Table of Contents Table of Contents Chapter 1 IP Address and IP Performance Configuration... 5-1 1.1 IP Address Overview...5-1 1.2 Assigning IP Addresses... 5-5 1.2.1 Assigning IP Addresses to Interfaces... 5-5 1.2.2 Displaying and Debugging the IP Address... 5-7 1.2.3 Typical Example for Assigning the IP Address... 5-7 1.2.4 Troubleshooting... 5-8 1.3 Configuring ARP... 5-8 1.3.1 Introduction to Dynamical ARP... 5-8 1.3.2 Introduction to Static ARP... 5-8 1.3.3 Introduction to ARP Proxy... 5-9 1.3.4 Configuring Dynamic ARP... 5-10 1.3.5 Configuring Static ARP... 5-11 1.3.6 Configuring ARP Proxy... 5-11 1.3.7 Displaying and Debugging ARP... 5-11 1.4 Configuring DNS... 5-12 1.4.1 DNS Overview... 5-12 1.4.2 Configuring Static Domain Name Resolution... 5-13 1.5 DHCP Relay... 5-14 1.5.1 Introduction to DHCP Relay... 5-14 1.5.2 Configuring DHCP Relay... 5-15 1.5.3 Displaying and Debugging DHCP Relay... 5-16 1.5.4 Example for Configuring DHCP Relay... 5-17 1.5.5 Troubleshooting DHCP Relay... 5-18 1.6 Configuring IP Performance... 5-18 1.6.1 Setting MTU... 5-18 1.6.2 Setting TCP Attributes... 5-18 1.6.3 Displaying and Debugging IP Performance... 5-19 1.6.4 Troubleshooting IP Performance... 5-20 Chapter 2 IP Routing Protocol Overview... 5-23 2.1 Introduction to IP Route and Routing Table... 5-23 2.1.1 IP Route and Route Segment... 5-23 2.1.2 Routing through the Routing Table... 5-24 2.2 Routing Management Policy... 5-25 2.2.1 Routing Protocols and the Preferences of the Discovered Routes... 5-26 2.2.2 Supporting Load Balancing and Route Backup... 5-26 2.2.3 Routes Shared between Routing Protocols... 5-27 i
Table of Contents 2.3 Routing Function of the SecPath F1800-A... 5-27 Chapter 3 Static Route Configuration... 5-29 3.1 Introduction to Static Route... 5-29 3.1.1 Attributes and Functions of Static Route... 5-29 3.1.2 Default Route... 5-29 3.2 Configuring Static Route... 5-30 3.2.1 Configuring a Static Route... 5-30 3.2.2 Configuring a Default Route... 5-30 3.3 Displaying and Debugging the Routing Table... 5-30 3.4 Typical Example for Configuring Static Route... 5-31 3.5 Troubleshooting Static Route... 5-32 Chapter 4 RIP Configuration... 5-33 4.1 RIP Overview... 5-33 4.1.1 RIP Operating Principle... 5-33 4.1.2 RIP Startup and Operation... 5-34 4.2 Configuring RIP... 5-34 4.2.1 Enabling RIP and Entering RIP View... 5-35 4.2.2 Enabling RIP Interface... 5-35 4.2.3 Configuring Unicast of a Packet... 5-36 4.2.4 Specifying RIP Version of an Interface... 5-36 4.2.5 Configuring Zero Field Checking over Interface Packets... 5-37 4.2.6 Specifying the Operating State of the Interface... 5-37 4.2.7 Disabling Host Route... 5-38 4.2.8 Configuring Route Aggregation... 5-38 4.2.9 Configuring RIP Packet Authentication... 5-38 4.2.10 Configuring Split Horizon... 5-39 4.2.11 Importing Routes of Other Protocols... 5-40 4.2.12 Configuring Default Routing Metric... 5-40 4.2.13 Setting the RIP Preference... 5-40 4.2.14 Configuring RIP Timer... 5-41 4.2.15 Configuring Additional Metric... 5-42 4.2.16 Configuring Route Filtering... 5-42 4.3 Displaying and Debugging RIP... 5-43 4.4 Typical Example for Configuring RIP... 5-44 4.4.1 Configuring the Operating State of the Specified Interface... 5-44 4.5 Troubleshooting RIP... 5-45 Chapter 5 OSPF Configuration... 5-46 5.1 OSPF Overview...5-46 5.1.1 Introduction to OSPF... 5-46 5.1.2 Process of OSPF Route Calculation... 5-46 5.1.3 Basic Concepts Related to OSPF... 5-47 ii
Table of Contents 5.1.4 OSPF Packets... 5-49 5.1.5 Types of OSPF LSAs... 5-50 5.1.6 OSPF Features Supported by VRP... 5-51 5.2 Configuring OSPF...5-51 5.2.1 Setting Router ID... 5-52 5.2.2 Enabling OSPF Process... 5-53 5.2.3 Entering OSPF Area View... 5-53 5.2.4 Enabling OSPF on the Specified Network Segment... 5-54 5.2.5 Configuring OSPF Virtual Link... 5-54 5.2.6 Setting the Network Type on the OSPF... 5-55 5.2.7 Configuring the Adjacent Point... 5-56 5.2.8 Configuring OSPF to Import Routes... 5-57 5.2.9 Configuring OSPF Route Filtering... 5-59 5.2.10 Configuring the Route Aggregation of OSPF... 5-60 5.2.11 Setting OSPF Route Preference... 5-61 5.2.12 Configuring OSPF Timer... 5-61 5.2.13 Setting the Priority for DR Election... 5-63 5.2.14 Setting the Cost for Sending Packets on an Interface... 5-64 5.2.15 Setting SPF Calculation Interval for OSPF... 5-64 5.2.16 Setting an Interval Required for Sending LSU Packets... 5-64 5.2.17 Configuring Whether the MTU Field will be Filled in When an Interface Sends DD Packets... 5-65 5.2.18 Configuring OSPF Authentication... 5-65 5.2.19 Disabling the Interface to Send OSPF Packets... 5-66 5.2.20 Configuring STUB Area of OSPF... 5-67 5.2.21 Setting NSSA Area Parameter of OSPF... 5-68 5.2.22 Enabling Opaque Capability of OSPF... 5-69 5.2.23 Configuring Cooperation with Network Management System... 5-69 5.2.24 Resetting an OSPF Process... 5-70 5.3 Displaying and Debugging OSPF... 5-71 5.4 Typical Examples for Configuring OSPF... 5-72 5.4.1 Configuring OSPF Multi-process... 5-72 5.4.2 Configuring DR Election Based on OSPF Priority... 5-74 5.4.3 Configuring Virtual Link... 5-76 5.4.4 Configuring OSPF Peer Authentication... 5-77 5.5 Troubleshooting OSPF... 5-79 Chapter 6 BGP/MBGP Configuration... 5-81 6.1 BGP/MBGP Overview... 5-81 6.1.1 Introduction to BGP... 5-81 6.1.2 Message Types of BGP... 5-82 6.1.3 Route Mechanism of BGP... 5-82 6.1.4 MBGP... 5-83 iii
Table of Contents 6.1.5 BGP Peer and Peer Group... 5-84 6.2 Configuring BGP... 5-85 6.2.1 Enabling BGP... 5-86 6.2.2 Entering Extended Address Family View... 5-86 6.2.3 Configuring BGP Multiple Instances... 5-87 6.2.4 Configuring Basic Features of BGP Peer... 5-87 6.2.5 Configuring Application Features of BGP Peer... 5-90 6.2.6 Configuring Route Filtering of BGP Peer... 5-94 6.2.7 Configuring Network Routes Advertised by BGP... 5-96 6.2.8 Configuring the Interaction Between BGP and IGP... 5-96 6.2.9 Configuring BGP Route Aggregation... 5-97 6.2.10 Configuring BGP Route Filtering... 5-97 6.2.11 Configuring BGP Route Dampening... 5-99 6.2.12 Setting the BGP Preference... 5-99 6.2.13 Configuring the BGP Timer... 5-100 6.2.14 Configuring the Local Preference... 5-100 6.2.15 Setting MED for AS... 5-101 6.2.16 Comparing MED Routing Costs from the Peers in Different ASs... 5-101 6.2.17 Configuring BGP Load Balancing... 5-102 6.2.18 Configuring BGP Route Reflector... 