vif vlan-3 disable falseXorPlus# set multicast-interface interface register_vif disable falseXorPlus# commitWaiting for merging configuration.


404

Commit OK.Save done.XorPlus# set protocols pimsm4 interface vlan-2vif vlan-2 disable falseXorPlus# set protocols pimsm4 interface vlan-3vif vlan-3 disable falseXorPlus# set protocols pimsm4 interfaceregister_vif disable falseXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set protocols pimsm4 bootstrap cand-bsr scope-zone 224.0.0.0/4cand-bsr-by-vif-name vlan-3XorPlus# set protocols pimsm4 bootstrap cand-rp group-prefix 238.0.0.0/8cand-rp-by-vif-name vlan-2XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#set protocols static route 10.10.3.0/24 next-hop 10.10.1.1XorPlus#set protocols static route 10.10.4.0/24 next-hop 10.10.2.1XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# run show pim bootstrap Active zones:BSR Pri LocalAddress Pri State Timeout SZTimeout10.10.2.2 1 10.10.2.2 1 Elected 19 -1Expiring zones:BSR Pri LocalAddress Pri State Timeout SZTimeoutXorPlus#XorPlus# run show pim rps RP Type Pri Holdtime Timeout ActiveGroups GroupPrefix ------------- ------- — -------- ------- ------------ ---------------- 10.10.1.2 bootstrap 192 150 -1 0 238.0.0.0/8 XorPlus#


Configure 2 PIM-SM interfaces, ge-1/1/1 and ge-1/1/2.You will also need to configure a candidate

BSR and a candidate RP.

XorPlus# set vlans vlan-id 2 l3-interface vlan-2XorPlus# set vlans vlan-id 3 l3-interface vlan-3XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switchingnative-vlan-id 2XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switchingnative-vlan-id 3XorPlus# set vlan-interface interface vlan-2vif vlan-2 address 10.10.2.1prefix-length 24XorPlus# set vlan-interface interface vlan-3vif vlan-3 address 10.10.4.1prefix-length 24XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set multicast-interface interface vlan-2vif vlan-2 disable falseXorPlus# set multicast-interface interface vlan-3vif vlan-3 disable falseXorPlus# set multicast-interface interface register_vif disable falseXorPlus# commit


405

Waiting for merging configuration.Commit OK.Save done.XorPlus# set protocols pimsm4 interface vlan-2vif vlan-2 disable falseXorPlus# set protocols pimsm4 interface vlan-3vif vlan-3 disable falseXorPlus# set protocols pimsm4 interface register_vif disable falseXorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus# set protocols static route 10.10.1.0/24 next-hop 10.10.2.2XorPlus# set protocols static route 10.10.3.0/24 next-hop 10.10.2.2XorPlus# commitWaiting for merging configuration.Commit OK.Save done.XorPlus#XorPlus# run show pim interface Interface State Mode V PIMstate Priority DRaddr Neighbors---------- -------- ------ - -------- -------- --------------- ---------vlan-2 UP Sparse 2 DR 1 10.10.2.1 0 vlan-3 UP Sparse 2 DR 1 10.10.4.1 0 register_vif UP Sparse 2 DR 1 10.10.2.1 0 XorPlus#


run show multicast dataflow

run show multicast interface address

set multicast-interface interface bozo vif bozo disable true

set multicast-interface traceoptions flag all disable trueset open-flow allowed-versions

openflow-v1.0 disable true

set protocols igmp interface bozo vif bozo disable true

set protocols igmp interface bozo vif bozo enable-ip-router-alert-option-check true

set protocols igmp interface bozo vif bozo query-interval <int>

set protocols igmp interface bozo vif bozo query-last-member-interval <int>

set protocols igmp interface bozo vif bozo query-response-interval <int>

set protocols igmp interface bozo vif bozo robust-count <int>

set protocols igmp interface bozo vif bozo version <int>

set protocols igmp traceoptions flag all disable true

set protocols igmp traceoptions flag event disable true

set protocols igmp traceoptions flag leave disable true

set protocols igmp traceoptions flag query disable true

set protocols igmp traceoptions flag report disable true

set protocols igmp-snooping enable true

set protocols igmp-snooping last-member-query-count <int>

set protocols igmp-snooping last-member-query-interval <int>

set protocols igmp-snooping max-response-time <int>

set protocols igmp-snooping query-interval <int>

set protocols igmp-snooping report-suppression true

set protocols igmp-snooping robustness-variable <int>


406

set protocols igmp-snooping router-aging-time <int>

set protocols igmp-snooping traceoptions flag all disable true

set protocols igmp-snooping traceoptions flag config disable true

set protocols igmp-snooping traceoptions flag input disable true

set protocols igmp-snooping traceoptions flag output disable true

set protocols igmp-snooping traceoptions flag state-machine disable true

set protocols igmp-snooping vlan-id <int> enable true

set protocols igmp-snooping vlan-id <int> fast-leave true

set protocols igmp-snooping vlan-id <int> mrouter interface bozo

set protocols igmp-snooping vlan-id <int> querier address <ip-address>

set protocols igmp-snooping vlan-id <int> querier enable true

set protocols igmp-snooping vlan-id <int> querier other-querier-timer <int>

set protocols igmp-snooping vlan-id <int> querier version <int>

set protocols igmp-snooping vlan-id <int> static group <ip-address> interface bozoset protocols

ipfix collector <ip-address> udp-port <int>

set protocols pimsm4 bootstrap cand-bsr scope-zone <ip-address/netmask> cand-bsr-by-vif-addr

<ip-address>

set protocols pimsm4 bootstrap cand-bsr scope-zone <ip-address/netmask> cand-bsr-by-vif-name

bozo

set protocols pimsm4 bootstrap cand-bsr scope-zone <ip-address/netmask> hash-mask-len <int>

set protocols pimsm4 bootstrap cand-rp group-prefix <ip-address/netmask> cand-rp-by-vif-addr

<ip-address>

set protocols pimsm4 bootstrap cand-rp group-prefix <ip-address/netmask> cand-rp-by-vif-name

bozo

set protocols pimsm4 bootstrap cand-rp group-prefix <ip-address/netmask> is-scope-zone true

set protocols pimsm4 bootstrap cand-rp group-prefix <ip-address/netmask> rp-holdtime <int>

set protocols pimsm4 bootstrap cand-rp group-prefix <ip-address/netmask> rp-priority <int>

set protocols pimsm4 bootstrap disable true

set protocols pimsm4 disable true

set protocols pimsm4 interface bozo vif bozo alternative-subnet <ip-address/netmask>

set protocols pimsm4 interface bozo vif bozo disable true

set protocols pimsm4 interface bozo vif bozo dr-priority <int>

set protocols pimsm4 interface bozo vif bozo hello-period <int>

set protocols pimsm4 interface bozo vif bozo hello-triggered-delay <int>

set protocols pimsm4 static-rps rp <ip-address> group-prefix <ip-address/netmask> hash-mask-len

<int>

set protocols pimsm4 static-rps rp <ip-address> group-prefix <ip-address/netmask> rp-priority

<int>

set protocols pimsm4 switch-to-spt-threshold bytes <int>

set protocols pimsm4 switch-to-spt-threshold disable true

set protocols pimsm4 switch-to-spt-threshold interval <int>

set protocols pimsm4 traceoptions flag all disable true

set protocols pimsm4 traceoptions flag bsr disable true

set protocols pimsm4 traceoptions flag event disable true

set protocols pimsm4 traceoptions flag join-prune disable true


407

set protocols pimsm4 traceoptions flag mroute disable true

set protocols pimsm4 traceoptions flag neighbor disable true

set protocols pimsm4 traceoptions flag register disable true

set protocols pimsm4 traceoptions flag rp disable true

show multicast-interface


408

QoS Configuration

This chapter describes Layer2 and Layer3 QoS configurations.

Configuring SP

Configuring WFQ

Configuring WRR

QoS Command List

.QoS Configuration


QoS Principle




Configuring SP

In L2/L3, 802.1p, DSCP, and COS QoS are supported.

You should first create forwarding classes, which determine the queue number of the specified

traffic type.

Define your QoS classifiers (by specifying the associated forwarding class) and include the

trust-mode. Map the code-point in the forwarding class.

Finally, apply each classifier to its specified ports.

Configuring priority queuing

XorPlus# set class-of-service forwarding-class best-effort local-priority 3XorPlus# set class-of-service forwarding-class rt-traffic local-priority 0XorPlus# set class-of-service forwarding-class normal-traffic local-priority2XorPlus# commit Waiting for merging configuration.Commit OK.Save done.XorPlus#

Configuring classifiers with IEEE 802.1/DSCP/ToS

XorPlus# set class-of-service classifier c1 trust-mode ieee-802.1XorPlus# set class-of-service classifier c1 forwarding-class best-effortcode-point 3XorPlus# set class-of-service classifier c2 trust-mode dscpXorPlus# set class-of-service classifier c2 forwarding-class rt-trafficcode-point 10


409

XorPlus# commit Waiting for merging configuration.Commit OK.Save done.

