IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) - Cisco
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches)
First Published: 2023-03-28 Last Modified: 2023-04-27
Americas Headquarters
Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000
800 553-NETS (6387) Fax: 408 527-0883
Contents
CONTENTS
CHAPTER 1
Configuring Bidirectional Forwarding Detection 1 Prerequisites for Bidirectional Forwarding Detection 1 Restrictions for Bidirectional Forwarding Detection 1 Information About Bidirectional Forwarding Detection 2 BFD Operation 2 Neighbor Relationships 2 BFD Detection of Failures 3 BFD Version Interoperability 3 BFD Session Limits 3 BFD Support for Nonbroadcast Media Interfaces 3 BFD Support for Nonstop Forwarding with Stateful Switchover 4 Benefits of Using BFD for Failure Detection 4 How to Configure Bidirectional Forwarding Detection 4 Configuring BFD Session Parameters on the Interface 5 Configuring BFD Support for Dynamic Routing Protocols 6 Configuring BFD Support for IS-IS 6 Configuring BFD Support for OSPF 9 Configuring BFD Support for HSRP 12 Configuring BFD Support for Static Routing 14 Configuring BFD Echo Mode 16 Prerequisites 16 Restrictions 16 Disabling BFD Echo Mode Without Asymmetry 17 Creating and Configuring BFD Templates 17 Configuring a Single-Hop Template 17
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) ii
CHAPTER 2 CHAPTER 3
Monitoring and Troubleshooting BFD 18 Monitoring and Troubleshooting BFD 18
Feature History for Configuring Bidirectional Forwarding Detection 19
Configuring BFD Support for EIGRP IPv6 21 Prerequisites for BFD Support for EIGRP IPv6 21 Restrictions for BFD Support for EIGRP IPv6 21 Information About BFD Support for EIGRP IPv6 21 How to Configure BFD Support for EIGRP IPv6 22 Configuring BFD Support on All Interfaces 22 Configuring BFD Support on an Interface 23 Configuration Examples for BFD Support for EIGRP IPv6 25 Example: Configuring BFD Support on All Interfaces 25 Example: Configuring BFD Support on an Interface 26 Additional References 26 Feature History for BFD Support for EIGRP IPv6 27
Configuring MSDP 29 Restrictions for Multicast Source Discovery Protocol 29 Information About Configuring MSDP 29 MSDP Overview 29 MSDP Operation 30 MSDP Benefits 31 How to Configure MSDP 32 Default MSDP Configuration 32 Configuring a Default MSDP Peer 32 Caching Source-Active State 34 Requesting Source Information from an MSDP Peer 36 Controlling Source Information that Your Switch Originates 37 Redistributing Sources 37 Filtering Source-Active Request Messages 39 Controlling Source Information that Your Switch Forwards 41 Using a Filter 41 Using TTL to Limit the Multicast Data Sent in SA Messages 43
Contents
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) iii
Contents
CHAPTER 4
Controlling Source Information that Your Switch Receives 44 Configuring an MSDP Mesh Group 47 Shutting Down an MSDP Peer 48 Including a Bordering PIM Dense-Mode Region in MSDP 49 Configuring an Originating Address other than the RP Address 50 Monitoring and Maintaining MSDP 52 Configuration Examples for Configuring MSDP 53 Configuring a Default MSDP Peer: Example 53 Caching Source-Active State: Example 53 Requesting Source Information from an MSDP Peer: Example 53 Controlling Source Information that Your Switch Originates: Example 53 Controlling Source Information that Your Switch Forwards: Example 54 Controlling Source Information that Your Switch Receives: Example 54 Feature History for Multicast Source Discovery Protocol 54
Configuring IP Unicast Routing 55 Restrictions for IP Unicast Routing 55 Information About IP Unicast Routing 55 Information About IP Routing 55 Types of Routing 56 Classless Routing 56 Address Resolution 58 Proxy ARP 59 ICMP Router Discovery Protocol 59 UDP Broadcast Packets and Protocols 59 Broadcast Packet Handling 60 IP Broadcast Flooding 60 Configuration Guidelines for IP Routing 61 How to Configure IP Addressing 61 Default IP Addressing Configuration 62 Assigning IP Addresses to Network Interfaces 63 Using Subnet Zero 64 Disabling Classless Routing 65 Configuring Address Resolution Methods 66
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) iv
CHAPTER 5
Defining a Static ARP Cache 66 Setting ARP Encapsulation 68 Enabling Proxy ARP 69 Routing Assistance When IP Routing is Disabled 70 Proxy ARP 70 Configuring Default Gateway 71 Configuring ICMP Router Discovery Protocol 72 Configuring Broadcast Packet Handling 74 Enabling Directed Broadcast-to-Physical Broadcast Translation 74 Forwarding UDP Broadcast Packets and Protocols 75 Establishing an IP Broadcast Address 77 Flooding IP Broadcasts 78 How to Configure IP Unicast Routing 79 Enabling IP Unicast Routing 79 What to Do Next 79 Monitoring and Maintaining IP Addressing 80 Monitoring and Maintaining the IP Network 80 Feature History for IP Unicast Routing 81
Configuring IPv6 Unicast Routing 83 Information About IPv6 Unicast Routing 83 Understanding IPv6 83 Static Routes for IPv6 83 Path MTU Discovery for IPv6 Unicast 84 ICMPv6 84 Neighbor Discovery 84 Default Router Preference 84 Policy-Based Routing for IPv6 84 Unsupported IPv6 Unicast Routing Features 85 IPv6 Feature Limitations 85 IPv6 and Switch Stacks 86 Default IPv6 Configuration 86 How to Configure IPv6 Unicast Routing 87 Configuring IPv6 Addressing and Enabling IPv6 Routing 87
Contents
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) v
Contents
CHAPTER 6
Configuring IPv4 and IPv6 Protocol Stacks 90 Configuring Default Router Preference 92 Configuring IPv6 ICMP Rate Limiting 93 Configuring Cisco Express Forwarding and distributed Cisco Express Forwarding for IPv6 94 Configuring Static Routing for IPv6 94 Enabling IPv6 PBR on an Interface 96 Enabling Local PBR for IPv6 98 Displaying IPv6 99 Configuration Examples for IPv6 Unicast Routing 99 Example: Configuring IPv4 and IPv6 Protocol Stacks 100 Example: Configuring Default Router Preference 100 Example: Configuring IPv6 ICMP Rate Limiting 100 Example: Configuring Static Routing for IPv6 100 Example: Enabling PBR on an Interface 100 Example: Enabling Local PBR for IPv6 101 Example: Displaying IPv6 101 Additional References 101 Feature History for IPv6 Unicast Routing 102
Configuring RIP 103 Information About RIP 103 RIP for IPv6 103 Summary Addresses and Split Horizon 104 How to Configure Routing Information Protocol 104 Default RIP Configuration 104 Configuring Basic RIP Parameters 105 Configuring RIP Authentication 107 Configuring RIP for IPv6 108 Configuring Summary Addresses and Split Horizon 110 Configuring Split Horizon 111 Configuration Examples for Routing Information Protocol 113 Configuration Example for Summary Addresses and Split Horizon 113 Example: Configuring RIP for IPv6 113 Feature History for Routing Information Protocol 114
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) vi
Contents
CHAPTER 7 CHAPTER 8
Configuring OSPF 115 Information About OSPF 115 OSPF for IPv6 116 OSPF Nonstop Forwarding 116 OSPF NSF Awareness 116 OSPF NSF Capability 116 OSPF Area Parameters 116 Other OSPF Parameters 117 LSA Group Pacing 118 Loopback Interfaces 118 How to Configure OSPF 118 Default OSPF Configuration 118 Configuring Basic OSPF Parameters 119 Configuring OSPF for IPv6 121 Configuring OSPF Interfaces 123 Configuring OSPF Area Parameters 126 Configuring Other OSPF Parameters 128 Changing LSA Group Pacing 130 Configuring a Loopback Interface 131 Monitoring OSPF 132 Configuration Examples for OSPF 133 Configuration Examples for OSPF 133 Example: Configuring Basic OSPF Parameters 133 Feature History for Open Shortest Path First 133
Configuring OSPF Link-State Database Overload Protection 135 Information About OSPF Link-State Database Overload Protection 135 Benefits of Using OSPF Link-State Database Overload Protection 135 Overview of OSPF Link-State Database Overload Protection 135 How to Configure OSPF Link-State Database Overload Protection 136 Limiting the Number of Non Self-Generated LSAs for an OSPF Process 136 Limiting the Number of Non Self-Generated LSAs for an OSPFv3 Process 137 Configuration Examples for OSPF Link-State Database Overload Protection 138
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) vii
Contents
CHAPTER 9 CHAPTER 10 CHAPTER 11
Example: Setting a Limit for LSA Generation 138 Feature Information for OSPF Link-State Database Overload Protection 140
Configuring OSPF Limit on Number of Redistributed Routes 141 Restrictions for OSPF Limit on Number of Redistributed Routes 141 Prerequisites for OSPF Limit on Number of Redistributed Routes 141 Information About OSPF Limit on Number of Redistributed Routes 141 How to Configure an OSPF Limit on the Number of Redistributed Routes 142 Limiting the Number of OSPF Redistributed Routes 142 Limiting the Number of OSPFv3 Redistributed Routes 143 Requesting a Warning Message About the Number of Routes Redistributed into OSPF 144 Requesting a Warning Message About the Number of Routes Redistributed into OSPFv3 145 Configuration Examples for OSPF Limit on Number of Redistributed Routes 146 Example: OSPF Limit on Number of Redistributed Routes 147 Example: Requesting a Warning Message About the Number of Redistributed Routes 147 Feature History for OSPF Limit on Number of Redistributed Routes 147
Configuring OSPF NSR 149 Restrictions for OSPF Nonstop Routing 149 Information About OSPF Nonstop Routing 149 How to Configure OSPF Nonstop Routing 150 Configuring OSPF Nonstop Routing 150 Configuration Examples for OSPF Nonstop Routing 151 Example: Configuring OSPF Nonstop Routing 151 Feature History for OSPF Nonstop Routing 151
Configuring OSPF Retransmissions Limit 153 Restrictions For OSPF Retransmissions Limit 153 Overview About OSPF Retransmissions Limit 153 Benefits 153 Setting OSPF Retransmission Limits 154 Example: Configuring OSPF Retransmissions Limit 154 Additional References for OSPF Retransmissions Limit 154 Feature History for OSPF Retransmissions Limit 155
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) viii
Contents
CHAPTER 12 CHAPTER 13
Configuring OSPFv3 NSR 157 Restrictions for OSPFv3 Nonstop Routing 157 Information About OSPFv3 Nonstop Routing 157 How to Configure OSPFv3 Nonstop Routing 158 Configuring OSPFv3 Nonstop Routing 158 Enabling OSPFv3 Nonstop Routing for an Address Family 159 Disabling OSPFv3 Nonstop Routing for an Address Family 159 Configuration Examples for OSPFv3 Nonstop Routing 160 Example: Configuring OSPFv3 Nonstop Routing 160 Example: Verifying OSPFv3 Nonstop Routing Status 162 Troubleshooting Tips 163 Additional References 163 Feature History for OSPFv3 Nonstop Routing 164
Configuring OSPFv2 Loop-Free Alternate IP Fast Reroute 165 Prerequisites for OSPFv2 Loop-Free Alternate IP Fast Reroute 165 Restrictions for OSPFv2 Loop-Free Alternate IP Fast Reroute 165 Information About OSPFv2 Loop-Free Alternate IP Fast Reroute 166 LFA Repair Paths 166 LFA Repair Path Attributes 166 Shared Risk Link Groups 167 Interface Protection 167 Broadcast Interface Protection 167 Node Protection 167 Downstream Path 167 Line-Card Disjoint Interfaces 167 Metric 168 Equal-Cost Multipath Primary Paths 168 Candidate Repair-Path Lists 168 How to Configure OSPFv2 Loop-Free Alternate IP Fast Reroute 168 Enabling Per-Prefix OSPFv2 Loop-Free Alternate IP Fast Reroute 168 Specifying Prefixes for Protection by LFA IP FRR 169 Configuring a Repair Path Selection Policy 170
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) ix
Contents
CHAPTER 14 CHAPTER 15 CHAPTER 16
Creating a List of Repair Paths Considered 171 Prohibiting an Interface from Being Used as the Next Hop 171 Configuration Examples for OSPFv2 Loop-Free Alternate IP Fast Reroute 172 Example: Enabling Per-Prefix LFA IP FRR 172 Example: Specifying Prefix-Protection Priority 172 Example: Configuring Repair-Path Selection Policy 172 Example: Auditing Repair-Path Selection 173 Example: Prohibiting an Interface from Being a Protecting Interface 173 Feature History for OSPFv2 Loop-Free Alternate IP Fast 173
Configuring OSPFv3 Fast Convergence - LSA and SPF Throttling 175 Restrictions for OSPFv3 Fast Convergence: LSA and SPF Throttling 175 Information About OSPFv3 Fast Convergence: LSA and SPF Throttling 175 How to Configure OSPFv3 Fast Convergence: LSA and SPF Throttling 176 Tuning LSA and SPF Timers for OSPFv3 Fast Convergence 176 Configuring LSA and SPF Throttling for OSPFv3 Fast Convergence 177 Example: Configuring LSA and SPF Throttling for OSPFv3 Fast Convergence 177 Additional References 178 Feature History for OSPFv3 Fast Convergence: LSA and SPF Throttling 178
Configuring OSPFv3 Authentication Trailer 181 Information About the OSPFv3 Authentication Trailer 181 How to Configure the OSPFv3 Authentication Trailer 182 Configuration Examples for the OSPFv3 Authentication Trailer 184 Example: Configuring the OSPFv3 Authentication Trailer 184 Example: Verifying OSPFv3 Authentication Trailer 184 Additional References for OSPFv3 Authentication Trailer 185 Feature History for OSPFv3 Authentication Trailer 186
Configuring OSPFv3 BFD 187 Information About OSPFv3 for BFD 187 How to Configure OSPFv3 for BFD 187 Configuring BFD Support for OSPFv3 187 Configuring Baseline BFD Session Parameters on the Interface 188
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) x
Contents
CHAPTER 17 CHAPTER 18 CHAPTER 19 CHAPTER 20
Configuring BFD Support for OSPFv3 for All Interfaces 188 Configuring OSPF Support for BFD over IPv4 for One or More Interfaces 189 Retrieving BFDv6 Information for Monitoring and Troubleshooting 191 Example: Displaying OSPF Interface Information about BFD 191 Additional References 192 Feature History for OSPFv3 for BFD 192
Configuring OSPFv3 External Path Preference Option 193 Information About OSPFv3 External Path Preference Option 193 OSPFv3 External Path Preference Option 193 Calculating OSPFv3 External Path Preferences per RFC 5340 194 Example: Calculating OSPFv3 External Path Preferences per RFC 5340 194 Additional References 195 Feature History for OSPFv3 External Path Preference Option 195
Configuring OSPFv3 Max-Metric Router LSA 197 Information About OSPFv3 Max-Metric Router LSA 197 Configuring the OSPFv3 Max-Metric Router LSA 197 Example: Verifying the OSPFv3 Max-Metric Router LSA 198 Additional References 199 Feature History for OSPFv3 Max-Metric Router LSA 199
Configuring OSPFv3 Demand Circuit Ignore 201 Information About Demand Circuit Ignore Support 201 Configuring Demand Circuit Ignore Support for OSPFv3 201 Example: Demand Circuit Ignore Support for OSPFv3 202 Additional References for OSPFv3 Demand Circuit Ignore 202 Feature History for OSPFv3 Demand Circuit Ignore 203
Configuring Prefix Suppression Support for OSPFv3 205 Prefix Suppression Support for OSPFv3 205 Prerequisites for Prefix Suppression Support for OSPFv3 205 Information About Prefix Suppression Support for OSPFv3 205 OSPFv3 Prefix Suppression Support 205
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) xi
Contents
CHAPTER 21 CHAPTER 22
Globally Suppress IPv4 and IPv6 Prefix Advertisements by Configuring the OSPFv3 Process 206 Suppress IPv4 and IPv6 Prefix Advertisements on a Per-Interface Basis 206 How to Configure Prefix Suppression Support for OSPFv3 206 Configuring Prefix Suppression Support of the OSPFv3 Process 207 Configuring Prefix Suppression Support of the OSPFv3 Process in Address-Family Configuration
Mode 207 Configuring Prefix Suppression Support on a Per-Interface Basis 208 Troubleshooting IPv4 and IPv6 Prefix Suppression 209 Configuration Example: Configuring Prefix Suppression Support for OSPFv3 210 Feature History for Prefix Suppression Support for OSPFv3 211
Configuring Graceful Shutdown Support for OSPFv3 213 Information About Graceful Shutdown for OSPFv3 213 How to Configure Graceful Shutdown Support for OSPFv3 213 Configuring Graceful Shutdown of the OSPFv3 Process 213 Configuring Graceful Shutdown of the OSPFv3 Process in Address-Family Configuration Mode 214 Configuration Examples for Graceful Shutdown Support for OSPFv3 215 Example: Configuring Graceful Shutdown of the OSPFv3 Process 215 Example: Configuring Graceful Shutdown of the OSPFv3 Interface 216 Additional References for Graceful Shutdown Support for OSPFv3 216 Feature History for Graceful Shutdown Support for OSPFv3 217
Configuring NSSA for OSPFv2 219 Information About Configuring NSSA for OSPF 219 Characteristics of RFC 3101 219 RFC 1587 Compliance 219 ABR as NSSA Link State Advertisement Translator 220 How to Configure NSSA for OSPF 222 Configuring an OSPFv2 NSSA Area and Its Parameters 222 Configuring an NSSA ABR as a Forced NSSA LSA Translator 223 Disabling RFC 3101 Compatibility and Enabling RFC 1587 Compatibility 224 Configuration Examples for OSPF NSSA 225 Example: Configuring OSPF NSSA 225 Example: OSPF NSSA Area with RFC 3101 Disabled and RFC 1587 Active 227
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) xii
Contents
CHAPTER 23 CHAPTER 24
Example: Verifying OSPF NSSA 229 Additional References for OSPF Not-So-Stubby Areas (NSSA) 234 Feature History for NSSA for OSPFv2 234
Configuring NSSA for OSPFv3 237 Information About NSSA for OSPFv3 237 RFC 1587 Compliance 237 ABR as OSPFv3 NSSA LSA Translator 237 How to Configure NSSA for OSPFv3 239 Configuring an OSPFv3 NSSA Area and Its Parameters 239 Configuring an NSSA ABR as a Forced NSSA LSA Translator for OSPFv3 241 Disabling RFC 3101 Compatibility and Enabling RFC 1587 Compatibility 242 Configuration Example for NSSA for OSPFv3 243 Additional References for NSSA for OSPFv3 244 Feature History for NSSA for OSPFv3 245
Configuring EIGRP 247 Information About EIGRP 247 EIGRP IPv6 247 EIGRP Features 248 EIGRP Components 248 EIGRP Nonstop Forwarding 249 EIGRP NSF Awareness 249 EIGRP NSF Capability 249 EIGRP Stub Routing 249 EIGRPv6 Stub Routing 251 How to Configure EIGRP 252 Default EIGRP Configuration 252 Configuring Basic EIGRP Parameters 253 Configuring EIGRP Interfaces 255 Configuring EIGRP for IPv6 257 Configuring EIGRP Route Authentication 257 Monitoring and Maintaining EIGRP 259 Feature History for EIGRP 260
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) xiii
Contents
CHAPTER 25
CHAPTER 26 CHAPTER 27
Configuring EIGRP MIB 261 Prerequisites for EIGRP MIB 261 Restrictions for EIGRP MIB 261 Information About EIGRP MIB 261 EIGRP MIB Overview 261 EIGRP Interface Table 262 EIGRP Neighbor Table 263 EIGRP Topology Table 264 EIGRP Traffic Statistics Table 265 EIGRP VPN Table 267 EIGRP Notifications 267 How to Enable EIGRP MIB Notifications 268 Configuration Example for Enabling EIGRP MIB Notifications 269 Additional References for EIGRP MIB 269 Feature History for EIGRP MIB 270
Configuring EIGRP Wide Metrics 271 Information About EIGRP Wide Metrics 271 EIGRP Composite Cost Metrics 271 EIGRP Wide Metrics 272 EIGRP Metric Weights 273 Mismatched K Values 274 Feature History for EIGRP Wide Metrics 274
Configuring EIGRP Loop-Free Alternate IP Fast Reroute 277 Restrictions for EIGRP Loop-Free Alternate IP Fast Reroute 277 Information About EIGRP Loop-Free Alternate IP Fast Reroute 278 Repair Paths Overview 278 LFA Computation 278 LFA Tie-Breaking Rules 279 How to Configure EIGRP Loop-Free Alternate IP Fast Reroute 279 Configuring LFA IP FRRs Per Prefix 279 Disabling Load Sharing Among Prefixes 280
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) xiv
Contents
CHAPTER 28
Enabling Tie-Breaking Rules for EIGRP LFAs 281 Configuration Examples for EIGRP Loop-Free Alternate IP Fast Reroute 282
Example: Configuring LFA IP FRRs Per Prefix 283 Example: Disabling Load Sharing Among Prefixes 283 Example: Enabling Tie-Breaking Rules 283 Feature History for EIGRP Loop-Free Alternate IP Fast Reroute 284
Configuring BGP 285 Restrictions for BGP 285 Information About BGP 285 BGP Network Topology 285 Nonstop Forwarding Awareness 287 Information About BGP Routing 287 Routing Policy Changes 287 BGP Decision Attributes 288 Route Maps 289 BGP Filtering 289 Prefix List for BGP Filtering 290 BGP Community Filtering 290 BGP Neighbors and Peer Groups 291 Aggregate Routes 291 Routing Domain Confederations 291 BGP Route Reflectors 291 Route Dampening 292 Conditional BGP Route Injection 292 BGP Peer Templates 293 Inheritance in Peer Templates 293 Peer Session Templates 294 Peer Policy Templates 295 BGP Route Map Next Hop Self 296 How to Configure BGP 297 Default BGP Configuration 297 Enabling BGP Routing 300 Managing Routing Policy Changes 302
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) xv
Contents
CHAPTER 29
Configuring BGP Decision Attributes 303 Configuring BGP Filtering with Route Maps 305 Configuring BGP Filtering by Neighbor 306 Configuring BGP Filtering by Access Lists and Neighbors 307 Configuring Prefix Lists for BGP Filtering 309 Configuring BGP Community Filtering 310 Configuring BGP Neighbors and Peer Groups 312 Configuring Aggregate Addresses in a Routing Table 314 Configuring Routing Domain Confederations 316 Configuring BGP Route Reflectors 317 Configuring Route Dampening 319 Conditionally Injecting BGP Routes 320 Configuring Peer Session Templates 323
Configuring a Basic Peer Session Template 323 Configuring Peer Session Template Inheritance with the inherit peer-session Command 325 Configuring Peer Session Template Inheritance with the neighbor inherit peer-session
Command 326 Configuring Peer Policy Templates 328
Configuring Basic Peer Policy Templates 328 Configuring Peer Policy Template Inheritance with the inherit peer-policy Command 329 Configuring Peer Policy Template Inheritance with the neighbor inherit peer-policy Command 332 Configuring BGP Route Map Next-hop Self 334 Configuration Examples for BGP 337 Example: Configuring Conditional BGP Route Injection 337 Example: Configuring Peer Session Templates 337 Examples: Configuring Peer Policy Templates 338 Example: Configuring BGP Route Map next-hop self 339 Monitoring and Maintaining BGP 339 Feature History for Border Gateway Protocol 340
Configuring BGP Additional Paths 343 Information About BGP Additional Paths 343 Problem That Additional Paths Can Solve 343 Benefits of BGP Additional Paths 346
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) xvi
Contents
CHAPTER 30 CHAPTER 31
BGP Additional Paths Functionality 346 How to Configure BGP Additional Paths 348
Configuring Additional Paths per Address Family 348 Configuring Additional Paths per Neighbor 350 Configuring Additional Paths Using a Peer Policy Template 351 Filtering and Setting Actions for Additional Paths 353 Displaying Additional Path Information 355 Disabling Additional Paths per Neighbor 355 Configuration Examples for BGP Additional Paths 356 Example: BGP Additional Path Send and Receive Capabilities 356 Example: BGP Additional Paths 357 Example: Neighbor Capabilities Override Address Family Capabilities 358 Example: BGP Additional Paths Using a Peer Policy Template 358 Additional References 359 Feature History for BGP Additional Paths 359
Configuring BGP Graceful Shutdown 361 Information About BGP Graceful Shutdown 361 Purpose and Benefits of BGP Graceful Shutdown 361 GSHUT Community 361 BGP GSHUT Enhancement 362 How to Configure BGP Graceful Shutdown 362 Shutting Down a BGP Link Gracefully 362 Filtering BGP Routes Based on the GSHUT Community 364 Configuring BGP GSHUT Enhancement 366 Configuration Examples for BGP Graceful Shutdown 367 Example: Shutting Down a BGP Link Gracefully 367 Example: Filtering BGP Routes Based on the GSHUT Community 368 Example: BGP GSHUT Enhancement 368 Additional References 369 Feature History for BGP Graceful Shutdown 370
Configuring BGP Large Community 371 Restrictions for the BGP Large Community 371
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) xvii
Contents
CHAPTER 32 CHAPTER 33
Information About the BGP Large Community Feature 371 Large Community Lists 371 BGP Large Community Attribute 372
How to Configure BGP Large Community 372 Enabling BGP Large Community 372 Configuring Route-map with Large Community Lists and Matching a Large Community 374 Defining BGP Large Community List 375 Configuring the Route-Map to Set BGP Large Communities 376 Deleting Large Communities 377 Verifying the Configuration of the BGP Large Community 378 Troubleshooting Large Communities 379
Configuration Example for BGP Large Community 379 Feature History for BGP Large Community 380
Configuring BGP Monitoring Protocol 383 Prerequisites for BGP Monitoring Protocol 383 Information About BGP Monitoring Protocol 383 How to Configure BGP Monitoring Protocol 384 Configuring a BGP Monitoring Protocol Session 384 Configuring BGP Monitoring Protocol on BGP Neighbors 385 Configuring BGP Monitoring Protocol Servers 386 Configuring BGP Monitoring Protocol on VRF Neighbors 388 Verifying BGP Monitoring Protocol 389 Monitoring BGP Monitoring Protocol 390 Examples for Configuring, Verifying, and Monitoring BGP Monitoring Protocol 391 Additional References for BGP Monitoring Protocol 395 Feature History for BGP Monitoring Protocol 396
Configuring BGP Next Hop Unchanged 397 Restrictions for BGP Next Hop Unchanged 397 Information About BGP Next Hop Unchanged 397 How to Configure BGP Next Hop Unchanged 398 Configuring the BGP Next Hop Unchanged for an EBGP Peer 398 Configuring BGP Next Hop Unchanged using Route-Maps 399
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) xviii
Contents
CHAPTER 34 CHAPTER 35 CHAPTER 36
Configuration Example for BGP Next Hop Unchanged for an EBGP Peer 400 Feature History for BGP Next Hop Unchanged 401
Configuring BGP-VPN Distinguisher Attribute 403 Information About BGP-VPN Distinguisher Attribute 403 Role and Benefit of the VPN Distinguisher Attribute 403 How the VPN Distinguisher Attribute Works 404 BGP-VPN Distinguisher Attribute 405 How to Configure BGP-VPN Distinguisher Attribute 405 Replacing an RT with a VPN Distinguisher Attribute 405 Replacing a VPN Distinguisher Attribute with an RT 407 Configuration Example for Translating RT to VPN Distinguisher to RT 410 Feature History for BGP-VPN Distinguisher Attribute 411
Configuring BGP-RT and VPN Distinguisher Attribute Rewrite Wildcard 413 Restrictions for BGP-RT and VPN Distinguisher Attribute Rewrite Wildcard 413 Information About BGP--RT and VPN Distinguisher Attribute Rewrite Wildcard 413 Benefits of RT and VPN Distinguisher Attribute Mapping Range 414 How to Map RTs to RTs Using a Range 414 Replacing an RT with a Range of RTs 414 Replacing a Range of RTs with an RT 417 Configuration Example for Replacing an RT with a Range of VPN Distinguishers 419 Additional References for BGP-RT and VPN Distinguisher Attribute Rewrite Wildcard 420 Feature History for BGP--RT and VPN Distinguisher Attribute Rewrite Wildcard 420
Configuring BGP Support for 4-byte ASN 423 Information About BGP Support for 4-byte ASN 423 BGP Autonomous System Number Formats 423 Cisco Implementation of 4-Byte Autonomous System Numbers 425 How to Configure BGP Support for 4-byte ASN 426 Configuring a BGP Routing Process and Peers Using 4-Byte Autonomous System Numbers 426 Modifying the Default Output and Regular Expression Match Format for 4-Byte Autonomous System Numbers 429 Configuration Examples for BGP Support for 4-byte ASN 431
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) xix
Contents
CHAPTER 37
Examples: Configuring a BGP Routing Process and Peers Using 4-Byte Autonomous System Numbers 431
Examples: Configuring a VRF and Setting an Extended Community Using a BGP 4-Byte Autonomous System Number 434
Additional References for BGP Support for 4-byte ASN 436 Feature History for BGP Support for 4-byte ASN 436
Implementing Multiprotocol BGP for IPv6 439 Information About Multiprotocol BGP for IPv6 439 Multiprotocol BGP Extensions for IPv6 439 IPv6 Multiprotocol BGP Peering Using a Link-Local Address 439 Multiprotocol BGP for the IPv6 Multicast Address Family 439 Nonstop Forwarding and Graceful Restart for MP-BGP IPv6 Address Family 440 How to Implement Multiprotocol BGP for IPv6 440 Configuring an IPv6 BGP Routing Process and BGP Router ID 440 Configuring IPv6 Multiprotocol BGP Between Two Peers 442 Configuring IPv6 Multiprotocol BGP Between Two Peers Using Link-Local Addresses 443 Troubleshooting Tips 446 Configuring an IPv6 Multiprotocol BGP Peer Group 446 Configuring a Route Map for IPv6 Multiprotocol BGP Prefixes 448 Redistributing Prefixes into IPv6 Multiprotocol BGP 450 Advertising Routes into IPv6 Multiprotocol BGP 451 Advertising IPv4 Routes Between IPv6 BGP Peers 453 Assigning BGP Administrative Distance for Multicast BGP Routes 455 Generating IPv6 Multicast BGP Updates 456 Configuring the IPv6 BGP Graceful Restart Capability 457 Resetting IPv6 BGP Sessions 458 Verifying the IPv6 Multiprotocol BGP Configuration 459 Configuration Examples for Multiprotocol BGP for IPv6 460 Example: Configuring a BGP Process, BGP Router ID, and IPv6 Multiprotocol BGP Peer 460 Example: Configuring an IPv6 Multiprotocol BGP Peer Using a Link-Local Address 460 Example: Configuring an IPv6 Multiprotocol BGP Peer Group 461 Example: Configuring a Route Map for IPv6 Multiprotocol BGP Prefixes 461 Example: Redistributing Prefixes into IPv6 Multiprotocol BGP 462
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) xx
CHAPTER 38 CHAPTER 39
Example: Advertising Routes into IPv6 Multiprotocol BGP 462 Example: Advertising IPv4 Routes Between IPv6 Peers 462 Additional References for Multiprotocol BGP for IPv6 463 Feature History for Multiprotocol BGP for IPv6 463
Configuring IS-IS Routing 465 Information About IS-IS Routing 465 Nonstop Forwarding Awareness 466 IS-IS Global Parameters 466 IS-IS Interface Parameters 466 How to Configure IS-IS 467 Default IS-IS Configuration 467 Enabling IS-IS Routing 468 Configuring IS-IS Global Parameters 470 Configuring IS-IS Interface Parameters 474 Monitoring and Maintaining IS-IS 476 Feature History for IS-IS 476
Configuring Multi-VRF CE 479 Information About Multi-VRF CE 479 Understanding Multi-VRF CE 479 Network Topology 480 Packet-Forwarding Process 480 Network Components 481 VRF-Aware Services 481 Multi-VRF CE Configuration Guidelines 481 How to Configure Multi-VRF CE 482 Default Multi-VRF CE Configuration 482 Configuring VRFs 482 Configuring Multicast VRFs 484 Configuring a VPN Routing Session 486 Configuring VRF-Aware Services 487 Configuring VRF-Aware Services for SNMP 488 Configuring VRF-Aware Servcies for NTP 489
Contents
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) xxi
Contents
CHAPTER 40
Configuring VRF-Aware Services for uRPF 492 Configuring VRF-Aware RADIUS 493 Configuring VRF-Aware Services for Syslog 493 Configuring VRF-Aware Services for Traceroute 494 Configuring VRF-Aware Services for FTP and TFTP 494 Monitoring VRF-Aware Services for ARP 496 Monitoring VRF-Aware Services for Ping 496 Monitoring Multi-VRF CE 496 Configuration Example: Multi-VRF CE 496 Feature History for Multi-VRF CE 499
Protocol-Independent Features 501 Distributed Cisco Express Forwarding and Load-Balancing Scheme for CEF Traffic 501 Restrictions for Configuring a Load-Balancing Scheme for CEF Traffic 501 Information About Cisco Express Forwarding 501 CEF Load-Balancing Overview 502 Per-Destination Load Balancing for CEF Traffic 502 Load-Balancing Algorithms for CEF Traffic 502 How to Configure Cisco Express Forwarding 503 How to Configure a Load-Balancing for CEF Traffic 504 Enabling or Disabling CEF Per-Destination Load Balancing 504 Selecting a Tunnel Load-Balancing Algorithm for CEF Traffic 505 Example: Enabling or Disabling CEF Per-Destination Load Balancing 506 Number of Equal-Cost Routing Paths 506 Information About Equal-Cost Routing Paths 506 How to Configure Equal-Cost Routing Paths 507 Static Unicast Routes 507 Information About Static Unicast Routes 508 Configuring Static Unicast Routes 508 Default Routes and Networks 509 Information About Default Routes and Networks 510 How to Configure Default Routes and Networks 510 Route Maps to Redistribute Routing Information 511 Information About Route Maps 511
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) xxii
Contents
CHAPTER 41
How to Configure a Route Map 511 How to Control Route Distribution 515 Policy-Based Routing 517 Restrictions for Configuring Policy-based Routing 517 Information About Policy-Based Routing 517 How to Configure PBR 518 Filtering Routing Information 522 Setting Passive Interfaces 522 Controlling Advertising and Processing in Routing Updates 523 Filtering Sources of Routing Information 524 Managing Authentication Keys 526 Prerequisites 526 How to Configure Authentication Keys 526 Feature History for Protocol-Independent Features 527
Configuring VRF aware PBR 529 Restrictions for VRF aware PBR 529 Information about VRF aware PBR 530 Overview 530 VRF aware PBR set clauses 530 How to Configure VRF aware PBR 531 Configuring Inherit-VRF in a Route Map 531 Configuring IPv6 Inherit-VRF in a Route Map 533 Configuring Inter-VRF in a Route Map 535 Configuring IPv6 Inter-VRF in a Route Map 538 Configuring VRF to Global Routing Table selection in a Route Map 541 Configuring IPv6 VRF to Global Routing Table selection in a Route Map 543 Configuring Global Routing Table to VRF in a Route Map 545 Configuring IPv6 Global Routing Table to VRF in a Route Map 548 Configuration Examples for VRF aware PBR 551 Example: Configuring a VRF interface as an inherit VRF in a route map 551 Example: Configuring an IPv6 VRF interface as an inherit VRF in a route map 551 Example: Configuring a VRF interface as an Inter VRF in a route map using the set ip vrf clause 552
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) xxiii
Contents
CHAPTER 42
Example: Configuring a VRF interface as an IPv6 Inter VRF in a route map using the set ip vrf clause 552
Example: Configuring a VRF interface as an Inter VRF in a route map using the set ip default vrf clause 552
Example: Configuring an IPv6 VRF interface as an Inter VRF in a route map using the set ip default vrf clause 553
Example: Configuring a VRF interface as an Inter VRF in a route map using the set vrf clause 553 Example: Configuring an IPv6 VRF interface as an Inter VRF in a route map using the set vrf
clause 554 Example: Configuring a VRF to Global Routing Table in a Route Map using the set ip default global
clause 554 Example: Configuring an IPv6 VRF to Global Routing Table in a Route Map using the set ip default
global clause 554 Example: Configuring a VRF to Global Routing Table in a Route Map using the set global clause 555 Example: Configuring an IPv6 VRF to Global Routing Table in a Route Map using the set global
clause 555 Example: Configuring Global Routing Table to VRF in a Route Map using the set ip vrf clause 556 Example: Configuring Global Routing Table to an IPv6 VRF in a Route Map using the set ipv6 vrf
clause 556 Example: Configuring Global Routing Table to VRF in a Route Map using the set ip default vrf
clause 556 Example: Configuring Global Routing Table to IPv6 VRF in a Route Map using the set ipv6 default
vrf clause 557 Example: Configuring Global Routing Table to VRF in a Route Map using the set vrf clause 557 Example: Configuring Global Routing Table to IPv6 VRF in a Route Map using the set vrf clause 557 Feature History for VRF aware PBR 558
Configuring VRF-lite 559 Information About VRF-lite 559 Guidelines for Configuring VRF-lite 560 How to Configure VRF-lite 562 Configuring VRF-lite for IPv4 562 Configuring VRF-Aware Services 562 Configuring Per-VRF for TACACS+ Servers 562 Configuring Multicast VRFs 564 Configuring IPv4 VRFs 566
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) xxiv
CHAPTER 43
Configuring VRF-lite for IPv6 568 Configuring VRF-Aware Services 568 Configuring IPv6 VRFs 570 Associating Interfaces to the Defined VRFs 572 Populate VRF with Routes via Routing Protocols 573
Additional Information for VRF-lite 576 VPN Co-existence Between IPv4 and IPv6 577
Verifying VRF-lite Configuration 577 Displaying IPv4 VRF-lite Status 577
Configuration Examples for VRF-lite 578 Configuration Example for IPv6 VRF-lite 578
Additional References for VRF-Lite 582 Feature History for Multicast VRF-lite 582
Configuring Unicast Reverse Path Forwarding 585 Prerequisites for Unicast Reverse Path Forwarding 585 Restrictions for Unicast Reverse Path Forwarding 585 Information About Unicast Reverse Path Forwarding 586 Unicast RPF Operation 586 Per-Interface Statistics 587 Implementation of Unicast Reverse Path Forwarding Notification 589 Security Policy and Unicast RPF 589 Ingress and Egress Filtering Policy for Unicast RPF 590 Where to Use Unicast Reverse Path Forwarding 590 Routing Table Requirements 590 Where Not to Use Unicast Reverse Path Forwarding 591 Unicast Reverse Path Forwarding with BOOTP and DHCP 591 How to Configure Unicast Reverse Path Forwarding 592 Configuring Unicast Reverse Path Forwarding 592 Troubleshooting Tips 593 HSRP Failure 593 Monitoring and Maintaining Unicast Reverse Path Forwarding 593 Example: Configuring Unicast RPF 595 Feature History for Unicast Reverse Path Forwarding 595
Contents
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) xxv
Contents
CHAPTER 44 CHAPTER 45
Configuring the Service Discovery Gateway 597 Restrictions for Service Discovery Gateway 597 Information About the Service Discovery Gateway and mDNS 597 mDNS 597 mDNS-SD 598 Service Discovery Gateway 598 mDNS Gateway and Subnets 598 Filtering 599 How to Configure Service Discovery Gateway 600 Configuring the Service List 600 Enabling mDNS Gateway and Redistributing Services 602 Monitoring Service Discovery Gateway 604 Configuration Examples 604 Example: Specify Alternative Source Interface for Outgoing mDNS Packets 605 Example: Redistribute Service Announcements 605 Example: Creating a Service-List, Applying a Filter and Configuring Parameters 605 Example: Enabling mDNS Gateway and Redistributing Services 605 Example: Global mDNS Configuration 605 Example: Interface mDNS Configuration 606 Where to Go Next for Configuring Services Discovery Gateway 606 Additional References for Service Discovery Gateway 606 Feature History for Service Discovery Gateway 607
Configuring Generic Routing Encapsulation(GRE) Tunnel IP Source and Destination VRF Membership 609 Restrictions for GRE Tunnel IP Source and Destination VRF Membership 609 Information About GRE Tunnel IP Source and Destination VRF Membership 610 How to Configure GRE Tunnel IP Source and Destination VRF Membership 610 Configuration Example for GRE Tunnel IP Source and Destination VRF Membership 611 Additional References 612 Feature History for Generic Routing Encapsulation Tunnel IP Source and Destination VRF Membership 612
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) xxvi
Contents
CHAPTER 46 CHAPTER 47
Configuring Unicast and Multicast over Point-to-Multipoint GRE 613 Prerequisites for Unicast and Multicast over Point-to-Multipoint GRE 613 Restrictions for Unicast and Multicast over Point-to-Multipoint GRE 613 Information About Unicast and Multicast over Point-to-Multipoint GRE 614 Information About NHRP 614 Information About mGRE 614 How to Configure Unicast and Multicast over Point-to-Multipoint GRE 616 Configuring Unicast mGRE for Hub 616 Configuring Unicast mGRE at a Spoke 617 Configuring Unicast mGRE at the Hub 618 Configuring Multicast mGRE 619 Verifying the mGRE Configuration 620 Configuration Examples for Unicast and Multicast over Point-to-Multipoint GRE 623 Example: Configuring Unicast mGRE for Hub 623 Example: Configuring Unicast mGRE at Spoke 623 Example: Configuring Unicast mGRE at Hub 624 Example: Configuring Multicast mGRE 624 Sample mGRE Configuration at Hub and Spokes 624 Feature History for Unicast and Multicast over Point-to-Multipoint GRE 625
Troubleshooting IP Routing 627 Overview 627 Support Articles 627 Feedback Request 628 Disclaimer and Caution 628
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches)
xxvii
Contents
xxviii
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches)
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED "AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.
The documentation set for this product strives to use bias-free language. For purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on standards documentation, or language that is used by a referenced third-party product.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
© 2023 Cisco Systems, Inc. All rights reserved.
1 C H A P T E R
Configuring Bidirectional Forwarding Detection
This document describes how to enable the Bidirectional Forwarding Detection (BFD) protocol. BFD is a detection protocol that is designed to provide fast forwarding path failure detection times for all media types, encapsulations, topologies, and routing protocols. BFD provides a consistent failure detection method for network administrators, in addition to fast forwarding path failure detection. Because the network administrator can use BFD to detect forwarding path failures at a uniform rate, rather than the variable rates for different routing protocol hello mechanisms, network profiling and planning will be easier, and reconvergence time will be consistent and predictable.
· Prerequisites for Bidirectional Forwarding Detection, on page 1 · Restrictions for Bidirectional Forwarding Detection, on page 1 · Information About Bidirectional Forwarding Detection, on page 2 · How to Configure Bidirectional Forwarding Detection, on page 4 · Feature History for Configuring Bidirectional Forwarding Detection , on page 19
Prerequisites for Bidirectional Forwarding Detection
· All participating switches must enable Cisco Express Forwarding and IP routing. · Before BFD is deployed on a switch, it is necessary to configure one of the IP routing protocols that are
supported by BFD. You should implement fast convergence for the routing protocol that you are using. See IP routing documentation for your version of Cisco IOS software for information on configuring fast convergence. See the "Restrictions for Bidirectional Forwarding Detection" section for more information on BFD routing protocol support in Cisco IOS software.
Restrictions for Bidirectional Forwarding Detection
· BFD works only for directly connected neighbors. BFD neighbors must be no more than one IP hop away. BFD does not support Multihop configurations.
· BFD support is not available for all platforms and interfaces. To confirm if a specific platform or interface has BFD support and to obtain the most accurate platform and hardware restrictions, see the Cisco IOS software release notes for your software version.
· The QoS policy for self-generated packets does not match BFD packets.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 1
Information About Bidirectional Forwarding Detection
Configuring Bidirectional Forwarding Detection
· The class class-default command matches BFD packets. So, you must make sure of the availability of appropriate bandwidth to prevent dropping of BFD packets due to oversubscription.
· BFD HA is not supported.
· When you use YANG operational models to delete individual BFD interval values, the whole BFD interval configuration gets deleted.
Information About Bidirectional Forwarding Detection
The following sections provide information about bidirectional forwarding detection.
BFD Operation
BFD provides a low-overhead, short-duration method of detecting failures in the forwarding path between two adjacent devices. These devices include the interfaces, data links, and forwarding planes. BFD is a detection protocol that you enable at the interface and routing protocol levels. Cisco supports BFD asynchronous mode. BFD asychronous mode depends on the sending of BFD control packets between two systems to activate and maintain BFD neighbor sessions between devices. Therefore, in order to create a BFD session, you must configure BFD on both systems (or BFD peers). A BFD session is created once BFD is enabled on the interfaces and at the device level for the appropriate routing protocols. BFD timers are negotiated, and the BFD peers begin to send BFD control packets to each other at the negotiated interval. Starting with Cisco IOS XE Gibraltar 16.11.1 release, the BFD protocol can be configured between PE-CE (Provider Edge-Customer Edge) and PE-P (Provider Edge- Provider) in an MPLS network.
Neighbor Relationships
BFD provides fast BFD peer failure detection times independently. This is independent of all media types, encapsulations, topologies, and routing protocols such as BGP, EIGRP, IS-IS, and OSPF. BFD sends rapid failure detection notices to the routing protocols in the local device to initiate the routing table recalculation process. In this way, BFD contributes to greatly reduced overall network convergence time. The figure below shows a simple network with two devices running OSPF and BFD. When OSPF discovers a neighbor (1), it sends a request to the local BFD process. It initiates a BFD neighbor session with the OSPF neighbor device (2). The BFD neighbor session with the OSPF neighbor device is established (3).
Figure 1: BFD Process on a Network Configured with OSPF
The figure below shows what happens when a failure occurs in the network (1). The BFD neighbor session with the OSPF neighbor device is torn down (2). BFD notifies the local OSPF process that the BFD neighbor is no longer reachable (3). The local OSPF process tears down the OSPF neighbor relationship (4). If an alternative path is available, the devices immediately start converging on it.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 2
Configuring Bidirectional Forwarding Detection Figure 2: BFD Process During a Network Failure
BFD Detection of Failures
A routing protocol must register with BFD for every neighbor it acquires. Once a neighbor is registered, BFD initiates a session with the neighbor if a session does not already exist. OSPF registers with BFD when:
· A neighbor finite state machine (FSM) transitions to full state. · Both OSPF BFD and BFD are enabled.
On broadcast interfaces, OSPF establishes a BFD session only with the designated router (DR) and backup designated router (BDR). The session is not established between any two devices in a DROTHER state.
BFD Detection of Failures
Once a BFD session is established and timer negations are complete, BFD peers send BFD control packets. The packets act in the same manner as an IGP hello protocol to detect liveliness, except at a more accelerated rate. The following information should be noted:
· BFD is a forwarding path failure detection protocol. BFD detects a failure, but the routing protocol must act to bypass a failed peer.
· Starting with Cisco IOS XE Denali 16.3.1, Cisco devices support BFD version 0. Devices use one BFD session for multiple client protocols in the implementation. For example, if a network is running OSPF and EIGRP across the same link to the same peer, only one BFD session is established. BFD shares session information with both routing protocols.
BFD Version Interoperability
All BFD sessions come up as Version 1 by default and are interoperable with Version 0. The system automatically performs BFD version detection, and BFD sessions between neighbors run in the highest common BFD version between neighbors. For example, if one BFD neighbor is running BFD Version 0 and the other BFD neighbor is running Version 1, the session runs BFD Version 0. The output from the show bfd neighbors [details] command verifies which BFD version a BFD neighbor is running. See the "Example Configuring BFD in an EIGRP Network with Echo Mode Enabled by Default" for an example of BFD version detection.
BFD Session Limits
BFD Support for Nonbroadcast Media Interfaces
Starting from Cisco IOS XE Denali 16.3.1, the BFD feature is supported on routed, SVI, and L3 port channels. The bfd interval command must be configured on the interface to initiate BFD monitoring.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 3
BFD Support for Nonstop Forwarding with Stateful Switchover
Configuring Bidirectional Forwarding Detection
BFD Support for Nonstop Forwarding with Stateful Switchover
Typically, when a networking device restarts, all routing peers of that device detect that the device went down and then came back up. This transition results in a routing flap, which could spread across multiple routing domains. Routing flaps that are caused by routing restarts create routing instabilities, which are detrimental to the overall network performance. Nonstop forwarding (NSF) helps to suppress routing flaps in devices enabled with stateful switchover (SSO), thus reducing network instability.
NSF allows for the forwarding of data packets to continue along known routes while the routing protocol information is restored after a switchover. With NSF, peer networking devices do not experience routing flaps. Data traffic is forwarded through intelligent line cards or dual forwarding processors while the standby RP assumes control from the failed active RP during a switchover. One key to NSF operation is the ability of line cards and forwarding processors to remain up through a switchover. They remain current with the Forwarding Information Base (FIB) on the active RP.
In devices that support dual RPs, SSO establishes one of the RPs as the active processor; the other RP is designated as the standby processor. SSO synchronizes information between the active and standby processor. A switchover from the active to the standby processor occurs when the active RP fails, it is removed from the networking device, or it is manually taken down for maintenance.
BFD Intervals Based on Interface
The following table displays the relationship between interfaces, BFD intervals and the Timeout values that must be configured on the interfaces:
Types of Interface
Minimum Supported Values for BFD Timer
Standalone
Redundant Systems
Physical Interface
50ms * 3
250ms * 3
L3 Subinterface
50ms * 3
750ms * 3
Switch Virtual Interface (SVI) 100ms * 3
750ms * 3
Layer 3 Portchannel
250ms * 3
750ms * 3
Layer 3 Portchannel Subinterface 250ms * 3
750ms * 3
Benefits of Using BFD for Failure Detection
When you deploy any feature, it is important to consider all the alternatives and be aware of any trade-offs. There are several advantages to implementing BFD over reduced timer mechanisms for routing protocols:
How to Configure Bidirectional Forwarding Detection
The following sections provide configurational information about bidirectional forwarding detection.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 4
Configuring Bidirectional Forwarding Detection
Configuring BFD Session Parameters on the Interface
Configuring BFD Session Parameters on the Interface
To configure BFD on an interface, you must set the baseline BFD session parameters. Repeat the steps in this procedure for each interface over which you want to run BFD sessions to BFD neighbors.
The following procedure shows BFD configuration steps for a physical interface. Please use the corresponding BFD timer values for SVIs and ether-channels respectively.
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device>enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device#configure terminal
Perform one of the following steps:
Configures an IP address for the interface.
· ip address ipv4-address mask · ipv6 address ipv6-address/mask
Example:
Configuring an IPv4 address for the interface:
Device(config-if)#ip address 10.201.201.1 255.255.255.0
Configuring an IPv6 address for the interface:
Step 4
Device(config-if)#ipv6 address 2001:db8:1:1::1/32
bfd interval milliseconds min_rx milliseconds multiplier interval-multiplier
Example:
Enables BFD on the interface.
The BFD interval configuration is removed when the subinterface on which it is configured is removed.
Device(config-if)#bfd interval 100 min_rx The BFD interval configuration is not removed
100 multiplier 3
when:
· An interface removes an IPv4 address.
· An interface removes an IPv6 address is removed from an interface.
· An interface disables IPv6.
· An interface is shutdown
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 5
Configuring BFD Support for Dynamic Routing Protocols
Configuring Bidirectional Forwarding Detection
Command or Action
Step 5
end Example:
Device(config-if)#end
Purpose · An interface globally or locally disables IPv4 CEF.
· An interface globally or locally disables IPv6 CEF.
Exits interface configuration mode and returns to privileged EXEC mode.
Configuring BFD Support for Dynamic Routing Protocols
The following sections provide configurational information about BFD support for dynamic routing protocols.
Configuring BFD Support for IS-IS
This section describes the procedures for configuring BFD support for IS-IS so that IS-IS is a registered protocol with BFD and will receive forwarding path detection failure messages from BFD. There are two methods for enabling BFD support for IS-IS:
· You can enable BFD for all of the interfaces on which IS-IS is supporting IPv4 routing by using the bfd all-interfaces command in router configuration mode. You can then disable BFD for one or more of those interfaces using the isis bfd disable command in interface configuration mode.
· You can enable BFD for a subset of the interfaces for which IS-IS is routing by using the isis bfd command in interface configuration mode.
To configure BFD support for IS-IS, perform the steps in one of the following sections:
Prerequisites
· IS-IS must be running on all participating devices.
· The baseline parameters for BFD sessions on the interfaces that you want to run BFD sessions to BFD neighbors over must be configured. See the "Configuring BFD Session Parameters on the Interface" section for more information.
Configuring BFD Support for IS-IS for All Interfaces To configure BFD on all IS-IS interfaces that support IPv4 routing, perform the steps in this section.
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Device>enable
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 6
Configuring Bidirectional Forwarding Detection
Configuring BFD Support for IS-IS for All Interfaces
Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8
Step 9
Command or Action configure terminal Example:
Purpose Enters global configuration mode.
Device#configure terminal
router isis area-tag Example:
Specifies an IS-IS process and enters router configuration mode.
Device(config)#router isis tag1
bfd all-interfaces Example:
Enables BFD globally on all interfaces that are associated with the IS-IS routing process.
Device(config-router)#bfd all-interfaces
exit Example:
(Optional) Returns the device to global configuration mode.
Device(config-router)#exit
interface type number Example:
(Optional) Enters interface configuration mode.
Device(config)#interface fastethernet 6/0
ip router isis [ tag ] Example:
(Optional) Enables support for IPv4 routing on the interface.
Device(config-if)#ip router isis tag1
isis bfd [disable] Example:
Device(config-if)#isis bfd
(Optional) Enables or disables BFD on a per-interface basis for one or more interfaces that are associated with the IS-IS routing process.
Note
You should use the disable
keyword only if you had earlier
enabled BFD on all the interfaces
that IS-IS is associated with,
using the bfd all-interfaces
command in configuration mode.
end Example:
Exits interface configuration mode and returns the device to privileged EXEC mode.
Device(config-if)#end
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 7
Configuring BFD Support for IS-IS for One or More Interfaces
Configuring Bidirectional Forwarding Detection
Step 10 Step 11
Command or Action show bfd neighbors [details] Example:
Device#show bfd neighbors details
show clns interface Example:
Device#show clns interface
Purpose
(Optional) Displays information that can be used to verify if the BFD neighbor is active and displays the routing protocols that BFD has registered.
(Optional) Displays information that can be used to verify if BFD for IS-IS has been enabled for a specific IS-IS interface that is associated.
Configuring BFD Support for IS-IS for One or More Interfaces To configure BFD for only one or more IS-IS interfaces, perform the steps in this section.
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device>enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device#configure terminal
interface type number Example:
Enters interface configuration mode.
Step 4
Device(config)#interface fastethernet 6/0
ip router isis [ tag ] Example:
Enables support for IPv4 routing on the interface.
Step 5
Device(config-if)#ip router isis tag1
isis bfd [disable] Example:
Device(config-if)#isis bfd
Enables or disables BFD on a per-interface basis for one or more interfaces that are associated with the IS-IS routing process.
Note
You should use the disable
keyword only if you enabled BFD
on all the interfaces that IS-IS is
associated with using the bfd
all-interfaces command in router
configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 8
Configuring Bidirectional Forwarding Detection
Configuring BFD Support for OSPF
Step 6 Step 7 Step 8
Command or Action end Example:
Device(config-if)#end
show bfd neighbors [details] Example:
Device#show bfd neighbors details
show clns interface Example:
Device#show clns interface
Purpose Exits interface configuration mode and returns the device to privileged EXEC mode.
(Optional) Displays information that can help verify if the BFD neighbor is active and displays the routing protocols that BFD has registered.
(Optional) Displays information that can help verify if BFD for IS-IS has been enabled for a specific IS-IS interface that is associated.
Configuring BFD Support for OSPF
This section describes the procedures for configuring BFD support for OSPF so that OSPF is a registered protocol with BFD and will receive forwarding path detection failure messages from BFD. You can either configure BFD support for OSPF globally on all interfaces or configure it selectively on one or more interfaces. There are two methods for enabling BFD support for OSPF:
· You can enable BFD for all the interfaces for which OSPF is routing by using the bfd all-interfaces command in router configuration mode. You can disable BFD support on individual interfaces using the ip ospf bfd [disable] command in interface configuration mode.
· You can enable BFD for a subset of the interfaces for which OSPF is routing by using the ip ospf bfd command in interface configuration mode.
See the following sections for tasks for configuring BFD support for OSPF:
Configuring BFD Support for OSPF for All Interfaces To configure BFD for all OSPF interfaces, perform the steps in this section. If you do not want to configure BFD on all OSPF interfaces and would rather configure BFD support specifically for one or more interfaces, see the "Configuring BFD Support for OSPF for One or More Interfaces" section.
Before you begin · OSPF must be running on all participating devices.
· The baseline parameters for BFD sessions on the interfaces over which you want to run BFD sessions to BFD neighbors must be configured. See the "Configuring BFD Session Parameters on the Interface" section for more information.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 9
Configuring BFD Support for OSPF for All Interfaces
Configuring Bidirectional Forwarding Detection
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device>enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device#configure terminal
router ospf process-id Example:
Specifies an OSPF process and enters router configuration mode.
Step 4
Device(config)#router ospf 4
bfd all-interfaces Example:
Enables BFD globally on all interfaces that are associated with the OSPF routing process.
Step 5 Step 6 Step 7
Device(config-router)#bfd all-interfaces
exit Example:
Device(config-router)#exit
(Optional) Returns the device to global configuration mode. Enter this command only if you want to perform Step 7 to disable BFD for one or more interfaces.
interface type number Example:
Device(config)#interface fastethernet 6/0
(Optional) Enters interface configuration mode. Enter this command only if you want to perform Step 7 to disable BFD for one or more interfaces.
ip ospf bfd [disable] Example:
(Optional) Disables BFD on a per-interface basis for one or more interfaces that are associated with the OSPF routing process.
Device(config-if)#ip ospf bfd disable Note
You should use the disable keyword only if you enabled BFD on all the interfaces that OSPF is associated with using the bfd all-interfaces command in router configuration mode.
Step 8
end Example:
Exits interface configuration mode and returns the router to privileged EXEC mode.
Device(config-if)#end
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 10
Configuring Bidirectional Forwarding Detection
Configuring OSPF Support for BFD over IPv4 for One or More Interfaces
Step 9 Step 10
Command or Action show bfd neighbors [details] Example:
Device#show bfd neighbors detail
show ip ospf Example:
Device#show ip ospf
Purpose
(Optional) Displays information that can help verify if the BFD neighbor is active and displays the routing protocols that BFD has registered.
(Optional) Displays information that can help verify if BFD for OSPF has been enabled.
Configuring OSPF Support for BFD over IPv4 for One or More Interfaces To configure BFD on one or more OSPF interfaces, perform the steps in this section.
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device>enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device#configure terminal
interface type number Example:
Enters interface configuration mode.
Step 4
Device(config)#interface fastethernet 6/0
ip ospf bfd [disable] Example:
Device(config-if)#ip ospf bfd
Enables or disables BFD on a per-interface basis for one or more interfaces that are associated with the OSPF routing process.
Note
Use the disable keyword only if
you enable BFD on all the
interfaces that OSPF is associated
with using the bfd all-interfaces
command in router configuration
mode.
Step 5
end Example:
Exits interface configuration mode and returns the device to privileged EXEC mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 11
Configuring BFD Support for HSRP
Configuring Bidirectional Forwarding Detection
Step 6
Command or Action
Device(config-if)#end
show bfd neighbors [details] Example:
Device#show bfd neighbors details
Step 7
show ip ospf Example:
Device#show ip ospf
Purpose
(Optional) Displays information that can help verify if the BFD neighbor is active and displays the routing protocols that BFD has registered.
Note
If hardware-offloaded BFD
sessions are configured with Tx
and Rx intervals that are not
multiples of 50 ms, the hardware
intervals are changed. However,
output from the show bfd
neighbors details command
displays only the configured
intervals, not the interval values
that change.
(Optional) Displays information that can help verify if BFD support for OSPF has been enabled.
Configuring BFD Support for HSRP
Perform this task to enable BFD support for Hot Standby Router Protocol (HSRP.) Repeat the steps in this procedure for each interface over which you want to run BFD sessions to HSRP peers. HSRP supports BFD by default. If HSRP support for BFD has been manually disabled, you can reenable it at the device level to enable BFD support globally for all interfaces or on a per-interface basis at the interface level.
Before you begin · HSRP must be running on all participating devices.
· Cisco Express Forwarding must be enabled.
Procedure Step 1
Command or Action enable Example:
Step 2
Device>enable
configure terminal Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Enters global configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 12
Configuring Bidirectional Forwarding Detection
Configuring BFD Support for HSRP
Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10
Command or Action
Purpose
Device#configure terminal
ip cef [distributed] Example:
Enables Cisco Express Forwarding or distributed Cisco Express Forwarding.
Device(config)#ip cef
interface type number Example:
Enters interface configuration mode.
Device(config)#interface FastEthernet 6/0
ip address ip-address mask Example:
Configures an IP address for the interface.
Device(config-if)#ip address 10.1.0.22 255.255.0.0
standby [group-number] ip [ip-address [secondary]]
Example:
Activates HSRP.
Device(config-if)#standby 1 ip 10.0.0.11
standby bfd Example:
(Optional) Enables HSRP support for BFD on the interface.
Device(config-if)#standby bfd
exit Example:
Exits interface configuration mode.
Device(config-if)#exit
standby bfd all-interfaces Example:
(Optional) Enables HSRP support for BFD on all interfaces.
Device(config)#standby bfd all-interfaces
exit Example:
Exits global configuration mode.
Device(config)#exit
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 13
Configuring BFD Support for Static Routing
Configuring Bidirectional Forwarding Detection
Step 11
Command or Action show standby neighbors Example:
Device#show standby neighbors
Purpose
(Optional) Displays information about HSRP support for BFD.
Configuring BFD Support for Static Routing
Perform this task to configure BFD support for static routing. Repeat the steps in this procedure on each BFD neighbor. For more information, see the "Example: Configuring BFD Support for Static Routing" section.
Procedure Step 1
Command or Action enable Example:
Step 2
Device>enable
configure terminal Example:
Step 3
Device#configure terminal
interface type number Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Enters global configuration mode.
Configures an interface and enters interface configuration mode.
Step 4
Device(config)#interface serial 2/0
Perform one of the following steps:
Configures an IP address for the interface.
· ip address ipv4-address mask · ipv6 address ipv6-address/mask
Example: Configuring an IPv4 address for the interface:
Device(config-if)#ip address 10.201.201.1 255.255.255.0
Configuring an IPv6 address for the interface:
Step 5
Device(config-if)#ipv6 address 2001:db8:1:1::1/32
bfd interval milliseconds mix_rx
Enables BFD on the interface.
milliseconds multiplier interval-multiplier
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 14
Configuring Bidirectional Forwarding Detection
Configuring BFD Support for Static Routing
Step 6 Step 7 Step 8
Step 9
Command or Action Example:
Device(config-if)#bfd interval 500 min_rx 500 multiplier 5
Purpose The bfd interval configuration is removed when the subinterface on which it is configured is removed.
The bfd interval configuration is not removed when:
· an IPv4 address is removed from an interface
· an IPv6 address is removed from an interface
· IPv6 is disabled from an interface.
· an interface is shutdown
· IPv4 CEF is disabled globally or locally on an interface.
· IPv6 CEF is disabled globally or locally on an interface.
exit Example:
Exits interface configuration mode and returns to global configuration mode.
Device(config-if)#exit
ip route static bfd interface-type interface-number ip-address [group group-name [passive]]
Example:
Specifies a static route BFD neighbor.
· The interface-type, interface-number, and ip-address arguments are required because BFD support exists only for directly connected neighbors.
Device(config)#ip route static bfd TenGigabitEthernet1/0/1 10.10.10.2 group
group1 passive
ip route [vrf vrf-name] prefix mask {ip-address | interface-type interface-number [ip-address]} [dhcp] [distance] [name next-hop-name] [permanent | track number] [tag tag]
Example:
Specifies a static route BFD neighbor.
Device(config)#ip route 10.0.0.0 255.0.0.0
exit Example:
Exits global configuration mode and returns to privileged EXEC mode.
Device(config)#exit
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 15
Configuring BFD Echo Mode
Configuring Bidirectional Forwarding Detection
Step 10 Step 11 Step 12
Command or Action show ip static route Example:
Device#show ip static route
show ip static route bfd Example:
Device#show ip static route bfd
exit Example:
Device#exit
Purpose (Optional) Displays static route database information.
(Optional) Displays information about the static BFD configuration from the configured BFD groups and nongroup entries.
Exits privileged EXEC mode and returns to user EXEC mode.
Configuring BFD Echo Mode
BFD echo mode is enabled by default, but you can disable it such that it can run independently in each direction.
BFD echo mode works with asynchronous BFD. Echo packets are sent by the forwarding engine and forwarded back along the same path in order to perform detection--the BFD session at the other end does not participate in the actual forwarding of the echo packets. The echo function and the forwarding engine are responsible for the detection process; therefore, the number of BFD control packets that are sent out between two BFD neighbors is reduced. In addition, because the forwarding engine is testing the forwarding path on the remote (neighbor) system without involving the remote system, there is an opportunity to improve the interpacket delay variance, thereby achieving quicker failure detection times than when using BFD Version 0 with BFD control packets for the BFD session.
Echo mode is described as without asymmetry when it is running on both sides (both BFD neighbors are running echo mode).
Prerequisites
· BFD must be running on all participating devices.
· Before using BFD echo mode, you must disable the sending of Internet Control Message Protocol (ICMP) redirect messages by entering the no ip redirects command, in order to avoid high CPU utilization.
· The baseline parameters for BFD sessions on the interfaces over which you want to run BFD sessions to BFD neighbors must be configured. See the Configuring BFD Session Parameters on the Interface section for more information.
Restrictions
BFD echo mode does not work with Unicast Reverse Path Forwarding (uRPF) configuration. If BFD echo mode and uRPF configurations are enabled, then the sessions will flap.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 16
Configuring Bidirectional Forwarding Detection
Disabling BFD Echo Mode Without Asymmetry
Disabling BFD Echo Mode Without Asymmetry
The steps in this procedure show how to disable BFD echo mode without asymmetry--no echo packets will be sent by the device, and the device will not forward BFD echo packets that are received from any neighbor devices.
Repeat the steps in this procedure for each BFD Device.
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device>enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device#configure terminal
no bfd echo Example:
Disables BFD echo mode. Use the no form to disable BFD echo mode.
Step 4
Device(config)#no bfd echo
end Example:
Exits global configuration mode and returns to privileged EXEC mode.
Device(config)#end
Creating and Configuring BFD Templates
You can configure a single-hop template to specify a set of BFD interval values. BFD interval values specified as part of the BFD template are not specific to a single interface.
Note Configuring BFD-template will disable echo mode.
Configuring a Single-Hop Template
Perform this task to create a BFD single-hop template and configure BFD interval timers.
Procedure
Step 1
Command or Action enable
Purpose Enables privileged EXEC mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 17
Monitoring and Troubleshooting BFD
Configuring Bidirectional Forwarding Detection
Step 2 Step 3 Step 4 Step 5
Command or Action Example:
Purpose Enter your password if prompted.
Device>enable
configure terminal Example:
Enters global configuration mode.
Device#configure terminal
bfd-template single-hop template-name Example:
Creates a single-hop BFD template and enters BFD configuration mode.
Device(config)#bfd-template single-hop bfdtemplate1
interval min-tx milliseconds min-rx milliseconds multiplier multiplier-value Example:
Device(bfd-config)#interval min-tx 120 min-rx 100 multiplier 3
Configures the transmit and receive intervals between BFD packets, and specifies the number of consecutive BFD control packets that must be missed before BFD declares that a peer is unavailable.
end Example:
Exits BFD configuration mode and returns the device to privileged EXEC mode.
Device(bfd-config)#end
Monitoring and Troubleshooting BFD
This section describes how to retrieve BFD information for maintenance and troubleshooting. The commands in these tasks can be entered in any order as needed. This section contains information for monitoring and troubleshooting BFD for the following Cisco platforms:
Monitoring and Troubleshooting BFD
To monitor or troubleshoot BFD, perform one or more of the steps in this section.
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Device>enable
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 18
Configuring Bidirectional Forwarding Detection
Feature History for Configuring Bidirectional Forwarding Detection
Step 2 Step 3
Command or Action show bfd neighbors [details] Example:
Device#show bfd neighbors details
debug bfd [packet | event] Example:
Device#debug bfd packet
Purpose
(Optional) Displays the BFD adjacency database.
The details keyword shows all BFD protocol parameters and timers per neighbor.
(Optional) Displays debugging information about BFD packets.
Feature History for Configuring Bidirectional Forwarding Detection
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1
Bidirectional Forwarding Detection BFD is a detection protocol that is designed to provide fast forwarding path failure detection times for all media types, encapsulations, topologies, and routing protocols.
Cisco IOS XE Cupertino 17.7.1
Bidirectional Forwarding Detection Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 19
Feature History for Configuring Bidirectional Forwarding Detection
Configuring Bidirectional Forwarding Detection
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 20
2 C H A P T E R
Configuring BFD Support for EIGRP IPv6
· Prerequisites for BFD Support for EIGRP IPv6, on page 21 · Restrictions for BFD Support for EIGRP IPv6, on page 21 · Information About BFD Support for EIGRP IPv6, on page 21 · How to Configure BFD Support for EIGRP IPv6, on page 22 · Configuration Examples for BFD Support for EIGRP IPv6, on page 25 · Additional References, on page 26 · Feature History for BFD Support for EIGRP IPv6, on page 27
Prerequisites for BFD Support for EIGRP IPv6
EIGRP IPv6 sessions have a shutdown option in router, address family, and address-family interface configuration modes. To enable BFD support on EIGRP IPv6 sessions, the routing process should be in no shut mode in the above mentioned modes.
Restrictions for BFD Support for EIGRP IPv6
· The BFD Support for EIGRP IPv6 feature is supported only in EIGRP named mode. · EIGRP supports only single-hop Bidirectional Forwarding Detection (BFD). · The BFD Support for EIGRP IPv6 feature is not supported on passive interfaces.
Information About BFD Support for EIGRP IPv6
The BFD Support for EIGRP IPv6 feature provides Bidirectional Forwarding Detection (BFD) support for Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 sessions. It facilitates rapid fault detection and alternate-path selection in EIGRP IPv6 topologies. BFD is a detection protocol that provides a consistent failure-detection method for network administrators. Network administrators use BFD to detect forwarding path failures at a uniform rate and not at variable rates for 'Hello' mechanisms of different routing protocols. This failure-detection methodology ensures easy network profiling and planning and consistent and predictable reconvergence time. This document provides information about BFD support for EIGRP IPv6 networks and explains how to configure BFD support in EIGRP IPv6 networks.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 21
How to Configure BFD Support for EIGRP IPv6
Configuring BFD Support for EIGRP IPv6
How to Configure BFD Support for EIGRP IPv6
The following sections provide information on configuring BFD support for EIGRP IPv6 for an interface and all interfaces.
Configuring BFD Support on All Interfaces
The following steps show how to configure BFD support on all interfaces:
Procedure Step 1 Step 2 Step 3 Step 4 Step 5 Step 6
Step 7 Step 8
Command or Action enable Example:
Device> enable
Purpose Enables privileged EXEC mode. Enter your password if prompted.
configure terminal Example:
Device# configure terminal
Enters global configuration mode.
ipv6 unicast-routing Example:
Device(config)# ipv6 unicast-routing
Enables the forwarding of IPv6 unicast datagrams.
interface type number Example:
Specifies the interface type and number, and enters the interface configuration mode.
Device(config)# interface ethernet0/0
ipv6 address ipv6-address/prefix-length
Example:
Device(config-if)# ipv6 address 2001:DB8:A:B::1/64
Configures an IPv6 address.
bfd interval milliseconds min_rx
Sets the baseline BFD session parameters on
milliseconds multiplier interval-multiplier an interface.
Example:
Device(config-if)# bfd interval 50 min_rx 50 multiplier 3
exit Example:
Device(config-if)# exit
Exits interface configuration mode and returns to global configuration mode.
router eigrp virtual-name Example:
Specifies an EIGRP routing process and enters router configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 22
Configuring BFD Support for EIGRP IPv6
Configuring BFD Support on an Interface
Step 9 Step 10 Step 11 Step 12 Step 13 Step 14 Step 15
Command or Action
Device(config)# router eigrp name
Purpose
address-family ipv6 autonomous-system Enters address family configuration mode for
as-number
IPv6 and configures an EIGRP routing
Example:
instance.
Device(config-router)# address-family ipv6 autonomous-system 3
eigrp router-id ip-address
Example:
Device(config-router-af)# eigrp router-id 172.16.1.3
Sets the device ID used by EIGRP for this address family when EIGRP peers communicate with their neighbors.
af-interface default
Configures interface-specific commands on
Example:
all interfaces that belong to an address family in EIGRP named mode configurations. Enters
Device(config-router-af)# af-interface address-family interface configuration mode.
default
bfd
Enables BFD on all interfaces.
Example:
Device(config-router-af-interface)# bfd
End Example:
Exits address-family interface configuration mode and returns to privileged EXEC mode.
Device(config-router-af-interface)# end
show eigrp address-family ipv6 neighbors (Optional) Displays detailed information about
detail
the neighbors that are discovered by EIGRP
Example:
with BFD enabled on an interface.
Device# show eigrp address-family ipv6 neighbors detail
show bfd neighbors Example:
Device# show bfd neighbors
(Optional) Displays BFD information to neighbors.
Configuring BFD Support on an Interface
The following steps show how to configure BFD support on an interface:
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 23
Configuring BFD Support on an Interface
Configuring BFD Support for EIGRP IPv6
Step 2 Step 3 Step 4 Step 5 Step 6
Step 7 Step 8 Step 9
Step 10 Step 11
Command or Action
Device> enable
Purpose
configure terminal Example:
Device# configure terminal
Enters global configuration mode.
ipv6 unicast-routing Example:
Device(config)# ipv6 unicast-routing
Enables the forwarding of IPv6 unicast datagrams.
interface type number Example:
Specifies the interface type and number, and enters the interface configuration mode.
Device(config)# interface ethernet0/0
ipv6 address ipv6-address /prefix-length
Example:
Device(config-if)# ipv6 address 2001:DB8:A:B::1/64
Configures an IPv6 address.
bfd interval milliseconds min_rx
Sets the baseline BFD session parameters on
milliseconds multiplier interval-multiplier an interface.
Example:
Device(config-if)# bfd interval 50 min_rx 50 multiplier 3
exit Example:
Device(config-if)# exit
Exits interface configuration mode and returns to global configuration mode.
router eigrp virtual-name Example:
Device(config)# router eigrp name
Specifies an EIGRP routing process and enters router configuration mode.
address-family ipv6 autonomous-system Enters address family configuration mode for
as-number
IPv6 and configures an EIGRP routing
Example:
instance.
Device(config-router)# address-family ipv6 autonomous-system 3
eigrp router-id ip-address
Example:
Device(config-router-af)# eigrp router-id 172.16.1.3
Sets the device ID used by EIGRP for this address family when EIGRP peers communicate with their neighbors.
af-interface interface-type interface-number Configures interface-specific commands on an
Example:
interface that belongs to an address family in
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 24
Configuring BFD Support for EIGRP IPv6
Configuration Examples for BFD Support for EIGRP IPv6
Step 12 Step 13 Step 14 Step 15
Command or Action
Purpose
Device(config-router-af)# af-interface an EIGRP named mode configuration. Enters
ethernet0/0
address-family interface configuration mode.
bfd
Enables BFD on the specified interface.
Example:
Device(config-router-af-interface)# bfd
end Example:
Exits address-family interface configuration mode and returns to privileged EXEC mode.
Device(config-router-af-interface)# end
show eigrp address-family ipv6 neighbors (Optional) Displays neighbors for which have
Example:
BFD enabled.
Device# show eigrp address-family ipv6 neighbors
show bfd neighbors Example:
Device# show bfd neighbors
(Optional) Displays BFD information to neighbors.
Configuration Examples for BFD Support for EIGRP IPv6
The following sections provide configuration examples for BFD support for EIGRP:
Example: Configuring BFD Support on All Interfaces
Device> enable Device# configure terminal Device(config)# ipv6 unicast-routing Device(config)# interface Ethernet0/0 Device(config-if)# ipv6 address 2001:0DB8:1::12/64 Device(config-if)# bfd interval 50 min_rx 50 multiplier 3 Device(config-if)# exit Device(config)# router eigrp name Device(config-router)# address-family ipv6 unicast autonomous-system 1 Device(config-router-af)# eigrp router-id 172.16.0.1 Device(config-router-af)# af-interface default Device(config-router-af-interface)# bfd Device(config-router-af-interface)# end
The following example displays the output for the show eigrp address-family ipv6 neighbors detail command.
Device# show eigrp address-family ipv6 neighbors detail
EIGRP-IPv6 VR(test) Address-Family Neighbors for AS(5)
H Address
Interface
Hold Uptime SRTT
(sec)
(ms)
0 Link-local address:
Et0/0
14 00:02:04 1
FE80::10:2
Version 23.0/2.0, Retrans: 2, Retries: 0, Prefixes: 1
Topology-ids from peer - 0
RTO Q Seq Cnt Num
4500 0 4
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 25
Example: Configuring BFD Support on an Interface
Configuring BFD Support for EIGRP IPv6
Topologies advertised to peer: base
Max Nbrs: 0, Current Nbrs: 0
BFD sessions NeighAddr FE80::10:2
Interface Ethernet0/0
The following example displays the output for the show bfd neighbor command.
Device# show bfd neighbors
IPv6 Sessions NeighAddr FE80::10:2
LD/RD 2/0
RH/RS Down
State Down
Example: Configuring BFD Support on an Interface
The following example shows how to configure BFD Support on an interface:
Device> enable Device# configure terminal Device(config)# ipv6 unicast-routing Device(config)# Ethernet0/0 Device(config-if)# ipv6 address 2001:DB8:A:B::1/64 Device(config-if)# bfd interval 50 min_rx 50 multiplier 3 Device(config-if)# exit Device(config)# router eigrp name Device(config-router)# address-family ipv6 autonomous-system 3 Device(config-router-af)# af-interface Ethernet0/0 Device(config-router-af-interface)# bfd Device(config-router-af-interface)# end
Int Et0/0
Additional References
Related Documents
Related Topic
Document Title
BFD commands: complete command syntax, command mode, command See the IP Routing section of the
history, defaults, usage guidelines, and examples.
Command Reference (Catalyst
9600 Series Switches)
EIGRP commands: complete command syntax, command mode, command history, defaults, usage guidelines, and examples.
See the IP Routing section of the Command Reference (Catalyst 9600 Series Switches)
Configuring EIGRP
See the Routing section of the Software Configuration Guide (Catalyst 9600 Switches)
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 26
Configuring BFD Support for EIGRP IPv6
Feature History for BFD Support for EIGRP IPv6
Feature History for BFD Support for EIGRP IPv6
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1 BFD Support for EIGRP IPv6
The BFD Support for EIGRP IPv6 feature provides BFD support for EIGRP IPv6 sessions.
Cisco IOS XE Cupertino 17.7.1 BFD Support for EIGRP IPv6
Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 27
Feature History for BFD Support for EIGRP IPv6
Configuring BFD Support for EIGRP IPv6
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 28
3 C H A P T E R
Configuring MSDP
· Restrictions for Multicast Source Discovery Protocol, on page 29 · Information About Configuring MSDP, on page 29 · How to Configure MSDP, on page 32 · Monitoring and Maintaining MSDP, on page 52 · Configuration Examples for Configuring MSDP, on page 53 · Feature History for Multicast Source Discovery Protocol, on page 54
Restrictions for Multicast Source Discovery Protocol
This feature is not supported on the Cisco Catalyst 9600 Series Supervisor 2 Module.
Information About Configuring MSDP
This section describes how to configure the Multicast Source Discovery Protocol (MSDP on the switch. The MSDP connects multiple Protocol-Independent Multicast sparse-mode (PIM-SM) domains. MSDP is not fully supported in this software release because of a lack of support for Multicast Border Gateway Protocol (MBGP), which works closely with MSDP. However, it is possible to create default peers that MSDP can operate with if MBGP is not running.
MSDP Overview
MSDP allows multicast sources for a group to be known to all rendezvous points (RPs) in different domains. Each PIM-SM domain uses its own RPs and does not depend on RPs in other domains. An RP runs MSDP over the Transmission Control Protocol (TCP) to discover multicast sources in other domains. An RP in a PIM-SM domain has an MSDP peering relationship with MSDP-enabled devices in another domain. The peering relationship occurs over a TCP connection, primarily exchanging a list of sources sending to multicast groups. The TCP connections between RPs are achieved by the underlying routing system. The receiving RP uses the source lists to establish a source path. The purpose of this topology is to have domains discover multicast sources in other domains. If the multicast sources are of interest to a domain that has receivers, multicast data is delivered over the normal, source-tree building mechanism in PIM-SM. MSDP is also used to announce sources sending to a group. These announcements must originate at the domain's RP.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 29
MSDP Operation
Configuring MSDP
MSDP depends heavily on the Border Gateway Protocol (BGP) or MBGP for interdomain operation. We recommend that you run MSDP in RPs in your domain that are RPs for sources sending to global groups to be announced to the Internet.
MSDP Operation
When a source sends its first multicast packet, the first-hop router (designated router or RP) directly connected to the source sends a PIM register message to the RP. The RP uses the register message to register the active source and to forward the multicast packet down the shared tree in the local domain. With MSDP configured, the RP also forwards a source-active (SA) message to all MSDP peers. The SA message identifies the source, the group the source is sending to, and the address of the RP or the originator ID (the IP address of the interface used as the RP address), if configured.
Each MSDP peer receives and forwards the SA message away from the originating RP to achieve peer reverse-path flooding (RPF). The MSDP device examines the BGP or MBGP routing table to discover which peer is the next hop toward the originating RP of the SA message. Such a peer is called an RPF peer (reverse-path forwarding peer). The MSDP device forwards the message to all MSDP peers other than the RPF peer. For information on how to configure an MSDP peer when BGP and MBGP are not supported, see the Configuring a Default MSDP Peer, on page 32.
If the MSDP peer receives the same SA message from a non-RPF peer toward the originating RP, it drops the message. Otherwise, it forwards the message to all its MSDP peers.
The RP for a domain receives the SA message from an MSDP peer. If the RP has any join requests for the group the SA message describes and if the (*,G) entry exists with a nonempty outgoing interface list, the domain is interested in the group, and the RP triggers an (S,G) join toward the source. After the (S,G) join reaches the source's DR, a branch of the source tree has been built from the source to the RP in the remote domain. Multicast traffic can now flow from the source across the source tree to the RP and then down the shared tree in the remote domain to the receiver.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 30
Configuring MSDP
MSDP Benefits
Figure 3: MSDP Running Between RP Peers
This figure shows MSDP operating between two MSDP peers. PIM uses MSDP as the standard mechanism to register a source with the RP of a domain. When MSDP is configured, this sequence occurs.
By default, the switch does not cache source or group pairs from received SA messages. When the switch forwards the MSDP SA information, it does not store it in memory. Therefore, if a member joins a group soon after an SA message is received by the local RP, that member needs to wait until the next SA message to hear about the source. This delay is known as join latency. Local RPs can send SA requests and get immediate responses for all active sources for a given group. By default, the switch does not send any SA request messages to its MSDP peers when a new member joins a group and wants to receive multicast traffic. The new member waits to receive the next periodic SA message. If you want a new member of a group to learn the active multicast sources in a connected PIM sparse-mode domain that are sending to a group, configure the switch to send SA request messages to the specified MSDP peer when a new member joins a group.
MSDP Benefits
MSDP has these benefits: · It breaks up the shared multicast distribution tree. You can make the shared tree local to your domain. Your local members join the local tree, and join messages for the shared tree never need to leave your domain.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 31
How to Configure MSDP
Configuring MSDP
· PIM sparse-mode domains can rely only on their own RPs, decreasing reliance on RPs in another domain. This increases security because you can prevent your sources from being known outside your domain.
· Domains with only receivers can receive data without globally advertising group membership.
· Global source multicast routing table state is not required, saving memory.
How to Configure MSDP
Default MSDP Configuration
MSDP is not enabled, and no default MSDP peer exists.
Configuring a Default MSDP Peer
Before you begin Configure an MSDP peer.
Procedure
Step 1
Command or Action enable Example:
Device>enable
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Step 2
configure terminal Example:
Device#configure terminal
Enters global configuration mode.
Step 3
ip msdp default-peer ip-address | name [prefix-list list] Example:
Device(config)#ip msdp default-peer 10.1.1.1 prefix-list site-a
Defines a default peer from which to accept all MSDP SA messages.
· For ip-address | name, enter the IP address or Domain Name System (DNS) server name of the MSDP default peer.
· (Optional) For prefix-list list, enter the list name that specifies the peer to be the default peer only for the listed prefixes. You can have multiple active default peers when you have a prefix list associated with each.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 32
Configuring MSDP
Configuring a Default MSDP Peer
Step 4 Step 5
Command or Action
Purpose
When you enter multiple ip msdp default-peer commands with the prefix-list keyword, you use all the default peers at the same time for different RP prefixes. This syntax is typically used in a service provider cloud that connects stub site clouds.
When you enter multiple ip msdp default-peer commands without the prefix-list keyword, a single active peer accepts all SA messages. If that peer fails, the next configured default peer accepts all SA messages. This syntax is typically used at a stub site.
ip prefix-list name [description string] | seq (Optional) Creates a prefix list using the name
number {permit | deny} network length
specified in Step 2.
Example:
Device(config)#prefix-list site-a seq 3 permit 12 network length 128
· (Optional) For description string, enter a description of up to 80 characters to describe this prefix list.
· For seq number, enter the sequence number of the entry. The range is 1 to 4294967294.
· The deny keyword denies access to matching conditions.
· The permit keyword permits access to matching conditions.
· For network length, specify the network number and length (in bits) of the network mask that is permitted or denied.
ip msdp description {peer-name | peer-address} text Example:
Device(config)#ip msdp description peer-name site-b
(Optional) Configures a description for the specified peer to make it easier to identify in a configuration or in show command output.
By default, no description is associated with an MSDP peer.
Step 6
end Example:
Device(config)#end
Returns to privileged EXEC mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 33
Caching Source-Active State
Configuring MSDP
Step 7
Command or Action show running-config Example:
Device#show running-config
Purpose Verifies your entries.
Step 8
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device#copy running-config startup-config
Caching Source-Active State
If you want to sacrifice some memory in exchange for reducing the latency of the source information, you can configure the device to cache SA messages. Perform the following steps to enable the caching of source/group pairs:
Follow these steps to enable the caching of source/group pairs:
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Device>enable
Step 2
configure terminal Example:
Device#configure terminal
Enters global configuration mode.
Step 3
ip msdp cache-sa-state [list access-list-number] Example:
Device(config)#ip msdp cache-sa-state 100
Enables the caching of source/group pairs (create an SA state). Those pairs that pass the access list are cached.
For list access-list-number, the range is 100 to 199.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 34
Configuring MSDP
Caching Source-Active State
Step 4 Step 5
Command or Action
Purpose Note
An alternative to this command is the ip msdp sa-reques global configuration command, which causes the device to send an SA request message to the MSDP peer when a new member for a group becomes active.
access-list access-list-number {deny | permit} Creates an IP extended access list, repeating the
protocol source source-wildcard destination command as many times as necessary.
destination-wildcard
· For access-list-number, the range is 100
Example:
to 199. Enter the same number created in
Step 2.
Device(config)#access-list 100 permit ip 171.69.0.0 0.0.255.255 224.2.0.0
0.0.255.255
· The deny keyword denies access if the conditions are matched. The permit keyword permits access if the conditions are matched.
· For protocol, enter ip as the protocol name.
· For source, enter the number of the network or host from which the packet is being sent.
· For source-wildcard, enter the wildcard bits in dotted decimal notation to be applied to the source. Place ones in the bit positions that you want to ignore.
· For destination, enter the number of the network or host to which the packet is being sent.
· For destination-wildcard, enter the wildcard bits in dotted decimal notation to be applied to the destination. Place ones in the bit positions that you want to ignore.
end Example:
Recall that the access list is always terminated by an implicit deny statement for everything.
Returns to privileged EXEC mode.
Device(config)#end
Step 6
show running-config Example:
Verifies your entries.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 35
Requesting Source Information from an MSDP Peer
Configuring MSDP
Command or Action
Device#show running-config
Purpose
Step 7
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device#copy running-config startup-config
Requesting Source Information from an MSDP Peer
If you want a new member of a group to learn the active multicast sources in a connected PIM sparse-mode domain that are sending to a group, perform this task for the device to send SA request messages to the specified MSDP peer when a new member joins a group. The peer replies with the information in its SA cache. If the peer does not have a cache configured, this command has no result. Configuring this feature reduces join latency but sacrifices memory.
Follow these steps to configure the device to send SA request messages to the MSDP peer when a new member joins a group and wants to receive multicast traffic:
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Device>enable
Step 2
configure terminal Example:
Device#configure terminal
Enters global configuration mode.
Step 3
ip msdp sa-request {ip-address | name} Example:
Device(config)#ip msdp sa-request 171.69.1.1
Step 4
end Example:
Configure the device to send SA request messages to the specified MSDP peer.
For ip-address | name, enter the IP address or name of the MSDP peer from which the local device requests SA messages when a new member for a group becomes active.
Repeat the command for each MSDP peer that you want to supply with SA messages.