5-104 6.2.19 Setting BGP AS Confederation Attribute... 5-105 6.2.20 Resetting BGP Connection... 5-107 6.2.21 Configuring BGP Route Refresh... 5-107 6.3 Displaying and Debugging BGP... 5-108 6.4 Typical Examples for Configuring BGP... 5-110 6.4.1 Setting BGP AS Confederation Attributes... 5-110 6.4.2 Configuring BGP Route Reflector... 5-112 6.4.3 Configuring BGP Routing... 5-114 6.4.4 Configuring BGP Load Balancing... 5-117 6.4.5 Configuring Iteration-Based BGP Load Balancing... 5-119 6.4.6 Configuring MBGP Route Reflector... 5-122 6.5 Troubleshooting BGP... 5-124 Chapter 7 Policy Routing Configuration... 5-126 7.1 Policy Routing Overview... 5-126 7.2 Configuring Policy Routing... 5-126 7.2.1 Defining ACL Rules... 5-126 7.2.2 Defining Class and Classification Rules... 5-126 7.2.3 Defining Policy Routing Behavior... 5-127 7.2.4 Defining a Policy... 5-128 7.2.5 Applying a Policy... 5-128 7.2.6 Setting Traffic Policing Parameters... 5-129 7.3 Typical Example for Configuring Policy Routing... 5-130 iv
Chapter 1 IP Address and IP Performance Configuration Chapter 1 IP Address and IP Performance Configuration 1.1 IP Address Overview The IP address is a unique 32-bit address assigned to the host connected to Internet. Usually it is composed of two parts: network ID and host ID. Its structure enables users to perform addressing on Internet conveniently. The IP address is assigned by Network Information Center (NIC) of American National Defense Data Network (ANDDN). The IP address consists of the following fields: Network ID field (net-id) Among it, the former bits are called the category field (or category bits) used to distinguish the types of IP addresses. Host ID field (host-id) Since the host number with all 1s or 0s has special usage, it is specified that the host number should not be all 1s or 0s. For the convenience of managing the IP address and networking, the IP address of Internet is divided into five classes, as shown in Figure 1-1. 1 2 3 4 8 16 24 31 Class A 1 net-id host-id Class B 1 0 net-id host-id Class C 1 1 0 net-id host-id Class D 1 110 Multicast address Class E 1 1110 Refserved for future use Figure 1-1 Classification of IP address At present, IP addresses are mostly of class A, class B and class C. The IP address of class D is a multicast address, which is reserved for Internet Architecture Board (IAB). The IP address of class E is reserved for use in future. 5-1
Chapter 1 IP Address and IP Performance Configuration When using IP addresses, note that some of them are reserved for special uses, and are seldom used. The IP addresses you can use are listed in Table 1-1. Table 1-1 IP address classes and ranges A Network class Address range 0.0.0.0 to 127.255. 255.255 B 128.0.0.0 to 191.255. 255.255 C 192.0.0.0 to 223.255. 255.255 D 224.0.0.0 to 239.255. 255.255 E 240.0.0.0 to 247.255. 255.255 IP network range 1.0.0.0 to 126.0.0.0 128.0.0.0 to 191.254.0.0 192.0.0.0 to 223.255.2 54.0 None None Description Host ID with all the digits being 0 indicates that the IP address is the network address, and is used for network routing. Host ID with all the digits being 1 indicates the broadcast address; that is, broadcast to all hosts on the network. IP address 0.0.0.0 is used for the host that is not put into use after starting up. The IP address with network number as 0 indicates the current network, and its network can be cited by the router without knowing its network number. Network ID with the format of 127.X.Y.Z is reserved for self-loop test and the packets sent to this address will not be output to the line. The packets are processed internally and regarded as input packets. Host ID with all the digits being 0 indicates that the IP address is the network address, and is used for network routing. Host ID with all the digits being 1 indicates the broadcast address; that is, broadcast to all hosts on the network. Host ID with all the digits being 0 indicates that the IP address is the network address, and is used for network routing. Host ID with all the digits being 1 indicates the broadcast address; that is, broadcast to all hosts on the network. IP addresses of class D are multicast addresses. The IP addresses are reserved for use in future. Other addresses 255.255. 255.255 255.255.2 55.255 255.255.255.255 is used as LAN broadcast address. Important features of IP addresses: 5-2
Chapter 1 IP Address and IP Performance Configuration IP addresses are not in a hierarchical structure, which differs from the structure of telephone number. In other words, IP addresses can not reflect where the host is located. When a host is connected to two networks at the same time, such as the host used as a router, it must have two IP addresses with different net-ids that correspond to two different networks. Such a host is called multihomed host. Based on the concept of Internet, several LANs connected through repeater or bridge are still in the same network, so these LANs have the same net-id. In terms of the IP address, all networks which are assigned with net-ids are equal, no matter it is a small LAN or a big WAN. Since 1985, only the net-id of an IP address is assigned by NIC, while the host-id is controlled by the enterprise. The IP address assigned to an enterprise is only a network ID: net-id. The specific host-ids shall be assigned by the enterprise itself, so long as there is no repeated host IDs within its network. If there are many hosts widely scattered in an enterprise, the host IDs may be further divided into internal sub-nets for the sake of management. Note that the IP subnetting is performed within the enterprise. Seen from the outside, the enterprise only has one net-id. When a packet enters the network in the enterprise, the router of the enterprise can achieve routing based on the sub-net number. As a result, the packet reaches the destination host. Figure 1-2 shows the subnetting of a Class B IP address, in which a sub-net mask consists of a string of continuous "1" s and a string of continuous "0" s. The 1s corresponds to the network ID field and the sub-net number field, while the 0s correspond to the host ID field. Local address Class B net-id (a) Subnet ID Host ID Add subnet ID filed net-id Subnet-id (b) host-id Subnet mask 11111111 11111111 111111 00 00000000 (c) Figure 1-2 Subnetting of an IP address When one more sub-net number field is divided, the number of IP addresses will reduce. For example, an IP address of class B consists of 65534 (2 16-2) host IDs. However, after a 6-bit sub-net field is divided, there may be at most 64 sub-nets. Each sub-net has 10bit host ID; that is, each sub-net has 1022 host IDs at most. Totally, 5-3