Applying classifiers to specified ports

XorPlus# set class-of-service interface ge-1/1/1 classifier c1XorPlus# set class-of-service interface ge-1/1/2 classifier c2XorPlus# commit Waiting for merging configuration.Commit OK.Save done.

Configuring WFQ

Configuring scheduler

XorPlus# set class-of-service scheduler s1 mode WFQXorPlus# set class-of-service scheduler s2 mode WFQXorPlus# set class-of-service scheduler s1 weight 1XorPlus# set class-of-service scheduler s2 weight 2XorPlus# commit


XorPlus# set class-of-service forwarding-class f1 local-priority 1XorPlus# set class-of-service forwarding-class f2 local-priority 2XorPlus# commit


XorPlus# set class-of-service classifier c1 trust-mode ieee-802.1XorPlus# set class-of-service classifier c1 forwarding-class f1 scheduler s1XorPlus# set class-of-service classifier c1 forwarding-class f1 code-point 1XorPlus# set class-of-service classifier c2 trust-mode ieee-802.1XorPlus# set class-of-service classifier c2 forwarding-class f2 scheduler s2XorPlus# set class-of-service classifier c2 forwarding-class f2 code-point 3XorPlus# set class-of-service classifier c3 trust-mode ieee-802.1XorPlus# set class-of-service classifier c3 forwarding-class f1 scheduler s1XorPlus# set class-of-service classifier c3 forwarding-class f2 scheduler s2XorPlus# commit


XorPlus# set class-of-service interface ge-1/1/1 classifier c1XorPlus# set class-of-service interface ge-1/1/2 classifier c2


410

XorPlus# set class-of-service interface ge-1/1/3 classifier c3XorPlus# commitXorPlus# set interface gigabit-ethernet ge-1/1/3 static-ethernet-switchingmac-address 22:00:00:00:00:00 vlan 1XorPlus# commit

Configuring WRR

Configuring scheduler

XorPlus# set class-of-service scheduler s1 mode WRRXorPlus# set class-of-service scheduler s2 mode WRRXorPlus# set class-of-service scheduler s1 weight 1XorPlus# set class-of-service scheduler s2 weight 2XorPlus# commit


XorPlus# set class-of-service forwarding-class f1 local-priority 1XorPlus# set class-of-service forwarding-class f2 local-priority 2XorPlus# commit


XorPlus# set class-of-service classifier c1 trust-mode ieee-802.1XorPlus# set class-of-service classifier c1 forwarding-class f1 scheduler s1XorPlus# set class-of-service classifier c1 forwarding-class f1 code-point 1XorPlus# set class-of-service classifier c2 trust-mode ieee-802.1XorPlus# set class-of-service classifier c2 forwarding-class f2 scheduler s2XorPlus# set class-of-service classifier c2 forwarding-class f2 code-point 3XorPlus# set class-of-service classifier c3 trust-mode ieee-802.1XorPlus# set class-of-service classifier c3 forwarding-class f1 scheduler s1XorPlus# set class-of-service classifier c3 forwarding-class f2 scheduler s2XorPlus# commit


XorPlus# set class-of-service interface ge-1/1/1 classifier c1XorPlus# set class-of-service interface ge-1/1/2 classifier c2XorPlus# set class-of-service interface ge-1/1/3 classifier c3XorPlus# commitXorPlus# set interface gigabit-ethernet ge-1/1/3 static-ethernet-switchingmac-address 22:00:00:00:00:00 vlan 1XorPlus# commit


411

QoS Command List

set class-of-service classifier bozo forwarding-class bozo code-point <int>

set class-of-service classifier bozo forwarding-class bozo scheduler bozo

set class-of-service classifier bozo trust-mode dscp

set class-of-service classifier bozo trust-mode ieee-802.1

set class-of-service classifier bozo trust-mode inet-precedence

set class-of-service forwarding-class bozo local-priority <int>

set class-of-service interface bozo classifier bozo

set class-of-service scheduler bozo guaranteed-rate 8

set class-of-service scheduler bozo mode SP

set class-of-service scheduler bozo mode WFQ

set class-of-service scheduler bozo mode WRR

set class-of-service scheduler bozo weight <int>

set class-of-service traceoptions flag all disable trueset firewall filter bozo description bozo

.QoS Configuration

In L2/L3, 802.1p, DSCP, and COS, QoS are supported. The QoS Strategy only effective when

congestion.


Configuring a scheduler

A scheduler should be configured firstly when you configure QoS,which determine the QoS

working mode and weight,the working mode can be SP,WRR or WFQ, and the weight is 1 to 15.

SP is strict priority queue,when two PCs send 100% traffic to a same PC,all packets from lower

priority PC will be discarded.The default working mode is SP.

WRR is weighted round robin queue,under this mode,you can configure weight,if PCA and PCB

send 100% traffic to a same PCC,the PCC will receive packets from PCA and PCB according to

the weight proportion in the corresponding queue.

WFQ is a weighted fair queuing.Under this mode,user can configure guaranteed-rate and

weight,and the guaranteed is only available in WFQ mode.If PCA and PCB send 100% traffic to a

same PCC,the PCC will receive packets from PCA and PCB according to the weight proportion

and the guaranteed-rate in the corresponding queue.

XorPlus# set class-of-service scheduler s1 mode WRRXorPlus# set class-of-service scheduler s1 weight 3XorPlus# commitMerging the configuration.Commit OK.Save done.


412

XorPlus# set class-of-service scheduler s1 mode WFQXorPlus# set class-of-service scheduler s1 weight 4XorPlus# set class-of-service scheduler s1 guaranteed-rate 8XorPlus# commitMerging the configuration.Commit OK.Save done.

Configuring a forwarding class

A forwarding class should be configured after scheduler when you configure QoS,which determine

the queue number of the specified traffic type.The effect local-priority is 0 to 7.

XorPlus# set class-of-service forwarding-class f1 local-priority 3XorPlus# commitMerging the configuration.Commit OK.Save done.

Configuring a classifier with IEEE 802.1/DSCP/ToS

A classifier should be configured firstly,which is used to specify associated forwarding class.User

can select different classifier trust mode,such as IEEE 802.1,DSCP or ToS,according to the need.It

decides priority trust model.Configure trust mode IEEE 802.1 as follows:

XorPlus# set class-of-service classifier c1 trust-mode ieee-802.1XorPlus# commitMerging the configuration.Commit OK.Save done.

Configuring classifier relevant to forwarding class

After configure a classifier trust mode,you can configure the classifier relevant to specify forwarding

class.and code point and scheduler should be configured at the same time.The code-point is

match with the forwarding class local-priority,it means that when the flow match specified code

point,the flow will enter specified queue.When the classifier trust mode is IEEE 802.1 or ToS,the

code point is 0 to 7;when the classifier trust mode is dscp,the code point is 0 to 63.How to

configure scheduler refers to configure scheduler above.

XorPlus# set class-of-service classifier c1 forwarding-class f1 code-point 5XorPlus# set class-of-service classifier c1 forwarding-class f1 scheduler s1XorPlus# commit


413

Merging the configuration.Commit OK.Save done.

Configure classifier to specified port

After configure as above,the classifier should be applied to specified ports.It determinds the port

priority trust model,data stream and queue matching rules,the scheduling model,weight and

guaranteed-rate.When the classifier configures scheduler,the classifier should be used in egress

port;and when the classifier configures code point,the classifier should be used in ingress port.

XorPlus# set class-of-service interface ge-1/1/1 classifier c1XorPlus# commitWaiting for merging configuration.Commit OK.Save done.

QoS Principle

SP queue principle

When the scheduler mode is SP,the egress port has eight queues,they are the queue

7,6,5,4,3,2,1,0.And the queue 7 is highest priority,queue 0 is lowest priority.That is,the priority

decrease successively.

Its advantage is that can give priority to transmissions of key business group.Howerer,this

scheduler mode also exists disadvantages. During congestion conditions, if higher priority queue

has groups for a long time,the low priority queues won't get service all the time.

WRR principle

The full name of WRR is Weighted Round Robin. In order to ensure that every queue has certain

servicing time, WRR use robin scheduling algorithm between the queues. When the scheduler

mode is WRR, every queue can have a weighted value, that is also known as scheduling weight.

Scheduling weight means that when the engress port schedules the queue messages how much it

uses the proportion of scheduling resources. Scheduling unit is Kbps.The example of WRR

scheduling algorithm as follows:

On the 1000Mbps engress port,the scheduling weights of eight queues are 5, 4, 3, 3, 2, 1, 1,1,this

can ensure the lowest priority queue can get bandwidth at least, calculation method is as follows:

1/(5+4+3+3+2+1+1+1)*1000Mbps=50Mbps.