Returns to privileged EXEC mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 36
Configuring MSDP
Controlling Source Information that Your Switch Originates
Command or Action
Device(config)#end
Purpose
Step 5
show running-config Example:
Device#show running-config
Verifies your entries.
Step 6
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device#copy running-config startup-config
Controlling Source Information that Your Switch Originates
0 You can control the multicast source information that originates with your device:
· Sources you advertise (based on your sources) · Receivers of source information (based on knowing the requestor)
For more information, see the Redistributing Sources, on page 37 and the Filtering Source-Active Request Messages, on page 39.
Redistributing Sources
SA messages originate on RPs to which sources have registered. By default, any source that registers with an RP is advertised. The A flag is set in the RP when a source is registered, which means the source is advertised in an SA unless it is filtered. Follow these steps to further restrict which registered sources are advertised:
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Device>enable
Step 2
configure terminal Example:
Enters global configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 37
Redistributing Sources
Configuring MSDP
Command or Action
Device#configure terminal
Purpose
Step 3 Step 4
ip msdp redistribute [list access-list-name] Configures which (S,G) entries from the
[asn aspath-access-list-number] [route-map multicast routing table are advertised in SA
map]
messages.
Example:
By default, only sources within the local domain
are advertised.
Device(config)#ip msdp redistribute list 21
· (Optional) list access-list-name-- Enters the name or number of an IP standard or
extended access list. The range is 1 to 99
for standard access lists and 100 to 199 for
extended lists. The access list controls
which local sources are advertised and to
which groups they send.
· (Optional) asn aspath-access-list-number--Enters the IP standard or extended access list number in the range 1 to 199. This access list number must also be configured in the ip as-path access-list command.
· (Optional) route-map map--Enters the IP standard or extended access list number in the range 1 to 199. This access list number must also be configured in the ip as-path access-list command.
Use one of the following:
· access-list access-list-number { deny | permit } source [ source-wildcard ]
· access-list access-list-number { deny | permit } protocol source source-wildcard destination destination-wildcard
Example:
Device(config)#access list 21 permit 194.1.22.0
or
The device advertises (S,G) pairs according to the access list or autonomous system path access list.
Creates an IP standard access list, repeating the command as many times as necessary.
or
Creates an IP extended access list, repeating the command as many times as necessary.
· access-list-number--Enters the same number created in Step 2. The range is 1 to 99 for standard access lists and 100 to 199 for extended lists.
· deny--Denies access if the conditions are matched. The permit keyword permits access if the conditions are matched.
· protocol--Enters ip as the protocol name.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 38
Configuring MSDP
Filtering Source-Active Request Messages
Step 5
Command or Action
Purpose
Device(config)#access list 21 permit ip 194.1.22.0 1.1.1.1 194.3.44.0 1.1.1.1
· source--Enters the number of the network or host from which the packet is being sent.
· source-wildcard--Enters the wildcard bits in dotted decimal notation to be applied to the source. Place ones in the bit positions that you want to ignore.
· destination--Enters the number of the network or host to which the packet is being sent.
· destination-wildcard--Enters the wildcard bits in dotted decimal notation to be applied to the destination. Place ones in the bit positions that you want to ignore.
end Example:
Recall that the access list is always terminated by an implicit deny statement for everything.
Returns to privileged EXEC mode.
Device(config)#end
Step 6
show running-config Example:
Device#show running-config
Verifies your entries.
Step 7
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device#copy running-config startup-config
Filtering Source-Active Request Messages
By default, only device that are caching SA information can respond to SA requests. By default, such a device honors all SA request messages from its MSDP peers and supplies the IP addresses of the active sources.
However, you can configure the device to ignore all SA requests from an MSDP peer. You can also honor only those SA request messages from a peer for groups described by a standard access list. If the groups in the access list pass, SA request messages are accepted. All other such messages from the peer for other groups are ignored.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 39
Filtering Source-Active Request Messages
Configuring MSDP
To return to the default setting, use the no ip msdp filter-sa-request {ip-address| name} global configuration command.
Follow these steps to configure one of these options:
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Device>enable
Step 2
configure terminal Example:
Device#configure terminal
Enters global configuration mode.
Step 3
Use one of the following:
Filters all SA request messages from the
· ip msdp filter-sa-request specified MSDP peer.
{ ip-address name }
or
· ip msdp filter-sa-request { ip-address name } list access-list-number
Filters SA request messages from the specified MSDP peer for groups that pass the standard access list. The access list describes a multicast
Example:
group address. The range for the
access-list-number is 1 to 99.
Device(config)#ip msdp filter sa-request
171.69.2.2
Step 4
access-list access-list-number {deny | permit} Creates an IP standard access list, repeating the
source [source-wildcard]
command as many times as necessary.
Example:
Device(config)#access-list 1 permit 192.4.22.0 0.0.0.255
· For access-list-number, the range is 1 to 99.
· The deny keyword denies access if the conditions are matched. The permit keyword permits access if the conditions are matched.
· For source, enter the number of the network or host from which the packet is being sent.
· (Optional) For source-wildcard, enter the wildcard bits in dotted decimal notation to be applied to the source. Place ones in the bit positions that you want to ignore.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 40
Configuring MSDP
Controlling Source Information that Your Switch Forwards
Command or Action
Step 5
end Example:
Device(config)#end
Purpose Recall that the access list is always terminated by an implicit deny statement for everything.
Returns to privileged EXEC mode.
Step 6
show running-config Example:
Device#show running-config
Verifies your entries.
Step 7
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device#copy running-config startup-config
Controlling Source Information that Your Switch Forwards
By default, the device forwards all SA messages it receives to all its MSDP peers. However, you can prevent outgoing messages from being forwarded to a peer by using a filter or by setting a time-to-live (TTL) value.
Using a Filter
By creating a filter, you can perform one of these actions: · Filter all source/group pairs · Specify an IP extended access list to pass only certain source/group pairs · Filter based on match criteria in a route map
Follow these steps to apply a filter:
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Device>enable
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 41
Using a Filter
Configuring MSDP
Step 2
Command or Action configure terminal Example:
Device#configure terminal
Purpose Enters global configuration mode.
Step 3
Use one of the following: · ip msdp sa-filter out
{ ip-address name } · ip msdp sa-filter out
{ ip-address name } list access-list-number · ip msdp sa-filter out
{ ip-address name } route-map map-tag Example:
Device(config)#ip msdp sa-filter out switch.cisco.com
or
Device(config)#ip msdp sa-filter out list 100
· Filters all SA messages to the specified MSDP peer.
· Passes only those SA messages that pass the IP extended access list to the specified peer. The range for the extended access-list-number is 100 to 199.
If both the list and the route-map keywords are used, all conditions must be true to pass any (S,G) pair in outgoing SA messages.
· Passes only those SA messages that meet the match criteria in the route map map-tag to the specified MSDP peer.
If all match criteria are true, a permit from the route map passes routes through the filter. A deny filters routes.
or
Device(config)#ip msdp sa-filter out switch.cisco.com route-map 22
Step 4
access-list access-list-number {deny | permit} (Optional) Creates an IP extended access list,
protocol source source-wildcard destination repeating the command as many times as
destination-wildcard
necessary.
Example:
Device(config)#access list 100 permit ip 194.1.22.0 1.1.1.1 194.3.44.0 1.1.1.1
· For access-list-number, enter the number specified in Step 2.
· The deny keyword denies access if the conditions are matched. The permit keyword permits access if the conditions are matched.
· For protocol, enter ip as the protocol name.
· For source, enter the number of the network or host from which the packet is being sent.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 42
Configuring MSDP
Using TTL to Limit the Multicast Data Sent in SA Messages
Command or Action
Step 5
end Example:
Device(config)#end
Purpose · For source-wildcard, enter the wildcard bits in dotted decimal notation to be applied to the source. Place ones in the bit positions that you want to ignore.
· For destination, enter the number of the network or host to which the packet is being sent.
· For destination-wildcard, enter the wildcard bits in dotted decimal notation to be applied to the destination. Place ones in the bit positions that you want to ignore.
Recall that the access list is always terminated by an implicit deny statement for everything.
Returns to privileged EXEC mode.
Step 6
show running-config Example:
Device#show running-config
Verifies your entries.
Step 7
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device#copy running-config startup-config
Using TTL to Limit the Multicast Data Sent in SA Messages
You can use a TTL value to control what data is encapsulated in the first SA message for every source. Only multicast packets with an IP-header TTL greater than or equal to the ttl argument are sent to the specified MSDP peer. For example, you can limit internal traffic to a TTL of 8. If you want other groups to go to external locations, you must send those packets with a TTL greater than 8.
Follow these steps to establish a TTL threshold:
Procedure
Step 1
Command or Action enable
Purpose Enables privileged EXEC mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 43
Controlling Source Information that Your Switch Receives
Configuring MSDP
Command or Action Example:
Device>enable
Purpose · Enter your password if prompted.
Step 2
configure terminal Example:
Device#configure terminal
Enters global configuration mode.
Step 3 Step 4
ip msdp ttl-threshold {ip-address | name} ttl Limits which multicast data is encapsulated in
Example:
the first SA message to the specified MSDP peer.
Device(config)#ip msdp ttl-threshold switch.cisco.com 0
· For ip-address | name, enter the IP address or name of the MSDP peer to which the TTL limitation applies.
· For ttl, enter the TTL value. The default is 0, which means all multicast data packets are forwarded to the peer until the TTL is exhausted. The range is 0 to 255.
end Example:
Returns to privileged EXEC mode.
Device(config)#end
Step 5
show running-config Example:
Device#show running-config
Verifies your entries.
Step 6
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device#copy running-config startup-config
Controlling Source Information that Your Switch Receives
By default, the device receives all SA messages that its MSDP RPF peers send to it. However, you can control the source information that you receive from MSDP peers by filtering incoming SA messages. In other words, you can configure the device to not accept them.
You can perform one of these actions:
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 44
Configuring MSDP
Controlling Source Information that Your Switch Receives
· Filter all incoming SA messages from an MSDP peer · Specify an IP extended access list to pass certain source/group pairs · Filter based on match criteria in a route map Follow these steps to apply a filter:
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Device>enable
Step 2
configure terminal Example:
Device#configure terminal
Enters global configuration mode.
Step 3
Use one of the following: · ip msdp sa-filter in
{ ip-address name } · ip msdp sa-filter in
{ ip-address name } list access-list-number · ip msdp sa-filter in
{ ip-address name } route-map map-tag Example:
Device(config)#ip msdp sa-filter in switch.cisco.com
or
Device(config)#ip msdp sa-filter in list 100
· Filters all SA messages to the specified MSDP peer.
· Passes only those SA messages from the specified peer that pass the IP extended access list. The range for the extended access-list-number is 100 to 199.
If both the list and the route-map keywords are used, all conditions must be true to pass any (S,G) pair in outgoing SA messages.
· Passes only those SA messages from the specified MSDP peer that meet the match criteria in the route map map-tag.
If all match criteria are true, a permit from the route map passes routes through the filter. A deny filters routes.
or
Device(config)#ip msdp sa-filter in switch.cisco.com route-map 22
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 45
Controlling Source Information that Your Switch Receives
Configuring MSDP
Step 4 Step 5
Command or Action
Purpose
access-list access-list-number {deny | permit} (Optional) Creates an IP extended access list,
protocol source source-wildcard destination repeating the command as many times as
destination-wildcard
necessary.
Example:
Device(config)#access list 100 permit ip 194.1.22.0 1.1.1.1 194.3.44.0 1.1.1.1
· access-list-number, enter the number specified in Step 2.
· The deny keyword denies access if the conditions are matched. The permit keyword permits access if the conditions are matched.
· For protocol, enter ip as the protocol name.
· For source, enter the number of the network or host from which the packet is being sent.
· For source-wildcard, enter the wildcard bits in dotted decimal notation to be applied to the source. Place ones in the bit positions that you want to ignore.
· For destination, enter the number of the network or host to which the packet is being sent.
· For destination-wildcard, enter the wildcard bits in dotted decimal notation to be applied to the destination. Place ones in the bit positions that you want to ignore.
end Example:
Recall that the access list is always terminated by an implicit deny statement for everything.
Returns to privileged EXEC mode.
Device(config)#end
Step 6
show running-config Example:
Device#show running-config
Verifies your entries.
Step 7
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device#copy running-config startup-config
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 46
Configuring MSDP
Configuring an MSDP Mesh Group
Command or Action
Purpose
Configuring an MSDP Mesh Group
An MSDP mesh group is a group of MSDP speakers that have fully meshed MSDP connectivity among one another. Any SA messages received from a peer in a mesh group are not forwarded to other peers in the same mesh group. Thus, you reduce SA message flooding and simplify peer-RPF flooding. Use the ip msdp mesh-group global configuration command when there are multiple RPs within a domain. It is especially used to send SA messages across a domain. You can configure multiple mesh groups (with different names) in a single device.
Follow these steps to create a mesh group:
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Device>enable
Step 2
configure terminal Example:
Device#configure terminal
Enters global configuration mode.
Step 3
ip msdp mesh-group name {ip-address | name} Example:
Devic(config)#ip msdp mesh-group 2 switch.cisco.com
Step 4
end Example:
Device(config)#end
Configures an MSDP mesh group, and specifies the MSDP peer belonging to that mesh group.
By default, the MSDP peers do not belong to a mesh group.
· For name, enter the name of the mesh group.
· For ip-address | name, enter the IP address or name of the MSDP peer to be a member of the mesh group.
Repeat this procedure on each MSDP peer in the group.
Returns to privileged EXEC mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 47
Shutting Down an MSDP Peer
Configuring MSDP
Step 5
Command or Action show running-config Example:
Device#show running-config
Purpose Verifies your entries.
Step 6
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device#copy running-config startup-config
Shutting Down an MSDP Peer
If you want to configure many MSDP commands for the same peer and you do not want the peer to become active, you can shut down the peer, configure it, and later bring it up. When a peer is shut down, the TCP connection is terminated and is not restarted. You can also shut down an MSDP session without losing configuration information for the peer.
Follow these steps to shut down a peer:
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Device>enable
Step 2
configure terminal Example:
Device#configure terminal
Enters global configuration mode.
Step 3 Step 4
ip msdp shutdown {peer-name | peer address} Shuts down the specified MSDP peer without
Example:
losing configuration information.
For peer-name | peer address, enter the IP
Device(config)#ip msdp shutdown
address or name of the MSDP peer to shut
switch.cisco.com
down.
end Example:
Returns to privileged EXEC mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 48
Configuring MSDP
Including a Bordering PIM Dense-Mode Region in MSDP
Command or Action
Device(config)#end
Purpose
Step 5
show running-config Example:
Device#show running-config
Verifies your entries.
Step 6
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device#copy running-config startup-config
Including a Bordering PIM Dense-Mode Region in MSDP
You can configure MSDP on a device that borders a PIM sparse-mode region with a dense-mode region. By default, active sources in the dense-mode region do not participate in MSDP.
Note We do not recommend using the ip msdp border sa-address global configuration command. It is better to configure the border router in the sparse-mode domain to proxy-register sources in the dense-mode domain to the RP of the sparse-mode domain and have the sparse-mode domain use standard MSDP procedures to advertise these sources.
The ip msdp originator-id global configuration command also identifies an interface to be used as the RP address. If both the ip msdp border sa-address and the ip msdp originator-id global configuration commands are configured, the address derived from the ip msdp originator-id command specifies the RP address.
Follow these steps to configure the border router to send SA messages for sources active in the dense-mode region to the MSDP peers:
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Device>enable
Step 2
configure terminal Example:
Enters global configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 49
Configuring an Originating Address other than the RP Address
Configuring MSDP
Command or Action
Device#configure terminal
Purpose
Step 3 Step 4
ip msdp border sa-address interface-id
Configures the switch on the border between a
Example:
dense-mode and sparse-mode region to send SA messages about active sources in the
dense-mode region.
Device(config)#ip msdp border sa-address
0/1
For interface-id, specifies the interface from
which the IP address is derived and used as the
RP address in SA messages.
The IP address of the interface is used as the Originator-ID, which is the RP field in the SA message.
ip msdp redistribute [list access-list-name] [asn aspath-access-list-number] [route-map map]
Example:
Configures which (S,G) entries from the multicast routing table are advertised in SA messages. For more information, see the #unique_72.
Device(config)#ip msdp redistribute list 100
Step 5
end Example:
Device(config)#end
Returns to privileged EXEC mode.
Step 6
show running-config Example:
Device#show running-config
Verifies your entries.
Step 7
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device#copy running-config startup-config
Configuring an Originating Address other than the RP Address
You can allow an MSDP speaker that originates a SA message to use the IP address of the interface as the RP address in the SA message by changing the Originator ID. You might change the Originator ID in one of these cases:
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 50
Configuring MSDP
Configuring an Originating Address other than the RP Address
· If you configure a logical RP on multiple device in an MSDP mesh group.
· If you have a device that borders a PIM sparse-mode domain and a dense-mode domain. If a device borders a dense-mode domain for a site, and sparse-mode is being used externally, you might want dense-mode sources to be known to the outside world. Because this device is not an RP, it would not have an RP address to use in an SA message. Therefore, this command provides the RP address by specifying the address of the interface.
If both the ip msdp border sa-address and the ip msdp originator-id global configuration commands are configured, the address derived from the ip msdp originator-id command specifies the address of the RP.
Follow these steps to allow an MSDP speaker that originates an SA message to use the IP address on the interface as the RP address in the SA message:
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Device>enable
Step 2
configure terminal Example:
Device#configure terminal
Enters global configuration mode.
Step 3 Step 4
ip msdp originator-id interface-id Example:
Configures the RP address in SA messages to be the address of the originating device interface.
Device(config)#ip msdp originator-id 0/1 For interface-id, specify the interface on the local device.
end Example:
Device(config)#end
Returns to privileged EXEC mode.
Step 5
show running-config Example:
Device#show running-config
Verifies your entries.
Step 6
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 51
Monitoring and Maintaining MSDP
Command or Action
Purpose
Device#copy running-config startup-config
Configuring MSDP
Monitoring and Maintaining MSDP
Commands that monitor MSDP SA messages, peers, state, and peer status:
Table 1: Commands for Monitoring and Maintaining MSDP
Command debug ip msdp [peer-address | name] [detail] [routes] debug ip msdp resets show ip msdp count [autonomous-system-number]
show ip msdp peer [peer-address | name] show ip msdp sa-cache [group-address | source-address | group-name | source-name] [autonomous-system-number] show ip msdp summary
Purpose Debugs an MSDP activity.
Debugs MSDP peer reset reasons. Displays the number of sources and groups originated in SA messages from each autonomous system. The ip msdp cache-sa-state command must be configured for this command to produce any output. Displays detailed information about an MSDP peer. Displays (S,G) state learned from MSDP peers.
Displays MSDP peer status and SA message counts.
Commands that clear MSDP connections, statistics, and SA cache entries:
Table 2: Commands for Clearing MSDP Connections, Statistics, or SA Cache Entries
Command
Purpose
clear ip msdp peer peer-address | name Clears the TCP connection to the specified MSDP peer, resetting all MSDP message counters.
clear ip msdp statistics [peer-address | Clears statistics counters for one or all the MSDP peers without
name]
resetting the sessions.
clear ip msdp sa-cache [group-address | Clears the SA cache entries for all entries, all sources for a
name]
specific group, or all entries for a specific source/group pair.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 52
Configuring MSDP
Configuration Examples for Configuring MSDP
Configuration Examples for Configuring MSDP
This section provides examples for configuring MSP:
Configuring a Default MSDP Peer: Example
This example shows a partial configuration of Router A and Router C in . Each of these ISPs have more than one customer (like the customer in ) who use default peering (no BGP or MBGP). In that case, they might have similar configurations. That is, they accept SAs only from a default peer if the SA is permitted by the corresponding prefix list. Router A
Device(config)#ip msdp default-peer 10.1.1.1 Device(config)#ip msdp default-peer 10.1.1.1 prefix-list site-a Device(config)#ip prefix-list site-b permit 10.0.0.0/1
Router C
Device(config)#ip msdp default-peer 10.1.1.1 prefix-list site-a Device(config)#ip prefix-list site-b permit 10.0.0.0/1
Caching Source-Active State: Example
This example shows how to enable the cache state for all sources in 171.69.0.0/16 sending to groups 224.2.0.0/16:
Device(config)#ip msdp cache-sa-state 100 Device(config)#access-list 100 permit ip 171.69.0.0 0.0.255.255 224.2.0.0 0.0.255.255
Requesting Source Information from an MSDP Peer: Example
This example shows how to configure the switch to send SA request messages to the MSDP peer at 171.69.1.1:
Device(config)#ip msdp sa-request 171.69.1.1
Controlling Source Information that Your Switch Originates: Example
This example shows how to configure the switch to filter SA request messages from the MSDP peer at 171.69.2.2. SA request messages from sources on network 192.4.22.0 pass access list 1 and are accepted; all others are ignored.
Device(config)#ip msdp filter sa-request 171.69.2.2 list 1
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 53
Controlling Source Information that Your Switch Forwards: Example
Configuring MSDP
Device(config)#access-list 1 permit 192.4.22.0 0.0.0.255
Controlling Source Information that Your Switch Forwards: Example
This example shows how to allow only (S,G) pairs that pass access list 100 to be forwarded in an SA message to the peer named switch.cisco.com:
Device(config)#ip msdp peer switch.cisco.com connect-source gigabitethernet1/0/1 Device(config)# ip msdp sa-filter out switch.cisco.com list 100 Device(config)#access-list 100 permit ip 171.69.0.0 0.0.255.255 224.20 0 0.0.255.255
Controlling Source Information that Your Switch Receives: Example
This example shows how to filter all SA messages from the peer named switch.cisco.com:
Device(config)#ip msdp peer switch.cisco.com connect-source gigabitethernet1/0/1 Device(config)#ip msdp sa-filter in switch.cisco.com
Feature History for Multicast Source Discovery Protocol
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1 MSDP
MSDP allows multicast sources for a group to be known to all rendezvous points (RPs) in different domains.
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 54
4 C H A P T E R
Configuring IP Unicast Routing
· Restrictions for IP Unicast Routing, on page 55 · Information About IP Unicast Routing, on page 55 · Information About IP Routing, on page 55 · Configuration Guidelines for IP Routing, on page 61 · How to Configure IP Addressing, on page 61 · How to Configure IP Unicast Routing, on page 79 · Monitoring and Maintaining IP Addressing, on page 80 · Monitoring and Maintaining the IP Network, on page 80 · Feature History for IP Unicast Routing, on page 81
Restrictions for IP Unicast Routing
Subnetwork Access Protocol (SNAP) address resolution is not supported on this device.
Information About IP Unicast Routing
This module describes how to configure IP Version 4 (IPv4) unicast routing on the switch.
Note In addition to IPv4 traffic, you can also enable IP Version 6 (IPv6) unicast routing and configure interfaces to forward IPv6 traffic .
Information About IP Routing
In some network environments, VLANs are associated with individual networks or subnetworks. In an IP network, each subnetwork is mapped to an individual VLAN. Configuring VLANs helps control the size of the broadcast domain and keeps local traffic local. However, network devices in different VLANs cannot communicate with one another without a Layer 3 device (router) to route traffic between the VLAN, referred to as inter-VLAN routing. You configure one or more routers to route traffic to the appropriate destination VLAN.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 55
Types of Routing
Configuring IP Unicast Routing
Figure 4: Routing Topology Example
This figure shows a basic routing topology. Switch A is in VLAN 10, and Switch B is in VLAN 20. The router
has an interface in each VLAN. When Host A in VLAN 10 needs to communicate with Host B in VLAN 10, it sends a packet that is addressed to that host. Switch A forwards the packet directly to Host B, without sending it to the router. When Host A sends a packet to Host C in VLAN 20, Switch A forwards the packet to the router, which receives the traffic on the VLAN 10 interface. The router checks the routing table, finds the correct outgoing interface, and forwards the packet on the VLAN 20 interface to Switch B. Switch B receives the packet and forwards it to Host C.
Types of Routing
Routers and Layer 3 switches can route packets in these ways: · By using default routing
· By using preprogrammed static routes for the traffic
Classless Routing
By default, classless routing behavior is enabled on the device when it is configured to route. With classless routing, if a router receives packets for a subnet of a network with no default route, the router forwards the packet to the best supernet route. A supernet consists of contiguous blocks of Class C address spaces that are used to simulate a single, larger address space and is designed to relieve the pressure on the rapidly depleting Class B address space. In the following figure, classless routing is enabled. When the host sends a packet to 120.20.4.1, instead of discarding the packet, the router forwards it to the best supernet route. If you disable classless routing and a router receives packets that are destined for a subnet of a network with no network default route, the router discards the packet.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 56
Configuring IP Unicast Routing Figure 5: IP Classless Routing
Classless Routing
In the following figure, the router in network 128.20.0.0 is connected to subnets 128.20.1.0, 128.20.2.0, and 128.20.3.0. If the host sends a packet to 120.20.4.1, because there is no network default route, the router discards the packet.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 57
Address Resolution Figure 6: No IP Classless Routing
Configuring IP Unicast Routing
To prevent the device from forwarding packets that are destined for unrecognized subnets to the best supernet route possible, you can disable classless routing behavior.
Address Resolution
You can control interface-specific handling of IP by using address resolution. A device using IP can have both a local address or MAC address, which uniquely defines the device on its local segment or LAN, and a network address, which identifies the network to which the device belongs. The local address or MAC address is known as a data link address because it is contained in the data link layer (Layer 2) section of the packet header and is read by data link (Layer 2) devices. To communicate with a device on Ethernet, the software must learn the MAC address of the device. The process of learning the MAC address from an IP address is called address resolution. The process of learning the IP address from the MAC address is called reverse address resolution.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 58
Configuring IP Unicast Routing
Proxy ARP
The device can use these forms of address resolution:
· Address Resolution Protocol (ARP) is used to associate IP address with MAC addresses. Taking an IP address as input, ARP learns the associated MAC address and then stores the IP address/MAC address association in an ARP cache for rapid retrieval. Then the IP datagram is encapsulated in a link-layer frame and sent over the network.
· Proxy ARP helps hosts with no routing tables learn the MAC addresses of hosts on other networks or subnets. If the device (router) receives an ARP request for a host that is not on the same interface as the ARP request sender, and if the router has all of its routes to the host through other interfaces, it generates a proxy ARP packet giving its own local data link address. The host that sent the ARP request then sends its packets to the router, which forwards them to the intended host.
The device also uses the Reverse Address Resolution Protocol (RARP), which functions the same as ARP does, except that the RARP packets request an IP address instead of a local MAC address. Using RARP requires a RARP server on the same network segment as the router interface. Use the ip rarp-server address interface configuration command to identify the server.
Proxy ARP
Proxy ARP, the most common method for learning about other routes, enables an Ethernet host with no routing information to communicate with hosts on other networks or subnets. The host assumes that all hosts are on the same local Ethernet and that they can use ARP to learn their MAC addresses. If a device receives an ARP request for a host that is not on the same network as the sender, the device evaluates whether it has the best route to that host. If it does, it sends an ARP reply packet with its own Ethernet MAC address, and the host that sent the request sends the packet to the device, which forwards it to the intended host. Proxy ARP treats all networks as if they are local, and performs ARP requests for every IP address.
ICMP Router Discovery Protocol
Router discovery allows the device to dynamically learn about routes to other networks using ICMP router discovery protocol (IRDP). IRDP allows hosts to locate routers. When operating as a client, the device generates router discovery packets. When operating as a host, the device receives router discovery packets. The device can also listen to Routing Information Protocol (RIP) routing updates and use this information to infer locations of routers. The device does not actually store the routing tables that are sent by routing devices; it merely keeps track of which systems are sending the data. The advantage of using IRDP is that it allows each router to specify both a priority and the time after which a device is assumed to be down if no further packets are received.
Each device that is discovered becomes a candidate for the default router, and a new highest-priority router is selected when a higher priority router is discovered, when the current default router is declared down, or when a TCP connection is about to time out because of excessive retransmissions.
IRDP packets are not sent while enabling or disabling IP routing. When interface is shutting down, the last IRDP message does not have a lifetime; it is 0 for all routers.
UDP Broadcast Packets and Protocols
User Datagram Protocol (UDP) is an IP host-to-host layer protocol, as is TCP. UDP provides a low-overhead, connectionless session between two end systems and does not provide for acknowledgment of received datagrams. Network hosts occasionally use UDP broadcasts to find address, configuration, and name information. If such a host is on a network segment that does not include a server, UDP broadcasts are normally
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 59
Broadcast Packet Handling
Configuring IP Unicast Routing
not forwarded. You can remedy this situation by configuring an interface on a router to forward certain classes of broadcasts to a helper address. You can use more than one helper address per interface. You can specify a UDP destination port to control which UDP services are forwarded. You can specify multiple UDP protocols. You can also specify the Network Disk (ND) protocol, which is used by older diskless Sun workstations and the network security protocol SDNS. By default, both UDP, and ND forwarding are enabled if a helper address has been defined for an interface.
Broadcast Packet Handling
After configuring an IP interface address, you can enable routing and configure one or more routing protocols, or you can configure the way that the device responds to network broadcasts. A broadcast is a data packet that is destined for all hosts on a physical network. The device supports two kinds of broadcasting:
· A directed broadcast packet is sent to a specific network or series of networks. A directed broadcast address includes the network or subnet fields.
· A flooded broadcast packet is sent to every network.
Note You can also limit broadcast, unicast, and multicast traffic on Layer 2 interfaces by using the storm-control interface configuration command to set traffic suppression levels.
Routers provide some protection from broadcast storms by limiting their extent to the local cable. Bridges (including intelligent bridges), because they are Layer 2 devices, forward broadcasts to all network segments, thus propagating broadcast storms. The best solution to the broadcast storm problem is to use a single broadcast address scheme on a network. In most modern IP implementations, you can set the address to be used as the broadcast address. Many implementations, including the one in the device, support several addressing schemes for forwarding broadcast messages.
IP Broadcast Flooding
You can allow IP broadcasts to be flooded throughout your internetwork in a controlled fashion by using the database created by the bridging STP. Using this feature also prevents loops. To support this capability, bridging must be configured on each interface that is to participate in the flooding. If bridging is not configured on an interface, it still can receive broadcasts. However, the interface never forwards broadcasts it receives, and the router never uses that interface to send broadcasts received on a different interface. Packets that are forwarded to a single network address using the IP helper-address mechanism can be flooded. Only one copy of the packet is sent on each network segment. To be considered for flooding, packets must meet these criteria. (Note that these are the same conditions used to consider packet forwarding using IP helper addresses.)
· The packet must be a MAC-level broadcast.
· The packet must be an IP-level broadcast.
· The packet must be a TFTP, DNS, Time, NetBIOS, ND, or BOOTP packet, or a UDP specified by the ip forward-protocol udp global configuration command.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 60
Configuring IP Unicast Routing
Configuration Guidelines for IP Routing
· The time-to-live (TTL) value of the packet must be at least two.
A flooded UDP datagram is given the destination address specified with the ip broadcast-address interface configuration command on the output interface. The destination address can be set to any address. Thus, the destination address might change as the datagram propagates through the network. The source address is never changed. The TTL value is decremented. When a flooded UDP datagram is sent out an interface (and the destination address possibly changed), the datagram is handed to the normal IP output routines and is, therefore, subject to access lists, if they are present on the output interface. In the switch, the majority of packets are forwarded in hardware; most packets do not go through the switch CPU. For those packets that do go to the CPU, you can speed up spanning tree-based UDP flooding by a factor of about four to five times by using turbo-flooding. This feature is supported over Ethernet interfaces configured for ARP encapsulation.
Configuration Guidelines for IP Routing
In the following procedures, the specified interface must be one of these Layer 3 interfaces: · A routed port: a physical port configured as a Layer 3 port by using the no switchport interface configuration command. · A switch virtual interface (SVI): a VLAN interface that is created by using the interface vlan vlan_id global configuration command and by default a Layer 3 interface. · An EtherChannel port channel in Layer 3 mode: a port-channel logical interface that is created by using the interface port-channel port-channel-number global configuration command and binding the Ethernet interface into the channel group.
All Layer 3 interfaces on which routing will occur must have IP addresses assigned to them.
Note A Layer 3 switch can have an IP address that is assigned to each routed port and SVI.
Configuring routing consists of several main procedures: · To support VLAN interfaces, create and configure VLANs on the switch or switch stack, and assign VLAN membership to Layer 2 interfaces. For more information, see the "Configuring VLANs" chapter. · Configure Layer 3 interfaces. · Assign IP addresses to the Layer 3 interfaces. · Enable selected routing protocols on the switch. · Configure routing protocol parameters (optional).
How to Configure IP Addressing
A required task for configuring IP routing is to assign IP addresses to Layer 3 network interfaces to enable the interfaces and allow communication with the hosts on those interfaces that use IP. The following sections
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 61
Default IP Addressing Configuration
Configuring IP Unicast Routing
describe how to configure various IP addressing features. Assigning IP addresses to the interface is required; the other procedures are optional.
Default IP Addressing Configuration
Table 3: Default Addressing Configuration
Feature IP address ARP
IP broadcast address IP classless routing IP default gateway IP directed broadcast IP domain
IP forward-protocol
IP helper address IP host IRDP
Default Setting None defined. No permanent entries in the Address Resolution Protocol (ARP) cache. Encapsulation: Standard Ethernet-style ARP. Timeout: 14400 seconds (4 hours). 255.255.255.255 (all ones). Enabled. Disabled. Disabled (all IP directed broadcasts are dropped). Domain list: No domain names defined. Domain lookup: Enabled. Domain name: Enabled. If a helper address is defined or User Datagram Protocol (UDP) flooding is configured, UDP f is enabled on default ports. Any-local-broadcast: Disabled. Spanning Tree Protocol (STP): Disabled. Turbo-flood: Disabled. Disabled. Disabled. Disabled. Defaults when enabled:
· Broadcast IRDP advertisements. · Maximum interval between advertisements: 600 seconds. · Minimum interval between advertisements: 0.75 times max interval · Preference: 0.
IP proxy ARP
Enabled.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 62
Configuring IP Unicast Routing
Assigning IP Addresses to Network Interfaces
Feature IP routing IP subnet-zero
Default Setting Enabled. Disabled.
Assigning IP Addresses to Network Interfaces
An IP address identifies a location to which IP packets can be sent. Some IP addresses are reserved for special uses and cannot be used for host, subnet, or network addresses. RFC 1166, "Internet Numbers," contains the official description of IP addresses.
An interface can have one primary IP address. A mask identifies the bits that denote the network number in an IP address. When you use the mask to subnet a network, the mask is referred to as a subnet mask. To receive an assigned network number, contact your Internet service provider.
To assign IP addresses to network interfaces, perform this procedure:
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Device>enable
Step 2
configure terminal Example:
Device#configure terminal
Enters global configuration mode.
Step 3 Step 4 Step 5
interface interface-id Example:
Enters interface configuration mode, and specifies the Layer 3 interface to configure.
Device(config)#interface gigabitethernet 1/0/1
no switchport Example:
Removes the interface from Layer 2 configuration mode (if it is a physical interface).
Device(config-if)#no switchport
ip address ip-address subnet-mask Example:
Configures the IP address and IP subnet mask.
Device(config-if)#ip address 10.1.5.1 255.255.255.0
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 63
Using Subnet Zero
Configuring IP Unicast Routing
Step 6 Step 7 Step 8 Step 9 Step 10 Step 11
Command or Action no shutdown Example:
Device(config-if)#no shutdown
end Example:
Device(config)#end
Purpose Enables the physical interface.
Returns to privileged EXEC mode.
show ip route Example:
Verifies your entries.
Device#show ip route
show ip interface [interface-id] Example:
Verifies your entries.
Device#show ip interface gigabitethernet 1/0/1
show running-config Example:
Verifies your entries.
Device#show running-config
copy running-config startup-config Example:
Device#copy running-config startup-config
(Optional) Saves your entries in the configuration file.
Using Subnet Zero
Subnetting with a subnet address of zero is strongly discouraged because of the problems that can arise if a network and a subnet have the same addresses. For example, if network 131.108.0.0 is subnetted as 255.255.255.0, subnet zero would be written as 131.108.0.0, which is the same as the network address.
You can use the all ones subnet (131.108.255.0) and even though it is discouraged, you can enable the use of subnet zero if you need the entire subnet space for your IP address.
Use the no ip subnet-zero global configuration command to restore the default and disable the use of subnet zero.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 64
Configuring IP Unicast Routing
Disabling Classless Routing
Procedure
Step 1
Command or Action enable Example:
Device>enable
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
configure terminal Example:
Device#configure terminal
Enters global configuration mode.
Step 3 Step 4
ip subnet-zero Example:
Device(config)#ip subnet-zero
end Example:
Device(config)#end
Enables the use of subnet zero for interface addresses and routing updates.
Returns to privileged EXEC mode.
Step 5
show running-config Example:
Device#show running-config
Verifies your entries.
Step 6
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device#copy running-config startup-config
Disabling Classless Routing
To prevent the device from forwarding packets that are destined for unrecognized subnets to the best supernet route possible, you can disable classless routing behavior.
To disable classless routing, perform this procedure:
Procedure
Step 1
Command or Action enable
Purpose Enables privileged EXEC mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 65
Configuring Address Resolution Methods
Configuring IP Unicast Routing
Command or Action Example:
Device>enable
Purpose Enter your password if prompted.
Step 2
configure terminal Example:
Device#configure terminal
Enters global configuration mode.
Step 3 Step 4
no ip classless Example:
Device(config)#no ip classless
end Example:
Device(config)#end
Disables classless routing behavior. Returns to privileged EXEC mode.
Step 5
show running-config Example:
Device#show running-config
Verifies your entries.
Step 6
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device#copy running-config startup-config
Configuring Address Resolution Methods
You can perform the following tasks to configure address resolution.
Defining a Static ARP Cache
ARP and other address resolution protocols provide dynamic mapping between IP addresses and MAC addresses. Because most hosts support dynamic address resolution, you usually do not need to specify static ARP cache entries. If you must define a static ARP cache entry, you can do so globally, which installs a permanent entry in the ARP cache that the device uses to translate IP addresses into MAC addresses. Optionally, you can also specify that the device responds to ARP requests as if it were the owner of the specified IP address. If you do not want the ARP entry to be permanent, you can specify a timeout period for the ARP entry.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 66
Configuring IP Unicast Routing
Defining a Static ARP Cache
To define a static arp cache, perform this procedure:
Procedure Step 1
Command or Action enable Example:
Device>enable
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
configure terminal Example:
Device#configure terminal
Enters global configuration mode.
Step 3
Step 4 Step 5 Step 6 Step 7
arp ip-address hardware-address type Example:
Device(config)#ip 10.1.5.1 c2f3.220a.12f4 arpa
Associates an IP address with a MAC (hardware) address in the ARP cache, and specifies encapsulation type as one of these:
· arpa--ARP encapsulation for Ethernet interfaces
· sap--HP's ARP type
arp ip-address hardware-address type [alias] (Optional) Specifies that the switch responds
Example:
to ARP requests as if it were the owner of the specified IP address.
Device(config)#ip 10.1.5.3 d7f3.220d.12f5 arpa alias
interface interface-id Example:
Enters interface configuration mode, and specifies the interface to configure.
Device(config)#interface gigabitethernet 1/0/1
arp timeout seconds Example:
Device(config-if)#arp 20000
(Optional) Sets the length of time an ARP cache entry stays in the cache. The default is 14400 seconds (4 hours). The range is 0 to 2147483 seconds.
end Example:
Returns to privileged EXEC mode.
Device(config)#end
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 67
Setting ARP Encapsulation
Configuring IP Unicast Routing
Step 8 Step 9 Step 10 Step 11
Command or Action show interfaces [interface-id] Example:
Purpose
Verifies the type of ARP and the timeout value that is used on all interfaces or a specific interface.
Device#show interfaces gigabitethernet 1/0/1
show arp Example:
Views the contents of the ARP cache.
Device#show arp
show ip arp Example:
Views the contents of the ARP cache.
Device#show ip arp
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device#copy running-config startup-config
Setting ARP Encapsulation
By default, Ethernet ARP encapsulation (represented by the arpa keyword) is enabled on an IP interface. To setting ARP encapsulation, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Device>enable
Step 2
configure terminal Example:
Device#configure terminal
Enters global configuration mode.
Step 3
interface interface-id Example:
Enters interface configuration mode, and specifies the Layer 3 interface to configure.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 68
Configuring IP Unicast Routing
Enabling Proxy ARP
Step 4 Step 5
Command or Action
Purpose
Device(config)#interface gigabitethernet 1/0/2
arp arpa Example:
Device(config-if)#arp arpa
Specifies the ARP encapsulation method.
Use the no arp arpa command to disable ARP encapsulation method.
end Example:
Returns to privileged EXEC mode.
Device(config)#end
Step 6 Step 7
show interfaces [interface-id] Example:
Verifies ARP encapsulation configuration on all interfaces or the specified interface.
Device#show interfaces
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device#copy running-config startup-config
Enabling Proxy ARP
By default, the device uses proxy ARP to help hosts learn MAC addresses of hosts on other networks or subnets.
To enable proxy ARP, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Device>enable
Step 2
configure terminal Example:
Device#configure terminal
Enters global configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 69
Routing Assistance When IP Routing is Disabled
Configuring IP Unicast Routing
Step 3 Step 4 Step 5
Command or Action interface interface-id Example:
Purpose
Enters interface configuration mode, and specifies the Layer 3 interface to configure.
Device(config)#interface gigabitethernet 1/0/2
ip proxy-arp Example:
Enables proxy ARP on the interface.
Device(config-if)#ip proxy-arp
end Example:
Returns to privileged EXEC mode.
Device(config)#end
Step 6 Step 7
show ip interface [interface-id] Example:
Verifies the configuration on the interface or all interfaces.
Device#show ip interface gigabitethernet 1/0/2
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device#copy running-config startup-config
Routing Assistance When IP Routing is Disabled
These mechanisms allow the device to learn about routes to other networks when it does not have IP routing that is enabled:
· Proxy ARP · Default Gateway · ICMP Router Discovery Protocol (IRDP)
Proxy ARP
Proxy ARP is enabled by default. To enable it after it has been disabled, see the "Enabling Proxy ARP" section. Proxy ARP works as long as other routers support it.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 70
Configuring IP Unicast Routing
Configuring Default Gateway
Configuring Default Gateway
Another method for locating routes is to define a default router or default gateway. All non-local packets are sent to this router, which either routes them appropriately or sends an IP Control Message Protocol (ICMP) redirect message back, defining which local router the host should use. The device caches the redirect messages and forwards each packet as efficiently as possible. A limitation of this method is that there is no means of detecting when the default router has gone down or is unavailable.
To configure default gateway, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Device>enable
Step 2
configure terminal Example:
Device#configure terminal
Enters global configuration mode.
Step 3 Step 4
ip default-gateway ip-address Example:
Device(config)#ip default gateway 10.1.5.1
end Example:
Device(config)#end
Sets up a default gateway (router). Returns to privileged EXEC mode.
Step 5 Step 6
show ip redirects Example:
Displays the address of the default gateway router to verify the setting.
Device#show ip redirects
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device#copy running-config startup-config
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 71
Configuring ICMP Router Discovery Protocol
Configuring IP Unicast Routing
Configuring ICMP Router Discovery Protocol
The only required task for IRDP routing on an interface is to enable IRDP processing on that interface. When enabled, the default parameters apply.
You can optionally change any of these parameters. If you change the maxadvertinterval value, the holdtime and minadvertinterval values also change, so it is important to first change the maxadvertinterval value, before manually changing either the holdtime or minadvertinterval values.
To configure ICMP router discovery protocol, perform this procedure:
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Device>enable
Step 2
configure terminal Example:
Device#configure terminal
Enters global configuration mode.
Step 3 Step 4 Step 5
interface interface-id Example:
Enters interface configuration mode, and specifies the Layer 3 interface to configure.
Device(config)#interface gigabitethernet 1/0/1
ip irdp Example:
Enables IRDP processing on the interface.
Device(config-if)#ip irdp
ip irdp multicast Example:
Device(config-if)#ip irdp multicast
(Optional) Sends IRDP advertisements to the multicast address (224.0.0.1) instead of IP broadcasts.
Note
This command allows for
compatibility with Sun
Microsystems Solaris, which
requires IRDP packets to be sent
out as multicasts. Many
implementations cannot receive
these multicasts; ensure end-host
ability before using this
command.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 72
Configuring IP Unicast Routing
Configuring ICMP Router Discovery Protocol
Step 6
Step 7 Step 8 Step 9 Step 10 Step 11 Step 12 Step 13
Command or Action
Purpose
ip irdp holdtime seconds
(Optional) Sets the IRDP period for which
Example:
advertisements are valid. The default is three times the maxadvertinterval value. It must
be greater than maxadvertinterval and cannot Device(config-if)#ip irdp holdtime 1000 be greater than 9000 seconds. If you change
the maxadvertinterval value, this value also
changes.
ip irdp maxadvertinterval seconds Example:
(Optional) Sets the IRDP maximum interval between advertisements. The default is 600 seconds.
Device(config-if)#ip irdp maxadvertinterval 650
ip irdp minadvertinterval seconds Example:
Device(config-if)#ip irdp minadvertinterval 500
(Optional) Sets the IRDP minimum interval between advertisements. The default is 0.75 times the maxadvertinterval. If you change the maxadvertinterval, this value changes to the new default (0.75 of maxadvertinterval).
ip irdp preference number
(Optional) Sets a device IRDP preference level.
Example:
The allowed range is 231 to 231. The default is 0. A higher value increases the router
preference level.
Device(config-if)#ip irdp preference 2
ip irdp address address [number] Example:
(Optional) Specifies an IRDP address and preference to proxy-advertise.
Device(config-if)#ip irdp address 10.1.10.10
end Example:
Returns to privileged EXEC mode.
Device(config)#end
show ip irdp Example:
Device#show ip irdp
copy running-config startup-config Example:
Device#copy running-config startup-config
Verifies settings by displaying IRDP values.
(Optional) Saves your entries in the configuration file.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 73
Configuring Broadcast Packet Handling
Configuring IP Unicast Routing
Configuring Broadcast Packet Handling
Perform the tasks in these sections to enable these schemes: · Enabling Directed Broadcast-to-Physical Broadcast Translation · Forwarding UDP Broadcast Packets and Protocols · Establishing an IP Broadcast Address · Flooding IP Broadcasts
Enabling Directed Broadcast-to-Physical Broadcast Translation
By default, IP directed broadcasts are dropped; they are not forwarded. Dropping IP-directed broadcasts makes routers less susceptible to denial-of-service attacks.
You can enable forwarding of IP-directed broadcasts on an interface where the broadcast becomes a physical (MAC-layer) broadcast. Only those protocols configured by using the ip forward-protocol global configuration command are forwarded.
You can specify an access list to control which broadcasts are forwarded. When an access list is specified, only those IP packets permitted by the access list are eligible to be translated from directed broadcasts to physical broadcasts. For more information on access lists, see the "Configuring ACLs" chapter in the Security Configuration Guide.
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Device>enable
Step 2
configure terminal Example:
Device#configure terminal
Enters global configuration mode.
Step 3 Step 4
interface interface-id Example:
Enters interface configuration mode, and specifies the interface to configure.
Device(config)#interface gigabitethernet 1/0/2
ip directed-broadcast [access-list-number] Enables directed broadcast-to-physical
Example:
broadcast translation on the interface. You can include an access list to control which
broadcasts are forwarded. When an access list,
Device(config-if)#ip 103
directed-broadcast
only IP packets permitted by the access list can
be translated.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 74
Configuring IP Unicast Routing
Forwarding UDP Broadcast Packets and Protocols
Step 5 Step 6
Step 7 Step 8 Step 9 Step 10
Command or Action exit Example:
Purpose Returns to global configuration mode.
Device(config-if)#exit
ip forward-protocol {udp [port] | nd | sdns} Specifies which protocols and ports the router
Example:
forwards when forwarding broadcast packets.
· udp--Forward UPD datagrams.
Device(config)#ip forward-protocol nd
port: (Optional) Destination port that controls which UDP services are forwarded.
· nd--Forward ND datagrams.
· sdns--Forward SDNS datagrams
end Example:
Returns to privileged EXEC mode.
Device(config)#end
show ip interface [interface-id] Example:
Device#show ip interface
show running-config Example:
Device#show running-config
Verifies the configuration on the interface or all interfaces
Verifies your entries.
copy running-config startup-config Example:
Device#copy running-config startup-config
(Optional) Saves your entries in the configuration file.
Forwarding UDP Broadcast Packets and Protocols
If you do not specify any UDP ports when you configure the forwarding of UDP broadcasts, you are configuring the router to act as a BOOTP forwarding agent. BOOTP packets carry DHCP information.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 75
Forwarding UDP Broadcast Packets and Protocols
Configuring IP Unicast Routing
Procedure Step 1
Command or Action enable Example:
Device>enable
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
configure terminal Example:
Device#configure terminal
Enters global configuration mode.
Step 3 Step 4 Step 5 Step 6
interface interface-id Example:
Enters interface configuration mode, and specifies the Layer 3 interface to configure.
Device(config)#interface gigabitethernet 1/0/1
ip helper-address address Example:
Enables forwarding and specifies the destination address for forwarding UDP broadcast packets, including BOOTP.
Device(config-if)#ip helper address 10.1.10.1
exit Example:
Returns to global configuration mode.
Device(config-if)#exit
ip forward-protocol {udp [port] | nd | sdns} Specifies which protocols the router forwards
Example:
when forwarding broadcast packets.
Device(config)#ip forward-protocol sdns
Step 7
end Example:
Device(config)#end
Returns to privileged EXEC mode.
Step 8
show ip interface [interface-id] Example:
Verifies the configuration on the interface or all interfaces.
Device#show ip interface gigabitethernet 1/0/1
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 76
Configuring IP Unicast Routing
Establishing an IP Broadcast Address
Step 9 Step 10
Command or Action show running-config Example:
Device#show running-config
copy running-config startup-config Example:
Device#copy running-config startup-config
Purpose Verifies your entries.
(Optional) Saves your entries in the configuration file.
Establishing an IP Broadcast Address
The most popular IP broadcast address (and the default) is an address consisting of all ones (255.255.255.255). However, the switch can be configured to generate any form of IP broadcast address.
To establish an IP broadcast address, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Device>enable
Step 2
configure terminal Example:
Device#configure terminal
Enters global configuration mode.
Step 3 Step 4
interface interface-id Example:
Enters interface configuration mode, and specifies the interface to configure.
Device(config)#interface gigabitethernet 1/0/1
ip broadcast-address ip-address Example:
Enters a broadcast address different from the default, for example 128.1.255.255.
Device(config-if)#ip broadcast-address 128.1.255.255
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 77
Flooding IP Broadcasts
Configuring IP Unicast Routing
Step 5
Command or Action end Example:
Device(config)#end
Purpose Returns to privileged EXEC mode.
Step 6 Step 7
show ip interface [interface-id] Example:
Verifies the broadcast address on the interface or all interfaces.
Device#show ip interface
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device#copy running-config startup-config
Flooding IP Broadcasts
To configure IP broadcasts flooding, perform this procedure.
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Device>enable
Step 2
configure terminal Example:
Device#configure terminal
Enters global configuration mode.
Step 3 Step 4
ip forward-protocol spanning-tree Example:
Device(config)#ip forward-protocol spanning-tree
ip forward-protocol turbo-flood Example:
Uses the bridging spanning-tree database to flood UDP datagrams.
Uses the spanning-tree database to speed up flooding of UDP datagrams.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 78
Configuring IP Unicast Routing
How to Configure IP Unicast Routing
Step 5
Command or Action
Device(config)#ip forward-protocol turbo-flood
end Example:
Device(config)#end
Purpose Returns to privileged EXEC mode.
Step 6
show running-config Example:
Device#show running-config
Verifies your entries.
Step 7
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device#copy running-config startup-config
How to Configure IP Unicast Routing
The following sections provide configuration information about IP unicast routing.
Enabling IP Unicast Routing
By default, IP routing is enabled on the device. Use the show run all | ip routing command to verify the status of IP routing on the device.
What to Do Next
You can now set up parameters for the selected routing protocols as described in these sections: · RIP · OSPF, · EIGRP · BGP · Unicast Reverse Path Forwarding · Protocol-Independent Features (optional)
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 79
Monitoring and Maintaining IP Addressing
Configuring IP Unicast Routing
Monitoring and Maintaining IP Addressing
When the contents of a particular cache, table, or database have become or are suspected to be invalid, you can remove all its contents by using the clear privileged EXEC commands. The Table lists the commands for clearing contents.
Table 4: Commands to Clear Caches, Tables, and Databases
Command clear arp-cache clear host {name | *} clear ip route {network [mask] | *}
Purpose Clears the IP ARP cache and the fast-switching cache. Removes one or all entries from the hostname and the address cac Removes one or more routes from the IP routing table.
You can display specific statistics, such as the contents of IP routing tables, caches, and databases; the reachability of nodes; and the routing path that packets are taking through the network. The Table lists the privileged EXEC commands for displaying IP statistics.
Table 5: Commands to Display Caches, Tables, and Databases
Command show arp show hosts
show ip aliases show ip arp show ip interface [interface-id] show ip irdp show ip masks address
show ip redirects show ip route [address [mask]] | [protocol] show ip route summary
Purpose Displays the entries in the ARP table. Displays the default domain name, style of lookup service, name server the cached list of hostnames and addresses. Displays IP addresses mapped to TCP ports (aliases). Displays the IP ARP cache. Displays the IP status of interfaces. Displays IRDP values. Displays the masks used for network addresses and the number of subn each mask. Displays the address of a default gateway. Displays the current state of the routing table. Displays the current state of the routing table in summary form.
Monitoring and Maintaining the IP Network
You can remove all contents of a particular cache, table, or database. You can also display specific statistics.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 80
Configuring IP Unicast Routing
Feature History for IP Unicast Routing
Table 6: Command to Clear IP Routes or Display Route Status
Command show ip route summary
Purpose Displays the current state of the routing table in summary
Feature History for IP Unicast Routing
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1
IP Unicast Routing
IP Unicast Routing is a routing process that forwards traffic to an unicast address. Layer 3 switches route packets either hrough preprogrammed static routes or through default routes.
Cisco IOS XE Amsterdam 17.3.1
New command ip network-broadcast
ip network-broadcast command was introduced to receive and accept network-prefix-directed broadcast packets.
Cisco IOS XE Cupertino 17.7.1
IP Unicast Routing
Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 81
Feature History for IP Unicast Routing
Configuring IP Unicast Routing
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 82
5 C H A P T E R
Configuring IPv6 Unicast Routing
· Information About IPv6 Unicast Routing, on page 83 · How to Configure IPv6 Unicast Routing, on page 87 · Configuration Examples for IPv6 Unicast Routing, on page 99 · Additional References, on page 101 · Feature History for IPv6 Unicast Routing, on page 102
Information About IPv6 Unicast Routing
This chapter describes how to configure IPv6 unicast routing on the switch.
Understanding IPv6
IPv4 users can move to IPv6 and receive services such as end-to-end security, quality of service (QoS), and globally unique addresses. The IPv6 address space reduces the need for private addresses and Network Address Translation (NAT) processing by border routers at network edges. For information about how Cisco Systems implements IPv6, go to Networking Software (IOS & NX-OS) For information about IPv6 and other features in this chapter
· See the Cisco IOS IPv6 Configuration Library. · Use the Search field on Cisco.com to locate the Cisco IOS software documentation. For example, if you
want information about static routes, you can enter Implementing Static Routes for IPv6 in the search field to learn about static routes.
Static Routes for IPv6
Static routes are manually configured and define an explicit route between two networking devices. Static routes are useful for smaller networks with only one path to an outside network or to provide security for certain types of traffic in a larger network. Configuring Static Routing for IPv6 (CLI) For configuring static routes for IPv6, see the Configuring Static Routing for IPv6 section. For more information about static routes, see the "Implementing Static Routes for IPv6" chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 83
Path MTU Discovery for IPv6 Unicast
Configuring IPv6 Unicast Routing
Path MTU Discovery for IPv6 Unicast
The switch supports advertising the system maximum transmission unit (MTU) to IPv6 nodes and path MTU discovery. Path MTU discovery allows a host to dynamically discover and adjust to differences in the MTU size of every link along a given data path. In IPv6, if a link along the path is not large enough to accommodate the packet size, the source of the packet handles the fragmentation.
ICMPv6
The Internet Control Message Protocol (ICMP) in IPv6 generates error messages, such as ICMP destination unreachable messages, to report errors during processing and other diagnostic functions. In IPv6, ICMP packets are also used in the neighbor discovery protocol and path MTU discovery.
Neighbor Discovery
The switch supports NDP for IPv6, a protocol running on top of ICMPv6, and static neighbor entries for IPv6 stations that do not support NDP. The IPv6 neighbor discovery process uses ICMP messages and solicited-node multicast addresses to determine the link-layer address of a neighbor on the same network (local link), to verify the reachability of the neighbor, and to keep track of neighboring routers.
The switch supports ICMPv6 redirect for routes with mask lengths less than 64 bits. ICMP redirect is not supported for host routes or for summarized routes with mask lengths greater than 64 bits.
Neighbor discovery throttling ensures that the switch CPU is not unnecessarily burdened while it is in the process of obtaining the next hop forwarding information to route an IPv6 packet. The switch drops any additional IPv6 packets whose next hop is the same neighbor that the switch is actively trying to resolve. This drop avoids further load on the CPU.
Default Router Preference
The switch supports IPv6 default router preference (DRP), an extension in router advertisement messages. DRP improves the ability of a host to select an appropriate router, especially when the host is multihomed and the routers are on different links. The switch does not support the Route Information Option in RFC 4191.
An IPv6 host maintains a default router list from which it selects a router for traffic to offlink destinations. The selected router for a destination is then cached in the destination cache. NDP for IPv6 specifies that routers that are reachable or probably reachable are preferred over routers whose reachability is unknown or suspect. For reachable or probably reachable routers, NDP can either select the same router every time or cycle through the router list. By using DRP, you can configure an IPv6 host to prefer one router over another, provided both are reachable or probably reachable.
For configuring DRP for IPv6, see the Configuring Default Router Preference section.
For more information about DRP for IPv6, see the Cisco IOS IPv6 Configuration Library on Cisco.com.
Policy-Based Routing for IPv6
Policy-based routing (PBR) gives you a flexible means of routing packets by allowing you to configure a defined policy for traffic flows, which lessens reliance on routes that are derived from routing protocols. Therefore, PBR gives you more control over routing by extending and complementing the existing mechanisms that are provided by routing protocols. PBR allows you to set the IPv6 precedence. For a simple policy, you can use any one of these tasks; for a complex policy, you can use all of them. It also allows you to specify a path for certain traffic, such as priority traffic over a high-cost link.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 84
Configuring IPv6 Unicast Routing
Unsupported IPv6 Unicast Routing Features
PBR for IPv6 may be applied to both forwarded and originated IPv6 packets. For forwarded packets, PBR for IPv6 will be implemented as an IPv6 input interface feature, supported in the following forwarding paths:
· Process · Cisco Express Forwarding (formerly known as CEF) · Distributed Cisco Express Forwarding
Policies can be based on the IPv6 address, port numbers, protocols, or packet size. PBR allows you to perform the following tasks:
· Classify traffic based on extended access list criteria. Access lists, then, establish the match criteria. · Set IPv6 precedence bits, giving the network the ability to enable differentiated classes of service.
Note This feature is not supported on the Cisco Catalyst 9600X-SUP-2 Module.
· Route packets to specific traffic-engineered paths; you might need to route them to allow a specific quality of service (QoS) through the network.
PBR allows you to classify and mark packets at the edge of the network. PBR marks a packet by setting precedence value. The precedence value can be used directly by devices in the network core to apply the appropriate QoS to a packet, which keeps packet classification at your network edge. For enabling PBR for IPv6, see the Enabling Local PBR for IPv6 section. For enabling IPv6 PBR for an interface, see the Enabling IPv6 PBR on an Interface section.
Unsupported IPv6 Unicast Routing Features
The switch does not support these IPv6 features: · IPv6 packets that are destined to site-local addresses · Tunneling protocols, such as IPv4-to-IPv6 or IPv6-to-IPv4 · The switch as a tunnel endpoint supporting IPv4-to-IPv6 or IPv6-to-IPv4 tunneling protocols · GRE tunnels with IPv6 underlay is not supported on Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2). · IPv6 Web Cache Communication Protocol (WCCP)
IPv6 Feature Limitations
Because IPv6 is implemented in switch hardware, some limitations occurs due to the IPv6 compressed addresses in the hardware memory. This hardware limitation result in some loss of functionality and limits some features. For example, the switch cannot apply QoS classification on source-routed IPv6 packets in hardware.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 85
IPv6 and Switch Stacks
Configuring IPv6 Unicast Routing
IPv6 and Switch Stacks
The switch supports IPv6 forwarding across the stack and IPv6 host functionality on the active switch. The active switch runs the IPv6 unicast routing protocols and computes the routing tables. They receive the tables and create hardware IPv6 routes for forwarding. The active switch also runs all IPv6 applications.
If a new switch becomes the active switch, it recomputes the IPv6 routing tables and distributes them to the member switches. While the new active switch is being elected and is resetting, the switch stack does not forward IPv6 packets. The stack MAC address changes, which also change the IPv6 address. When you specify the stack IPv6 address with an extended unique identifier (EUI) by using the ipv6 address ipv6-prefix/prefix length eui-64 interface configuration command, the address is based on the interface MAC address. See the Configuring IPv6 Addressing and Enabling IPv6 Routing section.
If you configure the persistent MAC address feature on the stack and the active switch changes, the stack MAC address does not change for approximately 4 minutes.
These are the functions of IPv6 active switch and members:
· Active switch:
· runs IPv6 routing protocols
· generates routing tables
· distributes routing tables to member switches that use distributed Cisco Express Forwarding for IPv6
· runs IPv6 host functionality and IPv6 applications
· Member switch:
· receives Cisco Express Forwarding for IPv6 routing tables from the active switch
· programs the routes into hardware
Note IPv6 packets are routed in hardware across the stack if the packet does not have exceptions (IPv6 Options) and the switches in the stack have not run out of hardware resources.
· flushes the Cisco Express Forwarding for IPv6 tables on active switch re-election
Default IPv6 Configuration
Table 7: Default IPv6 Configuration
Feature IPv6 routing
Default Setting Disabled globally and on all interfaces
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 86
Configuring IPv6 Unicast Routing
How to Configure IPv6 Unicast Routing
Feature
Default Setting
Cisco Express Forwarding for IPv6 or
Disabled (IPv4 Cisco Express Forwarding and distributed
distributed Cisco Express Forwarding for IPv6 Cisco Express Forwarding are enabled by default)
Note
When IPv6 routing is enabled, Cisco Express
Forwarding for IPv6 and distributed Cisco
Express Forwarding for IPv6 are automatically
enabled.
IPv6 addresses
None configured
How to Configure IPv6 Unicast Routing
The following sections show the various configuration options available for IPv6 Unicast Routing
Configuring IPv6 Addressing and Enabling IPv6 Routing
This section describes how to assign IPv6 addresses to individual Layer 3 interfaces and to globally forward IPv6 traffic on the switch.
Note IPv6 routing is not enabled by default and needs to be enabled using the ipv6 unicast-routing command.
Before configuring IPv6 on the switch, consider these guidelines:
· Not all features that are discussed in this chapter are supported by the switch. See the Unsupported IPv6 Unicast Routing Features.
· In the ipv6 address interface configuration command, you must enter the ipv6-address and ipv6-prefix variables with the address that is specified in hexadecimal using 16-bit values between colons. The prefix-length variable (preceded by a slash [/]) is a decimal value that shows how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address).
To forward IPv6 traffic on an interface, you must configure a global IPv6 address on that interface. Configuring an IPv6 address on an interface automatically configures a link-local address and activates IPv6 for the interface. The configured interface automatically joins these required multicast groups for that link:
· solicited-node multicast group FF02:0:0:0:0:1:ff00::/104 for each unicast address assigned to the interface (this address is used in the neighbor discovery process.)
· all-nodes link-local multicast group FF02::1
· all-routers link-local multicast group FF02::2
To remove an IPv6 address from an interface, use the no ipv6 address ipv6-prefix/prefix length eui-64 or no ipv6 address ipv6-address link-local interface configuration command. To remove all manually configured IPv6 addresses from an interface, use the no ipv6 address interface configuration command without arguments. To disable IPv6 processing on an interface that has not been explicitly configured with an IPv6 address, use
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 87
Configuring IPv6 Addressing and Enabling IPv6 Routing
Configuring IPv6 Unicast Routing
the no ipv6 enable interface configuration command. To globally disable IPv6 routing, use the no ipv6 unicast-routing global configuration command.
For more information about configuring IPv6 routing, see the "Implementing Addressing and Basic Connectivity for IPv6" chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
To assign an IPv6 address to a Layer 3 interface and enable IPv6 routing, perform this procedure:
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Device# configure terminal
Step 3 Step 4
sdm prefer {core | distribution | nat} Example:
Device(config)# sdm prefer core
end Example:
Device(config)# end
Selects an SDM template: · core--Sets the switch to the default template.
· distribution--Sets the distribution template
· nat--Maximizes the NAT configuration on the switch.
Returns to privileged EXEC mode.
Step 5
reload Example:
Device# reload
Reloads the operating system.
Step 6
configure terminal Example:
Device# configure terminal
Enters global configuration mode after the switch reloads.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 88
Configuring IPv6 Unicast Routing
Configuring IPv6 Addressing and Enabling IPv6 Routing
Step 7 Step 8 Step 9
Step 10 Step 11
Command or Action interface interface-id Example:
Device(config)# interface gigabitethernet 1/0/1
Purpose
Enters interface configuration mode, and specifies the Layer 3 interface to configure. The interface can be a physical interface, a switch virtual interface (SVI), or a Layer 3 EtherChannel.
no switchport Example:
Device(config-if)# no switchport
Removes the interface from Layer 2 configuration mode (if it is a physical interface).
Use one of the following: · ipv6 address ipv6-prefix/prefix length eui-64 · ipv6 address ipv6-address/prefix length · ipv6 address ipv6-address link-local · ipv6 enable · ipv6 address WORD · ipv6 address autoconfig · ipv6 address dhcp
Example:
Device(config-if)# ipv6 address 2001:0DB8:c18:1::/64 eui 64
Device(config-if)# ipv6 address 2001:0DB8:c18:1::/64
Device(config-if)# ipv6 address 2001:0DB8:c18:1:: link-local
Device(config-if)# ipv6 enable
· Specifies a global IPv6 address with an extended unique identifier (EUI) in the low-order 64 bits of the IPv6 address. Specify only the network prefix; the last 64 bits are automatically computed from the switch MAC address. This enables IPv6 processing on the interface.
· Manually configures an IPv6 address on the interface.
· Specifies a link-local address on the interface to be used instead of the link-local address that is automatically configured when IPv6 is enabled on the interface. This command enables IPv6 processing on the interface.
· Automatically configures an IPv6 link-local address on the interface, and enables the interface for IPv6 processing. The link-local address can only be used to communicate with nodes on the same link.
exit Example:
Returns to global configuration mode.
Device(config-if)# exit
ipv6 unicast-routing Example:
Enables forwarding of IPv6 unicast data packets.
Device(config)# ipv6 unicast-routing
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 89
Configuring IPv4 and IPv6 Protocol Stacks
Configuring IPv6 Unicast Routing
Step 12 Step 13 Step 14
Command or Action end Example:
Device(config)# end
show ipv6 interface interface-id Example:
Device# show ipv6 interface gigabitethernet 1/0/1
copy running-config startup-config Example:
Device# copy running-config startup-config
Purpose Returns to privileged EXEC mode.
Verifies your entries.
(Optional) Saves your entries in the configuration file.
Configuring IPv4 and IPv6 Protocol Stacks
Beginning in privileged EXEC mode, follow these steps to configure a Layer 3 interface to support both IPv4 and IPv6 and to enable IPv6 routing.
Note To disable IPv6 processing on an interface that has not been configured with an IPv6 address, use the no ipv6 enable command in interface configuration mode.
Procedure Step 1 Step 2 Step 3
Command or Action enable Example:
Device> enable
configure terminal Example:
Device# configure terminal
ipv6 unicast-routing Example:
Device(config)# ipv6 unicast-routing
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Enters global configuration mode.
Enables forwarding of IPv6 data packets on the switch.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 90
Configuring IPv6 Unicast Routing
Configuring IPv4 and IPv6 Protocol Stacks
Step 4 Step 5 Step 6 Step 7
Step 8 Step 9
Command or Action
interface interface-id Example:
Device(config)# interface gigabitethernet 1/0/1
Purpose
Enters interface configuration mode, and specifies the Layer 3 interface to configure.
no switchport Example:
Device(config-if)# no switchport
Removes the interface from Layer 2 configuration mode (if it is a physical interface).
ip address ip-address mask [secondary] Example:
Specifies a primary or secondary IPv4 address for the interface.
Device(config-if)# ip address 10.1.2.3 255.255.255
Use one of the following:
· ipv6 address ipv6-prefix/prefix length eui-64
· ipv6 address ipv6-address/prefix length · ipv6 address ipv6-address link-local · ipv6 enable · ipv6 addressWORD · ipv6 addressautoconfig · ipv6 addressdhcp
· Specifies a global IPv6 address. Specify only the network prefix; the last 64 bits are automatically computed from the switch MAC address.
· Specifies a link-local address on the interface to be used instead of the automatically configured link-local address when IPv6 is enabled on the interface.
· Automatically configures an IPv6 link-local address on the interface, and enables the interface for IPv6 processing. The link-local address can only be used to communicate with nodes on the same link.
Note
To remove all manually
configured IPv6 addresses from
an interface, use the no ipv6
address interface configuration
command without arguments.
end Example:
Device(config)# end
Use one of the following: · show interface interface-id · show ip interface interface-id · show ipv6 interface interface-id
Returns to privileged EXEC mode. Verifies your entries.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 91
Configuring Default Router Preference
Configuring IPv6 Unicast Routing
Step 10
Command or Action
copy running-config startup-config Example:
Device# copy running-config startup-config
Purpose
(Optional) Saves your entries in the configuration file.
Configuring Default Router Preference
Router advertisement messages are sent with the default router preference (DRP) configured by the ipv6 nd router-preference interface configuration command. If no DRP is configured, RAs are sent with a medium preference.
A DRP is useful when two routers on a link might provide equivalent, but not equal-cost routing, and policy might dictate that hosts should prefer one of the routers.
For more information about configuring DRP for IPv6, see the "Implementing IPv6 Addresses and Basic Connectivity" chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
Beginning in privileged EXEC mode, follow these steps to configure a DRP for a router on an interface.
Procedure
Step 1
Command or Action enable Example:
Device> enable
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
configure terminal Example:
Device# configure terminal
Enters global configuration mode.
Step 3
interface interface-id
Enters interface configuration mode and
Example:
identifies the Layer 3 interface on which you want to specify the DRP.
Device(config)# interface gigabitethernet
1/0/1
Step 4
ipv6 nd router-preference {high | medium | Specifies a DRP for the router on the switch
low}
interface.
Example:
Device(config-if)# ipv6 nd router-preference medium
Step 5
end Example:
Device(config)# end
Returns to privileged EXEC mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 92
Configuring IPv6 Unicast Routing
Configuring IPv6 ICMP Rate Limiting
Step 6 Step 7
Command or Action show ipv6 interface Example:
Device# show ipv6 interface
copy running-config startup-config Example:
Device# copy running-config startup-config
Purpose Verifies the configuration.
(Optional) Saves your entries in the configuration file.
Configuring IPv6 ICMP Rate Limiting
ICMP rate limiting is enabled by default with a default interval between error messages of 100 milliseconds and a bucket size (maximum number of tokens to be stored in a bucket) of 10. To change the ICMP rate-limiting parameters, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Device> enable
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
configure terminal Example:
Device# configure terminal
Enters global configuration mode.
Step 3
ipv6 icmp error-interval interval [bucketsize] Configures the interval and bucket size for IPv6
Example:
ICMP error messages:
Device(config)# ipv6 icmp error-interval · interval--The interval (in milliseconds)
50 20
between tokens being added to the bucket.
The range is from 0 to 2147483647
milliseconds.
· bucketsize--(Optional) The maximum number of tokens stored in the bucket. The range is from 1 to 200.
Step 4 Step 5
end Example:
Device(config)# end
show ipv6 interface [interface-id] Example:
Returns to privileged EXEC mode. Verifies your entries.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 93
Configuring Cisco Express Forwarding and distributed Cisco Express Forwarding for IPv6
Configuring IPv6 Unicast Routing
Step 6
Command or Action
Device# show ipv6 interface gigabitethernet0/1
copy running-config startup-config Example:
Device# copy running-config startup-config
Purpose
(Optional) Saves your entries in the configuration file.
Configuring Cisco Express Forwarding and distributed Cisco Express Forwarding for IPv6
Cisco Express Forwarding is a Layer 3 IP switching technology to improve network performance. Cisco Express Forwarding implements an advanced IP look-up and forwarding algorithm to deliver maximum Layer 3 switching performance. It is less CPU-intensive than fast-switching route-caching, allowing more CPU processing power to be dedicated to packet forwarding. IPv4 Cisco Express Forwarding and distributed Cisco Express Forwarding are enabled by default. IPv6 Cisco Express Forwarding and distributed Cisco Express Forwarding are disabled by default, but automatically enabled when you configure IPv6 routing.
IPv6 Cisco Express Forwarding and distributed Cisco Express Forwarding are automatically disabled when IPv6 routing is unconfigured. IPv6 Cisco Express Forwarding and distributed Cisco Express Forwarding cannot disabled through configuration. You can verify the IPv6 state by entering the show ipv6 cef command in privileged EXEC mode.
To route IPv6 unicast packets, you must first globally configure forwarding of IPv6 unicast packets by using the ipv6 unicast-routing global configuration command, and you must configure an IPv6 address and IPv6 processing on an interface by using the ipv6 address command in interface configuration mode.
For more information about configuring Cisco Express Forwarding and distributed Cisco Express Forwarding, see Cisco IOS IPv6 Configuration Library on Cisco.com.
Configuring Static Routing for IPv6
For more information about configuring static IPv6 routing, see the "Implementing Static Routes for IPv6" chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com. To configure static IPv6 routing, perform this procedure:
Before you begin
You must enable the forwarding of IPv6 packets by using the ipv6 unicast-routing command in global configuration mode, and enable IPv6 on at least one Layer 3 interface by configuring an IPv6 address on the interface.
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 94
Configuring IPv6 Unicast Routing
Configuring Static Routing for IPv6
Step 2 Step 3
Command or Action
Device> enable
Purpose
configure terminal Example:
Device# configure terminal
Enters global configuration mode.
ipv6 route ipv6-prefix/prefix length
Configures a static IPv6 route.
{ipv6-address | interface-id [ipv6-address]} [administrative distance]
· ipv6-prefix--The IPv6 network that is the destination of the static route. It can also
Example:
be a hostname when static host routes are
Device(config)# ipv6 route 2001:0DB8::/32
configured.
gigabitethernet2/0/1 130
· /prefix length--The length of the IPv6
prefix. A decimal value that shows how
many of the high-order contiguous bits of
the address comprise the prefix (the
network portion of the address). A slash
mark must precede the decimal value.
· ipv6-address--The IPv6 address of the next hop that can be used to reach the specified network. The IPv6 address of the next hop need not be directly connected; recursion is done to find the IPv6 address of the directly connected next hop. The address must be in the form that is documented in RFC 2373, specified in hexadecimal using 16-bit values between colons.
· interface-id--Specifies direct static routes from point-to-point and broadcast interfaces. With point-to-point interfaces, there is no need to specify the IPv6 address of the next hop. With broadcast interfaces, you should always specify the IPv6 address of the next hop, or ensure that the specified prefix is assigned to the link, specifying a link-local address as the next hop. You can optionally specify the IPv6 address of the next hop to which packets are sent.
Note
You must specify an interface-id
when using a link-local address as
the next hop (the link-local next
hop must also be an adjacent
router).
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 95
Enabling IPv6 PBR on an Interface
Configuring IPv6 Unicast Routing
Step 4 Step 5
Command or Action
Purpose
· administrative distance--(Optional) An administrative distance. The range is 1 to 254; the default value is 1, which gives static routes precedence over any other type of route except connected routes. To configure a floating static route, use an administrative distance greater than that of the dynamic routing protocol.
end Example:
Device(config)# end
Returns to privileged EXEC mode.
Use one of the following:
Verifies your entries by displaying the contents
· show ipv6 static [ ipv6-address |
of the IPv6 routing table.
ipv6-prefix/prefix length ] [interface
· interface interface-id--(Optional)
interface-id ] [detail]][recursive] [detail]
Displays only those static routes with the
· show ipv6 route static [updated]
specified interface as an egress interface.
Example:
Device# show ipv6 static 2001:0DB8::/32 interface gigabitethernet2/0/1
or
Device# show ipv6 route static
· recursive--(Optional) Displays only recursive static routes. The recursive keyword is mutually exclusive with the interface keyword, but it can be used with or without the IPv6 prefix included in the command syntax.
· detail--(Optional) Displays this additional information:
· For valid recursive routes, the output path set, and maximum resolution depth.
· For invalid routes, the reason why the route is not valid.
Step 6
copy running-config startup-config
Example:
Device# copy running-config startup-config
(Optional) Saves your entries in the configuration file.
Enabling IPv6 PBR on an Interface
To enable PBR for IPv6, you must create a route map that specifies the packet match criteria and desired policy-route action. Then you associate the route map on the required interface. All packets arriving on the specified interface that match the match clauses will be subject to PBR.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 96
Configuring IPv6 Unicast Routing
Enabling IPv6 PBR on an Interface
In PBR, the set vrf command decouples the virtual routing and forwarding (VRF) instance and interface association and allows the selection of a VRF based on access control list (ACL)-based classification using existing PBR or route-map configurations. It provides a single router with multiple routing tables and the ability to select routes based on ACL classification. The router classifies packets based on ACL, selects a routing table, looks up the destination address, and then routes the packet.
To enable PBR for IPv6, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Device> enable
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
configure terminal Example:
Device# configure terminal
Enters global configuration mode.
Step 3
route-map map-tag [permit | deny] [sequence-number]
Example:
Device(config)# route-map rip-to-ospf permit
Defines the conditions for redistributing routes from one routing protocol into another, or enables policy routing, and enters route-map configuration mode.
Step 4
Do one of the following:
· match length minimum-length maximum-length
· match ipv6 address {prefix-list prefix-list-name | access-list-name}
Example:
Device(config-route-map)# match length 3 200
Note
The match length min max
command is not supported on
Cisco Catalyst 9600X Series
Switches.
Specifies the match criteria. You can specify any or all of the following:
· Matches the Level 3 length of the packet.
Example:
· Matches a specified IPv6 access list.
Device(config-route-map)# match ipv6 address marketing
· If you do not specify a match command, the route map applies to all packets.
Step 5
Do one of the following:
· set ipv6 next-hop global-ipv6-address [global-ipv6-address...]
· set ipv6 default next-hop global-ipv6-address [global-ipv6-address...]
Example:
Device(config-route-map)# set ipv6 next-hop 2001:DB8:2003:1::95
Note
The set ipv6 default next-hop
global-ipv6-address
[global-ipv6-address...] command
is not supported on Cisco Catalyst
9600X Series Switches.
Specifies the action or actions to take on the packets that match the criteria.
You can specify any or all of the following:
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 97
Enabling Local PBR for IPv6
Configuring IPv6 Unicast Routing
Step 6 Step 7 Step 8 Step 9
Command or Action Example:
Device(config-route-map)# set ipv6 default next-hop 2001:DB8:2003:1::95
Purpose · Sets next hop to which to route the packet (the next hop must be adjacent).
· Sets next hop to which to route the packet, if there is no explicit route for this destination.
exit Example:
Device(config-route-map)# exit
Exits route-map configuration mode and returns to global configuration mode.
interface type number
Example:
Device(config)# interface FastEthernet 1/0
Specifies an interface type and number, and places the router in interface configuration mode.
ipv6 policy route-map route-map-name Example:
Identifies a route map to use for IPv6 PBR on an interface.
Device(config-if)# ipv6 policy-route-map interactive
end Example:
Device(config-if)# end
Exits interface configuration mode and returns to privileged EXEC mode.
Enabling Local PBR for IPv6
Note Local PBR for IPv6 is not supported on Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
Packets that are generated by the device are not normally policy routed. Perform this task to enable local IPv6 policy-based routing (PBR) for such packets, indicating which route maps the device should use. To enable Local PBR for IPv6, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Device> enable
Step 2
configure terminal Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Enters global configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 98
Configuring IPv6 Unicast Routing
Displaying IPv6
Step 3 Step 4
Command or Action
Device# configure terminal
Purpose
ipv6 local policy route-map route-map-name Configures IPv6 PBR for packets that are
Example:
generated by the device.
Device(config)# ipv6 local policy route-map pbr-src-90
end Example:
Device(config)# end
Returns to privileged EXEC mode.
Displaying IPv6
For complete syntax and usage information on these commands, see the Cisco IOS command reference publications.
Table 8: Command for Monitoring IPv6
Command show ipv6 access-list show ipv6 cef show ipv6 interface interface-id show ipv6 mtu show ipv6 neighbors show ipv6 prefix-list show ipv6 protocols show ipv6 rip show ipv6 route show ipv6 static show ipv6 traffic
Purpose Displays a summary of access lists. Displays Cisco Express Forwarding for IPv6. Displays IPv6 interface status and configuration. Displays IPv6 MTU per destination cache. Displays IPv6 neighbor cache entries. Displays a list of IPv6 prefix lists. Displays a list of IPv6 routing protocols on the switch. Displays IPv6 RIP routing protocol status. Displays IPv6 route table entries. Displays IPv6 static routes. Displays IPv6 traffic statistics.
Configuration Examples for IPv6 Unicast Routing
The following sections show the various configuration examples available for IPv6 Unicast Routing
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 99
Example: Configuring IPv4 and IPv6 Protocol Stacks
Configuring IPv6 Unicast Routing
Example: Configuring IPv4 and IPv6 Protocol Stacks
This example shows how to enable IPv4 and IPv6 routing on an interface.
Device> enable Device# configure terminal
Device(config)# ipv6 unicast-routing Devoce(config)# interface fastethernet1/0/11 Device(config-if)# no switchport Device(config-if)# ip address 192.168.99.1 255.255.255.0 Device(config-if)# ipv6 address 2001:0DB8:c18:1::/64 eui 64 Device(config-if)# end
Example: Configuring Default Router Preference
This example shows how to configure a DRP of high for the router on an interface.
Device> enable Device# configure terminal Device(config)# interface gigabitethernet1/0/1 Device(config-if)# ipv6 nd router-preference high Device(config-if)# end
Example: Configuring IPv6 ICMP Rate Limiting
This example shows how to configure an IPv6 ICMP error message interval of 50 milliseconds and a bucket size of 20 tokens.
Device> enable Device# configure terminal Device(config)#ipv6 icmp error-interval 50 20
Example: Configuring Static Routing for IPv6
This example shows how to configure a floating static route to an interface with an administrative distance of 130:
Device> enable Device# configure terminal Device(config)# ipv6 route 2001:0DB8::/32 gigabitethernet 0/1 130
Example: Enabling PBR on an Interface
In the following example, a route map that is named pbr-dest-1 is created and configured, specifying packet match criteria and desired policy-route action. PBR is then enabled on GigabitEthernet interface 0/0/1.
Device> enable Device# configure terminal Device(config)# ipv6 access-list match-dest-1 Device(config)# permit ipv6 any 2001:DB8:2001:1760::/32 Device(config)# route-map pbr-dest-1 permit 10 Device(config)# match ipv6 address match-dest-1 Device(config)# set interface GigabitEthernet 0/0/0
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 100
Configuring IPv6 Unicast Routing
Example: Enabling Local PBR for IPv6
Device(config)# interface GigabitEthernet0/0/1 Device(config-if)# ipv6 policy-route-map interactive
Example: Enabling Local PBR for IPv6
In the following example, packets with a destination IPv6 address that match the IPv6 address range allowed by access list pbr-src-90 are sent to the device at IPv6 address 2001:DB8:2003:1::95:
Device> enable Device# configure terminal Device(config)# ipv6 access-list src-90 Device(config)# permit ipv6 host 2001:DB8:2003::90 2001:DB8:2001:1000::/64 Device(config)# route-map pbr-src-90 permit 10 Device(config)# match ipv6 address src-90 Device(config)# set ipv6 next-hop 2001:DB8:2003:1::95 Device(config)# ipv6 local policy route-map pbr-src-90
Example: Displaying IPv6
This is an example of the output from the show ipv6 interface command:
Device> enable Device# show ipv6 interface Vlan1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::20B:46FF:FE2F:D940 Global unicast address(es):
3FFE:C000:0:1:20B:46FF:FE2F:D940, subnet is 3FFE:C000:0:1::/64 [EUI] Joined group address(es):
FF02::1 FF02::2 FF02::1:FF2F:D940 MTU is 1500 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is 0 milliseconds ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds <output truncated>
Additional References
Standards and RFCs
Standard/RFC Title
RFC 5453 Reserved IPv6 Interface Identifiers
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 101
Feature History for IPv6 Unicast Routing
Configuring IPv6 Unicast Routing
Feature History for IPv6 Unicast Routing
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1
IPv6 Unicast Routing
IPv4 users can move to IPv6 and receive services such as end-to-end security, quality of service (QoS), and globally unique addresses.
Cisco IOS XE Gibraltar 16.11.1
RFC 5453
Support for RFC 5453 was introduced.
Cisco IOS XE Cupertino 17.7.1
IPv6 Unicast Routing
Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
Cisco IOS XE Dublin 17.11.1
IPv6 Unicast Routing
Support for this feature was introduced on Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2). .
Use the Cisco Feature Navigator to find information about platform and software image support.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 102
6 C H A P T E R
Configuring RIP
· Information About RIP, on page 103 · How to Configure Routing Information Protocol, on page 104 · Configuration Examples for Routing Information Protocol, on page 113 · Feature History for Routing Information Protocol, on page 114
Information About RIP
The Routing Information Protocol (RIP) is an interior gateway protocol (IGP) created for use in small, homogeneous networks. It is a distance-vector routing protocol that uses broadcast User Datagram Protocol (UDP) data packets to exchange routing information. The protocol is documented in RFC 1058. You can find detailed information about RIP in IP Routing Fundamentals, published by Cisco Press. Using RIP, the switch sends routing information updates (advertisements) every 30 seconds. If a router does not receive an update from another router for 180 seconds or more, it marks the routes served by that router as unusable. If there is still no update after 240 seconds, the router removes all routing table entries for the non-updating router. RIP uses hop counts to rate the value of different routes. The hop count is the number of routers that can be traversed in a route. A directly connected network has a hop count of zero; a network with a hop count of 16 is unreachable. This small range (0 to 15) makes RIP unsuitable for large networks. If the router has a default network path, RIP advertises a route that links the router to the pseudonetwork 0.0.0.0. The 0.0.0.0 network does not exist; it is treated by RIP as a network to implement the default routing feature. The switch advertises the default network if a default was learned by RIP or if the router has a gateway of last resort and RIP is configured with a default metric. RIP sends updates to the interfaces in specified networks. If an interface's network is not specified, it is not advertised in any RIP update.
RIP for IPv6
Routing Information Protocol (RIP) for IPv6 is a distance-vector protocol that uses hop count as a routing metric. It includes support for IPv6 addresses and prefixes and the all-RIP-routers multicast group address FF02::9 as the destination address for RIP update messages. For configuring RIP for IPv6, see the Configuring RIP for IPv6 section. For more information about RIP for IPv6, see the "Implementing RIP for IPv6" chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 103
Summary Addresses and Split Horizon
Configuring RIP
Summary Addresses and Split Horizon
Routers connected to broadcast-type IP networks and using distance-vector routing protocols normally use the split-horizon mechanism to reduce the possibility of routing loops. Split horizon blocks information about routes from being advertised by a router on any interface from which that information originated. This feature usually optimizes communication among multiple routers, especially when links are broken.
How to Configure Routing Information Protocol
The following sections provide configurational information about RIP.
Default RIP Configuration
Table 9: Default RIP Configuration
Feature
Default Setting
Auto summary
Enabled.
Default-information originate Disabled.
Default metric
Built-in; automatic metric translations.
IP RIP authentication key-chain No authentication. Authentication mode: clear text.
IP RIP triggered
Disabled
IP split horizon
Varies with media.
Neighbor
None defined.
Network
None specified.
Offset list
Disabled.
Output delay
0 milliseconds.
Timers basic
· Update: 30 seconds. · Invalid: 180 seconds. · Hold-down: 180 seconds. · Flush: 240 seconds.
Validate-update-source Version
Enabled. Receives RIP Version 1 and 2 packets; sends Version 1 packets.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 104
Configuring RIP
Configuring Basic RIP Parameters
Configuring Basic RIP Parameters
To configure RIP, you enable RIP routing for a network and optionally configure other parameters. On the switch, RIP configuration commands are ignored until you configure the network number.
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode.
· Enter your password, if prompted.
Device> enable
Step 2
configure terminal Example:
Device# configure terminal
Enters global configuration mode.
Step 3 Step 4 Step 5
Step 6 Step 7
ip routing Example:
Enables IP routing. (Required only if IP routing is disabled.)
Device(config)# ip routing
router rip Example:
Enables a RIP routing process, and enter router configuration mode.
Device(config)# router rip
network network number
Associates a network with a RIP routing
Example:
process. You can specify multiple network commands. RIP routing updates are sent and
received through interfaces only on these Device(config-router)# network 12.0.0.0 networks.