Chapter 1 IP Address and IP Performance Configuration there are 64 x 1022 = 65408 host IDs, which are 126 less than the sum before subnetting. If there is no subnetting in an enterprise, then its sub-net mask is the default value and the length of "1" refers to the length of net-id. Therefore, for IP addresses of classes A, B and C, the default values of sub-net mask are 255.0.0.0, 255.255.0.0 and 255.255.255.0 respectively. A router that connects multiple networks will have multiple IP addresses. The IP addresses mentioned above can not be directly used in communication, because: The IP address is only an address of a host at the network layer. For the sake of sending the data packets to the destination host from the network layer, the physical address of the host is required. So the IP address must be first resolved into a physical address. The IP address is hard to remember, but a host domain name will be much easier to remember and is also more popular. So the host domain name must also be resolved into an IP address. Figure 1-3 shows relations between the host name, the IP address and the physical address. IP=209.0.0.5 host-a PC net-id=209.0.0 Destination host name IP address of destination host Physical address of desination host host-b DNS 209.0.0.6 ARP 08002B00EE0 A IP=209.0.0.6 host-b Network adaptor 08002B00EE0A Figure 1-3 Relation between the host name, the IP address and the physical address 5-4
Chapter 1 IP Address and IP Performance Configuration 1.2 Assigning IP Addresses 1.2.1 Assigning IP Addresses to Interfaces Each interface of a router can have several IP addresses, among which one is the primary IP address and the others are secondary IP addresses. The primary IP address and secondary IP addresses can be on the same network segment. I. Assigning a Primary IP Address to an Interface Each interface can have only one primary IP address. You can use the following command to modify the primary IP address of the interface and the network mask. Do as follows in interface view. Table 1-2 Assigning a primary IP address to an interface Assign a primary IP address to an interface. ip address ip-address net-mask Use a mask net-mask to identify the network ID contained in an IP address. For example, the IP address of an Ethernet interface of a router is 129.9.30.42, and the mask is 255.255.0.0. Multiply the IP address and the mask logically, and then the network ID of the router's Ethernet interface will be129.9.0.0. When assigning a primary IP address, if a primary IP address has already existed on the interface, the original primary IP address will be replaced by the new one. II. Assigning Secondary IP Addresses to an Interface Besides the primary IP address, several secondary IP addresses can be assigned on an interface. Assigning secondary IP addresses aims to have the same interface located in different sub-nets, so as to create network routes with the same interface as the output port. As a result, several subnets can be connected through the same interface. Do as follows in interface view. Table 1-3 Assigning secondary IP addresses to an interface Assign secondary IP addresses to an interface. ip address ip-address net-mask sub III. Deleting the IP Address of an Interface Do as follows in interface view. 5-5
Chapter 1 IP Address and IP Performance Configuration Table 1-4 Deleting the IP address of an interface Delete the IP address of an interface. undo ip address [ ip-address net-mask [ sub ] ] Before deleting the primary IP address, you must delete all the secondary IP addresses. IV. Setting the Negotiable Attribute of an IP Address for an Interface When an interface is encapsulated with PPP but not configured with the IP address, set the negotiable attribute of an IP address for this interface. Configure the ip address ppp-negotiate command on the local router, and configure the remote address command on the remote router. Thus, the local interface can accept the IP address, which is assigned by the remote interface and generated from PPP negotiation. This configuration is mainly used to obtain the IP address assigned by ISP when you access the Internet through ISP. Do as follows in interface view. Table 1-5 Setting the negotiable attribute of an IP address for an interface Set the negotiable attribute of an IP address for an interface. Cancel the negotiable attribute of an IP address for an interface. ip address ppp-negotiate undo ip address ppp-negotiate Assign an IP address for the remote interface. remote address { ip-address pool [ pool-number ] } Cancel the assignment of IP address for the remote interface. undo remote address 5-6
Chapter 1 IP Address and IP Performance Configuration Note: Because PPP supports IP address negotiation, IP address negotiation on an interface can be set only when the interface is encapsulated with PPP. When the PPP is Down, the IP address generated from negotiation will be deleted. If the interface has had the IP address, then after setting IP address negotiation for the interface, the original IP address will be deleted. After setting IP address negotiation for an interface, it is unnecessary to assign the IP address, which can be obtained from negotiation. If IP address negotiation is set twice for an interface, then the IP address generated from negotiation for the first time will be deleted, and the interface obtains the IP address through the negotiation for the second time. The interface will have no address after the negotiation address is deleted. The IP address of the Loopback interface can be borrowed by other interfaces, but it cannot borrow the addresses from other interfaces. 1.2.2 Displaying and Debugging the IP Address You can use the display command in any view to view the running state and verify the configuration of IP Address. Table 1-6 Displaying and debugging the IP address View the configuration state of all interfaces. display ip interface [ interface-type interface-number ] 1.2.3 Typical Example for Assigning the IP Address I. Networking Requirements Assign the IP address to Ethernet 1/0/0 of the router. It is required that the primary IP address should be 129.2.2.1, and the secondary IP address should be 129.1.3.1. II. Networking Diagram SecPath Primary IP address:129.2.2.1 Secondary IP address:129.1.3.1 Serial1/0/1 Internet SecPath Figure 1-4 Assigning the primary and secondary IP address to an interface of the router 5-7