This can avoid that the packets in low priority queue can not get service for a long time.

Its advantage is as follows:Althought the queue scheduling uses robin scheduling,every queue do

not distribute fixed service time—if a queue is empty,the next queue should be scheduled

immediately.In this way, it makes full use of bandwidth resources.

When you use WRR scheduling mode, you can define your own weighted value for each queue.

WFQ principle


414

The full name of WFQ is Weighted Fair Queueing,it is similar to WRR.The only different between

WFQ and WRR is that the scheduling mode WFQ supports minimum bandwidth guarantee,this

scheduling scheme is more flexible.

By configuring minimum guarantee bandwidth,it assures every queue working in WFQ mode has

minimum bandwidth guarantee.In addition,the distributable bandwidth allocates according to the

weight proportion in the corresponding queue.The distributable bandwidth calculates method is as

follows:

distributable bandwidth = total bandwidth - minimum bandwidth.

The example of WFQ scheduling algorithm as follows:

Assuming that the total bandwidth of the engress port is 100M,there are 3 flows in the queue of this

port.Their scheduling weighted value are 1,2,4;the minimum bandwidth guarantee of these 3 flows

are 10000Kbps,10000Kbps,20000Kbps. The proportions of each flow are 10%,10%,20%.

distributable bandwidth = 100M-(10M+10M+20M)=60M.The proportion of distributable bandwidth is

60%

total distributable bandwidth = the sum of each flow weighted value.In this example,the total

distributable bandwidth is 7(that is 1+2+4).

The formula to calculate the proportion of distributable bandwidth which is occupied by each flow

as follows:

the proportion of distributable bandwidth = (the own weight of flow + 1)/( distributable

bandwidth).The proportions of the distributable bandwidth for each flow are 1/7, 2/7, 4/7.

The bandwidth ratio of the flows is (10%+60%*(1/7)) : (10%+60%*(2/7)) : (20%+60%*(4/7)),that is

13:19:38.


As shown in Fig 1,ge-1/1/1 and ge-1/1/2 are ingress port,ge-1/1/3 is engress port.Use default

scheduling model, priority trust model is IEEE 802.1.


415

Fig 1. Configure SP

Configure two forwarding-classes

Configure forwarding-class f1 and f2,and their local-priority.

XorPlus# set class-of-service forwarding-class f1 local-priority 3XorPlus# set class-of-service forwarding-class f2 local-priority 6XorPlus# commit Waiting for merging configuration.Commit OK.Save done.

Configuring classifier

Configure classifier c1 and c2,and its trust mode.And configure classifier relevant to forwarding

class and code point.

XorPlus# set class-of-service classifier c1 trust-mode ieee-802.1XorPlus# set class-of-service classifier c1 forwarding-class f1 code-point 5XorPlus# set class-of-service classifier c2 trust-mode ieee-802.1XorPlus# set class-of-service classifier c2 forwarding-class f2 code-point 7XorPlus# commit Waiting for merging configuration.Commit OK.Save done.


416

Apply classifiers to specified ports

Configure classifier c1 apply to port ge-1/1/1,classifier c2 apply to port ge-1/1/2.

XorPlus# set class-of-service interface ge-1/1/1 classifier c1XorPlus# set class-of-service interface ge-1/1/2 classifier c2XorPlus# commit Waiting for merging configuration.Commit OK.Save done.

Generate traffic

PC1 and PC2 gemerate traffic which are match with the corresponding classifier. Port PC1 and

PC2 send 100% traffic to PC3 at the same time.

The expected result is that PC3 only can receive packets from PC2.


As shown in Fig 2,ge-1/1/1 and ge-1/1/2 are ingress port,ge-1/1/3 is engress port.Use WRR

scheduling model, priority trust model is IEEE 802.1.


417

Fig 2. Configure WRR

Configure scheduler

Configure two scheduler s1 and s2,and their mode are WRR.And configure that scheduler s1

weight is 1,scheduler s2 weight is 3.

XorPlus# set class-of-service scheduler s1 mode WRRXorPlus# set class-of-service scheduler s2 mode WRRXorPlus# set class-of-service scheduler s1 weight 1XorPlus# set class-of-service scheduler s2 weight 3XorPlus# commitWaiting for merging configuration.Commit OK.Save done.





Configure classifier c1,c2 and c3,and its trust mode.And configure classifier relevant to forwarding

class.and c3 is used to engress port ge-1/1/3,it should contains scheduler not contains code

point;c1 and c2 are used to ingress port,they should contains code point not contains scheduler.

XorPlus# set class-of-service classifier c1 trust-mode ieee-802.1XorPlus# set class-of-service classifier c1 forwarding-class f1 code-point 5XorPlus# set class-of-service classifier c2 trust-mode ieee-802.1XorPlus# set class-of-service classifier c2 forwarding-class f2 code-point 7XorPlus# set class-of-service classifier c3 trust-mode ieee-802.1XorPlus# set class-of-service classifier c3 forwarding-class f1 scheduler s1XorPlus# set class-of-service classifier c3 forwarding-class f2 scheduler s2XorPlus# commit Waiting for merging configuration.Commit OK.Save done.


418


Configure classifier c1 apply to port ge-1/1/1,classifier c2 apply to port ge-1/1/2 and classifier c3

apply to port ge-1/1/3.

XorPlus# set class-of-service interface ge-1/1/1 classifier c1XorPlus# set class-of-service interface ge-1/1/2 classifier c2XorPlus# set class-of-service interface ge-1/1/3 classifier c3XorPlus# commit Waiting for merging configuration.Commit OK.Save done.

Generate traffic

PC1 and PC2 gemerate traffic which are match with the corresponding classifier. PC1 and PC2

send 100% traffic to PC3 at the same time.

The expected result is that PC3 can receive packets from PC1 and PC2,and their rate is 1:3,that is

the weight proportion in the corresponding queue.


As shown in Fig 3,ge-1/1/1 and ge-1/1/2 are ingress port,ge-1/1/3 is egress port.Use WFQ

scheduling model, priority trust model is IEEE 802.1.The bandwidth is 100Mbps.


419

Fig 3. Configure WFQ

Configure scheduler

Configure two scheduler s1 and s2,guaranteed-rate and their mode are WFQ.And configure that

scheduler s1 weight is 1,scheduler s2 weight is 3,the guaranteed-rate of scheduler s1 is 10000 and

the guaranteed-rate of scheduler s2 is 30000.

XorPlus# set class-of-service scheduler s1 mode WFQXorPlus# set class-of-service scheduler s2 mode WFQXorPlus# set class-of-service scheduler s1 weight 1XorPlus# set class-of-service scheduler s1 guaranteed-rate 10000XorPlus# set class-of-service scheduler s2 weight 3XorPlus# set class-of-service scheduler s2 guaranteed-rate 30000XorPlus# commitWaiting for merging configuration.Commit OK.Save done.




420



Configure classifier c1,c2 and c3,and its trust mode.And configure classifier relevant to forwarding

class.and c3 is used to egress port ge-1/1/3,it should contains scheduler not contains code

point;c1 and c2 are used to ingress port,they should contains code point not contains scheduler.

XorPlus# set class-of-service classifier c1 trust-mode ieee-802.1XorPlus# set class-of-service classifier c1 forwarding-class f1 code-point 5XorPlus# set class-of-service classifier c2 trust-mode ieee-802.1XorPlus# set class-of-service classifier c2 forwarding-class f2 code-point 7XorPlus# set class-of-service classifier c3 trust-mode ieee-802.1XorPlus# set class-of-service classifier c3 forwarding-class f1 scheduler s1XorPlus# set class-of-service classifier c3 forwarding-class f2 scheduler s2XorPlus# commit Waiting for merging configuration.Commit OK.Save done.


Configure classifier c1 apply to port ge-1/1/1,classifier c2 apply to port ge-1/1/2 and classifier c3

apply to port ge-1/1/3.

XorPlus# set class-of-service interface ge-1/1/1 classifier c1XorPlus# set class-of-service interface ge-1/1/2 classifier c2XorPlus# set class-of-service interface ge-1/1/3 classifier c3XorPlus# commit Waiting for merging configuration.Commit OK.Save done.

Generate traffic

PC1 and PC2 gemerate traffic which are match with the corresponding classifier. PC1 and PC2

send 100% traffic to PC3 at the same time.

The expected result is that PC3 can receive packets from PC1 and PC2,and their rate is about

1:3,that is the weight proportion and the guaranteed-rate in the corresponding queue.


421

1.

2.

3.

WRED Configuration

The traditional packet loss strategy is tail-drop, which strategy can cause TCP’s global

synchronization problem.In order to avoiding TCP’s global synchronization problem,users can use

WRED(Weighted Random Early Detection) and WRED should be configure on egress port.When

one TCP connection messages are discarded or start to slow sending,other TCP connections still

have high sending rate.This strategy can improve bandwidth utilization.