Note
You must configure a network
number for the RIP commands
to take effect.
neighbor ip-address
(Optional) Defines a neighboring router with
Example:
which to exchange routing information. This step allows routing updates from RIP
(normally a broadcast protocol) to reach Device(config-router)# neighbor 10.2.5.1 nonbroadcast networks.
offset-list [access-list number | name] {in | out} offset [type number]
Example:
(Optional) Applies an offset list to routing metrics to increase incoming and outgoing metrics to routes learned through RIP. You
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 105
Configuring Basic RIP Parameters
Configuring RIP
Step 8
Step 9 Step 10 Step 11 Step 12
Command or Action
Purpose
can limit the offset list with an access list or Device(config-router)# offset-list 103 an interface.
in 10
timers basic update invalid holddown flush (Optional) Adjusts routing protocol timers.
Example:
Valid ranges for all timers are 0 to 4294967295 seconds.
Device(config-router)# timers basic 45 360 400 300
· update--The time between sending routing updates. The default is 30 seconds.
· invalid--The timer after which a route is declared invalid. The default is 180 seconds.
· holddown--The time before a route is removed from the routing table. The default is 180 seconds.
· flush--The amount of time for which routing updates are postponed. The default is 240 seconds.
version {1 | 2} Example:
Device(config-router)# version 2
(Optional) Configures the switch to receive and send only RIP Version 1 or RIP Version 2 packets. By default, the switch receives Version 1 and 2 but sends only Version 1. You can also use the interface commands ip rip {send | receive} version 1 | 2 | 1 2} to control what versions are used for sending and receiving on interfaces.
no auto summary
(Optional) Disables automatic summarization.
Example:
By default, the switch summarizes subprefixes when crossing classful network boundaries.
Disable summarization (RIP Version 2 only) Device(config-router)# no auto summary to advertise subnet and host routing
information to classful network boundaries.
output-delay delay Example:
Device(config-router)# output-delay 8
(Optional) Adds interpacket delay for RIP updates sent. By default, packets in a multiple-packet RIP update have no delay added between packets. If you are sending packets to a lower-speed device, you can add an interpacket delay in the range of 8 to 50 milliseconds.
end Example:
Returns to privileged EXEC mode.
Device(config-router)# end
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 106
Configuring RIP
Configuring RIP Authentication
Step 13 Step 14
Command or Action show ip protocols Example:
Device# show ip protocols
copy running-config startup-config Example:
Device# copy running-config startup-config
Purpose Verifies your entries.
(Optional) Saves your entries in the configuration file.
Configuring RIP Authentication
RIP Version 1 does not support authentication. If you are sending and receiving RIP Version 2 packets, you can enable RIP authentication on an interface. The key chain specifies the set of keys that can be used on the interface. If a key chain is not configured, no authentication is performed, not even the default.
The switch supports two modes of authentication on interfaces for which RIP authentication is enabled: plain text and MD5. The default is plain text.
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Device> enable
Step 2
configure terminal Example:
Device# configure terminal
Enters global configuration mode.
Step 3 Step 4
interface interface-id Example:
Enters interface configuration mode, and specifies the interface to configure.
Device(config)# interface gigabitethernet 1/0/1
ip rip authentication key-chain name-of-chain Enables RIP authentication. Example:
Device(config-if)# ip rip authentication key-chain trees
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 107
Configuring RIP for IPv6
Configuring RIP
Step 5 Step 6
Command or Action ip rip authentication mode {text | md5} Example:
Purpose
Configures the interface to use plain text authentication (the default) or MD5 digest authentication.
Device(config-if)# ip rip authentication mode md5
end Example:
Returns to privileged EXEC mode.
Device(config)# end
Step 7
show running-config Example:
Device# show running-config
Verifies your entries.
Step 8
copy running-config startup-config Example:
Device# copy running-config startup-config
(Optional) Saves your entries in the configuration file.
Configuring RIP for IPv6
For more information about configuring RIP routing for IPv6, see the "Implementing RIP for IPv6" chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com, To configure RIP routing for IPv6, perform this procedure:
Before you begin
Before configuring the switch to run IPv6 RIP, you must enable routing by using the ip routing command in global configuration mode, enable the forwarding of IPv6 packets by using the ipv6 unicast-routing command in global configuration mode, and enable IPv6 on any Layer 3 interfaces on which IPv6 RIP is to be enabled.
Procedure Step 1 Step 2
Command or Action enable Example:
Device> enable
configure terminal Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Enters global configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 108
Configuring RIP
Configuring RIP for IPv6
Step 3 Step 4 Step 5 Step 6 Step 7 Step 8
Step 9 Step 10
Command or Action
Device# configure terminal
Purpose
ipv6 router rip name Example:
Device(config)# ipv6 router rip cisco
Configures an IPv6 RIP routing process, and enters router configuration mode for the process.
maximum-paths number-paths
(Optional) Define the maximum number of
Example:
equal-cost routes that IPv6 RIP can support. The range is from 1 to 32, and the default is
Device(config-router)# maximum-paths 6 16 routes.
exit Example:
Device(config-router)# exit
Returns to global configuration mode.
interface interface-id
Example:
Device(config)# interface gigabitethernet 1/0/1
Enters interface configuration mode, and specifies the Layer 3 interface to configure.
ipv6 rip name enable Example:
Enables the specified IPv6 RIP routing process on the interface.
Device(config-if)# ipv6 rip cisco enable
ipv6 rip name default-information {only | originate}
Example:
Device(config-if)# ipv6 rip cisco default-information only
(Optional) Originates the IPv6 default route (::/0) into the RIP routing process updates sent from the specified interface.
Note
To avoid routing loops after the
IPv6 default route (::/0) is
originated from any interface, the
routing process ignores all
default routes received on any
interface.
· only--Select to originate the default route, but suppress all other routes in the updates sent on this interface.
· originate--Select to originate the default route in addition to all other routes in the updates sent on this interface.
end Example:
Device(config)# end
Use one of the following:
Returns to privileged EXEC mode.
· Displays information about current IPv6 RIP processes.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 109
Configuring Summary Addresses and Split Horizon
Configuring RIP
Step 11
Command or Action
· show ipv6 rip [name] [ interface interface-id] [ database ] [ next-hops ]
· show ipv6 rip
Purpose
· Displays the current contents of the IPv6 routing table.
Example:
Device# show ipv6 rip cisco interface gigabitethernet 2/0/1
or
Device# show ipv6 rip
copy running-config startup-config
Example:
Device# copy running-config startup-config
(Optional) Saves your entries in the configuration file.
Configuring Summary Addresses and Split Horizon
Note In general, disabling split horizon is not recommended unless you are certain that your application requires it to properly advertise routes.
If you want to configure an interface running RIP to advertise a summarized local IP address pool on a network access server for dial-up clients, use the ip summary-address rip interface configuration command.
Note If split horizon is enabled, neither autosummary nor interface IP summary addresses are advertised.
Procedure
Step 1
Command or Action enable Example:
Device> enable
Step 2
configure terminal Example:
Device# configure terminal
Step 3
interface interface-id Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Enters global configuration mode.
Enters interface configuration mode, and specifies the Layer 3 interface to configure.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 110
Configuring RIP
Configuring Split Horizon
Step 4 Step 5 Step 6 Step 7
Command or Action
Purpose
Device(config)# interface gigabitethernet 1/0/1
ip address ip-address subnet-mask Example:
Configures the IP address and IP subnet.
Device(config-if)# ip address 10.1.1.10 255.255.255.0
ip summary-address rip ip address ip-network Configures the IP address to be summarized
mask
and the IP network mask.
Example:
Device(config-if)# ip summary-address rip ip address 10.1.1.30 255.255.255.0
no ip split horizon Example:
Disables split horizon on the interface.
Device(config-if)# no ip split horizon
end Example:
Returns to privileged EXEC mode.
Device(config)# end
Step 8 Step 9
show ip interface interface-id Example:
Verifies your entries.
Device# show ip interface gigabitethernet 1/0/1
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device# copy running-config startup-config
Configuring Split Horizon
Routers connected to broadcast-type IP networks and using distance-vector routing protocols normally use the split-horizon mechanism to reduce the possibility of routing loops. Split horizon blocks information about routes from being advertised by a router on any interface from which that information originated. This feature can optimize communication among multiple routers, especially when links are broken.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 111
Configuring Split Horizon
Configuring RIP
Note In general, we do not recommend disabling split horizon unless you are certain that your application requires it to properly advertise routes.
Procedure
Step 1
Command or Action enable Example:
Device> enable
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
configure terminal Example:
Device# configure terminal
Enters global configuration mode.
Step 3 Step 4 Step 5 Step 6
interface interface-id Example:
Enters interface configuration mode, and specifies the interface to configure.
Device(config)# interface gigabitethernet 1/0/1
ip address ip-address subnet-mask Example:
Configures the IP address and IP subnet.
Device(config-if)# ip address 10.1.1.10 255.255.255.0
no ip split-horizon Example:
Disables split horizon on the interface.
Device(config-if)# no ip split-horizon
end Example:
Returns to privileged EXEC mode.
Device(config)# end
Step 7
show ip interface interface-id Example:
Verifies your entries.
Device# show ip interface gigabitethernet 1/0/1
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 112
Configuring RIP
Configuration Examples for Routing Information Protocol
Step 8
Command or Action copy running-config startup-config Example:
Device# copy running-config startup-config
Purpose
(Optional) Saves your entries in the configuration file.
Configuration Examples for Routing Information Protocol
The following sections provide configuration examples for RIP.
Configuration Example for Summary Addresses and Split Horizon
In this example, the major net is 10.0.0.0. The summary address 10.2.0.0 overrides the autosummary address of 10.0.0.0 so that 10.2.0.0 is advertised out interface Gigabit Ethernet port 2, and 10.0.0.0 is not advertised. In the example, if the interface is still in Layer 2 mode (the default), you must enter a no switchport interface configuration command before entering the ip address interface configuration command.
Note If split horizon is enabled, neither autosummary nor interface summary addresses (those configured with the ip summary-address rip router configuration command) are advertised.
Device(config)# router rip Device(config-router)# interface gigabitethernet1/0/2 Device(config-if)# ip address 10.1.5.1 255.255.255.0 Device(config-if)# ip summary-address rip 10.2.0.0 255.255.0.0 Device(config-if)# no ip split-horizon Device(config-if)# exit Device(config)# router rip Device(config-router)# network 10.0.0.0 Device(config-router)# neighbor 2.2.2.2 peer-group mygroup Device(config-router)# end
Example: Configuring RIP for IPv6
This example shows how to enable the RIP routing process cisco with a maximum of eight equal-cost routes and to enable it on an interface:
Device> enable Devce# configure terminal Device(config)# ipv6 router rip cisco Device(config-router)# maximum-paths 8 Device(config)# exit Device(config)# interface gigabitethernet2/0/11 Device(config-if)# ipv6 rip cisco enable
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 113
Feature History for Routing Information Protocol
Configuring RIP
Feature History for Routing Information Protocol
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1
Routing Information Protocol The Routing Information Protocol is an interior gateway protocol (IGP) created for use in small and homogeneous networks.
Cisco IOS XE Cupertino 17.7.1
Routing Information Protocol Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 114
7 C H A P T E R
Configuring OSPF
· Information About OSPF, on page 115 · How to Configure OSPF, on page 118 · Monitoring OSPF, on page 132 · Configuration Examples for OSPF, on page 133 · Configuration Examples for OSPF, on page 133 · Example: Configuring Basic OSPF Parameters, on page 133 · Feature History for Open Shortest Path First, on page 133
Information About OSPF
OSPF is an Interior Gateway Protocol (IGP) designed expressly for IP networks, supporting IP subnetting and tagging of externally derived routing information. OSPF also allows packet authentication and uses IP multicast when sending and receiving packets. The Cisco implementation supports RFC 1253, OSPF management information base (MIB). The Cisco implementation conforms to the OSPF Version 2 specifications with these key features:
· Definition of stub areas is supported. · Routes learned through any IP routing protocol can be redistributed into another IP routing protocol. At
the intradomain level, this means that OSPF can import routes learned through EIGRP and RIP. OSPF routes can also be exported into RIP. · Plain text and MD5 authentication among neighboring routers within an area is supported. · Configurable routing interface parameters include interface output cost, retransmission interval, interface transmit delay, router priority, router dead and hello intervals, and authentication key. · Virtual links are supported. · Not-so-stubby-areas (NSSAs) per RFC 1587are supported.
OSPF typically requires coordination among many internal routers, area border routers (ABRs) connected to multiple areas, and autonomous system boundary routers (ASBRs). The minimum configuration would use all default parameter values, no authentication, and interfaces assigned to areas. If you customize your environment, you must ensure coordinated configuration of all routers.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 115
OSPF for IPv6
Configuring OSPF
OSPF for IPv6
The switch supports Open Shortest Path First (OSPF) for IPv6, a link-state protocol for IP. For configuring OSPF for IPv6, see the Configuring OSPF for IPv6 section. For more information, see Cisco IOS IPv6 Configuration Library on Cisco.com.
OSPF Nonstop Forwarding
The switch or switch stack supports two levels of nonstop forwarding (NSF): · OSPF NSF Awareness, on page 116 · OSPF NSF Capability, on page 116
OSPF NSF Awareness
When the neighboring router is NSF-capable, the Layer 3 device continues to forward packets from the neighboring router during the interval between the primary Route Processor (RP) in a router crashing and the backup RP taking over, or while the primary RP is manually reloaded for a non-disruptive software upgrade. This feature cannot be disabled.
OSPF NSF Capability
The Network Advantage license supports the OSPFv2 NSF IETF format in addition to the OSPFv2 NSF Cisco format that is supported in earlier releases. For information about this feature, see : NSF--OSPF (RFC 3623 OSPF Graceful Restart). The Network Advantage license also supports OSPF NSF-capable routing for IPv4 for better convergence and lower traffic loss following a stack's active switch change.
Note OSPF NSF requires that all neighbor networking devices be NSF-aware. If an NSF-capable router discovers non-NSF aware neighbors on a network segment, it disables NSF capabilities for that segment. Other network segments where all devices are NSF-aware or NSF-capable continue to provide NSF capabilities.
Use the nsf OSPF routing configuration command to enable OSPF NSF routing. Use the show ip ospf privileged EXEC command to verify that it is enabled.
OSPF Area Parameters
You can optionally configure several OSPF area parameters. These parameters include authentication for password-based protection against unauthorized access to an area, stub areas, and not-so-stubby-areas (NSSAs). Stub areas are areas into which information on external routes is not sent. Instead, the area border router (ABR) generates a default external route into the stub area for destinations outside the autonomous system (AS). An NSSA does not flood all LSAs from the core into the area, but can import AS external routes within the area by redistribution.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 116
Configuring OSPF
Other OSPF Parameters
Route summarization is the consolidation of advertised addresses into a single summary route to be advertised by other areas. If network numbers are contiguous, you can use the area range router configuration command to configure the ABR to advertise a summary route that covers all networks in the range.
Other OSPF Parameters
You can optionally configure other OSPF parameters in router configuration mode.
· Route summarization: When redistributing routes from other protocols. Each route is advertised individually in an external LSA. To help decrease the size of the OSPF link state database, you can use the summary-address router configuration command to advertise a single router for all the redistributed routes included in a specified network address and mask.
· Virtual links: In OSPF, all areas must be connected to a backbone area. You can establish a virtual link in case of a backbone-continuity break by configuring two Area Border Routers as endpoints of a virtual link. Configuration information includes the identity of the other virtual endpoint (the other ABR) and the nonbackbone link that the two routers have in common (the transit area). Virtual links cannot be configured through a stub area.
· Default route: When you specifically configure redistribution of routes into an OSPF routing domain, the route automatically becomes an autonomous system boundary router (ASBR). You can force the ASBR to generate a default route into the OSPF routing domain.
· Domain Name Server (DNS) names for use in all OSPF show privileged EXEC command displays makes it easier to identify a router than displaying it by router ID or neighbor ID.
· Default Metrics: OSPF calculates the OSPF metric for an interface according to the bandwidth of the interface. The metric is calculated as ref-bw divided by bandwidth, where ref is 10 by default, and bandwidth (bw) is specified by the bandwidth interface configuration command. For multiple links with high bandwidth, you can specify a larger number to differentiate the cost on those links.
· Administrative distance is a rating of the trustworthiness of a routing information source, an integer between 0 and 255, with a higher value meaning a lower trust rating. An administrative distance of 255 means the routing information source cannot be trusted at all and should be ignored. OSPF uses three different administrative distances: routes within an area (interarea), routes to another area (interarea), and routes from another routing domain learned through redistribution (external). You can change any of the distance values.
· Passive interfaces: Because interfaces between two devices on an Ethernet represent only one network segment, to prevent OSPF from sending hello packets for the sending interface, you must configure the sending device to be a passive interface. Both devices can identify each other through the hello packet for the receiving interface.
· Route calculation timers: You can configure the delay time between when OSPF receives a topology change and when it starts the shortest path first (SPF) calculation and the hold time between two SPF calculations.
· Log neighbor changes: You can configure the router to send a syslog message when an OSPF neighbor state changes, providing a high-level view of changes in the router.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 117
LSA Group Pacing
Configuring OSPF
LSA Group Pacing
The OSPF LSA group pacing feature allows the router to group OSPF LSAs and pace the refreshing, check-summing, and aging functions for more efficient router use. This feature is enabled by default with a 4-minute default pacing interval, and you will not usually need to modify this parameter. The optimum group pacing interval is inversely proportional to the number of LSAs the router is refreshing, check-summing, and aging. For example, if you have approximately 10,000 LSAs in the database, decreasing the pacing interval would benefit you. If you have a very small database (40 to 100 LSAs), increasing the pacing interval to 10 to 20 minutes might benefit you slightly.
Loopback Interfaces
OSPF uses the highest IP address configured on the interfaces as its router ID. If this interface is down or removed, the OSPF process must recalculate a new router ID and resend all its routing information out its interfaces. If a loopback interface is configured with an IP address, OSPF uses this IP address as its router ID, even if other interfaces have higher IP addresses. Because loopback interfaces never fail, this provides greater stability. OSPF automatically prefers a loopback interface over other interfaces, and it chooses the highest IP address among all loopback interfaces.
How to Configure OSPF
Default OSPF Configuration
Table 10: Default OSPF Configuration
Feature Interface parameters
Area
Default Setting
Cost: Retransmit interval: 5 seconds. Transmit delay: 1 second. Priority: 1. Hello interval: 10 seconds. Dead interval: 4 times the hello interval. No authentication. No password specified. MD5 authentication disabled.
Authentication type: 0 (no authentication). Default cost: 1. Range: Disabled. Stub: No stub area defined. NSSA: No NSSA area defined.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 118
Configuring OSPF
Configuring Basic OSPF Parameters
Feature Auto cost Default-information originate
Default metric Distance OSPF
OSPF database filter IP OSPF name lookup Log adjacency changes Neighbor Neighbor database filter Network area Router ID Summary address Timers LSA group pacing Timers shortest path first (spf) Virtual link
Default Setting 100 Mb/s. Disabled. When enabled, the default metric setting is 10, and the external rout is Type 2. Built-in, automatic metric translation, as appropriate for each routing protoco dist1 (all routes within an area): 110. dist2 (all routes from one area to anothe dist3 (routes from other routing domains): 110. Disabled. All outgoing link-state advertisements (LSAs) are flooded to the in Disabled. Enabled. None specified. Disabled. All outgoing LSAs are flooded to the neighbor. Disabled. No OSPF routing process defined. Disabled. 240 seconds. spf delay: 50 miliseconds; spf-holdtime: 200 miliseconds. No area ID or router ID defined. Hello interval: 10 seconds. Retransmit interval: 5 seconds. Transmit delay: 1 second. Dead interval: 40 seconds. Authentication key: no key predefined. Message-digest key (MD5): no key predefined.
Configuring Basic OSPF Parameters
To enable OSPF, create an OSPF routing process, specify the range of IP addresses to associate with the routing process, and assign area IDs to be associated with that range. For switches running the Network Essentialsimage, you can configure either the Cisco OSPFv2 NSF format or the IETF OSPFv2 NSF format.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 119
Configuring Basic OSPF Parameters
Configuring OSPF
Procedure
Step 1
Command or Action enable Example:
Step 2
Device>enable
configure terminal Example:
Device#configure terminal
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Enters global configuration mode.
Step 3
Step 4 Step 5 Step 6
router ospf process-id Example:
Device(config)#router ospf 15
Enables OSPF routing, and enter router configuration mode. The process ID is an internally used identification parameter that is locally assigned and can be any positive integer. Each OSPF routing process has a unique value.
Note
OSPF for Routed Access supports
only one OSPFv2 and one
OSPFv3 instance with a maximum
number of 1000 dynamically
learned routes.
nsf cisco [enforce global]
(Optional) Enables Cisco NSF operations for
Example:
OSPF. The enforce global keyword cancels NSF restart when non-NSF-aware neighboring
networking devices are detected.
Device(config-router)#nsf cisco enforce
global
Note
Enter the command in Step 3 or
Step 4, and go to Step 5.
nsf ietf [restart-interval seconds] Example:
Device(config-router)#nsf ietf restart-interval 60
(Optional) Enables IETF NSF operations for OSPF. The restart-interval keyword specifies the length of the graceful restart interval, in seconds. The range is from 1 to 1800. The default is 120.
Note
Enter the command in Step 3 or
Step 4, and go to Step 5.
network address wildcard-mask area area-id Example:
Device(config-router)#network 10.1.1.1 255.240.0.0 area 20
Define an interface on which OSPF runs and the area ID for that interface. You can use the wildcard-mask to use a single command to define one or more multiple interfaces to be associated with a specific OSPF area. The area ID can be a decimal value or an IP address.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 120
Configuring OSPF
Configuring OSPF for IPv6
Step 7
Command or Action end Example:
Device(config-router)#end
Purpose Returns to privileged EXEC mode.
Step 8 Step 9
show ip protocols Example:
Verifies your entries.
Device#show ip protocols
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device#copy running-config startup-config
Configuring OSPF for IPv6
For more information about configuring OSPF routing for IPv6, see the "Implementing OSPF for IPv6" chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
To configure OSPF routing for IPv6, perform this procedure:
Before you begin
You can customize OSPF for IPv6 for your network. However, the defaults for OSPF in IPv6 are set to meet the requirements of most customers and features.
Follow these guidelines:
· Be careful when changing the defaults for IPv6 commands. Changing the defaults might adversely affect OSPF for the IPv6 network.
· Before you enable IPv6 OSPF on an interface, you must enable routing by using the ip routing command in global configuration mode, enable the forwarding of IPv6 packets by using the ipv6 unicast-routing command in global configuration mode, and enable IPv6 on Layer 3 interfaces on which you are enabling IPv6 OSPF.
Procedure Step 1
Command or Action enable Example:
Device> enable
Purpose Enables privileged EXEC mode. Enter your password if prompted.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 121
Configuring OSPF for IPv6
Configuring OSPF
Step 2 Step 3 Step 4
Step 5
Command or Action configure terminal Example:
Device# configure terminal
Purpose Enters global configuration mode.
ipv6 router ospf process-id Example:
Device(config)# ipv6 router ospf 21
Enables OSPF router configuration mode for the process. The process ID is the number assigned administratively when enabling the OSPF for IPv6 routing process. It is locally assigned and can be a positive integer from 1 to 65535.
area area-id range {ipv6-prefix/prefix length} (Optional) Consolidates and summarizes routes
[advertise | not-advertise] [cost cost]
at an area boundary.
Example:
Device(config)# area .3 range 2001:0DB8::/32 not-advertise
· area-id--Identifier of the area about which routes are to be summarized. It can be specified as either a decimal value or as an IPv6 prefix.
· ipv6-prefix/prefix length--The destination IPv6 network and a decimal value that shows how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address). A slash mark (/) must precede the decimal value.
· advertise--(Optional) Sets the address range status to advertise and generate a Type 3 summary link-state advertisement (LSA).
· not-advertise--(Optional) Sets the address range status to DoNotAdvertise. The Type 3 summary LSA is suppressed, and component networks remain hidden from other networks.
· cost cost--(Optional) Sets the metric or cost for this summary route, which is used during OSPF SPF calculation to determine the shortest paths to the destination. The value can be 0 to 16777215.
maximum paths number-paths Example:
Device(config)# maximum paths 16
(Optional) Defines the maximum number of equal-cost routes to the same destination that IPv6 OSPF should enter in the routing table. The range is from 1 to 32, and the default is 16 paths.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 122
Configuring OSPF
Configuring OSPF Interfaces
Step 6 Step 7 Step 8 Step 9 Step 10
Step 11
Command or Action exit Example:
Device(config-if)# exit
Purpose Returns to global configuration mode.
interface interface-id
Example:
Device(config)# interface gigabitethernet 1/0/1
Enters interface configuration mode, and specifies the Layer 3 interface to configure.
ipv6 ospf process-id area area-id [instance instance-id]
Example:
Enables OSPF for IPv6 on the interface.
· instance instance-id--(Optional) Instance identifier.
Device(config-if)# ipv6 ospf 21 area .3
end Example:
Device(config-if)# end
Returns to privileged EXEC mode.
Use one of the following:
· show ipv6 ospf [ process-id ] [ area-id ] interface [ interface-id ]
· show ipv6 ospf [ process-id ] [ area-id ]
Example:
Device# show ipv6 ospf 21 interface gigabitethernet2/0/1
or
Device# show ipv6 ospf 21
· Displays information about OSPF interfaces.
· Displays general information about OSPF routing processes.
copy running-config startup-config
Example:
Device# copy running-config startup-config
(Optional) Saves your entries in the configuration file.
Configuring OSPF Interfaces
You can use the ip ospf interface configuration commands to modify interface-specific OSPF parameters. You are not required to modify any of these parameters, but some interface parameters (hello interval, dead interval, and authentication key) must be consistent across all routers in an attached network. If you modify these parameters, be sure all routers in the network have compatible values.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 123
Configuring OSPF Interfaces
Configuring OSPF
Note The ip ospf interface configuration commands are all optional.
Procedure Step 1
Command or Action enable Example:
Step 2
Device> enable
configure terminal Example:
Device#configure terminal
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Enters global configuration mode.
Step 3 Step 4 Step 5 Step 6 Step 7 Step 8
interface interface-id Example:
Enters interface configuration mode, and specifies the Layer 3 interface to configure.
Device(config)#interface gigabitethernet 1/0/1
ip ospf cost Example:
(Optional) Explicitly specifies the cost of sending a packet on the interface.
Device(config-if)#ip ospf 8
ip ospf retransmit-interval seconds Example:
Device(config-if)#ip ospf transmit-interval 10
(Optional) Specifies the number of seconds between link state advertisement transmissions. The range is 1 to 65535 seconds. The default is 5 seconds.
ip ospf transmit-delay seconds
(Optional) Sets the estimated number of
Example:
seconds to wait before sending a link state update packet. The range is 1 to 65535
seconds. The default is 1 second.
Device(config-if)#ip ospf transmit-delay
2
ip ospf priority number Example:
(Optional) Sets priority to help find the OSPF designated router for a network. The range is from 0 to 255. The default is 1.
Device(config-if)#ip ospf priority 5
ip ospf hello-interval seconds Example:
(Optional) Sets the number of seconds between hello packets sent on an OSPF interface. The value must be the same for all nodes on a
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 124
Configuring OSPF
Configuring OSPF Interfaces
Step 9 Step 10 Step 11 Step 12 Step 13 Step 14 Step 15
Command or Action
Purpose
network. The range is 1 to 65535 seconds. The Device(config-if)#ip ospf hello-interval default is 10 seconds.
12
ip ospf dead-interval seconds
(Optional) Sets the number of seconds after
Example:
the last device hello packet was seen before its neighbors declare the OSPF router to be down.
The value must be the same for all nodes on a
Device(config-if)#ip 8
ospf
dead-interval
network. The range is 1 to 65535 seconds. The
default is 4 times the hello interval.
ip ospf authentication-key key Example:
Device(config-if)#ip ospf authentication-key password
(Optional) Assign a password to be used by neighboring OSPF routers. The password can be any string of keyboard-entered characters up to 8 bytes in length. All neighboring routers on the same network must have the same password to exchange OSPF information.
ip ospf message digest-key keyid md5 key (Optional) Enables MDS authentication.
Example:
· keyid--An identifier from 1 to 255.
Device(config-if)#ip ospf message digest-key 16 md5 your1pass
· key--An alphanumeric password of up to 16 bytes.
ip ospf database-filter all out Example:
Device(config-if)#ip ospf database-filter all out
end Example:
(Optional) Block flooding of OSPF LSA packets to the interface. By default, OSPF floods new LSAs over all interfaces in the same area, except the interface on which the LSA arrives.
Returns to privileged EXEC mode.
Device(config)#end
show ip ospf interface [interface-name] Example:
Displays OSPF-related interface information.
Device#show ip ospf interface
show ip ospf neighbor detail Example:
Device#show ip ospf neighbor detail
Displays NSF awareness status of neighbor switch. The output matches one of these examples:
· Options is 0x52
LLS Options is 0x1 (LR)
When both of these lines appear, the neighbor switch is NSF aware.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 125
Configuring OSPF Area Parameters
Configuring OSPF
Command or Action
Step 16
copy running-config startup-config Example:
Device#copy running-config startup-config
Purpose · Options is 0x42--This means the neighbor switch is not NSF aware.
(Optional) Saves your entries in the configuration file.
Configuring OSPF Area Parameters
Before you begin
Note The OSPF area router configuration commands are all optional.
Procedure Step 1
Command or Action enable Example:
Step 2
Device>enable
configure terminal Example:
Device#configure terminal
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Enters global configuration mode.
Step 3 Step 4 Step 5
router ospf process-id Example:
Enables OSPF routing, and enter router configuration mode.
Device(config)#router ospf 109
area area-id authentication Example:
Device(config-router)#area 1 authentication
(Optional) Allow password-based protection against unauthorized access to the identified area. The identifier can be either a decimal value or an IP address.
area area-id authentication message-digest (Optional) Enables MD5 authentication on the
Example:
area.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 126
Configuring OSPF
Configuring OSPF Area Parameters
Step 6 Step 7
Step 8 Step 9 Step 10 Step 11 Step 12
Command or Action
Device(config-router)#area 1 authentication message-digest
area area-id stub [no-summary] Example:
Device(config-router)#area 1 stub
area area-id nssa [no-redistribution] [default-information-originate] [no-summary] Example:
Device(config-router)#area 1 nssa default-information-originate
area area-id range address mask Example:
Device(config-router)#area 1 range 255.240.0.0
end Example:
Device(config)#end
Purpose
(Optional) Define an area as a stub area. The no-summary keyword prevents an ABR from sending summary link advertisements into the stub area.
(Optional) Defines an area as a not-so-stubby-area. Every router within the same area must agree that the area is NSSA. Select one of these keywords:
· no-redistribution--Select when the router is an NSSA ABR and you want the redistribute command to import routes into normal areas, but not into the NSSA.
· default-information-originate--Select on an ABR to allow importing type 7 LSAs into the NSSA.
· no-redistribution--Select to not send summary LSAs into the NSSA.
(Optional) Specifies an address range for which a single route is advertised. Use this command only with area border routers.
Returns to privileged EXEC mode.
show ip ospf [process-id] Example:
Displays information about the OSPF routing process in general or for a specific process ID to verify configuration.
Device#show ip ospf
show ip ospf [process-id [area-id]] database Displays lists of information related to the
Example:
OSPF database for a specific router.
Device#show ip osfp database
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 127
Configuring Other OSPF Parameters
Configuring OSPF
Command or Action
Device#copy running-config startup-config
Purpose
Configuring Other OSPF Parameters
Procedure Step 1 Step 2 Step 3
Command or Action enable Example:
Device>enable
configure terminal Example:
Device#configure terminal
router ospf process-id Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Enters global configuration mode.
Enables OSPF routing, and enter router configuration mode.
Step 4 Step 5
Device(config)#router ospf 10
summary-address address mask Example:
(Optional) Specifies an address and IP subnet mask for redistributed routes so that only one summary route is advertised.
Device(config)#summary-address 10.1.1.1 255.255.255.0
area area-id virtual-link router-id
(Optional) Establishes a virtual link and set its
[hello-interval seconds] [retransmit-interval parameters.
seconds] [trans] [[authentication-key key] |
message-digest-key keyid md5 key]]
Example:
Step 6
Device(config)#area 2 virtual-link 192.168.255.1 hello-interval 5
default-information originate [always] (Optional) Forces the ASBR to generate a
[metric metric-value] [metric-type type-value] default route into the OSPF routing domain.
[route-map map-name]
Parameters are all optional.
Example:
Device(config)#default-information originate metric 100 metric-type 1
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 128
Configuring OSPF
Configuring Other OSPF Parameters
Step 7 Step 8 Step 9 Step 10 Step 11
Step 12 Step 13
Command or Action ip ospf name-lookup Example:
Purpose
(Optional) Configures DNS name lookup. The default is disabled.
Device(config)#ip ospf name-lookup
ip auto-cost reference-bandwidth ref-bw Example:
(Optional) Specifies an address range for which a single route will be advertised. Use this command only with area border routers.
Device(config)#ip auto-cost reference-bandwidth 5
distance ospf {[inter-area dist1] [inter-area (Optional) Changes the OSPF distance values.
dist2] [external dist3]}
The default distance for each type of route is
Example:
110. The range is 1 to 255.
Device(config)#distance ospf inter-area 150
passive-interface type number Example:
(Optional) Suppresses the sending of hello packets through the specified interface.
Device(config)#passive-interface gigabitethernet 1/0/6
timers throttle spf spf-delay spf-holdtime spf-wait
Example:
(Optional) Configures route calculation timers.
· spf-delay--Delay between receiving a change to SPF calculation. The range is from 1 to 600000 miliseconds.
Device(config)#timers throttle spf 200 100 100
· spf-holdtime--Delay between first and second SPF calculation. The range is from 1 to 600000 in milliseconds.
· spf-wait--Maximum wait time in milliseconds for SPF calculations. The range is from 1 to 600000 in milliseconds.
ospf log-adj-changes Example:
(Optional) Sends syslog message when a neighbor state changes.
Device(config)#ospf log-adj-changes
end Example:
Returns to privileged EXEC mode.
Device(config)#end
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 129
Changing LSA Group Pacing
Configuring OSPF
Step 14 Step 15
Command or Action
Purpose
show ip ospf [process-id [area-id]] database Displays lists of information related to the
Example:
OSPF database for a specific router.
Device#show ip ospf database
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device#copy running-config startup-config
Changing LSA Group Pacing
Procedure
Step 1
Command or Action enable Example:
Step 2
Device>enable
configure terminal Example:
Device#configure terminal
Step 3 Step 4 Step 5
router ospf process-id Example:
Device(config)#router ospf 25
timers lsa-group-pacing seconds Example:
Device(config-router)#timers lsa-group-pacing 15
end Example:
Device(config)#end
Purpose Enables privileged EXEC mode.
· Enter your password if prompted. Enters global configuration mode.
Enables OSPF routing, and enter router configuration mode.
Changes the group pacing of LSAs.
Returns to privileged EXEC mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 130
Configuring OSPF
Configuring a Loopback Interface
Step 6
Command or Action show running-config Example:
Device#show running-config
Purpose Verifies your entries.
Step 7
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device#copy running-config startup-config
Configuring a Loopback Interface
Procedure
Step 1
Command or Action enable Example:
Step 2
Device>enable
configure terminal Example:
Device#configure terminal
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Enters global configuration mode.
Step 3 Step 4 Step 5
interface loopback 0 Example:
Creates a loopback interface, and enter interface configuration mode.
Device(config)#interface loopback 0
ip address address mask Example:
Assign an IP address to this interface.
Device(config-if)#ip address 10.1.1.5 255.255.240.0
end Example:
Returns to privileged EXEC mode.
Device(config)#end
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 131
Monitoring OSPF
Configuring OSPF
Step 6 Step 7
Command or Action show ip interface Example:
Purpose Verifies your entries.
Device#show ip interface
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device#copy running-config startup-config
Monitoring OSPF
You can display specific statistics such as the contents of IP routing tables, caches, and databases.
Table 11: Show IP OSPF Statistics Commands
Command show ip ospf [process-id]
show ip ospf [process-id] database [router] [link-state-id] show ip ospf [process-id] database [router] [self-originate] show ip ospf [process-id] database [router] [adv-router [ip-address]] show ip ospf [process-id] database [network] [link-state-id] show ip ospf [process-id] database [summary] [link-state-id] show ip ospf [process-id] database [asbr-summary] [link-state-id] show ip ospf [process-id] database [external] [link-state-id] show ip ospf [process-id area-id] database [database-summary] show ip ospf border-routes
show ip ospf interface [interface-name] show ip ospf neighbor [interface-name] [neighbor-id] detail show ip ospf virtual-links
Purpose Displays general inform processes. Displays lists of informa
Displays the internal OS entries. Displays OSPF-related Displays OSPF interfac Displays OSPF-related
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 132
Configuring OSPF
Configuration Examples for OSPF
Configuration Examples for OSPF
Configuration Examples for OSPF
Example: Configuring Basic OSPF Parameters
This example shows how to configure an OSPF routing process and assign it a process number of 109:
Device(config)#router ospf 109 Device(config-router)#network 131.108.0.0 255.255.255.0 area 24
Feature History for Open Shortest Path First
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1
Open Shortest Path First
OSPF is an Interior Gateway Protocol (IGP) designed expressly for IP networks, supporting IP subnetting and tagging of externally derived routing information.
Cisco IOS XE Cupertino 17.7.1
Open Shortest Path First
Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 133
Feature History for Open Shortest Path First
Configuring OSPF
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 134
8 C H A P T E R
Configuring OSPF Link-State Database Overload Protection
· Information About OSPF Link-State Database Overload Protection, on page 135 · How to Configure OSPF Link-State Database Overload Protection, on page 136 · Configuration Examples for OSPF Link-State Database Overload Protection, on page 138 · Feature Information for OSPF Link-State Database Overload Protection, on page 140
Information About OSPF Link-State Database Overload Protection
The OSPF Link-State Database Overload Protection feature allows you to limit the number of nonself-generated link-state advertisements (LSAs) for a given Open Shortest Path First (OSPF) process or OSPFv3 process. Excessive LSAs generated by other devices in the OSPF domain can substantially drain the CPU and memory resources of the device. The OSPF Link-State Database Overload Protection feature is applicable to OSPF, OSPFv2 and OSPFv3.
Benefits of Using OSPF Link-State Database Overload Protection
The OSPF Link-State Database Overload Protection feature provides a mechanism at the OSPF level to limit the number of nonself-generated LSAs for a given OSPF process. When other devices in the network have been misconfigured, they may generate a high volume of LSAs, for instance, to redistribute large numbers of prefixes. This protection mechanism prevents devices from receiving a large number of LSAs and therefore experiencing CPU and memory shortages.
Overview of OSPF Link-State Database Overload Protection
When the OSPF Link-State Database Overload Protection feature is enabled, the device keeps a count of the number of nonself-generated LSAs that it has received. When the configured threshold number of LSAs is reached, an error message is logged. When the configured maximum number of LSAs is exceeded, the device sends a notification. If the count of received LSAs is still higher than the configured maximum after one minute, the OSPF process takes down all adjacencies and clears the OSPF database. In this ignore state, all OSPF packets received on any interface that belong to this OSPF process are ignored and no OSPF packets are generated on any of these interfaces. The OSPF process remains in the ignore state for the time configured
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 135
How to Configure OSPF Link-State Database Overload Protection
Configuring OSPF Link-State Database Overload Protection
by the ignore-time keyword of the max-lsa command. Each time the OSPF process gets into an ignore state a counter is incremented. If this counter exceeds the number of times configured by the ignore-count keyword, the OSPF process stays permanently in the same ignore state and manual intervention is required to get the OSPF process out of the ignore state. You can get the OSPF process out of the permanent ignore state by restarting the OSPF process. The ignore state counter is reset to 0 when the OSPF process remains in the normal state of operation for the amount of time that was specified by the reset-time keyword. If the warning-only keyword of the max-lsa command is configured, the OSPFprocess will send only a warning that the LSA maximum has been exceeded.
How to Configure OSPF Link-State Database Overload Protection
Limiting the Number of Non Self-Generated LSAs for an OSPF Process
To configure a limit for the number of non self-generated LSAs for an OPSF process, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Device> enable
Purpose
Enables privileged EXEC mode. Enter your password, if prompted.
Step 2
configure terminal Example:
Device# configure terminal
Enters global configuration mode.
Step 3
router ospfprocess-id Example:
Device(config)# router ospf 1
Enables OSPF routing. The process-id argument identifies the OSPF process.
Step 4
router-id ip-address
Specifies a fixed router ID for an OSPF process.
Example:
Device(config-router)# router-id 10.0.0.1
Step 5
log-adjacency-changes [detail]
Example:
Device(config-router)# log-adjacency-changes
Configures the device to send a syslog message when an OSPF neighbor goes up or down.
Step 6
max-lsa maximum number
Limits the number of non self-generated LSAs
[threshold-percentage][warning-only][ignore-time that an OSPF routing process can keep in the
minutes][ignore-countcount-number][reset-timeminutes] OSPF link-state database (LSDB).
Example:
Device(config-router)# max-lsa 12000
· The default limit for the number of non self-generated LSAs is 50,000 LSAs.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 136
Configuring OSPF Link-State Database Overload Protection
Limiting the Number of Non Self-Generated LSAs for an OSPFv3 Process
Step 7 Step 8 Step 9
Command or Action
Purpose · The default value for the threshold argument is 75 percent.
· The default value for the ignore-time argument is 5 minutes.
· The default value for the reset-time argument is 10 minutes.
· The default value for the ignore-count argument is 5 counts.
network ip-address wildcard-mask area area-id
Example:
Device(config-router)# network 209.165.201.1 255.255.255.255 area 0
Defines the interfaces on which OSPF runs and defines the area ID for those interfaces.
end Example:
Device(config-router)# end
show ip ospf [process-id area-id ]database Displays lists of information related to the
[database-summary]
OSPF database for a specific device.
Example:
Device# show ip ospf 2000 database database-summary
Use this command to verify the number of non self-generated LSAs on a device.
Limiting the Number of Non Self-Generated LSAs for an OSPFv3 Process
To configure a limit for the number of non self-generated LSAs for an OPSFv3 process, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Device> enable
Step 2
configure terminal Example:
Device# configure terminal
Step 3
router ospfv3process-id Example:
Device(config)# router ospfv3 1
Purpose Enables privileged EXEC mode. Enter your password, if prompted.
Enters global configuration mode.
Enables OSPFv3 routing. The process-id argument identifies the OSPFv3 process.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 137
Configuration Examples for OSPF Link-State Database Overload Protection
Configuring OSPF Link-State Database Overload Protection
Step 4 Step 5 Step 6
Step 7 Step 8
Command or Action
Purpose
router-id ip-address
Specifies a fixed router ID for an OSPF process.
Example:
Device(config-router)# router-id 10.0.0.1
log-adjacency-changes [detail]
Example:
Device(config-router)# log-adjacency-changes
Configures the device to send a syslog message when an OSPF neighbor goes up or down.
max-lsa maximum number
Limits the number of non self-generated LSAs
[threshold-percentage][warning-only][ignore-time that an OSPF routing process can keep in the
minutes][ignore-countcount-number][reset-timeminutes] OSPF link-state database (LSDB).
Example:
Device(config-router)# max-lsa 12000
· The default limit for the number of non self-generated LSAs is 50,000 LSAs.
· The default value for the threshold argument is 75 percent.
· The default value for the ignore-time argument is 5 minutes.
· The default value for the reset-time argument is 10 minutes.
· The default value for the ignore-count argument is 5 counts.
end Example:
Device(config-router)# end
show ospfv3 [process-id area-id ]database [database-summary]
Example:
Device# show ospfv3 2000 database database-summary
Displays lists of information related to the OSPF database for a specific device.
Use this command to verify the number of non self-generated LSAs on a device.
Configuration Examples for OSPF Link-State Database Overload Protection
Example: Setting a Limit for LSA Generation
In the following example, the device is configured to not accept any more non self-generated LSAs once a maximum of 14,000 has been exceeded:
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 138
Configuring OSPF Link-State Database Overload Protection
Example: Setting a Limit for LSA Generation
Device(config)# router ospf 1 Device(config-router)# router-id 192.168.0.1 Device(config-router)# log-adjacency-changes Device(config-router)# max-lsa 14000 Device(config-router)# area 33 nssa Device(config-router)# network 192.168.0.10.0.0.0 area 1 Device(config-router)# network 192.168.5.10.0.0.0 area 1 Device(config-router)# network 192.168.2.10.0.0.0 area 0
In the following example, the device is configured to not accept any more non self-generated LSAs once a maximum of 12,000 has been exceeded for an OPSFv3 process:
Device> enable Device# configure terminal Device(config)# router ospfv3 1 Device(config-router)# router-id 10.0.0.1 Device(config-router)# log-adjacency-changes Device(config-router)# max-lsa 12000
In the following example, the show ip ospf command is entered to confirm the configuration:
Device# show ip ospf 1
Routing Process "ospf1" with ID 192.168.0.1 Supports only single TOS(TOS0)routes Supports opaque LSA Supports Link-local Signaling(LLS) Supports area transit capability Maximum number of nonself-generated LSA allowed 14000 Threshold for warning message75% Ignore-time 5minutes,reset-time 10minutes Ignore-countallowed 5,currentignore-count 0
In the following example, the output is displayed when the show ip ospf command is entered when the device is in the ignore state:
Device# show ip ospf 1
Routing Process "ospf1" with ID 192.168.0.1 Supports only single TOS(TOS0)routes Supports opaque LSA Supports Link-local Signaling(LLS) Supports area transit capability Maximum number of nonself-generated LSA allowed 14000 Threshold for warning message 75% Ignore-time 5minutes, reset-time 10minutes Ignore-count allowed 5,current ignore-count 1 Ignoring all neighbors due to max-lsa limit, time remaining: 00:04:52
The following output is displayed when the show ip ospf command is entered after the device left the ignore state:
Device# show ip ospf 1
Routing Process "ospf 1" with ID 192.168.0.1 Supports only single TOS(TOS0) routes Supports opaque LSA Supports Link-local Signaling (LLS) Supports area transit capability Maximum number of non self-generated LSA allowed 14000 Threshold for warning message 75%
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 139
Feature Information for OSPF Link-State Database Overload Protection
Configuring OSPF Link-State Database Overload Protection
Ignore-time 5 minutes, reset-time 10 minutes Ignore-count allowed 5, current ignore-count 1- time remaining: 00:09:51
The following output is displayed when the show ip ospf command is entered for a device that is permanently in the ignore state:
Device# show ip ospf 1
Routing Process "ospf 1" with ID 192.168.0.1 Supports only single TOS(TOS0) routes Supports opaque LSA Supports Link-local Signaling (LLS) Supports area transit capability Maximum number of non self-generated LSA allowed 14000 Threshold for warning message 75% Ignore-time 5 minutes, reset-time 10 minutes Ignore-count allowed 5, current ignore-count 6 Permanently ignoring all neighbors due to max-lsa limit
Feature Information for OSPF Link-State Database Overload Protection
This table provides release and related information for features explained in this module.
These features are available on all releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Dublin 17.11.1
OSPF Link-State Database Overload Protection
The OSPF Link-State Database Overload Protection feature allows you of non self-generated link-state advertisements (LSAs) for a given OSP LSAs generated by other routers in the OSPF domain can substantially memory resources of the device.
The default limit for the number of non self-generated LSAs is 50,000
Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 140
9 C H A P T E R
Configuring OSPF Limit on Number of Redistributed Routes
· · Restrictions for OSPF Limit on Number of Redistributed Routes, on page 141 · Prerequisites for OSPF Limit on Number of Redistributed Routes, on page 141 · Information About OSPF Limit on Number of Redistributed Routes, on page 141 · How to Configure an OSPF Limit on the Number of Redistributed Routes, on page 142 · Configuration Examples for OSPF Limit on Number of Redistributed Routes, on page 146 · Feature History for OSPF Limit on Number of Redistributed Routes, on page 147
Restrictions for OSPF Limit on Number of Redistributed Routes
OSPFv3 Limit on Number of Redistributed Routes is supported only for the IPv6 address family.
Prerequisites for OSPF Limit on Number of Redistributed Routes
You must have Open Shortest Path First (OSPF) configured in your network either along with another protocol, or another OSPF process for redistribution.
Information About OSPF Limit on Number of Redistributed Routes
OSPF supports a user-defined maximum number of prefixes (routes) that can be redistributed into OSPF from other protocols or other OSPF processes. Such a limit helps prevent the device from being flooded by too many redistributed routes. For example, if a large number of IP routes are sent into OSPF for a network that allows redistribution of Border Gateway Protocol (BGP) into OSPF, the network can get severely flooded. Limiting the number of redistributed routes prevents this potential problem. From Cisco IOS XE Dublin 17.11.1, the command redistribute maximum-prefix maximum[threshold] is enabled with the default number of routes set at 10240 routes. The default number of routes is to protect the OSPF processes from being flooded with routes. You can still configure the number of routes using the redistribute maximum-prefix command.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 141
How to Configure an OSPF Limit on the Number of Redistributed Routes
Configuring OSPF Limit on Number of Redistributed Routes
The OSPF Limit on Number of Redistributed Routes feature is applicable to OSPF, OSPFv2 and OSPFv3.
How to Configure an OSPF Limit on the Number of Redistributed Routes
The following sections provide information on configuring an OSPF limit on the number of redistributed routes.
Note The following procedures are mutually exclusive, that is, you can either limit the number of redistributed routes, or request a warning about the number of routes redistributed into OSPF.
Limiting the Number of OSPF Redistributed Routes
This task describes how to limit the number of OSPF redistributed routes. If the number of redistributed routes reaches the maximum value configured, no more routes are redistributed.
Procedure
Step 1
Command or Action enable Example:
Device> enable
Purpose
Enables privileged EXEC mode. Enter your password, if prompted.
Step 2
configure terminal Example:
Device# configure terminal
Enters global configuration mode.
Step 3
router ospf process-id Example:
Device(config)# router ospf 1
Configures an OSPF routing process.
Step 4
redistribute protocol [process-id] [as-number] Redistributes routes from one routing domain
[include-connected {level-1 | level-1-2 |
into another routing domain.
level-2} [metric metric-value ] [metric-type
type-value] [nssa-only] [tag tag-value]
[route-map map-tag]
Example:
Device(config-router-af)# redistribute eigrp 10
Step 5
redistribute maximum-prefix maximum [threshold]
Example:
Sets a maximum number of IP prefixes that are allowed to be redistributed into OSPF.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 142
Configuring OSPF Limit on Number of Redistributed Routes
Limiting the Number of OSPFv3 Redistributed Routes
Step 6
Command or Action
Purpose
Device(config-router-af)# redistribute maximum-prefix 100 80
· The default value for the maximum argument is set at 10240 routes.
· The threshold value defaults to 75 percent.
Note
If the warning-only keyword is
configured in this command, no
limit is enforced; a warning
message is logged.
end Example:
Device(config-router)# end
Exits router configuration mode.
Limiting the Number of OSPFv3 Redistributed Routes
This task describes how to limit the number of OSPFv3 redistributed routes. If the number of redistributed routes reaches the maximum value configured, no more routes are redistributed.
Procedure
Step 1
Command or Action enable Example:
Device> enable
Purpose Enables privileged EXEC mode. Enter your password, if prompted.
Step 2
configure terminal Example:
Device# configure terminal
Enters global configuration mode.
Step 3
router ospfv3 process-id Example:
Device(config)# router ospfv3 1
Configures an OSPFv3 routing process.
Step 4
address-family ipv6 [unicast]
Example:
Device(config-router)# address-family ipv6 unicast
Enters IPv6 address family configuration mode.
Step 5
redistribute protocol [process-id] [as-number] Redistributes routes from one routing domain
[include-connected {level-1 | level-1-2 |
into another routing domain.
level-2} [metric metric-value ] [metric-type
type-value] [nssa-only] [tag tag-value]
[route-map map-tag]
Example:
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 143
Requesting a Warning Message About the Number of Routes Redistributed into OSPF
Configuring OSPF Limit on Number of Redistributed Routes
Step 6
Step 7 Step 8
Command or Action
Purpose
Device(config-router-af)# redistribute eigrp 10
redistribute maximum-prefix maximum [threshold]
Sets a maximum number of IPv6 prefixes that are allowed to be redistributed into OSPFv3.
Example:
Device(config-router-af)# redistribute maximum-prefix 100 80
· The default value for the maximum argument is set at 10240 routes.
· The threshold value defaults to 75 percent.
Note
If the warning-only keyword is
configured in this command, no
limit is enforced; a warning
message is logged.
exit-address-family Example:
Device(config-router-af)# exit-address-family
end Example:
Device(config-router)# end
Exits IPv6 address family configuration mode. Exits router configuration mode.
Requesting a Warning Message About the Number of Routes Redistributed into OSPF
To request a warning message when the number of routes redistributed into OSPF exceeds the configuration limit, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Device> enable
Step 2
configure terminal Example:
Device# configure terminal
Step 3
router ospf process-id Example:
Device(config)# router ospf 1
Purpose Enables privileged EXEC mode. Enter your password, if prompted.
Enters global configuration mode.
Configures an OSPF routing process.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 144
Configuring OSPF Limit on Number of Redistributed Routes
Requesting a Warning Message About the Number of Routes Redistributed into OSPFv3
Step 4 Step 5
Step 6
Command or Action
Purpose
redistribute protocol [process-id] [as-number] Redistributes routes from one routing domain
[include-connected {level-1 | level-1-2 |
into another routing domain.
level-2} [metric metric-value ] [metric-type
type-value] [nssa-only] [tag tag-value]
[route-map map-tag]
Example:
Device(config-router-af)# redistribute eigrp 10
redistribute maximum-prefix maximum [threshold ] [warning-only]
Example:
Device(config-router-af)# redistribute maximum-prefix 1000 80 warning-only
Causes a warning message to be logged when the maximum number of IP prefixes have been redistributed to OSPFv3.
· Because the warning-only keyword is included, no limit is imposed on the number of redistributed prefixes into OSPF.
· The threshold value defaults to 75 percent.
· This example causes two warnings: one at 80 percent of 1000 (800 routes redistributed) and another at 1000 routes redistributed
end Example:
Device(config-router)# end
Exits router configuration mode.
Requesting a Warning Message About the Number of Routes Redistributed into OSPFv3
To request a warning message when the number of routes redistributed into OSPFv3 exceeds the configuration limit, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Device> enable
Step 2
configure terminal Example:
Device# configure terminal
Purpose Enables privileged EXEC mode. Enter your password, if prompted.
Enters global configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 145
Configuration Examples for OSPF Limit on Number of Redistributed Routes
Configuring OSPF Limit on Number of Redistributed Routes
Step 3 Step 4 Step 5 Step 6
Step 7
Command or Action router ospfv3 process-id Example:
Device(config)# router ospfv3 1
Purpose Configures an OSPFv3 routing process.
address-family ipv6 [unicast]
Example:
Device(config-router)# address-family ipv6 unicast
Enters IPv6 address family configuration mode.
redistribute protocol [process-id] [as-number] Redistributes routes from one routing domain
[include-connected {level-1 | level-1-2 |
into another routing domain.
level-2} [metric metric-value ] [metric-type
type-value] [nssa-only] [tag tag-value]
[route-map map-tag]
Example:
Device(config-router-af)# redistribute eigrp 10
redistribute maximum-prefix maximum [threshold ] [warning-only]
Example:
Device(config-router-af)# redistribute maximum-prefix 1000 80 warning-only
Causes a warning message to be logged when the maximum number of IP prefixes have been redistributed to OSPFv3.
· Because the warning-only keyword is included, no limit is imposed on the number of redistributed prefixes into OSPFv3.
· The threshold value defaults to 75 percent.
· This example causes two warnings: one at 80 percent of 1000 (800 routes redistributed) and another at 1000 routes redistributed
end Example:
Device(config-router)# end
Exits router configuration mode.
Configuration Examples for OSPF Limit on Number of Redistributed Routes
The following sections provide configuration examples for OSPF Limit on Number of Redistributed Routes.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 146
Configuring OSPF Limit on Number of Redistributed Routes
Example: OSPF Limit on Number of Redistributed Routes
Example: OSPF Limit on Number of Redistributed Routes
This example shows how to set a maximum of 1200 prefixes that can be redistributed into the OSPF process 1. Prior to reaching the limit, when the number of prefixes that are redistributed reaches 80 percent of 1200 (960 prefixes), a warning message is logged. Another warning message is logged when the limit is reached and no more routes are redistributed.
Device> enable Device# configure terminal Device(config)# router ospf 1 Device(config-router-af)# redistribute static subnets Device(config-router-af)# redistribute maximum-prefix 1200 80
This example shows how to set a maximum of 1200 prefixes that can be redistributed into the OSPFv3 process 1.
Device> enable Device# configure terminal Device(config)# router ospfv3 1 Device(config-router)# address-family ipv6 Device(config-router-af)# redistribute static subnets Device(config-router-af)# redistribute maximum-prefix 1200 80
Example: Requesting a Warning Message About the Number of Redistributed Routes
This example shows how to enable two warning messages to be logged, the first if the number of prefixes that are redistributed reaches 85 percent of 600 (510 prefixes), and the second if the number of redistributed routes reaches 600. However, the number of redistributed routes is not limited.
Device> enable Device# configure terminal Device(config)# router ospf 11 Device(config-router-af)# redistribute eigrp 10 subnets Device(config-router-af)# redistribute maximum-prefix 600 85 warning-only
This example shows how to enable two warnings to be logged for an OSSPv3 process.
Device> enable Device# configure terminal Device(config)# router ospfv3 11 Device(config-router)# address-family ipv6 Device(config-router-af)# redistribute eigrp 10 subnets Device(config-router-af)# redistribute maximum-prefix 600 85 warning-only
Feature History for OSPF Limit on Number of Redistributed Routes
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 147
Feature History for OSPF Limit on Number of Redistributed Routes
Configuring OSPF Limit on Number of Redistributed Routes
Release Cisco IOS XE Gibraltar 16.11.1
Cisco IOS XE Cupertino 17.7.1 Cisco IOS XE Dublin 17.11.1
Feature
Feature Information
OSPF Limit on Number of Redistributed Routes
OSPF supports a user-defined maximum number of prefixes (routes) that can be redistributed into OSPFv3 from other protocols or other OSPFv3 processes.
OSPF Limit on Number of Redistributed Routes
Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module.
Default Value for Number of Sets a default value of 10240 routes
Redistributed Routes
for the redistribute
maximum-prefix command. The
default is to protect the device from
being flooded with routes.
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 148
1 0 C H A P T E R
Configuring OSPF NSR
· Restrictions for OSPF Nonstop Routing, on page 149 · Information About OSPF Nonstop Routing, on page 149 · How to Configure OSPF Nonstop Routing, on page 150 · Configuration Examples for OSPF Nonstop Routing, on page 151 · Feature History for OSPF Nonstop Routing, on page 151
Restrictions for OSPF Nonstop Routing
· This feature is not supported on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2). · OSPF nonstop routing can significantly increase the memory used by OSPF during certain phases of its
operation. CPU usage also can be increased. You should be aware of router memory capacity and estimate the likely memory requirements of OSPF nonstop Routing. For more information, see Configuring OSPF Nonstop Routing. For devices where memory and CPU are constrained, you might want to consider using OSPF Nonstop Forwarding (NSF) instead. For more information, see OSPF RFC 3623 Graceful Restart Helper Mode. · A changeover from the active to the standby Route Processor (RP) can take several seconds, depending on the hardware platform, and during this time OSPF is unable to send Hello packets. As a result, configurations that use small OSPF dead intervals might not be able to maintain adjacencies across a changeover.
Information About OSPF Nonstop Routing
The OSPF Nonstop Routing feature allows a device with redundant Route Processors (RPs) to maintain its Open Shortest Path First (OSPF) state and adjacencies across planned and unplanned RP changeovers. The OSPF state is maintained by checkpointing the state information from OSPF on the active RP to the standby RP. After a changeover to the standby RP, OSPF uses the checkpointed information to continue operations without interruption. Although OSPF Nonstop Routing serves a similar function to OSPF Nonstop Forwarding (NSF), it works differently. With NSF, OSPF on the newly active standby RP initially has no state information. OSPF uses extensions to the OSPF protocol to recover its state from neighboring OSPF devices. For the recovery to work, the neighbors must support the NSF protocol extensions and be willing to act as "helpers" to the device that
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 149
How to Configure OSPF Nonstop Routing
Configuring OSPF NSR
is restarting. The neighbors must also continue forwarding data traffic to the device that is restarting while protocol state recovery takes place. With nonstop routing, by contrast, the device that performs the changeover preserves its state internally, and in most cases the neighbors are unaware of the changeover. Because assistance is not needed from neighboring devices, nonstop routing can be used in situations where NSF cannot be used; for example, in networks where not all neighbors implement the NSF protocol extensions, or where network topology changes during the recovery making NSF unreliable, use nonstop routing instead of NSF.
How to Configure OSPF Nonstop Routing
The following sections provide information on configuring OSPF nonstop routing.
Configuring OSPF Nonstop Routing
To configure OSPF nonstop routing , perform this procedure.
Note Devices that do not support nonstop routing will not accept the nsr (OSPFv3) command.
Procedure
Step 1
Command or Action enable Example:
Device> enable
Step 2
configure terminal Example:
Device# configure terminal
Step 3
router ospf process-id Example:
Device(config)# router ospf 109
Step 4
nsr Example:
Device(config-router)# nsr
Step 5
end Example:
Device(config-router)# end
Purpose Enables privileged EXEC mode. Enter your password if prompted. Enters global configuration mode.
Configures an OSPF routing process and enters router configuration mode.
Configures nonstop routing.
Exits router configuration mode and returns to privileged EXEC mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 150
Configuring OSPF NSR
Configuration Examples for OSPF Nonstop Routing
Step 6
Command or Action
show ip ospf [process-id] nsr [objects | statistics] Example:
Device# show ip ospf 109 nsr
Purpose
Displays OSPF nonstop routing status information.
Configuration Examples for OSPF Nonstop Routing
Example: Configuring OSPF Nonstop Routing
The following is an example output that shows how to configure OSPF NSR:
Device> enable Device# configure terminal Device(config)# router ospf 1 Device(config-router)# nsr Device(config-router)# end Device# show ip ospf 1 nsr Standby RP
Operating in duplex mode Redundancy state: STANDBY HOT Peer redundancy state: ACTIVE ISSU negotation complete ISSU versions compatible Routing Process "ospf 1" with ID 10.1.1.100 NSR configured Checkpoint message sequence number: 3290 Standby synchronization state: synchronized Bulk sync operations: 1 Last sync start time: 15:22:48.971 UTC Fri Jan 14 2011 Last sync finish time: 15:22:48.971 UTC Fri Jan 14 2011 Last sync lost time: Last sync reset time: LSA Count: 2, Checksum Sum 0x00008AB4
The output shows that OSPF nonstop routing is configured and that OSPF on the standby RP is fully synchronized and ready to continue operation should the active RP fail or if a manual changeover is performed.
Feature History for OSPF Nonstop Routing
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 151
Feature History for OSPF Nonstop Routing
Configuring OSPF NSR
Release Cisco IOS XE Amsterdam 17.3.1
Feature OSPF Nonstop Routing
Cisco IOS XE Cupertino 17.7.1
OSPF Nonstop Routing
Feature Information
The OSPF Nonstop Routing feature allows a device with redundant Route Processors to maintain its OSPF state and adjacencies across planned and unplanned RP changeovers.
Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 152
1 1 C H A P T E R
Configuring OSPF Retransmissions Limit
· Restrictions For OSPF Retransmissions Limit, on page 153 · Overview About OSPF Retransmissions Limit, on page 153 · Setting OSPF Retransmission Limits, on page 154 · Example: Configuring OSPF Retransmissions Limit, on page 154 · Additional References for OSPF Retransmissions Limit, on page 154 · Feature History for OSPF Retransmissions Limit, on page 155
Restrictions For OSPF Retransmissions Limit
The limit to the number of retransmissions does not apply for update packets on nonbroadcast multiaccess (NBMA) point-to-multipoint direct circuits. In this situation, the dead timer is used to end communication with non-responding neighbors and thus stop the retransmissions.
Overview About OSPF Retransmissions Limit
There is a limit to the number of retransmissions of database exchange and update packets for both demand and non-demand circuits. The retransmission of these packets stops once this retry limit is reached, thus preventing unnecessary use of the link in continual retransmission of the packets if, for some reason, a neighbor is not responding during adjacency forming.
The limit for both demand circuit and non-demand circuit retransmissions is 24.
The limit-retransmissions command allows you to either remove (disable) the limit or change the maximum number of retransmissions to be a number from 1 to 255.
Benefits
The limit-retransmissions command provides for backward compatibility for previous or other releases of Cisco IOS or other routers that do not have this feature.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 153
Setting OSPF Retransmission Limits
Configuring OSPF Retransmissions Limit
Setting OSPF Retransmission Limits
Procedure
Step 1
Command or Action enable Example:
Device>enable
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Step 2
configure terminal Example:
Device#configure terminal
Enters global configuration mode.
Step 3
router ospf process-ID Example:
Device(config)#router ospf 18
Configures OSPF routing process and enters OSPF router configuration mode.
Step 4
limit retransmissions{[dc {max-number | disable}] [non-dc {max-number | disable}]}
Example:
Device(config-router)#limit retransmissions dc 5
Sets the limit in the number of retransmissions of database exchange and update packets for both demand and non-demand circuits.
Step 5
end Example:
Device(config-router)#end
Exits address router configuration mode and returns to privileged EXEC mode.
Example: Configuring OSPF Retransmissions Limit
The following is an example of configuring OSPF retransmissions limit.
router ospf 18 limit retransmissions dc 5
Additional References for OSPF Retransmissions Limit
Related Documents Related Topic Configuring OSPF
Document Title
IP Routing: OSPF Configuration Guide
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 154
Configuring OSPF Retransmissions Limit
Feature History for OSPF Retransmissions Limit
Related Topic OSPF Commands
Document Title
IP Routing: OSPF Command Reference
Feature History for OSPF Retransmissions Limit
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1
OSPF Retransmissions Limit The OSPF Retransmissions Limit feature adds a limit to the number of retransmissions of database exchange and update packets for both demand and non-demand circuits.
Cisco IOS XE Cupertino 17.7.1
OSPF Retransmissions Limit Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 155
Feature History for OSPF Retransmissions Limit
Configuring OSPF Retransmissions Limit
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 156
1 2 C H A P T E R
Configuring OSPFv3 NSR
· Restrictions for OSPFv3 Nonstop Routing, on page 157 · Information About OSPFv3 Nonstop Routing, on page 157 · How to Configure OSPFv3 Nonstop Routing, on page 158 · Configuration Examples for OSPFv3 Nonstop Routing, on page 160 · Troubleshooting Tips, on page 163 · Additional References, on page 163 · Feature History for OSPFv3 Nonstop Routing, on page 164
Restrictions for OSPFv3 Nonstop Routing
This feature is not supported on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
Information About OSPFv3 Nonstop Routing
OSPFv3 Nonstop Routing feature allows a device with redundant Route Processors (RPs) to maintain its Open Shortest Path First (OSPF) state and adjacencies across planned and unplanned RP switchovers. This feature works by checkpointing the OSPFv3 information from the active RP to the standby RP. When a changeover occurs and the standby RP becomes the new active RP, this checkpointed information is used to continue operation without interruption. Although OSPFv3 Nonstop Routing serves a similar function to the OSPFv3 graceful restart feature, it works differently. With graceful restart, OSPFv3 on the newly active standby RP initially has no state information, so it uses extensions to the OSPFv3 protocol to recover its state from neighboring OSPFv3 devices. For this to work, the neighbors must support the graceful restart protocol extensions and be able to act as helpers to the restarting device. They must also continue forwarding data traffic to the restarting device while this recovery is taking place. With nonstop routing, by contrast, the device performing the changeover preserves its state internally, and in most cases the neighbors are unaware that changeover has happened. Because no assistance is needed from neighboring devices, nonstop routing can be used in situations where graceful restart cannot; for example, graceful restart is unreliable in networks where not all the neighbors implement the graceful restart protocol extensions or where the network topology changes during recovery.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 157
How to Configure OSPFv3 Nonstop Routing
Configuring OSPFv3 NSR
Note When nonstop routing is enabled, the responsiveness and scalability of OSPF is degraded. The performance degradation happens because OSPF uses CPU and memory to checkpoint data to the standby RP.
How to Configure OSPFv3 Nonstop Routing
The following sections provide information on how to configure OSPFv3 and how to enable and disable OSPFv3 Nonstop Routing for an address family.
Configuring OSPFv3 Nonstop Routing
Note Devices that do not support nonstop routing will not accept the nsr (OSPFv3) command.
Procedure
Step 1
Command or Action enable Example:
Device> enable
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
configure terminal Example:
Device# configure terminal
Enters global configuration mode.
Step 3
router ospfv3 process-id Example:
Device(config)# router ospfv3 109
Enters router configuration mode and configures an OSPFv3 routing process.
Step 4
nsr Example:
Device(config-router)# nsr
Configures nonstop routing.
Step 5
end Example:
Device(config-router)# end
Exits router configuration mode and returns to privileged EXEC mode.
Step 6
show ospfv3 [process-id] [address-family] nsr Displays OSPFv3 nonstop routing status
Example:
information.
Device# show ospfv3 109 nsr
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 158
Configuring OSPFv3 NSR
Enabling OSPFv3 Nonstop Routing for an Address Family
Enabling OSPFv3 Nonstop Routing for an Address Family
To enable OSPFv3 nonstop routing for an address family, perform this procedure.
Note Devices that do not support nonstop routing will not accept the nsr (OSPFv3) command.
Procedure
Step 1
Command or Action enable Example:
Device> enable
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
configure terminal Example:
Device# configure terminal
Enters global configuration mode.
Step 3
router ospfv3 process-id Example:
Device(config)# router ospfv3 109
Enters router configuration mode and configures an OSPFv3 routing process.
Step 4
address-family {ipv4 | ipv6} unicast [vrf Enters IPv4 or IPv6 address family
vrf-name]
configuration mode for OSPFv3 router
Example:
configuration mode.
Device(config-router)# address-family ipv4 unicast
Step 5
nsr Example:
Device(config-router-af)# nsr
Enables nonstop routing for the address family that is configured.
Step 6
end Example:
Device(config-router)# end
Exits router configuration mode and returns to privileged EXEC mode.
Disabling OSPFv3 Nonstop Routing for an Address Family
To disable OSPFv3 nonstop routing for an address family, perform this procedure.
Procedure
Step 1
Command or Action enable
Purpose Enables privileged EXEC mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 159
Configuration Examples for OSPFv3 Nonstop Routing
Configuring OSPFv3 NSR
Step 2 Step 3 Step 4
Step 5 Step 6
Command or Action Example:
Device> enable
Purpose Enter your password if prompted.
configure terminal Example:
Device# configure terminal
Enters global configuration mode.
router ospfv3 process-id Example:
Device(config)# router ospfv3 109
Enters router configuration mode and configures an OSPFv3 routing process.
address-family {ipv4 | ipv6} unicast [vrf Enters IPv4 or IPv6 address family
vrf-name]
configuration mode for OSPFv3 router
Example:
configuration mode.
Device(config-router)# address-family ipv6 unicast
nsr [disable] Example:
Device(config-router-af)# nsr disable
Disables nonstop routing for the address family that is configured.
end Example:
Device(config-router)# end
Exits router configuration mode and returns to privileged EXEC mode.
Configuration Examples for OSPFv3 Nonstop Routing
Example: Configuring OSPFv3 Nonstop Routing
The following example shows how to configure OSPFv3 nonstop routing and to verify that it is enabled:
Device(config)# router ospfv3 1 Device(config-router)# nsr Device(config-router)# end Device# show ospfv3 1
OSPFv3 1 address-family ipv4 Router ID 10.0.0.1 Supports NSSA (compatible with RFC 3101) Event-log enabled, Maximum number of events: 1000, Mode: cyclic It is an area border and autonomous system boundary router Redistributing External Routes from, Router is not originating router-LSAs with maximum metric Initial SPF schedule delay 5000 msecs Minimum hold time between two consecutive SPFs 10000 msecs Maximum wait time between two consecutive SPFs 10000 msecs Minimum LSA interval 5 secs Minimum LSA arrival 1000 msecs
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 160
Configuring OSPFv3 NSR
Example: Configuring OSPFv3 Nonstop Routing
LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Retransmission limit dc 24 non-dc 24 Number of external LSA 0. Checksum Sum 0x000000 Number of areas in this router is 3. 2 normal 0 stub 1 nssa Non-Stop Routing enabled Graceful restart helper support enabled Reference bandwidth unit is 100 mbps RFC1583 compatibility enabled
Area BACKBONE(0) (Inactive) Number of interfaces in this area is 1 SPF algorithm executed 3 times Number of LSA 6. Checksum Sum 0x03C938 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0
Area 1 Number of interfaces in this area is 3 SPF algorithm executed 3 times Number of LSA 6. Checksum Sum 0x024041 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0
Area 3 Number of interfaces in this area is 1 It is a NSSA area Perform type-7/type-5 LSA translation SPF algorithm executed 4 times Number of LSA 5. Checksum Sum 0x024910 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0
OSPFv3 1 address-family ipv6 Router ID 10.0.0.1 Supports NSSA (compatible with RFC 3101) Event-log enabled, Maximum number of events: 1000, Mode: cyclic It is an area border and autonomous system boundary router Redistributing External Routes from,
ospf 2 Router is not originating router-LSAs with maximum metric Initial SPF schedule delay 5000 msecs Minimum hold time between two consecutive SPFs 10000 msecs Maximum wait time between two consecutive SPFs 10000 msecs Minimum LSA interval 5 secs Minimum LSA arrival 1000 msecs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Retransmission limit dc 24 non-dc 24 Number of external LSA 0. Checksum Sum 0x000000 Number of areas in this router is 3. 2 normal 0 stub 1 nssa Non-Stop Routing enabled Graceful restart helper support enabled Reference bandwidth unit is 100 mbps RFC1583 compatibility enabled
Area BACKBONE(0) (Inactive) Number of interfaces in this area is 2 SPF algorithm executed 2 times Number of LSA 6. Checksum Sum 0x02BAB7
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 161
Example: Verifying OSPFv3 Nonstop Routing Status
Configuring OSPFv3 NSR
Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0 Area 1 Number of interfaces in this area is 4 SPF algorithm executed 2 times Number of LSA 7. Checksum Sum 0x04FF3A Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0 Area 3 Number of interfaces in this area is 1 It is a NSSA area Perform type-7/type-5 LSA translation SPF algorithm executed 3 times Number of LSA 5. Checksum Sum 0x011014 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0
Example: Verifying OSPFv3 Nonstop Routing Status
The following example shows how to verify OSPFv3 nonstop routing status:
Device# show ospfv3 1 nsr Active RP Operating in duplex mode Redundancy state: ACTIVE Peer redundancy state: STANDBY HOT Checkpoint peer ready Checkpoint messages enabled ISSU negotiation complete ISSU versions compatible
OSPFv3 1 address-family ipv4 (router-id 10.0.0.1) NSR configured Checkpoint message sequence number: 29 Standby synchronization state: synchronized Bulk sync operations: 1 Next sync check time: 12:00:14.956 PDT Wed Jun 6 2012 LSA Count: 17, Checksum Sum 0x00085289
OSPFv3 1 address-family ipv6 (router-id 10.0.0.1) NSR configured Checkpoint message sequence number: 32 Standby synchronization state: synchronized Bulk sync operations: 1 Next sync check time: 12:00:48.537 PDT Wed Jun 6 2012 LSA Count: 18, Checksum Sum 0x0008CA05
The output shows that OSPFv3 nonstop routing is configured and that OSPFv3 on the standby RP is fully synchronized and ready to continue operation if the active RP fails or if a manual changeover is performed.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 162
Configuring OSPFv3 NSR
Troubleshooting Tips
Troubleshooting Tips
OSPFv3 nonstop routing can increase the amount of memory used by the OSPFv3 device process. To determine how much memory OSPFv3 is currently using without NSR, you can use the show processes and show processes memory commands:
Device# show processes | include OSPFv3 276 Mwe 133BE14 296 Mwe 133A824
1900 10
1792 971
1060 8904/12000 0 OSPFv3-1 Router 10 8640/12000 0 OSPFv3-1 Hello
Process 276 is the OSPFv3 device process that is to be checked. The show processes memory command is used to display its current memory use:
Device# show processes memory 276 Process ID: 276 Process Name: OSPFv3-1 Router Total Memory Held: 4454800 bytes
In this case OSPFv3 is using 4,454,800 bytes or approximately 4.5 megabytes (MB). OSPFv3 nonstop routing could double this for brief periods, so you should make sure the device has at least 5 MB of free memory before enabling OSPFv3 nonstop routing.
Additional References
Standards
Standards
Title
No new or modified standards are supported by this feature, and support for existing standards has not -- been modified by this feature.
MIBs
MIBs
MIBs Link
No new or modified MIBs are supported by this To locate and download MIBs for selected platforms, Cisco
feature, and support for existing MIBs has not software releases, and feature sets, use Cisco MIB Locator
been modified by this feature.
found at the following URL:
http://www.cisco.com/go/mibs
RFCs
RFCs
Title
RFC 5187. OSPFv3 Graceful Restart
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 163
Feature History for OSPFv3 Nonstop Routing
Configuring OSPFv3 NSR
Technical Assistance
Description
Link
The Cisco Support and Documentation website provides http://www.cisco.com/cisco/web/support/index.html online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.
Feature History for OSPFv3 Nonstop Routing
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Amsterdam 17.3.1
OSPFv3 Nonstop Routing
OSPFv3 Nonstop Routing feature allows a device with redundant Route Processors to maintain its OSPF state and adjacencies across planned and unplanned RP switchovers.
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 164
1 3 C H A P T E R
Configuring OSPFv2 Loop-Free Alternate IP Fast Reroute
The OSPFv2 Loop-Free Alternate IP Fast Reroute feature uses a precomputed alternate next hop to reduce failure reaction time when the primary next hop fails. It lets you configure a per-prefix Loop-Free Alternate (LFA) path that redirects traffic to a next hop other than the primary neighbor. The forwarding decision is made and service is restored without other routers' knowledge of the failure.
· Prerequisites for OSPFv2 Loop-Free Alternate IP Fast Reroute, on page 165 · Restrictions for OSPFv2 Loop-Free Alternate IP Fast Reroute, on page 165 · Information About OSPFv2 Loop-Free Alternate IP Fast Reroute, on page 166 · How to Configure OSPFv2 Loop-Free Alternate IP Fast Reroute, on page 168 · Configuration Examples for OSPFv2 Loop-Free Alternate IP Fast Reroute, on page 172 · Feature History for OSPFv2 Loop-Free Alternate IP Fast, on page 173
Prerequisites for OSPFv2 Loop-Free Alternate IP Fast Reroute
Open Shortest Path First (OSPF) supports IP Fast Reroute (FRR) only on platforms that support this feature in the forwarding plane. See the Cisco Feature Navigator at http://www.cisco.com/go/cfn for information on platform support. An account on Cisco.com is not required.
Restrictions for OSPFv2 Loop-Free Alternate IP Fast Reroute
· This feature is not supported on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2). · IPv6 LFA IP FRR is not supported. · LFA IP FRR is not supported with primary path or backup path as Multiprotocol Label Switching (MPLS). · LFA IP FRR is not supported with primary path or backup path as Equal-Cost Multipath (ECMP). · LFA IP FRR is not supported for OSPFv2 VRF-Lite. · LFA IP FRR is only available at the network-advantage license level. · Generic Routing Encapsulation (GRE) tunnel as primary path is not supported. · The convergence time may be higher in cases of high CPU utilization.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 165
Information About OSPFv2 Loop-Free Alternate IP Fast Reroute
Configuring OSPFv2 Loop-Free Alternate IP Fast Reroute
· The convergence time is dependent on the primary link status detection, and so, if the physical link goes down in cases of logical interfaces such as Switched Virtual interface (SVI) and port channels, the convergence time is expected to be higher.
Information About OSPFv2 Loop-Free Alternate IP Fast Reroute
The following sections provide detailed information about OSPFv2 Loop-Free Alternate IP Fast Reroute.
LFA Repair Paths
The following figure shows how the OSPFv2 Loop-Free Alternate IP Fast Reroute feature reroutes traffic if a link fails. A protecting router precomputes per-prefix repair paths and installs them in the global routing information base (RIB). When the protected primary path fails, the protecting router diverts live traffic from the primary path to the stored repair path without other routers having to recompute the network topology or even be aware that the network topology has changed.
Figure 7: LFA Repair Paths
LFA Repair Path Attributes
When a primary path fails, many paths are possible repair candidates. The Loop-Free Alternate IP Fast Reroute feature's default selection policy prioritizes attributes in the following order: 1. srlg 2. primary-path 3. interface-disjoint 4. lowest-metric 5. linecard-disjoint 6. node-protecting 7. broadcast-interface-disjoint If the evaluation does not select any candidate, the repair path is selected by implicit load balancing. This means that repair path selection varies depending on prefix.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 166
Configuring OSPFv2 Loop-Free Alternate IP Fast Reroute
Shared Risk Link Groups
Use the show ip ospf fast-reroute command to display the current configuration.
Use the fast-reroute tie-break command to configure one or more of the repair-path attributes described in the following sections:
Shared Risk Link Groups
A shared risk link group (SRLG) is a group of next-hop interfaces comprising repair and protected primary paths that have a high likelihood of failing simultaneously. The OSPFv2 Loop-Free Alternate IP Fast Reroute feature supports only the SRLGs that are locally configured on the computing router. VLANs on a single physical interface are an example of an SRLG. If the physical interface fails, all the VLAN interfaces will fail at the same time. The default repair-path attributes might result in the primary path on one VLAN being protected by a repair path over another VLAN. You can configure the srlg attribute to specify that LFA repair paths do not share the same SRLG ID as the primary path. Use the srlg command to assign an interface to an SRLG.
Interface Protection
Point-to-point interfaces have no alternate next hop for rerouting if the primary gateway fails. You can set the interface-disjoint attribute to prevent the selection of such repair paths, thus protecting the interface.
Broadcast Interface Protection
LFA repair paths protect links when a repair path and a protected primary path use different next-hop interfaces. However, on broadcast interfaces, if the LFA repair path is computed through the same interface as the primary path, but their next-hop gateways are different, the node is protected, but the link might not be. You can set the broadcast-interface-disjoint attribute to specify that the repair path never crosses the broadcast network the primary path points to; that is, the repair path cannot use the interface and the broadcast network connected to it.
See Broadcast and Non-Broadcast Multi-Access (NBMA) Links in RFC 5286, Basic Specification for IP Fast Reroute: Loop-Free Alternates for information on network topologies that require this tiebreaker.
Node Protection
The default repair-path attributes might not protect the router that is the next hop in a primary path. You can configure the node-protecting attribute to specify that the repair path will bypass the primary-path gateway router.
Downstream Path
In the case of a high-level network failure or multiple simultaneous network failures, traffic sent over an alternate path might loop until OSPF recomputes the primary paths. You can configure the downstream attribute to specify that the metric of any repair path to the protected destination must be lower than that of the protecting node to the destination. This might result in lost traffic, but it prevents looping.
Line-Card Disjoint Interfaces
Line-card interfaces are similar to SRLGs because all the interfaces on the same line card will fail at the same time if there is a problem with the line card, for example, line card online insertion and removal (OIR). You can configure the linecard-disjoint attribute to specify that LFA repair paths use interfaces that are different from those on the primary-path line card.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 167
Metric
Configuring OSPFv2 Loop-Free Alternate IP Fast Reroute
Metric
An LFA repair path need not be the most efficient of candidates. A high-cost repair path might be considered more attractive if it provides protection against higher-level network failures. You can configure the metric attribute to specify a repair-path policy that has the lowest metric.
Equal-Cost Multipath Primary Paths
Equal-cost multipath paths (ECMPs) found during the primary shortest path first (SPF) repair, might not be desirable in network designs where traffic is known to exceed the capacity of a single link. You can configure the primary-path attribute to specify an LFA repair path from the ECMP set, or the secondary-path attribute to specify an LFA repair path that is not from the ECMP set.
Candidate Repair-Path Lists
When OSPF computes a repair path, it keeps only the best candidate path in the local RIB in order to conserve memory. Use the fast-reroute keep-all-paths command to create a list of all the candidate repair paths that were considered. This information can be useful for troubleshooting, but because it can greatly increase memory consumption, it should be reserved for testing and debugging.
How to Configure OSPFv2 Loop-Free Alternate IP Fast Reroute
The following sections provide information about the various tasks that comprise the configuration of OSPFv2 Loop-Free Alternate IP Fast Reroute.
Enabling Per-Prefix OSPFv2 Loop-Free Alternate IP Fast Reroute
Perform this task to enable per-prefix OSPFv2 Loop-Free Alternate IP Fast Reroute and select the prefix priority in an OSPF area.
Procedure
Step 1
Command or Action enable Example:
Device> enable
Purpose Enables privileged EXEC mode. Enter your password, if prompted.
Step 2
configure terminal Example:
Device# configure terminal
Enters global configuration mode.
Step 3
router ospf process-id Example:
Device(config)# router ospf 10
Enables OSPF routing and enters router configuration mode.
Step 4
fast-reroute per-prefix enable prefix-priority Enables repair-path computation and selects the
priority-level
priority level for repair paths.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 168
Configuring OSPFv2 Loop-Free Alternate IP Fast Reroute
Specifying Prefixes for Protection by LFA IP FRR
Step 5
Command or Action Example:
Device (config-router)# fast-reroute per-prefix enable prefix-priority low
Purpose
Low priority specifies that all the prefixes have the same eligibility for protection. High priority specifies that only high-priority prefixes are protected.
exit Example:
Device (config-router)# exit
Exits router configuration mode and returns to global configuration mode.
Specifying Prefixes for Protection by LFA IP FRR
Perform this task to specify which prefixes will be protected by LFA IP FRR. Only prefixes specified in the route map will be protected.
Note Only the match tag, match route-type, and match ip address prefix-list match keywords are recognized in the route map:
Procedure
Step 1
Command or Action enable Example:
Device> enable
Purpose Enables privileged EXEC mode. Enter your password, if prompted.
Step 2
configure terminal Example:
Device# configure terminal
Enters global configuration mode.
Step 3
route-map map-tag [permit | deny] [sequence-number]
Example:
Device(config)# route-map OSPF-PREFIX-PRIORITY
Enters route-map configuration mode and specifies the map name.
Step 4
match tag tag-name
Specifies the prefixes to be matched.
Example:
Only prefixes that match the tag are protected.
Device(config-route-map)# match tag 886
Step 5
exit Example:
Device(config-route-map)# exit
Exits route-map configuration mode and returns to global configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 169
Configuring a Repair Path Selection Policy
Configuring OSPFv2 Loop-Free Alternate IP Fast Reroute
Step 6 Step 7 Step 8
Command or Action router ospf process-id Example:
Device(config)# router ospf 10
Purpose
Enables OSPF routing and enters router configuration mode.
prefix-priority priority-level route-map map-tag
Sets the priority level for repair paths and specifies the route map that defines the prefixes.
Example:
Device(config-router)# prefix-priority high route-map OSPF-PREFIX-PRIORITY
exit Example:
Device(config-router)# exit
Exits router configuration mode and returns to global configuration mode.
Configuring a Repair Path Selection Policy
Perform this task to configure a repair path selection policy, specifying a tiebreaking condition. See the LFA Repair Path Attributes for information on tiebreaking attributes.
Procedure
Step 1
Command or Action enable Example:
Device> enable
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
configure terminal Example:
Device# configure terminal
Enters global configuration mode.
Step 3
router ospf process-id Example:
Device(config)# router ospf 10
Enables OSPF routing and enters router configuration mode.
Step 4
fast-reroute per-prefix tie-break attribute [required] index index-level
Example:
Configures a repair path selection policy by specifying a tie-breaking condition and setting its priority level.
Device(config-router)# fast-reroute per-prefix tie-break srlg required index
10
Step 5
exit Example:
Device(config-router)# exit
Exits router configuration mode and returns to global configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 170
Configuring OSPFv2 Loop-Free Alternate IP Fast Reroute
Creating a List of Repair Paths Considered
Creating a List of Repair Paths Considered
Perform this task to create a list of paths considered for LFA IP FRR.
Procedure
Step 1
Command or Action enable Example:
Device> enable
Step 2
configure terminal Example:
Device# configure terminal
Step 3
router ospf process-id Example:
Device(config)# router ospf 10
Step 4
fast-reroute keep-all-paths
Example:
Device(config-router)# fast-reroute keep-all-paths
Step 5
exit Example:
Device(config-router)# exit
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Enters global configuration mode.
Enables OSPF routing and enters router configuration mode.
Specifies creating a list of repair paths considered for LFA IP FRR.
Exits router configuration mode and returns to global configuration mode.
Prohibiting an Interface from Being Used as the Next Hop
Perform this task to prohibit an interface from being used as the next hop in a repair path.
Procedure
Step 1
Command or Action enable Example:
Device> enable
Step 2
configure terminal Example:
Device# configure terminal
Step 3
interface type number Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Enters global configuration mode.
Enters interface configuration mode for the interface specified.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 171
Configuration Examples for OSPFv2 Loop-Free Alternate IP Fast Reroute
Configuring OSPFv2 Loop-Free Alternate IP Fast Reroute
Step 4 Step 5
Command or Action
Purpose
Device(config)# interface Ethernet 1/0
ip ospf fast-reroute per-prefix candidate disable
Prohibits the interface from being used as the next hop in a repair path.
Example:
Device(config-if)# ip ospf fast-reroute per-prefix candidate disable
exit Example:
Device(config-if)# exit
Exits interface configuration mode and returns to global configuration mode.
Configuration Examples for OSPFv2 Loop-Free Alternate IP Fast Reroute
The following sections provide examples of OSPFv2 Loop-Free Alternate IP Fast Reroute configuration.