Chapter 1 IP Address and IP Performance Configuration III. Configuration Procedure # Assign the primary and secondary IP address to Ethernet 1/0/0 of the router. [SecPath] interface ethernet 1/0/0 [SecPath-Ethernet1/0/0] ip address 129.2.2.1 255.255.255.0 [SecPath-Ethernet1/0/0] ip address 129.1.3.1 255.255.255.0 sub 1.2.4 Troubleshooting The SecPath F1800-A is a network interconnection device. So when assigning the IP address to an interface, you must be familiar with networking requirements and subnetting. Normally, such a rule should be observed. Namely, the primary IP address of an Ethernet interface of the router must be on the same network segment with the LAN, to which this Ethernet interface is connected. Fault 1: The router cannot ping through some host in LAN. Troubleshooting: First check if the IP address of the Ethernet interface of the router is configured on the same network segment as that of the host in LAN. If the IP address is configured correctly, debug the Address Resolution Protocol (ARP) on the router to check if the router can correctly send and receive ARP packets. If it can only send but can not receive the ARP packet, then possibly errors occur at the Ethernet physical layer. Fault 2: When the interface is encapsulated with PPP or frame relay, the link layer protocol status does not change to Up. Troubleshooting: Check if the IP address of this interface is on the same network segment as that of the remote interface. 1.3 Configuring ARP 1.3.1 Introduction to Dynamical ARP ARP is mainly used to resolve an IP address to the MAC address. Normally, ARP automatically resolves the IP address without need of the help of the administrator. 1.3.2 Introduction to Static ARP You need to manually configure the mapping items in the static ARP table in the following cases. 5-8
Chapter 1 IP Address and IP Performance Configuration Bind the packets whose destination address is not on the local network segment to a specific network adapter. In this way, the packets to reach that IP address can be forwarded through the gateway. You need to filter some illegal IP addresses, for example, bind these illegal IP addresses to an inexistent MAC address. 1.3.3 Introduction to ARP Proxy At the early days of the Internet, the Ethernet of the Texas State University in Austin of America has covered more than 10 buildings and 100 hosts. Large traffic needs to divide the network, but many carriers could not achieve the subnet. So the ARP proxy technology was put forward. It was issued in the beta-test version of 4.3BSD as an add-on for the first time, because they did not hope to frustrate the carriers enthusiasm for achieving the RFC-950 subnet standard. Administrator regulates the network uses: 172.16.2. 0 HOST A MAC:2222.2222.2222 IP:172.16.2.2 (1)ARP REQUEST 172.16.4. 4 Internet 1 IP:172.16. 2.3 MAC:3333.3333.3333 (2)ARP REPLY MAC:3333.3333.3333 Router A Internet (3)I P PA CKET 172.16.2.2 172.16.4.4 Internet 1 IP:172.16.4.5 MAC:5555.5555.5555 Router B Administrator regulates the network us es: 172.16.4.0 HOST B MAC:4444.4444.4444 IP:172.16. 4.4 Standard IP Network: 172.16.0.0 Figure 1-5 Application of ARP proxy In Figure 1-5, the ARP proxy is an application course. Host A and Host B belong to different physical networks, and their IP addresses are on different sub-nets of the same IP network (172.16.0.0). Their masks and gateways are not configured. Host A sends ARP requests to Host B. The ARP proxy has been enabled on the router interface connected with the Host A network. If there is a normal route to Host B, the router will replace Host B to respond the MAC address of the router interface. The IP packets sent from Host A to Host B are all sent to the router, and the router forwards packets normally. The IP packets sent to Host B traverse the network and arrive at Host B at last, and vice versa. All are processed at the ARP subnet gateways, while the hosts in the connected networks need not to be modified. Seen from the host, it is a standard IP network, and you cannot find a subnet. The ARP proxy only affects the ARP cache of the host, and it does not affect the ARP cache and the routing table of the gateway. 5-9
Chapter 1 IP Address and IP Performance Configuration After the ARP proxy is used, the ARP aging time of the host must be shortened to make the expired ARP items invalid as soon as possible. This can reduce the number of the packets which are sent to the router but cannot be forwarded by the router. 1.3.4 Configuring Dynamic ARP Dynamic ARP entries are generated when the router are working, which need not be created manually. You need to set aging detect times and time-out time for dynamic ARP entries. Configuration of dynamic ARP includes: Setting aging detect times of ARP entries Setting time-out time of ARP entries Enabling learning capability of multicast MAC addresses on an interface I. Setting Aging Detect Times of ARP Entries Do as follows in Ethernet interface view, and virtual Ethernet interface view. Table 1-7 Setting aging detect times of ARP entries Set aging detect times of ARP entries. Restore the default value of aging detect times of ARP entries. arp detect-times times undo arp detect-times II. Setting the Time-out Time of ARP Entries Do as follows in Ethernet interface view and virtual Ethernet interface view. Table 1-8 Setting the time-out time of dynamic ARP entries Set the time-out time of ARP entries. Restore the default value of the time-out time of ARP entries. arp expire-time time undo arp expire-time III. Enabling Learning Capability of Multicast MAC Addresses on an Interface Do as follows in Ethernet interface view and GE interface view. 5-10