WRED Configuration Guide

User can enable or disable WRED as follows:

admin@XorPlus# set interface gigabit-ethernet ge-1/1/1 wred queue 3 enable true

admin@XorPlus# commit

Commit OK.

Save done.

admin@XorPlus# set interface gigabit-ethernet ge-1/1/1 wred queue 3 enable false


Commit OK.

Save done.

In the WRED algorithm, configure upper and lower limits for each queue, which is applied to deal

with the message in the queues as follows:

When the queue length is less than the lower limit, the messages can not be discard;

When the queue length is more than the upper limit, all messages will be discard;

When the queue length is between upper and lower limits, the messages will be discarded

randomly.The longer the queue, the higher discarding probability, but there is a maximum

discarding probability.

Configure upper limits:

admin@XorPlus# set interface gigabit-ethernet ge-1/1/1 wred queue 3 max_thresh 400


Commit OK.

Save done.

Configure lowers limits:

admin@XorPlus# set interface gigabit-ethernet ge-1/1/1 wred queue 3 min_thresh 200


Commit OK.


422

Save done.

User can configure discarding probability,which is discarding probability when the queue length is

between upper and lower limits.The configure as follows:

admin@XorPlus# set interface gigabit-ethernet ge-1/1/1 wred queue 3 drop_probability 50


Commit OK.

Save done.

The drop_probability 50 above shows that the discarding probability is 50%.

User can configure ecn_thresh,which value is 1 or 0,1 stands for enable ecn_thresh,0 stands for

disable ecn_thresh. Configure ecn_thresh as follows:

admin@XorPlus# set interface gigabit-ethernet ge-1/1/1 wred queue 7 ecn_thresh 1


Commit OK.

Save done.

WRED Principle

When users enable WRED,the packets discard on egress port,when users disable WRED,the

packets discard on ingress port.

When enable ecn_thresh, if users sending packets with the last two bits of tos is 01 or 10,and

when the packets out from output interface,the field of low cost and reserved will be changed to 1.

When disable ecn_thresh,the last two bits of tos can not be changed.

WRED Configuration Example

As shown in Fig 1,ge-1/1/1 and ge-1/1/2 are ingress port,ge-1/1/3 is egress port.User configures

WRED on egress port ge-1/1/3.


423

Fig 1. Configure WRED

Configure enable WRED

admin@XorPlus# set interface gigabit-ethernet ge-1/1/3 wred queue 3 enabletrueadmin@XorPlus# commitCommit OK.Save done.

Configuring upper limits and lower limits

admin@XorPlus# set interface gigabit-ethernet ge-1/1/3 wred queue 3max_thresh 400admin@XorPlus# set interface gigabit-ethernet ge-1/1/3 wred queue 3min_thresh 200admin@XorPlus# commitCommit OK.Save done.

Configuring discarding probability

admin@XorPlus# set interface gigabit-ethernet ge-1/1/1 wred queue 3drop_probability 50admin@XorPlus# commitCommit OK.Save done.

Configuring enable ecn_thresh


424

admin@XorPlus# set interface gigabit-ethernet ge-1/1/3 wred queue 7ecn_thresh 1admin@XorPlus# commitCommit OK.Save done.

Note:The WRED usually combines with QoS.


425

Installing New Software on PicOS

PicOS is using a standard and non modified Debian Linux distribution. This means that is is very

easy to install new package or software on top of the existing PicOS packages using the standard

.Debian packages systems

Here are some examples of installation.




Updating the software list on the source server

admin@XorPlus$sudo apt-get updateHit http://ftp.tw.debian.org stable Release.gpgHit http://ftp.tw.debian.org stable ReleaseHit http://ftp.tw.debian.org stable/main powerpc PackagesHit http://ftp.tw.debian.org stable/main Translation-enReading package lists... Doneadmin@XorPlus$

Installing new software

admin@XorPlus$sudo apt-get install makeReading package lists... DoneBuilding dependency tree Reading state information... DoneSuggested packages:make-docThe following NEW packages will be installed:make0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.Need to get 399 kB of archives.After this operation, 1165 kB of additional disk space will be used.WARNING: The following packages cannot be authenticated!makeAuthentication warning overridden.Get:1 http://ftp.tw.debian.org/debian/ stable/main make powerpc 3.81-8.2 [399kB]Fetched 399 kB in 6s (64.1 kB/s) Selecting previously unselected package make.(Reading database ... 16155 files and directories currently installed.)Unpacking make (from .../make_3.81-8.2_powerpc.deb) ...Processing triggers for man-db ...fopen: Permission deniedSetting up make (3.81-8.2) ...admin@XorPlus$ admin@XorPlus$sudo apt-get install pythonReading package lists... DoneBuilding dependency tree Reading state information... DoneThe following extra packages will be installed:

https://wiki.debian.org/DebianPackageManagement


426

file libexpat1 libmagic1 mime-support python-minimal python2.7python2.7-minimalSuggested packages:python-doc python-tk python2.7-doc binutils binfmt-supportThe following NEW packages will be installed:file libexpat1 libmagic1 mime-support python python-minimal python2.7python2.7-minimal0 upgraded, 8 newly installed, 0 to remove and 0 not upgraded.Need to get 5045 kB of archives.After this operation, 18.3 MB of additional disk space will be used.Do you want to continue [Y/n]? YWARNING: The following packages cannot be authenticated!libmagic1 libexpat1 file mime-support python2.7-minimal python2.7python-minimal pythonAuthentication warning overridden.Get:1 http://ftp.tw.debian.org/debian/ stable/main libmagic1 powerpc 5.11-2[201 kB]Get:2 http://ftp.tw.debian.org/debian/ stable/main libexpat1 powerpc 2.1.0-1[142 kB]Get:3 http://ftp.tw.debian.org/debian/ stable/main file powerpc 5.11-2 [51.7kB]Get:4 http://ftp.tw.debian.org/debian/ stable/main mime-support all 3.52-1[35.5 kB]Get:5 http://ftp.tw.debian.org/debian/ stable/main python2.7-minimal powerpc2.7.3-6 [1753 kB]Get:6 http://ftp.tw.debian.org/debian/ stable/main python2.7 powerpc 2.7.3-6[2639 kB] Get:7 http://ftp.tw.debian.org/debian/ stable/main python-minimal all 2.7.3-4[42.6 kB] Get:8 http://ftp.tw.debian.org/debian/ stable/main python all 2.7.3-4 [180kB] Fetched 5045 kB in 18s (267 kB/s) Selecting previously unselected package libmagic1:powerpc.(Reading database ... 16189 files and directories currently installed.)Unpacking libmagic1:powerpc (from .../libmagic1_5.11-2_powerpc.deb) ...Selecting previously unselected package libexpat1:powerpc.Unpacking libexpat1:powerpc (from .../libexpat1_2.1.0-1_powerpc.deb) ...Selecting previously unselected package file.Unpacking file (from .../file_5.11-2_powerpc.deb) ...Selecting previously unselected package mime-support.Unpacking mime-support (from .../mime-support_3.52-1_all.deb) ...Selecting previously unselected package python2.7-minimal.Unpacking python2.7-minimal (from .../python2.7-minimal_2.7.3-6_powerpc.deb)...Selecting previously unselected package python2.7.Unpacking python2.7 (from .../python2.7_2.7.3-6_powerpc.deb) ...Selecting previously unselected package python-minimal.Unpacking python-minimal (from .../python-minimal_2.7.3-4_all.deb) ...Selecting previously unselected package python.Unpacking python (from .../python_2.7.3-4_all.deb) ...Processing triggers for man-db ...fopen: Permission deniedSetting up libmagic1:powerpc (5.11-2) ...Setting up libexpat1:powerpc (2.1.0-1) ...Setting up file (5.11-2) ...Setting up mime-support (3.52-1) ...Setting up python2.7-minimal (2.7.3-6) ...Linking and byte-compiling packages for runtime python2.7...Setting up python2.7 (2.7.3-6) ...Setting up python-minimal (2.7.3-4) ...Setting up python (2.7.3-4) ...admin@XorPlus$ admin@XorPlus$sudo apt-get install g++


427

Reading package lists... DoneBuilding dependency tree Reading state information... DoneThe following extra packages will be installed:g+-4.6 libstdc+6-4.6-devSuggested packages:g+-multilib g-4.6-multilib gcc-4.6-doc libstdc6-4.6-dbg libstdc+6-4.6-docThe following NEW packages will be installed:g++ g+-4.6 libstdc+6-4.6-dev0 upgraded, 3 newly installed, 0 to remove and 17 not upgraded.Need to get 0 B/8383 kB of archives.After this operation, 24.4 MB of additional disk space will be used.Do you want to continue [Y/n]? YWARNING: The following packages cannot be authenticated!libstdc+6-4.6-dev g-4.6 g+Authentication warning overridden.Selecting previously unselected package libstdc++6-4.6-dev.(Reading database ... 19555 files and directories currently installed.)Unpacking libstdc+6-4.6-dev (from .../libstdc+6-4.6-dev_4.6.3-14_powerpc.deb)...Selecting previously unselected package g++-4.6.Unpacking g+-4.6 (from .../g+-4.6_4.6.3-14_powerpc.deb) ...Selecting previously unselected package g++.Unpacking g++ (from .../g++_4%3a4.6.3-8_powerpc.deb) ...Processing triggers for man-db ...Setting up libstdc++6-4.6-dev (4.6.3-14) ...Setting up g++-4.6 (4.6.3-14) ...Setting up g++ (4:4.6.3-8) ...update-alternatives: using /usr/bin/g++ to provide /usr/bin/c++ (c++) in automodeadmin@XorPlus$


Step 1 - Use the correct repository for the specific application and CPU on the switch. Pica8

support can help in the choice of repository.

admin@Roma$sudo more /etc/apt/sources.list | grep -v "#"deb http://ftp.debian-ports.org/debian/ unstable main

For a typical puppet installation we advice to use the latest standard debian repo.