Example: Enabling Per-Prefix LFA IP FRR
The following example shows how to enable per-prefix OSPFv2 LFA IP FRR and select the prefix priority in an OSPF area:
Device> enable Device# configure terminal Device(config)# router ospf 10 Device(config-router)# fast-reroute per-prefix enable prefix-priority low Device(config-router)# end
Example: Specifying Prefix-Protection Priority
The following example shows how to specify which prefixes will be protected by LFA FRR:
Device> enable Device# configure terminal Device(config)# router ospf 10 Device(config-router)# prefix-priority high route-map OSPF-PREFIX-PRIORITY Device(config-router)# fast-reroute per-prefix enable prefix-priority high Device(config-router)# network 192.0.2.1 255.255.255.0 area 0 Device(config-router)# route-map OSPF-PREFIX-PRIORITY permit 10 Device(config-router)# match tag 866 Device(config-router)# end
Example: Configuring Repair-Path Selection Policy
The following example shows how to configure a repair-path selection policy that sets SRLG, line card failure, and downstream as tiebreaking attributes, and sets their priority indexes:
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 172
Configuring OSPFv2 Loop-Free Alternate IP Fast Reroute
Example: Auditing Repair-Path Selection
Device> enable Device# configure terminal Device(config)# router ospf 10 Device(config-router)# fast-reroute per-prefix enable prefix-priority low Device(config-router)# fast-reroute per-prefix tie-break srlg required index 10 Device(config-router)# fast-reroute per-prefix tie-break linecard-disjoint index 15 Device(config-router)# fast-reroute per-prefix tie-break downstream index 20 Device(config-router)# network 192.0.2.1 255.255.255.0 area 0 Device(config-router)# end
Example: Auditing Repair-Path Selection
The following example shows how to keep a record of repair-path selection:
Device> enable Device# configure terminal Device(config)# router ospf 10 Device(config-router)# fast-reroute per-prefix enable prefix-priority low Device(config-router)# fast-reroute keep-all-paths Device(config-router)# network 192.0.2.1 255.255.255.0 area 0 Device(config-router)# end
Example: Prohibiting an Interface from Being a Protecting Interface
The following example shows how to prohibit an interface from being a protecting interface:
Device> enable Device# configure terminal Device(config)# interface Ethernet 0/0 Device(config-if)# ip address 192.0.2.1 255.255.255.0 Device(config-if)# ip ospf fast-reroute per-prefix candidate disable Device(config-if)# end
Feature History for OSPFv2 Loop-Free Alternate IP Fast
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Amsterdam 17.3.1
OSPFv2 Loop-Free Alternate The OSPFv2 Loop-Free Alternate
IP Fast Reroute
IP Fast Reroute feature uses a
precomputed alternate next hop to
reduce failure reaction time when
the primary next hop fails.
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 173
Feature History for OSPFv2 Loop-Free Alternate IP Fast
Configuring OSPFv2 Loop-Free Alternate IP Fast Reroute
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 174
1 4 C H A P T E R
Configuring OSPFv3 Fast Convergence - LSA and SPF Throttling
· Restrictions for OSPFv3 Fast Convergence: LSA and SPF Throttling, on page 175 · Information About OSPFv3 Fast Convergence: LSA and SPF Throttling, on page 175 · How to Configure OSPFv3 Fast Convergence: LSA and SPF Throttling, on page 176 · Example: Configuring LSA and SPF Throttling for OSPFv3 Fast Convergence, on page 177 · Additional References, on page 178 · Feature History for OSPFv3 Fast Convergence: LSA and SPF Throttling , on page 178
Restrictions for OSPFv3 Fast Convergence: LSA and SPF Throttling
This feature is not supported on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2)
Information About OSPFv3 Fast Convergence: LSA and SPF Throttling
The Open Shortest Path First version 3 (OSPFv3) link-state advertisement (LSAs) and shortest-path first (SPF) throttling feature provides a dynamic mechanism to slow down link-state advertisement updates in OSPFv3 during times of network instability. It also allows faster OSPFv3 convergence by providing LSA rate limiting in milliseconds. OSPFv3 can use static timers for rate-limiting SPF calculation and LSA generation. Although these timers are configurable, the values used are specified in seconds, which poses a limitation on OSPFv3 convergence. LSA and SPF throttling achieves subsecond convergence by providing a more sophisticated SPF and LSA rate-limiting mechanism that is able to react quickly to changes and also provide stability and protection during prolonged periods of instability.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 175
How to Configure OSPFv3 Fast Convergence: LSA and SPF Throttling
Configuring OSPFv3 Fast Convergence - LSA and SPF Throttling
How to Configure OSPFv3 Fast Convergence: LSA and SPF Throttling
The following sections provide configuration information about OSPFv3 Fast Convergence: LSA and SPF throttling.
Tuning LSA and SPF Timers for OSPFv3 Fast Convergence
To tune LSA and SPF timers for OSPFv3 fast convergence, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Device> enable
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
configure terminal Example:
Device# configure terminal
Enters global configuration mode.
Step 3
router ospfv3 [process-id] Example:
Device(config)# router ospfv3 1
Enables OSPFv3 router configuration mode for the IPv4 or IPv6 address family.
Step 4
timers lsa arrival milliseconds Example:
Sets the minimum interval at which the software accepts the same LSA from OSPFv3 neighbors.
Device(config-rtr)# timers lsa arrival 300
Step 5
timers pacing flood milliseconds
Configures LSA flood packet pacing.
Example:
Device(config-rtr)# timers pacing flood 30
Step 6
timers pacing lsa-group seconds
Example:
Device(config-router)# timers pacing lsa-group 300
Changes the interval at which OSPFv3 LSAs are collected into a group and refreshed, checksummed, or aged.
Step 7
timers pacing retransmission milliseconds
Example:
Device(config-router)# timers pacing retransmission 100
Configures LSA retransmission packet pacing in IPv4 OSPFv3.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 176
Configuring OSPFv3 Fast Convergence - LSA and SPF Throttling
Configuring LSA and SPF Throttling for OSPFv3 Fast Convergence
Configuring LSA and SPF Throttling for OSPFv3 Fast Convergence
To configure LSA and SPF throttling for OSPFv3 fast convergence, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Device> enable
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Step 2
configure terminal Example:
Device# configure terminal
Enters global configuration mode.
Step 3
ipv6 router ospf process-id Example:
Device(config)# ipv6 router ospf 1
Enables OSPFv3 router configuration mode.
Step 4
timers throttle spf spf-start spf-hold spf-max-wait
Turns on SPF throttling.
Example:
Device(config-rtr)# timers throttle spf 200 200 200
Step 5
timers throttle lsa start-interval hold-interval Sets rate-limiting values for OSPFv3 LSA
max-interval
generation.
Example:
Device(config-rtr)# timers throttle lsa 300 300 300
Step 6
timers lsa arrival milliseconds Example:
Sets the minimum interval at which the software accepts the same LSA from OSPFv3 neighbors.
Device(config-rtr)# timers lsa arrival 300
Step 7
timers pacing flood milliseconds
Configures LSA flood packet pacing.
Example:
Device(config-rtr)# timers pacing flood 30
Example: Configuring LSA and SPF Throttling for OSPFv3 Fast Convergence
The following example show how to display the configuration values for SPF and LSA throttling timers:
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 177
Additional References
Configuring OSPFv3 Fast Convergence - LSA and SPF Throttling
Device# show ipv6 ospf
Routing Process "ospfv3 1" with ID 10.9.4.1 Event-log enabled, Maximum number of events: 1000, Mode: cyclic
It is an autonomous system boundary router Redistributing External Routes from,
ospf 2 Initial SPF schedule delay 5000 msecs Minimum hold time between two consecutive SPFs 10000 msecs Maximum wait time between two consecutive SPFs 10000 msecs Minimum LSA interval 5 secs Minimum LSA arrival 1000 msecs
Additional References
Related Documents Related Topic IPv6 addressing and connectivity OSPFv3 Fast Convergence: LSA and SPF Throttling
Document Title
IPv6 Configuration Guide
OSPF Shortest Path First Throttling module
Standards and RFCs
Standard/RFC Title
RFCs for IPv6
IPv6 RFCs
Feature History for OSPFv3 Fast Convergence: LSA and SPF Throttling
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1
OSPFv3 Fast Convergence LSA and SPF Throttling
The Open Shortest Path First version 3 (OSPFv3) LSAs and SPF throttling feature provides a dynamic mechanism to slow down link-state advertisement updates in OSPFv3 during times of network instability
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 178
Configuring OSPFv3 Fast Convergence - LSA and SPF Throttling
Feature History for OSPFv3 Fast Convergence: LSA and SPF Throttling
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 179
Feature History for OSPFv3 Fast Convergence: LSA and SPF Throttling
Configuring OSPFv3 Fast Convergence - LSA and SPF Throttling
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 180
1 5 C H A P T E R
Configuring OSPFv3 Authentication Trailer
· Information About the OSPFv3 Authentication Trailer, on page 181 · How to Configure the OSPFv3 Authentication Trailer, on page 182 · Configuration Examples for the OSPFv3 Authentication Trailer, on page 184 · Additional References for OSPFv3 Authentication Trailer, on page 185 · Feature History for OSPFv3 Authentication Trailer, on page 186
Information About the OSPFv3 Authentication Trailer
The OSPFv3 authentication trailer feature (as defined in RFC 7166) provides an alternative mechanism to authenticate Open Shortest Path First version 3 (OSPFv3) protocol packets. Prior to the OSPFv3 authentication trailer, OSPFv3 IPsec (as defined in RFC 4552) was the only mechanism for authenticating protocol packets. The OSPFv3 authentication trailer feature also provides packet replay protection through sequence number and do not have platform dependencies. To perform non-IPsec cryptographic authentication, devices attach a special data block, that is, authentication trailer, to the end of the OSPFv3 packet. The length of the authentication trailer is not included in the length of the OSPFv3 packet but is included in the IPv6 payload length. The Link-Local Signaling (LLS) block is established by the L-bit setting in the OSPFv3 Options field in OSPFv3 hello packets and database description packets. If present, the LLS data block is included in the cryptographic authentication computation along with the OSPFv3 packet. A new authentication trailer bit is introduced into the OSPFv3 Options field. OSPFv3 devices must set the authentication trailer bit in OSPFv3 hello packets and database description packets to indicate that all the packets on this link include an authentication trailer. For OSPFv3 hello packets and database description packets, the authentication trailer bit indicates that the authentication trailer is present. For other OSPFv3 packet types, the OSPFv3 authentication trailer bit setting from the OSPFv3 hello and database description setting is preserved in the OSPFv3 neighbor data structure. OSPFv3 packet types that do not include the OSPFv3 Options field uses the setting from the neighbor data structure to determine whether the authentication trailer is expected. The authentication trailer bit must be set in all OSPFv3 hello packets and database description packets that contain an authentication trailer. To configure the authentication trailer, OSPFv3 utilizes the existing Cisco IOS key chain command. For outgoing OSPFv3 packets, the following rules are used to select the key from the key chain:
· Select the key that is the last to expire.
· If two keys have the same stop time, select the one with the highest key ID.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 181
How to Configure the OSPFv3 Authentication Trailer
Configuring OSPFv3 Authentication Trailer
The security association ID maps to the authentication algorithm and the secret key that is used to generate and verify the message digest. If the authentication is configured, but the last valid key is expired, the packets are sent using the key. A syslog message is also generated. If no valid key is available, the packet is sent without the authentication trailer. When packets are received, the key ID is used to look up the data for that key. If the key ID is not found in the key chain, or if the security association is not valid, the packet is dropped. Otherwise, the packet is verified using the algorithm and the key that is configured for the key ID. Key chains support rollover using key lifetimes. A new key can be added to a key chain with the send start time set in the future. This setting allows the new key to be configured on all the devices before the keys are actually used.
The hello packets have higher priority than other OSPFv3 packets, and therefore, can get reordered on the outgoing interface. This reordering can create problems with sequence number verification on neighboring devices. To prevent sequence mismatch, OSPFv3 verifies the sequence number separately for each packet type. See RFC 7166 for more details on the authentication procedure.
During the initial rollover of the authentication trailer feature on the network, adjacency can be maintained between the devices that are configured with authentication routes and devices that are yet to be configured by using the deployment mode. When the deployment mode is configured using the authentication mode deployment command, the packets are processed differently. For the outgoing packets, OSPF checksum is calculated even if authentication trailer is configured. For incoming packets, the packets without authentication trailer or the wrong authentication hash are dropped. In the deployment mode, the show ospfv3 neighbor detail command shows the last packet authentication status. This information can be used to verify if the authentication trailer feature is working before the mode is set to normal with the authentication mode normal command.
How to Configure the OSPFv3 Authentication Trailer
To configure OSPFv3 authentication trailer, perform this procedure:
Before you begin
An authentication key is required for configuring OSPFv3 authentication trailer. For more information on configuring an authentication key, see How to Configure Authentication Keys in Protocol-Independent Features.
Procedure Step 1 Step 2 Step 3
Command or Action enable Example:
Device> enable
configure terminal Example:
Device# configure terminal
interface type number Example:
Purpose Enables privileged EXEC mode. Enter your password, if prompted. Enters global configuration mode.
Specifies the interface type and number.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 182
Configuring OSPFv3 Authentication Trailer
How to Configure the OSPFv3 Authentication Trailer
Step 4 Step 5 Step 6 Step 7 Step 8 Step 9
Step 10 Step 11
Command or Action
Device(config)# interface GigabitEthernet 2/0/1
Purpose
ospfv3 [pid] [ipv4 | ipv6] authentication {key-chain chain-name | null}
Example:
Device(config-if)# ospfv3 1 ipv6 authentication key-chain ospf-1
Specifies the authentication type for an OSPFv3 instance.
router ospfv3 [process-id] Example:
Device(config-if)# router ospfv3 1
Enters OSPFv3 router configuration mode.
address-family ipv6 unicast
Example:
Device(config-router)# address-family ipv6 unicast
Configures the IPv6 address family in the OSPFv3 process and enters IPv6 address family configuration mode.
area area-id authentication {key-chain chain-name | null}
Configures the authentication trailer on all interfaces in the OSPFv3 area.
Example:
Device(config-router-af)# area 1 authentication key-chain ospf-chain-1
area area-id virtual-link router-id authentication key-chain chain-name
Example:
Device(config-router-af)# area 1 virtual-link 1.1.1.1 authentication key-chain ospf-chain-1
Configures the authentication for virtual links.
area area-id sham-link source-address
Configures the authentication for sham-links.
destination-address authentication key-chain
chain-name
Example:
Device(config-router-af)# area 1 sham-link 1.1.1.1 1.1.1.0 authentication
key-chain ospf-chain-1
authentication mode {deployment | normal} (Optional) Specifies the type of authentication
Example:
used for the OSPFv3 instance.
Device(config-router-af)# authentication The deployment keyword provides adjacency
mode deployment
between configured and the unconfigured
authentication devices.
end Example:
Device(config-router-af)# end
Exits IPv6 address family configuration mode and returns to privileged EXEC mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 183
Configuration Examples for the OSPFv3 Authentication Trailer
Configuring OSPFv3 Authentication Trailer
Step 12 Step 13 Step 14
Command or Action show ospfv3 interface Example:
Device# show ospfv3
show ospfv3 neighbor [detail] Example:
Device# show ospfv3 neighbor detail
debug ospfv3 Example:
Device# debug ospfv3
Purpose (Optional) Displays OSPFv3-related interface information.
(Optional) Displays OSPFv3 neighbor information on a per-interface basis.
(Optional) Displays debugging information for OSPFv3.
Configuration Examples for the OSPFv3 Authentication Trailer
The following sections provide examples on how to configure the OSPFv3 authentication trailer and how to verify the OSPFv3 authentication trailer configuration.
Example: Configuring the OSPFv3 Authentication Trailer
The following example shows how to define authentication trailer on GigabitEthernet interface 1/0/1:
Device> enable Device# configure terminal Device(config)# interface GigabitEthernet 1/0/1 Device(config-if)# ospfv3 1 ipv6 authentication key-chain ospf-1 Device(config-if)# router ospfv3 1 Device(config-router)# address-family ipv6 unicast Device(config-router-af)# area 1 authentication key-chain ospf-1 Device(config-router-af)# area 1 virtual-link 1.1.1.1 authentication key-chain ospf-1 Device(config-router-af)# area 1 sham-link 1.1.1.1 authentication key-chain ospf-1 Device(config-router-af)# authentication mode deployment Device(config-router-af)# end Device(config)# key chain ospf-1 Device(config-keychain)# key 1 Device(config-keychain-key)# key-string ospf Device(config-keychain-key)# cryptographic-algorithm hmac-sha-256 !
Example: Verifying OSPFv3 Authentication Trailer
The following example shows the output of the show ospfv3 command.
Device# show ospfv3 OSPFv3 1 address-family ipv6 Router ID 1.1.1.1
...
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 184
Configuring OSPFv3 Authentication Trailer
Additional References for OSPFv3 Authentication Trailer
RFC1583 compatibility enabled Authentication configured with deployment key lifetime Active Key-chains: Key chain ospf-1: Send key 1, Algorithm HMAC-SHA-256, Number of interfaces 1 Area BACKBONE(0)
The following example shows the output of the show ospfv3 neighbor detail command.
Device# show ospfv3 neighbor detail OSPFv3 1 address-family ipv6 (router-id 2.2.2.2)
Neighbor 1.1.1.1 In the area 0 via interface GigabitEthernet0/0 Neighbor: interface-id 2, link-local address FE80::A8BB:CCFF:FE01:2D00 Neighbor priority is 1, State is FULL, 6 state changes DR is 2.2.2.2 BDR is 1.1.1.1 Options is 0x000413 in Hello (V6-Bit, E-Bit, R-Bit, AT-Bit) Options is 0x000413 in DBD (V6-Bit, E-Bit, R-Bit, AT-Bit) Dead timer due in 00:00:33 Neighbor is up for 00:05:07 Last packet authentication succeed Index 1/1/1, retransmission queue length 0, number of retransmission 0 First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0) Last retransmission scan length is 0, maximum is 0 Last retransmission scan time is 0 msec, maximum is 0 msec
The following example shows the output of the show ospfv3 interface command.
Device# show ospfv3 interface GigabitEthernet1/0/1 is up, line protocol is up
Cryptographic authentication enabled Sending SA: Key 25, Algorithm HMAC-SHA-256 key chain ospf-1 Last retransmission scan time is 0 msec, maximum is 0 msec
Additional References for OSPFv3 Authentication Trailer
Related Documents
Related Topic
Document Title
Configuring OSPF features IP Routing: OSPF Configuration Guide
Standards and RFCs Standard/RFC Document Title RFC 7166 RFC for Supporting Authentication Trailer for OSPFv3 RFC 6506 RFC for Supporting Authentication Trailer for OSPFv3 RFC 4552 RFC for Authentication/Confidentiality for OSPFv3
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 185
Feature History for OSPFv3 Authentication Trailer
Configuring OSPFv3 Authentication Trailer
Feature History for OSPFv3 Authentication Trailer
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1
OSPFv3 Authentication Trailer
OSPFv3 Authentication Trailer feature provides a mechanism to authenticate OSPFv3 protocol packets as an alternative to existing OSPFv3 IPsec authentication.
Cisco IOS XE Cupertino 17.7.1
OSPFv3 Authentication Trailer
Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 186
1 6 C H A P T E R
Configuring OSPFv3 BFD
· Information About OSPFv3 for BFD, on page 187 · How to Configure OSPFv3 for BFD, on page 187 · Example: Displaying OSPF Interface Information about BFD, on page 191 · Additional References, on page 192 · Feature History for OSPFv3 for BFD, on page 192
Information About OSPFv3 for BFD
The Bidirectional Forwarding Detection (BFD) protocol supports Open Shortest Path First version 3 (OSPFv3).
How to Configure OSPFv3 for BFD
Configuring BFD Support for OSPFv3
This section describes the procedures for configuring BFD support for OSPFv3, so that OSPFv3 is a registered protocol with BFD and will receive forwarding path detection failure messages from BFD. You can either configure BFD support for OSPFv3 globally on all interfaces or configure it selectively on one or more interfaces. There are two methods for enabling BFD support for OSPFv3:
· You can enable BFD for all of the interfaces for which OSPFv3 is routing by using the bfd all-interfaces command in router configuration mode. You can disable BFD support on individual interfaces using the ipv6 ospf bfd disable command in interface configuration mode.
· You can enable BFD for a subset of the interfaces for which OSPFv3 is routing by using the ipv6 ospf bfd command in interface configuration mode.
Note OSPF will only initiate BFD sessions for OSPF neighbors that are in the FULL state.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 187
Configuring Baseline BFD Session Parameters on the Interface
Configuring OSPFv3 BFD
Configuring Baseline BFD Session Parameters on the Interface
Repeat this task for each interface over which you want to run BFD sessions to BFD neighbors.
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3 Step 4
Device# configure terminal
interface type number Example:
Specifies an interface type and number, and places the device in interface configuration mode.
Device(config)# interface GigabitEthernet 0/0/0
bfd interval milliseconds min_rx
Enables BFD on the interface.
milliseconds multiplier interval-multiplier
Example:
Device(config-if)# bfd interval 50 min_rx 50 multiplier 5
Configuring BFD Support for OSPFv3 for All Interfaces
Before you begin
OSPFv3 must be running on all participating devices. The baseline parameters for BFD sessions on the interfaces over which you want to run BFD sessions to BFD neighbors must be configured.
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 188
Configuring OSPFv3 BFD
Configuring OSPF Support for BFD over IPv4 for One or More Interfaces
Step 3 Step 4 Step 5 Step 6
Step 7
Command or Action
Purpose
Device# configure terminal
ipv6 router ospf process-id [vrf vpn-name] Configures an OSPFv3 routing process. Example:
Device(config)# ipv6 router ospf 2
bfd all-interfaces Example:
Enables BFD for all interfaces participating in the routing process.
Device(config-router)# bfd all-interfaces
exit Example:
Enter this command twice to go to privileged EXEC mode.
Device(config-router)# exit
show bfd neighbors [vrf vrf-name] [client {bgp | eigrp | isis | ospf | rsvp | te-frr}] [ip-address | ipv6 ipv6-address] [details]
Example:
(Optional) Displays a line-by-line listing of existing BFD adjacencies.
Device# show bfd neighbors detail
show ipv6 ospf [process-id] [area-id] [rate-limit] Example:
(Optional) Displays general information about OSPFv3 routing processes.
Device# show ipv6 ospf
Configuring OSPF Support for BFD over IPv4 for One or More Interfaces
To configure BFD on one or more OSPF interfaces, perform the steps in this section.
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device>enable
configure terminal Example:
Enters global configuration mode.
Device#configure terminal
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 189
Configuring OSPF Support for BFD over IPv4 for One or More Interfaces
Configuring OSPFv3 BFD
Step 3 Step 4 Step 5 Step 6
Step 7
Command or Action interface type number Example:
Purpose Enters interface configuration mode.
Device(config)#interface fastethernet 6/0
ip ospf bfd [disable] Example:
Device(config-if)#ip ospf bfd
Enables or disables BFD on a per-interface basis for one or more interfaces that are associated with the OSPF routing process.
Note
Use the disable keyword only if
you enable BFD on all the
interfaces that OSPF is associated
with using the bfd all-interfaces
command in router configuration
mode.
end Example:
Exits interface configuration mode and returns the device to privileged EXEC mode.
Device(config-if)#end
show bfd neighbors [details] Example:
Device#show bfd neighbors details
(Optional) Displays information that can help verify if the BFD neighbor is active and displays the routing protocols that BFD has registered.
Note
If hardware-offloaded BFD
sessions are configured with Tx
and Rx intervals that are not
multiples of 50 ms, the hardware
intervals are changed. However,
output from the show bfd
neighbors details command
displays only the configured
intervals, not the interval values
that change.
show ip ospf Example:
Device#show ip ospf
(Optional) Displays information that can help verify if BFD support for OSPF has been enabled.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 190
Configuring OSPFv3 BFD
Retrieving BFDv6 Information for Monitoring and Troubleshooting
Retrieving BFDv6 Information for Monitoring and Troubleshooting
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2 Step 3
Device> enable
monitor event ipv6 static [enable | disable] Enables the use of event trace to monitor the
Example:
operation of the IPv6 static and IPv6 static BFDv6 neighbors.
Device# monitor event ipv6 static enable
show ipv6 static [ipv6-address |
Displays the BFDv6 status for a static route
ipv6-prefix/prefix-length] [interface type associated with a static BFDv6 neighbor.
number | recursive] [vrf vrf-name] [bfd] [detail
Example:
Step 4
Device# show ipv6 static vrf vrf1 detail
show ipv6 static [ipv6-address | ipv6-prefix/prefix-length] [interface type number | recursive] [vrf vrf-name] [bfd] [detail]
Example:
Displays static BFDv6 neighbors and associated static routes.
Step 5
Device# show ipv6 static vrf vrf1 bfd
debug ipv6 static Example:
Enables BFDv6 debugging.
Device# debug ipv6 static
Example: Displaying OSPF Interface Information about BFD
The following display shows that the OSPF interface is enabled for BFD:
Device# show ipv6 ospf interface
Serial10/0 is up, line protocol is up Link Local Address FE80::A8BB:CCFF:FE00:6500, Interface ID 42 Area 1, Process ID 1, Instance ID 0, Router ID 10.0.0.1 Network Type POINT_TO_POINT, Cost: 64 Transmit Delay is 1 sec, State POINT_TO_POINT, BFD enabled Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:07
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 191
Additional References
Configuring OSPFv3 BFD
Index 1/1/1, flood queue length 0 Next 0x0(0)/0x0(0)/0x0(0) Last flood scan length is 1, maximum is 1 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 10.1.0.1 Suppress hello for 0 neighbor(s)
Additional References
Related Documents
Related Topic
OSPFv3 for BFD
Standards and RFCs
Standard/RFC Title
RFCs for IPv6
IPv6 RFCs
Document Title
Bidirectional Forwarding Detection module
Feature History for OSPFv3 for BFD
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1
OSPFv3 BFD
The Bidirectional Forwarding Detection (BFD) protocol supports Open Shortest Path First version 3 (OSPFv3).
Cisco IOS XE Cupertino 17.7.1
OSPFv3 BFD
Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 192
1 7 C H A P T E R
Configuring OSPFv3 External Path Preference Option
· Information About OSPFv3 External Path Preference Option, on page 193 · Calculating OSPFv3 External Path Preferences per RFC 5340, on page 194 · Example: Calculating OSPFv3 External Path Preferences per RFC 5340, on page 194 · Additional References, on page 195 · Feature History for OSPFv3 External Path Preference Option, on page 195
Information About OSPFv3 External Path Preference Option
The Open Shortest Path First version 3 (OSPFv3) external path preference option feature provides a way to calculate external path preferences per RFC 5340.
OSPFv3 External Path Preference Option
Per RFC 5340, the following rules indicate which paths are preferred when multiple intra-AS paths are available to ASBRs or forwarding addresses:
· Intra-area paths using nonbackbone areas are always the most preferred. · The other paths, intraarea backbone paths and interarea paths, are of equal preference. These rules apply when the same ASBR is reachable through multiple areas, or when trying to decide which of several AS-external-LSAs should be preferred. In the former case the paths all terminate at the same ASBR, and in the latter the paths terminate at separate ASBRs or forwarding addresses. In either case, each path is represented by a separate routing table entry. This feature applies only when RFC 1583 compatibility is set to disabled using the no compatibility rfc1583 command (RFC 5340 provides an update to RFC 1583).
Caution To minimize the chance of routing loops, set identical RFC compatibility for all OSPF routers in an OSPF routing domain.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 193
Calculating OSPFv3 External Path Preferences per RFC 5340
Configuring OSPFv3 External Path Preference Option
Calculating OSPFv3 External Path Preferences per RFC 5340
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device# configure terminal
router ospfv3 [process-id] Example:
Enables OSPFv3 router configuration mode for the IPv4 or IPv6 address family.
Step 4
Device(config)# router ospfv3 1
no compatible rfc1583 Example:
Changes the method used to calculate external path preferences per RFC 5340.
Device(config-router)# no compatible rfc1583
Example: Calculating OSPFv3 External Path Preferences per RFC 5340
show ospfv3
Routing Process "ospfv3 1" with ID 10.1.1.1 SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 0. Checksum Sum 0x000000 Number of areas in this router is 1. 1 normal 0 stub 0 nssa Reference bandwidth unit is 100 mbps RFC 1583 compatibility disabled Area BACKBONE(0) (Inactive) Number of interfaces in this area is 1 SPF algorithm executed 1 times Number of LSA 1. Checksum Sum 0x00D03D Number of DCbitless LSA 0 Number of indication LSA 0
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 194
Configuring OSPFv3 External Path Preference Option
Additional References
Number of DoNotAge LSA 0 Flood list length 0
Additional References
Related Documents Related Topic IPv6 addressing and connectivity OSPFv3 External Path Preference Option
Standards and RFCs
Standard/RFC Title
RFCs for IPv6
IPv6 RFCs
Document Title IPv6 Configuration Guide Configuring OSPF module
Feature History for OSPFv3 External Path Preference Option
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1
OSPFv3 External Path Preference Option
The Open Shortest Path First version 3 (OSPFv3) external path preference option feature provides a way to calculate external path preferences per RFC 5340.
Cisco IOS XE Cupertino 17.7.1
OSPFv3 External Path Preference Option
Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 195
Feature History for OSPFv3 External Path Preference Option
Configuring OSPFv3 External Path Preference Option
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 196
1 8 C H A P T E R
Configuring OSPFv3 Max-Metric Router LSA
· Information About OSPFv3 Max-Metric Router LSA, on page 197 · Configuring the OSPFv3 Max-Metric Router LSA, on page 197 · Example: Verifying the OSPFv3 Max-Metric Router LSA, on page 198 · Additional References, on page 199 · Feature History for OSPFv3 Max-Metric Router LSA, on page 199
Information About OSPFv3 Max-Metric Router LSA
The Open Shortest Path First version 3 (OSPFv3) max-metric router link-state advertisement (LSA) feature enables OSPFv3 to advertise its locally generated router LSAs with a maximum metric. The feature allows OSPFv3 processes to converge but not attract transit traffic through the device if there are better alternate paths.
The max-metric LSA control places the OSPFv3 router into the stub router role using its LSA advertisement. A stub router only forwards packets destined to go to its directly connected links. In OSPFv3 networks, a device could become a stub router by advertising large metrics for its connected links, so that the cost of a path through this device becomes larger than that of an alternative path. OSPFv3 stub router advertisement allows a device to advertise the infinity metric (0xFFFF) for its connected links in router LSAs and advertise the normal interface cost if the link is a stub network.
Configuring the OSPFv3 Max-Metric Router LSA
Procedure
Step 1
Command or Action enable Example:
Step 2
Device> enable
configure terminal Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Enters global configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 197
Example: Verifying the OSPFv3 Max-Metric Router LSA
Configuring OSPFv3 Max-Metric Router LSA
Step 3 Step 4 Step 5
Step 6 Step 7
Command or Action
Purpose
Device# configure terminal
router ospfv3 process-id Example:
Enables OSPFv3 router configuration mode.
Device(config)# router ospfv3 1
address-family ipv6 unicast Example:
Configures an instance of the OSPFv3 process in the IPv6 address family.
Device(config)# address-family ipv6 unicast
max-metric router-lsa [external-lsa [max-metric-value]] [include-stub] [inter-area-lsas [max-metric-value]] [on-startup {seconds | wait-for-bgp}] [prefix-lsa] [stub-prefix-lsa [max-metric-value]] [summary-lsa [max-metric-value]]
Example:
Configures a device that is running the OSPFv3 protocol to advertise a maximum metric so that other devices do not prefer the device as an intermediate hop in their SPF calculations.
Device(config-router-af)# max-metric router-lsa on-startup wait-for-bgp
end Example:
Exits address family configuration mode and returns to privileged EXEC mode.
Device(config-router-af)# end
show ospfv3 [process-id] max-metric Example:
Displays OSPFv3 maximum metric origination information.
Device# show ospfv3 1 max-metric
Example: Verifying the OSPFv3 Max-Metric Router LSA
Device#show ipv6 ospf max-metric
OSPFv3 Router with ID (192.1.1.1) (Process ID 1)
Start time: 00:00:05.886, Time elapsed: 3d02h Originating router-LSAs with maximum metric Condition: always, State: active
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 198
Configuring OSPFv3 Max-Metric Router LSA
Additional References
Additional References
Related Documents Related Topic IPv6 addressing and connectivity OSPFv3 Max-Metric Router LSA
Standards and RFCs
Standard/RFC Title
RFCs for IPv6
IPv6 RFCs
Document Title
IPv6 Configuration Guide
"OSPF Link-State Advertisement Throttling " module
Feature History for OSPFv3 Max-Metric Router LSA
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1
OSPFv3 Max-Metric Router LSA
The Open Shortest Path First version 3 (OSPFv3) max-metric router link-state advertisement (LSA) feature enables OSPFv3 to advertise its locally generated router LSAs with a maximum metric.
Cisco IOS XE Cupertino 17.7.1
OSPFv3 Max-Metric Router LSA
Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 199
Feature History for OSPFv3 Max-Metric Router LSA
Configuring OSPFv3 Max-Metric Router LSA
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 200
1 9 C H A P T E R
Configuring OSPFv3 Demand Circuit Ignore
· Information About Demand Circuit Ignore Support, on page 201 · Configuring Demand Circuit Ignore Support for OSPFv3, on page 201 · Example: Demand Circuit Ignore Support for OSPFv3, on page 202 · Additional References for OSPFv3 Demand Circuit Ignore, on page 202 · Feature History for OSPFv3 Demand Circuit Ignore, on page 203
Information About Demand Circuit Ignore Support
Demand Circuit Ignore Support enables you to prevent an interface from accepting demand-circuit requests from other devices by specifying the ignore keyword in the ipv6 ospf demand-circuit command. Demand circuit ignore instructs the router not to accept Demand Circuit (DC) negotiation and is a useful configuration option on the point-to-multipoint interface of the Hub router.
Configuring Demand Circuit Ignore Support for OSPFv3
Procedure
Step 1
Command or Action enable Example:
Step 2
Device> enable
configure terminal Example:
Step 3
Device# configure terminal
interface type number Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Enters global configuration mode.
Configures an interface type and number and enters interface configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 201
Example: Demand Circuit Ignore Support for OSPFv3
Configuring OSPFv3 Demand Circuit Ignore
Step 4
Step 5 Step 6
Command or Action
Purpose
Device(config)# interface GigabitEthernet 0/1/0
Enter one of the following commands: · ipv6 ospf demand-circuit ignore · ospfv3 demand-circuit ignore
Example:
Prevents an interface from accepting demand-circuit requests from other devices.
Device(config-if)# ipv6 ospf demand-circuit ignore
Example:
Device(config-if)# ospfv3 demand-circuit ignore
end Example:
Returns to privileged EXEC mode.
Device(config-if)# end
show ospfv3 process-id [area-id] [address-family] [vrf {vrf-name |* }] interface [type number] [brief]
Example:
(Optional) Displays OSPFv3-related interface information.
Device# show ospfv3 interface GigabitEthernet 0/1/0
Example: Demand Circuit Ignore Support for OSPFv3
The following example shows how to configure demand circuit ignore support for OSPFv3:
Device#interface Serial0/0 ip address 6.1.1.1 255.255.255.0 ipv6 enable ospfv3 network point-to-multipoint ospfv3 demand-circuit ignore ospfv3 1 ipv6 area 0
Additional References for OSPFv3 Demand Circuit Ignore
The following sections provide references related to the OSPFv3 Demand Circuit Ignore feature.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 202
Configuring OSPFv3 Demand Circuit Ignore
Feature History for OSPFv3 Demand Circuit Ignore
Related Documents
Related Topic
Document Title
OSPF configuration tasks "Configuring OSPF"
OSPF commands
Cisco IOS IP Routing: OSPF Command Reference
Technical Assistance
Description
Link
The Cisco Support and Documentation website provides http://www.cisco.com/cisco/web/support/index.html online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.
Feature History for OSPFv3 Demand Circuit Ignore
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1
OSPFv3 Demand Circuit Ignore
Demand Circuit Ignore Support enables you to prevent an interface from accepting demand-circuit requests from other devices by specifying the ignore keyword in the ipv6 ospf demand-circuit command.
Cisco IOS XE Cupertino 17.7.1
OSPFv3 Demand Circuit Ignore
Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 203
Feature History for OSPFv3 Demand Circuit Ignore
Configuring OSPFv3 Demand Circuit Ignore
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 204
2 0 C H A P T E R
Configuring Prefix Suppression Support for OSPFv3
· Prefix Suppression Support for OSPFv3, on page 205 · Prerequisites for Prefix Suppression Support for OSPFv3, on page 205 · Information About Prefix Suppression Support for OSPFv3, on page 205 · How to Configure Prefix Suppression Support for OSPFv3, on page 206 · Configuration Example: Configuring Prefix Suppression Support for OSPFv3, on page 210 · Feature History for Prefix Suppression Support for OSPFv3, on page 211
Prefix Suppression Support for OSPFv3
This feature enables Open Shortest Path First version 3 (OSPFv3) to hide the IPv4 and IPv6 prefixes of connected networks from link-state advertisements (LSAs). When OSPFv3 is deployed in large networks, limiting the number of IPv4 and IPv6 prefixes that are carried in the OSPFv3 LSAs can speed up OSPFv3 convergence. This feature can also be utilized to enhance the security of an OSPFv3 network by allowing the network administrator to prevent IP routing toward internal nodes.
Prerequisites for Prefix Suppression Support for OSPFv3
Before you can use the mechanism to exclude IPv4 and IPv6 prefixes from LSAs, the OSPFv3 routing protocol must be configured.
Information About Prefix Suppression Support for OSPFv3
The following sections provide information about prefix suppression support for OSPFv3
OSPFv3 Prefix Suppression Support
The OSPFv3 Prefix Suppression Support feature allows you to hide IPv4 and IPv6 prefixes that are configured on interfaces running OSPFv3.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 205
Globally Suppress IPv4 and IPv6 Prefix Advertisements by Configuring the OSPFv3 Process
Configuring Prefix Suppression Support for OSPFv3
In OSPFv3, addressing semantics have been removed from the OSPF protocol packets and the main LSA types, leaving a network-protocol-independent core. This means that Router-LSAs and network-LSAs no longer contain network addresses, but simply express topology information. The process of hiding prefixes is simpler in OSPFv3 and suppressed prefixes are simply removed from the intra-area-prefix-LSA. Prefixes are also propagated in OSPFv3 via link LSAs The OSPFv3 Prefix Suppression feature provides a number of benefits.The exclusion of certain prefixes from adverstisements means that there is more memory available for LSA storage, bandwidth and buffers for LSA flooding, and CPU cycles for origination and flooding of LSAs and for SPF computation. Prefixes are also filtered from link LSAs. A device only filters locally configured prefixes, not prefixes learnt via link LSAs. In addition, security has been improved by reducing the possiblity of remote attack with the hiding of transit-only networks.
Globally Suppress IPv4 and IPv6 Prefix Advertisements by Configuring the OSPFv3 Process
You can reduce OSPFv3 convergence time by configuring the OSPFv3 process on a device to prevent the advertisement of all IPv4 and IPv6 prefixes by using the prefix-suppression command in router configuration mode or address-family configuration mode.
Note Prefixes that are associated with loopbacks, secondary IP addresses, and passive interfaces are not suppressed by the router mode or the address-family configuration commands because typical network designs require prefixes to remain reachable.
Suppress IPv4 and IPv6 Prefix Advertisements on a Per-Interface Basis
You can explicitly configure an OSPFv3 interface not to advertise its IP network to its neighbors by using the ipv6 ospf prefix-suppression command or the ospfv3 prefix-suppression command in interface configuration mode.
Note If you have globally suppressed IPv4 and IPv6 prefixes from connected IP networks by configuring the prefix-suppression router configuration command, the interface configuration command takes precedence over the router configuration command.
How to Configure Prefix Suppression Support for OSPFv3
The following sections provide configuration examples for prefix suppression support for OSPFv3.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 206
Configuring Prefix Suppression Support for OSPFv3
Configuring Prefix Suppression Support of the OSPFv3 Process
Configuring Prefix Suppression Support of the OSPFv3 Process
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device# configure terminal
router ospfv3 process-id [vrf vpn-name] Configures an OSPFv3 routing process and
Example:
enters router configuration mode.
Step 4 Step 5
Device(config)# router ospfv3 23
prefix-suppression
Prevents OSPFv3 from advertising all IPv4 and
Example:
IPv6 prefixes, except prefixes that are associated with loopbacks, secondary IP addresses, and
passive interfaces.
Device(config-router)# prefix-suppression
end Example:
Returns to privileged EXEC mode.
Step 6
Device(config-router)# end
show ospfv3 Example:
Device# show ospfv3
Displays general information about OSPFv3 routing processes.
Note
Use this command to verify that
IPv4 and IPv6 prefix suppression
has been enabled.
Configuring Prefix Suppression Support of the OSPFv3 Process in Address-Family Configuration Mode
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 207
Configuring Prefix Suppression Support on a Per-Interface Basis
Configuring Prefix Suppression Support for OSPFv3
Step 2 Step 3 Step 4 Step 5 Step 6 Step 7
Command or Action
Purpose
Device> enable
configure terminal Example:
Enters global configuration mode.
Device# configure terminal
router ospfv3 process-id [vrf vpn-name] Configures an OSPFv3 routing process and
Example:
enters router configuration mode.
Device(config)# router ospfv3 23
address-family ipv6 unicast
Example:
Device(config-router)# address-family ipv6 unicast
Enters IPv6 address family configuration mode for OSPFv3.
prefix-suppression Example:
Device(config-router-af)# prefix-suppression
Prevents OSPFv3 from advertising all IPv4 and IPv6 prefixes, except prefixes that are associated with loopbacks, secondary IP addresses, and passive interfaces.
end Example:
Returns to privileged EXEC mode.
Device(config-router-af)# end
show ospfv3 Example:
Device# show ospfv3
Displays general information about OSPFv3 routing processes.
Note
Use this command to verify that
IPv4 and IPv6 prefix suppression
has been enabled.
Configuring Prefix Suppression Support on a Per-Interface Basis
Procedure
Step 1
Command or Action enable Example:
Device> enable
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 208
Configuring Prefix Suppression Support for OSPFv3
Troubleshooting IPv4 and IPv6 Prefix Suppression
Step 2 Step 3 Step 4
Step 5 Step 6
Command or Action configure terminal Example:
Purpose Enters global configuration mode.
Device# configure terminal
interface type number Example:
Configures an interface type and enters interface configuration mode.
Device(config)# interface serial 0/0
Do one of the following: · ipv6 ospf prefix-suppression [disable] · ospfv3 prefix-suppression disable
Example:
Device(config-if)# ipv6 ospf prefix-suppression
Example:
Device(config-if)# ospfv3 1 prefix-suppression disable
Prevents OSPFv3 from advertising IPv4 and IPv6 prefixes that belong to a specific interface, except those that are associated with secondary IP addresses.
· When you enter the ipv6 ospf prefix-suppression command or the ospfv3 prefix-suppression command in interface configuration mode, it takes precedence over the prefix-suppression command that is entered in router configuration mode.
end Example:
Returns to privileged EXEC mode.
Device(config-if)# end
show ospfv3 interface Example:
Device# show ospfv3 interface
Displays OSPFv3-related interface information.
Note
Use this command to verify that
IPv4 and IPv6 prefix suppression
has been enabled for a specific
interface.
Troubleshooting IPv4 and IPv6 Prefix Suppression
Procedure
Step 1
Command or Action enable Example:
Device> enable
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 209
Configuration Example: Configuring Prefix Suppression Support for OSPFv3
Configuring Prefix Suppression Support for OSPFv3
Step 2 Step 3 Step 4 Step 5
Command or Action debug ospfv3 lsa-generation Example:
Purpose
Displays informations about each OSPFv3 LSA that is generated.
Device# debug ospfv3 lsa-generation
debug condition interface interface-type Limits output for some debug commands on interface-number [dlci dlci] [vc {vci | vpi | vci}] the basis of the interface or virtual circuit. Example:
Device# debug condition interface serial 0/0
show debugging Example:
Displays information about the types of debugging that are enabled for your device.
Device# show debugging
show logging [slot slot-number | summary] Displays the state of syslog and the contents of
Example:
the standard system logging buffer.
Device# show logging
Configuration Example: Configuring Prefix Suppression Support for OSPFv3
router ospfv3 1 prefix-suppression ! address-family ipv6 unicast router-id 0.0.0.6 exit-address-family
The following example shows how to configure prefix suppression support for OSPFv3 in address-family configuration mode:
router ospfv3 1 ! address-family ipv6 unicast router-id 10.0.0.6 prefix-suppression exit-address-family
The following example shows how to configure prefix suppression support for OSPFv3 in interface configuration mode:
interface Ethernet0/0 ip address 10.0.0.1 255.255.255.0 ipv6 address 2001:201::201/64
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 210
Configuring Prefix Suppression Support for OSPFv3
Feature History for Prefix Suppression Support for OSPFv3
ipv6 enable ospfv3 prefix-suppression ospfv3 1 ipv4 area 0 ospfv3 1 ipv6 area 0 end
Feature History for Prefix Suppression Support for OSPFv3
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1
Prefix Suppression Support for OSPFv3
Prefix Suppression Support for OSPFv3 feature enables Open Shortest Path First version 3 (OSPFv3) to hide the IPv4 and IPv6 prefixes of connected networks from link-state advertisements (LSAs).
Cisco IOS XE Cupertino 17.7.1
Prefix Suppression Support Support for this feature was
for OSPFv3
introduced on the Cisco Catalyst
9600 Series Supervisor 2 Module.
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 211
Feature History for Prefix Suppression Support for OSPFv3
Configuring Prefix Suppression Support for OSPFv3
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 212
2 1 C H A P T E R
Configuring Graceful Shutdown Support for OSPFv3
· Information About Graceful Shutdown for OSPFv3, on page 213 · How to Configure Graceful Shutdown Support for OSPFv3, on page 213 · Configuration Examples for Graceful Shutdown Support for OSPFv3, on page 215 · Additional References for Graceful Shutdown Support for OSPFv3, on page 216 · Feature History for Graceful Shutdown Support for OSPFv3, on page 217
Information About Graceful Shutdown for OSPFv3
The Graceful Shutdown for OSPFv3 feature provides the ability to temporarily shut down the OSPFv3 protocol in the least disruptive manner and to notify its neighbors that it is going away. All traffic that has another path through the network will be directed to that alternate path. A graceful shutdown of the OSPFv3 protocol can be initiated using the shutdown command in router configuration mode or in address family configuration mode.
This feature also provides the ability to shut down OSPFv3 on a specific interface. In this case, OSPFv3 will not advertise the interface or form adjacencies over it; however, all of the OSPFv3 interface configuration will be retained. To initiate a graceful shutdown of an interface, use the ipv6 ospf shutdown or the ospfv3 shutdown command in interface configuration mode.
How to Configure Graceful Shutdown Support for OSPFv3
Configuring Graceful Shutdown of the OSPFv3 Process
Procedure
Step 1
Command or Action enable Example:
Device>enable
Purpose Enables privileged EXEC mode. Enter your password if prompted.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 213
Configuring Graceful Shutdown of the OSPFv3 Process in Address-Family Configuration Mode
Configuring Graceful Shutdown Support for OSPFv3
Step 2 Step 3
Step 4 Step 5 Step 6
Command or Action configure terminal Example:
Device#configure terminal
Do one of the following: · ipv6 router ospf process-id · router ospfv3 process-id
Example:
Device(config)#ipv6 router ospf 1
Example:
Device(config)#router ospfv3 101
shutdown Example:
Device(config-router)#shutdown
end Example:
Device(config-router)#end
Do one of the following: · show ipv6 ospf [process-id] · show ospfv3 [process-id]
Example:
Device#show ipv6 ospf
Example:
Device#show ospfv3
Purpose Enters global configuration mode.
Enables OSPFv3 routing and enters router configuration mode.
Shuts down the selected interface.
Returns to privileged EXEC mode.
(Optional) Displays general information about OSPFv3 routing processes.
Configuring Graceful Shutdown of the OSPFv3 Process in Address-Family Configuration Mode
Procedure
Step 1
Command or Action enable Example:
Device>enable
Purpose Enables privileged EXEC mode. Enter your password if prompted.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 214
Configuring Graceful Shutdown Support for OSPFv3
Configuration Examples for Graceful Shutdown Support for OSPFv3
Step 2 Step 3 Step 4 Step 5 Step 6 Step 7
Command or Action configure terminal Example:
Purpose Enters global configuration mode.
Device#configure terminal
router ospfv3 [process-id] Example:
Enables router configuration mode for the IPv6 address family.
Device(config)#router ospfv3 1
address-family ipv6 unicast [vrf vrf-name] Enters IPv6 address family configuration mode
Example:
for OSPFv3.
Device(config-router)#address-family ipv6
shutdown Example:
Shuts down the selected interface.
Device(config-router-af)#shutdown
end Example:
Returns to privileged EXEC mode.
Device(config-router-af)#end
show ospfv3 [process-id] Example:
Device#show ospfv3
(Optional) Displays general information about OSPFv3 routing processes.
Configuration Examples for Graceful Shutdown Support for OSPFv3
The following sections provide the various configuration examples for graceful shutdown support for OSPFv3.
Example: Configuring Graceful Shutdown of the OSPFv3 Process
The following example shows how to configure graceful shutdown of the OSPFv3 process in IPv6 router OSPF configuration mode configuration mode:
ipv6 router ospf 6 router-id 10.10.10.10 shutdown
The following example shows how to configure graceful shutdown of the OSPFv3 process in router OSPFv3 configuration mode:
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 215
Example: Configuring Graceful Shutdown of the OSPFv3 Interface
Configuring Graceful Shutdown Support for OSPFv3
! router ospfv3 1
shutdown ! address-family ipv6 unicast
exit-address-family
The following example shows how to configure graceful shutdown of the OSPFv3 process in address-family configuration mode:
! router ospfv3 1
! address-family ipv6 unicast
shutdown exit-address-family
Example: Configuring Graceful Shutdown of the OSPFv3 Interface
The following example shows how to configure graceful shutdown of the OSPFv3 interface using the ipv6 ospf shutdown command:
! interface Serial2/1
no ip address ipv6 enable ipv6 ospf 6 area 0 ipv6 ospf shutdown serial restart-delay 0 end
The following example shows how to configure graceful shutdown of the OSPFv3 interface using the ospfv3 shutdown command:
! interface Serial2/0
ip address 10.10.10.10 255.255.255.0 ip ospf 1 area 0 ipv6 enable ospfv3 shutdown ospfv3 1 ipv6 area 0 serial restart-delay 0 end
Additional References for Graceful Shutdown Support for OSPFv3
Related Documents
Related Topic Document Title
Configuring OSPF "Configuring OSPF"
OSPF commands Cisco IOS IP Routing: OSPF Command Reference
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 216
Configuring Graceful Shutdown Support for OSPFv3
Feature History for Graceful Shutdown Support for OSPFv3
Feature History for Graceful Shutdown Support for OSPFv3
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1
Graceful Shutdown Support for OSPFv3
Graceful Shutdown Support for OSPFv3 feature provides the ability to temporarily shut down an Open Shortest Path First version 3 (OSPFv3) process or interface in the least disruptive manner, and to notify its neighbors that it is going away
Cisco IOS XE Cupertino 17.7.1
Graceful Shutdown Support for OSPFv3
Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 217
Feature History for Graceful Shutdown Support for OSPFv3
Configuring Graceful Shutdown Support for OSPFv3
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 218
2 2 C H A P T E R
Configuring NSSA for OSPFv2
· Information About Configuring NSSA for OSPF, on page 219 · How to Configure NSSA for OSPF, on page 222 · Configuration Examples for OSPF NSSA , on page 225 · Additional References for OSPF Not-So-Stubby Areas (NSSA), on page 234 · Feature History for NSSA for OSPFv2, on page 234
Information About Configuring NSSA for OSPF
Characteristics of RFC 3101
RFC 3101 describes the following features: · Provides an option of importing OSPF summary routes into a Not-So-Stubby Area (NSSA) as Type-3 summary-Link State Advertisement (LSA). · Refines the setting of the forwarding address in Type-7 LSAs. · Revises the Type-7 external route calculation. · Strengthens the process of translating Type-7 LSAs into Type-5 LSAs. · Modifies the process of flushing translated Type-7 LSAs. · Defines the P-bit (propagate bit) default as clear.
RFC 1587 Compliance
RFC 3101 compliance is automatically enabled on the devices. Use the compatible rfc1587 command in router configuration mode to revert to route selection that is based on RFC 1587. When you configure the device to be compatible with RFC 1587, the device performs the following actions:
· Reverts the route selection process to RFC 1587. · Configures Autonomous System Border Router (ASBR) to configure the P (propagate bit) and
zero-forwarding address. · Disables always translating Area Border Router (ABR).
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 219
ABR as NSSA Link State Advertisement Translator
Configuring NSSA for OSPFv2
ABR as NSSA Link State Advertisement Translator
Use the Not-So-Stubby Area (NSSA) for Open Shortest Path First version 2 (OSPFv2) feature to simplify administration in a network that connects a central site that uses OSPF to a remote site that is using a different routing protocol.
When the NSSA feature was not implemented, the connection between the border device at the corporate site and the remote device was not established as an OSPF stub area due to following reasons:
· Routes for the remote site were not redistributed into the stub area.
· Two routing protocols had to be maintained.
A protocol such as Routing Information Protocol (RIP) is run to handle the redistribution.
By implementing NSSA, you can extend OSPF to include the remote connection by defining the area between the border device at the corporate site and the remote device as an NSSA.
As with OSPF stub areas, NSSA areas cannot be injected with distributed routes via Type 5 Link State Advertisement (LSA). Route redistribution into an NSSA area is possible only with Type 7 LSA. An NSSA Autonomous System Border Router (ASBR) generates the Type 7 LSA , and an NSSA Area Border Router (ABR) translates the Type 7 LSA into a Type 5 LSA. These LSAs can be flooded throughout the OSPF routing domain. Route summarization and filtering are supported during the translation.
Route summarization is the consolidation of advertised addresses. This feature enables an ABR to advertise a single summary route to other areas. If the network numbers in an area are assigned in a way such that they are contiguous, you can configure the ABR to advertise a summary route that covers all the individual networks within the area that fall into the specified range.
When routes from other protocols are redistributed to OSPF area, each route is advertised individually in an external LSA. However, you can configure the Cisco IOS software to advertise a single route with a specified network address and mask for all the redistributed routes that are covered by a specified network address and mask. Thus, the size of the OSPF link-state database decreases.
RFC 3101 allows you to configure an NSSA ABR device as a forced NSSA LSA translator.
Note Even a forced translator might not translate all LSAs; translation depends on the content of each LSA.
The figure below shows a network diagram in which OSPF Area 1 is defined as the stub area. The Enhanced Interior Gateway Routing Protocol (EIGRP) routes are not propagated into the OSPF domain because routing redistribution is not allowed in the stub area. However, once OSPF Area 1 is defined as an NSSA, an NSSA ASBR can include the EIGRP routes to the OSPF NSSA by generating Type 7 LSAs.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 220
Configuring NSSA for OSPFv2 Figure 8: OSPF NSSA
ABR as NSSA Link State Advertisement Translator
The redistributed routes from the RIP device are not allowed into OSPF Area 1 because NSSA is an extension to the stub area. The stub area characteristics still exist, including the exclusion of Type 5 LSAs.
The figure below shows the OSPF stub network with NSSA Area 1. The redistributed routes that Device 4 is propagating from the two RIP networks is translated into Type 7 LSAs by NSSA ASBR Device 3. Device 2, which is configured to be the NSSA ABR, translates the Type 7 LSAs back to Type 5 so that they can be flooded through the rest of the OSPF stub network within OSPF Area 0.
Figure 9: OSPF NSSA Network with NSSA ABR and ASBR Devices
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 221
How to Configure NSSA for OSPF
Configuring NSSA for OSPFv2
How to Configure NSSA for OSPF
Configuring an OSPFv2 NSSA Area and Its Parameters
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Step 2
Device>enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device#configure terminal
router ospf process-id Example:
Device(config)#router ospf 10
Enables OSPF routing and enters router configuration mode.
· The process-id argument identifies the OSPF process. The range is from 1 to 65535.
Step 4
redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [autonomous-system-number] [metric {metric-value | transparent}] [metric-type type-value] [match {internal | external 1 | external 2}] [tag tag-value] [route-map map-tag] [subnets] [nssa-only]
Redistributes routes from one routing domain to another routing domain.
· In the example, Routing Information Protocol (RIP) subnets are redistributed into the OSPF domain.
Example:
Step 5
Device(config-router)#redistribute rip subnets
network ip-address wildcard-mask area area-id
Example:
Defines the interfaces on which OSPF runs and the area ID for those interfaces.
Step 6
Device(config-router)#network 192.168.129.11 0.0.0.255 area 1
area area-id nssa [no-redistribution] [default-information-originate [metric] [metric-type]] [no-summary] [nssa-only]
Example:
Configures a Not-So-Stubby Area (NSSA) area.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 222
Configuring NSSA for OSPFv2
Configuring an NSSA ABR as a Forced NSSA LSA Translator
Step 7
Command or Action
Purpose
Device(config-router)#area 1 nssa
summary-address prefix mask [not-advertise] Controls the route summarization and filtering
[tag tag] [nssa-only]
during the translation and limits the summary
Example:
to NSSA areas.
Device(config-router)#summary-address 10.1.0.0 255.255.0.0 not-advertise
Step 8
end Example:
Device(config-router)#end
Exits router configuration mode and returns to privileged EXEC mode.
Configuring an NSSA ABR as a Forced NSSA LSA Translator
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Step 2
Device>enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device#configure terminal
router ospf process-id Example:
Device(config)#router ospf 1
Enables OSPF routing and enters router configuration mode.
· The process-id argument identifies the OSPF process. The range is from 1 to 65535.
Step 4
area area-id nssa translate type7 always Configures a Not-So-Stubby Area Area Border
Example:
Router (NSSA ABR) device as a forced NSSA Link State Advertisement (LSA) translator.
Device(config-router)#area 10 nssa translate type7 always
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 223
Disabling RFC 3101 Compatibility and Enabling RFC 1587 Compatibility
Configuring NSSA for OSPFv2
Command or Action
Step 5
area area-id nssa translate type7 suppress-fa Example:
Device(config-router)#area 10 nssa translate type7 suppress-fa
Step 6
end Example:
Device(config-router)#end
Purpose Note
You can use the always keyword in the area nssa translate command to configure an NSSA ABR device as a forced NSSA LSA translator. This command can be used if RFC 3101 is disabled and RFC 1587 is used.
Allows ABR to suppress the forwarding address in translated Type-5 LSA.
Exits router configuration mode and returns to privileged EXEC mode.
Disabling RFC 3101 Compatibility and Enabling RFC 1587 Compatibility
Procedure
Step 1
Command or Action enable Example:
Step 2
Device>enable
configure terminal Example:
Step 3
Device#configure terminal
router ospf process-id Example:
Device(config)#router ospf 1
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Enters global configuration mode.
Enables OSPF routing and enters router configuration mode.
· The process-id argument identifies the OSPF process.
· Use router ospf process-id command to enable OSPFv2 routing.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 224
Configuring NSSA for OSPFv2
Configuration Examples for OSPF NSSA
Step 4 Step 5
Command or Action compatible rfc1587 Example:
Purpose Enables the device to be RFC 1587 compliant.
Device(config-router)#compatible rfc1587
end Example:
Exits router configuration mode and returns to privileged EXEC mode.
Device(config-router)#end
Configuration Examples for OSPF NSSA
Example: Configuring OSPF NSSA
In the following example, an Open Shortest Path First (OSPF) stub network is configured to include OSPF Area 0 and OSPF Area 1, using five devices. Device 3 is configured as the NSSA Autonomous System Border Router (ASBR). Device 2 configured to be the NSSA Area Border Router (ABR). OSPF Area 1 is defined as a Not-So-Stubby Area (NSSA).
Device 1
Device#hostname Device1 ! interface Loopback1
ip address 10.1.0.1 255.255.255.255 ! interface Ethernet0/0
ip address 192.168.0.1 255.255.255.0 ip ospf 1 area 0 no cdp enable ! interface Serial10/0 description Device2 interface s11/0 ip address 192.168.10.1 255.255.255.0 ip ospf 1 area 1 serial restart-delay 0 no cdp enable ! router ospf 1 area 1 nssa ! end
Device 2
Device#hostname Device2 ! ! interface Loopback1
ip address 10.1.0.2 255.255.255.255 ! interface Serial10/0
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 225
Example: Configuring OSPF NSSA
description Device1 interface s11/0 no ip address shutdown serial restart-delay 0 no cdp enable ! interface Serial11/0 description Device1 interface s10/0 ip address 192.168.10.2 255.255.255.0 ip ospf 1 area 1 serial restart-delay 0 no cdp enable ! interface Serial14/0 description Device3 interface s13/0 ip address 192.168.14.2 255.255.255.0 ip ospf 1 area 1 serial restart-delay 0 no cdp enable ! router ospf 1 area 1 nssa ! end
Device 3
Device#hostname Device3 ! interface Loopback1
ip address 10.1.0.3 255.255.255.255 ! interface Ethernet3/0
ip address 192.168.3.3 255.255.255.0 no cdp enable ! interface Serial13/0 description Device2 interface s14/0 ip address 192.168.14.3 255.255.255.0 ip ospf 1 area 1 serial restart-delay 0 no cdp enable ! router ospf 1 log-adjacency-changes area 1 nssa redistribute rip subnets ! router rip version 2 redistribute ospf 1 metric 15 network 192.168.3.0 end
Device 4
Device#hostname Device4 ! interface Loopback1
ip address 10.1.0.4 255.255.255.255 ! interface Ethernet3/0
ip address 192.168.3.4 255.255.255.0
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 226
Configuring NSSA for OSPFv2
Configuring NSSA for OSPFv2
Example: OSPF NSSA Area with RFC 3101 Disabled and RFC 1587 Active
no cdp enable ! interface Ethernet4/1
ip address 192.168.41.4 255.255.255.0 ! router rip
version 2 network 192.168.3.0 network 192.168.41.0 ! end
Device 5
Device#hostname Device5 ! interface Loopback1
ip address 10.1.0.5 255.255.255.255 ! interface Ethernet0/0
ip address 192.168.0.10 255.255.255.0 ip ospf 1 area 0 no cdp enable ! interface Ethernet1/1 ip address 192.168.11.10 255.255.255.0 ip ospf 1 area 0 ! router ospf 1 ! end
Example: OSPF NSSA Area with RFC 3101 Disabled and RFC 1587 Active
In the following example, the output for the show ip ospf and show ip ospf database nssa commands shows an Open Shortest Path First Not-So-Stubby Area (OSPF NSSA) area where RFC 3101 is disabled, RFC 1587 is active, and an NSSA Area Border Router (ABR) device is configured as a forced NSSA LSA translator. If RFC 3101 is disabled, the forced NSSA LSA translator remains inactive.
Device#show ip ospf
Routing Process "ospf 1" with ID 10.0.2.1 Start time: 00:00:25.512, Time elapsed: 00:01:02.200 Supports only single TOS(TOS0) routes Supports opaque LSA Supports Link-local Signaling (LLS) Supports area transit capability Supports NSSA (compatible with RFC 1587) Event-log enabled, Maximum number of events: 1000, Mode: cyclic Router is not originating router-LSAs with maximum metric Initial SPF schedule delay 5000 msecs Minimum hold time between two consecutive SPFs 10000 msecs Maximum wait time between two consecutive SPFs 10000 msecs Incremental-SPF disabled Minimum LSA interval 5 secs Minimum LSA arrival 1000 msecs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 0. Checksum Sum 0x000000 Number of opaque AS LSA 0. Checksum Sum 0x000000
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 227
Example: OSPF NSSA Area with RFC 3101 Disabled and RFC 1587 Active
Configuring NSSA for OSPFv2
Number of DCbitless external and opaque AS LSA 0 Number of DoNotAge external and opaque AS LSA 0 Number of areas in this router is 1. 0 normal 0 stub 1 nssa Number of areas transit capable is 0 External flood list length 0 IETF NSF helper support enabled Cisco NSF helper support enabled Reference bandwidth unit is 100 mbps Area 1 Number of interfaces in this area is 1 It is a NSSA area Configured to translate Type-7 LSAs, inactive (RFC3101 support disabled) Area has no authentication SPF algorithm last executed 00:00:07.160 ago SPF algorithm executed 3 times Area ranges are Number of LSA 3. Checksum Sum 0x0245F0 Number of opaque link LSA 0. Checksum Sum 0x000000 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0
The table below describes the show ip ospf display fields and their descriptions.
Table 12: show ip ospf Field Descriptions
Field
Supports NSSA (compatible with RFC 1587)
Configured to translate Type-7 LSAs, inactive (RFC3101 support disabled)
Description
Specifies that RFC 1587 is active or that the OSPF NSSA area is RFC 1587 compatible.
Specifies that OSPF NSSA area has an ABR device configured to act as a forced translator of Type 7 LSAs. However, it is inactive because RFC 3101 is disabled
Device2# show ip ospf database nssa
Router Link States (Area 1) LS age: 28 Options: (No TOS-capability, DC) LS Type: Router Links Link State ID: 10.0.2.1 Advertising Router: 10.0.2.1 LS Seq Number: 80000004 Checksum: 0x5CA2 Length: 36 Area Border Router AS Boundary Router Unconditional NSSA translator Number of Links: 1 Link connected to: a Stub Network (Link ID) Network/subnet number: 192.0.2.5 (Link Data) Network Mask: 255.255.255.0 Number of MTID metrics: 0 TOS 0 Metrics: 10
The table below describes the show ip ospf database nssa display fields and their descriptions.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 228
Configuring NSSA for OSPFv2
Example: Verifying OSPF NSSA
Table 13: show ip ospf database nssa Field Descriptions
Field
Description
Unconditional NSSA translator Specifies that NSSA ASBR device is a forced NSSA LSA translator
Example: Verifying OSPF NSSA
The following is sample output from the show ip ospf command. The output displays that OSPF Area 1 is an NSSA area.
Device2#show ip ospf
Routing Process "ospf 1" with ID 10.1.0.2 Start time: 00:00:01.392, Time elapsed: 12:03:09.480 Supports only single TOS(TOS0) routes Supports opaque LSA Supports Link-local Signaling (LLS) Supports area transit capability Router is not originating router-LSAs with maximum metric Initial SPF schedule delay 5000 msecs Minimum hold time between two consecutive SPFs 10000 msecs Maximum wait time between two consecutive SPFs 10000 msecs Incremental-SPF disabled Minimum LSA interval 5 secs Minimum LSA arrival 1000 msecs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 0. Checksum Sum 0x000000 Number of opaque AS LSA 0. Checksum Sum 0x000000 Number of DCbitless external and opaque AS LSA 0 Number of DoNotAge external and opaque AS LSA 0 Number of areas in this router is 1. 0 normal 0 stub 1 nssa Number of areas transit capable is 0 External flood list length 0
Area 1 Number of interfaces in this area is 2 ! It is a NSSA area Area has no authentication SPF algorithm last executed 11:37:58.836 ago SPF algorithm executed 3 times Area ranges are Number of LSA 7. Checksum Sum 0x045598 Number of opaque link LSA 0. Checksum Sum 0x000000 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0
Device2#show ip ospf data
OSPF Router with ID (10.1.0.2) (Process ID 1)
Router Link States (Area 1)
Link ID
ADV Router
Age
Seq#
Checksum Link count
10.1.0.1
10.1.0.1
1990
0x80000016 0x00CBCB 2
10.1.0.2
10.1.0.2
1753
0x80000016 0x009371 4
10.1.0.3
10.1.0.3
1903
0x80000016 0x004149 2
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 229
Example: Verifying OSPF NSSA
Configuring NSSA for OSPFv2
Summary Net Link States (Area 1)
Link ID
ADV Router
Age
192.168.0.0
10.1.0.1
1990
192.168.11.0 10.1.0.1
1990
Seq#
Checksum
0x80000017 0x00A605
0x80000015 0x009503
Type-7 AS External Link States (Area 1)
Link ID
ADV Router
Age
192.168.3.0
10.1.0.3
1903
192.168.41.0 10.1.0.3
1903
Seq#
Checksum Tag
0x80000015 0x00484F 0
0x80000015 0x00A4CC 0
The following is sample output from the show ip ospf database data command. The output displays additional information about redistribution between Type 5 and Type 7 LSAs for routes that are injected into the NSSA area and then flooded through the OSPF network.
Device2#show ip ospf database data
OSPF Router with ID (10.1.0.2) (Process ID 1)
Area 1 database summary
LSA Type
Count Delete Maxage
Router
3
0
0
Network
0
0
0
Summary Net 2
0
0
Summary ASBR 0
0
0
Type-7 Ext 2
0
0
Prefixes redistributed in Type-7 0
Opaque Link 0
0
0
Opaque Area 0
0
0
Subtotal
7
0
0
Process 1 database summary
LSA Type
Count Delete
Router
3
0
Network
0
0
Summary Net 2
0
Summary ASBR 0
0
Type-7 Ext 2
0
Opaque Link 0
0
Opaque Area 0
0
Type-5 Ext 0
0
Maxage 0 0 0 0 0 0 0 0
Prefixes redistributed in Type-5 0
Opaque AS
0
0
0
Total
7
0
0
The following is sample output from the show ip ospf database nssa command. The output displays detailed information for Type 7 to Type 5 translations:
Device2#show ip ospf database nssa
OSPF Router with ID (10.1.0.2) (Process ID 1) Type-7 AS External Link States (Area 1) Routing Bit Set on this LSA LS age: 1903 Options: (No TOS-capability, Type 7/5 translation, DC) LS Type: AS External Link Link State ID: 192.168.3.0 (External Network Number ) Advertising Router: 10.1.0.3 LS Seq Number: 80000015 Checksum: 0x484F Length: 36 Network Mask: /24
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 230
Configuring NSSA for OSPFv2
Example: Verifying OSPF NSSA
Metric Type: 2 (Larger than any link state path) TOS: 0 Metric: 20 Forward Address: 192.168.14.3 External Route Tag: 0 Routing Bit Set on this LSA LS age: 1903 ! Options: (No TOS-capability, Type 7/5 translation, DC) LS Type: AS External Link Link State ID: 192.168.41.0 (External Network Number ) Advertising Router: 10.1.0.3 LS Seq Number: 80000015 Checksum: 0xA4CC Length: 36 Network Mask: /24 Metric Type: 2 (Larger than any link state path) TOS: 0 Metric: 20 Forward Address: 192.168.14.3 External Route Tag: 0
The following sample output from the show ip ospf command displays that the device is acting as an ASBR and OSPF Area 1 is configured as an NSSA area:
Device3#show ip ospf
Routing Process "ospf 1" with ID 10.1.0.3 Start time: 00:00:01.392, Time elapsed: 12:02:34.572 Supports only single TOS(TOS0) routes Supports opaque LSA Supports Link-local Signaling (LLS) Supports area transit capability !It is an autonomous system boundary router Redistributing External Routes from,
rip, includes subnets in redistribution Router is not originating router-LSAs with maximum metric Initial SPF schedule delay 5000 msecs Minimum hold time between two consecutive SPFs 10000 msecs Maximum wait time between two consecutive SPFs 10000 msecs Incremental-SPF disabled Minimum LSA interval 5 secs Minimum LSA arrival 1000 msecs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 0. Checksum Sum 0x000000 Number of opaque AS LSA 0. Checksum Sum 0x000000 Number of DCbitless external and opaque AS LSA 0 Number of DoNotAge external and opaque AS LSA 0 Number of areas in this router is 1. 0 normal 0 stub 1 nssa Number of areas transit capable is 0 External flood list length 0
Area 1 Number of interfaces in this area is 1 ! It is a NSSA area Area has no authentication SPF algorithm last executed 11:38:13.368 ago SPF algorithm executed 3 times Area ranges are Number of LSA 7. Checksum Sum 0x050CF7 Number of opaque link LSA 0. Checksum Sum 0x000000 Number of DCbitless LSA 0 Number of indication LSA 0
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 231
Example: Verifying OSPF NSSA
Configuring NSSA for OSPFv2
Number of DoNotAge LSA 0 Flood list length 0
The table below describes the significant fields shown in the show ip ospf command output.
Table 14: show ip ospf Field Descriptions
Field Routing process "ospf 1" with ID 10.1.0.3 Supports ... Summary Link update interval
External Link update interval
Redistributing External Routes from SPF calculations Number of areas SPF algorithm last executed
Link State Update Interval
Link State Age Interval
Description Process ID and OSPF router ID.
Number of types of service supported (Type 0 only). Specifies summary update interval in hours:minutes:seconds, and time until next update. Specifies external update interval in hours:minutes:seconds, and time until next update. Lists of redistributed routes, by protocol. Lists start, hold, and maximum wait interval values in milliseconds. Number of areas in router, area addresses, and so on. Shows the last time an SPF calculation was performed in response to topology change event records. Specifies router and network link-state update interval in hours:minutes:seconds, and time until next update. Specifies max-aged update deletion interval, and time until next database cleanup, in hours:minutes:seconds.
Example: OSPF NSSA Area with RFC 3101 Disabled and RFC 1587 Active
In the following example, the output for the show ip ospf and show ip ospf database nssa commands shows an Open Shortest Path First Not-So-Stubby Area (OSPF NSSA) area where RFC 3101 is disabled, RFC 1587 is active, and an NSSA Area Border Router (ABR) device is configured as a forced NSSA LSA translator. If RFC 3101 is disabled, the forced NSSA LSA translator remains inactive.
Device#show ip ospf
Routing Process "ospf 1" with ID 10.0.2.1 Start time: 00:00:25.512, Time elapsed: 00:01:02.200 Supports only single TOS(TOS0) routes Supports opaque LSA Supports Link-local Signaling (LLS) Supports area transit capability Supports NSSA (compatible with RFC 1587) Event-log enabled, Maximum number of events: 1000, Mode: cyclic Router is not originating router-LSAs with maximum metric Initial SPF schedule delay 5000 msecs Minimum hold time between two consecutive SPFs 10000 msecs Maximum wait time between two consecutive SPFs 10000 msecs Incremental-SPF disabled
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 232
Configuring NSSA for OSPFv2
Example: Verifying OSPF NSSA
Minimum LSA interval 5 secs Minimum LSA arrival 1000 msecs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 0. Checksum Sum 0x000000 Number of opaque AS LSA 0. Checksum Sum 0x000000 Number of DCbitless external and opaque AS LSA 0 Number of DoNotAge external and opaque AS LSA 0 Number of areas in this router is 1. 0 normal 0 stub 1 nssa Number of areas transit capable is 0 External flood list length 0 IETF NSF helper support enabled Cisco NSF helper support enabled Reference bandwidth unit is 100 mbps Area 1 Number of interfaces in this area is 1 It is a NSSA area Configured to translate Type-7 LSAs, inactive (RFC3101 support disabled) Area has no authentication SPF algorithm last executed 00:00:07.160 ago SPF algorithm executed 3 times Area ranges are Number of LSA 3. Checksum Sum 0x0245F0 Number of opaque link LSA 0. Checksum Sum 0x000000 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0
The table below describes the significant fields shown in the show ip ospf command output.
Table 15: show ip ospf Field Descriptions
Field
Supports NSSA (compatible with RFC 1587)
Configured to translate Type-7 LSAs, inactive (RFC3101 support disabled)
Description
Specifies that RFC 1587 is active or that the OSPF NSSA area is RFC 1587 compatible.
Specifies that OSPF NSSA area has an ABR device configured to act as a forced translator of Type 7 LSAs. However, it is inactive because RFC 3101 is disabled
Device2#show ip ospf database nssa
Router Link States (Area 1) LS age: 28 Options: (No TOS-capability, DC) LS Type: Router Links Link State ID: 10.0.2.1 Advertising Router: 10.0.2.1 LS Seq Number: 80000004 Checksum: 0x5CA2 Length: 36 Area Border Router AS Boundary Router Unconditional NSSA translator Number of Links: 1 Link connected to: a Stub Network (Link ID) Network/subnet number: 192.0.2.5
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 233
Additional References for OSPF Not-So-Stubby Areas (NSSA)
Configuring NSSA for OSPFv2
(Link Data) Network Mask: 255.255.255.0 Number of MTID metrics: 0 TOS 0 Metrics: 10
The table below describes the significant fields shown in the show ip ospf database nssa command output.
Table 16: show ip ospf database nssa Field Description
Field
Unconditional NSSA translator
Description Specifies that NSSA ASBR device is a forced NSSA LSA translator
Additional References for OSPF Not-So-Stubby Areas (NSSA)
Related Documents
Related Topic
Document Title
OSPF commands
Cisco IOS IP Routing: OSPF Command Reference
Protocol-independent features that work with OSPF "Configuring IP Routing Protocol-Independent Features" module in IP Routing: Protocol-Independent Configuration Guide
RFCs RFC RFC 1587 RFC 3101
Title The OSPF NSSA Option, March 1994 The OSPF NSSA Option January 2003
Feature History for NSSA for OSPFv2
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Fuji 16.8.1a
NSSA for OSPFv2
OSPFv2 allows you to configure a Not-So-Stubby Area (NSSA).
Cisco IOS XE Cupertino 17.7.1
NSSA for OSPFv2
Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 234
Configuring NSSA for OSPFv2
Feature History for NSSA for OSPFv2
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 235
Feature History for NSSA for OSPFv2
Configuring NSSA for OSPFv2
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 236
2 3 C H A P T E R
Configuring NSSA for OSPFv3
· Information About NSSA for OSPFv3, on page 237 · How to Configure NSSA for OSPFv3, on page 239 · Configuration Example for NSSA for OSPFv3, on page 243 · Additional References for NSSA for OSPFv3, on page 244 · Feature History for NSSA for OSPFv3, on page 245
Information About NSSA for OSPFv3
Cisco Open Shortest Path First version 3 (OSPFv3) allows you to configure a Not-So-Stubby Area (NSSA). An NSSA is similar to a stub area, except that an NSSA allows you to import autonomous system (AS) external routes within an NSSA using redistribution. This feature adds support for the OSPFv3 NSSA specification that is described by RFC 3101. RFC 3101 replaced and is backward compatible with RFC 1587.
RFC 1587 Compliance
RFC 3101 compliance is automatically enabled on the devices. Use the compatible rfc1587 command in router configuration mode to revert to route selection that is based on RFC 1587. When you configure the device to be compatible with RFC 1587, the device performs the following actions:
· Reverts the route selection process to RFC 1587. · Configures Autonomous System Border Router (ASBR) to configure the P (propagate bit) and
zero-forwarding address. · Disables always translating Area Border Router (ABR).
ABR as OSPFv3 NSSA LSA Translator
Use the Not-So-Stubby Area (NSSA) for Open Shortest Path First version 3 (OSPFv3) feature to simplify administration in a network that connects a central site that uses OSPFv3 to a remote site that uses a different routing protocol. When the NSSA feature is not implemented, the connection between the border device at the corporate site and the remote device is not established as an OSPFv3 stub area due to following reasons:
· Routes for the remote site are not redistributed into the stub area.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 237
ABR as OSPFv3 NSSA LSA Translator
Configuring NSSA for OSPFv3
· Two routing protocols must be maintained.
A protocol such as Routing Information Protocol (RIP) for IPv6 is run to handle the redistribution. By implementing NSSA, you can extend OSPFv3 to include the remote connection by defining the area between the border device at the corporate site and the remote device as an NSSA.
As with OSPFv3 stub areas, NSSA areas cannot be injected with distributed routes via a Type 5 Link State Advertisement (LSA). Route redistribution into an NSSA area is possible only with a Type 7 LSA. An NSSA Autonomous System Border Router (ASBR) generates the Type 7 LSA , and an NSSA Area Border Router (ABR) translates the Type 7 LSA into a Type 5 LSA. These LSAs can be flooded throughout the OSPFv3 routing domain. Route summarization and filtering are supported during the translation.
Route summarization is the consolidation of advertised addresses. This feature enables an ABR to advertise a single summary route to other areas. If the network numbers in an area are assigned in a way such that they are contiguous, you can configure the ABR to advertise a summary route that covers all the individual networks within the area that fall into the specified range.
When routes from other protocols are redistributed into an OSPFv3 area, each route is advertised individually in an external LSA. However, you can configure the Cisco IOS software to advertise a single route with a specified network address and mask for all the redistributed routes that are covered by a specified network address and mask. Thus, the size of the OSPFv3 link-state database decreases.
RFC 3101 allows you to configure an NSSA ABR device as a forced NSSA LSA translator.
Note Even a forced translator might not translate all LSAs; translation depends on the content of each LSA.
The figure below shows a network diagram in which OSPFv3 Area 1 is defined as the stub area. The Enhanced Interior Gateway Routing Protocol (EIGRP) routes are not propagated into the OSPFv3 domain because routing redistribution is not allowed in the stub area. However, once OSPFv3 Area 1 is defined as an NSSA, an NSSA ASBR can include the EIGRP routes to the OSPFv3 NSSA by generating Type 7 LSAs.
Figure 10: OSPFv3 NSSA
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 238
Configuring NSSA for OSPFv3
How to Configure NSSA for OSPFv3
The redistributed routes from the RIP device are not allowed into OSPFv3 Area 1 because NSSA is an extension to the stub area. The stub area characteristics still exist, including the exclusion of Type 5 LSAs.
The figure below shows the OSPFv3 stub network with NSSA Area 1. The redistributed routes that Device 4 is propagating from the two RIP networks are translated into Type 7 LSAs by NSSA ASBR Device 3. Device 2, which is configured to be the NSSA ABR, translates the Type 7 LSAs back to Type 5 so that they can be flooded through the rest of the OSPFv3 stub network within OSPFv3 Area 0.
Figure 11: OSPFv3 NSSA Network with NSSA ABR and ASBR Devices
How to Configure NSSA for OSPFv3
The following sections provide configurational information about NSSA for OSPFv3.
Configuring an OSPFv3 NSSA Area and Its Parameters
To configure an OSPFv3 NSSA area and its parameters, follow this procedure:
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device# configure terminal
router ospfv3 process-id Example:
Device(config)# router ospfv3 10
Enables OSPFv3 routing and enters router configuration mode.
The process-id argument identifies the OSPFv3 process. The range is from 1 to 65535.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 239
Configuring an OSPFv3 NSSA Area and Its Parameters
Configuring NSSA for OSPFv3
Step 4 Step 5 Step 6
Step 7 Step 8
Command or Action
Purpose
area area-id nssa default-information-originate nssa-only
Configures an NSSA area and sets the default advertisement to this NSSA area.
Example:
Device(config-router)# area 1 nssa default-information-originate nssa-only
· In the example, area 1 is configured as an NSSA area.
· The nssa-only keyword instructs the device to instigate Type-7 LSA with cleared P-bit, thereby, preventing LSA translation to Type 5 on NSSA ABR device.
address-family {ipv4 | ipv6} [unicast] Example:
Device(config-router)# address-family ipv4 unicast
OR
Device(config-router)# address-family ipv6 unicast
(Optional) Enables address family configuration mode for Open Shortest Path First version 3 (OSPFv3).
· The address-family ipv4 unicast command configures an IPv4 address family.
· The address-family ipv6 unicast command configures an IPv6 address family.
Enter either of the following commands: · (For IPv4) summary-prefix {ip-prefix | ip-address-mask} [not-advertise | [tag tag-value] [nssa-only]] · (For IPv6) summary-prefix ipv6-prefix [not-advertise | [tag tag-value] [nssa-only]]
Example: (For IPv4)
Device(config-router-af)# summary-prefix 10.1.0.0/16 nssa-only
(For IPv6)
Device(config-router-af)# summary-prefix 2001:DB8::/32 nssa-only
· (For IPv4 address family only) Defines an IPv4 summary prefix and address mask in Open Shortest Path First version 3 (OSPFv3) and summarizes all routes that are redistributed from other routing protocols.
· (For IPv6 address family only) Defines an IPv6 summary prefix in Open Shortest Path First version 3 (OSPFv3) and summarizes all routes that are redistributed from other routing protocols.
· The nssa-only keyword instructs the device to instigate Type-7 LSA with cleared P-bit, thereby, preventing LSA translation to Type 5 on NSSA ABR router.
exit Example:
Device(config-router-af)# exit
Exits address-family router configuration mode and returns to the router configuration mode.
redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [autonomous-system-number] [metric
Redistributes routes from one routing domain into another routing domain.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 240
Configuring NSSA for OSPFv3
Configuring an NSSA ABR as a Forced NSSA LSA Translator for OSPFv3
Step 9
Command or Action
{metric-value | transparent}] [metric-type type-value] [match {internal | external 1 | external 2}] [tag tag-value] [route-map map-tag] [nssa-only]
Example:
Purpose
In the example, Routing Information Protocol (RIP) subnets are redistributed into the OSPFv3 domain.
Device(config-router)# redistribute rip nssa-only
end Example:
Exits router configuration mode and returns to privileged EXEC mode.
Device(config-router)# end
Configuring an NSSA ABR as a Forced NSSA LSA Translator for OSPFv3
To configure an NSSA ABR as a forced NSSA translator for OSPFv3, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3 Step 4
Device# configure terminal
router ospfv3 process-id Example:
Device(config)# router ospfv3 1
area area-id nssa translate type7 always Example:
Device(config-router)# area 10 nssa translate type7 always
(Optional) Enables OSPFv3 routing and enters router configuration mode.
The process-id argument identifies the OSPFv3 process. The range is from 1 to 65535.
Configures a NSSA ABR device as a forced NSSA Link State Advertisement (LSA) translator.
Note
You can use the always keyword
to configure an NSSA ABR
device as a forced NSSA LSA
translator. This command can be
used if RFC 3101 is disabled and
RFC 1587 is used.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 241
Disabling RFC 3101 Compatibility and Enabling RFC 1587 Compatibility
Configuring NSSA for OSPFv3
Step 5 Step 6
Command or Action
Purpose
area area-id nssa translate type7 suppress-fa Allows the ABR to suppress the forwarding
Example:
address in translated Type 5 LSA.
Note
You can configure this command
Device(config-router)# area 10 nssa
in both router configuration mode
translate type7 suppress-fa
and address-family configuration
mode.
OR
Device (config-router)# address-family [ipv4|ipv6] unicast Device (config-router-af)# area 10 nssa
translate type7 suppress-fa Device (config-router-af)# exit
end Example:
Exits router configuration mode and returns to privileged EXEC mode.
Device(config-router)# end
Disabling RFC 3101 Compatibility and Enabling RFC 1587 Compatibility
To disable RFC 3101 compatibility and enabling RFC 1587 compatibility, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3 Step 4
Device# configure terminal
router ospfv3 process-id Example:
Device(config)# router ospfv3 1
(Optional) Enables OSPFv3 routing and enters router configuration mode.
The process-id argument identifies the OSPFv3 process.
compatible rfc1587 Example:
Changes the method used to perform route selection to RFC 1587 compatibility and disables RFC 3101.
Device(config-router)# compatible rfc1587
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 242
Configuring NSSA for OSPFv3
Configuration Example for NSSA for OSPFv3
Step 5
Command or Action end Example:
Device(config-router)# end
Purpose
Exits router configuration mode and returns to privileged EXEC mode.
Configuration Example for NSSA for OSPFv3
Use the show ospfv3 command to confirm that the device is acting as an Autonomous System Border Router (ASBR) and that the Open Shortest Path First version 3 (OSPFv3) Area 1 has been configured as a Not-So-Stubby Area (NSSA) area.
Device#show ospfv3
OSPFv3 1 address-family ipv4 Router ID 3.3.3.3 Supports NSSA (compatible with RFC 1587) It is an autonomous system boundary router Redistributing External Routes from,
static Router is not originating router-LSAs with maximum metric Initial SPF schedule delay 5000 msecs Minimum hold time between two consecutive SPFs 10000 msecs Maximum wait time between two consecutive SPFs 10000 msecs Minimum LSA interval 5 secs Minimum LSA arrival 1000 msecs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 0. Checksum Sum 0x000000 Number of areas in this router is 1. 0 normal 0 stub 1 nssa Graceful restart helper support enabled Reference bandwidth unit is 100 mbps RFC1583 compatibility enabled
Area 1 Number of interfaces in this area is 1 It is a NSSA area Configured to translate Type-7 LSAs, inactive (RFC3101 support disabled) Perform type-7/type-5 LSA translation, suppress forwarding address Area has no authentication SPF algorithm last executed 00:00:07.160 ago SPF algorithm executed 3 times Area ranges are Number of LSA 3. Checksum Sum 0x0245F0 Number of opaque link LSA 0. Checksum Sum 0x000000 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0
The table below describes the significant show ip ospf display fields and their descriptions.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 243
Additional References for NSSA for OSPFv3
Configuring NSSA for OSPFv3
Table 17: show ospfv3 Field Descriptions
Field Supports NSSA (compatible with RFC 1587)
Configured to translate Type-7 LSAs, inactive (RFC3101 support disabled)
Description
Specifies that RFC 1587 is active or that the OSPFv3 NSSA area is RFC 1587 compatible.
Specifies that the OSPFv3 NSSA area has an ABR device configured to act as a forced translator of Type 7 LSAs. However, it is inactive because RFC 3101 is disabled.
The output of the router LSA in LSDB shows Nt-Bit if it is set in the header of LSA.
Router Link States (Area 1)
LS age: 94 Options: (N-Bit, R-bit, DC-Bit, AF-Bit, Nt-Bit) LS Type: Router Links Link State ID: 0 Advertising Router: 2.2.2.2 LS Seq Number: 80000002 Checksum: 0x8AD5 Length: 56 Area Border Router AS Boundary Router Unconditional NSSA translator Number of Links: 2
The "Unconditional NSSA translator" line indicates that the status of the NSSA ASBR router is as a forced NSSA LSA translator.