Chapter 1 IP Address and IP Performance Configuration Table 1-9 Enabling learning capability of multicast MAC addresses on an interface Enable learning capability of multicast addresses on an interface. Disable learning capability of multicast addresses on an interface. arp multi-mac-permit undo arp multi-mac-permit After learning capability of multicast MAC addresses on an interface is enabled, this interface and its sub interface both can learn the multicast ARP. 1.3.5 Configuring Static ARP Do as follows in system view. Table 1-10 Adding or deleting mapping entries of static ARP manually Add a mapping entry of static ARP manually. Delete a mapping entry of static ARP manually. arp static ip-address mac-address [ vid vlan-id ] undo arp static ip-address Static ARP mapping entries keep valid when the router works normally, but dynamic ARP mapping entries keep valid for only 20 minutes. 1.3.6 Configuring ARP Proxy Do as follows in interface view. Table 1-11 Configuring ARP proxy Enable ARP proxy. Disable ARP proxy. arp-proxy enable undo arp-proxy enable 1.3.7 Displaying and Debugging ARP You can use the display command in any view to view the running state and verify the configuration of ARP. In user view, you can use the reset command to delete entries in the ARP mapping table. 5-11
Chapter 1 IP Address and IP Performance Configuration You can use the debugging command in user view to debug ARP. Table 1-12 Displaying and debugging ARP View ARP mapping table. display arp [ interface interface-type interface-number ] [ vid vlan-id ] [ { begin include exclude } text ] display arp [ network network-address ] [ network-mask ] [ dynamic static ] [ { begin include exclude } text ] display arp [ bridge ] [ vid vlan-id ] [ interface interface-type interface-number ] Reset the ARP entries in the ARP mapping table. Debug ARP packets. reset arp [ all dynamic static interface interface-type interface-number ] reset arp bridge [ vid vlan-id ] [ interface interface-type interface-number ] debugging arp packet 1.4 Configuring DNS 1.4.1 DNS Overview TCP/IP not only provides IP address to specify devices, but also specially designs a kind of host naming mechanism called Domain Name System (DNS) in the form of character string. Adopting a hierarchical naming system, the DNS specifies a meaningful name for the device in the Internet and associate the domain name with the IP address with the help of the domain name resolution server. In this way, the user can use domain names that are easy to memorize and meaningful, and never needs to keep obscure IP addresses in mind. There are two kinds of domain name resolutions: Static domain name resolution Dynamic domain name resolution They supplement each other in practical application. When resolving a domain name, use the static resolution first. If it fails, use the dynamic resolution. Some common domain names can be saved in the static domain name resolution table. Thus, the efficiency of domain name resolution is improved greatly. Static resolution It is used to create the relation between domain name and the IP address manually. When the client needs the IP address related to the domain name, it will search the 5-12
Chapter 1 IP Address and IP Performance Configuration specific domain name in the static domain name resolution table to obtain the IP address. Dynamic resolution It is used to receive the request of the client for domain name resolution through special domain name resolution server. The server first resolves domain name in the local database. If it judges that the domain name does not belong to the local domain, it will forward the request to the upper level domain name resolution server till the resolution is finished. The resolution results, which are either an IP address or an inexistent domain name, will be returned to the client. 1.4.2 Configuring Static Domain Name Resolution I. Introduction to Staic Domain Name Resolution Static domain name resolution is performed by the static domain name resolution table, which is something like the hosts file under Window 9X operation system. The router can obtain the IP address of common domain name by querying this table. Moreover, the user can use host names that are easy to memorize rather than obscure IP addresses to access the related devices. II. Configuring a Host Name and the IP Address Do as follows in system view. Table 1-13 Configuring a host name and the IP address Configure a host name and the IP address. ip host host-name ip-address Cancel a host name and the IP address. undo ip host host-name [ ip-address ] You can configure up to 50 static domain name resolution entries on a SecPath F1800-A. III. Displaying Domain Name Resolution Table Table 1-14 Displaying domain name resolution table View the domain name resolution table. display ip host 5-13
Chapter 1 IP Address and IP Performance Configuration 1.5 DHCP Relay 1.5.1 Introduction to DHCP Relay As the network extends in scale and becomes more complex, it becomes more difficult to configure the network. The previous BOOTP protocol for static host configuration cannot meet the demands of users, especially when computers are always moved (for example, using laptops or wireless network) and the number of computers exceeds that of the available IP addresses. Based on BOOTP, the Dynamic Host Configuration Protocol (DHCP) is defined in order to: Help users log in and log out of the network. Improve usage of IP addresses. Support diskless network station mechanism. Similar to the BOOTP protocol, DHCP works in client-server mode. With this protocol, the DHCP client can dynamically request configuration information from the DHCP server, including: Assigned IP addresses Subnet masks Default gateways The DHCP server can also configure the information dynamically for the DHCP client. However, the earlier DHCP can only take effect in a sub-net, but can not work across network segments. It is obviously not economic. Therefore, it is necessary to set a DHCP server on all network segments for dynamic host configuration. DHCP relay is introduced to solve this problem, which relays relative packets to the destination DHCP server. In this way, several networks can share a DHCP server. As a result, it saves cost and provides convenience for centralized management. DHCP client Network DHCP client DHCP client Ethernet SecPath DHCP client Ethernet DHCP client Figure 1-6 DHCP relay 5-14