Step 2 - Update the debian packages on PicOS

admin@XorPlus$sudo apt-get updateHit http://ftp.tw.debian.org stable Release.gpgHit http://ftp.tw.debian.org stable ReleaseHit http://ftp.tw.debian.org stable/main powerpc PackagesHit http://ftp.tw.debian.org stable/main Translation-enReading package lists... Doneadmin@XorPlus$

Step 3 - Install puppet client and configure it

sudo apt-get install puppet


428

Look at the to understand how to connect the puppet client to a puppetpuppet documentation

server. A simple installation would need to at least do some modification on the puppet.conf file.

more /etc/puppet/puppet.conf[agent]server = master.local.pica8.com

Step 4 - Verify Puppet installation

admin@Roma$sudo puppet agent -tNotice: Using less secure serialization of reports and query parameters forcompatibilityNotice: with older puppet master. To remove this notice, please upgrade yourmaster(s) Notice: to Puppet 3.3 or newer.Notice: See http://links.puppetlabs.com/deprecate_yaml_on_network for moreinformation.Info: Retrieving pluginfactsInfo: Retrieving pluginInfo: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rbInfo: Loading facts in /var/lib/puppet/lib/facter/root_home.rbInfo: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rbInfo: Loading facts in /var/lib/puppet/lib/facter/pe_version.rbInfo: Loading facts in /var/lib/puppet/lib/facter/instance_id.rbInfo: Caching catalog for RomaInfo: Applying configuration version '1405148228'Notice: Finished catalog run in 0.35 seconds

http://docs.puppetlabs.com/guides/setting_up.html


429

Zero Touch Provisioning

ZTP (Zero touch provisioning) is a functionality to help deploy a switch without manual intervention.



ZTP API description


There are multiple ways to activate or Deactivate ZTP. ZTP is always enable by default on a

switch. If ZTP is not disabled, it will try to download a new script every time the device is rebooted

which is usually not acceptable.

The first Way to disable ZTP is via the ZTP script itself using the .ZTP API description

To disable ZTP via the Linux shell, you can either use the

admin@Lima$sudo /usr/sbin/ztp-config Please configure the default PicOS ZTP options: (Press other key if no change) [1] PicOS ZTP enabled [2] PicOS ZTP disabled * defaultEnter your choice (1,2):1PicOS ZTP is enabled.admin@Lima$

Or modify the PicOS configuration file.

admin@Lima$more /etc/picos/picos_start.conf | grep ztpztp_disable=false

The "ztp_disable" option should be to "false" to enable ZTP or "true" to disable ZTP.


ZTP (Zero touch provisioning) is the process of configuring a Switch without human intervention.

As simple as Rack, Connect and Power-on.

ZTP Process: switch connected TFTP server


430

1.

2.

3.

4.

5.

6.

7.

8.

When the switch boots up, a DHCP client will be started by debian service, then ZTP will gets three

options: tftp-server-name, boot-file-name and log-servers. If the log-servers option is set, ZTP will

send the log of ZTP to the server and local syslog at the same time. Then it starts a TFTP client to

get a upgrade script with name defined in boot-file-name from TFTP server. This upgrade script is

used to define all upgrade procedures. The provision script is an shell script, ZTP will automatically

run this script after download it from TFTP server.

A typical pica8 provision target may include the following several tasks:

back up L2/L3 configuration file, OVS configuration database, and boot list file

back up user data files and application configuration files

download PicOS image from TFTP server

upgrade PicOS image

reboot into new image

update PicOSonfiguration files

start PicOS application (XorPlus or OVS)

PicOS application configuration

Upgrade process flow chart


431

dhcp server setup:

ZTP depends on DHCP server to provide switch with TFTP server IP address, shell script file

name and log-server.

host pica8-pxxxx {hardware ethernet 08:9e:01:62:d5:62;option bootfile-name "pica8/provision.script";option tftp-server-name "xx.xx.xx.xx";option log-servers xx.xx.xx.xx;fixed-address xx.xx.xx.xx;}

Here "host" is the name of switch device, "hardware ethernet" is the MAC address of the device,

option "bootfile-name" is the TFTP server IP address, option "log-servers" is the log server that

ZTP will send log to, and option "bootfile-name" is the file name and path of provisioning script

relative to the TFTP root directory on TFTP server. The switches are configured to send a

vendor-class-identifier to DHCP server in the format of "Pica8-pxxxx" where "xxxx" is the switch

model number. So it is also possible for customer to use this vendor class id to identify Pica8

switches.

The premise of executing ZTP

Before using ZTP, the switch must be two partitions (active partition and back up partition).The

whole disk image needs to migrate to different format. In the meantime, Pica8 has added some

features to help users to automatically provision the image and recover from a failed upgrade.

Provision script

A provision script describes what Pica8 software upgrade and configuration is required and how it

is executed. It also defines customer specific upgrade process.

There is a shell script that provide some functions for ZTP, named with ztp-functions.sh, located in

the directory of "/usr/local/bin".

This following are the variables that can be used in provision scripts:

1) version: PicOS version number on switch.

2) revision: PicOS revision number on switch


432

3) sn: switch serial number

4) eth0_mac: the MAC address of eth0

5) switch_mac: the MAC address of switch

Appendix:

Sample Provision Script

#!/bin/bashsource /usr/local/bin/ztp-functions.shif [ "$revision" != "xxxxxx" ]; thentftp_get_picos_image pica8/picos-xxxxxx-P3295.tar.gzif [ $? -ne 0 ]; thenexit 1firebootelse#start l2/l3 modepicos_l2l3_startif [ $? -ne 0 ]; thenexit 1fi#load xorp configurationl2l3_load_config pica8/xorp_cfg.cliif [ $? -ne 0 ]; thenexit 1fi#stop l2/l3 modepicos_l2l3_stopif [ $? -ne 0 ]; thenexit 1fi#start ovs modepicos_ovs_start 192.168.2.50/24 192.168.2.1if [ $? -ne 0 ]; thenexit 1fi#load ovs configurationovs_load_config 192.168.2.50/24 192.168.2.1 pica8/ovs_cfg.cliif [ $? -ne 0 ]; thenexit 1fi#stop ovs modepicos_ovs_stop if [ $? -ne 0 ]; thenexit 1fifi

Example of xorp_cfg.cli:

show version;configure;run show vlans;set vlans vlan-id 20;commit;set vlansvlan-id 30;commit

Example of ovs_cfg.cli:

ovs-vsctl add-br br0 - set bridge br0 datapath_type=pica8ovs-vsctl set Bridge br0 stp_enable=true


433

ovs-vsctl add-port br0 ge-1/1/1 - set interface ge-1/1/1 type=pica8ovs-vsctl add-port br0 ge-1/1/2 - set interface ge-1/1/2 type=pica8ovs-ofctl add-flow br0 in_port=1,actions=output:2ovs-ofctl add-flow br0 in_port=2,actions=output:1

Pica8 ZTP API:

API interface for auto-provision scripts in : /usr/local/bin/ztp-functions.sh

This following are the functions that can be used in provision scripts:

1) ztp_disable

meaning: disable ZTP auto-run when switch boot up

parameter: No

return value: 0 when succeed, 1 when failed

2) ztp_enable

meaning: enable ZTP auto-run when switch boot up

parameter: No


3) add_remote_syslog_server <ip-address>

meaning: add remote syslog server

parameter : the IP address of remote syslog server


4) remove_remote_syslog_server

meaning: remove remote syslog server

parameter : No


5) picos_config <Number> <ip-address> <gateway-ip>

meaning: set the configuration for PicOS service

parameter 1: the server selected, 1 for PicOS L2/L3, 2 for OVS, 3 for none service

parameter 2: a static IP and netmask for the switch (e.g. 128.0.0.10/24) when parameter 1 is set to