Additional References for NSSA for OSPFv3
Related Documents
Related Topic
Document Title
OSPF commands
Cisco IOS IP Routing: OSPF Command Reference
OSPFv3 in IPv6 routing "IPv6 Routing: OSPFv3" module
RFCs
RFC
Title
RFC 1587 The OSPF NSSA Option
RFC 3101 The OSPF NSSA Option
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 244
Configuring NSSA for OSPFv3
Feature History for NSSA for OSPFv3
Feature History for NSSA for OSPFv3
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1
NSSA for OSPFv3
OSPFv3 allows you to configure a Not-So-Stubby Area (NSSA).
Cisco IOS XE Cupertino 17.7.1
NSSA for OSPFv3
Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 245
Feature History for NSSA for OSPFv3
Configuring NSSA for OSPFv3
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 246
2 4 C H A P T E R
Configuring EIGRP
· Information About EIGRP, on page 247 · How to Configure EIGRP, on page 252 · Monitoring and Maintaining EIGRP, on page 259 · Feature History for EIGRP, on page 260
Information About EIGRP
Enhanced IGRP (EIGRP) is a Cisco proprietary enhanced version of the IGRP. EIGRP uses the same distance vector algorithm and distance information as IGRP; however, the convergence properties and the operating efficiency of EIGRP are improved.
The convergence technology employs an algorithm referred to as the Diffusing Update Algorithm (DUAL), which guarantees loop-free operation at every instant throughout a route computation and allows all devices that are involved in a topology change to synchronize at the same time. Routers that are not affected by topology changes are not involved in recomputations.
IP EIGRP provides increased network width. With RIP, the largest possible width of your network is 15 hops. Because the EIGRP metric is large enough to support thousands of hops, the only barrier to expanding the network is the transport-layer hop counter. EIGRP increments the transport control field only when an IP packet has traversed 15 routers and the next hop to the destination was learned through EIGRP. When a RIP route is used as the next hop to the destination, the transport control field is incremented as usual.
EIGRP IPv6
Switches support the Enhanced Interior Gateway Routing Protocol (EIGRP) for IPv6. It is configured on the interfaces on which it runs and does not require a global IPv6 address. Switches running Network Essentials only support EIGRPv6 stub routing.
Before running, an instance of EIGRP IPv6 requires an implicit or explicit router ID. An implicit router ID is derived from a local IPv6 address, so any IPv6 node always has an available router ID. However, EIGRP IPv6 might be running in a network with only IPv6 nodes and therefore might not have an available IPv6 router ID.
For configuring EIGRP for IPv6, see the Configuring EIGRP for IPv6 section.
For more information about EIGRP for IPv6, see the Cisco IOS IPv6 Configuration Library on Cisco.com.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 247
EIGRP Features
Configuring EIGRP
EIGRP Features
EIGRP offers these features:
· Fast convergence.
· Incremental updates when the state of a destination changes, instead of sending the entire contents of the routing table, minimizing the bandwidth required for EIGRP packets.
· Less CPU usage because full update packets need not be processed each time that they are received.
· Protocol-independent neighbor discovery mechanism to learn about neighboring routers.
· Variable-length subnet masks (VLSMs).
· Arbitrary route summarization.
· EIGRP scales to large networks.
EIGRP Components
EIGRP has these four basic components:
· Neighbor discovery and recovery is the process that routers use to dynamically learn of other routers on their directly attached networks. Routers must also discover when their neighbors become unreachable or inoperative. Neighbor discovery and recovery is achieved with low overhead by periodically sending small hello packets. As long as hello packets are received, the Cisco IOS software can learn that a neighbor is alive and functioning. When this status is determined, the neighboring routers can exchange routing information.
· The reliable transport protocol is responsible for guaranteed, ordered delivery of EIGRP packets to all neighbors. It supports intermixed transmission of multicast and unicast packets. Some EIGRP packets must be sent reliably, and others need not be. For efficiency, reliability is provided only when necessary. For example, on a multiaccess network that has multicast capabilities (such as Ethernet), it is not necessary to send hellos reliably to all neighbors individually. Therefore, EIGRP sends a single multicast hello with an indication in the packet informing the receivers that the packet need not be acknowledged. Other types of packets (such as updates) require acknowledgment, which is shown in the packet. The reliable transport has a provision to send multicast packets quickly when there are unacknowledged packets pending. Doing so helps ensure that convergence time remains low in the presence of varying speed links.
· The DUAL finite state machine embodies the decision process for all route computations. It tracks all routes that are advertised by all neighbors. DUAL uses the distance information (known as a metric) to select efficient, loop-free paths. DUAL selects routes to be inserted into a routing table based on feasible successors. A successor is a neighboring router that is used for packet forwarding that has a least-cost path to a destination that is guaranteed not to be part of a routing loop. When there are no feasible successors, but there are neighbors advertising the destination, a recomputation must occur. This is the process whereby a new successor is determined. The amount of time it takes to recompute the route affects the convergence time. Recomputation is processor-intensive; it is advantageous to avoid recomputation if it is not necessary. When a topology change occurs, DUAL tests for feasible successors. If there are feasible successors, it uses any it finds to avoid unnecessary recomputation.
· The protocol-dependent modules are responsible for network layer protocol-specific tasks. An example is the IP EIGRP module, which is responsible for sending and receiving EIGRP packets that are
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 248
Configuring EIGRP
EIGRP Nonstop Forwarding
encapsulated in IP. It is also responsible for parsing EIGRP packets and informing DUAL of the new information received. EIGRP asks DUAL to make routing decisions, but the results are stored in the IP routing table. EIGRP is also responsible for redistributing routes that are learned by other IP routing protocols.
EIGRP Nonstop Forwarding
The device stack supports two levels of EIGRP nonstop forwarding:
· EIGRP NSF Awareness
· EIGRP NSF Capability
EIGRP NSF Awareness
When the neighboring device is NSF-capable, the Layer 3 device continues to forward packets from the neighboring device during the interval between the primary Route Processor (RP) in a device failing and the backup RP taking over, or while the primary RP is manually reloaded for a nondisruptive software upgrade. This feature cannot be disabled.
EIGRP NSF Capability
When an EIGRP NSF-capable active switch restarts or a new active switch starts up and NSF restarts, the device has no neighbors, and the topology table is empty. The device must bring up the interfaces, reacquire neighbors, and rebuild the topology and routing tables without interrupting the traffic that is directed toward the device stack. EIGRP peer routers maintain the routes that are learned from the new active switch and continue forwarding traffic through the NSF restart process.
To prevent an adjacency reset by the neighbors, the new active switch uses a new Restart (RS) bit in the EIGRP packet header to show the restart. When the neighbor receives this, it synchronizes the stack in its peer list and maintains the adjacency with the stack. The neighbor then sends its topology table to the active switch with the RS bit set to show that it is NSF-aware and is aiding the new active switch.
If at least one of the stack peer neighbors is NSF-aware, the active switch receives updates and rebuilds its database. Each NSF-aware neighbor sends an end of table (EOT) marker in the last update packet to mark the end of the table content. The active switch recognizes the convergence when it receives the EOT marker, and it then begins sending updates. When the active switch has received all EOT markers from its neighbors or when the NSF-converge timer expires, EIGRP notifies the routing information database (RIB) of convergence and floods its topology table to all NSF-aware peers.
EIGRP Stub Routing
The EIGRP stub routing feature improves network stability, reduces resource utilization, and simplifies the stub device configuration.
Stub routing is commonly used in hub-and-spoke network topologies. In a hub-and-spoke network, one or more end (stub) networks are connected to a remote device (the spoke) that is connected to one or more distribution devices (the hub). The remote device is adjacent to one or more distribution devices. The only route for IP traffic to reach the remote device is through a distribution device. This type of configuration is commonly used in WAN topologies, where the distribution device is directly connected to a WAN. The distribution device can be connected to many remote devices, which is often the case. In a hub-and-spoke topology, the remote device must forward all nonlocal traffic to a distribution device, so it becomes unnecessary
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 249
EIGRP Stub Routing
Configuring EIGRP
for the remote device to have a complete routing table. Generally, the distribution device need not send anything more than a default route to the remote device.
When using the EIGRP stub routing feature, you need to configure the distribution and remote devices to use EIGRP and configure only the remote device as a stub. Only specified routes are propagated from the remote (stub) device. The stub device responds to all queries for summaries, connected routes, redistributed static routes, external routes, and internal routes with the message "inaccessible." A device that is configured as a stub will send a special peer information packet to all neighboring devices to report its status as a stub device.
Any neighbor that receives a packet informing it of the stub status will not query the stub device for any routes, and a device that has a stub peer will not query that peer. The stub device will depend on the distribution device to send proper updates to all peers.
The figure below shows a simple hub-and-spoke network.
Figure 12: Simple Hub-and-Spoke Network
The stub routing feature by itself does not prevent routes from being advertised to the remote device. In the above example, the remote device can access the corporate network and the Internet only through the distribution device. Having a complete route table on the remote device would serve no functional purpose because the path to the corporate network and the Internet would always be through the distribution device. The large route table would only reduce the amount of memory that is required by the remote device. Bandwidth and memory can be conserved by summarizing and filtering routes in the distribution device. The remote device need not receive routes that have been learned from other networks because the remote device must send all nonlocal traffic, regardless of the destination, to the distribution device. If a true stub network is desired, the distribution device should be configured to send only a default route to the remote device. The EIGRP stub routing feature does not automatically enable summarization on distribution devices. In most cases, the network administrator will need to configure summarization on distribution devices.
Note When configuring the distribution device to send only a default route to the remote device, you must use the ip classless command on the remote device. By default, the ip classless command is enabled in all Cisco images that support the EIGRP stub routing feature.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 250
Configuring EIGRP
EIGRPv6 Stub Routing
Without the EIGRP stub routing feature, even after routes that are sent from the distribution device to the remote device have been filtered or summarized, a problem might occur. If a route is lost somewhere in the corporate network, EIGRP could send a query to the distribution device, which in turn would send a query to the remote device, even if routes are being summarized. If there is a communication problem (over the WAN link) between the distribution device and the remote device, an EIGRP stuck in active (SIA) condition could occur and cause instability elsewhere in the network. The EIGRP stub routing feature allows a network administrator to prevent queries from being sent to the remote device.
EIGRPv6 Stub Routing
The EIGRPv6 stub routing feature, reduces resource utilization by moving routed traffic closer to the end user.
In a network using EIGRPv6 stub routing, the only allowable route for IPv6 traffic to the user is through a switch that is configured with EIGRPv6 stub routing. The switch sends the routed traffic to interfaces that are configured as user interfaces or are connected to other devices.
When using EIGRPv6 stub routing, you need to configure the distribution and remote routers to use EIGRPv6 and to configure only the switch as a stub. Only specified routes are propagated from the switch. The switch responds to all queries for summaries, connected routes, and routing updates.
Any neighbor that receives a packet informing it of the stub status does not query the stub router for any routes, and a router that has a stub peer does not query that peer. The stub router depends on the distribution router to send the proper updates to all peers.
In the figure given below, switch B is configured as an EIGRPv6 stub router. Switches A and C are connected to the rest of the WAN. Switch B advertises connected, static, redistribution, and summary routes to switch A and C. Switch B does not advertise any routes learned from switch A (and the reverse).
Figure 13: EIGRP Stub Router Configuration
For more information about EIGRPv6 stub routing, see "Implementing EIGRP for IPv6" section of the Cisco IOS IP Configuration Guide, Volume 2 of 3: Routing Protocols, Release 12.4.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 251
How to Configure EIGRP
Configuring EIGRP
How to Configure EIGRP
To create an EIGRP routing process, you must enable EIGRP and associate networks. EIGRP sends updates to the interfaces in the specified networks. If you do not specify an interface network, it is not advertised in any EIGRP update.
Note If you have devices on your network that are configured for IGRP, and you want to change to EIGRP, you must designate transition devices that have both IGRP and EIGRP configured. In these cases, perform Steps 1 through 3 in the next section and also see the "Configuring Split Horizon" section. You must use the same AS number for routes to be automatically redistributed.
Default EIGRP Configuration
Table 18: Default EIGRP Configuration
Feature Auto summary Default-information Default metric
Distance EIGRP log-neighbor changes IP authentication key-chain IP authentication mode IP bandwidth-percent
Default Setting
Disabled.
Exterior routes are accepted and default information is passed between processes when doing redistribution.
Only connected routes and interface static routes can be redistributed w default metric. The metric includes:
· Bandwidth: 0 or greater kb/s. · Delay (tens of microseconds): 0 or any positive number that is a m
39.1 nanoseconds. · Reliability: any number between 0 and 255 (255 means 100 perce
reliability). · Loading: effective bandwidth as a number between 0 and 255 (25
percent loading). · MTU: maximum transmission unit size of the route in bytes. 0 or an
integer.
Internal distance: 90. External distance: 170.
Disabled. No adjacency changes logged.
No authentication provided.
No authentication provided.
50 percent.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 252
Configuring EIGRP
Configuring Basic EIGRP Parameters
Feature IP hello interval
IP hold-time IP split-horizon IP summary address Metric weights Network Nonstop Forwarding (NSF) Awareness
NSF capability
Offset-list Router EIGRP Set metric Traffic-share Variance
Default Setting
For low-speed nonbroadcast multiaccess (NBMA) networks: 60 seco networks: 5 seconds.
For low-speed NBMA networks: 180 seconds; all other networks:
Enabled.
No summary aggregate addresses are predefined.
tos: 0; k1 and k3: 1; k2, k4, and k5: 0
None specified.
Enabled for IPv4 on switches running the Allows Layer 3 switches forwarding packets from a neighboring NSF-capable router during software changes.
Disabled.
Note
The device supports EIGRP NSF-capable routing for
Disabled. Disabled. No metric set in the route map. Distributed proportionately to the ratios of the metrics. 1 (equal-cost load-balancing).
Configuring Basic EIGRP Parameters
To configure basic EIGRP parameters, perform this procedure:
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device enable
configure terminal Example:
Enters global configuration mode.
Device#configure terminal
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 253
Configuring Basic EIGRP Parameters
Configuring EIGRP
Step 3 Step 4 Step 5 Step 6 Step 7
Step 8 Step 9 Step 10
Command or Action router eigrp autonomous-system Example:
Device(config)#router eigrp 10
nsf Example:
Device(config-router)#nsf
network network-number Example:
Device(config-router)#network 192.168.0.0
eigrp log-neighbor-changes Example:
Purpose Enables an EIGRP routing process, and enter router configuration mode. The AS number identifies the routes to other EIGRP devices and is used to tag routing information.
(Optional) Enables EIGRP NSF. Enter this command on the active switch and on all of its peers.
Associate networks with an EIGRP routing process. EIGRP sends updates to the interfaces in the specified networks.
(Optional) Enables logging of EIGRP neighbor changes to monitor routing system stability.
Device(config-router)#eigrp log-neighbor-changes
metric weights tos k1 k2 k3 k4 k5
(Optional) Adjust the EIGRP metric. Although
Example:
the defaults have been carefully set to provide excellent operation in most networks, you can
adjust them.
Device(config-router)#metric weights 0
20200
Caution Setting metrics is complex and
is not recommended without
guidance from an experienced
network designer.
offset-list [access-list number | name] {in | out} offset [type number] Example:
Device(config-router)#offset-list 21 out 10
auto-summary Example:
(Optional) Applies an offset list to routing metrics to increase incoming and outgoing metrics to routes learned through EIGRP. You can limit the offset list with an access list or an interface.
(Optional) Enables automatic summarization of subnet routes into network-level routes.
Device(config-router)#auto-summary
interface interface-id Example:
Enters interface configuration mode, and specifies the Layer 3 interface to configure.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 254
Configuring EIGRP
Configuring EIGRP Interfaces
Step 11 Step 12 Step 13 Step 14
Command or Action
Purpose
Device(config-router)#interface gigabitethernet 1/0/1
ip summary-address eigrp autonomous-system-number address mask
Example:
(Optional) Configures a summary aggregate.
Device(config-if)#ip summary-address eigrp 1 192.168.0.0 255.255.0.0
end Example:
Returns to privileged EXEC mode.
Device(config-if)#end
show ip protocols Example:
Device#show ip protocols
copy running-config startup-config Example:
Device#copy running-config startup-config
Verifies your entries. For NSF awareness, the output shows: *** IP Routing is NSF aware *** EIGRP NSF enabled
(Optional) Saves your entries in the configuration file.
Configuring EIGRP Interfaces
Other optional EIGRP parameters can be configured on an interface basis. To configure EIGRP interfaces, perform this procedure:
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device>enable
configure terminal Example:
Enters global configuration mode.
Device#configure terminal
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 255
Configuring EIGRP Interfaces
Configuring EIGRP
Step 3 Step 4 Step 5 Step 6 Step 7
Step 8 Step 9
Command or Action interface interface-id Example:
Purpose
Enters interface configuration mode, and specifies the Layer 3 interface to configure.
Device(config)#interface gigabitethernet 1/0/1
ip bandwidth-percent eigrp percent Example:
(Optional) Configures the percentage of bandwidth that can be used by EIGRP on an interface. The default is 50 percent.
Device(config-if)#ip bandwidth-percent eigrp 60
ip summary-address eigrp autonomous-system-number address mask
Example:
(Optional) Configures a summary aggregate address for a specified interface (not usually necessary if auto-summary is enabled).
Device(config-if)#ip summary-address eigrp 109 192.161.0.0 255.255.0.0
ip hello-interval eigrp autonomous-system-number seconds Example:
Device(config-if)#ip hello-interval eigrp 109 10
ip hold-time eigrp autonomous-system-number seconds Example:
Device(config-if)#ip hold-time eigrp 109 40
(Optional) Change the hello time interval for an EIGRP routing process. The range is 1 to 65535 seconds. The default is 60 seconds for low-speed NBMA networks and 5 seconds for all other networks.
(Optional) Change the hold time interval for an EIGRP routing process. The range is 1 to 65535 seconds. The default is 180 seconds for low-speed NBMA networks and 15 seconds for all other networks.
Caution
Do not adjust the hold time without consulting Cisco technical support.
no ip split-horizon eigrp autonomous-system-number
Example:
(Optional) Disables split horizon to allow route information to be advertised by a router out any interface from which that information originated.
Device(config-if)#no ip split-horizon eigrp 109
end Example:
Returns to privileged EXEC mode.
Device(config)#end
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 256
Configuring EIGRP
Configuring EIGRP for IPv6
Step 10 Step 11
Command or Action show ip eigrp interface Example:
Device#show ip eigrp interface
copy running-config startup-config Example:
Device#copy running-config startup-config
Purpose Displays which interfaces EIGRP is active on and information about EIGRP relating to those interfaces.
(Optional) Saves your entries in the configuration file.
Configuring EIGRP for IPv6
Before configuring the switch to run IPv6 EIGRP, enable routing by entering the ip routing global configuration command, enable the forwarding of IPv6 packets by entering the ipv6 unicast-routing global configuration command, and enable IPv6 on any Layer 3 interfaces on which you want to enable IPv6 EIGRP.
To set an explicit router ID, use the show ipv6 eigrp command to see the configured router IDs, and then use the router-id command.
As with EIGRP IPv4, you can use EIGRPv6 to specify your EIGRP IPv6 interfaces, and to select a subset of those as passive interfaces. Use the passive-interface command to make an interface passive, and then use the no passive-interface command on selected interfaces to make them active. EIGRP IPv6 does not need to be configured on a passive interface.
For more configuration procedures, see the "Implementing EIGRP for IPv6" chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
Configuring EIGRP Route Authentication
EIGRP route authentication provides MD5 authentication of routing updates from the EIGRP routing protocol to prevent the introduction of unauthorized or false routing messages from unapproved sources.
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device>enable
configure terminal Example:
Enters global configuration mode.
Device#configure terminal
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 257
Configuring EIGRP Route Authentication
Configuring EIGRP
Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10
Command or Action interface interface-id Example:
Purpose
Enters interface configuration mode, and specifies the Layer 3 interface to configure.
Device(config)#interface gigabitethernet 1/0/1
ip authentication mode eigrp autonomous-system md5
Example:
Enables MD5 authentication in IP EIGRP packets.
Device(config-if)#ip authentication mode eigrp 104 md5
ip authentication key-chain eigrp autonomous-system key-chain
Example:
Enables authentication of IP EIGRP packets.
Device(config-if)#ip authentication key-chain eigrp 105 chain1
exit Example:
Returns to global configuration mode.
Device(config-if)#exit
key chain name-of-chain Example:
Device(config)#key chain chain1
key number Example:
Identify a key chain and enter key-chain configuration mode. Match the name configured in Step 4.
In key-chain configuration mode, identify the key number.
Device(config-keychain)#key 1
key-string text Example:
In key-chain key configuration mode, identify the key string.
Device(config-keychain-key)#key-string key1
accept-lifetime start-time {infinite | end-time (Optional) Specifies the time period during
| duration seconds}
which the key can be received.
Example:
The start-time and end-time syntax can be
either hh:mm:ss Month date year or hh:mm:ss
Device(config-keychain-key)#accept-lifetime date Month year. The default is forever with
13:30:00 Jan 25 2011 duration 7200 the default start-time and the earliest
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 258
Configuring EIGRP
Monitoring and Maintaining EIGRP
Step 11
Step 12 Step 13 Step 14
Command or Action
Purpose
acceptable date as January 1, 1993. The default end-time and duration is infinite.
send-lifetime start-time {infinite | end-time | (Optional) Specifies the time period during
duration seconds}
which the key can be sent.
Example:
The start-time and end-time syntax can be
either hh:mm:ss Month date year or hh:mm:ss
Device(config-keychain-key)#send-lifetime date Month year. The default is forever with
14:00:00 Jan 25 2011 duration 3600 the default start-time and the earliest
acceptable date as January 1, 1993. The default
end-time and duration is infinite.
end Example:
Returns to privileged EXEC mode.
Device(config)#end
show key chain Example:
Device#show key chain
copy running-config startup-config Example:
Device#copy running-config startup-config
Displays authentication key information.
(Optional) Saves your entries in the configuration file.
Monitoring and Maintaining EIGRP
You can delete neighbors from the neighbor table. You can also display various EIGRP routing statistics. The table given below lists the privileged EXEC commands for deleting neighbors and displaying statistics.
Table 19: IP EIGRP Clear and Show Commands
Command clear ip eigrp neighbors [if-address | interface] show ip eigrp interface [interface] [as number] show ip eigrp neighbors [type-number] show ip eigrp topology [autonomous-system-number] | [[ip-address] mask]]
Purpose Deletes neighbors from the neigh Displays information about interf Displays EIGRP discovered neig Displays the EIGRP topology tab
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 259
Feature History for EIGRP
Configuring EIGRP
Command show ip eigrp traffic [autonomous-system-number]
Purpose
Displays the number of packets sent process.
Feature History for EIGRP
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1 EIGRP
Enhanced IGRP (EIGRP) is a Cisco proprietary enhanced version of the IGRP. EIGRP uses the same distance vector algorithm and distance information as IGRP; however, the convergence properties and the operating efficiency of EIGRP are significantly improved.
Cisco IOS XE Cupertino 17.7.1 EIGRP
Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 260
2 5 C H A P T E R
Configuring EIGRP MIB
· Prerequisites for EIGRP MIB, on page 261 · Restrictions for EIGRP MIB, on page 261 · Information About EIGRP MIB, on page 261 · How to Enable EIGRP MIB Notifications, on page 268 · Configuration Example for Enabling EIGRP MIB Notifications, on page 269 · Additional References for EIGRP MIB, on page 269 · Feature History for EIGRP MIB, on page 270
Prerequisites for EIGRP MIB
· An Enhanced Interior Gateway Routing Protocol (EIGRP) routing process must be enabled and a Simple Network Management Protocol (SNMP) community string must be configured on at least one device for EIGRP MIB table objects to be visible via SNMP.
· Support for EIGRP notifications (traps) is not activated until a trap destination is configured.
Restrictions for EIGRP MIB
EIGRP MIB support was not implemented for the EIGRP Prefix Limit Support feature.
Information About EIGRP MIB
The EIGRP MIB feature provides complete Enhanced Interior Gateway Routing Protocol (EIGRP) support for GET requests and limited notification (also known as trap) support for neighbor authentication failure, neighbor down, and stuck-in-active (SIA) events. This MIB is accessed through remote Simple Network Management Protocol (SNMP) software clients. The EIGRP IPv6 MIB feature enables IPv6 support for the EIGRP MIB.
EIGRP MIB Overview
The EIGRP MIB feature provides MIB support in Cisco software for Enhanced Interior Gateway Routing Protocol (EIGRP) routing processes that run over IPv4 and IPv6. The EIGRP MIB is accessed through remote
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 261
EIGRP Interface Table
Configuring EIGRP MIB
Simple Network Management Protocol (SNMP) software clients. MIB table objects are accessed as read-only through GETBULK, GETINFO, GETMANY, GETONE, and GETNEXT requests. Counters for MIB table objects are cleared when the EIGRP routing process is reset or when the routing table is refreshed when you enter the clear ip route or clear ip eigrp command. Managed objects for all EIGRP routing processes are implemented as five table objects--EIGRP Interface, EIGRP Neighbor, EIGRP Topology, EIGRP Traffic Statistics, and EIGRP VPN--on a per-autonomous-system or per-VPN basis.
EIGRP Interface Table
The EIGRP Interface table contains information and statistics for all interfaces on which the Enhanced Interior Gateway Routing Protocol (EIGRP) has been configured. The objects in this table are populated on a per-interface basis. The table below describes EIGRP Interface table objects and the values that are populated for each object.
Table 20: EIGRP Interface Table Object Descriptions
EIGRP Interface Table Object Description
cEigrpAcksSuppressed
Total number of individual acknowledgment packets that have been suppressed and combined in an already enqueued outbound reliable packet on an interface.
cEigrpAuthKeyChain
The name of the authentication key chain that is configured on the interface. The key chain is a reference to the set of secret keys that need to be accessed to determine the key string that needs to be used.
cEigrpAuthMode
The authentication mode that is configured for traffic that uses the interface. A value of 0 is displayed when no authentication is enabled. A value of 1 is displayed when message digest algorithm 5 (MD5) authentication is enabled.
cEigrpCRpkts
Total number conditional receive (CR) packets sent from the interface.
cEigrpHelloInterval
The configured time interval (in seconds) between hello packet transmissions on the interface.
cEigrpPacingReliable
The configured time interval (in milliseconds) between EIGRP packet transmissions on the interface when the reliable transport is used.
cEigrpPacingUnreliable
The configured time interval (in milliseconds) between EIGRP packet transmissions on the interface when the unreliable transport is used.
cEigrpPeerCount
Total number of neighbor adjacencies formed through the interface.
cEigrpPendingRoutes
Total number of routing updates that are queued for transmission on the interface.
cEigrpMcastExcept
Total number of EIGRP multicast exception transmissions that have occurred on the interface.
cEigrpMeanSrtt
The computed smooth round-trip time (SRTT) for packets that were transmitted to and received from all neighbors on the interface.
cEigrpMFlowTimer
The configured multicast flow control timer value (in milliseconds) for the interface.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 262
Configuring EIGRP MIB
EIGRP Neighbor Table
EIGRP Interface Table Object Description
cEigrpOOSrcvd
Total number of out-of-sequence packets received on the interface.
cEigrpRetranSent
Total number of packet retransmissions sent from the interface.
cEigrpRMcasts
Total number of reliable (acknowledgment required) multicast packets that were transmitted on the interface.
cEigrpRUcasts
Total number of reliable (acknowledgment required) unicast packets that were transmitted on the interface.
cEigrpUMcasts
Total number of unreliable (no acknowledgment required) multicast packets that were transmitted on the interface.
cEigrpUUcasts
Total number of unreliable (no acknowledgment required) unicast packets that were transmitted on the interface.
cEigrpXmitNextSerial
The serial number of the next packet that is queued for transmission on the interface.
cEigrpXmitReliableQ
Total number of packets waiting in the reliable transport transmission queue (acknowledgment required).
cEigrpXmitUnreliableQ
Total number of packets waiting in the unreliable transport transmission queue (no acknowledgment required).
EIGRP Neighbor Table
The EIGRP Neighbor table contains information about Enhanced Interior Gateway Routing Protocol (EIGRP) neighbors with which adjacencies have been established. EIGRP uses a "Hello" protocol to form neighbor relationships with directly connected EIGRP neighbors. The objects in this table are populated on a per-neighbor basis. The table below describes EIGRP Neighbor table objects and the values populated for each object.
Table 21: EIGRP Neighbor Table Object Descriptions
EIGRP Neighbor Table Object Description
cEigrpHoldTime
The hold timer value for an adjacency with a neighbor. If this timer expires, the neighbor is declared down and removed from the neighbor table.
cEigrpLastSeq
The number of the last sequence of a packet transmitted to a neighbor. This table object value increases as the sequence number increases.
cEigrpPeerAddr
The source IP address of a neighbor that was used to establish an EIGRP adjacency with the local device. The source IP address can be an IPv4 or IPv6 address.
cEigrpPeerAddrType
The protocol type of the remote source IP address that was used by a neighbor to establish an EIGRP adjacency with the local device. The protocol type can be IPv4 or IPv6.
cEigrpPeerIfIndex
The index of the local interface through which a neighbor can be reached.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 263
EIGRP Topology Table
Configuring EIGRP MIB
EIGRP Neighbor Table Object Description
cEigrpPeerInterface
The name of the local interface through which a neighbor can be reached.
cEigrpPktsEnqueued
Total number of EIGRP packets (all types) currently queued for transmission to a neighbor.
cEigrpRetrans
Cumulative number of packets retransmitted to a neighbor while the neighbor is in an up state.
cEigrpRetries
Total number of times an unacknowledged packet is sent to a neighbor.
cEigrpRto
The computed retransmission timeout (RTO) for a neighbor. The value for this table object is computed as an aggregate average of the time required for packet delivery.
cEigrpSrtt
The computed smooth round-trip time (SRTT) for packets that are transmitted to and received from a neighbor.
cEigrpUpTime
The period for which the EIGRP adjacency to a neighbor has been in an up state. The time period is displayed in hours:minutes:seconds.
cEigrpVersion
EIGRP version information reported by a remote neighbor.
EIGRP Topology Table
The EIGRP Topology table contains information about Enhanced Interior Gateway Routing Protocol (EIGRP) routes that are received in updates and routes that are locally originated. EIGRP sends routing updates to and receives routing updates from adjacent routers with which adjacencies have been formed. The objects in this table are populated on a per-topology table entry (route) basis. The table below describes EIGRP Topology table objects and the values that are populated for each object.
Table 22: EIGRP Topology Table Object Descriptions
EIGRP Topology Table Object Description
cEigrpActive
Status of routes in the topology table. The value for this table object is displayed on a per-route basis. A value of 1 is displayed when a route is in active state. A value of 2 is displayed when a route is in passive state (normal).
cEigrpDestSuccessors
Total number of successors (a successor is a route that is the next hop to a destination network) for a topology table entry. The topology table will contain a successor for each path to a given destination. This table object value increases each time a successor is added.
cEigrpDistance
The computed distance to the destination network entry from the local router.
cEigrpFdistance
The feasible (best) distance to a destination network. This value is used to calculate a feasible successor for a topology table entry.
cEigrpNextHopAddress
The next-hop IP address for a route in a topology table entry. The next hop can be an IPv4 or IPv6 address.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 264
Configuring EIGRP MIB
EIGRP Traffic Statistics Table
EIGRP Topology Table Object Description
cEigrpNextHopAddressType The protocol type of the next-hop IP address for a route in a topology table entry. The protocol type can be IPv4 or IPv6.
cEigrpNextHopInterface
The interface through which the next-hop IP address is reached to forward traffic to the destination.
cEigrpReportDistance
The computed distance to the destination network in the topology entry as reported by the originator of the route.
cEigrpRouteOriginAddr
The IP address of the router that originated the route in the topology table entry. This table is populated only if the topology table entry was not locally originated. The route origin address can be an IPv4 or IPv6 address.
cEigrpRouteOriginType
The protocol type of the IP address defined as the origin of the topology route entry. The protocol type can be IPv4 or IPv6.
cEigrpStuckInActive
Stuck-in-active (SIA) status of a route. The value for this table object is displayed on a per-route basis. A value of 1 is displayed when a route is in SIA state (that is, no reply has been received for queries about alternate paths). SIA queries are transmitted when a route is placed in this state.
EIGRP Traffic Statistics Table
The EIGRP Traffic Statistics table contains counters and statistics for specific types of Enhanced Interior Gateway Routing Protocol (EIGRP) packets that are sent and the related, collective information that is generated. Objects in this table are populated on a per-autonomous-system basis. Objects in this table are populated for adjacencies that are formed on interfaces that have IP addresses configured under EIGRP network statements. The table below describes EIGRP Traffic Statistics table objects and the values that are populated for each object.
Table 23: EIGRP Traffic Statistics Table Object Descriptions
EIGRP Traffic Statistics Table Description Object
cEigrpAcksRcvd
Total number of acknowledgment packets that are received in response to the transmitted update packets. This table object value increases as packets are received.
cEigrpAcksSent
Total number of acknowledgment packets that are transmitted in response to received update packets. This table object value increases as packets are transmitted.
cEigrpAsRouterId
The configured or automatically selected router ID in IP address format. This table object is updated if the router ID is manually reconfigured or if the IP address that was automatically selected is removed.
cEigrpAsRouterIdType
The type of IP address that is used as the router ID. The value for this table object is an IPv4 address.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 265
EIGRP Traffic Statistics Table
Configuring EIGRP MIB
EIGRP Traffic Statistics Table Description Object
cEigrpInputQDrops
Total number of packets that are dropped from the input queue because the input queue was full. This table object value increases each time a packet is dropped.
cEigrpInputQHighMark
The highest number of packets that have been in the input queue. This table object value increases only when the previous highest number is exceeded.
cEigrpHeadSerial
Internal sequencing number (serial) that is applied to EIGRP topology table routes. Routes are sequenced starting with 1. A value of 0 is displayed when there are no routes in the topology table. The "Head" serial number is applied to the first route in the sequence.
cEigrpHellosRcvd
Total number of received hello packets. This table object value increases as packets are received.
cEigrpHellosSent
Total number of hello packets transmitted. This table object value increases as packets are transmitted.
cEigrpNbrCount
Total number of live neighbors. This table object value increases or decreases as peering sessions are established or expired.
cEigrpNextSerial
Serial number that is applied to the next route in the sequence.
cEigrpQueriesSent
Total number of alternate route query packets that are transmitted. This table object value increases as packets are transmitted.
cEigrpQueriesRcvd
Total number of alternate route query packets that are received. This table object value increases as packets are received.
cEigrpRepliesSent
Total number of reply packets that are transmitted in response to the received query packets. This table object value increases as packets are transmitted.
cEigrpRepliesRcvd
Total number of reply packets that are received in response to transmitted query packets. This table object value increases as packets are received.
cEigrpSiaQueriesSent
Total number of query packets that are sent in response to a destination that is in a stuck-in-active (SIA) state for a down peer. This table object value increases each time an SIA query packet is sent.
cEigrpSiaQueriesRcvd
Total number of SIA query packets that are received from neighbors searching for an alternate path to a destination. This table object value increases each time an SIA query packet is received.
cEigrpTopoRoutes
Total number of EIGRP-derived routes in the topology table. This table object value increases if a route is added.
cEigrpUpdatesRcvd
Total number of routing update packets that are received. This table object value increases as packets are received.
cEigrpUpdatesSent
Total number of routing update packets that are transmitted. This table object value increases as packets are transmitted.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 266
Configuring EIGRP MIB
EIGRP VPN Table
EIGRP Traffic Statistics Table Description Object
cEigrpXmitDummies
Total number of temporary entries in the topology table. Dummies are internal entries and not transmitted in routing updates.
cEigrpXmitPendReplies
Total number of replies expected in response to locally transmitted query packets. This table object contains a value of 0 until a route is placed in an active state.
EIGRP VPN Table
The EIGRP VPN table contains information about VPNs that are configured to run an Enhanced Interior Gateway Routing Protocol (EIGRP) process. Devices index VPN routes by using the VPN name and the EIGRP autonomous system number. The table below describes the EIGRP VPN table object and the value that is populated for that object.
Table 24: EIGRP VPN Table Object Description
EIGRP VPN Table Object cEigrpVpnName
Description
The VPN routing and forwarding (VRF) name. Only VRFs that are configured to run an EIGRP routing process are populated.
EIGRP Notifications
The EIGRP MIB provides limited notification (trap) support for neighbor authentication failure, neighbor down, and stuck-in-active (SIA) events. Use the snmp-server enable traps eigrp command to enable Enhanced Interior Gateway Routing Protocol (EIGRP) notifications or traps on a Cisco device. To activate support for trap events, you must configure a trap destination by using the snmp-server host command and define a community string by using the snmp-server community command. EIGRP notifications are described in the table below.
Table 25: EIGRP Notifications
EIGRP Notifications
Description
cEigrpAuthFailureEvent
When EIGRP message digest algorithm 5 (MD5) authentication is enabled on any interface and neighbor adjacencies are formed, a notification is sent if any adjacency goes down because of an authentication failure. This notification will be sent once per down event. This notification includes the source IP address of the neighbor from which the authentication failure occurred.
cEigrpNbrDownEvent
This notification is sent when a neighbor goes down for any reason, such as hold time expiry, neighbor shutdown, interface shutdown, SIA events, or authentication failure. If a neighbor is down because of an authentication failure, both cEigrpAuthFailureEvent and cEigrpNbrDownEvent notifications are sent.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 267
How to Enable EIGRP MIB Notifications
Configuring EIGRP MIB
EIGRP Notifications
Description
cEigrpRouteStuckInActive During the query phase for a new route to a destination network, the route is placed in active state (during which an alternate path is actively sought) and a query packet is broadcast to the network. If no replies are received for the query, SIA query packets are broadcast. If no replies are received for the SIA queries, the neighbor adjacency is dropped, the route is declared to be in an SIA state, and this notification is sent.
How to Enable EIGRP MIB Notifications
Perform this task to specify a Simple Network Management Protocol (SNMP) server host, configure an SNMP community access string, and enable Enhanced Interior Gateway Routing Protocol (EIGRP) MIB notifications.
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device>enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device#configure terminal
snmp-server host {hostname | ip-address} Specifies the destination server host or [traps | informs | version {1 | 2c | 3 [auth | destination address for SNMP notifications. noauth | priv]}] community-string [udp-port port] [notification-type]
Example:
Step 4
Device(config)#snmp-server host 10.0.0.1 traps version 2c NETMANAGER
snmp-server community string Example:
Device(config)#snmp-server community EIGRP1NET1A
Configures a community access string to permit SNMP access to the local router by the remote SNMP software client.
Note
Cisco software supports both IPv4
and IPv6.
Step 5
snmp-server enable traps [notification-type] Enables SNMP support for EIGRP notifications.
Example:
Notifications can be configured for only
neighbor authentication failure, neighbor down,
Device(config)#snmp-server enable traps and stuck-in-active (SIA) events.
eigrp
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 268
Configuring EIGRP MIB
Configuration Example for Enabling EIGRP MIB Notifications
Step 6 Step 7
Command or Action end Example:
Purpose
Exits global configuration mode and returns to privileged EXEC mode.
Device(config)#end
show running-config
Displays contents of the current running
Example:
configuration file.
Use the output modifier "|" to display and verify
Device#show running-config | include snmp the SNMP configuration.
Configuration Example for Enabling EIGRP MIB Notifications
The following example shows how to specify a Simple Network Management Protocol (SNMP) server host, configure an SNMP community string, and enable support for Enhanced Interior Gateway Routing Protocol (EIGRP) notifications:
Device(config)#snmp-server host 10.0.0.2 traps version 2c NETMANAGER eigrp Device(config)#snmp-server community EIGRP1NET1A Device(config)#snmp-server enable traps eigrp
The following sample output from the show running-config command displays the EIGRP MIB configuration:
Device#show running-config | include snmp
snmp-server community EIGRP1NET1A snmp-server enable traps eigrp snmp-server host 10.0.0.2 version 2c NETMANAGER eigrp
Additional References for EIGRP MIB
Related Documents Related Topic EIGRP commands Basic EIGRP configuration tasks
SNMP commands SNMP configuration tasks
Document Title
EIGRP Command Reference
"Configuring EIGRP" module in the EIGRP Configuration Guide
SNMP Support Command Reference
"Configuring SNMP Support" module in the SNMP Configuration Guide
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 269
Feature History for EIGRP MIB
Configuring EIGRP MIB
Standards and RFCs Standard/RFC Title RFC 1213 Management Information Base for Network Management of TCP/IP-based Internet: MIB-II
Feature History for EIGRP MIB
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Amsterdam 17.3.1 EIGRP MIB
The EIGRP MIB feature provides complete Enhanced Interior Gateway Routing Protocol (EIGRP) support for GET requests and limited notification (also known as trap) support for neighbor authentication failure, neighbor down, and stuck-in-active (SIA) events.
Cisco IOS XE Cupertino 17.7.1 EIGRP MIB
Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 270
2 6 C H A P T E R
Configuring EIGRP Wide Metrics
· Information About EIGRP Wide Metrics, on page 271 · Feature History for EIGRP Wide Metrics, on page 274
Information About EIGRP Wide Metrics
The EIGRP Wide Metrics feature supports 64-bit metric calculations and Routing Information Base (RIB) scaling in Enhanced Interior Gateway Routing Protocol (EIGRP) topologies. The 64-bit calculations work only in EIGRP named mode configurations. EIGRP classic mode configurations use 32-bit calculations. This module provides an overview of the EIGRP Wide Metrics feature.
EIGRP Composite Cost Metrics
EIGRP uses bandwidth, delay, reliability, load, and K values (various constants that can be configured by a user to produce varying routing behaviors) to calculate the composite cost metric for local Routing Information Base (RIB) installation and route selections. The EIGRP composite cost metric is calculated using the following formula:
EIGRP composite cost metric = 256*((K1*Scaled Bw) + (K2*Scaled Bw)/(256 Load) + (K3*Scaled Delay)*(K5/(Reliability + K4)))
EIGRP uses one or more vector metrics to calculate the composite cost metric. The table below lists EIGRP vector metrics and their descriptions.
Table 26: EIGRP Vector Metrics
Vector Metric Description
bandwidth
The minimum bandwidth (Bw) of the route, in kilobits per second. It can be 0 or any positive integer. The bandwidth for the formula is scaled and inverted by using the following formula:
Scaled Bw = (107/minimum bandwidth (Bw) in kilobits per second)
delay
Route delay, in tens of microseconds. Scaled Delay = (Delay/10)
load
The effective load of the route, expressed as a number from 0 to 255 (255 is 100 percent
loading).
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 271
EIGRP Wide Metrics
Configuring EIGRP Wide Metrics
Vector Metric Description
mtu
The minimum maximum transmission unit (MTU) size of the route, in bytes. It can be 0 or
any positive integer.
reliability
The likelihood of successful packet transmission, expressed as a number between 0 and 255, where 255 means 100 percent reliability and 0 means no reliability.
EIGRP monitors metric weights, by using K values, on an interface to allow the tuning of EIGRP metric calculations and to indicate the type of service (ToS). K values are integers from 0 to 128; these integers, in conjunction with variables like bandwidth and delay, are used to calculate the overall EIGRP composite cost metric. The table below lists the K values and their defaults.
Table 27: EIGRP K-Value Defaults
Setting Default Value K1 1 K2 0 K3 1 K4 0 K5 0
Although you can configure K values to produce varying routing behaviors, most configurations use only the delay and bandwidth metrics by default, with bandwidth taking precedence, to produce a single 32-bit metric. Use of the default constants effectively reduces the above-mentioned composite cost metric formula to the following default formula: 256*(Scaled Bw + Scaled Delay).
For example, let us consider a link whose bandwidth to a particular destination is 128 kb/s and the delay is 84,000 microseconds. By using the default formula, you can simplify the EIGRP composite cost metric calculation to 256*(Scaled Bw + Scaled Delay), thus resulting in the following value:
Metric = 256*(107/128 + 84000/10) = 256*86525 = 22150400
EIGRP Wide Metrics
The EIGRP composite cost metric (calculated using the bandwidth, delay, reliability, load, and K values) is not scaled correctly for high-bandwidth interfaces or Ethernet channels, resulting in incorrect or inconsistent routing behavior. The lowest delay that can be configured for an interface is 10 microseconds. As a result, high-speed interfaces, such as 10 Gigabit Ethernet (GE) interfaces, or high-speed interfaces channeled together (GE ether channel) will appear to EIGRP as a single GE interface. This may cause undesirable equal-cost load balancing. To resolve this issue, the EIGRP Wide Metrics feature supports 64-bit metric calculations and Routing Information Base (RIB) scaling that provides the ability to support interfaces (either directly or via channeling techniques like port channels or ether channels) up to approximately 4.2 terabits.
Note The 64-bit metric calculations work only in EIGRP named mode configurations. EIGRP classic mode uses 32-bit metric calculations.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 272
Configuring EIGRP Wide Metrics
EIGRP Metric Weights
To accommodate interfaces with bandwidths above 1 gigabit and up to 4.2 terabits and to allow EIGRP to perform path selections, the EIGRP composite cost metric formula is modified. The paths are selected based on the computed time. The time that information takes to travel through links are measured in picoseconds. The interfaces can be directly capable of these high speeds, or the interfaces can be bundles of links with an aggregate bandwidth greater than 1 gigabit.
Metric = [(K1*Minimum Throughput + {K2*Minimum Throughput} / 256-Load) + (K3*Total Latency) + (K6*Extended Attributes)]* [K5/(K4 + Reliability)]
Default K values are as follows:
· K1 = K3 = 1
· K2 = K4 = K5 = 0
· K6 = 0
The EIGRP Wide Metrics feature also introduces K6 as an additional K value for future use.
By default, the path selection scheme that is used by EIGRP is a combination of throughput (rate of data transfer) and latency (time that is taken for data transfer), and the formula for calculating the composite cost metric is as follows:
Composite Cost Metric = (K1*Minimum Throughput) + (K3*Total Latency) Minimum Throughput = (107* 65536)/Bw), where 65536 is the wide-scale constant.
Total Latency for bandwidths below 1 gigabit = (Delay*65536)/10, where 65536 is the wide-scale constant. Total Latency for bandwidths above 1 gigabit = (107* 65536/10)/ Bw, 65536 is the wide-scale constant.
With the calculation of larger bandwidths, EIGRP can no longer fit the computed metric into a 4-byte unsigned long value that is needed by the Cisco RIB. To set the RIB scaling factor for EIGRP, use the metric rib-scale command. When you configure the metric rib-scale command, all EIGRP routes in the RIB are cleared and replaced with the new metric values.
EIGRP Metric Weights
You can use the metric weights command to adjust the default behavior of EIGRP routing and metric computations. EIGRP metric defaults (K values) have been carefully selected to provide optimal performance in most networks.
Note Adjusting EIGRP metric weights can dramatically affect network performance. Because of the complexity of this task, we recommend that you do not change the default K values without guidance from an experienced network designer.
By default, the EIGRP composite cost metric is a 32-bit quantity that is the sum of segment delays and the lowest segment bandwidth (scaled and inverted) for a given route. The formula that is used to scale and invert the bandwidth value is 107/minimum bandwidth in kilobits per second. However, with the EIGRP Wide Metrics feature, the EIGRP composite cost metric is scaled to include 64-bit metric calculations for EIGRP named mode configurations.
For a network of homogeneous media, this metric reduces to a hop count. For a network of mixed media (FDDI, Gigabit Ethernet (GE), and serial lines running from 9600 bits per second to T1 rates), the route with the lowest metric reflects the most desirable path to a destination.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 273
Mismatched K Values
Configuring EIGRP Wide Metrics
Mismatched K Values
EIGRP K values are the metrics that EIGRP uses to calculate routes. Mismatched K values can prevent neighbor relationships from being established and can negatively impact network convergence. The example that is given below explains this behavior between two EIGRP peers (Device-A and Device-B).
The following configuration is applied to Device-A. The K values are changed using the metric weights command. A value of 2 is entered for the k1 argument to adjust the bandwidth calculation. A value of 1 is entered for the k3 argument to adjust the delay calculation.
Device(config)#hostname Device-A Device-A(config)#interface serial 0 Device-A(config-if)#ip address 10.1.1.1 255.255.255.0 Device-A(config-if)#exit Device-A(config)#router eigrp name1 Device-A(config-router)#address-family ipv4 autonomous-system 4533 Device-A(config-router-af)#network 10.1.1.0 0.0.0.255 Device-A(config-router-af)#metric weights 0 2 0 1 0 0 1
The following configuration is applied to Device-B, and the default K values are used. The default K values are 1, 0, 1, 0, 0, and 0.
Device(config)#hostname Device-B Device-B(config)#interface serial 0 Device-B(config-if)#ip address 10.1.1.2 255.255.255.0 Device-B(config-if)#exit Device-B(config)#router eigrp name1 Device-B(config-router)#address-family ipv4 autonomous-system 4533 Device-B(config-router-af)#network 10.1.1.0 0.0.0.255 Device-B(config-router-af)#metric weights 0 1 0 1 0 0 0
The bandwidth calculation is set to 2 on Device-A and set to 1 (by default) on Device-B. This configuration prevents these peers from forming a neighbor relationship.
The following error message is displayed on the console of Device-B because the K values are mismatched:
*Apr 26 13:48:41.811: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.1.1.1 (Ethernet0/0) is down: K-value mismatch
The following are two scenarios where the above error message can be displayed:
· Two devices are connected on the same link and configured to establish a neighbor relationship. However, each device is configured with different K values.
· One of two peers has transmitted a "peer-termination" message (a message that is broadcast when an EIGRP routing process is shut down), and the receiving device does not support this message. The receiving device will interpret this message as a K-value mismatch.
Feature History for EIGRP Wide Metrics
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 274
Configuring EIGRP Wide Metrics
Feature History for EIGRP Wide Metrics
Release
Feature
Cisco IOS XE Amsterdam 17.3.1 EIGRP Wide Metrics
Cisco IOS XE Cupertino 17.7.1 EIGRP Wide Metrics
Feature Information
The EIGRP Wide Metrics feature supports 64-bit metric calculations and Routing Information Base (RIB) scaling in Enhanced Interior Gateway Routing Protocol (EIGRP) topologies.
Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 275
Feature History for EIGRP Wide Metrics
Configuring EIGRP Wide Metrics
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 276
2 7 C H A P T E R
Configuring EIGRP Loop-Free Alternate IP Fast Reroute
The Enhanced Interior Gateway Routing Protocol Loop-Free Alternate IP Fast Reroute feature allows the EIGRP to reduce the routing transition time to less than 50 ms by precomputing repair paths or backup routes and installing these paths or routes in the routing information base (RIB). Fast Reroute (FRR) is the mechanism that enables traffic that traverses a failed link to be rerouted around the failure. In EIGRP networks, precomputed backup routes or repair paths are known as feasible successors or LFAs. This module describes how to configure the EIGRP Loop-Free Alternate Fast Reroute feature and enable load-sharing and tie-breaking configurations for the feasible successors or Loop-Free Alternates (LFAs) that are identified by EIGRP.
· Restrictions for EIGRP Loop-Free Alternate IP Fast Reroute, on page 277 · Information About EIGRP Loop-Free Alternate IP Fast Reroute, on page 278 · How to Configure EIGRP Loop-Free Alternate IP Fast Reroute, on page 279 · Configuration Examples for EIGRP Loop-Free Alternate IP Fast Reroute, on page 282 · Feature History for EIGRP Loop-Free Alternate IP Fast Reroute, on page 284
Restrictions for EIGRP Loop-Free Alternate IP Fast Reroute
· This feature is not supported on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2). · IPv6 Loop-Free Alternate (LFA) IP Fast Reroute (FRR) is not supported. · LFA IP FRR is not supported with primary path or backup path as Multiprotocol Label Switching (MPLS). · LFA IP FRR is not supported with primary path or backup path as Equal-Cost Multipath (ECMP). · LFA IP FRR is only available in network-advantage license level. · Generic Routing Encapsulation (GRE) tunnel as primary path is not supported. · The convergence time may be higher in cases of high CPU utilization. · The convergence time is dependent on the primary link status detection. Therefore, if the physical link
goes down, in cases of logical interfaces such as Switched Virtual interface (SVI) and port channels, the convergence time is expected to be higher.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 277
Information About EIGRP Loop-Free Alternate IP Fast Reroute
Configuring EIGRP Loop-Free Alternate IP Fast Reroute
Information About EIGRP Loop-Free Alternate IP Fast Reroute
The following sections provide detailed information about EIGRP loop-free alternate IP fast reroute.
Repair Paths Overview
When a link or a device fails, distributed routing algorithms compute new routes or repair paths. The time that is taken for this computation is called routing transition. Until the transition is complete and all the devices are converged on a common view of the network, the connectivity between the source and destination pairs of devices is interrupted. Repair paths forward traffic during a routing transition.
When a link or a device fails, initially, only the neighboring devices are aware of the failure. All the other devices in the network are unaware of the nature and location of this failure until information about this failure is propagated through the routing protocol. The propagation of this information may take several hundred milliseconds. Meanwhile, packets that are affected by the network failure need to be steered to their destinations. A device adjacent to the failed link employs a set of repair paths for packets that would have used the failed link. These repair paths are used from the time the device detects the failure until the routing transition is complete. By the time the routing transition is complete, all the devices in the network revise their forwarding data, and the failed link is eliminated from the routing computation. Routing protocols precompute repair paths in anticipation of failures so that the repair paths can be activated the moment a failure is detected. In EIGRP networks, precomputed repair paths or backup routes are known as feasible successors or LFAs.
LFA Computation
An LFA is a precomputed next-hop route that delivers a packet to its destination without looping back. Traffic is redirected to an LFA after a network failure, and the LFA makes the forwarding decision without any knowledge of the failure.
Interior Gateway Protocols (IGPs) compute LFAs in the following ways:
· Per-link (link-based) computation: In link-based LFAs, all the prefixes (networks) that are reachable through the primary (protected) link share the same backup information. This means that the whole set of prefixes sharing the primary link also shares the repair or the Fast Reroute (FRR) ability. The per-link approach protects only the next-hop address. It need not necessarily protect the destination node. Therefore, the per-link approach is suboptimal and not the best approach for capacity planning because all traffic from the primary link is redirected to the next hop instead of being spread over multiple paths. Redirecting all traffic to the next hop may lead to congestion on the link to the next hop.
· Per-prefix (prefix-based) computation: Prefix-based LFAs allow computing backup information per prefix (network) and protect the destination address. The per-prefix approach is preferred over the per-link approach because of its greater applicability and better bandwidth utilization. Per-prefix computations provide better load sharing and better protection coverage than per-link computations because per-prefix computations evaluate all possible LFAs and use tie-breakers to select the best LFA from among the available LFAs.
Note The repair or backup information that is computed for a primary path by using prefix-based LFAs may be different from that computed by using link-based LFAs.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 278
Configuring EIGRP Loop-Free Alternate IP Fast Reroute
LFA Tie-Breaking Rules
EIGRP always computes prefix-based LFAs. EIGRP uses the Diffusing Update Algorithm (DUAL) to calculate the successor and feasible successors. EIGRP uses the successor as the primary path and feasible successors as repair paths or LFAs.
LFA Tie-Breaking Rules
When there are multiple candidate LFAs for a given primary path, EIGRP uses a tie-breaking rule to select one LFA per primary path per prefix. A tie-breaking rule considers LFAs that satisfy certain conditions or have certain attributes. EIGRP uses the following four attributes to implement tie-breaking rules:
· Interface-disjoint: Eliminates LFAs that share the outgoing interface with the protected path.
· Linecard-disjoint: Eliminates LFAs that share the line card with the protected path.
· Lowest-repair-path-metric: Eliminates LFAs whose metric to the protected prefix is high. Multiple LFAs with the same lowest path metric may remain in the routing table after this tie-breaker is applied.
· Shared Risk Link Group-disjoint: Eliminates LFAs that belong to any of the protected path Shared Risk Link Groups (SRLGs). SRLGs refer to situations where links in a network share a common fiber (or a common physical attribute). If one link fails, other links in the group may also fail. Therefore, links in a group share risks.
How to Configure EIGRP Loop-Free Alternate IP Fast Reroute
The following sections provide information about the various tasks that comprise the configuration of EIGRP loop-free alternate IP fast reroute.
Configuring LFA IP FRRs Per Prefix
Perform this task to configure LFA IP FRRs per prefix in an EIGRP network. You can enable LFAs for all the available prefixes in the EIGRP topology, or for prefixes specified by route maps.
Procedure
Step 1
Command or Action enable Example:
Device> enable
Step 2
configure terminal Example:
Device# configure terminal
Step 3
router eigrp virtual-name Example:
Device(config)# router eigrp name
Purpose Enables privileged EXEC mode. Enter your password, if prompted.
Enters global configuration mode.
Configures an EIGRP routing process and enters router configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 279
Disabling Load Sharing Among Prefixes
Configuring EIGRP Loop-Free Alternate IP Fast Reroute
Step 4 Step 5 Step 6 Step 7 Step 8
Command or Action
address-family ipv4 autonomous-system autonomous-system-number
Example:
Device(config-router)# address-family ipv4 autonomous-system 1
Purpose
Enters IPv4 VRF address family configuration mode and configures an EIGRP routing instance.
topology base
Configures a base EIGRP topology and enters
Example:
router address family topology configuration mode.
Device(config-router-af)# topology base
fast-reroute per-prefix {all | route-map route-map-name}
Example:
Device(config-router-af-topology)# fast-reroute per-prefix all
Enables IP FRR for all the prefixes in the topology.
Enter the route-map keyword to enable IP FRR on prefixes specified by a route map.
end Example:
Device(config-router-af-topology)# end
Exits router address family topology configuration mode and returns to privileged EXEC mode.
show ip eigrp topology frr Example:
Device# show ip eigrp topology frr
Displays the list of configured LFAs in the EIGRP topology table.
Disabling Load Sharing Among Prefixes
When the primary path is an Equal Cost Multipath (ECMP) path with multiple LFAs, prefixes (networks) are distributed equally among the LFAs because the default behavior for ECMP paths is load sharing. However, you can control the selection of LFAs by enabling tie-breaking configurations. Perform this task to disable load sharing among prefixes.
To disable load sharing among prefixes, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Device> enable
Step 2
configure terminal Example:
Device# configure terminal
Purpose Enables privileged EXEC mode. Enter your password, if prompted.
Enters global configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 280
Configuring EIGRP Loop-Free Alternate IP Fast Reroute
Enabling Tie-Breaking Rules for EIGRP LFAs
Step 3 Step 4
Step 5 Step 6 Step 7 Step 8
Command or Action router eigrp virtual-name Example:
Device(config)# router eigrp name
Purpose
Configures an EIGRP routing process and enters router configuration mode.
address-family ipv4 autonomous-system autonomous-system-number
Example:
Device(config-router)# address-family ipv4 autonomous-system 1
Enters IPv4 VRF address family configuration mode and configures an EIGRP routing instance.
topology base
Configures a base EIGRP topology and enters
Example:
router address family topology configuration mode.
Device(config-router-af)# topology base
fast-reroute load-sharing disable
Example:
Device(config-router-af-topology)# fast-reroute load-sharing disable
Disables load sharing among prefixes.
end Example:
Device(config-router-af-topology)# end
Exits router address family topology configuration mode and returns to privileged EXEC mode.
show ip eigrp topology frr Example:
Device# show ip eigrp topology frr
Displays the list of configured feasible successors or LFAs in the EIGRP topology table.
Enabling Tie-Breaking Rules for EIGRP LFAs
Perform this task to enable tie-breaking rules to select a single LFA when there are multiple LFAs for a given primary path. The EIGRP allows you to use four attributes to configure tie-breaking rules. Each of the following keywords of the fast-reroute tie-break command allows you to configure a tie-breaking rule based on a specific attribute--interface-disjoint, linecard-disjoint, lowest-backup-path-metric, and srlg-disjoint. You can assign a priority value for each attribute. Tie-breaking rules are applied on the basis of the priority that is assigned to each attribute. The lower the assigned priority value, the higher the priority of the tie-breaking attribute.
Procedure
Step 1
Command or Action enable Example:
Device> enable
Purpose Enables privileged EXEC mode. Enter your password, if prompted.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 281
Configuration Examples for EIGRP Loop-Free Alternate IP Fast Reroute
Configuring EIGRP Loop-Free Alternate IP Fast Reroute
Step 2 Step 3 Step 4 Step 5 Step 6
Step 7 Step 8
Command or Action configure terminal Example:
Device# configure terminal
Purpose Enters global configuration mode.
router eigrp virtual-name Example:
Device(config)# router eigrp name
Configures an EIGRP routing process and enters router configuration mode.
address-family ipv4 autonomous-system autonomous-system-number
Example:
Device(config-router)# address-family ipv4 autonomous-system 1
Enters IPv4 VRF address family configuration mode and configures an EIGRP routing instance.
topology base
Configures a base EIGRP topology and enters
Example:
router address family topology configuration mode.
Device(config-router-af)# topology base
fast-reroute tie-break {interface-disjoint | Enables EIGRP to select an LFA by configuring
linecard-disjoint | lowest-backup-path-metric a tie-breaking attribute and assigning a priority
| srlg-disjoint} priority-number
to that attribute.
Example:
Device(config-router-af-topology)# fast-reroute tie-break lowest-backup-path-metric 2
Note
You cannot configure an attribute more than once in an address family.
end Example:
Device(config-router-af-topology)# end
Exits router address family topology configuration mode and returns to privileged EXEC mode.
show ip eigrp topology frr Example:
Device# show ip eigrp topology frr
Displays the list of configured feasible successors or LFAs in the EIGRP topology table.
Configuration Examples for EIGRP Loop-Free Alternate IP Fast Reroute
The following sections provide various examples of the EIGRP loop-free alternate IP fast reroute configuration.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 282
Configuring EIGRP Loop-Free Alternate IP Fast Reroute
Example: Configuring LFA IP FRRs Per Prefix
Example: Configuring LFA IP FRRs Per Prefix
The following example shows how to configure EIGRP LFA IP FRRs for prefixes specified by the route map named map1:
Device> enable Device# configure terminal Device(config)# router eigrp name Device(config-router)# address-family ipv4 autonomous-system 1 Device(config-router-af)# topology base Device(config-router-af-topology)# fast-reroute per-prefix route-map map1 Device(config-router-af-topology)# end
Example: Disabling Load Sharing Among Prefixes
The following example shows how disable load sharing among prefixes:
Device> enable Device# configure terminal Device(config)# router eigrp name Device(config-router)# address-family ipv4 autonomous-system 1 Device(config-router-af)# topology base Device(config-router-af-topology)# fast-reroute load-sharing disable Device(config-router-af-topology)# end
Example: Enabling Tie-Breaking Rules
The following examples show how to enable tie-breaking configurations to allow the EIGRP to select an LFA when there are multiple candidate LFAs for a given primary path.
The following example shows how to enable the tie-breaking rule that eliminates LFAs that share the outgoing interface with the primary path:
Device> enable Device# configure terminal Device(config)# router eigrp name Device(config-router)# address-family ipv4 autonomous-system 1 Device(config-router-af)# topology base Device(config-router-af-topology)# fast-reroute tie-break interface-disjoint 2 Device(config-router-af-topology)# end
The following example shows how to enable the tie-breaking rule that eliminates LFAs that share the linecard with the primary path:
Device> enable Device# configure terminal Device(config)# router eigrp name Device(config-router)# address-family ipv4 autonomous-system 1 Device(config-router-af)# topology base Device(config-router-af-topology)# fast-reroute tie-break linecard-disjoint 3 Device(config-router-af-topology)# end
The following example shows how to enable the tie-breaking rule that selects the LFA with the lowest metric:
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 283
Feature History for EIGRP Loop-Free Alternate IP Fast Reroute
Configuring EIGRP Loop-Free Alternate IP Fast Reroute
Device> enable Device# configure terminal Device(config)# router eigrp name Device(config-router)# address-family ipv4 autonomous-system 1 Device(config-router-af)# topology base Device(config-router-af-topology)# fast-reroute tie-break lowest-backup-path-metric 4 Device(config-router-af-topology)# end
The following example shows how to enable the tie-breaking rule that eliminates LFAs that share SRLGs with the primary path:
Device> enable Device# configure terminal Device(config)# router eigrp name Device(config-router)# address-family ipv4 autonomous-system 1 Device(config-router-af)# topology base Device(config-router-af-topology)# fast-reroute tie-break srlg-disjoint 1 Device(config-router-af-topology)# end
Feature History for EIGRP Loop-Free Alternate IP Fast Reroute
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Amsterdam 17.3.1
EIGRP Loop-Free Alternate IP Fast The EIGRP Loop-Free Alternate
Reroute
IP Fast Reroute feature allows the
EIGRP to reduce the routing
transition time to less than 50 ms
by precomputing repair paths or
backup routes and installing these
paths or routes in the RIB. In
EIGRP networks, the precomputed
backup routes are known as feasible
successors or LFAs.
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 284
2 8 C H A P T E R
Configuring BGP
· Restrictions for BGP, on page 285 · Information About BGP, on page 285 · How to Configure BGP, on page 297 · Configuration Examples for BGP, on page 337 · Monitoring and Maintaining BGP, on page 339 · Feature History for Border Gateway Protocol, on page 340
Restrictions for BGP
The BGP hold time must always be configured higher than the Graceful Restart hold time on a device, even with Graceful Restart disabled. A peer device with an unsupported hold time can establish a session with a device through an open message, but once Graceful Restart is enabled the session will flap.
Information About BGP
The Border Gateway Protocol (BGP) is an exterior gateway protocol that is used to set up an interdomain routing system that guarantees the loop-free exchange of routing information between autonomous systems. Autonomous systems are made up of routers that operate under the same administration and that run Interior Gateway Protocols (IGPs), such as RIP or OSPF, within their boundaries and that interconnect by using an Exterior Gateway Protocol (EGP). BGP Version 4 is the standard EGP for interdomain routing in the Internet. The protocol is defined in RFCs 1163, 1267, and 1771.
BGP Network Topology
Routers that belong to the same autonomous system (AS) and that exchange BGP updates run internal BGP (IBGP), and routers that belong to different autonomous systems and that exchange BGP updates run external BGP (EBGP). Most configuration commands are the same for configuring EBGP and IBGP. The difference is that the routing updates are exchanged either between autonomous systems (EBGP) or within an AS (IBGP). The figure given below shows a network that is running both EBGP and IBGP.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 285
BGP Network Topology Figure 14: EBGP, IBGP, and Multiple Autonomous Systems
Configuring BGP
Before exchanging information with an external AS, BGP ensures that networks within the AS can be reached by defining internal BGP peering among routers within the AS and by redistributing BGP routing information to IGPs that run within the AS, such as IGRP and OSPF.
Routers that run a BGP routing process are often referred to as BGP speakers. BGP uses the Transmission Control Protocol (TCP) as its transport protocol (specifically port 179). Two BGP speakers that have a TCP connection to each other for exchanging routing information are known as peers or neighbors. In the above figure, Routers A and B are BGP peers, as are Routers B and C and Routers C and D. The routing information is a series of AS numbers that describe the full path to the destination network. BGP uses this information to construct a loop-free map of autonomous systems.
The network has these characteristics:
· Routers A and B are running EBGP, and Routers B and C are running IBGP. Note that the EBGP peers are directly connected and that the IBGP peers are not. As long as there is an IGP running that allows the two neighbors to reach one another, IBGP peers do not have to be directly connected.
· All BGP speakers within an AS must establish a peer relationship with each other. That is, the BGP speakers within an AS must be fully meshed logically. BGP4 provides two techniques that reduce the requirement for a logical full mesh: confederations and route reflectors.
· AS 200 is a transit AS for AS 100 and AS 300--that is, AS 200 is used to transfer packets between AS 100 and AS 300.
BGP peers initially exchange their full BGP routing tables and then send only incremental updates. BGP peers also exchange keepalive messages (to ensure that the connection is up) and notification messages (in response to errors or special conditions).
In BGP, each route consists of a network number, a list of autonomous systems that information has passed through (the autonomous system path), and a list of other path attributes. The primary function of a BGP system is to exchange network reachability information, including information about the list of AS paths, with other BGP systems. This information can be used to determine AS connectivity, to prune routing loops, and to enforce AS-level policy decisions.
A router or device running Cisco IOS does not select or use an IBGP route unless it has a route available to the next-hop router and it has received synchronization from an IGP (unless IGP synchronization is disabled). When multiple routes are available, BGP bases its path selection on attribute values. See the "Configuring BGP Decision Attributes" section for information about BGP attributes.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 286
Configuring BGP
Nonstop Forwarding Awareness
BGP Version 4 supports classless interdomain routing (CIDR) so you can reduce the size of your routing tables by creating aggregate routes, resulting in supernets. CIDR eliminates the concept of network classes within BGP and supports the advertising of IP prefixes.
Nonstop Forwarding Awareness
To enable this feature with BGP routing, you need to enable Graceful Restart. When the neighboring router is NSF-capable, and this feature is enabled, the Layer 3 device continues to forward packets from the neighboring router, during the interval when the primary Route Processor (RP) in a device is failing and the backup RP is taking over, or while the primary RP is manually reloaded for a nondisruptive software upgrade.
Information About BGP Routing
To enable BGP routing, you establish a BGP routing process and define the local network. Because BGP must completely recognize the relationships with its neighbors, you must also specify a BGP neighbor.
BGP supports two kinds of neighbors: internal and external. Internal neighbors are in the same AS; external neighbors are in different autonomous systems. External neighbors are usually adjacent to each other and share a subnet, but internal neighbors can be anywhere in the same AS.
The switch supports the use of private AS numbers, usually assigned by service providers and given to systems whose routes are not advertised to external neighbors. The private AS numbers are from 64512 to 65535. You can configure external neighbors to remove private AS numbers from the AS path by using the neighbor remove-private-as router configuration command. Then when an update is passed to an external neighbor, if the AS path includes private AS numbers, these numbers are dropped.
If your AS will be passing traffic through it from another AS to a third AS, it is important to be consistent about the routes it advertises. If BGP advertised a route before all routers in the network had learned about the route through the IGP, the AS might receive traffic that some routers could not yet route. To prevent this from happening, BGP must wait until the IGP has propagated information across the AS so that BGP is synchronized with the IGP. Synchronization is enabled by default. If your AS does not pass traffic from one AS to another AS, or if all routers in your autonomous systems are running BGP, you can disable synchronization, which allows your network to carry fewer routes in the IGP and allows BGP to converge more quickly.
Routing Policy Changes
Routing policies for a peer include all the configurations that might affect inbound or outbound routing table updates. When you have defined two routers as BGP neighbors, they form a BGP connection and exchange routing information. If you later change a BGP filter, weight, distance, version, or timer, or make a similar configuration change, you must reset the BGP sessions so that the configuration changes take effect.
There are two types of reset, hard reset and soft reset. Cisco IOS Releases 12.1 and later support a soft reset without any prior configuration. To use a soft reset without preconfiguration, both BGP peers must support the soft route refresh capability, which is advertised in the OPEN message sent when the peers establish a TCP session. A soft reset allows the dynamic exchange of route refresh requests and routing information between BGP routers and the subsequent re-advertisement of the respective outbound routing table.
· When soft reset generates inbound updates from a neighbor, it is called dynamic inbound soft reset.
· When soft reset sends a set of updates to a neighbor, it is called outbound soft reset.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 287
BGP Decision Attributes
Configuring BGP
A soft inbound reset causes the new inbound policy to take effect. A soft outbound reset causes the new local outbound policy to take effect without resetting the BGP session. As a new set of updates is sent during outbound policy reset, a new inbound policy can also take effect.
The table that is given below lists the advantages and disadvantages hard reset and soft reset.
Table 28: Advantages and Disadvantages of Hard and Soft Resets
Type of Reset
Advantages
Disadvantages
Hard reset
No memory overhead
The prefixes in the BGP, IP, and FIB ta provided by the neighbor are lost. Not recommended.
Outbound soft reset
No configuration, no storing of routing table updates
Does not reset inbound routing table u
Dynamic inbound soft reset Does not clear the BGP session and cache
Does not require storing of routing table updates and has no memory overhead
Both BGP routers must support the rou capability (in Cisco IOS Release 12.1
BGP Decision Attributes
When a BGP speaker receives updates from multiple autonomous systems that describe different paths to the same destination, it must choose the single best path for reaching that destination. When chosen, the selected path is entered into the BGP routing table and propagated to its neighbors. The decision is based on the value of attributes that the update contains and other BGP-configurable factors.
When a BGP peer learns two EBGP paths for a prefix from a neighboring AS, it chooses the best path and inserts that path in the IP routing table. If BGP multipath support is enabled and the EBGP paths are learned from the same neighboring autonomous systems, instead of a single best path, multiple paths are installed in the IP routing table. Then, during packet switching, per-packet or per-destination load-balancing is performed among the multiple paths. The maximum-paths router configuration command controls the number of paths allowed.
These factors summarize the order in which BGP evaluates the attributes for choosing the best path:
1. If the path specifies a next hop that is inaccessible, drop the update. The BGP next-hop attribute, automatically determined by the software, is the IP address of the next hop that is going to be used to reach a destination. For EBGP, this is usually the IP address of the neighbor that is specified by the neighbor remote-as router configuration command. You can disable next-hop processing by using route maps or the neighbor next-hop-self router configuration command.
2. Prefer the path with the largest weight (a Cisco proprietary parameter). The weight attribute is local to the router and not propagated in routing updates. By default, the weight attribute is 32768 for paths that the router originates and zero for other paths. Routes with the largest weight are preferred. You can use access lists, route maps, or the neighbor weight router configuration command to set weights.
3. Prefer the route with the highest local preference. Local preference is part of the routing update and exchanged among routers in the same AS. The default value of the local preference attribute is 100. You can set local preference by using the bgp default local-preference router configuration command or by using a route map.
4. Prefer the route that was originated by BGP running on the local router.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 288
Configuring BGP
Route Maps
5. Prefer the route with the shortest AS path.
6. Prefer the route with the lowest origin type. An interior route or IGP is lower than a route learned by EGP, and an EGP-learned route is lower than one of unknown origin or learned in another way.
7. Prefer the route with the lowest multi-exit discriminator (MED) metric attribute if the neighboring AS is the same for all routes considered. You can configure the MED by using route maps or by using the default-metric router configuration command. When an update is sent to an IBGP peer, the MED is included.
8. Prefer the external (EBGP) path over the internal (IBGP) path.
9. Prefer the route that can be reached through the closest IGP neighbor (the lowest IGP metric). This means that the router will prefer the shortest internal path within the AS to reach the destination (the shortest path to the BGP next-hop).
10. If the following conditions are all true, insert the route for this path into the IP routing table:
· Both the best route and this route are external.
· Both the best route and this route are from the same neighboring autonomous system.
· Maximum-paths is enabled.
11. If multipath is not enabled, prefer the route with the lowest IP address value for the BGP router ID. The router ID is usually the highest IP address on the router or the loopback (virtual) address, but might be implementation-specific.
Route Maps
Within BGP, route maps can be used to control and to modify routing information and to define the conditions by which routes are redistributed between routing domains. Each route map has a name that identifies the route map (map tag) and an optional sequence number.
BGP Filtering
You can filter BGP advertisements by using AS-path filters, such as the as-path access-list global configuration command and the neighbor filter-list router configuration command. You can also use access lists with the neighbor distribute-list router configuration command. Distribute-list filters are applied to network numbers. See the "Controlling Advertising and Processing in Routing Updates" section for information about the distribute-list command.
You can use route maps on a per-neighbor basis to filter updates and to modify various attributes. A route map can be applied to either inbound or outbound updates. Only the routes that pass the route map are sent or accepted in updates. On both inbound and outbound updates, matching is supported based on AS path, community, and network numbers. Autonomous system path matching requires the match as-path access-list route-map command, community based matching requires the match community-list route-map command, and network-based matching requires the ip access-list global configuration command.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 289
Prefix List for BGP Filtering
Configuring BGP
Prefix List for BGP Filtering
You can use prefix lists as an alternative to access lists in many BGP route filtering commands, including the neighbor distribute-list router configuration command. The advantages of using prefix lists include performance improvements in loading and lookup of large lists, incremental update support, easier CLI configuration, and greater flexibility.
Filtering by a prefix list involves matching the prefixes of routes with those listed in the prefix list, as when matching access lists. When there is a match, the route is used. Whether a prefix is permitted or denied is based upon these rules:
· An empty prefix list permits all prefixes.
· An implicit deny is assumed if a given prefix does not match any entries in a prefix list.
· When multiple entries of a prefix list match a given prefix, the sequence number of a prefix list entry identifies the entry with the lowest sequence number.
By default, sequence numbers are generated automatically and incremented in units of five. If you disable the automatic generation of sequence numbers, you must specify the sequence number for each entry. You can specify sequence values in any increment. If you specify increments of one, you cannot insert additional entries into the list; if you choose large increments, you might run out of values.
BGP Community Filtering
One way that BGP controls the distribution of routing information based on the value of the COMMUNITIES attribute. The attribute is a way to groups destinations into communities and to apply routing decisions based on the communities. This method simplifies configuration of a BGP speaker to control distribution of routing information.
A community is a group of destinations that share some common attribute. Each destination can belong to multiple communities. AS administrators can define to which communities a destination belongs. By default, all destinations belong to the general Internet community. The community is identified by the COMMUNITIES attribute, an optional, transitive, global attribute in the numerical range from 1 to 4294967200. These are some predefined, well-known communities:
· internet--Advertise this route to the Internet community. All routers belong to it.
· no-export--Do not advertise this route to EBGP peers.
· no-advertise--Do not advertise this route to any peer (internal or external).
· local-as--Do not advertise this route to peers outside the local autonomous system.
Based on the community, you can control which routing information to accept, prefer, or distribute to other neighbors. A BGP speaker can set, append, or modify the community of a route when learning, advertising, or redistributing routes. When routes are aggregated, the resulting aggregate has a COMMUNITIES attribute that contains all communities from all the initial routes.
You can use community lists to create groups of communities to use in a match clause of a route map. As with an access list, a series of community lists can be created. Statements are checked until a match is found. As soon as one statement is satisfied, the test is concluded.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 290
Configuring BGP
BGP Neighbors and Peer Groups
BGP Neighbors and Peer Groups
Often many BGP neighbors are configured with the same update policies (that is, the same outbound route maps, distribute lists, filter lists, update source, and so on). Neighbors with the same update policies can be grouped into peer groups to simplify configuration and to make updating more efficient. When you have configured many peers, we recommend this approach.
To configure a BGP peer group, you create the peer group, assign options to the peer group, and add neighbors as peer group members. You configure the peer group by using the neighbor router configuration commands. By default, peer group members inherit all the configuration options of the peer group, including the remote-as (if configured), version, update-source, out-route-map, out-filter-list, out-dist-list, minimum-advertisement-interval, and next-hop-self. All peer group members also inherit changes that are made to the peer group. Members can also be configured to override the options that do not affect outbound updates.
Aggregate Routes
Classless interdomain routing (CIDR) enables you to create aggregate routes (or supernets) to minimize the size of routing tables. You can configure aggregate routes in BGP either by redistributing an aggregate route into BGP or by creating an aggregate entry in the BGP routing table. An aggregate address is added to the BGP table when there is at least one more specific entry in the BGP table.
Routing Domain Confederations
One way to reduce the IBGP mesh is to divide an autonomous system into multiple subautonomous systems and to group them into a single confederation that appears as a single autonomous system. Each autonomous system is fully meshed within itself and has a few connections to other autonomous systems in the same confederation. Even though the peers in different autonomous systems have EBGP sessions, they exchange routing information as if they were IBGP peers. Specifically, the next hop, MED, and local preference information are preserved. You can then use a single IGP for all of the autonomous systems.
BGP Route Reflectors
BGP requires that all of the IBGP speakers be fully meshed. When a router receives a route from an external neighbor, it must advertise it to all internal neighbors. To prevent a routing information loop, all IBPG speakers must be connected. The internal neighbors do not send routes that are learned from internal neighbors to other internal neighbors.
With route reflectors, all IBGP speakers need not be fully meshed because another method is used to pass learned routes to neighbors. When you configure an internal BGP peer to be a route reflector, it is responsible for passing IBGP learned routes to a set of IBGP neighbors. The internal peers of the route reflector are divided into two groups: client peers and nonclient peers (all the other routers in the autonomous system). A route reflector reflects routes between these two groups. The route reflector and its client peers form a cluster. The nonclient peers must be fully meshed with each other, but the client peers need not be fully meshed. The clients in the cluster do not communicate with IBGP speakers outside their cluster.
When the route reflector receives an advertised route, it takes one of these actions, depending on the neighbor:
· A route from an external BGP speaker is advertised to all clients and nonclient peers.
· A route from a nonclient peer is advertised to all clients.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 291
Route Dampening
Configuring BGP
· A route from a client is advertised to all clients and nonclient peers. Hence, the clients need not be fully meshed.
Usually a cluster of clients has a single route reflector, and the cluster is identified by the route reflector router ID. To increase redundancy and to avoid a single point of failure, a cluster might have more than one route reflector. In this case, all route reflectors in the cluster must be configured with the same 4-byte cluster ID so that a route reflector can recognize updates from route reflectors in the same cluster. All the route reflectors serving a cluster should be fully meshed and should have identical sets of client and nonclient peers.
Route Dampening
Route flap dampening is a BGP feature designed to minimize the propagation of flapping routes across an internetwork. A route is considered to be flapping when it is repeatedly available, then unavailable, then available, then unavailable, and so on. When route dampening is enabled, a numeric penalty value is assigned to a route when it flaps. When a route's accumulated penalties reach a configurable limit, BGP suppresses advertisements of the route, even if the route is running. The reuse limit is a configurable value that is compared with the penalty. If the penalty is less than the reuse limit, a suppressed route that is up is advertised again.
Dampening is not applied to routes that are learned by IBGP. This policy prevents the IBGP peers from having a higher penalty for routes external to the AS.
Conditional BGP Route Injection
Routes that are advertised through the BGP are commonly aggregated to minimize the number of routes that are used and reduce the size of global routing tables. However, common route aggregation can obscure more specific routing information that is more accurate but not necessary to forward packets to their destinations. Routing accuracy is obscured by common route aggregation because a prefix that represents multiple addresses or hosts over a large topological area cannot be accurately reflected in a single route. Cisco software provides several methods by which you can originate a prefix into BGP. Prior to the BGP conditional route injection feature, the existing methods included redistribution and using the network or aggregate-address command. However, these methods assume the existence of more specific routing information (matching the route to be originated) in either the routing table or the BGP table.
BGP conditional route injection allows you to originate a prefix into a BGP routing table without the corresponding match. This feature allows more specific routes to be generated based on administrative policy or traffic engineering information in order to provide more specific control over the forwarding of packets to these more specific routes, which are injected into the BGP routing table only if the configured conditions are met. Enabling this feature will allow you to improve the accuracy of common route aggregation by conditionally injecting or replacing less specific prefixes with more specific prefixes. Only prefixes that are equal to or more specific than the original prefix may be injected. BGP conditional route injection is enabled with the bgp inject-map exist-mapcommand and uses two route maps (inject map and exist map) to install one (or more) more specific prefixes into a BGP routing table. The exist map specifies the prefixes that the BGP speaker will track. The inject map defines the prefixes that will be created and installed into the local BGP table.
Note Inject maps and exist maps will only match a single prefix per route map clause. To inject additional prefixes, you must configure additional route map clauses. If multiple prefixes are used, the first prefix that is matched will be used.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 292
Configuring BGP
BGP Peer Templates
BGP Peer Templates
To address some of the limitations of peer groups such as configuration management, BGP peer templates were introduced to support the BGP update group configuration.
A peer template is a configuration pattern that can be applied to neighbors that share policies. Peer templates are reusable and support inheritance, which allows the network operator to group and apply distinct neighbor configurations for BGP neighbors that share policies. Peer templates also allow the network operator to define complex configuration patterns through the capability of a peer template to inherit a configuration from another peer template.
There are two types of peer templates:
· Peer session templates are used to group and apply the configuration of general session commands that are common to all address family and NLRI configuration modes.
· Peer policy templates are used to group and apply the configuration of commands that are applied within specific address families and NLRI configuration modes.
Peer templates improve the flexibility and enhance the capability of neighbor configuration. Peer templates also provide an alternative to peer group configuration and overcome some limitations of peer groups. BGP peer devices using peer templates also benefit from automatic update group configuration. With the configuration of the BGP peer templates and the support of the BGP dynamic update peer groups, the network operator no longer must configure peer groups in BGP and the network can benefit from improved configuration flexibility and faster convergence.
Note A BGP neighbor cannot be configured to work with both peer groups and peer templates. A BGP neighbor can be configured to belong only to a peer group or to inherit policies from peer templates.
The following restrictions apply to the peer policy templates:
· A peer policy template can directly or indirectly inherit up to eight peer policy templates.
· A BGP neighbor cannot be configured to work with both peer groups and peer templates. A BGP neighbor can be configured to belong only to a peer group or to inherit policies only from peer templates.
Inheritance in Peer Templates
The inheritance capability is a key component of peer template operation. Inheritance in a peer template is similar to node and tree structures that are commonly found in general computing, for example, file and directory trees. A peer template can directly or indirectly inherit the configuration from another peer template. The directly inherited peer template represents the tree in the structure. The indirectly inherited peer template represents a node in the tree. Because each node also supports inheritance, branches can be created that apply the configurations of all indirectly inherited peer templates within a chain back to the directly inherited peer template or the source of the tree.
This structure eliminates the need to repeat configuration statements that are commonly reapplied to groups of neighbors because common configuration statements can be applied once and then indirectly inherited by peer templates that are applied to neighbor groups with common configurations. Configuration statements that are duplicated separately within a node and a tree are filtered out at the source of the tree by the directly
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 293
Peer Session Templates
Configuring BGP
inherited template. A directly inherited template overwrites any indirectly inherited statements that are duplicated in the directly inherited template.
Inheritance expands the scalability and flexibility of neighbor configuration by allowing you to chain together peer templates configurations to create simple configurations that inherit common configuration statements or complex configurations that apply specific configuration statements along with common inherited configurations. Specific details about configuring inheritance in peer session templates and peer policy templates are provided in the following sections.
When BGP neighbors use inherited peer templates, it can be difficult to determine which policies are associated with a specific template. The detail keyword of the show ip bgp template peer-policy command displays the detailed configuration of local and inherited policies that are associated with a specific template.
Peer Session Templates
Peer session templates are used to group and apply the configuration of general session commands to groups of neighbors that share session configuration elements. General session commands that are common for neighbors that are configured in different address families can be configured within the same peer session template. Peer session templates are created and configured in peer session configuration mode. Only general session commands can be configured in a peer session template. The following general session commands are supported by peer session templates:
· description
· disable-connected-check
· ebgp-multihop
· exit peer-session
· inherit peer-session
· local-as
· password
· remote-as
· shutdown
· timers
· translate-update
· update-source
· version
General session commands can be configured once in a peer session template and then applied to many neighbors through the direct application of a peer session template or through indirect inheritance from a peer session template. The configuration of peer session templates simplifies the configuration of general session commands that are commonly applied to all neighbors within an autonomous system.
Peer session templates support direct and indirect inheritance. A peer can be configured with only one peer session template at a time, and that peer session template can contain only one indirectly inherited peer session template.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 294
Configuring BGP
Peer Policy Templates
Note If you attempt to configure more than one inherit statement with a single peer session template, an error message will be displayed.
This behavior allows a BGP neighbor to directly inherit only one session template and indirectly inherit up to seven additional peer session templates. This allows you to apply up to a maximum of eight peer session configurations to a neighbor: the configuration from the directly inherited peer session template and the configurations from up to seven indirectly inherited peer session templates. Inherited peer session configurations are evaluated first and applied starting with the last node in the branch and ending with the directly applied peer session template configuration at the source of the tree. The directly applied peer session template will have priority over inherited peer session template configurations. Any configuration statements that are duplicated in inherited peer session templates will be overwritten by the directly applied peer session template. So, if a general session command is reapplied with a different value, the subsequent value will have priority and overwrite the previous value that was configured in the indirectly inherited template. The following examples illustrate the use of this feature. In the following example, the general session command remote-as 1 is applied in the peer session template named SESSION-TEMPLATE-ONE:
template peer-session SESSION-TEMPLATE-ONE remote-as 1 exit peer-session
Peer session templates support only general session commands. BGP policy configuration commands that are configured only for a specific address family or NLRI configuration mode are configured with peer policy templates.
Peer Policy Templates
Peer policy templates are used to group and apply the configuration of commands that are applied within specific address families and NLRI configuration mode. Peer policy templates are created and configured in peer policy configuration mode. BGP policy commands that are configured for specific address families are configured in a peer policy template. The following BGP policy commands are supported by peer policy templates:
· advertisement-interval
· allowas-in
· as-override
· capability
· default-originate
· distribute-list
· dmzlink-bw
· exit-peer-policy
· filter-list
· inherit peer-policy
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 295
BGP Route Map Next Hop Self
Configuring BGP
· maximum-prefix
· next-hop-self
· next-hop-unchanged
· prefix-list
· remove-private-as
· route-map
· route-reflector-client
· send-community
· send-label
· soft-reconfiguration
· unsuppress-map
· weight
Peer policy templates are used to configure BGP policy commands that are configured for neighbors that belong to specific address families. Like peer session templates, peer policy templates are configured once and then applied to many neighbors through the direct application of a peer policy template or through inheritance from peer policy templates. The configuration of peer policy templates simplifies the configuration of BGP policy commands that are applied to all neighbors within an autonomous system.