Chapter 1 IP Address and IP Performance Configuration Figure 1-6 is the schematic diagram of DHCP relay. Its working principle is as follows: After the DHCP client starts up and begins to initialize the DHCP, the configuration request packet is broadcasted in the local network. If there is a DHCP server (as the right Ethernet shown in Figure 1-6) in the local network, the DHCP can be configured without need of the DHCP relay. If there is no DHCP server (as the left Ethernet shown in Figure 1-6) in the local network, the network device (as the router shown in Figure 1-6) with the DHCP relay, which is connected with the local network, will forward the packets to the specific DHCP servers in the other networks after it receives and processes the broadcast packets properly. Based on information offered by the client, the server sends configuration information to the client via DHCP relay. Thus, dynamic configuration of client finishes. Actually, several such interactive processes are needed from the start to the end of the configuration. In nature, DHCP relay fulfills transparent transmission of DHCP broadcast packets; that is, transparently send broadcast packets of the DHCP client (or the DHCP server) to the DHCP server (or the DHCP client) on other network segments. In the practical network environment, DHCP relay is usually fulfilled on some specific interface of the router. On the running network devices, to achieve the DHCP relay on some interface, you have to assign IP auxiliary addresses to specify the address of the DHCP server. 1.5.2 Configuring DHCP Relay The DHCP relay can be easily fulfilled, monitored and maintained on any interface, if you do as follows. Assigning the IP relay address to an interface Configuring DHCP relay in cycle mode or broadcast mode I. Assigning the IP Relay Address to an Interface Do as follows in interface view. Table 1-15 Assigning the IP relay address to an interface Add an IP relay address. ip relay-address ip-address Delete the IP relay address. undo ip relay-address [ ip-address ] 5-15
Chapter 1 IP Address and IP Performance Configuration Note: For DHCP relay, the IP relay address is an IP address of the DHCP server. Therefore, to add IP relay address for an interface is to specify a destination of forwarding DHCP request packets for the interface. After the command is used, all the DHCP request packets received from this interface will be sent to the specified IP relay address. Besides, the DHCP client sends broadcast packets in some phases of DHCP configuration, so the interface configured with IP relay address should support broadcast mode. You can configure up to 20 relay addresses on an interface. II. Configuring DHCP Relay in Cycle mode or Broadcast Mode Do as follows in system view. Table 1-16 Configuring DHCP relay in cycle mode or broadcast mode Configure DHCP relay in cycle mode. Configure DHCP relay in the default mode, that is, in broadcast mode. ip relay address cycle undo ip relay address cycle The cycle mode ensures that: Different DHCP clients use different DHCP servers. The same DHCP client uses the same DHCP server. In broadcast mode, the device broadcasts requests from the DHCP client to all DHCP servers. For instance, there are three DHCP clients A, B, and C, and the DHCP relay server is assigned with three relay addresses S1, S2, and S3. In cycle mode, A uses S1, B uses S2 and C uses S3. If A starts up again, A will still use S1. If a fourth client starts up, it uses S1. 1.5.3 Displaying and Debugging DHCP Relay You can use the display command in any view to view the running state and verify the configuration of DHCP relay. You can use the debugging command in user view to debug DHCP relay. 5-16
Chapter 1 IP Address and IP Performance Configuration Table 1-17 Displaying and debugging DHCP relay View the IP relay address on the interface. display ip interface [ interface-type interface-number ] Debug the DHCP relay. debugging dhcp relay { all error event packet [ client ] ] 1.5.4 Example for Configuring DHCP Relay I. Networking Requirements The DHCP client is on the network segment 10.110.0.0, while the DHCP server is on the network segment 202.38.0.0. The router with DHCP relay is required to relay DHCP packets. As a result, the DHCP client can request the IP address from the DHCP server. The DHCP server should be assigned with an address pool on the network segment 10.110.0.0, so that it can assign proper IP addresses to the DHCP client on the network segment. Meanwhile, the route to 10.110.0.0 should be available on the DHCP server. II. Networking Diagram DHCP client DHCP client DHCP Server Ethernet 10.110.0.0 10.110.1.1 SecPath w ith DHCP relay 202.38.1.1 Netw ork 202.38.1.2 Ethernet 202.38.0.0 Figure 1-7 DHCP relay configuration III. Configuration Procedure # Enter the interface to fulfill the DHCP relay, and assign the IP address and mask. Thus, the interface can belong to the same network segment with the DHCP client. [SecPath] interface ethernet 6/0/0 [SecPath-Ethernet6/0/0] ip address 10.110.1.1 255.255.0.0 # Assign the IP relay address to the interface to specify where the DHCP server is located. [SecPath-Ethernet6/0/0] ip relay-address 202.38.1.2 5-17
Chapter 1 IP Address and IP Performance Configuration The configuration of the DHCP server is omitted. 1.5.5 Troubleshooting DHCP Relay When DHCP relay fails to work normally, debug DHCP relay, and use the display command to locate the fault. Fault 1: DHCP client fails to obtain configuration information. Troubleshooting: Do as follows. Check whether the DHCP server is configured with the address pool of the network segment where DHCP client is located. Check whether the router with DHCP relay and DHCP server have routes reachable to each other. Check whether the router with DHCP relay is configured with correct IP relay address on the interface of the network segment where DHCP client is located, and whether multiple IP relay addresses have caused collision. 1.6 Configuring IP Performance 1.6.1 Setting MTU Maximum Transmission Unit (MTU) of the interface determines whether the IP packets on the interface need to be fragmented. Do as follows in interface view. Table 1-18 Setting MTU of the interface Set MTU of the interface. Restore the default value of MTU. mtu mtu-size undo mtu 1.6.2 Setting TCP Attributes The following TCP attributes can be set: SYNwait timer When sending the syn packets, TCP enables the SYNwait timer. If response packets are not received before SYNwait times out, the TCP connection will be terminated. Time-out time of SYNwait timer ranges from 2 to 600 seconds. By default, it is 75 seconds. FINwait timer 5-18