2

parameter 3: the gateway IP (e.g. 172.168.1.2) when parameter 1 is set to 2


6) picos_start_stop <action>

meaning: the action of PicOS service

parameter 1: start: start the PicOS service

stop: stop the PicOS service

restart: restart the PicOS service

status: get the status of PicOS service


7) picos_l2l3_start

meaning: start PicOS L2/L3

parameter: No



434

8) picos_l2l3_restart

meaning: restart PicOS L2/L3

parameter: No


9) picos_l2l3_stop

meaning: stop PicOS L2/L3

parameter: No


10) picos_ovs_start <ip-address> <gateway-ip>

meaning: start PicOS OVS, parameters are needed if PicOS is not set in OVS mode.

parameter 1: eth0 ip address and netmask, 192.168.0.2/24

parameter 2:gataway ip


11) picos_ovs_restart <ip-address> <gateway-ip>

meaning: restart PicOS OVS, parameters are needed if PicOS is not set in OVS mode.

parameter 1: eth0 ip address and netmask, 192.168.0.2/24

parameter 2:gataway ip


12) picos_ovs_stop

meaning: stop PicOS L2/L3

parameter:No


13) tftp_get_file <file-name> <file-name> <ip-address>

meaning: get file from TFTP server

parameter 1: file name in TFTP server

parameter 2: file name with path in local;

parameter 3: TFTP server IP address


14) tftp_get_l2l3_config_file <file-name> <ip-address>

meaning: get PicOS L2/L3 configuration from TFTP server

parameter 1: configuration file name with path on TFTP sever

parameter 2: sever ip address, if this is not set, it will use the TFTP server IP address got from

DHCP server by DHCP client


15) tftp_get_ovs_config_file <file-name> <ip-address>

meaning: get PicOS OVS configuration file





16) tftp_get_picos_config_file <file-name> <ip-address>

meaning: get PicOS configuration file from TFTP server



435




17) tftp_get_picos_image <file-name> <ip-address>

meaning: get PicOS image from TFTP server

parameter 1: image file name with path on TFTP sever




18) tftp_get_pica_image <file-name> <ip-address>

meaning: get Pica Image from TFTP server

parameter 1: image file name with path on TFTP sever




19) l2l3_cmd_shell <commands>

meaning: run an CLI command of PicOS L2/L3

parameter 1: the command


20) l2l3_load_config <file-name> <ip-address>

meaning: get a file with PicOS L2/L3 CLI commands list, and execute these commands.

parameter 1: command file name with path on TFTP sever




21) ovs_cmd_shell <commands>

meaning: run an OVS command

parameter 1: the command


22) ovs_load_config <ip-address> <gateway-ip> <file-name> <ip-address>

meaning: get a file with PicOS OVS commands list , and execute these commands.

parameter 1: if PicOS is not set to OVS, then it should be eth0 ip address and netmask,

192.168.0.2/24, otherwise “ ”

parameter 2: if PicOS is not set to OVS, then gateway IP, otherwise “ ”

parameter 3: file name with path on TFTP server




436

1.

2.

3.

1.

2.

40G Changes to 4*10G in l2/l3

In L2/L3 mode, P-5401 QSFP ports can be configured to one of the following settings. By default, it

is in QSFP.

QSFP: All ports work in 40G QSFP mode.

SFP: Ports 1-12,17-28 work in 4*10G SFP mode,ports 13-16,29-32 work in 40G QSFP.

SFP- 64: Ports 1-8,17-24 work in 4*10G SFP mode,ports 9-16,25-32 work in 40G QSFP

In L2/L3 mode, P-5101 QSFP ports can be configured to one of the following settings. By default, it

is in QSFP.

QSFP: Ports 1-40 work in 10G and ports 41-48 work in 40G.

SFP: Ports 1-40 work in 10G,ports 41-48 work in 4*10G.




In L2/L3 mode configure

XorPlus# set interface qe-interface-mode SFP/QSFP.XorPlus# commit

After setting QSFP pors to different mode, it is mandatory to restart the L2/L3 service in order to

make the new state to take effect.


QSFP (8 x 40G+40*10G)

When ports are in QSFP mode, the mapping between physical port and the associated

port/interface name is in the following table.

Physical Port number L2/L3 port/interface name

1 te-1/1/1

2 te-1/1/2


437

3 te-1/1/3

4 te-1/1/4

5 te-1/1/5

6 te-1/1/6

7 te-1/1/7

8 te-1/1/8

9 te-1/1/9

10 te-1/1/10

11 te-1/1/11

12 te-1/1/12

13 te-1/1/13

14 te-1/1/14

15 te-1/1/15

16 te-1/1/16

17 te-1/1/17

18 te-1/1/18

19 te-1/1/19

20 te-1/1/20

21 te-1/1/21

22 te-1/1/22

23 te-1/1/23

24 te-1/1/24


438

25 te-1/1/25

26 te-1/1/26

27 te-1/1/27

28 te-1/1/28

29 te-1/1/29

30 te-1/1/30

31 te-1/1/31

32 te-1/1/32

33 te-1/1/33

34 te-1/1/34

35 te-1/1/36

36 te-1/1/37

37 te-1/1/38

39 te-1/1/39

40 te-1/1/40

41 qe -1/1/41

42 qe -1/1/42

43 qe -1/1/43

44 qe -1/1/44

45 qe -1/1/45

46 qe -1/1/46

47 qe -1/1/47


439

48 qe -1/1/48

SFP (72x 10G)

When ports are in SFP mode, the mapping between physical port and the associated port/interface

name is in the following table.


1 te-1/1/1

2 te-1/1/2

3 te-1/1/3

4 te-1/1/4

5 te-1/1/5

6 te-1/1/6

7 te-1/1/7

8 te-1/1/8

9 te-1/1/9

10 te-1/1/10

11 te-1/1/11

12 te-1/1/12

13 te-1/1/13

14 te-1/1/14

15 te-1/1/15

16 te-1/1/16

17 te-1/1/17


440

18 te-1/1/18

19 te-1/1/19

20 te-1/1/20

21 te-1/1/21

22 te-1/1/22

23 te-1/1/23

24 te-1/1/24

25 te-1/1/25

26 te-1/1/26

27 te-1/1/27

28 te-1/1/28

29 te-1/1/29

30 te-1/1/30

31 te-1/1/31

32 te-1/1/32

33 te-1/1/33

34 te-1/1/34

35 te-1/1/36

36 te-1/1/37

37 te-1/1/38

39 te-1/1/39

40 te-1/1/40


441

41 4 x 10G

te -1/1/41

te -1/1/42

te -1/1/43

te -1/1/44

42 4 x 10G

te -1/1/45

te -1/1/46

te -1/1/47

te -1/1/48

43 4 x 10G

te -1/1/49

te -1/1/50

te -1/1/51

te -1/1/52

44 4 x 10G

te -1/1/53

te -1/1/54

te -1/1/55

te -1/1/56

45 4 x 10G

te -1/1/57


442

te -1/1/58

te -1/1/59

te -1/1/60

46 4 x 10G

te -1/1/61

te -1/1/62

te -1/1/63

te -1/1/64

47 4 x 10G

te -1/1/65

te -1/1/66

te -1/1/67

te -1/1/68

48 4 x 10G

te -1/1/69

te -1/1/70

te -1/1/71

te -1/1/72

Note:On P-5101 do not support the mode of SFP-64.


443


In L2/L3 mode configure

XorPlus# set interface qe-interface-mode SFP/SFP-64/QSFP.XorPlus# commit

After setting QSFP pors to different mode, it is mandatory to restart the L2/L3 service in order to

make the new state to take effect.


QSFP (32 x 40G)

When ports are in QSFP mode, the mapping between physical ports and the logical

ports/interfaces name are in the following table.


1 qe-1/1/1

2 qe-1/1/2

3 qe-1/1/3

4 qe-1/1/4

5 qe-1/1/5

6 qe-1/1/6

7 qe-1/1/7

8 qe-1/1/8

9 qe-1/1/9

10 qe-1/1/10

11 qe-1/1/11

12 qe-1/1/12


444

13 qe-1/1/13

14 qe-1/1/14

15 qe-1/1/15

16 qe-1/1/16

17 qe-1/1/17

18 qe-1/1/18

19 qe-1/1/19

20 qe-1/1/20

21 qe-1/1/21

22 qe-1/1/22

23 qe-1/1/23

24 qe-1/1/24

25 qe-1/1/25

26 qe-1/1/26

27 qe-1/1/27

28 qe-1/1/28

29 qe-1/1/29

30 qe-1/1/30

31 qe-1/1/31

32 qe-1/1/32


445

SFP-64 (16 x 40G + 64 x 10G)

When ports are in SFP-64 mode, the mapping between physical ports and the logical

ports/interfaces names are in the following table.