Like a peer session template, a peer policy template supports inheritance. However, there are minor differences. A directly applied peer policy template can directly or indirectly inherit configurations from up to seven peer policy templates. So, a total of eight peer policy templates can be applied to a neighbor or neighbor group. Like route maps, inherited peer policy templates are configured with sequence numbers. Also like a route map, an inherited peer policy template is evaluated starting with the inherit peer-policy statement with the lowest sequence number and ending with the highest sequence number. However, there is a difference; a peer policy template will not collapse like a route map. Every sequence is evaluated, and if a BGP policy command is reapplied with a different value, it will overwrite any previous value from a lower sequence number.
The directly applied peer policy template and the inherit peer-policy statement with the highest sequence number will always have priority and be applied last. Commands that are reapplied in subsequent peer templates will always overwrite the previous values. This behavior is designed to allow you to apply common policy configurations to large neighbor groups and specific policy configurations only to certain neighbors and neighbor groups without duplicating individual policy configuration commands.
Peer policy templates support only policy configuration commands. BGP policy configuration commands that are configured only for specific address families are configured with peer policy templates.
The configuration of peer policy templates simplifies and improves the flexibility of BGP configuration. A specific policy can be configured once and referenced many times. Because a peer policy supports up to eight levels of inheritance, very specific and very complex BGP policies can also be created.
BGP Route Map Next Hop Self
The BGP Route Map Next Hop Self feature provides a way to override the settings for bgp next-hop unchanged and bgp next-hop unchanged allpath selectively. These settings are global for an address family. For some routes this may not be appropriate. For example, static routes may need to be redistributed with a next hop of
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 296
Configuring BGP
How to Configure BGP
self, but connected routes and routes learned via Interior Border Gateway Protocol (IBGP) or Exterior Border Gateway Protocol (EBGP) may continue to be redistributed with an unchanged next hop.
The BGP route map next hop self functionality modifies the existing route map infrastructure to configure a new ip next-hop self setting, which overrides the bgp next-hop unchanged and bgp next-hop unchanged allpaths settings.
The ip next-hop self setting is applicable only to VPNv4 and VPNv6 address families. Routes distributed by protocols other than BGP are not affected.
You configure a new bgp route-map priority setting to inform BGP that the route map will take priority over the settings for bgp next-hop unchanged and bgp next-hop unchanged allpath. The bgp route-map priority setting only impacts BGP. The bgp route-map priority setting has no impact unless you configure the bgp next-hop unchanged or bgp next-hop unchanged allpaths settings.
How to Configure BGP
The following sections provide configurational information about BGP.
Default BGP Configuration
The table given below shows the basic default BGP configuration.
Table 29: Default BGP Configuration
Feature Aggregate address AS path access list Auto summary Best path
Default Setting Disabled: None defined. None defined. Disabled.
· The router considers as-path in choosing a route and does not compare s from external BGP peers.
· Compare router ID: Disabled.
BGP community list
· Number: None defined. When you permit a value for the community num defaults to an implicit deny for everything else that has not been permitte
· Format: Cisco default format (32-bit number).
BGP confederation identifier/peers
· Identifier: None configured. · Peers: None identified.
BGP Fast external fallover BGP local preference BGP network
Enabled. 100. The range is 0 to 4294967295 with the higher value preferred. None specified; no backdoor route advertised.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 297
Default BGP Configuration
Configuring BGP
Feature BGP route dampening
Default Setting Disabled by default. When enabled:
· Half-life is 15 minutes. · Re-use is 750 (10-second increments). · Suppress is 2000 (10-second increments). · Max-suppress-time is 4 times half-life; 60 minutes.
BGP router ID
The IP address of a loopback interface if one is configured or the highest IP address c for a physical interface on the router.
Default information originate (protocol Disabled. or network redistribution)
Default metric
Built-in, automatic metric translations.
Distance
· External route administrative distance: 20 (acceptable values are from 1 to 2 · Internal route administrative distance: 200 (acceptable values are from 1 to 2 · Local route administrative distance: 200 (acceptable values are from 1 to 25
Distribute list
· In (filter networks received in updates): Disabled. · Out (suppress networks from being advertised in updates): Disabled.
Internal route redistribution IP prefix list Multi exit discriminator (MED)
Disabled.
None defined.
· Always compare: Disabled. Does not compare MEDs for paths from neighb different autonomous systems.
· Best path compare: Disabled. · MED missing as worst path: Disabled. · Deterministic MED comparison is disabled.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 298
Configuring BGP
Default BGP Configuration
Feature Neighbor
Default Setting · Advertisement interval: 30 seconds for external peers; 5 seconds for inte · Change logging: Enabled. · Conditional advertisement: Disabled. · Default originate: No default route is sent to the neighbor. · Description: None. · Distribute list: None defined. · External BGP multihop: Only directly connected neighbors are allowed. · Filter list: None used. · Maximum number of prefixes received: No limit. · Next hop (router as next hop for BGP neighbor): Disabled. · Password: Disabled. · Peer group: None defined; no members assigned. · Prefix list: None specified. · Remote AS (add entry to neighbor BGP table): No peers defined. · Private AS number removal: Disabled. · Route maps: None applied to a peer. · Send community attributes: None sent to neighbors. · Shutdown or soft reconfiguration: Not enabled. · Timers: keepalive: 60 seconds; holdtime: 180 seconds. · Update source: Best local address. · Version: BGP Version 4. · Weight: Routes learned through BGP peer: 0; routes sourced by the local r
NSF1 Awareness
Disabled2. If enabled, allows Layer 3 switches to continue forwarding packet neighboring NSF-capable router during hardware or software changes.
Route reflector
None configured.
Synchronization (BGP and IGP)
Disabled.
Table map update
Disabled.
Timers
Keepalive: 60 seconds; holdtime: 180 seconds.
1 Nonstop Forwarding 2 NSF Awareness can be enabled for IPv4 on switches with the license by enabling Graceful Restart.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 299
Enabling BGP Routing
Configuring BGP
Enabling BGP Routing
Procedure Step 1
Command or Action enable Example:
Step 2
Device> enable
configure terminal Example:
Device# configure terminal
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Enters global configuration mode.
Step 3 Step 4 Step 5 Step 6
Step 7
ip routing Example:
Enables IP routing.
Device(config)# ip routing
router bgp autonomous-system Example:
Device(config)# router bgp 45000
Enables a BGP routing process, assign it an AS number, and enter router configuration mode. The AS number can be from 1 to 65535, with 64512 to 65535 designated as private autonomous numbers.
network network-number [mask
Configures a network as local to this AS, and
network-mask] [route-map route-map-name] enter it in the BGP table.
Example:
Device(config-router)# network 10.108.0.0
neighbor {ip-address | peer-group-name} remote-as number Example:
Device(config-router)# neighbor 10.108.1.2 remote-as 65200
neighbor {ip-address | peer-group-name} remove-private-as Example:
Adds an entry to the BGP neighbor table specifying that the neighbor that is identified by the IP address belongs to the specified AS.
For EBGP, neighbors are usually directly connected, and the IP address is the address of the interface at the other end of the connection.
For IBGP, the IP address can be the address of any of the router interfaces.
(Optional) Removes private AS numbers from the AS-path in outbound routing updates.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 300
Configuring BGP
Enabling BGP Routing
Step 8 Step 9 Step 10 Step 11 Step 12 Step 13
Step 14
Command or Action
Purpose
Device(config-router)# neighbor 172.16.2.33 remove-private-as
synchronization Example:
(Optional) Enables synchronization between BGP and an IGP.
Device(config-router)# synchronization
auto-summary Example:
Device(config-router)# auto-summary
(Optional) Enables automatic network summarization. When a subnet is redistributed from an IGP into BGP, only the network route is inserted into the BGP table.
bgp graceful-restart Example:
(Optional) Enables NSF awareness on switch. By default, NSF awareness is disabled.
Device(config-router)# bgp graceful-start
end Example:
Returns to privileged EXEC mode.
Device(config-router)# end
show ip bgp network network-number Example:
Verifies the configuration.
Device# show ip bgp network 10.108.0.0
show ip bgp neighbor Example:
Device# show ip bgp neighbor
Verifies that NSF awareness (Graceful Restart) is enabled on the neighbor. If NSF awareness is enabled on the switch and the neighbor, this message appears: Graceful Restart Capability: advertised and received
If NSF awareness is enabled on the switch, but not on the neighbor, this message appears: Graceful Restart Capability: advertised.
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device# copy running-config startup-config
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 301
Managing Routing Policy Changes
Configuring BGP
Managing Routing Policy Changes
To learn if a BGP peer supports the route refresh capability and to reset the BGP session:
Procedure
Step 1
Command or Action show ip bgp neighbors Example:
Device# show ip bgp neighbors
Purpose
Displays whether a neighbor supports the route refresh capability. When supported, this message appears for the router:
Received route refresh capability from peer.
Step 2
clear ip bgp {* | address | peer-group-name} Example:
Device# clear ip bgp *
Resets the routing table on the specified connection.
· Enter an asterisk (*) to specify that all connections be reset.
· Enter an IP address to specify the connection to be reset.
· Enter a peer group name to reset the peer group.
Step 3
clear ip bgp {* | address | peer-group-name} soft out
Example:
(Optional) Performs an outbound soft reset to reset the inbound routing table on the specified connection. Use this command if route refresh is supported.
Device# clear ip bgp * soft out
· Enter an asterisk (*) to specify that all connections be reset.
· Enter an IP address to specify the connection to be reset.
· Enter a peer group name to reset the peer group.
Step 4
show ip bgp Example:
Verifies the reset by checking information about the routing table and about BGP neighbors.
Step 5
Device# show ip bgp
show ip bgp neighbors Example:
Verifies the reset by checking information about the routing table and about BGP neighbors.
Device# show ip bgp neighbors
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 302
Configuring BGP
Configuring BGP Decision Attributes
Configuring BGP Decision Attributes
To configure BGP decision attributes, perform this procedure:
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Device# configure terminal
Step 3 Step 4 Step 5 Step 6 Step 7
router bgp autonomous-system Example:
Device(config)# router bgp 4500
bgp best-path as-path ignore Example:
Enables a BGP routing process, assign it an AS number, and enter router configuration mode.
(Optional) Configures the router to ignore AS path length in selecting a route.
Device(config-router)# bgp bestpath as-path ignore
neighbor {ip-address | peer-group-name} next-hop-self
Example:
(Optional) Disables next-hop processing on BGP updates to a neighbor by entering a specific IP address to be used instead of the next-hop address.
Device(config-router)# neighbor 10.108.1.1 next-hop-self
neighbor {ip-address | peer-group-name} weight weight Example:
Device(config-router)# neighbor 172.16.12.1 weight 50
(Optional) Assign a weight to a neighbor connection. Acceptable values are from 0 to 65535; the largest weight is the preferred route. Routes that are learned through another BGP peer have a default weight of 0; routes that are sourced by the local router have a default weight of 32768.
default-metric number Example:
Device(config-router)# default-metric 300
(Optional) Sets a MED metric to set preferred paths to external neighbors. All routes without a MED will also be set to this value. The range is 1 to 4294967295. The lowest value is the most desirable.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 303
Configuring BGP Decision Attributes
Configuring BGP
Step 8 Step 9 Step 10 Step 11 Step 12 Step 13
Step 14
Command or Action
Purpose
bgp bestpath med missing-as-worst
(Optional) Configures the switch to consider
Example:
a missing MED as having a value of infinity, making the path without a MED value the least
desirable path.
Device(config-router)# bgp bestpath med
missing-as-worst
bgp always-compare med Example:
Device(config-router)# bgp always-compare-med
(Optional) Configures the switch to compare MEDs for paths from neighbors in different autonomous systems. By default, MED comparison is only done among paths in the same AS.
bgp bestpath med confed
(Optional) Configures the switch to consider
Example:
the MED in choosing a path from among those advertised by different subautonomous systems
within a confederation.
Device(config-router)# bgp bestpath med
confed
bgp deterministic med
(Optional) Configures the switch to consider
Example:
the MED variable when choosing among routes advertised by different peers in the same
AS.
Device(config-router)# bgp deterministic
med
bgp default local-preference value Example:
Device(config-router)# bgp default local-preference 200
(Optional) Change the default local preference value. The range is 0 to 4294967295; the default value is 100. The highest local preference value is preferred.
maximum-paths number
(Optional) Configures the number of paths to
Example:
be added to the IP routing table. The default is to only enter the best path in the routing
table. The range is from 1 to 16. Having Device(config-router)# maximum-paths 8 multiple paths allows load-balancing among
the paths. (Although the switch software allows
a maximum of 32 equal-cost routes, the switch
hardware will never use more than 16 paths
per route.)
end Example:
Returns to privileged EXEC mode.
Device(config)# end
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 304
Configuring BGP
Configuring BGP Filtering with Route Maps
Step 15 Step 16 Step 17
Command or Action show ip bgp Example:
Device# show ip bgp
show ip bgp neighbors Example:
Device# show ip bgp neighbors
copy running-config startup-config Example:
Device# copy running-config startup-config
Purpose Verifies the reset by checking information about the routing table and about BGP neighbors.
Verifies the reset by checking information about the routing table and about BGP neighbors.
(Optional) Saves your entries in the configuration file.
Configuring BGP Filtering with Route Maps
To configure BGP filtering with route maps, perform the following procedure:
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Device# configure terminal
Step 3 Step 4
route-map map-tag [permit | deny] [sequence-number] Example:
Device(config)# route-map set-peer-address permit 10
set ip next-hop ip-address [...ip-address] [peer-address] Example:
Creates a route map, and enter route-map configuration mode.
(Optional) Sets a route map to disable next-hop processing
· In an inbound route map, set the next hop of matching routes to be the neighbor
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 305
Configuring BGP Filtering by Neighbor
Configuring BGP
Step 5
Command or Action
Purpose
Device(config)# set ip next-hop 10.1.1.3
peering address, overriding third-party next hops.
· In an outbound route map of a BGP peer, set the next hop to the peering address of the local router, disabling the next-hop calculation.
end Example:
Returns to privileged EXEC mode.
Device(config)# end
Step 6 Step 7
show route-map [map-name] Example:
Device# show route-map
copy running-config startup-config Example:
Device# copy running-config startup-config
Displays all route maps configured or only the one specified to verify configuration.
(Optional) Saves your entries in the configuration file.
Configuring BGP Filtering by Neighbor
To configure BGP filter by neighbor, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Device# configure terminal
Step 3
router bgp autonomous-system Example:
Enables a BGP routing process, assign it an AS number, and enter router configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 306
Configuring BGP
Configuring BGP Filtering by Access Lists and Neighbors
Step 4 Step 5 Step 6
Command or Action
Purpose
Device(config)# router bgp 109
neighbor {ip-address | peer-group name} distribute-list {access-list-number | name} {in | out} Example:
Device(config-router)# neighbor 172.16.4.1 distribute-list 39 in
(Optional) Filters BGP routing updates to or from neighbors as specified in an access list.
Note
You can also use the neighbor
prefix-list router configuration
command to filter updates, but
you cannot use both commands to
configure the same BGP peer.
neighbor {ip-address | peer-group name} route-map map-tag {in | out}
Example:
(Optional) Applies a route map to filter an incoming or outgoing route.
Device(config-router)# neighbor 172.16.70.24 route-map internal-map in
end Example:
Returns to privileged EXEC mode.
Device(config)# end
Step 7 Step 8
show ip bgp neighbors Example:
Device# show ip bgp neighbors
copy running-config startup-config Example:
Device# copy running-config startup-config
Verifies the configuration.
(Optional) Saves your entries in the configuration file.
Configuring BGP Filtering by Access Lists and Neighbors
Another method of filtering is to specify an access list filter on both incoming and outbound updates, based on the BGP autonomous system paths. Each filter is an access list based on regular expressions. To use this method, define an autonomous system path access list, and apply it to updates to and from particular neighbors.
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 307
Configuring BGP Filtering by Access Lists and Neighbors
Configuring BGP
Step 2
Command or Action
Device> enable
configure terminal Example:
Device# configure terminal
Purpose Enters global configuration mode.
Step 3 Step 4 Step 5 Step 6
ip as-path access-list access-list-number {permit | deny} as-regular-expressions
Example:
Defines a BGP-related access list.
Device(config)# ip as-path access-list 1 deny _65535_
router bgp autonomous-system Example:
Enters BGP router configuration mode.
Device(config)# router bgp 110
neighbor {ip-address | peer-group name} Establishes a BGP filter based on an access list. filter-list {access-list-number | name} {in | out | weight weight}
Example:
Device(config-router)# neighbor 172.16.1.1 filter-list 1 out
end Example:
Returns to privileged EXEC mode.
Device(config)# end
Step 7 Step 8
show ip bgp neighbors [paths regular-expression] Example:
Device# show ip bgp neighbors
copy running-config startup-config Example:
Device# copy running-config startup-config
Verifies the configuration.
(Optional) Saves your entries in the configuration file.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 308
Configuring BGP
Configuring Prefix Lists for BGP Filtering
Configuring Prefix Lists for BGP Filtering
You do not need to specify a sequence number when removing a configuration entry. Show commands include the sequence numbers in their output. Before using a prefix list in a command, you must set up the prefix list. To configure prefix list for BGP filtering, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Device# configure terminal
Step 3
Step 4 Step 5
ip prefix-list list-name [seq seq-value] deny | Creates a prefix list with an optional sequence
permit network/len [ge ge-value] [le le-value] number to deny or permit access for matching
Example:
conditions. You must enter at least one permit or deny clause.
Device(config)# ip prefix-list BLUE permit 172.16.1.0/24
· network/len is the network number and length (in bits) of the network mask.
· (Optional) ge and le values specify the range of the prefix length to be matched. The specified ge-value and le-value must satisfy this condition: len < ge-value < le-value < 32
ip prefix-list list-name seq seq-value deny | (Optional) Adds an entry to a prefix list, and permit network/len [ge ge-value] [le le-value] assign a sequence number to the entry.
Example:
Device(config)# ip prefix-list BLUE seq 10 permit 172.24.1.0/24
end Example:
Returns to privileged EXEC mode.
Device(config)# end
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 309
Configuring BGP Community Filtering
Configuring BGP
Step 6 Step 7
Command or Action
Purpose
show ip prefix list [detail | summary] name Verifies the configuration by displaying
[network/len] [seq seq-num] [longer]
information about a prefix list or prefix list
[first-match]
entries.
Example:
Device# show ip prefix list summary test
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device# copy running-config startup-config
Configuring BGP Community Filtering
By default, no COMMUNITIES attribute is sent to a neighbor. You can specify that the COMMUNITIES attribute be sent to the neighbor at an IP address by using the neighbor send-community router configuration command.
To configure BGP community filter, perform this procedure:
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Device# configure terminal
Step 3
ip community-list community-list-number {permit | deny} community-number Example:
Device(config)# ip community-list 1 permit 50000:10
Creates a community list, and assigns it a number.
· The community-list-number is an integer from 1 to 99 that identifies one or more permit or deny groups of communities.
· The community-number is the number that is configured by a set community route-map configuration command.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 310
Configuring BGP
Configuring BGP Community Filtering
Step 4 Step 5 Step 6 Step 7 Step 8
Step 9 Step 10 Step 11
Command or Action router bgp autonomous-system Example:
Purpose Enters BGP router configuration mode.
Device(config)# router bgp 108
neighbor {ip-address | peer-group name} send-community Example:
Specifies that the COMMUNITIES attribute be sent to the neighbor at this IP address.
Device(config-router)# neighbor 172.16.70.23 send-community
set comm-list list-num delete Example:
Device(config-router)# set comm-list 500 delete
exit Example:
(Optional) Removes communities from the community attribute of an inbound or outbound update that match a standard or extended community list that is specified by a route map.
Returns to global configuration mode.
Device(config-router)# end
ip bgp-community new-format Example:
Device(config)# ip bgp-community new format
(Optional) Displays and parses BGP communities in the format AA:NN.
A BGP community is displayed in a two-part format 2 bytes long. The Cisco default community format is in the format NNAA. In the most recent RFC for BGP, a community takes the form AA:NN, where the first part is the AS number and the second part is a 2-byte number.
end Example:
Returns to privileged EXEC mode.
Device(config)# end
show ip bgp community Example:
Device# show ip bgp community
copy running-config startup-config Example:
Device# copy running-config
Verifies the configuration.
(Optional) Saves your entries in the configuration file.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 311
Configuring BGP Neighbors and Peer Groups
Configuring BGP
Command or Action
startup-config
Purpose
Configuring BGP Neighbors and Peer Groups
To assign configuration options to an individual neighbor, specify any of these router configuration commands by using the neighbor IP address. To assign the options to a peer group, specify any of the commands by using the peer group name. You can disable a BGP peer or peer group without removing all the configuration information by using the neighbor shutdown router configuration command.
To configure BGP neighbors and peer groups, perform this procedure:
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Device# configure terminal
Step 3 Step 4 Step 5 Step 6
Step 7 Step 8
Step 9
router bgp autonomous-system neighbor peer-group-name peer-group neighbor ip-address peer-group peer-group-name neighbor {ip-address | peer-group-name} remote-as number
neighbor {ip-address | peer-group-name} description text neighbor {ip-address | peer-group-name} default-originate [route-map map-name]
neighbor {ip-address | peer-group-name} send-community
Enters BGP router configuration mode.
Creates a BGP peer group.
Makes a BGP neighbor a member of the peer group.
Specifies a BGP neighbor. If a peer group is not configured with a remote-as number, use this command to create peer groups containing EBGP neighbors. The range is 1 to 65535.
(Optional) Associates a description with a neighbor.
(Optional) Allows a BGP speaker (the local router) to send the default route 0.0.0.0 to a neighbor for use as a default route.
(Optional) Specifies that the COMMUNITIES attribute be sent to the neighbor at this IP address.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 312
Configuring BGP
Configuring BGP Neighbors and Peer Groups
Step 10 Step 11
Step 12 Step 13 Step 14
Step 15 Step 16 Step 17 Step 18 Step 19
Command or Action neighbor {ip-address | peer-group-name} update-source interface
neighbor {ip-address | peer-group-name} ebgp-multihop
neighbor {ip-address | peer-group-name} local-as number neighbor {ip-address | peer-group-name} advertisement-interval seconds neighbor {ip-address | peer-group-name} maximum-prefix maximum [threshold]
neighbor {ip-address | peer-group-name} next-hop-self neighbor {ip-address | peer-group-name} password string
neighbor {ip-address | peer-group-name} route-map map-name {in | out} neighbor {ip-address | peer-group-name} send-community
neighbor {ip-address | peer-group-name} timers keepalive holdtime
Purpose
(Optional) Allows internal BGP sessions to use any operational interface for TCP connections.
(Optional) Allows BGP sessions, even when the neighbor is not on a directly connected segment. The multihop session is not established if the only route to the multihop peer's address is the default route (0.0.0.0).
(Optional) Specifies an AS number to use as the local AS. The range is 1 to 65535.
(Optional) Sets the minimum interval between sending BGP routing updates.
(Optional) Controls how many prefixes can be received from a neighbor. The range is 1 to 4294967295. The threshold (optional) is the percentage of maximum at which a warning message is generated. The default is 75 percent.
(Optional) Disables next-hop processing on the BGP updates to a neighbor.
(Optional) Sets MD5 authentication on a TCP connection to a BGP peer. The same password must be configured on both BGP peers, or the connection between them is not made.
(Optional) Applies a route map to incoming or outgoing routes.
(Optional) Specifies that the COMMUNITIES attribute be sent to the neighbor at this IP address.
(Optional) Sets timers for the neighbor or peer group.
· The keepalive interval is the time within which keepalive messages are sent to peers. The range is 1 to 4294967295 seconds; the default is 60.
· The holdtime is the interval after which a peer is declared inactive after not receiving a keepalive message from it. The range is 1 to 4294967295 seconds; the default is 180.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 313
Configuring Aggregate Addresses in a Routing Table
Configuring BGP
Step 20 Step 21 Step 22 Step 23 Step 24 Step 25
Step 26 Step 27
Command or Action
neighbor {ip-address | peer-group-name} weight weight
Purpose
(Optional) Specifies a weight for all routes from a neighbor.
neighbor {ip-address | peer-group-name} distribute-list {access-list-number | name} {in | out}
(Optional) Filter BGP routing updates to or from neighbors, as specified in an access list.
neighbor {ip-address | peer-group-name} (Optional) Establish a BGP filter. filter-list access-list-number {in | out | weight weight}
neighbor {ip-address | peer-group-name} (Optional) Specifies the BGP version to use
version value
when communicating with a neighbor.
neighbor {ip-address | peer-group-name} (Optional) Configures the software to start
soft-reconfiguration inbound
storing received updates.
end Example:
Returns to privileged EXEC mode.
Device(config)# end
show ip bgp neighbors copy running-config startup-config Example:
Device# copy running-config startup-config
Verifies the configuration.
(Optional) Saves your entries in the configuration file.
Configuring Aggregate Addresses in a Routing Table
To configure aggregate addresses in a routing table, perform this procedure:
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Device# configure terminal
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 314
Configuring BGP
Configuring Aggregate Addresses in a Routing Table
Step 3 Step 4 Step 5
Step 6 Step 7 Step 8 Step 9
Command or Action router bgp autonomous-system Example:
Purpose Enters BGP router configuration mode.
Device(config)# router bgp 106
aggregate-address address mask
Creates an aggregate entry in the BGP routing
Example:
table. The aggregate route is advertised as coming from the AS, and the atomic aggregate
attribute is set to indicate that information
Device(config-router)# 10.0.0.0 255.0.0.0
aggregate-address
might
be
missing.
aggregate-address address mask as-set
(Optional) Generates AS set path information.
Example:
This command creates an aggregate entry following the same rules as the previous
command, but the advertised path will be an
Device(config-router)# aggregate-address 10.0.0.0 255.0.0.0 as-set
AS_SET
consisting
of
all
elements
contained
in all paths. Do not use this keyword when
aggregating many paths because this route
must be continually withdrawn and updated.
aggregate-address address-mask summary-only
Example:
(Optional) Advertises summary addresses only.
Device(config-router)# aggregate-address 10.0.0.0 255.0.0.0 summary-only
aggregate-address address mask suppress-map map-name
Example:
(Optional) Suppresses selected, more specific routes.
Device(config-router)# aggregate-address 10.0.0.0 255.0.0.0 suppress-map map1
aggregate-address address mask advertise-map map-name
Example:
(Optional) Generates an aggregate based on conditions that are specified by the route map.
Device(config-router)# aggregate-address 10.0.0.0 255.0.0.0 advertise-map map2
aggregate-address address mask attribute-map map-name
Example:
(Optional) Generates an aggregate with attributes that are specified in the route map.
Device(config-router)# aggregate-address 10.0.0.0 255.0.0.0 attribute-map map3
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 315
Configuring Routing Domain Confederations
Configuring BGP
Step 10 Step 11 Step 12
Command or Action end Example:
Device(config)# end
Purpose Returns to privileged EXEC mode.
show ip bgp neighbors [advertised-routes] Verifies the configuration. Example:
Device# show ip bgp neighbors
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device# copy running-config startup-config
Configuring Routing Domain Confederations
You must specify a confederation identifier that acts as the autonomous system number for the group of autonomous systems.
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Device# configure terminal
Step 3 Step 4
router bgp autonomous-system Example:
Device(config)# router bgp 100
bgp confederation identifier autonomous-system Example:
Enters BGP router configuration mode. Configures a BGP confederation identifier.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 316
Configuring BGP
Configuring BGP Route Reflectors
Step 5 Step 6
Command or Action
Purpose
Device(config)# bgp confederation identifier 50007
bgp confederation peers autonomous-system Specifies the autonomous systems that belong
[autonomous-system ...]
to the confederation and that will be treated as
Example:
special EBGP peers.
Device(config)# bgp confederation peers 51000 51001 51002
end Example:
Returns to privileged EXEC mode.
Device(config)# end
Step 7 Step 8 Step 9
show ip bgp neighbor Example:
Device# show ip bgp neighbor
show ip bgp network Example:
Device# show ip bgp network
copy running-config startup-config Example:
Device# copy running-config startup-config
Verifies the configuration.
Verifies the configuration.
(Optional) Saves your entries in the configuration file.
Configuring BGP Route Reflectors
To configure BGP route reflectors, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Device> enable
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 317
Configuring BGP Route Reflectors
Configuring BGP
Step 2
Command or Action configure terminal Example:
Device# configure terminal
Purpose Enters global configuration mode.
Step 3 Step 4 Step 5 Step 6 Step 7
router bgp autonomous-system Example:
Enters BGP router configuration mode.
Device(config)# router bgp 101
neighbor {ip-address | peer-group-name} route-reflector-client Example:
Configures the local router as a BGP route reflector and the specified neighbor as a client.
Device(config-router)# neighbor 172.16.70.24 route-reflector-client
bgp cluster-id cluster-id Example:
(Optional) Configures the cluster ID if the cluster has more than one route reflector.
Device(config-router)# bgp cluster-id 10.0.1.2
no bgp client-to-client reflection Example:
Device(config-router)# no bgp client-to-client reflection
(Optional) Disables client-to-client route reflection. By default, the routes from a route reflector client are reflected to other clients. However, if the clients are fully meshed, the route reflector does not need to reflect routes to clients.
end Example:
Returns to privileged EXEC mode.
Device(config)# end
Step 8 Step 9
show ip bgp Example:
Device# show ip bgp
copy running-config startup-config Example:
Device# copy running-config startup-config
Verifies the configuration. Displays the originator ID and the cluster-list attributes.
(Optional) Saves your entries in the configuration file.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 318
Configuring BGP
Configuring Route Dampening
Configuring Route Dampening
To configure route dampening, perform this procedure:
Procedure Step 1
Command or Action enable Example:
Step 2
Device> enable
configure terminal Example:
Device# configure terminal
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Enters global configuration mode.
Step 3 Step 4 Step 5 Step 6
router bgp autonomous-system Example:
Enters BGP router configuration mode.
Device(config)# router bgp 100
bgp dampening Example:
Enables BGP route dampening.
Device(config-router)# bgp dampening
bgp dampening half-life reuse suppress max-suppress [route-map map] Example:
(Optional) Changes the default values of route dampening factors.
Device(config-router)# bgp dampening 30 1500 10000 120
end Example:
Returns to privileged EXEC mode.
Device(config)# end
Step 7
show ip bgp flap-statistics [{regexp regexp} (Optional) Monitors the flaps of all paths that
| {filter-list list} | {address mask
are flapping. The statistics are deleted when
[longer-prefix]}]
the route is not suppressed and is stable.
Example:
Device# show ip bgp flap-statistics
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 319
Conditionally Injecting BGP Routes
Configuring BGP
Step 8 Step 9
Step 10 Step 11
Command or Action show ip bgp dampened-paths Example:
Purpose
(Optional) Displays the dampened routes, including the time remaining before they are suppressed.
Device# show pi bgp dampened-paths
clear ip bgp flap-statistics [{regexp regexp} (Optional) Clears BGP flap statistics to make
| {filter-list list} | {address mask
it less likely that a route will be dampened.
[longer-prefix]}
Example:
Device# clear ip bgp flap-statistics
clear ip bgp dampening Example:
(Optional) Clears route dampening information, and unsuppress the suppressed routes.
Device# clear ip bgp dampening
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device# copy running-config startup-config
Conditionally Injecting BGP Routes
Use this task to inject more specific prefixes into a BGP routing table over less specific prefixes that were selected through normal route aggregation. These more specific prefixes can be used to provide a finer granularity of traffic engineering or administrative control than is possible with aggregated routes.
To conditionally injecting BGp routes, perform this procedure:
Before you begin This task assumes that the IGP is already configured for the BGP peers.
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 320
Configuring BGP
Conditionally Injecting BGP Routes
Step 3 Step 4 Step 5 Step 6 Step 7
Step 8
Command or Action
Purpose
Device# configure terminal
router bgp autonomous-system-number Example:
Enters router configuration mode for the specified routing process.
Device(config)# router bgp 40000
bgp inject-map inject-map-name exist-map Specifies the inject map and the exist map for
exist-map-name [copy-attributes]
conditional route injection.
Example:
Device(config-router)# bgp inject-map ORIGINATE exist-map LEARNED_PATH
· Use the copy-attributes keyword to specify that the injected route inherits the attributes of the aggregate route.
exit Example:
Exits router configuration mode and enters global configuration mode.
Device(config-router)# exit
route-map map-tag [permit | deny] [sequence-number] Example:
Configures a route map and enters route map configuration mode.
Device(config)# route-map LEARNED_PATH permit 10
match ip address {access-list-number
Specifies the aggregate route to which a more
[access-list-number... | access-list-name...] | specific route will be injected.
access-list-name [access-list-number... | access-list-name] | prefix-list prefix-list-name [prefix-list-name...]}
· In this example, the prefix list that is named SOURCE is used to redistribute the source of the route.
Example:
Device(config-route-map)# match ip address prefix-list SOURCE
match ip route-source {access-list-number | access-list-name} [access-list-number...| access-list-name...] Example:
Device(config-route-map)# match ip route-source prefix-list ROUTE_SOURCE
Specifies the match conditions for redistributing the source of the route.
· In this example, the prefix list that is named ROUTE_SOURCE is used to redistribute the source of the route.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 321
Conditionally Injecting BGP Routes
Configuring BGP
Step 9 Step 10 Step 11
Step 12 Step 13 Step 14
Command or Action
Purpose Note
The route source is the neighbor address that is configured with the neighbor remote-as command. The tracked prefix must come from this neighbor in order for conditional route injection to occur.
exit Example:
Exits route map configuration mode and enters global configuration mode.
Device(config-route-map)# exit
route-map map-tag [permit | deny] [sequence-number] Example:
Configures a route map and enters route map configuration mode.
Device(config)# route-map ORIGINATE permit 10
set ip address {access-list-number
Specifies the routes to be injected.
[access-list-number... | access-list-name...] | access-list-name [access-list-number... | access-list-name] | prefix-list prefix-list-name [prefix-list-name...]}
In this example, the prefix list that is named originated_routes is used to redistribute the source of the route.
Example:
Device(config-route-map)# set ip address prefix-list ORIGINATED_ROUTES
set community {community-number [additive] [well-known-community] | none}
Example:
Sets the BGP community attribute of the injected route.
Device(config-route-map)# set community 14616:555 additive
exit Example:
Exits route map configuration mode and enters global configuration mode.
Device(config-route-map)# exit
ip prefix-list list-name [seq seq-value] {deny network/length | permit network/length} [ge ge-value] [le le-value]
Example:
Configures a prefix list.
In this example, the prefix list that is named SOURCE is configured to permit routes from network 10.1.1.0/24.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 322
Configuring BGP
Configuring Peer Session Templates
Step 15 Step 16
Step 17
Command or Action
Purpose
Device(config)# ip prefix-list SOURCE permit 10.1.1.0/24
Repeat Step 14 for every prefix list to be created.
exit Example:
--
Exits global configuration mode and returns to privileged EXEC mode.
Device(config)# exit
show ip bgp injected-paths Example:
(Optional) Displays information about injected paths.
Device# show ip bgp injected-paths
Configuring Peer Session Templates
Use the following tasks to create and configure a peer session template:
Configuring a Basic Peer Session Template
Perform this task to create a basic peer session template with general BGP routing session commands that can be applied to many neighbors using one of the next two tasks.
Note The commands in Step 5 and 6 are optional and could be replaced with any supported general session commands.
Note The following restrictions apply to the peer session templates:
· A peer session template can directly inherit only one session template, and each inherited session template can also contain one indirectly inherited session template. So, a neighbor or neighbor group can be configured with only one directly applied peer session template and seven additional indirectly inherited peer session templates.
· A BGP neighbor cannot be configured to work with both peer groups and peer templates. A BGP neighbor can be configured to belong only to a peer group or to inherit policies only from peer templates.
To configure a basic peer session template, perform this procedure:
Procedure
Step 1
Command or Action enable
Purpose Enables privileged EXEC mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 323
Configuring a Basic Peer Session Template
Configuring BGP
Step 2 Step 3 Step 4 Step 5 Step 6
Step 7 Step 8
Command or Action Example:
Purpose Enter your password if prompted.
Device> enable
configure terminal Example:
Enters global configuration mode.
Device# configure terminal
router bgp autonomous-system-number Example:
Enters router configuration mode and creates a BGP routing process.
Device(config)# router bgp 101
template peer-session session-template-name Enters session-template configuration mode and
Example:
creates a peer session template.
Device(config-router)# template peer-session INTERNAL-BGP
remote-as autonomous-system-number Example:
Device(config-router-stmp)# remote-as 202
(Optional) Configures peering with a remote neighbor in the specified autonomous system.
Note
Any supported general session
command can be used here. For a
list of the supported commands,
see the "Restrictions" section.
timers keepalive-interval hold-time Example:
Device(config-router-stmp)# timers 30 300
(Optional) Configures BGP keepalive and hold timers.
The hold time must be at least twice the keepalive time.
Note
Any supported general session
command can be used here. For a
list of the supported commands,
see the "Restrictions" section.
end Example:
Exits session-template configuration mode and returns to privileged EXEC mode.
Device(config-router)# end
show ip bgp template peer-session [session-template-name]
Displays locally configured peer session templates.
Example:
The output can be filtered to display a single
peer policy template with the
Device# show ip bgp template peer-session session-template-name argument. This
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 324
Configuring BGP
Configuring Peer Session Template Inheritance with the inherit peer-session Command
Command or Action
Purpose
command also supports all standard output modifiers.
Configuring Peer Session Template Inheritance with the inherit peer-session Command
This task configures peer session template inheritance with the inherit peer-session command. It creates and configures a peer session template and allows it to inherit a configuration from another peer session template.
Note The commands in Steps 5 and 6 are optional and could be replaced with any supported general session commands.
To configure peer session template inheritance, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device# configure terminal
router bgp autonomous-system-number Example:
Enters router configuration mode and creates a BGP routing process.
Step 4
Device(config)# router bgp 101
template peer-session session-template-name Enter session-template configuration mode and
Example:
creates a peer session template.
Step 5
Device(config-router)# template peer-session CORE1
description text-string
(Optional) Configures a description.
Example:
The text string can be up to 80 characters.
Note Device(config-router-stmp)# description
CORE-123
Any supported general session command can be used here. For a list of the supported commands, see the "Restrictions" section.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 325
Configuring Peer Session Template Inheritance with the neighbor inherit peer-session Command
Configuring BGP
Step 6
Step 7
Step 8 Step 9
Command or Action
Purpose
update-source interface-type
(Optional) Configures a router to select a
interface-number
specific source or interface to receive routing
Example:
table updates.
The example uses a loopback interface. The
Device(config-router-stmp)# update-source advantage to this configuration is that the
loopback 1
loopback interface is not as susceptible to the
effects of a flapping interface.
Note
Any supported general session
command can be used here. For a
list of the supported commands,
see the "Restrictions" section.
inherit peer-session session-template-name Configures this peer session template to inherit
Example:
the configuration of another peer session template.
Device(config-router-stmp)# inherit peer-session INTERNAL-BGP
The example configures this peer session template to inherit the configuration from INTERNAL-BGP. This template can be applied to a neighbor, and the configuration INTERNAL-BGP will be applied indirectly. No additional peer session templates can be directly applied. However, the directly inherited template can contain up to seven indirectly inherited peer session templates.
end Example:
Exits session-template configuration mode and enters privileged EXEC mode.
Device(config-router)# end
show ip bgp template peer-session [session-template-name]
Displays locally configured peer session templates.
Example:
The output can be filtered to display a single
peer policy template with the optional
Device# show ip bgp template peer-session session-template-name argument. This
command also supports all standard output
modifiers.
Configuring Peer Session Template Inheritance with the neighbor inherit peer-session Command
This task configures a device to send a peer session template to a neighbor to inherit the configuration from the specified peer session template with the neighbor inherit peer-session command. Use the following steps to send a peer session template configuration to a neighbor to inherit.
To configure peer session template inheritance, perform this procedure:
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 326
Configuring BGP
Configuring Peer Session Template Inheritance with the neighbor inherit peer-session Command
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device# configure terminal
router bgp autonomous-system-number Example:
Enters router configuration mode and creates a BGP routing process.
Step 4 Step 5
Step 6
Device(config)# router bgp 101
neighbor ip-address remote-as autonomous-system-number Example:
Device(config-router)# neighbor 172.16.0.1 remote-as 202
Configures a peering session with the specified neighbor.
The explicit remote-as statement is required for the neighbor inherit statement in Step 5 to work. If a peering is not configured, the specified neighbor in Step 5 will not accept the session template.
neighbor ip-address inherit peer-session session-template-name Example:
Device(config-router)# neighbor 172.16.0.1 inherit peer-session CORE1
Sends a peer session template to a neighbor so that the neighbor can inherit the configuration.
The example configures a device to send the peer session template named CORE1 to the 172.16.0.1 neighbor to inherit. This template can be applied to a neighbor, and if another peer session template is indirectly inherited in CORE1, the indirectly inherited configuration will also be applied. No additional peer session templates can be directly applied. However, the directly inherited template can also inherit up to seven additional indirectly inherited peer session templates.
end Example:
Exits router configuration mode and enters privileged EXEC mode.
Step 7
Device(config-router)# end
show ip bgp template peer-session [session-template-name] Example:
Displays locally configured peer session templates.
The output can be filtered to display a single peer policy template with the optional
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 327
Configuring Peer Policy Templates
Configuring BGP
Command or Action
Purpose
session-template-name argument. This Device# show ip bgp template peer-session command also supports all standard output
modifiers.
Configuring Peer Policy Templates
Use the following tasks to create and configure a peer policy template:
Configuring Basic Peer Policy Templates
Perform this task to create a basic peer policy template with BGP policy configuration commands that can be applied to many neighbors using one of the next two tasks.
Note The commands in Steps 5 through 7 are optional and could be replaced with any supported BGP policy configuration commands.
Note The following restrictions apply to the peer policy templates: · A peer policy template can directly or indirectly inherit up to eight peer policy templates.
· A BGP neighbor cannot be configured to work with both peer groups and peer templates. A BGP neighbor can be configured to belong only to a peer group or to inherit policies only from peer templates.
To configure basic peer policy templates, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device# configure terminal
router bgp autonomous-system-number Example:
Enters router configuration mode and creates a BGP routing process.
Device(config)# router bgp 45000
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 328
Configuring BGP
Configuring Peer Policy Template Inheritance with the inherit peer-policy Command
Step 4 Step 5 Step 6 Step 7
Step 8
Command or Action
Purpose
template peer-policy policy-template-name Enters policy-template configuration mode and
Example:
creates a peer policy template.
Device(config-router)# template peer-policy GLOBAL
maximum-prefix prefix-limit [threshold] [restart restart-interval | warning-only] Example:
Device(config-router-ptmp)# maximum-prefix 10000
(Optional) Configures the maximum number of prefixes that a neighbor accept from this peer.
Note
Any supported BGP policy
configuration command can be
used here. For a list of the
supported commands, see the
"Peer Policy Templates" section.
weight weight-value Example:
Device(config-router-ptmp)# weight 300
(Optional) Sets the default weight for routes that are sent from this neighbor.
Note
Any supported BGP policy
configuration command can be
used here. For a list of the
supported commands, see the
"Peer Policy Templates" section.
prefix-list prefix-list-name {in | out}
(Optional) Filters prefixes that are received by
Example:
the router or sent from the router.
The prefix list in the example filters inbound
Device(config-router-ptmp)# prefix-list internal addresses.
NO-MARKETING in
Note
Any supported BGP policy
configuration command can be
used here. For a list of the
supported commands, see the
"Peer Policy Templates" section.
end Example:
Exits policy-template configuration mode and returns to privileged EXEC mode.
Device(config-router-ptmp)# end
Configuring Peer Policy Template Inheritance with the inherit peer-policy Command
This task configures peer policy template inheritance using the inherit peer-policycommand. It creates and configure a peer policy template and allows it to inherit a configuration from another peer policy template.
Note The commands in Steps 5 and 6 are optional and could be replaced with any supported BGP policy configuration commands.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 329
Configuring Peer Policy Template Inheritance with the inherit peer-policy Command
Configuring BGP
To configure peer policy template inheritance, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device# configure terminal
router bgp autonomous-system-number Example:
Enters router configuration mode and creates a BGP routing process.
Step 4
Device(config)# router bgp 45000
template peer-policy policy-template-name Enter policy-template configuration mode and
Example:
creates a peer policy template.
Step 5
Device(config-router)# template peer-policy NETWORK1
route-map map-name {in| out} Example:
Device(config-router-ptmp)# route-map ROUTE in
(Optional) Applies the specified route map to inbound or outbound routes.
Note
Any supported BGP policy
configuration command can be
used here.
Step 6
inherit peer-policy policy-template-name sequence-number Example:
Device(config-router-ptmp)# inherit peer-policy GLOBAL 10
Configures the peer policy template to inherit the configuration of another peer policy template.
· The sequence-number argument sets the order in which the peer policy template is evaluated. Like a route map sequence number, the lowest sequence number is evaluated first.
· The example configures this peer policy template to inherit the configuration from GLOBAL. If the template created in these steps is applied to a neighbor, the configuration GLOBAL will also be inherited and applied indirectly. Up to six additional peer policy templates can be indirectly inherited from GLOBAL for a
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 330
Configuring BGP
Configuring Peer Policy Template Inheritance with the inherit peer-policy Command
Step 7 Step 8
Command or Action
Purpose total of eight directly applied and indirectly inherited peer policy templates.
· This template in the example will be evaluated first if no other templates are configured with a lower sequence number.
end Example:
Exits policy-template configuration mode and returns to privileged EXEC mode.
Device(config-router-ptmp)# end
show ip bgp template peer-policy [policy-template-name[detail]]
Displays locally configured peer policy templates.
Example:
Device# show ip bgp template peer-policy NETWORK1 detail
· The output can be filtered to display a single peer policy template with the policy-template-name argument. This command also supports all standard output modifiers.
· Use the detail keyword to display detailed policy information.
Examples
The following sample output of the show ip bgp template peer-policy command with the detail keyword displays details of the policy named NETWORK1. The output in this example shows that the GLOBAL template was inherited. Details of route map and prefix list configurations are also displayed.
Device# show ip bgp template peer-policy NETWORK1 detail Template:NETWORK1, index:2. Local policies:0x1, Inherited polices:0x80840 This template inherits:
GLOBAL, index:1, seq_no:10, flags:0x1 Locally configured policies:
route-map ROUTE in Inherited policies:
prefix-list NO-MARKETING in weight 300 maximum-prefix 10000 Template:NETWORK1 <detail> Locally configured policies: route-map ROUTE in route-map ROUTE, permit, sequence 10 Match clauses:
ip address prefix-lists: DEFAULT ip prefix-list DEFAULT: 1 entries
seq 5 permit 10.1.1.0/24 Set clauses: Policy routing matches: 0 packets, 0 bytes Inherited policies:
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 331
Configuring Peer Policy Template Inheritance with the neighbor inherit peer-policy Command
Configuring BGP
prefix-list NO-MARKETING in ip prefix-list NO-MARKETING: 1 entries
seq 5 deny 10.2.2.0/24
Configuring Peer Policy Template Inheritance with the neighbor inherit peer-policy Command
This task configures a device to send a peer policy template to a neighbor to inherit using the neighbor inherit peer-policy command. Perform the following steps to send a peer policy template configuration to a neighbor to inherit.
When BGP neighbors use multiple levels of peer templates, it can be difficult to determine which policies are applied to the neighbor. The policy and detail keywords of the show ip bgp neighbors command display the inherited policies and policies that are configured directly on the specified neighbor.
To configure peer policy template, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device# configure terminal
router bgp autonomous-system-number Example:
Enters router configuration mode and creates a BGP routing process.
Step 4 Step 5
Device(config)# router bgp 45000
neighbor ip-address remote-as autonomous-system-number Example:
Device(config-router)# neighbor 192.168.1.2 remote-as 40000
Configures a peering session with the specified neighbor.
The explicit remote-as statement is required for the neighbor inherit statement in Step 6 to work. If a peering is not configured, the specified neighbor in Step 6 will not accept the session template.
address-family ipv4 vrf vrf-name]
Example:
[multicast | unicast | Enters address family configuration mode to configure a neighbor to accept address family-specific command configurations.
Step 6
Device(config-router)# address-family ipv4 unicast
neighbor ip-address inherit peer-policy Sends a peer policy template to a neighbor so
policy-template-name
that the neighbor can inherit the configuration.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 332
Configuring BGP
Configuring Peer Policy Template Inheritance with the neighbor inherit peer-policy Command
Step 7 Step 8
Command or Action
Purpose
Example:
Device(config-router-af)# neighbor 192.168.1.2 inherit peer-policy GLOBAL
The example configures a router to send the peer policy template that is named GLOBAL to the 192.168.1.2 neighbor to inherit. This template can be applied to a neighbor, and if another peer policy template is indirectly inherited from GLOBAL, the indirectly inherited configuration will also be applied. Up to seven additional peer policy templates can be indirectly inherited from GLOBAL.
end Example:
Exits address family configuration mode and returns to privileged EXEC mode.
Device(config-router-af)# end
show ip bgp neighbors [ip-address[policy Displays locally configured peer policy
[detail]]]
templates.
Example:
Device# show ip bgp neighbors 192.168.1.2 policy
· The output can be filtered to display a single peer policy template with the policy-template-name argument. This command also supports all standard output modifiers.
· Use the policy keyword to display the policies that are applied to this neighbor per address family.
· Use the detail keyword to display detailed policy information.
Examples
The following sample output shows the policies that are applied to the neighbor at 192.168.1.2. The output displays both inherited policies and policies that are configured on the neighbor device. Inherited polices are policies that the neighbor inherits from a peer-group or a peer-policy template.
Device# show ip bgp neighbors 192.168.1.2 policy Neighbor: 192.168.1.2, Address-Family: IPv4 Unicast Locally configured policies:
route-map ROUTE in Inherited polices:
prefix-list NO-MARKETING in route-map ROUTE in weight 300 maximum-prefix 10000
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 333
Configuring BGP Route Map Next-hop Self
Configuring BGP
Configuring BGP Route Map Next-hop Self
Perform this task to modify the existing route map by adding the ip next-hop self-setting and overriding the bgp next-hop unchanged and bgp next-hop unchanged all-paths settings. To configure BGP route map next-hop self, perform this procedure:
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3 Step 4 Step 5
Device# configure terminal
route-map map-tag permit sequence-number Example:
Device(config)# route-map static-nexthop-rewrite permit 10
match source-protocol source-protocol Example:
Device(config-route-map)# match source-protocol static
set ip next-hop self Example:
Defines conditions for redistributing routes from one routing protocol to another routing protocol and enters route-map configuration mode.
Matches Enhanced Interior Gateway Routing Protocol (EIGRP) external routes based on a source protocol.
Configure local routes (for BGP only) with next hop of self.
Step 6
Device(config-route-map)# set ip next-hop self
exit Example:
Exits route-map configuration mode and enters global configuration mode.
Step 7
Device(config-route-map)# exit
route-map map-tag permit sequence-number Example:
Device(config)# route-map static-nexthop-rewrite permit 20
Defines conditions for redistributing routes from one routing protocol to another routing protocol and enters route-map configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 334
Configuring BGP
Configuring BGP Route Map Next-hop Self
Step 8 Step 9 Step 10 Step 11 Step 12 Step 13
Step 14 Step 15
Command or Action match route-type internal Example:
Purpose Redistributes routes of the specified type.
Device(config-route-map)# match route-type internal
match route-type external Example:
Redistributes routes of the specified type.
Device(config-route-map)# match route-type external
match source-protocol source-protocol Example:
Device(config-route-map)# match source-protocol connected
exit Example:
Matches Enhanced Interior Gateway Routing Protocol (EIGRP) external routes based on a source protocol.
Exits route-map configuration mode and enters global configuration mode.
Device(config-route-map)# exit
router bgp autonomous-system-number Example:
Enters router configuration mode and creates a BGP routing process.
Device(config)# router bgp 45000
neighbor {ip-address | ipv6-address | peer-group-name} remote-as autonomous-system-number
Example:
Adds an entry to the BGP or multiprotocol BGP neighbor table.
Device(config-router)# neighbor 172.16.232.50 remote-as 65001
address-family vpnv4 Example:
Specifies the VPNv4 address family and enters address family configuration mode.
Device(config-router)# address-family vpnv4
neighbor {ip-address | ipv6-address | peer-group-name} activate
Example:
Enables the exchange of information with a Border Gateway Protocol (BGP) neighbor.
Device(config-router-af)# neighbor 172.16.232.50 activate
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 335
Configuring BGP Route Map Next-hop Self
Configuring BGP
Step 16
Step 17
Step 18 Step 19 Step 20 Step 21 Step 22
Command or Action
neighbor {ip-address | ipv6-address | peer-group-name} next-hop unchanged allpaths
Example:
Purpose
Enables an external EBGP peer that is configured as multihop to propagate the next hop unchanged.
Device(config-router-af)# neighbor 172.16.232.50 next-hop unchanged allpaths
neighbor {ip-address | ipv6-address | peer-group-name} route-map map-name out
Example:
Applies a route map to an outgoing route.
Device(config-router-af)# neighbor 172.16.232.50 route-map static-nexthop-rewrite out
exit Example:
Exits address family configuration mode and enters router configuration mode.
Device(config-router-af)# exit
address-family ipv4 [unicast | multicast| vrf Specifies the IPv4 address family and enters
vrf-name]
address family configuration mode.
Example:
Device(config-router)# address-family ipv4 unicast vrf inside
bgp route-map priority Example:
Configures the route map priority for the local BGP routing process
Device(config-router-af)# bgp route-map priority
redistribute protocol Example:
Redistributes routes from one routing domain into another routing domain.
Device(config-router-af)# redistribute static
redistribute protocol Example:
Redistributes routes from one routing domain into another routing domain.
Device(config-router-af)# redistribute connected
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 336
Configuring BGP
Configuration Examples for BGP
Step 23 Step 24
Command or Action exit-address-family Example:
Device(config-router-af)# exit address-family
end Example:
Device(config-router)# end
Purpose Exits address family configuration mode and enters router configuration mode.
Exits router configuration mode and enters privileged EXEC mode.
Configuration Examples for BGP
The following sections provide configuration examples for BGP.
Example: Configuring Conditional BGP Route Injection
The following sample output is similar to the output that will be displayed when the show ip bgp injected-paths command is entered:
Device# show ip bgp injected-paths
BGP table version is 11, local router ID is 10.0.0.1
Status codes:s suppressed, d damped, h history, * valid, > best, i -
internal
Origin codes:i - IGP, e - EGP, ? - incomplete
Network
Next Hop
Metric LocPrf Weight Path
*> 172.16.0.0
10.0.0.2
0?
*> 172.17.0.0/16 10.0.0.2
0?
Example: Configuring Peer Session Templates
The following example creates a peer session template that is named INTERNAL-BGP in session-template configuration mode:
router bgp 45000 template peer-session INTERNAL-BGP remote-as 50000 timers 30 300 exit-peer-session
The following example creates a peer session template named CORE1. This example inherits the configuration of the peer session template named INTERNAL-BGP.
router bgp 45000 template peer-session CORE1 description CORE-123 update-source loopback 1
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 337
Examples: Configuring Peer Policy Templates
Configuring BGP
inherit peer-session INTERNAL-BGP exit-peer-session
The following example configures the 192.168.3.2 neighbor to inherit the CORE1 peer session template. The 192.168.3.2 neighbor will also indirectly inherit the configuration from the peer session template named INTERNAL-BGP. The explicit remote-as statement is required for the neighbor inherit statement to work. If a peering is not configured, the specified neighbor will not accept the session template.
router bgp 45000 neighbor 192.168.3.2 remote-as 50000 neighbor 192.168.3.2 inherit peer-session CORE1
Examples: Configuring Peer Policy Templates
The following example creates a peer policy template that is named GLOBAL and enters policy-template configuration mode:
router bgp 45000 template peer-policy GLOBAL weight 1000 maximum-prefix 5000 prefix-list NO_SALES in exit-peer-policy
The following example creates a peer policy template that is named PRIMARY-IN and enters policy-template configuration mode:
router bgp 45000 template peer-policy PRIMARY-IN prefix-list ALLOW-PRIMARY-A in route-map SET-LOCAL in weight 2345 default-originate exit-peer-policy
The following example creates a peer policy template named CUSTOMER-A. This peer policy template is configured to inherit the configuration from the peer policy templates that are named PRIMARY-IN and GLOBAL.
router bgp 45000 template peer-policy CUSTOMER-A route-map SET-COMMUNITY in filter-list 20 in inherit peer-policy PRIMARY-IN 20 inherit peer-policy GLOBAL 10 exit-peer-policy
The following example configures the 192.168.2.2 neighbor in address family mode to inherit the peer policy template named CUSTOMER-A. Assuming this example is a continuation of the example above, because the peer policy template named CUSTOMER-A above inherited the configuration from the templates that are named PRIMARY-IN and GLOBAL, the 192.168.2.2 neighbor will also indirectly inherit the peer policy templates that are named PRIMARY-IN and GLOBAL.
router bgp 45000 neighbor 192.168.2.2 remote-as 50000 address-family ipv4 unicast
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 338
Configuring BGP
Example: Configuring BGP Route Map next-hop self
neighbor 192.168.2.2 inherit peer-policy CUSTOMER-A end
Example: Configuring BGP Route Map next-hop self
This section contains an example of how to configure BGP Route Map next-hop self.
In this example, a route map is configured that matches the networks where you wish to override settings for bgp next-hop unchanged and bgp next-hop unchanged allpath. Subsequently, next-hop self is configured. After this, the bgp route map priority is configured for the specified address family so that the previously specified route map takes priority over the settings for bgp next-hop unchanged and bgp next-hop unchanged allpath. This configuration results in static routes being redistributed with a next hop of self, but connected routes and routes learned via IBGP or EBGP continue to be redistributed with an unchanged next hop.
route-map static-nexthop-rewrite permit 10 match source-protocol static set ip next-hop self
route-map static-nexthop-rewrite permit 20 match route-type internal match route-type external match source-protocol connected
! router bgp 65000
neighbor 172.16.232.50 remote-as 65001 address-family vpnv4
neighbor 172.16.232.50 activate neighbor 172.16.232.50 next-hop unchanged allpaths neighbor 172.16.232.50 route-map static-nexthop-rewrite out exit-address-family address-family ipv4 unicast vrf inside bgp route-map priority redistribute static redistribute connected exit-address-family end
Monitoring and Maintaining BGP
You can remove all contents of a particular cache, table, or database. This might be necessary when the contents of the particular structure have become or are suspected to be invalid.
You can display specific statistics, such as the contents of BGP routing tables, caches, and databases. You can use the information to get resource utilization and solve network problems. You can also display information about node reachability and discover the routing path your device's packets are taking through the network.
The table given below lists the privileged EXEC commands for clearing and displaying BGP.
Table 30: IP BGP Clear and Show Commands
clear ip bgp address clear ip bgp * clear ip bgp peer-group tag
Resets a particular BGP connection. Resets all BGP connections. Removes all members of a BGP peer group.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 339
Feature History for Border Gateway Protocol
Configuring BGP
show ip bgp prefix
Displays peer groups and peers not in peer groups to which has been advertised. Also displays prefix attributes such as hop and the local prefix.
show ip bgp cidr-only
Displays all BGP routes that contain subnet and supernet ne masks.
show ip bgp community [community-number] [exact] Displays routes that belong to the specified communities.
show ip bgp community-list community-list-number [exact-match]
Displays routes that are permitted by the community list.
show ip bgp filter-list access-list-number
Displays routes that are matched by the specified AS path a
show ip bgp inconsistent-as
Displays the routes with inconsistent originating autonomous
show ip bgp regexp regular-expression
Displays the routes that have an AS path that matches the sp regular expression entered on the command line.
show ip bgp
Displays the contents of the BGP routing table.
show ip bgp neighbors [address]
Displays detailed information on the BGP and TCP connec individual neighbors.
show ip bgp neighbors [address] [advertised-routes | Displays routes learned from a particular BGP neighbor. dampened-routes | flap-statistics | paths regular-expression | received-routes | routes]
show ip bgp paths
Displays all BGP paths in the database.
show ip bgp peer-group [tag] [summary]
Displays information about BGP peer groups.
show ip bgp summary
Displays the status of all BGP connections.
The bgp log-neighbor changes command is enabled by default. It allows to log messages that are generated when a BGP neighbor resets, comes up, or goes down.
Feature History for Border Gateway Protocol
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1 Border Gateway Protocol
The Border Gateway Protocol (BGP) is an exterior gateway protocol used to set up an interdomain routing system that guarantees the loop-free exchange of routing information between autonomous systems.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 340
Configuring BGP
Feature History for Border Gateway Protocol
Release Cisco IOS XE Gibraltar 16.11.1
Cisco IOS XE Cupertino 17.7.1
Feature
Feature Information
Conditional BGP Route Injection
Conditional BGP Route Injection allows you to originate a prefix into a BGP routing table without the corresponding match.
BGP Peer Templates
A BGP Peer Template is a configuration pattern that can be applied to neighbors that share policies. Peer templates are reusable and support inheritance, which allows the network operator to group and apply distinct neighbor configurations for BGP neighbors that share policies.
BGP Route Map Next Hop Self
The BGP Route Map Next Hop Self feature provides a way to override the settings for bgp next-hop unchanged and bgp next-hop unchanged allpath selectively.
Border Gateway Protocol
Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 341
Feature History for Border Gateway Protocol
Configuring BGP
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 342
2 9 C H A P T E R
Configuring BGP Additional Paths
· Information About BGP Additional Paths, on page 343 · How to Configure BGP Additional Paths, on page 348 · Configuration Examples for BGP Additional Paths, on page 356 · Additional References, on page 359 · Feature History for BGP Additional Paths, on page 359
Information About BGP Additional Paths
The following sections provide information about BGP additional paths.
Problem That Additional Paths Can Solve
BGP routers and route reflectors (RRs) propagate only their best path over their sessions. The advertisement of a prefix replaces the previous announcement of that prefix (this behavior is known as an implicit withdraw). The implicit withdraw can achieve better scaling, but at the cost of path diversity. Path hiding can prevent efficient use of BGP multipath, prevent hitless planned maintenance, and can lead to MED oscillations and suboptimal hot-potato routing. Upon nexthop failures, path hiding also inhibits fast and local recovery because the network has to wait for BGP control plane convergence to restore traffic. The BGP Additional Paths feature provides a generic way of offering path diversity; the Best External or Best Internal features offer path diversity only in limited scenarios. The BGP Additional Paths feature provides a way for multiple paths for the same prefix to be advertised without the new paths implicitly replacing the previous paths. Thus, path diversity is achieved instead of path hiding.
Path-Hiding Scenario This section describes in more detail how path hiding can occur. In the following figure, we have prefix p with paths p1 and p2 advertised from BR1 and BR4 to RR1. RR1 selects the best path of the two and then advertises to PE only p1.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 343
Problem That Additional Paths Can Solve Figure 15: RR Hiding an Additional Path
Configuring BGP Additional Paths
In the figure above, we also see prefix x with path x1 being advertised from BR2 to BR3 (which has path x2) with local preference 100. BR3 also has path x2, but due to routing policy, BR3 advertises to the RRs x1 (not shown) instead of x2, and x2 will be suppressed. A user could enable the advertisement of best external on BR3 and thereby advertise x2 to the RRs, but, again, the RRs advertise only the best path. Suboptimal Hot-Potato Routing Scenario In order to minimize internal transport costs, transit ISPs try to forward packets to the closest exit point (according to Interior Gateway Protocol [IGP] cost). This behavior is known as hot-potato routing. In the distributed RR cluster model of the figure below, assume that traffic coming from LA must go to Mexico. All links have the same IGP cost. If there are two exit points toward Mexico--one toward Austin and one toward Atlanta--the border router will try to send traffic to Austin based on the lower IGP cost from LA toward Austin than toward Atlanta. In a centralized RR model where the central RR resides where RR3 is (and RR1, RR2, RR4, and RR5 do not exist), the closest exit point toward Mexico, as seen from RR3, might be Atlanta. Sending the traffic from LA toward Atlanta results in suboptimal hot-potato routing, which is not desirable.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 344
Configuring BGP Additional Paths Figure 16: Distributed RR Cluster
Problem That Additional Paths Can Solve
DMVPN Scenario In Dynamic Multipoint Virtual Private Network (DMVPN) deployments, BGP is being used for scaling. In the figure below, Z is connected to both spokes S6 (NY) and S7 (Boston). The S7 links to the hubs have lower IGP costs than the S6 links to the hubs. There are physical links not shown that connect S5 to S6 and S6 to S7, with IGP costs lower than those to the hubs. Spokes S6 and S7 will send an update to both hubs H1 (Chicago) and H2 (Detroit). The RR hubs will then select the best path based on their lower IGP cost, which might be S7. The spoke S5 (Raleigh) will receive two updates from the RRs for Z with S7 being the next hop, even though, in this scenario, it might be preferable to pick S6 (NY) as the next hop.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 345
Benefits of BGP Additional Paths Figure 17: DMVPN Deployment
Configuring BGP Additional Paths
Benefits of BGP Additional Paths
BGP routers and route reflectors (RR) propagate only their best path over their sessions. The advertisement of a prefix replaces the previous announcement of that prefix (this in known as an implicit withdraw). While this behavior may achieve better scaling, it can prevent path diversity, which tends to be poor or completely lost. The behavior in turn prevents efficient use of BGP multipath, prevents hitless planned maintenance, and can lead to multi-exit discriminator (MED) oscillations and suboptimal hot-potato routing. It also inhibits fast and local recovery upon nexthop failures, because the network has to wait for BGP control plane convergence to restore traffic. The BGP Additional Paths feature is a BGP extension that allows the advertisement of multiple paths for the same prefix without the new paths implicitly replacing any previous paths. This behavior promotes path diversity and reduces MED oscillations.
BGP Additional Paths Functionality
The BGP Additional Paths feature is implemented by adding a path identifier to each path in the NLRI. The path identifier (ID) can be considered as something similar to a route distinguisher (RD) in VPNs, except that a path ID can apply to any address family. Path IDs are unique to a peering session and are generated for each network. The path identifier is used to prevent a route announcement from implicitly withdrawing the previous one. The Additional Paths feature allows the advertisement of more paths, in addition to the bestpath. The Additional Paths feature allows the advertisement of multiple paths for the same prefix, without the new paths implicitly replacing any previous paths. The BGP Additional Paths feature requires the user to take three general steps:
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 346
Configuring BGP Additional Paths
BGP Additional Paths Functionality
1. Specify whether the device can send, receive, or send and receive additional paths. This is done at the address family level or the neighbor level, and is controlled by either the bgp additional-paths {send [receive] | receive} command or the neighbor additional-paths {send [receive] | receive} command, respectively. During session establishment, two BGP neighbors negotiate the Additional Path capabilities (whether they can send and/or receive) between them.
2. Select a set or sets of candidate paths for advertisement by specifying selection criteria (using the bgp additional-paths select command).
3. Advertise for a neighbor a set or sets of additional paths from the candidate paths marked (using the neighbor advertise additional-paths command).
To send or receive additional paths, the Additional Path capability must be negotiated. If it isn't negotiated, even if the selection criteria are such that more than the bestpath is marked and the neighbor is configured to advertise the marked paths, the selections would be useless because without the capability negotiated, only the bestpath can be sent.
Configuring BGP to send or receive additional paths triggers negotiation of additional path capability with the device's peers. Neighbors that have negotiated the capability will be grouped together in an update group (if other update group policies allow), and in a separate update group from those peers that have not negotiated the capability. Therefore, additional path capability causes the neighbor's update group membership to be recalculated.
Additional Path Selection
There are three path selection (path marking) policies, and they are not mutually exclusive. They are specified per address family, using the bgp additional-paths select command. They are:
· best 2 or best 3 (best 2 means the bestpath and 2nd best path; the 2nd best path is the one computed by eliminating best-path from the best-computation algorithm. Similarly, best 3 means the bestpath, 2nd best path, and 3rd best path; the 3rd best path is the one computed by eliminating bestpath and 2nd best path from the best-computation algorithm.)
· group-best (calculates the group-best for prefixes during bestpath calculation; described further below)
· all (all paths with unique next hops are eligible for selection)
Definition of the group-best Selection
The group-best keyword is part of the following commands:
· advertise additional-paths
· bgp additional-paths select
· match additional-paths advertise-set
· neighbor advertise additional-paths
The group-best is the set of paths that are the best paths from the paths of the same AS. For example, suppose that there are three autonomous systems: AS 100, 200, and 300. Paths p101, p102, and p103 are from AS 100; p201, p202, and p203 are from AS200; and p301, p302, and p303 are from AS300. If we run the BGP bestpath algorithm on the paths from each AS, the algorithm will select one bestpath from each set of paths from that AS. Assuming p101 is the best from AS100, p201 is the best from AS200, and p301 is the best from AS300, then the group-best is the set of p101, p201, and p301.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 347
How to Configure BGP Additional Paths
Configuring BGP Additional Paths
Advertise a Subset of the Paths Selected
Take care when you select a set of paths but want to advertise a different set of paths. If the set of paths you want to advertise is not a subset of the selected paths, then you will not advertise the paths you want advertised.
The following example configures the additional paths that are selected to be the group-best and all selections. However, the paths that are configured to be advertised to the neighbor are the best 3 paths. Because the selection and advertise policy are not the same, the subsequent message is displayed. In these cases, only the bestpath is advertised.
Device(config)# router bgp 100 Device(config-router)# address-family ipv4 Device(config-router-af)# bgp additional-paths send receive Device(config-router-af)# bgp additional-paths select group-best all Device(config-router-af)# neighbor 192.168.2.2 advertise additional-paths best 3 % BGP: AF level 'bgp additional-paths select' more restrictive than advertising policy. This is a reminder that AF level additional-path select commands are needed.
How to Configure BGP Additional Paths
The following sections provide configurational information about BGP additional paths.
Configuring Additional Paths per Address Family
To select which paths are candidates to be additional paths, you can perform any combination of Steps 6, 7, and 8, as long as you perform at least one of those steps. If you want to disable additional paths per neighbor, see the "Disabling Additional Paths per Neighbor" section.
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device>enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device#configure terminal
router bgp as-number Example:
Device(config)#router bgp 65000
Configures a BGP routing process and enters router configuration mode.
The as-number argument indicates the number of an autonomous system that identifies the router to other BGP routers and tags the routing information that is passed along. Valid numbers are from 0 to 65535. Private autonomous system numbers that can be used
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 348
Configuring BGP Additional Paths
Configuring Additional Paths per Address Family
Step 4 Step 5 Step 6 Step 7 Step 8 Step 9
Step 10
Command or Action
Purpose
in internal networks range from 64512 to 65535.
address-family ipv4 [unicast | multicast] Example:
Device(config-router)#address-family ipv4
Enters address family configuration mode.
The following address families are supported: IPv4 unicast, IPv4 multicast, IPv4 unicast + label, IPv6 unicast, IPv6 multicast, and IPv6 multicast + label.
bgp additional-paths {send [receive] | receive} Example:
Device(config-router-af)#bgp additional-paths send receive
Enables BGP additional paths to be sent only, received only, or sent and received, after negotiation with the neighbor is completed.
This example enables additional paths to be sent and received.
bgp additional-paths select group-best
Example:
Device(config-router-af)#bgp additional-paths select group-best
(Optional) Calculates the group-best for prefixes during bestpath calculation.
bgp additional-paths select best number
Example:
Device(config-router-af)#bgp additional-paths select best 3
(Optional) Calculates the specified number of best paths, including the advertisement of the bestpath.
The value of number can be 2 or 3.
bgp additional-paths select all
Example:
Device(config-router-af)#bgp additional-paths select all
(Optional) Specifies that all paths with unique next hops are eligible for selection.
neighbor {ip-address | ipv6-address |
Specifies which selection methods control the
peer-group-name } advertise
additional paths that are advertised to the
additional-paths [best number] [group-best] neighbor.
[all]
Example:
Device(config-router-af)#neighbor 192.168.0.1 advertise additional-paths
best 3 group-best all
end Example:
(Optional) Exits to privileged EXEC mode.
Device(config-router-af)#end
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 349
Configuring Additional Paths per Neighbor
Configuring BGP Additional Paths
Configuring Additional Paths per Neighbor
To select which paths are candidates to be additional paths, you can perform any combination of Steps 6, 7, and 8, as long as you perform at least one of those steps.
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device>enable
configure terminal Example:
Enters global configuration mode.
Step 3
Step 4 Step 5
Device#configure terminal
router bgp as-number Example:
Device(config)#router bgp 65000
Configures a BGP routing process and enters router configuration mode.
The as-number argument indicates the number of an autonomous system that identifies the router to other BGP routers and tags the routing information passed along. Valid numbers are from 0 to 65535. Private autonomous system numbers that can be used in internal networks range from 64512 to 65535.
address-family ipv4 [unicast | multicast] Example:
Device(config-router)#address-family ipv4 unicast
Enters address family configuration mode.
The following address families are supported: IPv4 unicast, IPv4 multicast, IPv4 unicast + label, IPv6 unicast, IPv6 multicast, and IPv6 multicast + label.
neighbor {ip-address | ipv6-address | peer-group-name} additional-paths {send [receive] | receive}
Example:
Device(config-router-af)#neighbor 192.168.1.2 additional-paths send receive
Enables the neighbor to send or receive additional paths after negotiation is completed.
· This example enables the neighbor to send and receive additional paths.
· Note that this command overrides any send or receive capability that might have been configured at the address-family level.
Step 6
bgp additional-paths select group-best Example:
(Optional) Calculates the group-best for prefixes during bestpath calculation.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 350
Configuring BGP Additional Paths
Configuring Additional Paths Using a Peer Policy Template
Step 7 Step 8 Step 9
Step 10
Command or Action
Device(config-router-af)#bgp additional-paths select group-best
Purpose
bgp additional-paths select best number
Example:
Device(config-router-af)#bgp additional-paths select best 3
(Optional) Calculates the specified number of best paths, including the selection of the bestpath.
The value of number can be 2 or 3.
bgp additional-paths select all
Example:
Device(config-router-af)#bgp additional-paths select all
(Optional) Specifies that all paths with unique next hops are eligible for selection.
neighbor {ip-address | ipv6-address |
Specifies the selection methods that control
peer-group-name} advertise additional-paths which additional paths are advertised for the
[best number] [group-best] [all]
neighbor.
Example:
Device(config-router-af)#neighbor 192.168.1.2 advertise additional-paths
best 3 group-best all
end Example:
(Optional) Exits to privileged EXEC mode.
Device(config-router-af)#end
Configuring Additional Paths Using a Peer Policy Template
In this configuration task example, the capability to send and receive additional paths and the selection criteria are configured for the address family, and then the template is configured.
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device>enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device#configure terminal
router bgp autonomous-system-number Example:
Enters router configuration mode and creates a BGP routing process.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 351
Configuring Additional Paths Using a Peer Policy Template
Configuring BGP Additional Paths
Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10
Command or Action
Purpose
Device(config)#router bgp 45000
address-family ipv4 unicast Example:
Configures the IPv4 address family.
Device(config-router)#address-family ipv4 unicast
bgp additional-paths {send [receive] | receive}
Example:
Enables BGP additional paths to be sent only, received only, or sent and received for the peers in the address family.
Device(config-router)#bgp additional-paths send receive
bgp additional-paths select [best number] [group-best] [all ]
Example:
Causes the system to calculate BGP additional paths that can be candidates for advertisement in addition to a bestpath.
Device(config-router)#bgp additional-paths select best 3 group-best all
template peer-policy policy-template-name Enters policy-template configuration mode and
Example:
creates a peer policy template.
Device(config-router)#template peer-policy rr-client-pt1
additional-paths {send [receive] | receive} Enables BGP additional paths to be sent only,
Example:
received only, or sent and received for the peers that are covered by the peer policy
template.
Device(config-router-ptmp)#additional-paths
send receive
advertise additional-paths [best number] [group-best] [all]
Example:
Specifies the selection methods that control which additional paths are advertised for the peers that are covered by the peer policy template.
Device(config-router-ptmp)#advertise additional-paths best 3 group-best all
exit Example:
Exits policy-template configuration mode and returns to router configuration mode.
Device(config-router-ptmp)#exit
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 352
Configuring BGP Additional Paths
Filtering and Setting Actions for Additional Paths
Step 11 Step 12 Step 13 Step 14
Command or Action address-family ipv4 unicast Example:
Purpose Configures the IPv4 address family.
Device(config-router)#address-family ipv4 unicast
neighbor {ip-address | ipv6-address | peer-group-name} remote-as autonomous-system-number
Example:
Adds an entry to the BGP neighbor table.
Device(config-router-af)#neighbor 192.168.1.1 remote-as 45000
neighbor ip-address inherit peer-policy policy-template-name
Example:
Sends a peer policy template to a neighbor so that the neighbor can inherit the configuration.
Device(config-router-af)#neighbor 192.168.1.1 inherit peer-policy rr-client-pt1
end Example:
Exits address family configuration mode and returns to privileged EXEC mode.
Device(config-router-af)#end
Filtering and Setting Actions for Additional Paths
You can optionally use a route map to filter the paths to be advertised by matching on the tags of additional paths that are candidates to be advertised. (These tags are the advertise-sets that are configured with the bgp additional-paths select command.) Paths that have the same path marking (tag) as the marking that is configured in the match additional-paths advertise-set command match the route map entry (and are permitted or denied).
You can also optionally set one or more actions to take for those paths that pass the route map. This task happens to use the set metric command to illustrate using a route map with the match additional-paths advertise-set command. Of course, other set commands are available that are not shown in this task.
Why set a metric for paths marked with all (all paths with a unique next hop)? Suppose the neighbor 2001:DB8::1037 is receiving the same route from different neighbors. Routes that are received from the local device have a metric of 565 and routes from another device perhaps have a metric of 700. Routes with metric 565 will have precedence over the routes with metric 700.
Procedure
Step 1
Command or Action enable
Purpose Enables privileged EXEC mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 353
Filtering and Setting Actions for Additional Paths
Configuring BGP Additional Paths
Step 2 Step 3 Step 4
Step 5
Command or Action Example:
Purpose Enter your password if prompted.
Device>enable
configure terminal Example:
Enters global configuration mode.
Device#configure terminal
route-map map-tag [permit | deny] [sequence-number] Example:
Creates a route map.
Device(config)# route-map additional_path1 permit 10
match additional-paths advertise-set [best number] [best-range start-range end-range] [group-best] [all] Example:
Device(config-route-map)# match additional-paths advertise-set best 3
Matches on any path that is tagged with the specified path selection policy.
· You must specify at least one selection method; you can specify more than one selection method in the command.
· Specifying best number is incompatible with specifying best-range.
· Specifying best 1 will match only the bestpath.
· Specifying best-range 1 1 will match only the bestpath.
· Only one match additional-paths advertise-set command is allowed per route map. A subsequent match additional-paths advertise-set command will overwrite the previous command.
set metric metric-value
Sets the metric of the additional paths that pass
Example:
the match criteria.
Note that other set commands can be used to
Device(config-route-map)# set metric 500 take action on the paths that pass the route map.
This example happens to use the set metric
command.
What to do next
After creating the route map, you would reference the route map in the neighbor route-map out command. Thus, the route map is applied to paths being advertised (outgoing) to neighbors. Then you would use the neighbor advertise additional-paths command to advertise the additional paths. See the "Example: BGP Additional Paths" section to see the route map in context.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 354
Configuring BGP Additional Paths
Displaying Additional Path Information
Displaying Additional Path Information
Perform either Step 2 or Step 3 in this task to see information about BGP additional paths.
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
show ip bgp neighbors [ip-address] Example:
Displays the capabilities of the neighbor to send and receive additional paths.
Step 3
Device#show ip bgp neighbors 192.168.1.1
show ip bgp [network] Example:
Displays the additional path selections and path ID for the network.
Device#show ip bgp 192.168.0.0
Disabling Additional Paths per Neighbor
If you had configured the sending or receiving of additional paths on a per neighbor basis (with the neighbor additional-paths command), and you wanted to disable that functionality, you would use the no neighbor additional-paths command.
However, if you had configured the sending or receiving of additional paths for an address family (with the bgp additional-paths command), and you wanted to disable that functionality for a neighbor, you would use the neighbor additional-paths disable command. Disabling additional paths also works if the functionality was inherited from a template.
Perform this task to disable additional path capability for a neighbor.
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device>enable
configure terminal Example:
Enters global configuration mode.
Device#configure terminal
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 355
Configuration Examples for BGP Additional Paths
Configuring BGP Additional Paths
Step 3
Step 4 Step 5 Step 6 Step 7
Command or Action router bgp as-number Example:
Device(config)#router bgp 65000
address-family ipv6 [unicast | multicast] Example:
Purpose
Configures a BGP routing process and enters router configuration mode.
The as-number argument indicates the number of an autonomous system that identifies the router to other BGP routers and tags the routing information that is passed along. Valid numbers are from 0 to 65535. Private autonomous system numbers that can be used in internal networks range from 64512 to 65535.
Enters address family configuration mode.
Device(config-router)#address-family ipv6 unicast
bgp additional-paths {send [receive] | receive}
Example:
Enables BGP additional paths to be sent or received for the neighbors in the address family.
Device(config-router-af)#bgp additional-paths send receive
neighbor {ip-address | ipv6-address | peer-group-name} additional-paths disable Example:
Device(config-router-af)#neighbor 2001:DB8::1 additional-paths disable
Disables BGP additional paths from being sent to or received from the specified neighbor.
The additional path functionality is still enabled for the rest of the neighbors in the address family.
end Example:
(Optional) Exits to privileged EXEC mode.
Device(config-router-af)#end
Configuration Examples for BGP Additional Paths
The following sections provide configuration examples for BGP additional paths.
Example: BGP Additional Path Send and Receive Capabilities
In this example, R1's address is 192.168.1.1; its neighbor is R2, which has address 192.168.1.2. Updates are sent from R2 to R1 with additional-paths (all paths advertised). Updates are sent from R1 to R2 with only the classic BGP bestpath advertised because R2 is only able to send additional paths, not receive additional paths.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 356
Configuring BGP Additional Paths
Example: BGP Additional Paths
R1
router bgp 1 address-family ipv4 unicast bgp additional-paths select all neighbor 192.168.1.2 additional-paths send receive neighbor 192.168.1.2 advertise additional-paths all
R2
router bgp 2 address-family ipv4 unicast bgp additional-paths select all neighbor 192.168.1.1 additional-paths send neighbor 192.168.1.1 advertise additional-paths all
Example: BGP Additional Paths
In the following example, for every address family, there are one or more eBGP neighbors that are not shown in the configuration that are sending routes to the local device. The eBGP routes that are learned from those neighbors are advertised toward the neighbors that are shown in the configuration below and the path attributes are changed. The example configures that:
· The route map that is called add_path1 specifies that all the paths are advertised toward neighbor 192.168.101.15, but any path that is marked with best 2 will have its metric set to 780 before being sent toward that neighbor.
· The route map that is called add_path2 specifies that any path that is marked with best 3 will have its metric set to 640 and will be advertised toward neighbor 192.168.25.
· The route map that is called add_path3 specifies that any path that is marked with group-best will have its metric set to 825 and will be advertised toward neighbor 2001:DB8::1045.
· In the IPv6 multicast address family, all paths are candidates to be advertised and will be advertised toward neighbor 2001:DB8::1037.
router bgp 1 neighbor 192.168.101.15 remote-as 1 neighbor 192.168.101.25 remote-as 1 neighbor 2001:DB8::1045 remote-as 1 neighbor 2001:DB8::1037 remote-as 1
! address-family ipv4 unicast bgp additional-paths send receive bgp additional-paths select all best 3 group-best neighbor 192.168.101.15 activate neighbor 192.168.101.15 route-map add_path1 out neighbor 192.168.101.15 advertise additional-paths best 2 exit-address-family
! address-family ipv4 multicast
bgp additional-paths send receive bgp additional-paths select all best 3 group-best neighbor 192.168.101.25 activate neighbor 192.168.101.25 route-map add_path2 out neighbor 192.168.101.25 advertise additional-paths best 3 exit-address-family !
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 357
Example: Neighbor Capabilities Override Address Family Capabilities
Configuring BGP Additional Paths
address-family ipv6 unicast bgp additional-paths send receive bgp additional-paths select group-best neighbor 2001:DB8::1045 activate neighbor 2001:DB8::1045 route-map add_path3 out neighbor 2001:DB8::1045 advertise additional-paths all group-best exit-address-family ! address-family ipv6 multicast bgp additional-paths send receive bgp additional-paths select all neighbor 2001:DB8::1037 activate neighbor 2001:DB8::1037 route-map add_path4 out neighbor 2001:DB8::1037 advertise additional-paths all exit-address-family ! route-map add_path1 permit 10 match additional-paths advertise-set best 2 set metric 780 route-map add_path1 permit 20 ! route-map add_path2 permit 10 match additional-paths advertise-set best 3 set metric 640 ! route-map add_path3 permit 10 match additional-paths advertise-set group-best set metric 825 !
Example: Neighbor Capabilities Override Address Family Capabilities
In the following example, the receive-only capability of the neighbor overrides the send and receive capability of the address family:
router bgp 65000 address-family ipv6 multicast bgp additional-paths send receive bgp additional-paths select group-best neighbor 2001:DB8::1037 activate neighbor 2001:DB8::1037 additional-paths receive neighbor 2001:DB8::1037 advertise additional-paths group-best !
Example: BGP Additional Paths Using a Peer Policy Template
router bgp 45000 address-family ipv4 unicast bgp additional-paths send receive bgp additional-paths select all group-best best 3 template peer-policy rr-client-pt1 additional-paths send receive advertise additional-paths group-best best 3 exit address-family ipv4 unicast
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 358
Configuring BGP Additional Paths
Additional References
neighbor 192.168.1.1 remote-as 45000 neighbor 192.168.1.1 inherit peer-policy rr-client-pt1 end
Additional References
Related Documents Related Topic BGP commands
Standards and RFCs Standard/RFC RFC 3107 RFC 4271 RFC 4760
Document Title Cisco IOS IP Routing: BGP Command Reference
Title Carrying Label Information in BGP-4 A Border Gateway Protocl (BGP-4) Multiprotocol Extensions for BGP-4
Feature History for BGP Additional Paths
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1 BGP Additional Paths
The BGP Additional Paths feature provides a way for multiple paths for the same prefix to be advertisedwithout the new paths implicitly replacing the previous paths. Thus, path diversity is achieved instead of path hiding.
Cisco IOS XE Cupertino 17.7.1 BGP Additional Paths
Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 359
Feature History for BGP Additional Paths
Configuring BGP Additional Paths
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 360
3 0 C H A P T E R
Configuring BGP Graceful Shutdown
· Information About BGP Graceful Shutdown, on page 361 · How to Configure BGP Graceful Shutdown, on page 362 · Configuration Examples for BGP Graceful Shutdown, on page 367 · Additional References, on page 369 · Feature History for BGP Graceful Shutdown, on page 370
Information About BGP Graceful Shutdown
The following sections provide information about BGP graceful shutdown.
Purpose and Benefits of BGP Graceful Shutdown
There are times when planned maintenance operations cause routing changes in BGP. After the shutdown of eBGP and iBGP peering sessions between autonomous system border routers (ASBRs), BGP devices are temporarily unreachable during BGP convergence. The goal of gracefully shutting down one or more BGP sessions is to minimize traffic loss during the planned shutdown and subsequent reestablishment of the sessions. The BGP Graceful Shutdown feature reduces or eliminates the loss of inbound or outbound traffic flows that were initially forwarded along the peering link that is being shut down for maintenance. This feature is primarily for PE-CE, PE-RR and PE-PE links. Lowering the local preference for paths that are received over the session being shutdown renders the affected paths less preferred by the BGP decision process, but still allows the paths to be used during the convergence while alternative paths are propagated to the affected devices. Therefore, devices always have a valid route available during the convergence process. The feature also allows vendors to provide a graceful shutdown mechanism that does not require any router reconfiguration at maintenance time. The benefits of the BGP Graceful Shutdown feature are fewer lost packets and less time spent reconfiguring devices.
GSHUT Community
The GSHUT community is a well-known community used in conjunction with the BGP Graceful Shutdown feature. The GSHUT community attribute is applied to a neighbor specified by the neighbor shutdown graceful command, thereby gracefully shutting down the link in an expected number of seconds. The GSHUT community is always sent by the GSHUT initiator.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 361
BGP GSHUT Enhancement
Configuring BGP Graceful Shutdown
The GSHUT community is specified in a community list, which is referenced by a route map and then used to make policy routing decisions.
The GSHUT community can also be used in the show ip bgp community command to limit output to GSHUT routes.
BGP GSHUT Enhancement
The BGP Graceful Shutdown (GSHUT) Enhancement feature enables graceful shutdown of either all neighbors or only virtual routing and forwarding (VRF) neighbors across BGP sessions. To enable the BGP GSHUT enhancement feature on the device, you must configure either the community keyword or the local-preference keyword in the bgp graceful-shutdown all command. Use the activate keyword to activate graceful shutdown either across all neighbors or only across all VRF neighbors, across all BGP sessions.
How to Configure BGP Graceful Shutdown
The following sections provide configurational information about BGP graceful shutdown.
Shutting Down a BGP Link Gracefully
To shut down a BGP link gracefully, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device>enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device#configure terminal
router bgp autonomous-system-number Example:
Configures a BGP routing process.
Step 4
Device(config)#router bgp 5000
neighbor {ipv4-address | ipv6-address} remote-as number Example:
Configures the autonomous system (AS) to which the neighbor belongs.
Device(config-router)#neighbor 2001:db8:3::1 remote-as 5500
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 362
Configuring BGP Graceful Shutdown
Shutting Down a BGP Link Gracefully
Step 5 Step 6
Command or Action
Purpose
neighbor {ipv4-address | ipv6-address |
Configures the device to gracefully shut down
peer-group-name} shutdown graceful seconds the link to the specified peer in the specified
{community value [local-preference value] number of seconds; advertises the route with
| local-preference value}
the GSHUT (Graceful Shutdown) community;
Example:
and advertises the route with another community or specifies a local preference value
Device(config-router)#neighbor
for the route, or both.