Chapter 1 IP Address and IP Performance Configuration When the TCP connection state turns from FIN_WAIT_1 to FIN_WAIT_2, FINwait timer will be started. If FIN packets are not received before fin timer times out, the TCP connection will be terminated. Time-out time of FINwait ranges from 76 to 3600 seconds. By default, it is 675 seconds. The size of send receive buffer of connection-oriented socket ranges from is 1 to 32K bytes. By default, it is 4K bytes. Caution: Modify TCP attributes under the guide of technicians. Do as follows in system view. Table 1-19 Setting TCP attributes Set syn timer time of TCP connection establishment. Restore syn timer time of TCP connection establishment to default value. tcp timer syn-timeout time-value undo tcp timer syn-timeout Set FIN_WAIT_2 timer time of TCP. tcp timer fin-timeout time-value Restore FIN_WAIT_2 timer time of TCP to default value. Set socket-oriented transceiver buffer size of TCP. Restore socket-oriented transceiver buffer size of TCP to default value. undo tcp timer fin-timeout tcp window window-size undo tcp window- 1.6.3 Displaying and Debugging IP Performance You can use the display command in any view to view the running state and verify the configuration of IP Performance. You can use the debugging command in user view to debug IP Performance. You can use the reset command in user view to delete statistics information. 5-19
Chapter 1 IP Address and IP Performance Configuration Table 1-20 Displaying and debugging IP performance View state of TCP connection. View statistics of TCP traffic. View the table information of the IP layer interface. View all the information of the FIB. View the FIB of a specified IP address. View the character string text in the buffer based on the regular expression. View FIB information according to ACL numbers. View the FIB item which matches a destination address. View the FIB item with destination addresses in the specified range. View the FIB entries that match the specified IP-prefix name. View the total number of FIB items. Debug IP packets. Debug ICMP. Debug TCP packets. Reset IP statistics. Debug UDP packets. Reset TCP statistics. View all the current socket IP information. Debug the TCP event. View UDP traffic statistics. Reset UDP statistics. display tcp status display tcp statistics display ip interface [ interface-type interface-number ] display fib display fib ip-address display fib { begin include exclude } text display fib acl acl-number display fib dest-address1 dest-mask1 [ longer ] display fib dest-address1 dest-mask1 dest-address2 dest-mask2 display fib ip-prefix list-name display fib statistics debugging ip packet [ acl acl-number ] debugging ip icmp debugging tcp packet reset ip statistics [ interface interface-type interface-number ] debugging udp packet reset tcp statistics display ip socket debugging tcp event display udp statistics reset udp statistics 1.6.4 Troubleshooting IP Performance Fault 1: Based on IP, TCP and UDP can ensure that IP provides the transmission of data packets. The problem is that TCP and UDP cannot work normally. Troubleshooting: 5-20
Chapter 1 IP Address and IP Performance Configuration You can enable the debugging to view the debugging information. Use the debugging udp command to debug UDP packets to trace the UDP packets. When the router sends or receives UDP packets, the content format of the datagram can be displayed in real time. You can locate the problem based on the contents of the datagram. The following are the UDP packet formats. *0.348541898-SOCKET-8-UDPINI:UDP packet information : Incoming UDP datagram: source IP address: 172.16.101.70 source port: 138 destination IP address: 172.16.255.255 destination port: 138 The length of UDP packet: 209 Use the debugging tcp packet command to debug TCP packets to trace the TCP packets. Two TCP packet formats can be selected. One is to debug and trace the receiving and sending of all the TCP packets of the TCP connection that take this device as one end. The operations are as follows: [SecPath] info-center enable [SecPath] quit <SecPath> debugging tcp packet Then the TCP packets received or sent can be viewed in real time. Specific packet formats are as follows: *0.348623498-SOCKET-8-OUTBAND:TCP packet information : TCP output packet: source IP address: 172.16.201.1 source port: 23 destination IP address: 172.16.105.148 destination port: 1031 packet sequence number: 4818317 ACK sequence number: 3644122 The packet flags: ACK PUSH The total length of IP packet: 436 The length of TCP header: 20 The other is to debug and trace the packets located in SYN, FIN or RST. Operations are as follows: [SecPath] info-center enable [SecPath] quit <SecPath> debugging tcp event 5-21
Chapter 1 IP Address and IP Performance Configuration Then the TCP packets received or sent can be viewed in real time, and the detailed packet formats are the same as those mentioned above. 5-22
Chapter 2 IP Routing Protocol Overview Chapter 2 IP Routing Protocol Overview 2.1 Introduction to IP Route and Routing Table 2.1.1 IP Route and Route Segment Routers are used for routing in the Internet. A router selects a proper route (through a network) based on the destination address of its received packet and then forwards the packet to the next router (the firewall). It works in this way hop by hop and the last router in the route is responsible for sending the packet to the destination host. For example, in Figure 2-1, from Host A to Host C, a packet should go through 3 networks and 2 routers, that is, the hop count is 3 and 3 router segments have been passed. It shows that, if a node is connected to another node through a network, there will be a hop between these two nodes. They are thus deemed as adjacent in the Internet. In the same principle, the adjacent routers refer to two routers connected to the same network. The number of route segments between a router and hosts in the same network is taken as zero. In Figure 2-1, the bold arrows represent these hops. A router does not care about which physical links constitute this route segment. A A R R Route segment C R R R B Figure 2-1 About Hop As the size of the network may differ greatly, the "length" of the router segments may be different from each other. Therefore, for different networks, the number of route segments multiplies a weighted coefficient to measure the actual length of the path. If a router is regarded as a node and a route segment is regarded as a link in the network, routing in the Internet is similar to routing in a simple network. Routing 5-23