1 4 x 10G

te-1/1/1

te-1/1/2

te-1/1/3

te-1/1/4

2 4 x 10G

te-1/1/5

te-1/1/6

te-1/1/7

te-1/1/8

3 4 x 10G

te-1/1/9

te-1/1/10

te-1/1/11

te-1/1/12

4 4 x 10G

te-1/1/13

te-1/1/14


446

te-1/1/15

te-1/1/16

5 4 x 10G

te-1/1/17

te-1/1/18

te-1/1/19

te-1/1/20

6 4 x 10G

te-1/1/21

te-1/1/22

te-1/1/23

te-1/1/24

7 4 x 10G

te-1/1/25

te-1/1/26

te-1/1/27

te-1/1/28

8 4 x 10G

te-1/1/29

te-1/1/30

te-1/1/31

te-1/1/32


447

9 qe-1/1/9

10 qe-1/1/10

11 qe-1/1/11

12 qe-1/1/12

13 qe-1/1/13

14 qe-1/1/14

15 qe-1/1/15

16 qe-1/1/16

17 4 x 10G

te-1/1/33

te-1/1/34

te-1/1/35

te-1/1/36

18 4 x 10G

te-1/1/37

te-1/1/38

te-1/1/39

te-1/1/40

19 4 x 10G

te-1/1/41

te-1/1/42

te-1/1/43


448

te-1/1/44

20 4 x 10G

te-1/1/45

te-1/1/46

te-1/1/47

te-1/1/48

21 4 x 10G

te-1/1/49

te-1/1/50

te-1/1/51

te-1/1/52

22 4 x 10G

te-1/1/53

te-1/1/54

te-1/1/55

te-1/1/56

23 4 x 10G

te-1/1/57

te-1/1/58

te-1/1/59

te-1/1/60

24 4 x 10G


449

te-1/1/61

te-1/1/62

te-1/1/63

te-1/1/64

25 qe-1/1/25

26 qe-1/1/26

27 qe-1/1/27

28 qe-1/1/28

29 qe-1/1/29

30 qe-1/1/30

31 qe-1/1/31

32 qe-1/1/32

SFP (8 x 40G + 96 x 10G)

When ports are in SFP mode, the mapping between physical ports and the logical ports/interfaces

name are in the following table.


1 4 x 10G

te-1/1/1

te-1/1/2

te-1/1/3

te-1/1/4

2 4 x 10G


450

te-1/1/5

te-1/1/6

te-1/1/7

te-1/1/8

3 4 x 10G

te-1/1/9

te-1/1/10

te-1/1/11

te-1/1/12

4 4 x 10G

te-1/1/13

te-1/1/14

te-1/1/15

te-1/1/16

5 4 x 10G

te-1/1/17

te-1/1/18

te-1/1/19

te-1/1/20

6 4 x 10G

te-1/1/21

te-1/1/22


451

te-1/1/23

te-1/1/24

7 4 x 10G

te-1/1/25

te-1/1/26

te-1/1/27

te-1/1/28

8 4 x 10G

te-1/1/29

te-1/1/30

te-1/1/31

te-1/1/32

9 4 x 10G

te-1/1/33

te-1/1/34

te-1/1/35

te-1/1/36

10 4 x 10G

te-1/1/37

te-1/1/38

te-1/1/39

te-1/1/40


452

11 4 x 10G

te-1/1/41

te-1/1/42

te-1/1/43

te-1/1/44

12 4 x 10G

te-1/1/45

te-1/1/46

te-1/1/47

te-1/1/48

13 qe-1/1/13

14 qe-1/1/14

15 qe-1/1/15

16 qe-1/1/16

17 4 x 10G

te-1/1/49

te-1/1/50

te-1/1/51

te-1/1/52

18 4 x 10G

te-1/1/53

te-1/1/54


453

te-1/1/55

te-1/1/56

19 4 x 10G

te-1/1/57

te-1/1/58

te-1/1/59

te-1/1/60

20 4 x 10G

te-1/1/61

te-1/1/62

te-1/1/63

te-1/1/64

21 4 x 10G

te-1/1/65

te-1/1/66

te-1/1/67

te-1/1/68

22 4 x 10G

te-1/1/69

te-1/1/70

te-1/1/71

te-1/1/72


454

23 4 x 10G

te-1/1/73

te-1/1/74

te-1/1/75

te-1/1/76

24 4 x 10G

te-1/1/77

te-1/1/78

te-1/1/79

te-1/1/80

25 4 x 10G

te-1/1/81

te-1/1/82

te-1/1/83

te-1/1/84

26 4 x 10G

te-1/1/85

te-1/1/86

te-1/1/87

te-1/1/88

27 4 x 10G

te-1/1/89


455

te-1/1/90

te-1/1/91

te-1/1/92

28 4 x 10G

te-1/1/93

te-1/1/94

te-1/1/95

te-1/1/96

29 qe-1/1/29

30 qe-1/1/30

31 qe-1/1/31

32 qe-1/1/32


456

Configuration Appendix

Other Command List

Other Command List

set interface traceoptions flag config disable true

set interface traceoptions flag ethernet-switching-options disable true

set interface traceoptions flag mlag-trace disable true

set interface traceoptions flag neighbor-event disable true

set interface traceoptions flag packets disable true

set interface traceoptions flag route-event disable true

set interface traceoptions flag static-ethernet-switching disable true

set interface traceoptions line-card statistic disable true

set interface traceoptions line-card trace-level all disable true

set interface traceoptions line-card trace-level api debug disable true

set interface traceoptions line-card trace-level api error disable true

set interface traceoptions line-card trace-level api information disable true

set interface traceoptions line-card trace-level api warning disable true

set interface traceoptions line-card trace-level sdk debug disable true

set interface traceoptions line-card trace-level sdk error disable true

set interface traceoptions line-card trace-level sdk information disable true

set interface traceoptions line-card trace-level sdk warning disable true

set interface traceoptions line-card trace-level xrl debug disable true

set interface traceoptions line-card trace-level xrl error disable true

set interface traceoptions line-card trace-level xrl information disable true

set interface traceoptions line-card trace-level xrl warning disable true

set interface traceoptions line-card trace-type all disable true

set interface traceoptions line-card trace-type configuration disable true

set interface traceoptions line-card trace-type link-change disable true

set interface traceoptions line-card trace-type mac-update disable true

set interface traceoptions line-card trace-type packet disable true

set interface traceoptions line-card trace-type packet-receive disable true

set interface traceoptions line-card trace-type packet-transmit disable true

set interface traceoptions line-card trace-type statistic disable true


457

1.

2.

3.

OpenFlow Configurations in Crossflow Mode

This chapter describes the configurations of OpenFlow via the CrossFlow Mode. The Crossflow

mode is the capacity to mixed tradtional L2/L3 and Openflow protocols simultaneously on the same

physical switch.

The Crossflow mode has been improved in PicOS 2.4. Now all the OVS commands are available and there is a featureparity between the OVS mode and the L2/L3 mode.

CrossFlow Mode Introduction

In CrossFlow mode switches can achieve all functions that exist in OVS mode: including basic flow

function, meter, group, multi-table, Q-in Q, mpls, pbb, GRE, mirror, ECMP, etc...

Like PicOS OVS mode, in crossflow mode OpenFlow v1.0, OFv1.1, OFv1.2, OF1.3 and OFv1.4

are supported. You can configure any supported version in the CLI.

In PicOS2.4, ports in the switch are either legacy or crossflow ports. In a crossflow port, PicOS

just support disable in version PicOS2.4, the protocol packet will not be processed inlocal-control

the local protocol stack. If enabled, represents the port is legacy port.local-control

As above figure, switch ports working status in crossflow mode is shown. crossflow port modes can

be summarized as follows:

Crossflow mode & local-control-off & disable l2/l3 mode:

The port is totally controlled by controller

All broadcast turned off & auto learning turned off

Packet forwarded by looking up the TCAM table


458

1.

2.

3.

Crossflow mode & local-control-off & enable l2/l3 mode

The port is totally controlled by controller

All broadcast turned off & auto learning turned off

Packet forwarded by looking up the FIB (FDB/routing table) and TCAM table

In CrossFlow mode, user can enable l2/l3 mode as PicOS OVS multi-table function. If the l2/l3

mode enabled, the FIB table resource will be shared by legacy ports and crossflow ports and data

traffic cannot mix between the different type ports. User can special portallocate the resource for

as following command.

set interface stm openflow-table 1000set interface stm mac-table 20000set interface max-route-limit 10000

The first command 'set interface stm openflow-table 1000' means allocate the TCAM resource for

crossflow port;

The second command 'set interface stm mac-table 20000 ' means allocate the FDB table resource

for legacy port, and the rest of resource for crossflow port.