2001:db8:3::1 shutdown graceful 600 community 1200 local-preference 300
· Make sure to specify an adequate amount of time for iBGP peers to converge and to
choose an alternate path as the best path.
· If the graceful keyword is used in the neighbor shutdown command, at least one of the two attributes (a community or local preference) must be configured. You may configure both attributes.
· If the graceful keyword is used in the neighbor shutdown command, the route is advertised with the GSHUT community by default. You may also set one other community for policy routing purposes.
· In this particular example, the route to the neighbor is configured to shut down in 600 seconds, is advertised with the GSHUT community and community 1200, and is configured with a local preference of 300.
· The device receiving the advertisement looks at the community value(s) of the route and optionally uses the community value to apply routing policy. Filtering routes based on a community is done with the ip community-list command and a route map.
· During the graceful shutdown, the neighbor shutdown command is not nvgened. After the timer expires, SHUTDOWN is nvgened.
end Example:
Returns to EXEC mode.
Device(config-router)#end
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 363
Filtering BGP Routes Based on the GSHUT Community
Configuring BGP Graceful Shutdown
Step 7
Command or Action show ip bgp community gshut Example:
Device#show ip bgp community gshut
Purpose
(Optional) Displays information about the routes that are advertised with the well-known GSHUT community.
Filtering BGP Routes Based on the GSHUT Community
Perform this task on a BGP peer to the device where you enabled the BGP Graceful Shutdown feature. To filter BGP routes based on the GSHUT community, perform this procedure:
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device>enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device#configure terminal
router bgp autonomous-system-number Example:
Configures a BGP routing process.
Step 4
Device(config)#router bgp 2000
neighbor {ipv4-address | ipv6-address} remote-as number Example:
Configures the autonomous system (AS) to which the neighbor belongs.
Step 5
Device(config-router)#neighbor 2001:db8:4::1 remote-as 1000
neighbor {ipv4-address | ipv6-address} activate
Example:
Activates the neighbor.
Step 6
Device(config-router)#neighbor 2001:db8:4::1 activate
neighbor {ipv4-address | ipv6-address} send-community
Example:
Enables BGP community exchange with the neighbor.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 364
Configuring BGP Graceful Shutdown
Filtering BGP Routes Based on the GSHUT Community
Step 7 Step 8 Step 9 Step 10 Step 11
Step 12 Step 13
Command or Action
Purpose
Device(config-router)#neighbor 2001:db8:4::1 send-community
exit Example:
Exits router configuration mode.
Device(config-router)#exit
route-map map-tag [permit | deny] [sequence-number] Example:
Configures a route map to permit or deny routes for policy routing.
Device(config)#route-map RM_GSHUT deny 10
match community {standard-list-number | Configures that the routes that match ip expanded-list-number | community-list-name community-list GSHUT will be policy routed. [exact]}
Example:
Device(config-route-map)#match community GSHUT
exit Example:
Exits route-map configuration mode.
Device(config-route-map)#exit
ip community-list {standard | standard list-name} {deny | permit} gshut Example:
Device(config)#ip community-list standard GSHUT permit gshut
router bgp autonomous-system-number Example:
Configures a community list and permits or denies routes that have the GSHUT community to the community list.
If you specify other communities in the same statement, there is a logical AND operation and all communities in the statement must match the communities for the route in order for the statement to be processed.
Configures a BGP routing process.
Device(config)#router bgp 2000
neighbor address route-map map-name in Example:
Device(config)#neighbor 2001:db8:4::1 route-map RM_GSHUT in
Applies the route map to incoming routes from the specified neighbor.
In this example, the route map that is named RM_GSHUT denies routes from the specified neighbor that have the GSHUT community.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 365
Configuring BGP GSHUT Enhancement
Configuring BGP Graceful Shutdown
Configuring BGP GSHUT Enhancement
To configure BGP GSHUT enhancement, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device>enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device#configure terminal
router bgp autonomous-system-number Example:
Enters router configuration mode to create or configure a BGP routing process.
Step 4
Device(config)#router bgp 65000
bgp graceful-shutdown all {neighbors | vrfs} Enables the BGP GSHUT enhancement feature shutdown-time {community community-value on the device. [local-preference local-pref-value] | local-preference local-pref-value [community community-value]}
Example:
Step 5
Device(config-router)#bgp graceful-shutdown all neighbors 180 local-preference 20 community 10
bgp graceful-shutdown all {neighbors | vrfs} Activates graceful shutdown across all
activate
neighbors or only across VRF neighbors for
Example:
BGP sessions.
Step 6
Device(config-router)#bgp graceful-shutdown all neighbors activate
end Example:
Returns to privileged EXEC mode.
Step 7
Device(config-router)#end
show ip bgp Example:
Displays entries in the BGP routing table.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 366
Configuring BGP Graceful Shutdown
Configuration Examples for BGP Graceful Shutdown
Step 8
Command or Action
Purpose
Device#show ip bgp neighbors 10.2.2.2 | include shutdown
show running-config Example:
Displays running configuration on the device.
Device#show running-config | session router bgp
Configuration Examples for BGP Graceful Shutdown
The following sections provide configuration examples for BGP graceful shutdown.
Example: Shutting Down a BGP Link Gracefully
Graceful Shutdown While Setting a Local-Preference This example gracefully shuts down the link to the specified neighbor in 600 seconds, adds the GSHUT community to the route, and sets a local preference of 500 for the route.
router bgp 1000 neighbor 2001:db8:5::1 remote-as 2000 neighbor 2001:db8:5::1 shutdown graceful 600 local-preference 500 neighbor 2001:db8:5::1 send-community exit
Graceful Shutdown While Setting an Additional Community
This example gracefully shuts down the link to the specified neighbor in 600 seconds, and adds the GSHUT community and numbered community to the route.
router bgp 1000 neighbor 2001:db8:5::1 remote-as 2000 neighbor 2001:db8:5::1 shutdown graceful 600 community 1400 neighbor 2001:db8:5::1 send-community exit
Graceful Shutdown while Setting an Additional Community and Local-Preference This example gracefully shuts down the link to the specified neighbor in 600 seconds, adds the GSHUT community and the numbered community to the route, and sets a local preference of 500 to the route.
router bgp 1000
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 367
Example: Filtering BGP Routes Based on the GSHUT Community
Configuring BGP Graceful Shutdown
neighbor 2001:db8:5::1 remote-as 2000 neighbor 2001:db8:5::1 shutdown graceful 600 community 1400 local-preference 500 neighbor 2001:db8:5::1 send-community exit
Example: Filtering BGP Routes Based on the GSHUT Community
In additional to being able to gracefully shut down a BGP route, another use of the GSHUT community is to configure a community list to filter routes with this community from getting into the BGP routing table. This example illustrates how to use a community list to filter incoming BGP routes based on the GSHUT community. In this example, a route map that is named RM_GSHUT denies routes based on a standard community list named GSHUT. The community list contains routes with the GSHUT community. The route map is then applied to incoming routes from the neighbor at 2001:db8:4::1.
Device(config)#router bgp 2000 Device(config-router)#neighbor 2001:db8:4::1 remote-as 1000 Device(config-router)#neighbor 2001:db8:4::1 activate Device(config-router)#neighbor 2001:db8:4::1 send-community Device(config-router)#exit Device(config)#route-map RM_GSHUT deny 10 Device(config-route-map)#match community GSHUT Device(config-route-map)#exit Device(config)#ip community-list standard GSHUT permit gshut Device(config)#router bgp 2000 Device(config)#neighbor 2001:db8:4::1 route-map RM_GSHUT in
Example: BGP GSHUT Enhancement
The following example shows how to enable and activate the BGP GSHUT enhancement feature across all neighbors. In this example, the neighbors are configured to gracefully shutdown within the specified duration of 180 seconds.
Device>enable Device#configure terminal Device(config)#router bgp 65000 Device(config-router)#bgp graceful-shutdown all neighbors 180 local-preference 20 community
10 Device(config-router)#bgp graceful-shutdown all neighbors activate Device(config-router)#end
Following is sample output from the show ip bgp command, which displays the graceful shutdown time for each neighbor. In this example, there are two IPv4 neighbors that are configured with IP address 10.2.2.2 and 172.16.2.1 and one VRF neighbor, tagged v1, is configured with IP address 192.168.1.1.
Device#show ip bgp neighbors 10.2.2.2 | include shutdown
Graceful Shutdown Timer running, schedule to reset the peer in 00:02:47 seconds Graceful Shutdown Localpref set to 20
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 368
Configuring BGP Graceful Shutdown
Additional References
Graceful Shutdown Community set to 10
Device#show ip bgp neighbors 172.16.2.1 | include shutdown
Graceful Shutdown Timer running, schedule to reset the peer in 00:02:38 seconds Graceful Shutdown Localpref set to 20 Graceful Shutdown Community set to 10
Device#show ip bgp vpnv4 vrf v1 neighbors 192.168.1.1 | include shutdown
Graceful Shutdown Timer running, schedule to reset the peer in 00:01:45 seconds Graceful Shutdown Localpref set to 20 Graceful Shutdown Community set to 10
Following is sample output from the show running-config command, which displays information that is associated with the BGP session in router configuration mode:
Device#show running-config | session router bgp
router bgp 65000 bgp log-neighbor-changes bgp graceful-shutdown all neighbors 180 local-preference 20 community 10 network 10.1.1.0 mask 255.255.255.0 neighbor 10.2.2.2 remote-as 40 neighbor 10.2.2.2 shutdown neighbor 172.16.2.1 remote-as 10 neighbor 172.16.2.1 shutdown ! address-family vpnv4 neighbor 172.16.2.1 activate neighbor 172.16.2.1 send-community both exit-address-family ! address-family ipv4 vrf v1 neighbor 192.168.1.1 remote-as 30 neighbor 192.168.1.1 shutdown neighbor 192.168.1.1 activate neighbor 192.168.1.1 send-community both exit-address-family
Additional References
Related Documents Related Topic BGP commands
Document Title Cisco IOS IP Routing: BGP Command Reference
Standards and RFCs Standard/RFC Title RFC 6198 Requirements for the Graceful Shutdown of BGP Sessions
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 369
Feature History for BGP Graceful Shutdown
Configuring BGP Graceful Shutdown
Feature History for BGP Graceful Shutdown
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1 BGP Graceful Shutdown
The BGP Graceful Shutdown feature reduces or eliminates the loss of inbound or outbound traffic flows that were initially forwarded along the peering link that is being shut down for maintenance.
Cisco IOS XE Cupertino 17.7.1 BGP Graceful Shutdown
Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 370
3 1 C H A P T E R
Configuring BGP Large Community
· Restrictions for the BGP Large Community, on page 371 · Information About the BGP Large Community Feature, on page 371 · How to Configure BGP Large Community, on page 372 · Configuration Example for BGP Large Community , on page 379 · Feature History for BGP Large Community, on page 380
Restrictions for the BGP Large Community
When large communities are specified in commands, they are specified as three non-negative decimal integers separated by colons. For example as 1:2:3. Each integer is stored in 32 bits. The possible range for each integer is four octet decimal which can be from 0 to 4294967295.
Information About the BGP Large Community Feature
The BGP large communities attribute provides the capability for tagging routes and modifying BGP routing policy on routers. BGP large communities can be appended or removed selectively on the large community attribute as the route travels from router to router. The BGP large communities are similar attributes to BGP communities, but with a twelve octet size. However, there are no well-known large communities as in communities. The BGP large communities are also split logically into a 4 octet Global Administrator field and a 8 octet Local Administrator field. A 4 octet Autonomous System can fit into the Global Administrator field. For more information on BGP large community, see the rfc8092 document.
Large Community Lists
A BGP large community list is used to create groups of large communities which can be used in a match clause of a route map. You can use the large communities to control the routing policy. Routing policy allows you to filter the routes you receive or advertise, or modify the attributes of the routes you receive or advertise. You can also use a large community list to set or delete the large communities selectively.
· Standard large community lists are used to specify large communities. · Expanded large community lists are used to specify large communities using a regular expression.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 371
BGP Large Community Attribute
Configuring BGP Large Community
A large community list can be either named or numbered and standard or expanded. All the rules of numbered large community lists apply to named large community lists, except that there is no limit on the number of named community lists that can be configured.
Note A maximum of 100 numbered standard large community lists and 100 numbered expanded large community lists can be configured. A named large community list does not have this limitation.
BGP Large Community Attribute
In a BGP large community, the community value is encoded as a 12 octet number. The following image displays the syntax of the large community attribute.
How to Configure BGP Large Community
The following sections provide configuration information about BGP large community.
Enabling BGP Large Community
To enable the large-communities, perform the following steps.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 372
Configuring BGP Large Community
Enabling BGP Large Community
Procedure
Step 1
Command or Action configure terminal Example:
Step 2
Device# configure terminal
router bgp autonomous-system-number Example:
Device(config)# router bgp 64496
Step 3
neighbor IP address remote-as autonomous-system-number
Example:
Device(config-router)# neighbor 209.165.201.1 remote-as 100
Purpose Enters global configuration mode.
Enables BGP and assigns the AS number to the local BGP speaker. The AS number can be a 16-bit integer or a 32-bit integer in the form of a higher 16-bit decimal number and a lower 16-bit decimal number.
Enters global address family configuration mode. This command triggers an automatic notification and session reset for all BGP neighbors.
Step 4 Step 5
address-family { ipv4 | ipv6 | l2vpn | nsap {unicast |multicast }}
Example:
Enters global address family configuration mode. This command triggers an automatic notification and session reset for all BGP neighbors.
Device(config-router-neighbor)# address-family ipv4 multicast
Note
It also supports other available
address families.
neighbor IP address activate Example:
Enters global address family configuration mode and activates the BGP neighbor.
Device(config-router)# neighbor 209.165.201.1 activate
Step 6
neighbor IP address send-community {both Configures the router to send the
| extended | standard}
large-community attribute to the neighbor
Example:
209.165.201.1.
· Both--Sends both the extended large
Device(config-router-neighbor-af)#
community and standard large community
neighbor 209.165.201.1 send-community standard
attributes to the neighbor.
· Extended--Sends the extended community
attribute to the neighbor.
· Standard--Sends large community and also (regular) community attribute to the neighbor.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 373
Configuring Route-map with Large Community Lists and Matching a Large Community
Configuring BGP Large Community
Step 7 Step 8
Command or Action exit Example:
Device(config-router)# exit Device(config-router)# exit
end Example:
Device(config)# end
Purpose Exits address-family mode and router configuration mode and enters global configuration mode.
Exits configuration mode and enters privileged EXEC mode.
Configuring Route-map with Large Community Lists and Matching a Large Community
To match a BGP large community, perform the following steps.
Procedure
Step 1
Command or Action configure terminal Example:
Purpose Enters global configuration mode.
Step 2
Device# configure terminal
route-map map-tag [permit | deny] [sequence number] Example:
Enters the route-map configuration mode and defines the conditions for routes from one routing protocol into another.
Step 3 Step 4
Device(config)# route-map test permit 10
match large-community {name | numbered Matches a large-community list. Defines the
}
rules for an entry in the large-community lists
Example:
and ensures that all the large communties match the large communities in the routes.
Device(config-route-map)# match large-community 1
exit Example:
Exits router configuration mode and enters global configuration mode.
Step 5
Device(config-router)# exit
route-map map-tag [permit | deny] [sequence number] Example:
Enters the route-map configuration mode and defines the conditions for routes from one routing protocol into another.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 374
Configuring BGP Large Community
Defining BGP Large Community List
Step 6 Step 7
Command or Action
Purpose
Device(config)# route-map test permit 10
match large-community {name | numbered Matches a large-community list. Defines the
} exact match
rules for an entry in the large-community lists
Example:
and ensures that all the large communties match the large communities in the routes. The key
Device(config-route-map)# match large-community 1 exact-match
word exact-match indicates that an exact match is required to match a BGP large community.
end Example:
Exits route map configuration mode and enters privileged EXEC mode.
Device(config-route-map)# end
Defining BGP Large Community List
To define the BGP large community list, perform the following steps. BGP large community supports named and numbered community lists.
Procedure
Step 1
Command or Action enable Example:
Step 2
Device> enable
configure terminal Example:
Purpose Enables higher privilege levels, such as privileged EXEC mode. Enter your password if prompted.
Enters global configuration mode.
Step 3
Device# configure terminal
ip large-community-list {standard-list-number | standard standard-list-name } {deny | permit} community-number large-community
Example:
Numbered Large-community List
Defining the large community based on the standard list number. If you attempt to configure more than 6 communities, the trailing communities that exceed the limit are not processed or saved to the running configuration file.
ip large-community-list 1 permit 1:2:3 5:6:7 ip large-community-list 1 permit 4123456789:4123456780:4123456788
Named Large-community List
ip large-community-list standard LG_ST permit 1:2:3 5:6:7
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 375
Configuring the Route-Map to Set BGP Large Communities
Configuring BGP Large Community
Step 4
Step 5 Step 6
Command or Action
Purpose
ip large-community-list standard LG_ST permit 4123456789:4123456780:4123456788
ip large-community-list {expanded-list number | expanded expanded-list-name} {deny | permit} regexp
Defines the large communities based on regular expression and matches according to Cisco's regular expression implementation.
Example: Numbered Extended Large-community List
ip large-community-list 100 permit ^5:.*:7$ ip large-community-list 100 permit ^5:.*:8$
Named Extended Large-community List
ip large-community-list expanded LG_EX permit ^5:.*:7$ ip large-community-list expanded LG_EX permit ^5:.*:8$
exit Example:
Exits router configuration mode and enters global configuration mode.
Device(config-router)# exit
end Example:
Exits route map configuration mode and enters privileged EXEC mode.
Device(config)# end
Configuring the Route-Map to Set BGP Large Communities
To set the large-communities, perform the following steps.
Procedure
Step 1
Command or Action configure terminal Example:
Purpose Enters global configuration mode.
Step 2
Device# configure terminal
route-map map-tag [permit | deny] [sequence number] Example:
Enters the route-map configuration mode and specifies a set of large communities to a route.
Device(config)# route-map foo permit 10
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 376
Configuring BGP Large Community
Deleting Large Communities
Step 3 Step 4 Step 5 Step 6 Step 7
Command or Action
Purpose
set large-community {none | {xx:yy:zz }} A route-map set statement is used to set large
Example:
communities in a route. It can specify a set of large communities to a route.
Device(config-route-map)# set large-community 1:2:3 5:6:7
exit Example:
Exits router configuration mode and enters global configuration mode.
Device(config-router)# exit
route-map map-tag [permit | deny] [sequence number] Example:
Enters the route-map configuration mode and specifies a set of large communities to a route.
Device(config)# route-map foo permit 10
set large-community {none | {xx:yy:zz | additive }} Example:
Device(config-route-map)# set large-community 1:2:3 5:6:7 additive
A route-map set statement is used to set large communities in a route. It can specify a set of large communities to a route. Also, the keyword additive adds the large communities without removing the existing large communities.
end Example:
Exits route map configuration mode and enters privileged EXEC mode.
Device(config-route-map)# end
Deleting Large Communities
To delete BGP large communities, perform the following steps.
Procedure
Step 1
Command or Action configure terminal Example:
Purpose Enters global configuration mode.
Step 2
Device# configure terminal
route-map map-tag [permit | deny] [sequence number] Example:
Enters the route-map configuration mode and defines the conditions for redistributing routes from one routing protocol into another.
Device(config)# route-map test permit 10
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 377
Verifying the Configuration of the BGP Large Community
Configuring BGP Large Community
Step 3 Step 4 Step 5
Command or Action
set large-comm-list community-list-name delete Example:
Purpose
Deletes the large-communities based on large-community-list matches.
Device(config-route-map)# set large-comm-list 1 delete Device(config-route-map)#
exit Example:
Exits router configuration mode and enters global configuration mode.
Device(config-router)# exit
end Example:
Exits route map configuration mode and enters privileged EXEC mode.
Device(config-route-map)# end
Verifying the Configuration of the BGP Large Community
To verify the BGP large community, use the following command. This example shows a list of routes that contain all of the large communities that are given in the command. The listed routes may contain additional large communities.
Device# show bgp large-community 1:2:3 5:6:7 BGP table version is 17, local router ID is 1.1.1.3 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found
Network *>i 5.5.5.5/32 *>i 5.5.5.6/32
Next Hop 1.1.1.2 1.1.1.2
Metric LocPrf Weight Path
0 100
0?
0 100
0?
This example displays the listed routes that contain only the given large communities when you add the keyword exact-match in configuration.
Device#show bgp large-community 1:2:3 5:6:7 exact-match BGP table version is 17, local router ID is 1.1.1.3 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found
Network *>i 5.5.5.5/32
Next Hop 1.1.1.2
Metric LocPrf Weight Path
0 100
0?
In these examples, the routes 5.5.5.5/32 and 5.5.5.6/32 contain both the large communities 1:2:3 and 5:6:7. The route 5.5.5.6/32 contains some additional large communities.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 378
Configuring BGP Large Community
Troubleshooting Large Communities
This example displays a large-community list.
Device#show ip largecommunity-list 20 Large Community standard list 20
permit 1:1:2
Device#show bgp large-community-list 20 Large Community standard list 20
permit 1:1:2
Troubleshooting Large Communities
To debug the large communities, use debug ip bgp update command.
Device#debug ip bgp update
*Mar 10 23:25:01.194: BGP(0): 192.0.0.1 rcvd UPDATE w/ attr: nexthop 192.0.0.1, origin ?, metric 0, merged path 1, AS_PATH , community 0:44 1:1 2:3, large-community 3:1:244 3:1:245 *Mar 10 23:25:01.194: BGP(0): 192.0.0.1 rcvd 5.5.5.1/32 *Mar 10 23:25:01.194: BGP(0): Revise route installing 1 of 1 routes for 5.5.5.1/32 -> 192.0.0.1(global) to main IP table
Memory Display
The show ip bgp summary command displays large-community memory information.
Device #show ip bgp summary BGP router identifier 1.1.1.1, local AS number 1 BGP table version is 3, main routing table version 3 2 network entries using 496 bytes of memory 2 path entries using 272 bytes of memory 1/1 BGP path/bestpath attribute entries using 288 bytes of memory 1 BGP community entries using 40 bytes of memory 2 BGP large-community entries using 96 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 1096 total bytes of memory BGP activity 3/1 prefixes, 3/1 paths, scan interval 60 secs 2 networks peaked at 13:04:52 Mar 11 2020 EST (00:07:25.579 ago)
Neighbor
V
192.0.0.2
4
AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2 1245 1245
3 0 0 18:47:56
0
Configuration Example for BGP Large Community
The following example shows how to configure route-maps using large-communities. A route-map set statement is used to set the large communities in a route. It can specify a set of large communities to a route. The additive keyword adds the large communities without removing the existing large communities (for standard large community-lists only). Setting Large Communities This example shows how to set large communities.
route-map foo permit 10 set large-community 1:2:3 5:6:7
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 379
Feature History for BGP Large Community
Configuring BGP Large Community
route-map foo2 permit 10 set large-community 1:2:3 5:6:7 additive
Matching Large Communities This example shows how to match large communities.
route-map foo permit 10 match large-community 1
route-map foo2 permit 10 match large-community 1 exact-match
Deleting Large Communities This example shows how to delete a large community.
route-map foo set large-comm-list 1 delete
Numbered Standard Large Community List This example shows how to configure a numbered large community list.
ip large-community-list 1 permit 1:2:3 5:6:7 ip large-community-list 1 permit 4123456789:4123456780:4123456788
Named Standard Large Community List This example shows how to configure a named standard large community list.
ip large-community-list standard LG_ST permit 1:2:3 5:6:7 ip large-community-list standard LG_ST permit 4123456789:4123456780:4123456788
Numbered Expanded Large Community List This example shows how to configure a numbered expanded large community list.
ip large-community-list 100 permit ^5:.*:7$ ip large-community-list 100 permit ^5:.*:8$
Named Expanded Large Community List This example shows how to configure a named expanded large community list.
ip large-community-list expanded LG_EX permit ^5:.*:7$ ip large-community-list expanded LG_EX permit ^5:.*:8$
Feature History for BGP Large Community
This table provides release and related information for the features explained in this module.
These features are available on all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Bengaluru 17.4.1
BGP Large Community The BGP large communities attribute provides the capability for tagging routes and modifying BGP routing policy on routers. They are similar attributes to BGP communities, but with a twelve octet size.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 380
Configuring BGP Large Community
Feature History for BGP Large Community
Release
Cisco IOS XE Cupertino 17.7.1
Feature
Feature Information
BGP Large Community Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 381
Feature History for BGP Large Community
Configuring BGP Large Community
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 382
3 2 C H A P T E R
Configuring BGP Monitoring Protocol
· Prerequisites for BGP Monitoring Protocol, on page 383 · Information About BGP Monitoring Protocol, on page 383 · How to Configure BGP Monitoring Protocol, on page 384 · Verifying BGP Monitoring Protocol, on page 389 · Monitoring BGP Monitoring Protocol, on page 390 · Examples for Configuring, Verifying, and Monitoring BGP Monitoring Protocol, on page 391 · Additional References for BGP Monitoring Protocol, on page 395 · Feature History for BGP Monitoring Protocol, on page 396
Prerequisites for BGP Monitoring Protocol
Before you configure BGP Monitoring Protocol (BMP) servers, you must configure Border Gateway Protocol (BGP) neighbors, which function as BMP clients, and establish a session with its peers using either IPv4/IPv6 or VPNv4/VPNv6 address-family identifiers.
Information About BGP Monitoring Protocol
The BGP Monitoring Protocol (BMP) feature enables monitoring of BGP neighbors (called BMP clients). You can configure a device to function as a BMP server, which monitors either one or several BMP clients, which in turn, has several active peer sessions configured. You can also configure a BMP client to connect to one or more BMP servers. The BMP feature enables configuration of multiple BMP servers (configured as primary servers) to function actively and independent of each other, simultaneously to monitor BMP clients. Each BMP server is specified by a number and you can use command-line interface (CLI) to configure parameters such as IP address, port number, and so on. Upon activation of a BMP server, it attempts to connect to BMP clients by sending an initiation message. The CLI enables multiple--independent and asynchronous--BMP server connections. BGP neighbors, called BMP clients, are configured to send data to specific BMP servers for monitoring purposes. These clients are configured in a queue. When a request for a connection arrives from BMP clients to BMP servers, the connection is established based on the order in which the requests arrived. Once the BMP server connects with the first BMP neighbor, it sends out refresh requests to monitor the BMP clients and starts monitoring those BMP clients with whom the connection is already established.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 383
How to Configure BGP Monitoring Protocol
Configuring BGP Monitoring Protocol
The session connection requests from the other BMP clients in queue to the BMP servers initiates after an initial delay that you can configure using the initial-delay command. If a connection establishes but fails later, due to some reason, the connection request is retried after a delay, which you can configure using failure-retry-delay command. If there is repeated failure in connection establishment, the connection retries are delayed based on the delay that is configured using the flapping-delay command. Configuring the delay for such requests becomes significant because the routes refresh requests that are sent to all connected BMP clients causes considerable network traffic and load on the device.
To avoid excessive load on the device, the BMP servers send route refresh requests to individual BMP clients at a time, in the order in which connections are established in the queue. Once a BMP client that is already connected is in the "reporting" state, it sends a "peer-up" message to the BMP server. After the client receives a route-refresh request, route monitoring begins for that neighbor. Once the route refresh request ends, the next neighbor in the queue is processed. This cycle continues until all "reporting" BGP neighbors are reported and all routes that are sent by these "reporting" BGP neighbors are continuously monitored. If a neighbor establishes after BMP monitoring has begun, it does not require a route-refresh request. All received routes from that client are sent to BMP servers.
It is advantageous to batch up refresh requests from BMP clients, if several BMP servers are activated in quick succession. Use the bmp initial-refresh delay command to configure a delay in triggering the refresh mechanism when the first BMP server comes up. If other BMP servers come online within this time-frame, only one set of refresh requests is sent to the BMP clients. You can also configure the bmp initial-refresh skip command to skip all refresh requests from BMP servers and just monitor all incoming messages from the peers.
In a client-server configuration, it is recommended that the resource load of the devices be kept minimal and adding excessive network traffic must be avoided. In the BMP configuration, you can configure various delay timers on the BMP server to avoid flapping during connection between the server and client. To avoid excessive message throughput or high usage of system resources, you can configure the maximum buffer limit for the BMP session.
How to Configure BGP Monitoring Protocol
The following sections provide configurational information about BGP monitoring protocol.
Configuring a BGP Monitoring Protocol Session
Perform this task to configure BGP Monitoring Protocol (BMP) session parameters for the BMP servers to establish connectivity with BMP clients. To configure a BGP monitoring protocol session, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Purpose
Enables privileged EXEC mode. Enter your password if prompted.
Device> enable
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 384
Configuring BGP Monitoring Protocol
Configuring BGP Monitoring Protocol on BGP Neighbors
Step 2 Step 3 Step 4
Step 5
Command or Action configure terminal Example:
Purpose Enters global configuration mode.
Device# configure terminal
router bgp as-number Example:
Enters router configuration mode and creates a BGP routing process.
Device(config)# router bgp 65000
bmp {buffer-size buffer-bytes | initial-refresh Configures BMP parameters for BGP neighbors
{delay refresh-delay | skip} | server
and enters BMP server configuration mode to
server-number-n
configure BMP servers.
Example:
Device(config-router)# bmp initial-refresh delay 30
end Example:
Returns to privileged EXEC mode.
Device(config-router)# end
Configuring BGP Monitoring Protocol on BGP Neighbors
Perform this task to activate BGP Monitoring Protocol (BMP) on BGP neighbors (also called BMP clients) so that the client activity is monitored by the BMP server that is configured on the neighbor. To configure BGP monitoring protocol on BGP neighbors, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Purpose
Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device# configure terminal
router bgp as-number Example:
Enters router configuration mode and creates a BGP routing process.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 385
Configuring BGP Monitoring Protocol Servers
Configuring BGP Monitoring Protocol
Step 4
Step 5 Step 6
Command or Action
Purpose
Device(config)# router bgp 65000
neighbor {ipv4-addr | neighbor-tag |
Activates BMP monitoring on a BGP neighbor.
ipv6-addr} bmp-activate {all | server
server-number-1 [server server-number-2 . . .
[server server-number-n]]}
Example:
Device(config-router)# neighbor 30.1.1.1 bmp-activate server 1 server 2
Repeat Steps 1 to 4 to configure other BMP clients in the session.
end Example:
Returns to privileged EXEC mode.
Device(config-router)# end
Configuring BGP Monitoring Protocol Servers
Perform this task to configure BGP Monitoring Protocol (BMP) servers and its parameters in BMP server configuration mode. To configure BGP monitoring protocol servers, perform this procedure:
Procedure Step 1
Command or Action enable Example:
Purpose
Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device# configure terminal
router bgp as-number Example:
Enters router configuration mode and creates a BGP routing process.
Step 4
Device(config)# router bgp 65000
bmp {buffer-size buffer-bytes |
Enters BMP server configuration mode to
initial-refresh {delay refresh-delay | skip} configure BMP servers.
| server server-number-n
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 386
Configuring BGP Monitoring Protocol
Configuring BGP Monitoring Protocol Servers
Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11
Command or Action Example:
Purpose
Device(config-router)# bmp server 1
activate Example:
Initiates a connection between BMP server and BGP neighbors.
Device(config-router-bmpsrvr)# activate
address {ipv4-addr | ipv6-addr} port-number port-number
Example:
Configures IP address and port number to a specific BMP server.
Device(config-router-bmpsrvr)# address 10.1.1.1 port-number 8000
description LINE server-description Example:
Configures a textual description of a BMP server.
Device(config-router-bmpsrvr)# description LINE SERVER1
failure-retry-delay failure-retry-delay Example:
Configures delay in the retry requests during failures when sending BMP server updates.
Device(config-router-bmpsrvr)# failure-retry-delay 40
flapping-delay flap-delay Example:
Configures delays in flapping when sending BMP server updates.
Device(config-router-bmpsrvr)# flapping-delay 120
initial-delay initial-delay-time Example:
Configures delays in sending initial requests for updates from the BMP servers.
Device(config-router-bmpsrvr)# initial-delay 20
set ip dscp dscp-value Example:
Configures the IP Differentiated Services Code Point (DSCP) values for BMP servers.
Device(config-router-bmpsrvr)# set ip dscp 5
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 387
Configuring BGP Monitoring Protocol on VRF Neighbors
Configuring BGP Monitoring Protocol
Step 12 Step 13
Step 14 Step 15 Step 16
Command or Action stats-reporting-period report-period Example:
Device(config-router-bmpsrvr)# stats-reporting-period 30
update-source interface-type interface-number Example:
Purpose Configures the time interval in which the BMP server receives the statistics report from BGP neighbors.
Configures the interface source for routing updates on the BMP servers.
Device(config-router-bmpsrvr)# update-source ethernet 0/0
exit-bmp-server-mode Example:
Exits from BMP server configuration mode and returns to router configuration mode.
Device(config-router-bmpsrvr)# exit-bmp-server-mode
Repeat Steps 1 to 14 to configure other BMP servers in the session.
end
Returns to privileged EXEC mode.
Example:
Device(config-router)# end
Configuring BGP Monitoring Protocol on VRF Neighbors
Perform this task to activate BGP Monitoring Protocol (BMP) on VRF neighbors. To configure BGP monitoring protocol on VRF neighbors, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Purpose
Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Device# configure terminal
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 388
Configuring BGP Monitoring Protocol
Verifying BGP Monitoring Protocol
Step 3 Step 4 Step 5
Step 6 Step 7
Command or Action router bgp as-number Example:
Purpose
Enters router configuration mode and creates a BGP routing process.
Device(config)# router bgp 65000
address-family{ipv4|ipv6}vrf vrf-name Example:
Device (config-router)# address-family 10.1.1.1 vrf vrf1
Enters address family configuration mode and specifies the name of the VPN routing and forwarding (VRF) instance to associate with address family configuration mode commands.
neighbor {ipv4-addr | neighbor-tag |
Activates BMP monitoring on a VRF neighbor.
ipv6-addr} bmp-activate {all | server
server-number-1 [server server-number-2 . . .
[server server-number-n]]}
Example:
Device(config-router)# neighbor 10.1.1.1 bmp-activate server 1 server 2
Repeat Steps 1 to 5 to configure other VRF neighbors in the session.
end Example:
Returns to privileged EXEC mode.
Device(config-router)# end
Verifying BGP Monitoring Protocol
Perform the following steps to verify the configuration for the BGP Monitoring Protocol (BMP) servers and BMP clients: To verify BGP monitoring protocol, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Purpose
Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
show ip bgp bmp Example:
Displays information about BMP servers and neighbors.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 389
Monitoring BGP Monitoring Protocol
Configuring BGP Monitoring Protocol
Step 3
Command or Action
Purpose
Device# show ip bgp bmp neighbors
show running-config Example:
Displays information about BMP servers and neighbors.
Device# show running-config | section bmp
Monitoring BGP Monitoring Protocol
Perform the following steps to enable debugging and monitor the BGP Monitoring Protocol (BMP) servers. To monitor BGP monitoring protocol, perform this procedure:
Procedure
Step 1
Command or Action enable Example:
Purpose
Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
debug ip bgp bmp Example:
Enables debugging of the BMP attributes.
Step 3
Device# debug ip bgp bmp server
show debugging Example:
Displays information about the types of debugging that are enabled on a device.
Device# show debugging
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 390
Configuring BGP Monitoring Protocol
Examples for Configuring, Verifying, and Monitoring BGP Monitoring Protocol
Examples for Configuring, Verifying, and Monitoring BGP Monitoring Protocol
Examples: Configuring BGP Monitoring Protocol
Note There are two levels of configuration required for the BGP Monitoring Protocol (BMP) to function as designed. You must enable BMP monitoring on each BGP neighbor (also called BMP client) to which several peers are connected in a network, and establish connectivity between the BMP servers and clients. Then, configure each BMP server in BMP server configuration mode for a specific server with the parameters required for monitoring the associated BMP clients.
The following example shows how to activate BMP on a neighbor with IP address 30.1.1.1, which is monitored by BMP servers (in this case, server 1 and 2):
Device> enable Device# configure terminal Device(config)# router bgp 65000 Device(config-router)# neighbor 30.1.1.1 bmp-activate server 1 server 2 Device(config-router)# end
The following example shows how to configure initial refresh delay of 30 seconds for BGP neighbors on which BMP is activated using the neighbor bmp-activate command:
Device> enable Device# configure terminal Device(config)# router bgp 65000 Device(config-router)# bmp initial-refresh delay 30 Device(config-router)# bmp buffer-size 2048 Device(config-router)# end
The following example show how to enter BMP server configuration mode and initiate connection between a specific BMP server with the BGP BMP neighbors. In this example, connection to clients is initiated from BMP servers 1 and 2 along with configuration of the monitoring parameters:
Device> enable Device# configure terminal Device(config)# router bgp 65000 Device(config-router)# bmp server 1 Device(config-router-bmpsrvr)# activate Device(config-router-bmpsrvr)# address 10.1.1.1 port-number 8000 Device(config-router-bmpsrvr)# description LINE SERVER1 Device(config-router-bmpsrvr)# failure-retry-delay 40 Device(config-router-bmpsrvr)# flapping-delay 120 Device(config-router-bmpsrvr)# initial-delay 20 Device(config-router-bmpsrvr)# set ip dscp 5 Device(config-router-bmpsrvr)# stats-reporting-period 30 Device(config-router-bmpsrvr)# update-source ethernet 0/0 Device(config-router-bmpsrvr)# exit-bmp-server-mode Device(config-router)# bmp server 2 Device(config-router-bmpsrvr)# activate
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 391
Examples for Configuring, Verifying, and Monitoring BGP Monitoring Protocol
Configuring BGP Monitoring Protocol
Device(config-router-bmpsrvr)# address 20.1.1.1 port-number 9000 Device(config-router-bmpsrvr)# description LINE SERVER2 Device(config-router-bmpsrvr)# failure-retry-delay 40 Device(config-router-bmpsrvr)# flapping-delay 120 Device(config-router-bmpsrvr)# initial-delay 20 Device(config-router-bmpsrvr)# set ip dscp 7 Device(config-router-bmpsrvr)# stats-reporting-period 30 Device(config-router-bmpsrvr)# update-source ethernet 2/0 Device(config-router-bmpsrvr)# exit-bmp-server-mode Device(config-router)# end
The following example shows how to activate BMP on a VRF neighbor with IP address 10.1.1.1, which is monitored by BMP servers (in this case, server 1 and 2):
Device> enable Device# configure terminal Device(config)# router bgp 65000 Device (config-router)# address-family 10.1.1.1 vrf vrf1 Device(config-router)# neighbor 10.1.1.1 bmp-activate server 1 server 2 Device(config-router)# end
Examples: Verifying BGP Monitoring Protocol
The following is sample output from the show ip bgp bmp server command for server number 1. The attributes displayed are configured in the BMP server configuration mode:
Device# show ip bgp bmp server 1
Print detailed info for 1 server number 1.
bmp server 1 address: 10.1.1.1 port 8000 description SERVER1 up time 00:06:22 session-startup route-refresh initial-delay 20 failure-retry-delay 40 flapping-delay 120 activated
The following is sample output from the show ip bgp bmp server command for server number 2. The attributes displayed are configured in the BMP server configuration mode:
Device# show ip bgp bmp server 2
Print detailed info for 1 server number 2.
bmp server 2 address: 20.1.1.1 port 9000 description SERVER2 up time 00:06:23 session-startup route-refresh initial-delay 20 failure-retry-delay 40 flapping-delay 120 activated
The following is sample output from the show ip bgp bmp server summary command after deactivating the BMP server 1 and 2 connections:
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 392
Configuring BGP Monitoring Protocol
Examples for Configuring, Verifying, and Monitoring BGP Monitoring Protocol
Device# show ip bgp bmp server summary
Number of BMP servers configured: 2 Number of BMP neighbors configured: 10 Number of neighbors on TransitionQ: 0, MonitoringQ: 0, ConfigQ: 0 Number of BMP servers on StatsQ: 0 BMP Refresh not in progress, refresh not scheduled Initial Refresh Delay configured, refresh value 30s BMP buffer size configured, buffer size 2048 MB, buffer size bytes used 0 MB
ID Host/Net 1 10.1.1.1 2 20.1.1.1
Port TCB 8000 0x0 9000 0x0
Status Uptime Down Down
MsgSent 0 0
LastStat
The following is sample output from the show ip bgp bmp neighbors command, which shows the status of the BGP BMP neighbors after reactivating the BMP server 1 and 2 connections:
Device# show ip bgp bmp server neighbors
Number of BMP neighbors configured: 10 BMP Refresh not in progress, refresh not scheduled Initial Refresh Delay configured, refresh value 30s BMP buffer size configured, buffer size 2048 MB, buffer size bytes used 0 MB
Neighbor 30.1.1.1 2001:DB8::2001 40.1.1.1 2001:DB8::2002 50.1.1.1 60.1.1.1 2001:DB8::2002 70.1.1.1 Neighbor 80.1.1.1 2001:DB8::2002
PriQ 0 0 0 0 0 0 0 0 PriQ 0 0
MsgQ 0 0 0 0 0 0 0 0 MsgQ 0 0
CfgSvr# 12 12 12 12 12 12 1 2 CfgSvr# 1 12
ActSvr# 12 12 12 12 12 12 1 2 ActSvr# 1 12
RM Sent 16 15 26 15 16 26 9 12 RM Sent 10 16
The following is sample output from the show ip bgp bmp server command for BMP server number 1 and 2. The statistics reporting interval on BMP server 1 and 2 has been set to 30 seconds, therefore each server receives statistics messages from its connected BGP BMP neighbor in each cycle of 30 seconds:
Device# show ip bgp bmp server summary
Number of BMP servers configured: 2 Number of BMP neighbors configured: 10 Number of neighbors on TransitionQ: 0, MonitoringQ: 0, ConfigQ: 0 Number of BMP servers on StatsQ: 0 BMP Refresh not in progress, refresh not scheduled Initial Refresh Delay configured, refresh value 30s BMP buffer size configured, buffer size 2048 MB, buffer size bytes used 0 MB
ID Host/Net 1 10.1.1.1 2 20.1.1.1
Port TCB 8000 0x2A98B07138 9000 0x2A98E17C88
Status Uptime MsgSent
Up
00:38:49 162
Up
00:38:49 46
LastStat 00:00:09 00:00:04
Device# show ip bgp bmp server summary Number of BMP servers configured: 2
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 393
Examples for Configuring, Verifying, and Monitoring BGP Monitoring Protocol
Configuring BGP Monitoring Protocol
Number of BMP neighbors configured: 10 Number of neighbors on TransitionQ: 0, MonitoringQ: 0, ConfigQ: 0 Number of BMP servers on StatsQ: 0 BMP Refresh not in progress, refresh not scheduled Initial Refresh Delay configured, refresh value 30s BMP buffer size configured, buffer size 2048 MB, buffer size bytes used 0 MB
ID Host/Net 1 10.1.1.1 2 20.1.1.1
Port TCB 8000 0x2A98B07138 9000 0x2A98E17C88
Status Uptime MsgSent
Up
00:40:19 189
Up
00:40:19 55
LastStat 00:00:07 00:00:02
Note If we configure several BGP BMP neighbors to be monitored by the BMP servers, for example 10, then 10 statistics messages are received by both servers in each periodic cycle that is configured.
The following is sample output from the show running-config command, which shows the running configuration on the device:
Device# show running-config | section bmp
bmp server 1 address 10.1.1.1 port-number 8000 description SERVER1 initial-delay 20 failure-retry-delay 40 flapping-delay 120 update-source Ethernet0/0 set ip dscp 3 activate exit-bmp-server-mode bmp server 2 address 20.1.1.1 port-number 9000 description SERVER2 initial-delay 20 failure-retry-delay 40 flapping-delay 120 update-source Ethernet2/0 set ip dscp 5 activate exit-bmp-server-mode bmp initial-refresh delay 30 bmp-activate all
Examples: Monitoring BGP Monitoring Protocol The following example shows how to enable debugging of the various BMP attributes:
Device# debug ip bgp bmp event
BGP BMP events debugging is on
Device# debug ip bgp bmp neighbor
BGP BMP neighbor debugging is on
Device# debug ip bgp bmp server
BGP BMP server debugging is on
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 394
Configuring BGP Monitoring Protocol
Additional References for BGP Monitoring Protocol
The following is sample output from the show debugging command after you enable the BGP BMP server debugging:
Device# show debugging
IP routing: BGP BMP server debugging is on
Device#
*Apr 8 21:04:13.164: BGPBMP: BMP server connection attempt timer expired for server 1 10.1.1.1/8000 *Apr 8 21:04:13.165: BGPBMP: BMP server 1 active open process success - 10.1.1.1/8000 *Apr 8 21:04:13.165: BGPBMP: TCP KA interval is set to 15
Device#
*Apr 8 21:04:15.171: BGPBMP: Register read/write notification callbacks with BMP server 1 TCB - 10.1.1.1/8000
*Apr 8 21:04:15.171: BGPBMP: Initiation msg sent to BMP server 1 - 10.1.1.1/8000 *Apr 8 21:04:15.171: BGPBMP: BMP server 1 connection - 10.1.1.1/8000 up, invoke refresh event
Device#
*Apr 8 21:04:16.249: BGPBMP: BMP server connection attempt timer expired for server 2 20.1.1.1/9000 *Apr 8 21:04:16.249: BGPBMP: BMP server 2 active open process success - 20.1.1.1/9000 *Apr 8 21:04:16.249: BGPBMP: TCP KA interval is set to 15 *Apr 8 21:04:16.250: BGPBMP: Register read/write notification callbacks with BMP server 2
TCB - 20.1.1.1/9000 *Apr 8 21:04:16.250: BGPBMP: Initiation msg sent to BMP server 2 - 20.1.1.1/9000 *Apr 8 21:04:16.250: BGPBMP: BMP server 2 connection - 20.1.1.1/9000 up, invoke refresh event
Additional References for BGP Monitoring Protocol
Related Documents
Related Topic
Document Title
Cisco IOS commands Cisco IOS Master Command List, All Releases
BGP commands Cisco IOS IP Routing: BGP Command Reference
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 395
Feature History for BGP Monitoring Protocol
Configuring BGP Monitoring Protocol
Technical Assistance
Description
Link
The Cisco Support website provides extensive online resources, including http://www.cisco.com/support documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.
To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.
Feature History for BGP Monitoring Protocol
This table provides release and related information for the features explained in this module.
These features are available on all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Bengaluru 17.5.1
BGP Monitoring Protocol
The BGP Monitoring Protocol feature supports configuring devices to function as BMP servers, monitoring BGP neighbors and generating statistics reports for BGP neighbors. BMP also performs appropriate error handling, graceful scale up and closing connectivity between BMP servers and BGP neighbors.
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 396
3 3 C H A P T E R
Configuring BGP Next Hop Unchanged
In an external BGP (eBGP) session, by default, the router changes the next hop attribute of a BGP route (to its own address) when the router sends out a route. The BGP Next Hop Unchanged feature allows BGP to send an update to an eBGP multihop peer with the next hop attribute unchanged.
· Restrictions for BGP Next Hop Unchanged, on page 397 · Information About BGP Next Hop Unchanged, on page 397 · How to Configure BGP Next Hop Unchanged, on page 398 · Configuration Example for BGP Next Hop Unchanged for an EBGP Peer, on page 400 · Feature History for BGP Next Hop Unchanged, on page 401
Restrictions for BGP Next Hop Unchanged
The BGP Next Hop Unchanged feature can be configured only between multihop eBGP peers. The following error message will be displayed if you try to configure this feature for a directly connected neighbor:
%BGP: Can propagate the nexthop only to multi-hop EBGP neighbor
Information About BGP Next Hop Unchanged
In an external BGP (EBGP) session, by default, the router changes the next hop attribute of a BGP route (to its own address) when the router sends out a route. If the BGP Next Hop Unchanged feature is configured, BGP will send routes to an EBGP multihop peer without modifying the next hop attribute. The next hop attribute is unchanged.
Note There is an exception to the default behavior of the router changing the next hop attribute of a BGP route when the router sends out a route. When the next hop is in the same subnet as the peering address of the EBGP peer, the next hop is not modified. This is referred to as third party next-hop.
The BGP Next Hop Unchanged feature provides flexibility when designing and migrating networks. It can be used only between EBGP peers that are configured as multihop. It can be used in a variety of scenarios between two autonomous systems. One scenario is when multiple autonomous systems are connected that share the same IGP, or at least the routers have another way to reach each other's next hops (which is why the next hop can remain unchanged).
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 397
How to Configure BGP Next Hop Unchanged
Configuring BGP Next Hop Unchanged
A common use of this feature is to configure Multiprotocol Label Switching (MPLS) inter-AS with multihop MP-EBGP for VPNv4 between RRs.
Another common use of this feature is a VPNv4 inter-AS Option C configuration, as defined in RFC4364, Section 10. In this configuration, VPNv4 routes are passed among autonomous systems between RR of different autonomous systems. The RRs are several hops apart, and have neighbor next-hop unchanged configured. PEs of different autonomous systems establish an LSP between them (via a common IGP or by advertising the next-hops--that lead to the PEs--via labeled routes among the ASBRs--routes from different autonomous systems separated by one hop). PEs are able to reach the next hops of the PEs in another AS via the LSPs, and can therefore install the VPNv4 routes in the VRF RIB.
How to Configure BGP Next Hop Unchanged
The following procedures contain the steps of how to configure BGP next hop unchanged.
Configuring the BGP Next Hop Unchanged for an EBGP Peer
To configure the BGP next hop unchanged for an EBGP peer, use the following procedure:
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device# configure terminal
router bgp as-number Example:
Enters router configuration mode, and creates a BGP routing process.
Step 4
Device(config)# router bgp 65535
address-family {ipv4 | ipv6 | l2vpn | nsap | rtfilter | vpnv4 | vpnv6}
Example:
Enters address family configuration mode to configure BGP peers to accept address family specific configurations.
Step 5
Device(config-router-af)# address-family vpnv4
neighbor {ip-address | ipv6-address | peer-group-name} remote-as as-number
Example:
Adds an entry to the BGP neighbor table.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 398
Configuring BGP Next Hop Unchanged
Configuring BGP Next Hop Unchanged using Route-Maps
Step 6 Step 7 Step 8 Step 9 Step 10
Command or Action
Device(config-router-af)# neighbor 10.0.0.100 remote-as 65600
neighbor {ip-address | ipv6-address | peer-group-name} activate Example:
Device(config-router-af)# neighbor 10.0.0.100 activate
neighbor {ip-address | ipv6-address | peer-group-name} ebgp-multihop ttl Example:
Device(config-router-af)# neighbor 10.0.0.100 ebgp-multihop 255
neighbor {ip-address | ipv6-address | peer-group-name} next-hop-unchanged Example:
Device(config-router-af)# neighbor 10.0.0.100 next-hop-unchanged
end Example:
Device(config-router-af)# end
show ip bgp Example:
Device# show ip bgp
Purpose
Enables the exchange of information with the peer.
Configures the local router to accept and initiate connections to external peers that reside on networks that are not directly connected.
Configures the router to send BGP updates to the specified eBGP peer without modifying the next hop attribute.
Exits address family configuration mode, and enters privileged EXEC mode.
(Optional) Displays entries in the BGP routing table. The output indicates if the neighbor next-hop-unchanged command has been configured for the selected address.
Configuring BGP Next Hop Unchanged using Route-Maps
Configuring outbound route-map for EBGP neighbor
To define the route-map and apply outbound policy for neighbor, use set ip next-hop unchanged command.
In the following configuration the next-hop for prefix 1.1.1.1 is not changed while sending to the EBGP neighbor 15.1.1.2:
enable config terminal router bgp 2
bgp log-neighbor-changes neighbor 15.1.1.2 remote-as 3
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 399
Configuration Example for BGP Next Hop Unchanged for an EBGP Peer
Configuring BGP Next Hop Unchanged
neighbor 15.1.1.2 ebgp-multihop 10 ! address-family ipv4
neighbor 15.1.1.2 activate neighbor 15.1.1.2 route-map A out exit address-family ! route-map A permit 10 match ip address 1 set ip next-hop unchanged ! access-list 1 permit 1.1.1.1 end
Configuring next-hop unchanged for both IBGP and EBGP path prefixes while sending to EBGP neighbor
To configure next-hop unchanged for both IBGP and EBGP path prefixes while sending to EBGP neighbor, use next-hop-unchanged allpaths command.
In the following configuration the next-hop is not changed for both IBGP and EBGP path prefixes while sending to EBGP neighbor 15.1.1.2:
enable config terminal router bgp 2
bgp log-neighbor-changes neighbor 15.1.1.2 remote-as 3 neighbor 15.1.1.2 ebgp-multihop 10 ! address-family ipv4 neighbor 15.1.1.2 activate neighbor 15.1.1.2 next-hop-unchanged allpaths exit address-family ! end
Configuration Example for BGP Next Hop Unchanged for an EBGP Peer
The following example configures a multihop EBGP peer at 10.0.0.100 in a remote AS. When the local router sends updates to that peer, it will send them without modifying the next hop attribute.
router bgp 65535 address-family ipv4 neighbor 10.0.0.100 remote-as 65600 neighbor 10.0.0.100 activate neighbor 10.0.0.100 ebgp-multihop 255 neighbor 10.0.0.100 next-hop-unchanged end
Note All address families, such as IPv4, IPv6, VPNv4, VPNv6, L2VPN, and so on support the next-hop unchanged command. However, for the address family L2VPN BGP VPLS signaling, you must use the next-hop self command for its proper functioning.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 400
Configuring BGP Next Hop Unchanged
Feature History for BGP Next Hop Unchanged
Feature History for BGP Next Hop Unchanged
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1 BGP Next Hop Unchanged
The BGP Next Hop Unchanged feature allows BGP to send an update to an eBGP multihop peer with the next hop attribute unchanged.
Cisco IOS XE Cupertino 17.7.1 BGP Next Hop Unchanged
Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 401
Feature History for BGP Next Hop Unchanged
Configuring BGP Next Hop Unchanged
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 402
3 4 C H A P T E R
Configuring BGP-VPN Distinguisher Attribute
· Information About BGP-VPN Distinguisher Attribute, on page 403 · How to Configure BGP-VPN Distinguisher Attribute, on page 405 · Configuration Example for Translating RT to VPN Distinguisher to RT, on page 410 · Feature History for BGP-VPN Distinguisher Attribute, on page 411
Information About BGP-VPN Distinguisher Attribute
The following sections provide information about BGP-VPN distinguisher attribute.
Role and Benefit of the VPN Distinguisher Attribute
Route-target (RT) extended community attributes identify the VPN membership of routes. The RT attributes are placed onto a route at the exporting (egress) provider edge router (PE) and are transported across the iBGP cloud and across autonomous systems. Any Virtual Routing and Forwarding (VRF) instances at the remote PE that want to import such routes must have the corresponding RTs set as import RTs for that VRF. The figure below illustrates two autonomous systems, each containing customer edge routers (CEs) that belong to different VPNs. Each PE tracks which route distinguisher (RD) corresponds to which VPN, thus controlling the traffic that belongs to each VPN.
Figure 18: Scenario in Which ASBRs Translate RTs Between Autonomous Systems
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 403
How the VPN Distinguisher Attribute Works
Configuring BGP-VPN Distinguisher Attribute
In an Inter-AS Option B scenario like the one in the figure above, these routes are carried across an AS boundary from Autonomous System Border Router 1 (ASBR1) to ASBR2 over an MP-eBGP session, with the routes' respective RTs as extended community attributes being received by ASBR2.
ASBR2 must maintain complex RT mapping schemes to translate RTs originated by AS1 to RTs recognized by AS2, so that the RTs can be imported by their respective VPN membership CE connections on PE2 for CE3 and CE4.
Some network administrators prefer to hide the RTs they source in AS1 from devices in AS2. In order to do that, the administrator must differentiate routes belonging to each VPN with a certain attribute so that the RTs can be removed on the outbound side of ASBR1 before sending routes to ASBR2, and ASBR2 can then map that attribute to recognizable RTs in AS2. The VPN Distinguisher (VD) extended community attribute serves that purpose.
The benefit of the BGP--VPN Distinguisher Attribute feature is that source RTs can be kept private from devices in destination autonomous systems.
How the VPN Distinguisher Attribute Works
The network administrator configures the egress ASBR to perform translation of RTs to a VPN distinguisher extended community attribute, and configures the ingress ASBR to perform translation of the VPN distinguisher to RTs. More specifically, the translation is achieved as follows:
On the Egress ASBR
· An outbound route map specifies a match excommunity clause that determines which VPN routes are subject to mapping, based on the route's RT values.
· A set extcommunity vpn-distinguisher command sets the VPN distinguisher that replaces the RTs.
· The set extcomm-list delete command that references the same set of RTs is configured to remove the RTs, and then the route is sent to the neighboring ingress ASBR.
On the Ingress ARBR
· An inbound route map specifies a match excommunity vpn-distinguisher command that determines which VPN routes are subject to mapping, based on the route's VPN distinguisher.
· The set extcommunity rt command specifies the RTs that replace the VPN distinguisher.
· For routes that match the clause, the VPN distinguisher is replaced with the configured RTs.
Additional Behaviors Related to the VPN Distinguisher
On the egress ASBR, if a VPN route matches a route map clause that does not have the set extcommunity vpn-distinguisher command that is configured, the RTs that the VPN route is tagged with are retained.
The VPN distinguisher is transitive across the AS boundary, but is not carried within the iBGP cloud. That is, the ingress ASBR can receive the VPN distinguisher from an eBGP peer, but the VPN distinguisher is discarded on the inbound side after it is mapped to the corresponding RTs.
On the ingress ASBR, if a VPN route carrying the VPN distinguisher matches a route map clause that does not have a set extcommunity rt command that is configured in the inbound route map, the system does not discard the attribute, nor does it propagate the attribute within the iBGP cloud. The VPN distinguisher for the route is retained so that the network administrator can configure the correct inbound policy to translate the VPN distinguisher to the RTs that the VPN route should carry. If the route is sent to eBGP peers, the VPN
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 404
Configuring BGP-VPN Distinguisher Attribute
BGP-VPN Distinguisher Attribute
distinguisher is carried as is. The network administrator could configure a route-map entry to remove the VPN distinguisher from routes that are sent to eBGP peers.
Configuring a set extcommunity vpn-distinguisher command in an outbound route map or a match excommunity command in an inbound route map results in an outbound or inbound route refresh request, respectively, in order to update the routes being sent or received.
BGP-VPN Distinguisher Attribute
The BGP--VPN Distinguisher Attribute feature allows a network administrator to keep source route targets (RTs) private from an Autonomous System Border Router (ASBR) in a destination autonomous system. An RT at an egress ASBR is mapped to a VPN distinguisher, the VPN distinguisher is carried through the eBGP, and then it is mapped to an RT at the ingress ASBR.
How to Configure BGP-VPN Distinguisher Attribute
The following sections provide configuration information about BGP-VPN distinguisher attribute.
Replacing an RT with a VPN Distinguisher Attribute
Perform this task on an egress ASBR to replace a route target (RT) with a VPN distinguisher extended community attribute. Remember to replace the VPN distinguisher with a route target on the ingress ASBR; that task is described in the "Replacing a VPN Distinguisher Attribute with an RT" section.
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3 Step 4
Device# configure terminal
ip extcommunity-list expanded-list {permit Configures an IP extended community list to
| deny} rt value
configure Virtual Private Network (VPN) route
Example:
filtering, such that routes with the specified RT are in the extended community list.
Device(config)# ip extcommunity-list 4 This example permits routes having RT
permit rt 101:100
101:100 into the extended community list 4.
exit Example:
Exits the configuration mode and enters the next higher configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 405
Replacing an RT with a VPN Distinguisher Attribute
Configuring BGP-VPN Distinguisher Attribute
Step 5 Step 6 Step 7 Step 8 Step 9 Step 10
Step 11
Command or Action
Purpose
Device(config-extcomm-list)# exit
route-map map-tag {permit | deny} [sequence-number] Example:
Device(config)# route-map vpn-id-map1 permit 10
Configures a route map that permits or denies the routes that are allowed by the subsequent match command.
This example permits the routes that are allowed by the subsequent match command.
match extcommunity extended-community-list-name Example:
Device(config-route-map)# match extcommunity 4
Matches on the specified community list.
For this example, routes that match the extended community list 4 (which was configured in Step 3) are subject to the subsequent set commands.
set extcomm-list extcommunity-name delete Example:
Device(config-route-map)# set extcomm-list 4 delete
Deletes the RT from routes that are in the specified extended community list.
For this example, RTs are deleted from routes that are in extended community list 4.
set extcommunity vpn-distinguisher id For the routes that are permitted by the route
Example:
map, sets the specified VPN distinguisher.
For this example, routes that match extended
Device(config-route-map)# set
community 4 have their VPN distinguisher set
extcommunity vpn-distinguisher 111:100 to 111:100.
exit Example:
Exits route-map configuration mode and enters global configuration mode.
Device(config-route-map)# exit
route-map map-name {permit | deny} [sequence-number]
(Optional) Configures a route map entry that permits routes.
Example:
Device(config)# route-map vpn-id-map1 permit 20
This example configures a route map entry that permits other routes not subject to the RT-to-VPN distinguisher mapping. If you do not perform this step, all other routes are subject to an implicit deny.
exit Example:
Exits route-map configuration mode and enters global configuration mode.
Device(config-route-map)# exit
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 406
Configuring BGP-VPN Distinguisher Attribute
Replacing a VPN Distinguisher Attribute with an RT
Step 12 Step 13 Step 14 Step 15 Step 16 Step 17
Command or Action router bgp as-number Example:
Purpose
Enters router configuration mode and creates a BGP routing process.
Device(config)# router bgp 2000
neighbor ip-address remote-as autonomous-system-number Example:
Specifies that the neighbor belongs to the autonomous system.
Device(config-router)# neighbor 192.168.101.1 remote-as 2000
address-family vpnv4 Example:
Enters address family configuration mode to configure BGP peers to accept address family-specific configurations.
Device(config-router)# address-family vpnv4
neighbor ip-address activate Example:
Activates the specified neighbor.
Device(config-router-af)# neighbor 192.168.101.1 activate
neighbor ip-address route-map map-name out
Example:
Applies the specified outgoing route map to the specified neighbor.
Device(config-router-af)# neighbor 192.168.101.1 route-map vpn-id-map1 out
exit-address-family Example:
Exits address family configuration mode and enters privileged EXEC mode.
Device(config-router-af)# exit-address-family
Replacing a VPN Distinguisher Attribute with an RT
Perform this task on an ingress ASBR to replace a VPN distinguisher extended community attribute with a route target (RT) attribute. This task assumes you already configured the egress ASBR to replace the RT with a VPN distinguisher; that task is described in the "Replacing an RT with a VPN Distinguisher Attribute" section.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 407
Replacing a VPN Distinguisher Attribute with an RT
Configuring BGP-VPN Distinguisher Attribute
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3 Step 4
Device# configure terminal
ip extcommunity-list expanded-list {permit Configures an IP extended community list to
| deny} vpn-distinguisher id
configure Virtual Private Network (VPN) route
Example:
filtering, such that routes with the specified VPN distinguisher are in the extended
community list.
Device(config)# ip extcommunity-list 51
permit vpn-distinguisher 111:100
This example permits routes having VPN
distinguisher 111:110 into the extended
community list 51.
exit Example:
Exits the configuration mode and enters the next higher configuration mode.
Step 5 Step 6 Step 7 Step 8
Device(config-extcomm-list)# exit
route-map map-tag {permit | deny} [sequence-number] Example:
Device(config)# route-map vpn-id-rewrite-map1 permit 10
Configures a route map that permits or denies the routes that are allowed by the subsequent match command.
This example permits the routes that are allowed by the subsequent match command.
match extcommunity extended-community-list-name Example:
Device(config-route-map)# match extcommunity 51
Matches on the specified community list.
For this example, routes that match the extended community list 51 (which was configured in Step 3) are subject to the subsequent set commands.
set extcomm-list extcommunity-name delete Deletes the VPN distinguisher from routes that
Example:
are in the specified extended community list.
For this example, VPN distinguishers are
Device(config-route-map)# set
deleted from routes that are in extended
extcomm-list 51 delete
community list 51.
set extcommunity rt value additive Example:
Sets the routes that are permitted by the route map with the specified RT.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 408
Configuring BGP-VPN Distinguisher Attribute
Replacing a VPN Distinguisher Attribute with an RT
Step 9 Step 10
Step 11 Step 12 Step 13 Step 14 Step 15
Command or Action
Device(config-route-map)# set extcommunity rt 101:1 additive
exit Example:
Purpose For this example, routes that match extended community 51 have their RT set to 101:1. The additive keyword causes the RT to be added to the RT list without replacing any RTs.
Exits route-map configuration mode and enters global configuration mode.
Device(config-route-map)# exit
route-map map-tag {permit | deny} [sequence-number] Example:
Device(config)# route-map vpn-id-rewrite-map1 permit 20
exit Example:
(Optional) Configures a route map entry that permits routes.
This example configures a route map entry that permits other routes not subject to the VPN distinguisher-to-RT mapping. If you do not perform this step, all other routes are subject to an implicit deny.
Exits route-map configuration mode and enters global configuration mode.
Device(config-route-map)# exit
router bgp as-number Example:
Enters router configuration mode and creates a BGP routing process.
Device(config)# router bgp 3000
neighbor ip-address remote-as autonomous-system-number Example:
Specifies that the neighbor belongs to the autonomous system.
Device(config-router)# neighbor 192.168.0.81 remote-as 3000
address-family vpnv4 Example:
Enters address family configuration mode to configure BGP peers to accept address family-specific configurations.
Device(config-router-af)# address-family vpnv4
neighbor ip-address activate Example:
Activates the specified neighbor.
Device(config-router-af)# neighbor 192.168.0.81 activate
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 409
Configuration Example for Translating RT to VPN Distinguisher to RT
Configuring BGP-VPN Distinguisher Attribute
Step 16 Step 17
Command or Action
Purpose
neighbor ip-address route-map map-name Applies the specified outgoing route map to
in
the specified neighbor.
Example:
Device(config-router-af)# neighbor 192.168.0.81 route-map vpn-id-rewrite-map1 in
exit-address-family Example:
Exits address family configuration mode and enters privileged EXEC mode.
Device(config-router-af)# exit-address-family
Example
Configuration Example for Translating RT to VPN Distinguisher to RT
The following example shows the egress ASBR configuration to replace a route target (RT) with a VPN distinguisher, and shows the ingress ASBR configuration to replace the VPN distinguisher with a route target.
On the egress ASBR, IP extended community list 1 is configured to filter VPN routes by permitting only routes with RT 101:100. A route map named vpn-id-map1 says that any route that matches on routes that are allowed by IP extended community list 1 are subject to two set commands. The first set command deletes the RT from the route. The second set command sets the VPN distinguisher attribute to 111:100.
The route-map vpn-id-map1 permit 20 command allows other routes, which are not part of the RT-to-VPN distinguisher mapping, to pass the route map so that they are not discarded. Without this command, the implicit deny would cause these routes to be discarded.
Finally, in autonomous system 2000, for the VPNv4 address family, the route map vpn-id-map1 is applied to routes going out to the neighbor at 192.168.101.1.
Egress ASBR
ip extcommunity-list 1 permit rt 101:100 ! route-map vpn-id-map1 permit 10
match extcommunity 1 set extcomm-list 1 delete set extcommunity vpn-distinguisher 111:100 ! route-map vpn-id-map1 permit 20 ! router bgp 2000
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 410
Configuring BGP-VPN Distinguisher Attribute
Feature History for BGP-VPN Distinguisher Attribute
neighbor 192.168.101.1 remote-as 2000 address-family vpnv4
neighbor 192.168.101.1 activate neighbor 192.168.101.1 route-map vpn-id-map1 out exit-address-family !
On the ingress ASBR, IP extended community list 51 allows routes with a VPN distinguisher of 111:100. A route map named vpn-id-rewrite-map1 says that any route that matches on routes that are allowed by IP extended community list 51 are subject to two set commands. The first set command deletes the VPN distinguisher from the route. The second set command sets the RT to 101:1, and that RT is added to the RT list without replacing any RTs.
The route-map vpn-id-rewrite-map1 permit 20 command allows other routes, which are not part of the VPN distinguisher-to-RT mapping, to pass the route map so that they are not discarded. Without this command, the implicit deny would cause those routes to be discarded.
Finally, in autonomous system 3000, for the VPNv4 address family, the route map named vpn-id-rewrite-map1 is applied to incoming routes destined for the neighbor at 192.168.0.81.
Ingress ASBR
ip extcommunity-list 51 permit vpn-distinguisher 111:100 ! route-map vpn-id-rewrite-map1 permit 10
match extcommunity 51 set extcomm-list 51 delete set extcommunity rt 101:1 additive ! route-map vpn-id-rewrite-map1 permit 20 ! router bgp 3000 neighbor 192.168.0.81 remote-as 3000 address-family vpnv4
neighbor 192.168.0.81 activate neighbor 192.168.0.81 route-map vpn-id-rewrite-map1 in exit-address-family !
Feature History for BGP-VPN Distinguisher Attribute
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1
BGP-VPN Distinguisher Attribute The BGP-VPN Distinguisher Attribute feature allows a network administrator to keep source route targets private from an ASBR in a destination autonomous system.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 411
Feature History for BGP-VPN Distinguisher Attribute
Configuring BGP-VPN Distinguisher Attribute
Release Cisco IOS XE Cupertino 17.7.1
Feature
Feature Information
BGP-VPN Distinguisher Attribute Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 412
3 5 C H A P T E R
Configuring BGP-RT and VPN Distinguisher Attribute Rewrite Wildcard
· Restrictions for BGP-RT and VPN Distinguisher Attribute Rewrite Wildcard, on page 413 · Information About BGP--RT and VPN Distinguisher Attribute Rewrite Wildcard, on page 413 · How to Map RTs to RTs Using a Range, on page 414 · Configuration Example for Replacing an RT with a Range of VPN Distinguishers, on page 419 · Additional References for BGP-RT and VPN Distinguisher Attribute Rewrite Wildcard, on page 420 · Feature History for BGP--RT and VPN Distinguisher Attribute Rewrite Wildcard, on page 420
Restrictions for BGP-RT and VPN Distinguisher Attribute Rewrite Wildcard
· A range (specified in the set extcommunity rt command or the set extcommunity vpn-distinguisher command) can include a maximum of 450 extended communities.
· The VPN distinguisher range is not relayed to an IBGP peer.
Information About BGP--RT and VPN Distinguisher Attribute Rewrite Wildcard
The BGP--RT and VPN Distinguisher Attribute Rewrite Wildcard feature introduces the ability to set a range of route target (RT) community attributes or VPN distinguisher community attributes when mapping them. A network administrator might want to map one or more RTs at an egress ASBR to different RTs at an ingress ASBR. The VPN Distinguisher Attribute feature allows an administrator to map RTs to a VPN distinguisher that is carried through an eBGP and then mapped to RTs at an ingress ASBR. The mapping is achieved by configuring a route map that sets an RT range or VPN distinguisher range of extended community attributes. Specifying a range rather than individual RTs saves time and simplifies the configuration. Furthermore, a VPN distinguisher range allows more than one VPN distinguisher attribute per route-map clause, thereby removing the restriction that applied prior to this feature.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 413
Benefits of RT and VPN Distinguisher Attribute Mapping Range
Configuring BGP-RT and VPN Distinguisher Attribute Rewrite Wildcard
Benefits of RT and VPN Distinguisher Attribute Mapping Range
A network administrator might want to rewrite (or map) one or more route targets (RTs) at an egress ASBR to different RTs at an ingress ASBR. One use case would be to keep the RTs at the egress ASBR private from the ingress ASBR.
The rewrite is achieved by using inbound route maps, matching prefixes to route-map clauses that match inbound RTs, and mapping those RTs to different RTs recognized by the neighbor AS. Such a rewrite configuration could be complex on inbound route maps, with potentially hundreds of RTs that would need to be specified individually (configuring set extcommunity rt value1 value2 value3 ...). If the RTs being attached to the prefixes are consecutive, the configuration can be simplified by specifying a range of RTs. Thus, the benefits of the RT mapping range are saving time and simplifying the configuration.
Likewise, the mapping of RTs to a VPN distinguisher attribute (and vice versa) can also be simplified by specifying a range of RTs or VPN distinguishers. The BGP--VPN Distinguisher Attribute feature allows a network administrator to keep source RTs private from an ASBR in a destination AS. An RT at an egress ASBR is mapped to a VPN distinguisher, the VPN distinguisher is carried through the eBGP, and then it is mapped to an RT at the ingress ASBR.
The RT and VPN Distinguisher Attribute Mapping Range feature introduces the ability to specify a range of either route targets (RTs) or VPN distinguishers when mapping them.
Another benefit applies to setting a VPN distinguisher. Prior to this feature, only one set extcommunity vpn-distinguisher value was allowed per route-map clause. With the introduction of the mapping range, a range of VPN distinguishers can be set on a route.
How to Map RTs to RTs Using a Range
The following sections provide configurational information on how to map RTs to RTs using a range.
Replacing an RT with a Range of RTs
Perform this task on an egress ASBR to replace a route target (RT) with an RT range. Remember to replace the range of RTs with an RT on the ingress ASBR; that task is described in the "Replacing a Range of RTs with an RT" section.
To replace an RT with a range of RTs, perform this procedure:
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Device# configure terminal
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 414
Configuring BGP-RT and VPN Distinguisher Attribute Rewrite Wildcard
Replacing an RT with a Range of RTs
Step 3 Step 4 Step 5 Step 6 Step 7 Step 8
Step 9 Step 10
Command or Action
Purpose
ip extcommunity-list expanded-list {permit Configures an IP extended community list to
| deny}
configure Virtual Private Network (VPN) route
Example:
filtering.
Device(config)# ip extcommunity-list 22 permit
exit Example:
Exits the configuration mode and enters the next higher configuration mode.
Device(config-extcomm-list)# exit
route-map map-tag {permit | deny} [sequence-number] Example:
Device(config)# route-map rt-mapping permit 10
Configures a route map that permits or denies the routes that are allowed by the subsequent match command.
This example permits the routes that are allowed by the subsequent match command.
match extcommunity extended-community-list-name Example:
Device(config-route-map)# match extcommunity 22
Matches on the specified community list.
For this example, routes that match the extended community list 22 (which was configured in Step 3) are subject to the subsequent set commands.
set extcomm-list extcommunity-name delete Example:
Device(config-route-map)# set extcomm-list 22 delete
Deletes the RT from routes that are in the specified extended community list.
For this example, RTs are deleted from routes that are in extended community list 22.
set extcommunity rt range start-value end-value Example:
Device(config-route-map)# set extcommunity rt range 500:1 500:9
For the routes that are permitted by the route map, sets the specified RT range of extended community attributes, inclusive.
For this example, routes that match extended community 22 have their RT extended community attribute values set to 500:1, 500:2, 500:3, 500:4, 500:5, 500:6, 500:7, 500:8, and 500:9.
exit Example:
Exits route-map configuration mode and enters global configuration mode.
Device(config-route-map)# exit
route-map map-tag {permit | deny} [sequence-number]
(Optional) Configures a route map entry that permits routes.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 415
Replacing an RT with a Range of RTs
Configuring BGP-RT and VPN Distinguisher Attribute Rewrite Wildcard
Step 11 Step 12 Step 13 Step 14 Step 15 Step 16 Step 17
Command or Action Example:
Device(config)# route-map rt-mapping permit 20
Purpose
This example configures a route map entry that permits other routes not subject to the RT-to-RT range mapping. If you do not perform this step, all other routes are subject to an implicit deny.
exit Example:
Exits route-map configuration mode and enters global configuration mode.
Device(config-route-map)# exit
router bgp as-number Example:
Enters router configuration mode and creates a BGP routing process.
Device(config)# router bgp 3000
neighbor ip-address remote-as autonomous-system-number Example:
Specifies that the neighbor belongs to the autonomous system.
Device(config-router)# neighbor 192.168.103.1 remote-as 3000
address-family vpnv4 Example:
Enters address family configuration mode to configure BGP peers to accept address family-specific configurations.
Device(config-router)# address-family vpnv4
neighbor ip-address activate Example:
Activates the specified neighbor.
Device(config-router-af)# neighbor 192.168.103.1 activate
neighbor ip-address route-map map-tag out Applies the specified outgoing route map to
Example:
the specified neighbor.
Device(config-router-af)# neighbor 192.168.103.1 route-map rt-mapping out
exit-address-family Example:
Exits address family configuration mode and enters privileged EXEC mode.
Device(config-router-af)# exit-address-family
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 416
Configuring BGP-RT and VPN Distinguisher Attribute Rewrite Wildcard
Replacing a Range of RTs with an RT
Replacing a Range of RTs with an RT
Perform this task on an ingress ASBR to replace an RT range of attributes with an RT attribute. This task assumes you already configured the egress ASBR to replace the RT with an RT range; that task is described in the "Replacing an RT with a Range of RTs" section.
To replace a range of RTs with an RT, perform this procedure:
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3 Step 4
Device# configure terminal
ip extcommunity-list expanded-list {permit Configures an IP extended community list to
| deny} rt reg-exp
configure Virtual Private Network (VPN) route
Example:
filtering, such that routes with the specified RT range are in the extended community list.
Device(config)# ip extcommunity-list 128 permit rt 500:[1-9]
This example permits routes having RTs in the range 500:1 to 500:9 into the extended community list 128.
exit Example:
Exits the configuration mode and enters the next higher configuration mode.
Step 5 Step 6
Device(config-extcomm-list)# exit
route-map map-tag {permit | deny}
Configures a route map that permits or denies
[sequence-number]
the routes that are allowed by the subsequent
Example:
match command.
This example permits the routes that are
Device(config)# route-map rtmap2 permit allowed by the subsequent match command.
10
match extcommunity extended-community-list-name Example:
Device(config-route-map)# match extcommunity 128
Matches on the specified community list.
In this example, routes that match the extended community list 128 (which was configured in Step 3) are subject to the subsequent set commands.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 417
Replacing a Range of RTs with an RT
Configuring BGP-RT and VPN Distinguisher Attribute Rewrite Wildcard
Step 7 Step 8 Step 9 Step 10
Step 11 Step 12 Step 13
Command or Action
Purpose
set extcomm-list extcommunity-name delete Example:
Device(config-route-map)# set extcomm-list 128 delete
Deletes the RTs in the range from routes that are in the specified extended community list.
In this example, RTs in the range are deleted from routes that are in extended community list 128.
set extcommunity rt value additive Example:
Device(config-route-map)# set extcommunity rt 400:1 additive
Sets the routes that are permitted by the route map with the specified RT.
In this example, routes that match extended community 128 have their RT set to 400:1. The additive keyword causes the RT to be added to the RT list without replacing any RTs.
exit Example:
Exits route-map configuration mode and enters global configuration mode.
Device(config-route-map)# exit
route-map map-tag {permit | deny} [sequence-number]
(Optional) Configures a route map entry that permits routes.
Example:
This example configures a route map entry that
permits other routes not subject to the
Device(config)# route-map rtmap2 permit RT-range-to-RT mapping. If you do not
20
perform this step, all other routes are subject
to an implicit deny.
exit Example:
Exits route-map configuration mode and enters global configuration mode.
Device(config-route-map)# exit
router bgp as-number Example:
Enters router configuration mode and creates a BGP routing process.
Device(config)# router bgp 4000
neighbor ip-address remote-as autonomous-system-number Example:
Specifies that the neighbor belongs to the autonomous system.
Device(config-router)# neighbor 192.168.0.50 remote-as 4000
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 418
Configuring BGP-RT and VPN Distinguisher Attribute Rewrite Wildcard Configuration Example for Replacing an RT with a Range of VPN Distinguishers
Step 14 Step 15 Step 16 Step 17
Command or Action address-family vpnv4 Example:
Purpose
Enters address family configuration mode to configure BGP peers to accept address-family-specific configurations.
Device(config-router-af)# address-family vpnv4
neighbor ip-address activate Example:
Activates the specified neighbor.
Device(config-router-af)# neighbor 192.168.0.50 activate
neighbor ip-address route-map map-tag in Applies the specified incoming route map to
Example:
the specified neighbor.
Device(config-router-af)# neighbor 192.168.0.50 route-map rtmap2 in
exit-address-family Example:
Exits address family configuration mode and enters privileged EXEC mode.
Device(config-router-af)# exit-address-family
Configuration Example for Replacing an RT with a Range of VPN Distinguishers
In the following example, on the egress ASBR, routes having RT 201:100 are in the extended community list 22. A route-map that is named rt-mapping matches on extended community list 22 and deletes the RT from routes in the community list. Routes that match the community list have their VPN distinguishers set to VPN distinguishers in the range from 600:1 to 600:8. The route map is applied to the neighbor 192.168.103.1.
Egress ASBR
ip extcommunity-list 22 permit rt 201:100 ! route-map rt-mapping permit 10
match extcommunity 22 set extcomm-list 22 delete set extcommunity vpn-distinguisher range 600:1 600:8 ! route-map rt-mapping permit 20 ! router bgp 3000 neighbor 192.168.103.1 remote-as 3000 address-family vpnv4
neighbor 192.168.103.1 activate
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 419
Configuring BGP-RT and VPN Distinguisher Attribute Rewrite Wildcard Additional References for BGP-RT and VPN Distinguisher Attribute Rewrite Wildcard
neighbor 192.168.103.1 route-map rt-mapping out exit-address-family !
On the ingress ASBR, VPN distinguishers in the range 600:1 to 600:8 belong to extended community list 101. A route map that is named rtmap2 maps those VPN distinguishers to RT range 700:1 700:10. The route map is applied to the neighbor 192.168.0.50. The additive option adds the new range to the existing value without replacing it.
Ingress ASBR
ip extcommunity-list 101 permit VD:600:[1-8] ! route-map rtmap2 permit 10
match extcommunity 101 set extcomm-list 101 delete set extcommunity rt 700:1 700:10 additive ! route-map rtmap2 permit 20 ! router bgp 4000 neighbor 192.168.0.50 remote-as 4000 address-family vpnv4
neighbor 192.168.0.50 activate neighbor 192.168.0.50 route-map rtmap2 in exit-address-family !
Additional References for BGP-RT and VPN Distinguisher Attribute Rewrite Wildcard
Related Documents Related Topic BGP commands
BGP--VPN Distinguisher Attribute
Document Title
Cisco IOS IP Routing: BGP Command Reference
"BGP--VPN Distinguisher Attribute" module in the IP Routing: BGP Configuration Guide, Cisco IOS XE Release 3S
Feature History for BGP--RT and VPN Distinguisher Attribute Rewrite Wildcard
This table provides release and related information for the features explained in this module.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 420
Configuring BGP-RT and VPN Distinguisher Attribute Rewrite Wildcard Feature History for BGP--RT and VPN Distinguisher Attribute Rewrite Wildcard
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1
BGP-RT and VPN Distinguisher Attribute Rewrite Wildcard
The BGP--RT and VPN Distinguisher Attribute Rewrite Wildcard feature introduces the ability to set a range of route target (RT) community attributes or VPN distinguisher community attributes when mapping them.
Cisco IOS XE Cupertino 17.7.1
BGP-RT and VPN Distinguisher Attribute Rewrite Wildcard
Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 421
Configuring BGP-RT and VPN Distinguisher Attribute Rewrite Wildcard Feature History for BGP--RT and VPN Distinguisher Attribute Rewrite Wildcard
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 422
3 6 C H A P T E R
Configuring BGP Support for 4-byte ASN
· Information About BGP Support for 4-byte ASN, on page 423 · How to Configure BGP Support for 4-byte ASN, on page 426 · Configuration Examples for BGP Support for 4-byte ASN, on page 431 · Additional References for BGP Support for 4-byte ASN, on page 436 · Feature History for BGP Support for 4-byte ASN, on page 436
Information About BGP Support for 4-byte ASN
The following sections provide information about BGP support for 4-byte ASN.
BGP Autonomous System Number Formats
Prior to January 2009, BGP autonomous system (AS) numbers that were allocated to companies were 2-octet numbers in the range from 1 to 65535 as described in RFC 4271, A Border Gateway Protocol 4 (BGP-4). Due to increased demand for AS numbers, the Internet Assigned Number Authority (IANA) started to allocate four-octet AS numbers in the range from 65536 to 4294967295. RFC 5396, Textual Representation of Autonomous System (AS) Numbers, documents three methods of representing AS numbers. Cisco has implemented the following two methods:
· Asplain--Decimal value notation where both 2-byte and 4-byte AS numbers are represented by their decimal value. For example, 65526 is a 2-byte AS number and 234567 is a 4-byte AS number.
· Asdot--Autonomous system dot notation where 2-byte AS numbers are represented by their decimal value and 4-byte AS numbers are represented by a dot notation. For example, 65526 is a 2-byte AS number and 1.169031 is a 4-byte AS number (this is dot notation for the 234567 decimal number).
For details about the third method of representing autonomous system numbers, see RFC 5396.
Asdot Only Autonomous System Number Formatting The 4-octet (4-byte) AS numbers are entered and displayed only in asdot notation, for example, 1.10 or 45000.64000. When using regular expressions to match 4-byte AS numbers the asdot format includes a period, which is a special character in regular expressions. A backslash must be entered before the period (for example, 1\.14) to ensure the regular expression match does not fail. The table below shows the format in which 2-byte and 4-byte AS numbers are configured, matched in regular expressions, and displayed in show command output in Cisco IOS images where only asdot formatting is available.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 423
BGP Autonomous System Number Formats
Configuring BGP Support for 4-byte ASN
Table 31: Asdot Only 4-Byte AS Number Format
Format asdot
Configuration Format
Show Command Output and Regular Expression Match Format
2-byte: 1 to 65535 4-byte: 1.0 to 2-byte: 1 to 65535 4-byte: 1.0 to
65535.65535
65535.65535
Asplain as Default AS Number Formatting
The Cisco implementation of 4-byte AS numbers uses asplain as the default display format for AS numbers, but you can configure 4-byte AS numbers in both the asplain and asdot format. In addition, the default format for matching 4-byte AS numbers in regular expressions is asplain, so you must ensure that any regular expressions to match 4-byte AS numbers are written in the asplain format. If you want to change the default show command output to display 4-byte autonomous system numbers in the asdot format, use the bgp asnotation dot command under router configuration mode. When the asdot format is enabled as the default, any regular expressions to match 4-byte AS numbers must be written using the asdot format, or the regular expression match will fail. The tables below show that although you can configure 4-byte AS numbers in either asplain or asdot format, only one format is used to display show command output and control 4-byte AS number matching for regular expressions, and the default is asplain format. To display 4-byte AS numbers in show command output and to control matching for regular expressions in the asdot format, you must configure the bgp asnotation dot command. After enabling the bgp asnotation dot command, a hard reset must be initiated for all BGP sessions by entering the clear ip bgp * command.
Note If you are upgrading to an image that supports 4-byte AS numbers, you can still use 2-byte AS numbers. The show command output and regular expression match are not changed and remain in asplain (decimal value) format for 2-byte AS numbers regardless of the format configured for 4-byte AS numbers.
Table 32: Default Asplain 4-Byte AS Number Format
Format Configuration Format
Show Command Output and Regular Expression Match Format
asplain 2-byte: 1 to 65535 4-byte: 65536 to 4294967295
2-byte: 1 to 65535 4-byte: 65536 to 4294967295
asdot 2-byte: 1 to 65535 4-byte: 1.0 to 65535.65535 2-byte: 1 to 65535 4-byte: 65536 to 4294967295
Table 33: Asdot 4-Byte AS Number Format
Format Configuration Format
Show Command Output and Regular Expression Match Format
asplain 2-byte: 1 to 65535 4-byte: 65536 to 4294967295
2-byte: 1 to 65535 4-byte: 1.0 to 65535.65535
asdot 2-byte: 1 to 65535 4-byte: 1.0 to 65535.65535 2-byte: 1 to 65535 4-byte: 1.0 to 65535.65535
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 424
Configuring BGP Support for 4-byte ASN
Cisco Implementation of 4-Byte Autonomous System Numbers
Reserved and Private AS Numbers
The Cisco implementation of BGP supports RFC 4893. RFC 4893 was developed to allow BGP to support a gradual transition from 2-byte AS numbers to 4-byte AS numbers. A new reserved (private) AS number, 23456, was created by RFC 4893 and this number cannot be configured as an AS number in the Cisco IOS CLI.
RFC 5398, Autonomous System (AS) Number Reservation for Documentation Use, describes new reserved AS numbers for documentation purposes. Use of the reserved numbers allow configuration examples to be accurately documented and avoids conflict with production networks if these configurations are literally copied. The reserved numbers are documented in the IANA AS number registry. Reserved 2-byte AS numbers are in the contiguous block, 64496 to 64511 and reserved 4-byte AS numbers are from 65536 to 65551 inclusive.
Private 2-byte AS numbers are still valid in the range from 64512 to 65534 with 65535 being reserved for special use. Private AS numbers can be used for internal routing domains but must be translated for traffic that is routed out to the Internet. BGP should not be configured to advertise private AS numbers to external networks. Cisco IOS software does not remove private AS numbers from routing updates by default. We recommend that ISPs filter private AS numbers.
Note AS number assignment for public and private networks is governed by the IANA. For information about AS numbers, including reserved number assignment, or to apply to register an AS number, see the following URL: http://www.iana.org/.
Cisco Implementation of 4-Byte Autonomous System Numbers
The Cisco implementation of 4-byte autonomous system (AS) numbers uses asplain--65538, for example--as the default regular expression match and output display format for AS numbers, but you can configure 4-byte AS numbers in both the asplain format and the asdot format as described in RFC 5396. To change the default regular expression match and output display of 4-byte AS numbers to asdot format, use the bgp asnotation dot command followed by the clear ip bgp * command to perform a hard reset of all current BGP sessions. For more details about 4-byte AS number formats, see the "BGP Autonomous System Number Formats" section.