Chapter 2 IP Routing Protocol Overview through the shortest route is not always the most ideal way. For example, routing through 3 LAN route segments may be much faster than that through 2 WAN route segments. 2.1.2 Routing through the Routing Table The key for a router to forward packets is the routing table. Each router saves a routing table in its memory. Each entry of this table specifies the physical port of the router, through which the packet to a subnet or a host should be sent. Therefore, it can reach the next router in this path or reach the very destination host in the directly connected network. A routing table has the following key entries: Destination address It is used to identify the destination IP address or the destination network of an IP packet. It is 32 bits in length. Network mask It is made up of several consecutive "1"s, which can be expressed either in the dotted decimal format or by the number of the consecutive "1" s in the mask. Combining with the destination address, it is used to identify the network address of the destination host or router. With the destination address operates AND with the network mask, you will get the address of the network segment where the destination host or router is located. For example, if the destination address is 129.102.8.10, the address of the network where the host or the router with the mask 255.255.0.0 is located will be 129.102.0.0. Output interface It explains through which interface an IP packet should be forwarded. Next hop address It refers to the next router that an IP packet will pass through. Priority added to the IP routing table for a route There may be several next hops to the same destination. These routes may be discovered by different routing protocols, or they can just be the static routes configured manually. The one with the highest priority, that is, the smallest numerical value, will be selected as the current optimal route. Based on destinations, the routes can be divided into: Subnet route The destination is a subnet. Host route The destination is a host. 5-24
Chapter 2 IP Routing Protocol Overview In addition, based on whether the network where the destination locates is directly connected to the router, routes fall into: Direct route The router is directly connected to the network where the destination locates. Indirect route The router is not directly connected to the network where the destination locates. In order to prevent the routing table from being too huge, you can set a default route. All the packets that fail to find the suitable entry will be forwarded through this default route. In a complex Internet as shown in Figure 2-2, the number in each network is the network address. The router R8 is connected with three networks, so it has three IP addresses and three physical ports, and its routing table is shown in Figure 2-2. 15.0.0.0 15.0.0.1 R2 16.0.0.2 16.0.0.3 16.0.0.0 15.0.0.2 R6 R7 10.0.0.2 14.0.0.0 16.0.0.2 R5 10.0.0.0 13.0.0.3 13.0.0.2 2 10.0.0.1 13.0.0.0 3 R8 14.0.0.2 13.0.0.4 11.0.0.1 1 13.0.0.1 11.0.0.0 R3 R1 12.0.0.2 11.0.0.2 14.0.0.1 12.0.0.0 R4 12.0.0.3 12.0.0.1 The routing table of router R8 Destination Forwarding Port host location router passed 10.0.0.0 Directly 2 11.0.0.0 12.0.0.0 Directly 11.0.0.2 1 1 13.0.0.0 Directly 3 14.0.0.0 13.0.0.2 3 15.0.0.0 10.0.0.2 2 16.0.0.0 10.0.0.2 2 Figure 2-2 The Routing Table Routers support configuring static routes and a series of dynamic route protocols, such as RIP, OSPF, IS-IS and BGP. In addition, routes in work can automatically obtain some directly connected routes based on interface state and user configuration. 2.2 Routing Management Policy The router supports the configuration of a series of dynamic routing protocols such as RIP, OSPF, Integrated IS-IS and BGP, as well as the static routes. The static routes configured by the user are managed together with the dynamic routes discovered by the routing protocol in the router. The static routes and the routes learned or configured by different routing protocols can also be shared with each other. 5-25
Chapter 2 IP Routing Protocol Overview 2.2.1 Routing Protocols and the Preferences of the Discovered Routes Different routing protocols (as well as the static configuration) may discover different routes to the same destination, but not all these routes are optimal. In fact, at a certain moment, only one routing protocol can determine the current route to a specific destination. Thus, each of these routing protocols (including the static configuration) is set with a preference. As a result, when there are multiple routing information sources, the route discovered by the routing protocol with the higher preference will become the current route. Routing protocols and the default preferences (the smaller the value, the higher the preference is) of the routes discovered by them are shown in Table 2-1. Table 2-1 Routing protocols and the default preferences for the routes learned by them Routing protocol or route type The preference of the route DIRECT 0 OSPF 10 IS-IS 15 STATIC 60 RIP 100 OSPF ASE 150 OSPF NSSA 150 IBGP 256 EBGP 256 UNKNOWN 255 In Table 2-1, 0 refers to a direct route. 255 refers to any route from unreliable source. Except for direct routing and BGP (IBGP and EBGP), the preference of each dynamic routing protocol can be manually configured at the request of users. In addition, the preference of each static route can vary from each other. 2.2.2 Supporting Load Balancing and Route Backup Load balancing It supports multi-route mode; that is, you can configure several routes with the same privilege to the same destination. All these routes will be adopted in turn for sending IP packets to the destination if there is no route with higher privilege. In this way, the network load balancing is achieved. 5-26