The last command 'set interface max-route-limit 10000' means allocate the route table resource for

legacy port, and the rest of resource for crossflow port.

As the following figure. In crossflow mode, traffic can be only forwarded in the OpenFlow domain

or only forwarded in the Legacy network domain (as shown in the following figures).

The configurations of crossflow mode are different from those in OVS.The followings is some

examples in crossflow mode. In Xorplus system,it is responsible for setting which ports belonged to

XOVS ,and creating vlans. As for the port Properties, and vlans ports belonged to,ovs is in charge.


459

limitations of hybrid : Before configure the interface to crossflow enable true, you should clear the

configurations of this interface that you have done in Xorplus.But now we have not do the

limitations.

command

admin@XorPlus# set xovs enable trueadmin@XorPlus# commitadmin@XorPlus# set interface gigabit-ethernet ge-1/1/1 crossflow enable trueadmin@XorPlus# set interface gigabit-ethernet ge-1/1/1 crossflowlocal-control falseadmin@XorPlus# set vlans vlan-id 2,2000,4094admin@XorPlus# commit

commands in linux.

admin@XorPlus$ovs-vsctl list pica8admin@XorPlus$ovs-vsctl add-br br0 -- set bridge br0 datapath_type=pica8admin@XorPlus$ovs-vsctl add-port br0 ge-1/1/1 vlan_mode=trunk tag=1trunks=2000,4094 -- set Interface ge-1/1/1 type=pica8admin@XorPlus$ovs-vsctl add-port br0 ge-1/1/2 vlan_mode=trunk tag=1trunks=2000,4094 -- set Interface ge-1/1/2 type=pica8admin@XorPlus$ovs-vsctl add-port br0 ge-1/1/3 vlan_mode=trunk tag=1trunks=2000,4094 -- set Interface ge-1/1/3 type=pica8

Examples

Basic configurations

topology

steps

(1) enable crossflow for two ports

admin@XorPlus# set xovs enable trueadmin@XorPlus# commitadmin@XorPlus# set interface gigabit-ethernet te-1/1/1 crossflow enabletrueadmin@XorPlus# set interface gigabit-ethernet te-1/1/1 crossflowlocal-control falseadmin@XorPlus# set interface gigabit-ethernet te-1/1/2 crossflow enabletrueadmin@XorPlus# set interface gigabit-ethernet te-1/1/2 crossflowlocal-control falseadmin@XorPlus#set vlans vlan-id 1,2 ,10,20admin@XorPlus# commit


460

(2)exit the Xorplus system then enter linux system

admin@XorPlus#exit admin@XorPlus>exitadmin@XorPlus$

(3)create a new bridge named br0.

admin@XorPlus$ovs-vsctl add-br br0 -- set bridge br0 datapath_type=pica8

(4)add ports to br0.

admin@XorPlus$ovs-vsctl add-port br0 te-1/1/1 vlan_mode=trunk tag=1trunks=2,10,20 -- set Interface te-1/1/1 type=pica8admin@XorPlus$ovs-vsctl add-port br0 te-1/1/2 vlan_mode=trunk tag=1trunks=2,10,20 -- set Interface te-1/1/2 type=pica8

(5) add a flow

admin@XorPlus$ovs-ofctl add-flow br0 in_port=1,actions=output:2

(6)Send packets to te-1/1/1

Send untag packets to te-1/1/1 that matching this flow, then te-1/1/2 will forward the packets (with

no vlan);Send packets with vlan 2 to te-1/1/1,then te-1/1/2 will forward the packets (with vlan 2).

Flow priority configurations

topology

(1)enable crossflow for two ports

admin@XorPlus# set xovs enable trueadmin@XorPlus# commitadmin@XorPlus# set interface gigabit-ethernet te-1/1/1 crossflow enabletrueadmin@XorPlus# set interface gigabit-ethernet te-1/1/1 crossflowlocal-control falseadmin@XorPlus# set interface gigabit-ethernet te-1/1/2 crossflow enabletrueadmin@XorPlus# set interface gigabit-ethernet te-1/1/2 crossflowlocal-control falseadmin@XorPlus#set vlans vlan-id 1,2 ,10,20admin@XorPlus# commit



461





admin@XorPlus$ovs-vsctl add-port br0 te-1/1/1 vlan_mode=trunk tag=1trunks=2,10,20 -- set Interface te-1/1/1 type=pica8admin@XorPlus$ovs-vsctl add-port br0 te-1/1/2 vlan_mode=trunk tag=1trunks=2,10,20 -- set Interface te-1/1/2 type=pica8

(5)add two flows

admin@XorPlus$ovs-ofctl add-flow br0in_port=1,dl_src=22:11:11:11:11:11,actions=output:2admin@XorPlus$ovs-ofctl add-flow br0in_port=1,priority=50000,dl_src=22:11:11:11:11:11,actions=mod_dl_src:22:22:22:22:22:22,output:2

(6)send packets to te-1/1/1

Send untaged packets to te-1/1/1 that matching this flow,then te-1/1/2 will forward the packets

(with no vlan)and the packets’ source mac address is modified to 22:22:22:22:22:22.Because the

priority of second flow is higher than the first flow.

Send packets with vlan 2 to te-1/1/1 ,then te-1/1/2 will forward the packets with vlan 2 and the

packets’ source mac address is modified to 22:22:22:22:22:22.

VXLAN configurations

Only switches using the Broadcom Trident2 support the VXLAN tunneling encapsulation.

topology


admin@XorPlus# set xovs enable trueadmin@XorPlus# commitadmin@XorPlus# set interface gigabit-ethernet te-1/1/1 crossflow enabletrueadmin@XorPlus# set interface gigabit-ethernet te-1/1/1 crossflowlocal-control falseadmin@XorPlus# set interface gigabit-ethernet te-1/1/2 crossflow enabletrueadmin@XorPlus# set interface gigabit-ethernet te-1/1/2 crossflow


462

local-control falseadmin@XorPlus#set vlans vlan-id 1,2 ,10,20admin@XorPlus# commit






admin@XorPlus$ovs-vsctl add-port br0 qe-1/1/1 vlan_mode=trunk tag=1trunks=2,10,20 -- set Interface qe-1/1/1 type=pica8admin@XorPlus$ovs-vsctl add-port br0 qe-1/1/2 vlan_mode=trunk tag=1trunks=2,10,20 -- set Interface qe-1/1/2 type=pica8

(5)add a VXLAN port named vxlan1 on qe-1/1/2

admin@XorPlus$ovs-vsctl add-port br0 vxlan1 – set interface vxlan1type=pica8_vxlan options:remote_ip=10.10.10.2 options:local_ip=10.10.10.1options:vlan=1 options:vnid=1122867 options:udp_dst_port=4789 options:src_mac=C8:0A:A9:04:49:1A options:dst_mac=C8:0A:A9:9E:14:A5 options:egress_port=qe-1/1/2

(6)add a flow

admin@XorPlus$ovs-ofctl add-flow br0 in_port=1,actions=output:4097

FDB configurations

topology



admin@XorPlus# set xovs enable trueadmin@XorPlus# commitadmin@XorPlus# set interface gigabit-ethernet te-1/1/1 crossflow enabletrueadmin@XorPlus# set interface gigabit-ethernet te-1/1/1 crossflowlocal-control false


463

admin@XorPlus# set interface gigabit-ethernet te-1/1/2 crossflow enabletrueadmin@XorPlus# set interface gigabit-ethernet te-1/1/2 crossflowlocal-control falseadmin@XorPlus#set vlans vlan-id 1,2 ,10,20admin@XorPlus# commitadmin@XorPlus#exit admin@XorPlus>exitadmin@XorPlus$




admin@XorPlus$ovs-vsctl add-port br0 qe-1/1/1 vlan_mode=trunk tag=1trunks=2,10,20 -- set Interface qe-1/1/1 type=pica8admin@XorPlus$ovs-vsctl add-port br0 qe-1/1/2 vlan_mode=trunk tag=1trunks=2,10,20 -- set Interface qe-1/1/2 type=pica8

(5)set table 1 to FDB table

admin@XorPlus$ovs-vsctl set-l2-mode true 1

(6)add a flow

admin@XorPlus$ovs-ofctl add-flow br0table=1,dl_dst=22:22:22:22:22:22,dl_vlan=10,actions=output:2

Flows must match dl_dst,dl_vlan and output port if they want to be stroed in FDB table. Table

number of FDB table is 251 by default.Users can specify another table as the FDB table instead of

the 251,using this command If you want flows to be ovs-vsctl set-l2-mode true [table number]. stored in ROUTE table ,flows must match dl_dst,dl_vlan,dl_type,nw_dst,and mod_dl_dst in

action,and the default table number of ROUTE is 252.Using command ovs-vsctl set-l3-mode trueto set route table.[table number]


464

Documents

Picos Routing and Switching Configuration Guide