The Cisco implementation of 4-byte AS numbers uses asdot--1.2, for example--as the only configuration format, regular expression match, and output display, with no asplain support. For an example of BGP peers in two autonomous systems using 4-byte numbers, see the figure below. To view a configuration example of the configuration between three neighbor peers in separate 4-byte autonomous systems that are configured using asdot notation, see the "Example: Configuring a BGP Routing Process and Peers Using 4-Byte Autonomous System Numbers" section.
Cisco also supports RFC 4893, which was developed to allow BGP to support a gradual transition from 2-byte AS numbers to 4-byte AS numbers. To ensure a smooth transition, we recommend that all BGP speakers within an AS that is identified using a 4-byte AS number be upgraded to support 4-byte AS numbers.
Note A new private AS number, 23456, was created by RFC 4893, and this number cannot be configured as an AS number in the Cisco IOS CLI.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 425
How to Configure BGP Support for 4-byte ASN Figure 19: BGP Peers in Two Autonomous Systems Using 4-Byte Numbers
Configuring BGP Support for 4-byte ASN
How to Configure BGP Support for 4-byte ASN
The following sections provide configurational information about BGP support for 4-byte ASN.
Configuring a BGP Routing Process and Peers Using 4-Byte Autonomous System Numbers
Perform this task to configure a Border Gateway Protocol (BGP) routing process and BGP peers when the BGP peers are located in an autonomous system (AS) that uses 4-byte AS numbers. The address family that is configured here is the default IPv4 unicast address family, and the configuration is done at Router B in the figure above (in the "Cisco Implementation of 4-Byte Autonomous System Numbers" section). The 4-byte AS numbers in this task are formatted in the default asplain (decimal value) format; for example, Router B is in AS number 65538 in the figure above. Remember to perform this task for any neighbor routers that are to be BGP peers.
Before you begin
Note By default, neighbors that are defined using the neighbor remote-as command in router configuration mode exchange only IPv4 unicast address prefixes. To exchange other address prefix types, such as IPv6 prefixes, neighbors must also be activated using the neighbor activate command in address family configuration mode for the other prefix types.
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 426
Configuring BGP Support for 4-byte ASN
Configuring a BGP Routing Process and Peers Using 4-Byte Autonomous System Numbers
Step 2 Step 3 Step 4 Step 5 Step 6
Step 7 Step 8
Command or Action
Device> enable
configure terminal Example:
Purpose Enters global configuration mode.
Device# configure terminal
router bgp autonomous-system-number Example:
Device(config)# router bgp 65538
Enters router configuration mode for the specified routing process.
In this example, the 4-byte AS number, 65538, is defined in asplain notation.
neighbor ip-address remote-as autonomous-system-number Example:
Device(config-router)# neighbor 192.168.1.2 remote-as 65536
Adds the IP address of the neighbor in the specified AS to the IPv4 multiprotocol BGP neighbor table of the local device.
In this example, the 4-byte AS number, 65536, is defined in asplain notation.
Repeat Step 4 to define other BGP neighbors, -as required.
address-family ipv4 [unicast | multicast | Specifies the IPv4 address family and enters
vrf vrf-name]
address family configuration mode.
Example:
Device(config-router)# address-family ipv4 unicast
· The unicast keyword specifies the IPv4 unicast address family. By default, the device is placed in configuration mode for the IPv4 unicast address family if the unicast keyword is not specified with the address-family ipv4 command.
· The multicast keyword specifies IPv4 multicast address prefixes.
· The vrf keyword and vrf-name argument specify the name of the virtual routing and forwarding (VRF) instance to associate with subsequent IPv4 address family configuration mode commands.
neighbor ip-address activate Example:
Enables the neighbor to exchange prefixes for the IPv4 unicast address family with the local device.
Device(config-router-af)# neighbor 192.168.1.2 activate
Repeat Step 7 to activate other BGP neighbors, -as required.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 427
Configuring a BGP Routing Process and Peers Using 4-Byte Autonomous System Numbers
Configuring BGP Support for 4-byte ASN
Step 9 Step 10 Step 11
Step 12
Command or Action
Purpose
network network-number [mask
(Optional) Specifies a network as local to this
network-mask] [route-map route-map-name] AS and adds it to the BGP routing table.
Example:
Device(config-router-af)# network 172.17.1.0 mask 255.255.255.0
For exterior protocols the network command controls which networks are advertised. Interior protocols use the network command to determine where to send updates.
end Example:
Exits address family configuration mode and returns to privileged EXEC mode.
Device(config-router-af)# end
show ip bgp [network] [network-mask] Example:
Device# show ip bgp 10.1.1.0
(Optional) Displays the entries in the BGP routing table.
Note
Only the syntax applicable to this
task is used in this example. For
more details, see the Cisco IOS
IP Routing: BGP Command
Reference.
show ip bgp summary Example:
(Optional) Displays the status of all BGP connections.
Device# show ip bgp summary
The following output from the show ip bgp command at Router B shows the BGP routing table entry for network 10.1.1.0 that is learned from the BGP neighbor at 192.168.1.2 in Router A in the figure above with its 4-byte AS number of 65536 displayed in the default asplain format.
RouterB# show ip bgp 10.1.1.0
BGP routing table entry for 10.1.1.0/24, version 2 Paths: (1 available, best #1) Advertised to update-groups: 2 65536 192.168.1.2 from 192.168.1.2 (10.1.1.99) Origin IGP, metric 0, localpref 100, valid, external, best
The following output from the show ip bgp summary command shows the 4-byte AS number 65536 for the BGP neighbor 192.168.1.2 of Router A in the figure above after this task has been configured on Router B:
RouterB# show ip bgp summary
BGP router identifier 172.17.1.99, local AS number 65538 BGP table version is 3, main routing table version 3 2 network entries using 234 bytes of memory 2 path entries using 104 bytes of memory
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 428
Configuring BGP Support for 4-byte ASN
Modifying the Default Output and Regular Expression Match Format for 4-Byte Autonomous System Numbers
3/2 BGP path/bestpath attribute entries using 444 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 806 total bytes of memory
BGP activity 2/0 prefixes, 2/0 paths, scan interval 60 secs
Neighbor
V
AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
192.168.1.2
4
65536
6
6
3 0 0 00:01:33
Stated 1
Modifying the Default Output and Regular Expression Match Format for 4-Byte Autonomous System Numbers
Perform this task to modify the default output format for 4-byte autonomous system (AS) numbers from asplain format to asdot notation format. The show ip bgp summary command is used to display the changes in output format for the 4-byte AS numbers.
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
show ip bgp summary Example:
Displays the status of all Border Gateway Protocol (BGP) connections.
Step 3
Device# show ip bgp summary
configure terminal Example:
Enters global configuration mode.
Step 4 Step 5
Device# configure terminal
router bgp autonomous-system-number Example:
Device(config)# router bgp 65538
Enters router configuration mode for the specified routing process.
In this example, the 4-byte AS number, 65538, is defined in asplain notation.
[no] bgp asnotation dot Example:
Device(config-router)# bgp asnotation dot
Changes the default output format of BGP 4-byte AS numbers from asplain (decimal values) to dot notation.
Use the no form of this command to reset the default output format of BGP 4-byte AS numbers back to asplain (decimal values).
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 429
Modifying the Default Output and Regular Expression Match Format for 4-Byte Autonomous System Numbers
Configuring BGP Support for 4-byte ASN
Command or Action
Step 6 Step 7
end Example:
Device(config-router)# end
clear ip bgp * Example:
Device# clear ip bgp *
Step 8 Step 9
show ip bgp summary Example:
Device# show ip bgp summary
show ip bgp regexp regexp Example:
Device# show ip bgp regexp ^1\.0$
Purpose Note
4-byte AS numbers can be configured using either asplain format or asdot format. This command affects only the output displayed for show commands or the matching of regular expressions.
Exits address family configuration mode and returns to privileged EXEC mode.
Clears and resets all current BGP sessions.
In this example, a hard reset is performed to ensure that the 4-byte AS number format change is reflected in all BGP sessions.
Note
Only the syntax applicable to this
task is used in this example. For
more details, see the Cisco IOS IP
Routing: BGP Command
Reference.
Displays the status of all BGP connections.
Displays routes that match the AS path regular expression.
In this example, a regular expression to match a 4-byte AS path is configured using asdot format.
Examples
The following output from the show ip bgp summary command shows the default asplain format of the 4-byte AS numbers. Note the asplain format of the 4-byte AS numbers, 65536 and 65550.
Device# show ip bgp summary
BGP router identifier 172.17.1.99, local AS number 65538
BGP table version is 1, main routing table version 1
Neighbor
V
AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
192.168.1.2
4
65536
7
7
1 0 0 00:03:04
192.168.3.2
4
65550
4
4
1 0 0 00:00:15
Statd 0 0
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 430
Configuring BGP Support for 4-byte ASN
Configuration Examples for BGP Support for 4-byte ASN
After the bgp asnotation dot command is configured (followed by the clear ip bgp * command to perform a hard reset of all current BGP sessions), the output is converted to asdot notation format as shown in the following output from the show ip bgp summary command. Note the asdot format of the 4-byte AS numbers, 1.0 and 1.14 (these are the asdot conversions of the 65536 and 65550 AS numbers.
Device# show ip bgp summary
BGP router identifier 172.17.1.99, local AS number 1.2
BGP table version is 1, main routing table version 1
Neighbor
V
AS MsgRcvd MsgSent TblVer
192.168.1.2
4
1.0
9
9
1
192.168.3.2
4
1.14
6
6
1
InQ OutQ Up/Down 0 0 00:04:13 0 0 00:01:24
Statd 0 0
After the bgp asnotation dot command is configured (followed by the clear ip bgp * command to perform a hard reset of all current BGP sessions), the regular expression match format for 4-byte AS paths is changed to asdot notation format. Although a 4-byte AS number can be configured in a regular expression using either asplain format or asdot format, only 4-byte AS numbers configured using the current default format are matched. In the first example below, the show ip bgp regexp command is configured with a 4-byte AS number in asplain format. The match fails because the default format is currently asdot format and there is no output. In the second example using asdot format, the match passes and the information about the 4-byte AS path is shown using the asdot notation.
Note The asdot notation uses a period, which is a special character in Cisco regular expressions. To remove the special meaning, use a backslash before the period.
Device# show ip bgp regexp ^65536$
Device# show ip bgp regexp ^1\.0$
BGP table version is 2, local router ID is 172.17.1.99
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
Next Hop
Metric LocPrf Weight Path
*> 10.1.1.0/24
192.168.1.2
0
0 1.0 i
Configuration Examples for BGP Support for 4-byte ASN
The following sections provide configuration examples for BGP support for 4-byte ASN.
Examples: Configuring a BGP Routing Process and Peers Using 4-Byte Autonomous System Numbers
Asplain Format The following example shows the configuration for Router A, Router B, and Router E in the figure below with a Border Gateway Protocol (BGP) process configured between three neighbor peers (at Router A, at
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 431
Examples: Configuring a BGP Routing Process and Peers Using 4-Byte Autonomous System Numbers
Configuring BGP Support for 4-byte ASN
Router B, and at Router E) in separate 4-byte autonomous systems configured using asplain notation. IPv4 unicast routes are exchanged with all peers.
Figure 20: BGP Peers Using 4-Byte Autonomous System Numbers in Asplain Format
Router A
router bgp 65536 bgp router-id 10.1.1.99 no bgp default ipv4-unicast bgp fast-external-fallover bgp log-neighbor-changes timers bgp 70 120 neighbor 192.168.1.1 remote-as 65538 ! address-family ipv4 neighbor 192.168.1.1 activate no auto-summary no synchronization network 10.1.1.0 mask 255.255.255.0 exit-address-family
Router B
router bgp 65538 bgp router-id 172.17.1.99 no bgp default ipv4-unicast bgp fast-external-fallover bgp log-neighbor-changes timers bgp 70 120 neighbor 192.168.1.2 remote-as 65536 neighbor 192.168.3.2 remote-as 65550 neighbor 192.168.3.2 description finance ! address-family ipv4 neighbor 192.168.1.2 activate neighbor 192.168.3.2 activate no auto-summary no synchronization network 172.17.1.0 mask 255.255.255.0 exit-address-family
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 432
Configuring BGP Support for 4-byte ASN
Examples: Configuring a BGP Routing Process and Peers Using 4-Byte Autonomous System Numbers
Router E
router bgp 65550 bgp router-id 10.2.2.99 no bgp default ipv4-unicast bgp fast-external-fallover bgp log-neighbor-changes timers bgp 70 120 neighbor 192.168.3.1 remote-as 65538 ! address-family ipv4 neighbor 192.168.3.1 activate no auto-summary no synchronization network 10.2.2.0 mask 255.255.255.0 exit-address-family
Asdot Format
The following example shows how to create the configuration for Router A, Router B, and Router E in the figure below with a BGP process configured between three neighbor peers (at Router A, at Router B, and at Router E) in separate 4-byte autonomous systems configured using the default asdot format. IPv4 unicast routes are exchanged with all peers.
Figure 21: BGP Peers Using 4-Byte Autonomous System Numbers in Asdot Format
Router A
router bgp 1.0 bgp router-id 10.1.1.99 no bgp default ipv4-unicast bgp fast-external-fallover bgp log-neighbor-changes timers bgp 70 120 neighbor 192.168.1.1 remote-as 1.2 ! address-family ipv4 neighbor 192.168.1.1 activate no auto-summary no synchronization network 10.1.1.0 mask 255.255.255.0 exit-address-family
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 433
Configuring BGP Support for 4-byte ASN Examples: Configuring a VRF and Setting an Extended Community Using a BGP 4-Byte Autonomous System Number
Router B
router bgp 1.2 bgp router-id 172.17.1.99 no bgp default ipv4-unicast bgp fast-external-fallover bgp log-neighbor-changes timers bgp 70 120 neighbor 192.168.1.2 remote-as 1.0 neighbor 192.168.3.2 remote-as 1.14 neighbor 192.168.3.2 description finance ! address-family ipv4 neighbor 192.168.1.2 activate neighbor 192.168.3.2 activate no auto-summary no synchronization network 172.17.1.0 mask 255.255.255.0 exit-address-family
Router E
router bgp 1.14 bgp router-id 10.2.2.99 no bgp default ipv4-unicast bgp fast-external-fallover bgp log-neighbor-changes timers bgp 70 120 neighbor 192.168.3.1 remote-as 1.2 ! address-family ipv4 neighbor 192.168.3.1 activate no auto-summary no synchronization network 10.2.2.0 mask 255.255.255.0 exit-address-family
Examples: Configuring a VRF and Setting an Extended Community Using a BGP 4-Byte Autonomous System Number
The following example shows how to create a VRF with a route target that uses a 4-byte autonomous system number, 65537, and how to set the route target to extended community value 65537:100 for routes that are permitted by the route map:
ip vrf vpn_red rd 64500:100 route-target both 65537:100 exit route-map red_map permit 10 set extcommunity rt 65537:100 end
After the configuration is completed, use the show route-map command to verify that the extended community is set to the route target that contains the 4-byte autonomous system number of 65537:
DeviceB# show route-map red_map route-map red_map, permit, sequence 10
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 434
Configuring BGP Support for 4-byte ASN Examples: Configuring a VRF and Setting an Extended Community Using a BGP 4-Byte Autonomous System Number
Match clauses: Set clauses: extended community RT:65537:100 Policy routing matches: 0 packets, 0 bytes
4-Byte Autonomous System Number RD Support The following example shows how to create a VRF with a route distinguisher that contains a 4-byte AS number 65536, and a route target that contains a 4-byte autonomous system number, 65537:
ip vrf vpn_red rd 65536:100 route-target both 65537:100 exit
After the configuration is completed, use the show vrf command to verify that the 4-byte AS number route distinguisher is set to 65536:100:
DeviceB# show vrf vpn_red Current configuration : 36 bytes vrf definition x rd 65536:100 !
Asdot Default Format in Cisco IOS Release 12.0(32)S12, and 12.4(24)T The following example shows how to create a VRF with a route target that uses a 4-byte autonomous system number, 1.1, and how to set the route target to the extended community value 1.1:100 for routes that are permitted by the route map.
Note This example works if you have configured asdot as the default display format using the bgp asnotation dot command.
ip vrf vpn_red rd 64500:100 route-target both 1.1:100 exit route-map red_map permit 10 set extcommunity rt 1.1:100 end
After the configuration is completed, use the show route-map command to verify that the extended community is set to the route target that contains the 4-byte autonomous system number of 1.1.
DeviceB# show route-map red_map route-map red_map, permit, sequence 10 Match clauses: Set clauses: extended community RT:1.1:100 Policy routing matches: 0 packets, 0 bytes
Asdot Default Format for 4-Byte Autonomous System Number RD Support The following example works if you have configured asdot as the default display format using the bgp asnotation dot command:
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 435
Additional References for BGP Support for 4-byte ASN
Configuring BGP Support for 4-byte ASN
ip vrf vpn_red rd 1.0:100 route-target both 1.1:100 exit
Additional References for BGP Support for 4-byte ASN
Related Documents Related Topic BGP commands
Document Title Cisco IOS IP Routing: BGP Command Reference
Standards and RFCs Standard/RFC Title RFC 4893 BGP Support for Four-octet AS Number Space RFC 5396 Textual Representation of Autonomous System (AS) Numbers RFC 5398 Autonomous System (AS) Number Reservation for Documentation Use RFC 5668 4-Octet AS Specific BGP Extended Community
Feature History for BGP Support for 4-byte ASN
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1 BGP Support for 4-byte ASN
The Cisco implementation of 4-byte autonomous system (AS) numbers uses asplain--65538, for example--as the default regular expression match and output display format for AS numbers, but you can configure 4-byte AS numbers in both the asplain format and the asdot format as described in RFC 5396.
Cisco IOS XE Cupertino 17.7.1 BGP Support for 4-byte ASN
Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 436
Configuring BGP Support for 4-byte ASN
Feature History for BGP Support for 4-byte ASN
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 437
Feature History for BGP Support for 4-byte ASN
Configuring BGP Support for 4-byte ASN
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 438
3 7 C H A P T E R
Implementing Multiprotocol BGP for IPv6
· Information About Multiprotocol BGP for IPv6, on page 439 · How to Implement Multiprotocol BGP for IPv6, on page 440 · Verifying the IPv6 Multiprotocol BGP Configuration , on page 459 · Configuration Examples for Multiprotocol BGP for IPv6, on page 460 · Additional References for Multiprotocol BGP for IPv6, on page 463 · Feature History for Multiprotocol BGP for IPv6, on page 463
Information About Multiprotocol BGP for IPv6
This module describes how to configure multiprotocol Border Gateway Protocol (BGP) for IPv6. BGP is an Exterior Gateway Protocol (EGP) used mainly to connect separate routing domains that contain independent routing policies (autonomous systems). Connecting to a service provider for access to the Internet is a common use for BGP. BGP can also be used within an autonomous system and this variation is referred to as internal BGP (iBGP). Multiprotocol BGP is an enhanced BGP that carries routing information for multiple network layer protocol address families, for example, IPv6 address family and for IP multicast routes. All BGP commands and routing policy capabilities can be used with multiprotocol BGP.
Multiprotocol BGP Extensions for IPv6
Multiprotocol BGP is the supported Exterior Gateway Protocol (EGP) for IPv6. Multiprotocol BGP extensions for IPv6 support many of the same features and functionality as IPv4 BGP. IPv6 enhancements to multiprotocol BGP include support for an IPv6 address family and Network Layer Reachability Information (NLRI) and next hop (the next device in the path to the destination) attributes that use IPv6 addresses.
IPv6 Multiprotocol BGP Peering Using a Link-Local Address
The IPv6 multiprotocol BGP can be configured between two IPv6 devices (peers) using link-local addresses. For this function to work, you must identify the interface for the neighbor by using the neighbor update-source command, and you must configure a route map to set an IPv6 global next hop.
Multiprotocol BGP for the IPv6 Multicast Address Family
The multiprotocol BGP for the IPv6 multicast address family feature provides multicast BGP extensions for IPv6 and supports the same features and functionality as IPv4 BGP. IPv6 enhancements to multicast BGP
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 439
Nonstop Forwarding and Graceful Restart for MP-BGP IPv6 Address Family
Implementing Multiprotocol BGP for IPv6
include support for an IPv6 multicast address family and Network Layer Reachability Information (NLRI) and next hop (the next router in the path to the destination) attributes that use IPv6 addresses.
Multicast BGP is an enhanced BGP that allows the deployment of interdomain IPv6 multicast. Multiprotocol BGP carries routing information for multiple network layer protocol address families; for example, IPv6 address family and for IPv6 multicast routes. The IPv6 multicast address family contains routes that are used for RPF lookup by the IPv6 PIM protocol, and multicast BGP IPv6 provides for interdomain transport of the same. Users must use multiprotocol BGP for IPv6 multicast when using IPv6 multicast with BGP because the unicast BGP learned routes will not be used for IPv6 multicast.
Multicast BGP functionality is provided through a separate address family context. A subsequent address family identifier (SAFI) provides information about the type of the Network Layer Reachability Information that is carried in the attribute. Multiprotocol BGP unicast uses SAFI 1 messages, and multiprotocol BGP multicast uses SAFI 2 messages. SAFI 1 messages indicate that the routes are usable only for IP unicast, not IP multicast. Because of this functionality, BGP routes in the IPv6 unicast RIB must be ignored in the IPv6 multicast RPF lookup.
A separate BGP routing table is maintained to configure incongruent policies and topologies (for example, IPv6 unicast and multicast) by using IPv6 multicast RPF lookup. Multicast RPF lookup is very similar to the IP unicast route lookup.
No MRIB is associated with the IPv6 multicast BGP table. However, IPv6 multicast BGP operates on the unicast IPv6 RIB when needed. Multicast BGP does not insert or update routes into the IPv6 unicast RIB.
Nonstop Forwarding and Graceful Restart for MP-BGP IPv6 Address Family
The graceful restart capability is supported for IPv6 BGP unicast, multicast, and VPNv6 address families, enabling Cisco nonstop forwarding (NSF) functionality for BGP IPv6. The BGP graceful restart capability allows the BGP routing table to be recovered from peers without keeping the TCP state.
NSF continues forwarding packets while routing protocols converge, therefore avoiding a route flap on switchover. Forwarding is maintained by synchronizing the FIB between the active and standby RP. On switchover, forwarding is maintained using the FIB. The RIB is not kept synchronized; therefore, the RIB is empty on switchover. The RIB is repopulated by the routing protocols and subsequently informs FIB about RIB convergence by using the NSF_RIB_CONVERGED registry call. The FIB tables are updated from the RIB, removing any stale entries. The RIB starts a failsafe timer during RP switchover, in case the routing protocols fail to notify the RIB of convergence.
The Cisco BGP address family identifier (AFI) model is designed to be modular and scalable, and to support multiple AFI and subsequent address family identifier (SAFI) configurations.
How to Implement Multiprotocol BGP for IPv6
Configuring an IPv6 BGP Routing Process and BGP Router ID
Perform this task to configure an IPv6 BGP routing process and an optional BGP router ID for a BGP-speaking device.
BGP uses a router ID to identify BGP-speaking peers. The BGP router ID is 32-bit value that is often represented by an IPv4 address. By default, the router ID is set to the IPv4 address of a loopback interface on the device. If no loopback interface is configured on the device, then the software chooses the highest IPv4 address configured to a physical interface on the device to represent the BGP router ID.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 440
Implementing Multiprotocol BGP for IPv6
Configuring an IPv6 BGP Routing Process and BGP Router ID
When configuring BGP on a device that is enabled only for IPv6 (that is, the device does not have an IPv4 address), you must manually configure the BGP router ID for the device. The BGP router ID, which is represented as a 32-bit value using an IPv4 address syntax, must be unique to the BGP peers of the device.
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3 Step 4
Device# configure terminal
router bgp as-number Example:
Configures a BGP routing process, and enters router configuration mode for the specified routing process.
Device(config)# router bgp 65000
no bgp default ipv4-unicast Example:
Device(config-router)# no bgp default ipv4-unicast
Disables the IPv4 unicast address family for the BGP routing process that is specified in the previous step.
Note
Routing information for the IPv4
unicast address family is
advertised by default for each
BGP routing session that is
configured with the neighbor
remote-as command unless you
configure the no bgp default
ipv4-unicast command before
configuring the neighbor
remote-as command.
Step 5
bgp router-id ip-address Example:
Device(config-router)# bgp router-id 192.168.99.70
(Optional) Configures a fixed 32-bit router ID as the identifier of the local device running BGP.
Note
Configuring a router ID using the
bgp router-id command resets all
active BGP peering sessions.
Step 6
end Example:
Exits router configuration mode and returns to privileged EXEC mode.
Device(config-router)# end
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 441
Configuring IPv6 Multiprotocol BGP Between Two Peers
Implementing Multiprotocol BGP for IPv6
Configuring IPv6 Multiprotocol BGP Between Two Peers
By default, neighbors that are defined using the neighbor remote-as command in router configuration mode exchange only IPv4 unicast address prefixes. To exchange other address prefix types, such as IPv6 prefixes, neighbors must also be activated using the neighbor activate command in address family configuration mode for the other prefix types, as shown for IPv6 prefixes.
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device# configure terminal
router bgp as-number Example:
Enters router configuration mode for the specified routing process.
Step 4
Device(config)# router bgp 65000
neighbor {ip-address | ipv6-address [%] | peer-group-name} remote-as autonomous-system-number [alternate-as autonomous-system-number ...]
Example:
Adds the IPv6 address of the neighbor in the specified autonomous system to the IPv6 multiprotocol BGP neighbor table of the local device.
Step 5
Device(config-router)# neighbor 2001:DB8:0:CC00::1 remote-as 64600
address-family ipv6 [unicast | multicast] Example:
Device(config-router)# address-family ipv6
Specifies the IPv6 address family and enters address family configuration mode.
· The unicast keyword specifies the IPv6 unicast address family. By default, the device is placed in configuration mode for the IPv6 unicast address family if a keyword is not specified with the address-family ipv6 command.
· The multicast keyword specifies IPv6 multicast address prefixes.
Step 6
neighbor {ip-address | peer-group-name | ipv6-address %} activate
Example:
Enables the neighbor to exchange prefixes for the IPv6 address family with the local device.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 442
Implementing Multiprotocol BGP for IPv6
Configuring IPv6 Multiprotocol BGP Between Two Peers Using Link-Local Addresses
Step 7
Command or Action
Device(config-router-af)# neighbor 2001:DB8:0:CC00::1 activate
end Example:
Device(config-router-af)# end
Purpose
Exits address family configuration mode and returns to privileged EXEC mode.
Configuring IPv6 Multiprotocol BGP Between Two Peers Using Link-Local Addresses
By default, neighbors that are defined using the neighbor remote-as command in router configuration mode exchange only IPv4 unicast address prefixes. To exchange other address prefix types, such as IPv6 prefixes, neighbors must also be activated using the neighbor activate command in address family configuration mode for the other prefix types, as shown for IPv6 prefixes.
By default, route maps that are applied in router configuration mode using the neighbor route-map command are applied to only IPv4 unicast address prefixes. Route maps for other address families must be applied in address family configuration mode using the neighbor route-map command, as shown for the IPv6 address family. The route maps are applied either as the inbound or outbound routing policy for neighbors under the specified address family. Configuring separate route maps under each address family type simplifies managing complicated or different policies for each address family.
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device# configure terminal
router bgp autonomous-system-number Example:
Enters router configuration mode for the specified routing process.
Step 4
Device(config)# router bgp 65000
neighbor {ip-address | ipv6-address | peer-group-name} remote-as as-number Example:
Device(config-router)# neighbor
Adds the link-local IPv6 address of the neighbor in the specified remote autonomous system to the IPv6 multiprotocol BGP neighbor table of the local router.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 443
Configuring IPv6 Multiprotocol BGP Between Two Peers Using Link-Local Addresses
Implementing Multiprotocol BGP for IPv6
Step 5 Step 6
Step 7 Step 8 Step 9
Command or Action
Purpose
2001:DB8:0000:0000:0000:0000:0000:0111 The ipv6-addressargument in the neighbor
remote-as 64600
remote-ascommand must be a link-local IPv6
address in the form that is documented in RFC
2373 where the address is specified in
hexadecimal using 16-bit values between
colons.
neighbor {ip-address | ipv6-address |
Specifies the link-local address over which the
peer-group-name} update-source
peering is to occur.
interface-type interface-number
If there are multiple connections to the
Example:
neighbor and you do not specify the neighbor
interface by using the interface-type and
Device(config-router)# neighbor
interface-numberarguments in the neighbor
2001:DB8:0000:0000:0000:0000:0000:0111 update-source command, a TCP connection
update-source gigabitethernet 0/0/0
cannot be established with the neighbor using link-local addresses.
address-family ipv6 [vrf vrf-name] [unicast Specifies the IPv6 address family, and enters
| multicast | vpnv6
address family configuration mode.
Example:
Device(config-router)# address-family ipv6
· The unicast keyword specifies the IPv6 unicast address family. By default, the router is placed in configuration mode for the IPv6 unicast address family if the unicast keyword is not specified with the address-family ipv6 command.
· The multicast keyword specifies IPv6 multicast address prefixes.
neighbor {ip-address | peer-group-name | ipv6-address} activate
Example:
Enables the neighbor to exchange prefixes for the IPv6 address family with the local router using the specified link-local addresses.
Device(config-router-af)# neighbor 2001:DB8:0000:0000:0000:0000:0000:0111
activate
neighbor {ip-address | peer-group-name | Applies a route map to incoming or outgoing ipv6-address} route-map map-name {in | out routes.
Example:
Device(config-router-af)# neighbor 2001:DB8:0000:0000:0000:0000:0000:0111
route-map nh6 out
exit Example:
Exits address family configuration mode, and returns to router configuration mode.
Device(config-router-af)# exit
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 444
Implementing Multiprotocol BGP for IPv6
Configuring IPv6 Multiprotocol BGP Between Two Peers Using Link-Local Addresses
Step 10 Step 11 Step 12 Step 13
Command or Action exit Example:
Purpose
Exits router configuration mode, and returns to global configuration mode.
Device(config-router)# exit
route-map map-tag [permit | deny] [sequence-number] Example:
Defines a route map and enters route-map configuration mode.
Device(config)# route-map nh6 permit 10
match ipv6 address {prefix-list prefix-list-name | access-list-name
Example:
Distributes any routes that have a destination IPv6 network number address that is permitted by a prefix list, or performs policy routing on packets.
Device(config-route-map)# match ipv6 address prefix-list list1
set ipv6 next-hop ipv6-address [link-local-address] [peer-address Example:
Device(config-route-map)# set ipv6 next-hop 2001:DB8::1
Overrides the next hop that is advertised to the peer for IPv6 packets that pass a match clause of a route map for policy routing.
· The ipv6-address argument specifies the IPv6 global address of the next hop. It need not be an adjacent router.
· The link-local-addressargument specifies the IPv6 link-local address of the next hop. It must be an adjacent router.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 445
Troubleshooting Tips
Implementing Multiprotocol BGP for IPv6
Command or Action
Step 14
end Example:
Device(config-route-map)# end
Purpose Note
The route map sets the IPv6 next-hop addresses (global and link-local) in BGP updates. If the route map is not configured, the next-hop address in the BGP updates defaults to the unspecified IPv6 address (::), which is rejected by the peer. If you specify only the global IPv6 next-hop address (the ipv6-address argument) with the set ipv6 next-hopcommand after specifying the neighbor interface (the interface-type argument) with the neighbor update-source command in Step 5, the link-local address of the interface that is specified with the interface-type argument is included as the next-hop in the BGP updates. Therefore, only one route map that sets the global IPv6 next-hop address in BGP updates is required for multiple BGP peers that use link-local addresses.
Exits route-map configuration mode and returns to privileged EXEC mode.
Troubleshooting Tips
If peering is not established by this task, it may be because of a missing route map set ipv6 next-hop command. Use the debug bgp ipv6 update command to display debugging information on the updates to help determine the state of the peering.
Configuring an IPv6 Multiprotocol BGP Peer Group
· By default, neighbors that are defined using the neighbor remote-as command in router configuration mode exchange only IPv4 unicast address prefixes. To exchange other address prefix types, such as IPv6 prefixes, neighbors must also be activated using the neighbor activate command in address family configuration mode for the other prefix types, as shown for IPv6 prefixes.
· By default, peer groups that are defined in router configuration mode using the neighbor peer-groupcommand exchange only IPv4 unicast address prefixes. To exchange other address prefix
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 446
Implementing Multiprotocol BGP for IPv6
Configuring an IPv6 Multiprotocol BGP Peer Group
types, such as IPv6 prefixes, you must activate peer groups using the neighbor activate command in address family configuration mode for the other prefix types, as shown for IPv6 prefixes.
· Members of a peer group automatically inherit the address prefix configuration of the peer group.
· IPv4 active neighbors cannot exist in the same peer group as active IPv6 neighbors. Create separate peer groups for IPv4 peers and IPv6 peers.
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device# configure terminal
router bgp as-number Example:
Enters router configuration mode for the specified BGP routing process.
Step 4
Device(config)# router bgp 65000
neighbor peer-group-name peer-group Example:
Creates a multiprotocol BGP peer group.
Step 5
Device(config-router)# neighbor group1 peer-group
neighbor {ip-address | ipv6-address[%] | peer-group-name} remote-as autonomous-system-number [alternate-as autonomous-system-number ...]
Example:
Adds the IPv6 address of the neighbor in the specified autonomous system to the IPv6 multiprotocol BGP neighbor table of the local router.
Step 6
Device(config-router)# neighbor 2001:DB8:0:CC00::1 remote-as 64600
address-family ipv6 [vrf vrf-name] [unicast Specifies the IPv6 address family, and enters
| multicast | vpnv6
address family configuration mode.
Example:
Device(config-router)# address-family ipv6 unicast
· The unicast keyword specifies the IPv6 unicast address family. By default, the device is placed in configuration mode for the IPv6 unicast address family if the unicast keyword is not specified with the address-family ipv6 command.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 447
Configuring a Route Map for IPv6 Multiprotocol BGP Prefixes
Implementing Multiprotocol BGP for IPv6
Step 7 Step 8 Step 9 Step 10
Command or Action
Purpose
· The multicast keyword specifies IPv6 multicast address prefixes.
neighbor {ip-address | peer-group-name | ipv6-address %} activate Example:
Device(config-router-af)# neighbor 2001:DB8:0:CC00::1 activate
neighbor ip-address | ipv6-address} send-label Example:
Device(config-router-af)# neighbor 192.168.99.70 send-label
neighbor {ip-address | ipv6-address} peer-group peer-group-name Example:
Enables the neighbor to exchange prefixes for the specified family type with the neighbor and the local router.
To avoid extra configuration steps for each neighbor, use the neighbor activate command with the peer-group-name argument as an alternative in this step.
Advertises the capability of the device to send MPLS labels with BGP routes.
In IPv6 address family configuration mode, this command enables binding and advertisement of aggregate labels when advertising IPv6 prefixes in BGP.
Assigns the IPv6 address of a BGP neighbor to a peer group.
Device(config-router-af)# neighbor 2001:DB8:0:CC00::1 peer-group group1
end Example:
Exits address family configuration mode, and returns to privileged EXEC mode.
Device(config-router-af)# end
Configuring a Route Map for IPv6 Multiprotocol BGP Prefixes
· By default, neighbors that are defined using the neighbor remote-as command in router configuration mode exchange only IPv4 unicast address prefixes. To exchange other address prefix types, such as IPv6 prefixes, neighbors must also be activated using the neighbor activate command in address family configuration mode for the other prefix types, as shown for IPv6 prefixes.
· By default, route maps that are applied in router configuration mode using the neighbor route-map command are applied to only IPv4 unicast address prefixes. Route maps for other address families must be applied in address family configuration mode using the neighbor route-map command, as shown for the IPv6 address family. The route maps are applied either as the inbound or outbound routing policy for neighbors under the specified address family. Configuring separate route maps under each address family type simplifies managing complicated or different policies for each address family.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 448
Implementing Multiprotocol BGP for IPv6
Configuring a Route Map for IPv6 Multiprotocol BGP Prefixes
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device# configure terminal
router bgp as-number Example:
Enters router configuration mode for the specified routing process.
Step 4
Device(config)# router bgp 65000
neighbor {ip-address | ipv6-address[%] | peer-group-name} remote-as autonomous-system-number [alternate-as autonomous-system-number ...]
Example:
Adds the link-local IPv6 address of the neighbor in the specified remote autonomous system to the IPv6 multiprotocol BGP neighbor table of the local device.
Step 5
Device(config-router)# neighbor 2001:DB8:0:cc00::1 remote-as 64600
address-family ipv6 [vrf vrf-name] [unicast Specifies the IPv6 address family, and enters
| multicast | vpnv6]
address family configuration mode.
Example:
Device(config-router)# address-family ipv6
· The unicast keyword specifies the IPv6 unicast address family. By default, the device is placed in configuration mode for the IPv6 unicast address family if the unicast keyword is not specified with the address-family ipv6 command.
· The multicast keyword specifies IPv6 multicast address prefixes.
Step 6
neighbor {ip-address | peer-group-name | ipv6-address %} activate
Example:
Enables the neighbor to exchange prefixes for the IPv6 address family with the local device using the specified link-local addresses.
Step 7
Device(config-router-af)# neighbor 2001:DB8:0:cc00::1 activate
neighbor {ip-address | peer-group-name | Applies a route map to incoming or outgoing ipv6-address [%]} route-map map-name {in routes. | out}
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 449
Redistributing Prefixes into IPv6 Multiprotocol BGP
Implementing Multiprotocol BGP for IPv6
Step 8 Step 9 Step 10 Step 11 Step 12
Command or Action Example:
Device(config-router-af)# neighbor 2001:DB8:0:cc00::1 route-map rtp in
exit Example:
Purpose
Changes to the route map will not take effect for existing peers until the peering is reset or a soft reset is performed. Using the clear bgp ipv6 command with the soft and in keywords will perform a soft reset.
Exits address family configuration mode, and returns to router configuration mode.
Device(config-router-af)# exit
exit Example:
Exits router configuration mode, and returns to global configuration mode.
Device(config-router)# exit
route-map map-tag [permit | deny] [sequence-number] Example:
Defines a route map and enters route-map configuration mode.
Follow this step with a match command.
Device(config)# route-map rtp permit 10
match ipv6 address {prefix-list prefix-list-name | access-list-name}
Example:
Distributes any routes that have a destination IPv6 network number address permitted by a prefix list, or performs policy routing on packets.
Device(config-route-map)# match ipv6 address prefix-list list1
end Example:
Exits route-map configuration mode and returns to privileged EXEC mode.
Device(config-route-map)# end
Redistributing Prefixes into IPv6 Multiprotocol BGP
Redistribution is the process of redistributing, or injecting, prefixes from one routing protocol into another routing protocol. This task explains how to inject prefixes from a routing protocol into IPv6 multiprotocol BGP. Specifically, prefixes that are redistributed into IPv6 multiprotocol BGP using the redistribute router configuration command are injected into the IPv6 unicast database.
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 450
Implementing Multiprotocol BGP for IPv6
Advertising Routes into IPv6 Multiprotocol BGP
Step 2 Step 3 Step 4
Step 5 Step 6
Command or Action
Device> enable
configure terminal Example:
Purpose Enters global configuration mode.
Device# configure terminal
router bgp as-number Example:
Enters router configuration mode for the specified BGP routing process.
Device(config)# router bgp 65000
address-family ipv6 [vrf vrf-name] [unicast Specifies the IPv6 address family, and enters
| multicast | vpnv6]
address family configuration mode.
Example:
Device(config-router)# address-family ipv6
· The unicast keyword specifies the IPv6 unicast address family. By default, the device is placed in configuration mode for the IPv6 unicast address family if a keyword is not specified with the address-family ipv6 command.
· The multicast keyword specifies IPv6 multicast address prefixes.
redistribute bgp [process-id] [metric metric-value] [route-map map-name]
Example:
Redistributes IPv6 routes from one routing domain into another routing domain.
Device(config-router-af)# redistribute bgp 64500 metric 5
end Example:
Exits address family configuration mode, and returns to privileged EXEC mode.
Device(config-router-af)# end
Advertising Routes into IPv6 Multiprotocol BGP
By default, networks that are defined in router configuration mode using the network command are injected into the IPv4 unicast database. To inject a network into another database, such as the IPv6 BGP database, you must define the network using the network command in address family configuration mode for the other database, as shown for the IPv6 BGP database.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 451
Advertising Routes into IPv6 Multiprotocol BGP
Implementing Multiprotocol BGP for IPv6
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device# configure terminal
router bgp as-number Example:
Enters router configuration mode for the specified BGP routing process.
Step 4
Device(config)# router bgp 65000
address-family ipv6 [vrf vrf-name] [unicast Specifies the IPv6 address family, and enters
| multicast | vpnv6]
address family configuration mode.
Example:
Device(config-router)# address-family ipv6 unicast
· The unicast keyword specifies the IPv6 unicast address family. By default, the device is placed in configuration mode for the IPv6 unicast address family if a keyword is not specified with the address-family ipv6 command.
· The multicast keyword specifies IPv6 multicast address prefixes.
Step 5
network {network-number [mask network-mask] | nsap-prefix} [route-map map-tag] Example:
Device(config-router-af)# network 2001:DB8::/24
Advertises (injects) the specified prefix into the IPv6 BGP database (the routes must first be found in the IPv6 unicast routing table).
· The prefix is injected into the database for the address family specified in the previous step.
· Routes are tagged from the specified prefix as "local origin."
· The ipv6-prefix argument in the network command must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16-bit values between colons.
· The prefix-length argument is a decimal value that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 452
Implementing Multiprotocol BGP for IPv6
Advertising IPv4 Routes Between IPv6 BGP Peers
Command or Action
Step 6
exit Example:
Device(config-router-af)# exit
Purpose of the address). A slash mark must precede the decimal value.
Exits address family configuration mode, and returns the device to router configuration mode.
Repeat this step to exit router configuration mode and return the device to global configuration mode.
Advertising IPv4 Routes Between IPv6 BGP Peers
If an IPv6 network is connecting two separate IPv4 networks, IPv6 can be used to advertise the IPv4 routes. Configure the peering using the IPv6 addresses within the IPv4 address family. Set the next hop with a static route or with an inbound route map because the advertised next hop will usually be unreachable. Advertising IPv6 routes between two IPv4 peers is also possible using the same model.
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device# configure terminal
router bgp as-number Example:
Enters router configuration mode for the specified routing process.
Step 4
Device(config)# router bgp 65000
neighbor peer-group-name peer-group Example:
Creates a multiprotocol BGP peer group.
Step 5
Device(config-router)# neighbor 6peers peer-group
neighbor {ip-address | ipv6-address[%] | peer-group-name} remote-as autonomous-system-number [alternate-as autonomous-system-number ...]
Example:
Adds the IPv6 address of the neighbor in the specified autonomous system to the IPv6 multiprotocol BGP neighbor table of the local device.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 453
Advertising IPv4 Routes Between IPv6 BGP Peers
Implementing Multiprotocol BGP for IPv6
Step 6 Step 7 Step 8
Step 9 Step 10 Step 11 Step 12
Command or Action
Purpose
Device(config-router)# neighbor 6peers remote-as 65002
address-family ipv4 [mdt | multicast | tunnel Enters address family configuration mode to
| unicast [vrf vrf-name] | vrf vrf-name]
configure a routing session using standard IPv4
Example:
address prefixes.
Device(config-router)# address-family ipv4
neighbor ipv6-address peer-group peer-group-name
Example:
Assigns the IPv6 address of a BGP neighbor to a peer group.
Device(config-router-af)# neighbor 2001:DB8:1234::2 peer-group 6peers
neighbor {ip-address | peer-group-name | Applies a route map to incoming or outgoing
ipv6-address [%]} route-map map-name {in routes.
| out}
Changes to the route map will not take effect
Example:
for existing peers until the peering is reset or
a soft reset is performed. Using the clear bgp
Device(config-router-af)# neighbor
ipv6 command with the soft and in keywords
6peers route-map rmap out
will perform a soft reset.
exit Example:
Exits address family configuration mode, and returns the device to router configuration mode.
Device(config-router-af)# exit
exit Example:
Exits router configuration mode, and returns the device to global configuration mode.
Device(config-router)# exit
route-map map-tag [permit | deny] [sequence-number] Example:
Defines a route map and enters route-map configuration mode.
Device(config)# route-map rmap permit 10
set ip next-hop ip-address [... ip-address] [peer-address]
Example:
Overrides the next hop that is advertised to the peer for IPv4 packets.
Device(config-route-map)# set ip next-hop 10.21.8.10
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 454
Implementing Multiprotocol BGP for IPv6
Assigning BGP Administrative Distance for Multicast BGP Routes
Step 13
Command or Action end Example:
Device(config-router-af)# end
Purpose
Exits address family configuration mode and returns to privileged EXEC mode.
Assigning BGP Administrative Distance for Multicast BGP Routes
Perform this task to specify an administrative distance for multicast BGP routes to be used in RPF lookups for comparison with unicast routes.
Caution Changing the administrative distance of BGP internal routes is not recommended. One problem that can occur is the accumulation of routing table inconsistencies, which can break routing.
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device# configure terminal
router bgp as-number Example:
Enters router configuration mode for the specified routing process.
Step 4
Device(config)# router bgp 65000
address-family ipv6 [vrf vrf-name] [unicast | Specifies the IPv6 address family, and enters
multicast | vpnv6]
address family configuration mode.
Example:
Device(config-router)# address-family ipv6
· The unicast keyword specifies the IPv6 unicast address family. By default, the router is placed in configuration mode for the IPv6 unicast address family if the unicast keyword is not specified with the address-family ipv6 command.
· The multicast keyword specifies IPv6 multicast address prefixes.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 455
Generating IPv6 Multicast BGP Updates
Implementing Multiprotocol BGP for IPv6
Step 5 Step 6
Command or Action
distance bgp external-distance internal-distance local-distance Example:
Purpose
Configures the administrative distance for BGP routes.
Device(config-router-af)# distance bgp 10 50 100
end Example:
Exits address family configuration mode and returns to privileged EXEC mode.
Device(config-router-af)# end
Generating IPv6 Multicast BGP Updates
Perform this task to generate IPv6 multicast BGP updates that correspond to unicast IPv6 updates received from a peer.
The MBGP translate-update feature generally is used in an MBGP-capable router that peers with a customer site that has only a BGP-capable router; the customer site has not or cannot upgrade its router to an MBGP-capable image. Because the customer site cannot originate MBGP advertisements, the router with which it peers will translate the BGP prefixes into MBGP prefixes, which are used for multicast-source Reverse Path Forwarding (RPF) lookup.
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device# configure terminal
router bgp as-number Example:
Enters router configuration mode for the specified routing process.
Step 4
Device(config)# router bgp 65000
address-family ipv6 [vrf vrf-name] [unicast | Specifies the IPv6 address family, and enters
multicast | vpnv6
address family configuration mode.
Example:
Device(config-router)# address-family ipv6
· The unicast keyword specifies the IPv6 unicast address family. By default, the router is placed in configuration mode for
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 456
Implementing Multiprotocol BGP for IPv6
Configuring the IPv6 BGP Graceful Restart Capability
Step 5 Step 6
Command or Action
Purpose the IPv6 unicast address family if the unicast keyword is not specified with the address-family ipv6 command.
· The multicast keyword specifies IPv6 multicast address prefixes.
neighbor ipv6-address translate-update ipv6 Generates multiprotocol IPv6 BGP updates that
multicast [unicast
correspond to unicast IPv6 updates received
Example:
from a peer.
Device(config-router-af)# neighbor 2001:DB8::2 translate-update ipv6 multicast
end Example:
Exits address family configuration mode and returns to privileged EXEC mode.
Device(config-router-af)# end
Configuring the IPv6 BGP Graceful Restart Capability
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device# configure terminal
router bgp as-number Example:
Enters router configuration mode for the specified routing process.
Step 4
Device(config)# router bgp 65000
bgp graceful-restart [restart-time seconds | Enables the BGP graceful restart capability. stalepath-time seconds] [all] Example:
Device(config-router)# bgp graceful-restart
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 457
Resetting IPv6 BGP Sessions
Implementing Multiprotocol BGP for IPv6
Step 5
Command or Action end Example:
Device(config-router)# end
Purpose
Exits router configuration mode and returns to privileged EXEC mode.
Resetting IPv6 BGP Sessions
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
clear bgp ipv6 {unicast | multicast} {* | autonomous-system-number | ip-address | ipv6-address | peer-group peer-group-name} [soft] [in | out]
Resets IPv6 BGP sessions.
Example:
Step 3
Device# clear bgp ipv6 unicast peer-group marketing soft out
clear bgp ipv6 {unicast | multicast} external Clears external IPv6 BGP peers. [soft] [in | out]
Example:
Step 4
Device# clear bgp ipv6 unicast external soft in
clear bgp ipv6 {unicast | multicast} peer-group name
Example:
Clears all members of an IPv6 BGP peer group.
Step 5
Device# clear bgp ipv6 unicast peer-group marketing
clear bgp ipv6 {unicast | multicast} dampening [ipv6-prefix/prefix-length]
Example:
Clears IPv6 BGP route dampening information and unsuppresses the suppressed routes.
Device# clear bgp ipv6 unicast dampening 2001:DB8::/64
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 458
Implementing Multiprotocol BGP for IPv6
Verifying the IPv6 Multiprotocol BGP Configuration
Step 6
Command or Action
clear bgp ipv6 {unicast | multicast} flap-statistics [ipv6-prefix/prefix-length | regexp regexp | filter-list list] Example:
Device# clear bgp ipv6 unicast flap-statistics filter-list 3
Purpose Clears IPv6 BGP flap statistics.
Verifying the IPv6 Multiprotocol BGP Configuration
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
show bgp ipv6 unicast | multicast} [ipv6-prefix/prefix-length] [longer-prefixes] [labels]
Example:
(Optional) Displays entries in the IPv6 BGP routing table.
Step 3
Device> show bgp ipv6 unicast
show bgp ipv6 {unicast | multicast} summary (Optional) Displays the status of all IPv6 BGP
Example:
connections.
Step 4
Device> show bgp ipv6 unicast summary
show bgp ipv6 {unicast | multicast} dampening dampened-paths
Example:
(Optional) Displays IPv6 BGP dampened routes.
Step 5
Device> show bgp ipv6 unicast dampening dampened-paths
debug bgp ipv6 {unicast | multicast} dampening[prefix-list prefix-list-name]
(Optional) Displays debugging messages for IPv6 BGP dampening packets.
Example:
If no prefix list is specified, debugging
messages for all IPv6 BGP dampening packets
Device# debug bgp ipv6 unicast dampening are displayed.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 459
Configuration Examples for Multiprotocol BGP for IPv6
Implementing Multiprotocol BGP for IPv6
Step 6
Command or Action
Purpose
debug bgp ipv6 unicast | multicast} updates[ipv6-address] [prefix-list prefix-list-name] [in| out] Example:
Device# debug bgp ipv6 unicast updates
(Optional) Displays debugging messages for IPv6 BGP update packets.
· If an ipv6-address argument is specified, debugging messages for IPv6 BGP updates to the specified neighbor are displayed.
· Use the in keyword to display debugging messages for inbound updates only.
· Use the out keyword to display debugging messages for outbound updates only.
Configuration Examples for Multiprotocol BGP for IPv6
Example: Configuring a BGP Process, BGP Router ID, and IPv6 Multiprotocol BGP Peer
The following example enables IPv6 globally, configures a BGP process, and establishes a BGP router ID. Also, the IPv6 multiprotocol BGP peer 2001:DB8:0:CC00::1 is configured and activated.
Device> enable Device# configure terminal Device(config)# ipv6 unicast-routing Device(config)# router bgp 65000 Device(config-router)# no bgp default ipv4-unicast Device(config-router)# bgp router-id 192.168.99.70 Device(config-router)# neighbor 2001:DB8:0:CC00::1 remote-as 64600 Device(config-router)# address-family ipv6 unicast Device(config-router-af)# neighbor 2001:DB8:0:CC00::1 activate Device(config-router-af)# end
Example: Configuring an IPv6 Multiprotocol BGP Peer Using a Link-Local Address
The following example configures the IPv6 multiprotocol BGP peer FE80::XXXX:BFF:FE0E:A471 over Gigabit Ethernet interface 0/0/0 and sets the route map named nh6 to include the IPv6 next-hop global address of Gigabit Ethernet interface 0/0/0 in BGP updates. The IPv6 next-hop link-local address can be set by the nh6 route map (not shown in the following example) or from the interface that is specified by the neighbor update-source command (as shown in the following example).
Device> enable Device# configure terminal Device(config)# router bgp 65000 Device(config-router)# neighbor 2001:DB8:0000:0000:0000:0000:0000:0111 remote-as 64600 Device(config-router)# neighbor 2001:DB8:0000:0000:0000:0000:0000:0111 update-source gigabitethernet 0/0/0
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 460
Implementing Multiprotocol BGP for IPv6
Example: Configuring an IPv6 Multiprotocol BGP Peer Group
Device(config-router)# address-family ipv6 Device(config-router-af)# neighbor 2001:DB8:0000:0000:0000:0000:0000:0111 activate Device(config-router-af)# neighbor 2001:DB8:0000:0000:0000:0000:0000:0111 route-map nh6 out Device(config-router-af)# exit Device(config-router)# exit Device(config)# route-map nh6 permit 10 Device(config-route-map)# match ipv6 address prefix-list list1 Device(config-route-map)# set ipv6 next-hop 2001:DB8:5y6::1 Device(config-route-map)# exit Device(config)# ipv6 prefix-list list1 permit 2001:DB8:2Fy2::/48 le 128 Device(config)# ipv6 prefix-list list1 deny ::/0 Device(config)# end
Note If you specify only the global IPv6 next-hop address (the ipv6-address argument) with the set ipv6 next-hop command after specifying the neighbor interface (the interface-type argument) with the neighbor update-source command, the link-local address of the interface that is specified with the interface-type argument is included as the next hop in the BGP updates. Therefore, only one route map that sets the global IPv6 next-hop address in BGP updates is required for multiple BGP peers that use link-local addresses.
Example: Configuring an IPv6 Multiprotocol BGP Peer Group
The following example configures the IPv6 multiprotocol BGP peer group named group1:
Device> enable Device# configure terminal Device(config)# router bgp 65000 Device(config-router)# no bgp default ipv4-unicast Device(config-router)# neighbor group1 peer-group Device(config-router)# neighbor group1 remote-as 100 Device(config-router)# neighbor group1 update-source Loopback0 Device(config-router)# neighbor 2001:DB8::1 peer-group group1 Device(config-router)# neighbor 2001:DB8:2:2 peer-group group1 Device(config-router)# address-family ipv6 multicast Device(config-router-af)# neighbor 2001:DB8::1 activate Device(config-router-af)# neighbor 2001:DB8:2:2 activate Device(config-router-af)# exit-address-family Device(config-router)# end
Example: Configuring a Route Map for IPv6 Multiprotocol BGP Prefixes
The following example configures the route map named rtp to permit IPv6 unicast routes from network 2001:DB8::/24 if they match the prefix list named list1:
Device> enable Device# configure terminal Device(config)# router bgp 64900 Device(config-router)# no bgp default ipv4-unicast Device(config-router)# neighbor 2001:DB8:0:CC00::1 remote-as 64700 Device(config-router)# address-family ipv6 unicast Device(config-router-af)# neighbor 2001:DB8:0:CC00::1 activate Device(config-router-af)# neighbor 2001:DB8:0:CC00::1 route-map rtp in Device(config-router-af)# exit Device(config)# ipv6 prefix-list cisco seq 10 permit 2001:DB8::/24 Device(config)# route-map rtp permit 10
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 461
Example: Redistributing Prefixes into IPv6 Multiprotocol BGP
Implementing Multiprotocol BGP for IPv6
Device(config-route-map)# match ipv6 address prefix-list list1 Device(config-route-map)# end
Example: Redistributing Prefixes into IPv6 Multiprotocol BGP
The following example redistributes BGP routes into the IPv6 multicast database of the local router:
router bgp 64900 no bgp default ipv4-unicast
address-family ipv6 multicast redistribute BGP
Example: Advertising Routes into IPv6 Multiprotocol BGP
The following example injects the IPv6 network 2001:DB8::/24 into the IPv6 unicast database of the local device. (BGP checks that a route for the network exists in the IPv6 unicast database of the local device before advertising the network.)
Device> enable Device# configure terminal Device(config)# router bgp 65000 Device(config-router)# no bgp default ipv4-unicast Device(config-router)# address-family ipv6 unicast Device(config-router-af)# network 2001:DB8::/24 Device(config-router-af)# end
Example: Advertising IPv4 Routes Between IPv6 Peers
The following example advertises IPv4 routes between IPv6 peers when the IPv6 network is connecting two separate IPv4 networks. Peering is configured using IPv6 addresses in the IPv4 address family configuration mode. The inbound route map that is named rmap sets the next hop because the advertised next hop is likely to be unreachable.
Device> enable Device# configure terminal Device(config)# router bgp 65000 Device(config-router)# neighbor 6peers peer-group Device(config-router)# neighbor 2001:DB8:1234::2 remote-as 65002 Device(config-router)# address-family ipv4 Device(config-router)# neighbor 6peers activate Device(config-router)# neighbor 6peers soft-reconfiguration inbound Device(config-router)# neighbor 2001:DB8:1234::2 peer-group 6peers Device(config-router)# neighbor 2001:DB8:1234::2 route-map rmap in Device(config-router)# exit Device(config)# route-map rmap permit 10 Device(config-route-map)# set ip next-hop 10.21.8.10 Device(config-route-map)# end
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 462
Implementing Multiprotocol BGP for IPv6
Additional References for Multiprotocol BGP for IPv6
Additional References for Multiprotocol BGP for IPv6
Standards and RFCs
RFCs
Title
RFC 2545 Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing
RFC 2858 Multiprotocol Extensions for BGP-4
RFC 4007 IPv6 Scoped Address Architecture
RFC 4364 BGP MPLS/IP Virtual Private Networks (VPNs)
RFC 4382 MPLS/BGP Layer 3 Virtual Private Network (VPN) Management Information Base
RFC 4659 BGP-MPLS IP Virtual Private Network (VPN) Extension for IPv6 VPN
RFC 4724 Graceful Restart Mechanism for BGP
Feature History for Multiprotocol BGP for IPv6
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1 Multiprotocol BGP for IPv6
Multiprotocol BGP is an enhanced BGP that carries routing information for multiple network layer protocol address families, for example, IPv6 address family and for IP multicast routes.
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 463
Feature History for Multiprotocol BGP for IPv6
Implementing Multiprotocol BGP for IPv6
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 464
3 8 C H A P T E R
Configuring IS-IS Routing
· Information About IS-IS Routing, on page 465 · How to Configure IS-IS, on page 467 · Monitoring and Maintaining IS-IS, on page 476 · Feature History for IS-IS, on page 476
Information About IS-IS Routing
Integrated Intermediate System-to-Intermediate System (IS-IS) is an ISO dynamic routing protocol (described in ISO 105890). To enable IS-IS you should create an IS-IS routing process and assign it to a specific interface, rather than to a network. You can specify more than one IS-IS routing process per Layer 3 device by using the multiarea IS-IS configuration syntax. You should then configure the parameters for each instance of the IS-IS routing process. Small IS-IS networks are built as a single area that includes all the devices in the network. As the network grows larger, the network reorganizes itself into a backbone area that is made up of all the connected set of Level 2 devices that are still connected to their local areas. Within a local area, devices know how to reach all system IDs. Between areas, devices know how to reach the backbone, and the backbone devices know how to reach other areas. Devices establish Level 1 adjacencies to perform routing within a local area (station routing). Devices establish Level 2 adjacencies to perform routing between Level 1 areas (area routing). A single Cisco device can participate in routing in up to 29 areas and can perform Level 2 routing in the backbone. In general, each routing process corresponds to an area. By default, the first instance of the routing process that is configured performs both Level 1 and Level 2 routing. You can configure additional device instances, which are automatically treated as Level 1 areas. You must configure the parameters for each instance of the IS-IS routing process individually. For IS-IS multiarea routing, you can configure only one process to perform Level 2 routing, although you can define up to 29 Level 1 areas for each Cisco unit. If Level 2 routing is configured on any process, all additional processes are automatically configured as Level 1. You can configure this process to perform Level 1 routing at the same time. If Level 2 routing is not desired for a device instance, remove the Level 2 capability using the is-type command in global configuration mode. Use the is-type command also to configure a different device instance as a Level 2 device.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 465
Nonstop Forwarding Awareness
Configuring IS-IS Routing
Nonstop Forwarding Awareness
The integrated IS-IS Nonstop Forwarding (NSF) Awareness feature is supported for IPv4G. The feature allows customer premises equipment (CPE) devices that are NSF-aware to help NSF-capable devices perform nonstop forwarding of packets. The local device is not necessarily performing NSF, but its NSF awareness capability allows the integrity and accuracy of the routing database and the link-state database on the neighboring NSF-capable device to be maintained during the switchover process. The integrated IS-IS Nonstop Forwarding (NSF) Awareness feature is automatically enabled and requires no configuration.
IS-IS Global Parameters
The following are the optional IS-IS global parameters that you can configure: · You can force a default route into an IS-IS routing domain by configuring a default route that is controlled by a route map. You can also specify the other filtering options that are configurable under a route map.
· You can configure the device to ignore IS-IS link-state packets (LSPs) that are received with internal checksum errors, or to purge corrupted LSPs, and cause the initiator of the LSP to regenerate it.
· You can assign passwords to areas and domains.
· You can create aggregate addresses that are represented in the routing table by a summary address (based on route summarization). Routes that are learned from other routing protocols can also be summarized. The metric used to advertise the summary is the smallest metric of all the specific routes.
· You can set an overload bit.
· You can configure the LSP refresh interval and the maximum time that an LSP can remain in the device database without a refresh.
· You can set the throttling timers for LSP generation, shortest path first computation, and partial route computation.
· You can configure the device to generate a log message when an IS-IS adjacency changes state (Up or Down).
· If a link in the network has a maximum transmission unit (MTU) size of less than 1500 bytes, you can lower the LSP MTU so that routing still occurs.
· You can use the partition avoidance command to prevent an area from becoming partitioned when full connectivity is lost among a Level 1-2 border device, adjacent Level 1 devices, and end hosts.
IS-IS Interface Parameters
You can optionally configure certain interface-specific IS-IS parameters independently from other attached devices. However, if you change default value, such as multipliers and time intervals, it makes sense to also change them on multiple devices and interfaces. Most of the interface parameters can be configured for level 1, level 2, or both. The following are the interface-level parameters that you can configure:
· The default metric on the interface that is used as a value for the IS-IS metric and assigned when quality of service (QoS) routing is not performed.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 466
Configuring IS-IS Routing
How to Configure IS-IS
· The hello interval (length of time between hello packets sent on the interface) or the default hello packet multiplier used on the interface to determine the hold time sent in IS-IS hello packets. The hold time determines how long a neighbor waits for another hello packet before declaring the neighbor down. This determines how quickly a failed link or neighbor is detected so that routes can be recalculated. Change the hello multiplier in circumstances where hello packets are lost frequently and IS-IS adjacencies are failing unnecessarily. You can raise the hello multiplier and lower the hello interval correspondingly to make the hello protocol more reliable, without increasing the time required to detect a link failure.
· Other time intervals:
· Complete sequence number PDU (CSNP) interval--CSNPs are sent by the designated device to maintain database synchronization.
· Retransmission interval--This is the time between retransmission of IS-IS LSPs for point-to-point links.
· IS-IS LSP retransmission throttle interval--This is the maximum rate (number of milliseconds between packets) at which IS-IS LSPs are resent on point-to-point links. This interval is different from the retransmission interval, which is the time between successive retransmissions of the same LSP.
· Designated device-election priority, which allows you to reduce the number of adjacencies required on a multiaccess network, which in turn reduces the amount of routing protocol traffic and the size of the topology database.
· The interface circuit type, which is the type of adjacency required for neighbors on the specified interface.
· Password authentication for the interface.
How to Configure IS-IS
The following sections provide information on how to enable IS-IS on an interface, how to configure IS-IS global parameters, and how to configure IS-IS interface parameters.
Default IS-IS Configuration
Table 34: Default IS-IS Configuration
Feature Ignore link-state PDU (LSP) errors IS-IS type
Default-information originate Log IS-IS adjacency state changes.
Default Setting
Enabled.
Conventional IS-IS--The router acts as both a Level 1 (station) and a router. Multiarea IS-IS--The first instance of the IS-IS routing process is a router. Remaining instances are Level 1 routers.
Disabled.
Disabled.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 467
Enabling IS-IS Routing
Configuring IS-IS Routing
Feature
Default Setting
LSP generation throttling timers
Maximum interval between two consecutive occurrences--5000 millise Initial LSP generation delay--50 milliseconds. Hold time between the first and second LSP generation--200 millisecon
LSP maximum lifetime (without a refresh) 1200 seconds (20 minutes) before the LSP packet is deleted.
LSP refresh interval
Every 900 seconds (15 minutes).
Maximum LSP packet size
1497 bytes.
NSF Awareness
Enabled. Allows Layer 3 devices to continue forwarding packets from a ne Nonstop Forwarding-capable router during hardware or software chang
Partial route computation (PRC) throttling timers Maximum PRC wait interval--5000 milliseconds. Initial PRC calculation delay after a topology change--50 milliseconds. Hold time between the first and second PRC calculation--200 milliseco
Partition avoidance
Disabled.
Password
No area or domain password is defined, and authentication is disabled.
Set-overload-bit
Disabled. When enabled, if no arguments are entered, the overload bit is immediately and remains set until you enter the no set-overload-bit com
Shortest path first (SPF) throttling timers
Maximum interval between consecutive SFPs--5000 milliseconds. Initial SFP calculation after a topology change--200 milliseconds. Hold time between the first and second SFP calculation--50 millisecon
Summary-address
Disabled.
Enabling IS-IS Routing
To enable IS-IS, specify a name and a network entity title (NET) for each routing process. Enable IS-IS routing on the interface and specify the area for each instance of the routing process.
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password, if prompted.
Step 2
Device>enable
configure terminal Example:
Enters global configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 468
Configuring IS-IS Routing
Enabling IS-IS Routing
Step 3 Step 4
Step 5 Step 6
Step 7 Step 8
Command or Action
Device#configure terminal
clns routing Example:
Purpose
Enables ISO connectionless routing on the device.
Device(config)#clns routing
router isis [area tag] Example:
Device(config)#router isis tag1
net network-entity-title Example:
Device(config-router)#net 47.0004.004d.0001.0001.0c11.1111.00
is-type {level-1 | level-1-2 | level-2-only} Example:
Device(config-router)#is-type level-2-only
Enables IS-IS routing for the specified routing process and enters IS-IS routing configuration mode.
(Optional) Use the area tag argument to identify the area to which the IS-IS router is assigned. Enter a value if you are configuring multiple IS-IS areas.
The first IS-IS instance that is configured is Level 1-2 by default. Later instances are automatically configured as Level 1. You can change the level of routing by using the is-type command in global configuration mode.
Configures the NETs for the routing process. While configuring multiarea IS-IS, specify a NET for each routing process. Specify a name for a NET and for an address.
(Optional) Configures the router to act as a Level 1 (station) router, a Level 2 (area) router for multiarea routing, or both (the default):
· level 1--Acts as a station router only.
· level 1-2--Acts as both a station router and an area router.
· level 2--Acts as an area router only.
exit Example:
Returns to global configuration mode.
Device(config-router)#end
interface interface-id
Specifies an interface to route IS-IS, and enters
Example:
interface configuration mode. If the interface is not already configured as a Layer 3 interface,
enter the no switchport command to configure
Device(config)#interface 1/0/1
gigabitethernet
the
interface
into
Layer
3
mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 469
Configuring IS-IS Global Parameters
Configuring IS-IS Routing
Step 9 Step 10 Step 11 Step 12
Command or Action ip router isis [area tag] Example:
Purpose
Configures an IS-IS routing process on the interface and attaches an area designator to the routing process.
Device(config-if)#ip router isis tag1
ip address ip-address-mask Example:
Device(config-if)#ip address 10.0.0.5 255.255.255.0
Defines the IP address for the interface. An IP address is required for all the interfaces in an area, that is enabled for IS-IS, if any one interface is configured for IS-IS routing.
end Example:
Returns to privileged EXEC mode.
Device(config)#end
show isis [area tag] database detail Example:
Verifies your entries.
Device#show isis database detail
Configuring IS-IS Global Parameters
To configure global IS-IS parameters, perform this procedure:
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password, if prompted.
Step 2
Device>enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device#configure terminal
router isis Example:
Specifies the IS-IS routing protocol and enters router configuration mode.
Step 4
Device(config)#router isis
default-information originate [route-map (Optional) Forces a default route into the IS-IS
map-name]
routing domain. When you enter the
route-map map-name command, the routing
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 470
Configuring IS-IS Routing
Configuring IS-IS Global Parameters
Step 5 Step 6 Step 7 Step 8 Step 9
Command or Action
Purpose
Example:
process generates the default route for a valid route map.
Device(config-router)#default-information originate route-map map1
ignore-lsp-errors
(Optional) Configures the device to ignore
Example:
LSPs with internal checksum errors, instead of purging the LSPs. This command is enabled
by default (corrupted LSPs are dropped). To Device(config-router)#ignore-lsp-errors purge the corrupted LSPs, enter the no
ignore-lsp-errors command in router
configuration mode.
area-password password Example:
(Optional Configures the area authentication password that is inserted in Level 1 (station router level) LSPs.
Device(config-router)#area-password 1password
domain-password password Example:
(Optional) Configures the routing domain authentication password that is inserted in Level 2 (area router level) LSPs.
Device(config-router)#domain-password 2password
summary-address address mask [level-1 | level-1-2 | level-2]
Example:
(Optional) Creates a summary of addresses for a given level.
Device(config-router)#summary-address 10.1.0.0 255.255.0.0 level-2
set-overload-bit [on-startup {seconds | wait-for-bgp}]
Example:
(Optional) Sets an overload bit to allow other devices to ignore the device in their shortest path first (SPF) calculations if the device is having problems.
Device(config-router)#set-overload-bit on-startup wait-for-bgp
· (Optional) on-startup--Sets the overload bit only on startup. If on-startup is not specified, the overload bit is set immediately and remains set until you enter the no set-overload-bit command. If on-startup is specified, you must either enter number of seconds or enter wait-for-bgp.
· seconds--When the on-startup keyword is configured, it causes the overload bit to be set when the system is started and remains set for the specified number of
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 471
Configuring IS-IS Global Parameters
Configuring IS-IS Routing
Step 10 Step 11 Step 12
Step 13
Command or Action
Purpose
seconds. The range is from 5 to 86400 seconds.
· wait-for-bgp--When the on-startup keyword is configured, causes the overload bit to be set when the system is started and remains set until BGP has converged. If BGP does not signal the IS-IS that it is converged, the IS-IS will turn off the overload bit after 10 minutes.
lsp-refresh-interval seconds
(Optional) Sets an LSP refresh interval, in
Example:
seconds. The range is from 1 to 65535 seconds. The default is to send LSP refreshes every 900
seconds (15 minutes).
Device(config-router)#lsp-refresh-interval
1080
max-lsp-lifetime seconds
(Optional) Sets the maximum time that LSP
Example:
packets remain in the router database without being refreshed. The range is from 1 to 65535
seconds. The default is 1200 seconds (20
Device(config-router)#max-lsp-lifetime 1000
minutes). After the specified time interval, the
LSP packet is deleted.
lsp-gen-interval [level-1 | level-2]
(Optional) Sets the IS-IS LSP generation
lsp-max-wait [lsp-initial-wait lsp-second-wait] throttling timers:
Example:
Device(config-router)#lsp-gen-interval level-2 2 50 100
· lsp-max-wait--Maximum interval (in milliseconds) between two consecutive occurrences of an LSP being generated. The range is from 1 to 120; the default is 5000.
· lsp-initial-wait--Initial LSP generation delay (in milliseconds). The range is from 1 to 10000; the default is 50.
· lsp-second-wait--Hold time between the first and second LSP generation (in milliseconds). The range is from 1 to 10000; the default is 200.
spf-interval [level-1 | level-2] spf-max-wait [spf-initial-wait spf-second-wait] Example:
Device(config-router)#spf-interval level-2 5 10 20
(Optional) Sets IS-IS SPF throttling timers.
· spf-max-wait--Maximum interval between consecutive SFPs (in milliseconds). The range is from 1 to 120; the default is 5000.
· spf-initial-wait--Initial SFP calculation after a topology change (in milliseconds).
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 472
Configuring IS-IS Routing
Configuring IS-IS Global Parameters
Step 14
Step 15 Step 16 Step 17 Step 18
Command or Action
Purpose
The range is from 1 to 10000; the default is 50.
· spf-second-wait--Hold time between the first and second SFP calculation (in milliseconds). The range is from 1 to 10000; the default is 200.
prc-interval prc-max-wait [prc-initial-wait (Optional) Sets IS-IS PRC throttling timers.
prc-second-wait]
· prc-max-wait--Maximum interval (in
Example:
milliseconds) between two consecutive
PRC calculations. The range is from 1 to
Device(config-router)#prc-interval 5 10
120; the default is 5000.
20
· prc-initial-wait--Initial PRC calculation
delay (in milliseconds) after a topology
change. The range is from 1 to 10,000;
the default is 50.
· prc-second-wait--Hold time between the first and second PRC calculation (in milliseconds). The range is from 1 to 10,000; the default is 200.
log-adjacency-changes [all]
(Optional) Sets the router to log IS-IS
Example:
adjacency state changes. Enter all to include all the changes generated by events that are
not related to the IS-IS hellos, including End
Device(config-router)#log-adjacency-changes all
System-to-Intermediate
System
PDUs
and
LSPs.
lsp-mtu size Example:
Device(config-router)#lsp mtu 1560
(Optional) Specifies the maximum LSP packet size, in bytes. The range is from 128 to 4352; the default is 1497 bytes.
Note
If a link in the network has a
reduced MTU size, you must
change the LSP MTU size on all
the devices in the network.
partition avoidance Example:
Device(config-router)#partition avoidance
end Example:
(Optional) Causes an IS-IS Level 1-2 border router to stop advertising the Level 1 area prefix into the Level 2 backbone when full connectivity is lost among the border router, all adjacent level 1 routers, and end hosts.
Returns to privileged EXEC mode.
Device(config)#end
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 473
Configuring IS-IS Interface Parameters
Configuring IS-IS Routing
Configuring IS-IS Interface Parameters
To configure IS-IS interface-specific parameters, perform this procedure:
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password, if prompted.
Step 2
Device>enable
configure terminal Example:
Enters global configuration mode.
Step 3 Step 4 Step 5
Device#configure terminal
interface interface-id
Specifies the interface to be configured and
Example:
enters interface configuration mode. If the interface is not already configured as a Layer
3 interface, enter the no switchport command
Device(config)#interface 1/0/1
gigabitethernet
to
configure
the
interface
into
Layer
3
mode.
isis metric default-metric [level-1 | level-2] Example:
Device(config-if)#isis metric 15
(Optional) Configures the metric (or cost) for the specified interface. The range is from 0 to 63; the default is 10. If no level is entered, the default is applied to both Level 1 and Level 2 routers.
isis hello-interval {seconds | minimal} [level-1 | level-2] Example:
Device(config-if)#isis hello-interval minimal
(Optional) Specifies the length of time between the hello packets that are sent by the device. By default, a value that is three times the hello interval seconds is advertised as the holdtime in the hello packets sent. With smaller hello intervals, topological changes are detected faster, but there is more routing traffic.
· minimal--Causes the system to compute the hello interval based on the hello multiplier so that the resulting hold time is 1 second.
· seconds--Range is from 1 to 65535; default is 10 seconds.
Step 6
isis hello-multiplier multiplier [level-1 | level-2]
Example:
(Optional) Specifies the number of IS-IS hello packets that a neighbor must miss before the device declares the adjacency as down. The range is from 3 to 1000; default is 3.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 474
Configuring IS-IS Routing
Configuring IS-IS Interface Parameters
Step 7 Step 8 Step 9 Step 10 Step 11
Command or Action
Purpose
Note Device(config-if)#isis hello-multiplier
5
Using a smaller hello multiplier causes fast convergence, but might result in routing instability.
isis csnp-interval seconds [level-1 | level-2] (Optional) Configures the IS-IS complete
Example:
sequence number PDU (CSNP) interval for the interface. The range is from 0 to 65535;
default is 10 seconds.
Device(config-if)#isis csnp-interval 15
isis retransmit-interval seconds Example:
Device(config-if)#isis retransmit-interval 7
(Optional) Configures the number of seconds between the retransmission of IS-IS LSPs for point-to-point links. Specify an integer that is greater than the expected round-trip delay between any two routers on the network. The range is from 0 to 65535; default is 5 seconds.
isis retransmit-throttle-interval milliseconds (Optional) Configures the IS-IS LSP
Example:
retransmission throttle interval, which is the maximum rate (number of milliseconds
Device(config-if)#isis retransmit-throttle-interval 4000
between packets) at which IS-IS LSPs will be resent on point-to-point links. The range is from 0 to 65535; default is determined by the
isis lsp-interval command.
isis priority value [level-1 | level-2] Example:
(Optional) Configures the priority for the designated router. The range is from 0 to 127; default is 64.
Device(config-if)#isis priority 50
isis circuit-type {level-1 | level-1-2 | level-2-only} Example:
Device(config-if)#isis circuit-type level-1-2
(Optional) Configures the type of adjacency that is required for neighbors on the specified interface (specify the interface circuit type).
· level-1--Level 1 adjacency is established if there is at least one area address that is common to both this node and its neighbors.
· level-1-2--Level 1 and Level 2 adjacency are established if the neighbor is also configured as both Level 1 and Level 2, and there is at least one area in common. If there is no area in common, a Level 2 adjacency is established. This is the default option.
· level 2--Level 2 adjacency is established. If the neighbor router is a Level 1 router, no adjacency is established.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 475
Monitoring and Maintaining IS-IS
Configuring IS-IS Routing
Step 12 Step 13
Command or Action
Purpose
isis password password [level-1 | level-2] (Optional) Configures the authentication
Example:
password for an interface. By default, authentication is disabled. Specifying Level 1
or Level 2 enables the password only for Level Device(config-if)#isis password secret 1 or Level 2 routing, respectively. If you do
not specify a level, the default is Level 1 and
Level 2.
end Example:
Returns to privileged EXEC mode.
Device(config)#end
Monitoring and Maintaining IS-IS
You can display specific IS-IS statistics, such as the contents of routing tables, caches, and databases. You can also display information about specific interfaces, filters, or neighbors. The following table lists the privileged EXEC commands for clearing and displaying IS-IS routing.
Table 35: IS-IS show Commands
Command show ip route isis show isis database show isis routes show isis spf-log show isis topology show route-map
trace clns destination
Feature History for IS-IS
This table provides release and related information for the features explained in this module. These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 476
Configuring IS-IS Routing
Feature History for IS-IS
Release Cisco IOS XE Gibraltar 16.11.1
Feature IS-IS Routing
Cisco IOS XE Cupertino 17.7.1 IS-IS Routing
Feature Information
Integrated Intermediate System-to-Intermediate System (IS-IS) is an ISO dynamic routing protocol (described in ISO 105890).
Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 477
Feature History for IS-IS
Configuring IS-IS Routing
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 478
3 9 C H A P T E R
Configuring Multi-VRF CE
· Information About Multi-VRF CE, on page 479 · How to Configure Multi-VRF CE, on page 482 · Monitoring Multi-VRF CE, on page 496 · Configuration Example: Multi-VRF CE, on page 496 · Feature History for Multi-VRF CE, on page 499
Information About Multi-VRF CE
Virtual Private Networks (VPNs) provide a secure way for customers to share bandwidth over an ISP backbone network. A VPN is a collection of sites sharing a common routing table. A customer site is connected to the service-provider network by one or more interfaces, and the service provider associates each interface with a VPN routing table, called a VPN routing/forwarding (VRF) table. The switch supports multiple VPN routing/forwarding (multi-VRF) instances in customer edge (CE) devices (multi-VRF CE) when the it is running the . Multi-VRF CE allows a service provider to support two or more VPNs with overlapping IP addresses.
Note The switch does not use Multiprotocol Label Switching (MPLS) to support VPNs.
Understanding Multi-VRF CE
Multi-VRF CE is a feature that allows a service provider to support two or more VPNs, where IP addresses can be overlapped among the VPNs. Multi-VRF CE uses input interfaces to distinguish routes for different VPNs and forms virtual packet-forwarding tables by associating one or more Layer 3 interfaces with each VRF. Interfaces in a VRF can be either physical, such as Ethernet ports, or logical, such as VLAN SVIs, but an interface cannot belong to more than one VRF at any time.
Note Multi-VRF CE interfaces must be Layer 3 interfaces. Multi-VRF CE includes these devices:
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 479
Network Topology
Configuring Multi-VRF CE
· Customer edge (CE) devices provide customers access to the service-provider network over a data link to one or more provider edge routers. The CE device advertises the site's local routes to the router and learns the remote VPN routes from it. A switch can be a CE.
· Provider routers or core routers are any routers in the service provider network that do not attach to CE devices.
With multi-VRF CE, multiple customers can share one CE, and only one physical link is used between the CE and the PE. The shared CE maintains separate VRF tables for each customer and switches or routes packets for each customer based on its own routing table. Multi-VRF CE extends limited PE functionality to a CE device, giving it the ability to maintain separate VRF tables to extend the privacy and security of a VPN to the branch office.
Network Topology
The figure shows a configuration using switches as multiple virtual CEs. This scenario is suited for customers who have low bandwidth requirements for their VPN service, for example, small companies. In this case, multi-VRF CE support is required in the switches. Because multi-VRF CE is a Layer 3 feature, each interface in a VRF must be a Layer 3 interface.
Figure 22: Switches Acting as Multiple Virtual CEs
When the CE switch receives a command to add a Layer 3 interface to a VRF, it sets up the appropriate mapping between the VLAN ID and the policy label (PL) in multi-VRF-CE-related data structures and adds the VLAN ID and PL to the VLAN database. When multi-VRF CE is configured, the Layer 3 forwarding table is conceptually partitioned into two sections:
· The multi-VRF CE routing section contains the routes from different VPNs. · The global routing section contains routes to non-VPN networks, such as the Internet.
VLAN IDs from different VRFs are mapped into different policy labels, which are used to distinguish the VRFs during processing. For each new VPN route learned, the Layer 3 setup function retrieves the policy label by using the VLAN ID of the ingress port and inserts the policy label and new route to the multi-VRF CE routing section. If the packet is received from a routed port, the port internal VLAN ID number is used; if the packet is received from an SVI, the VLAN number is used.
Packet-Forwarding Process
This is the packet-forwarding process in a multi-VRF-CE-enabled network:
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 480
Configuring Multi-VRF CE
Network Components
· When the switch receives a packet from a VPN, the switch looks up the routing table based on the input policy label number. When a route is found, the switch forwards the packet to the PE.
· When the ingress PE receives a packet from the CE, it performs a VRF lookup. When a route is found, the router adds a corresponding MPLS label to the packet and sends it to the MPLS network.
· When an egress PE receives a packet from the network, it strips the label and uses the label to identify the correct VPN routing table. Then it performs the normal route lookup. When a route is found, it forwards the packet to the correct adjacency.
· When a CE receives a packet from an egress PE, it uses the input policy label to look up the correct VPN routing table. If a route is found, it forwards the packet within the VPN.
Network Components
To configure VRF, you create a VRF table and specify the Layer 3 interface associated with the VRF. Then configure the routing protocols in the VPN and between the CE and the PE. The multi-VRF CE network has three major components:
· VPN route target communities--lists of all other members of a VPN community. You need to configure VPN route targets for each VPN community member.
· VPN forwarding--transports all traffic between all VPN community members across a VPN service-provider network.
VRF-Aware Services
IP services can be configured on global interfaces, and these services run within the global routing instance. IP services are enhanced to run on multiple routing instances; they are VRF-aware. Any configured VRF in the system can be specified for a VRF-aware service. VRF-Aware services are implemented in platform-independent modules. VRF means multiple routing instances in Cisco IOS. Each platform has its own limit on the number of VRFs it supports. VRF-aware services have the following characteristics:
· The user can ping a host in a user-specified VRF.
· ARP entries are learned in separate VRFs. The user can display Address Resolution Protocol (ARP) entries for specific VRFs.
Multi-VRF CE Configuration Guidelines
This section provides guidelines for configuring multi-VRF CE: · A switch with multi-VRF CE is shared by multiple customers, and each customer has its own routing table.
· Because customers use different VRF tables, the same IP addresses can be reused. Overlapped IP addresses are allowed in different VPNs.
· Multi-VRF CE lets multiple customers share the same physical link between the PE and the CE. Trunk ports with multiple VLANs separate packets among customers. Each customer has its own VLAN.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 481
How to Configure Multi-VRF CE
Configuring Multi-VRF CE
· Multi-VRF CE does not support all MPLS-VRF functionality. It does not support label exchange, LDP adjacency, or labeled packets.
· For the PE router, there is no difference between using multi-VRF CE or using multiple CEs. In Figure 41-6, multiple virtual Layer 3 interfaces are connected to the multi-VRF CE device.
· The switch supports configuring VRF by using physical ports, VLAN SVIs, or a combination of both. The SVIs can be connected through an access port or a trunk port.
· A customer can use multiple VLANs as long as they do not overlap with those of other customers. A customer's VLANs are mapped to a specific routing table ID that is used to identify the appropriate routing tables stored on the switch.
· Multi-VRF CE does not affect the packet switching rate.
· VPN multicast is not supported.
· You can enable VRF on a private VLAN, and the reverse.
· You cannot enable VRF when policy-based routing (PBR) is enabled on an interface, and the reverse.
· You cannot enable VRF when Web Cache Communication Protocol (WCCP) is enabled on an interface, and the reverse.
How to Configure Multi-VRF CE
The following sections provide configurational information about Multi-VRF CE.
Default Multi-VRF CE Configuration
Table 36: Default VRF Configuration
Feature VRF Maps VRF maximum routes Forwarding table
Default Setting Disabled. No VRFs are defined. No import maps, export maps, or route maps are defined. Fast Ethernet switches: 8000 Gigabit Ethernet switches: 12000. The default for an interface is the global routing table.
Configuring VRFs
Perform the following steps:
Procedure Step 1
Command or Action enable
Purpose Enables privileged EXEC mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 482
Configuring Multi-VRF CE
Configuring VRFs
Step 2 Step 3 Step 4 Step 5 Step 6
Step 7 Step 8 Step 9
Command or Action Example:
Device>enable
Purpose Enter your password if prompted.
configure terminal Example:
Device#configure terminal
Enters global configuration mode.
ip routing Example:
Enables IP routing.
Device(config)#ip routing
ip vrf vrf-name Example:
Names the VRF, and enter VRF configuration mode.
Device(config)#ip vrf vpn1
rd route-distinguisher Example:
Device(config-vrf)#rd 100:2
Creates a VRF table by specifying a route distinguisher. Enter either an AS number and an arbitrary number (xxx:y) or an IP address and arbitrary number (A.B.C.D:y)
route-target {export | import | both} route-target-ext-community Example:
Device(config-vrf)#route-target both 100:2
Creates a list of import, export, or import and export route target communities for the specified VRF. Enter either an AS system number and an arbitrary number (xxx:y) or an IP address and an arbitrary number (A.B.C.D:y). The route-target-ext-community should be the same as the route-distinguisher entered in Step 4.
import map route-map Example:
(Optional) Associates a route map with the VRF.
Device(config-vrf)#import map importmap1
interface interface-id Example:
Device(config-vrf)#interface gigabitethernet 1/0/1
Specifies the Layer 3 interface to be associated with the VRF, and enter interface configuration mode. The interface can be a routed port or SVI.
ip vrf forwarding vrf-name Example:
Associates the VRF with the Layer 3 interface.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 483
Configuring Multicast VRFs
Configuring Multi-VRF CE
Step 10 Step 11 Step 12
Command or Action
Purpose
Note Device(config-if)#ip vrf forwarding vpn1
When ip vrf forwarding is enabled in the Management Interface, the access point does not join.
end Example:
Returns to privileged EXEC mode.
Device(config)#end
show ip vrf [brief | detail | interfaces] [vrf-name] Example:
Device#show ip vrf interfaces vpn1
copy running-config startup-config Example:
Device#copy running-config startup-config
Verifies the configuration. Displays information about the configured VRFs.
(Optional) Saves your entries in the configuration file.
Configuring Multicast VRFs
Procedure Step 1
Command or Action enable Example:
Device>enable
Step 2
configure terminal Example:
Device#configure terminal
Step 3
ip routing Example:
Device(config)#ip routing
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Enters global configuration mode.
Enables IP routing mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 484
Configuring Multi-VRF CE
Configuring Multicast VRFs
Step 4 Step 5 Step 6
Step 7 Step 8 Step 9 Step 10 Step 11
Command or Action ip vrf vrf-name Example:
Purpose
Names the VRF, and enter VRF configuration mode.
Device(config)#ip vrf vpn1
rd route-distinguisher Example:
Device(config-vrf)#rd 100:2
Creates a VRF table by specifying a route distinguisher. Enter either an AS number and an arbitrary number (xxx:y) or an IP address and an arbitrary number (A.B.C.D:y)
route-target {export | import | both}
Creates a list of import, export, or import and
route-target-ext-community
export route target communities for the
Example:
specified VRF. Enter either an AS system number and an arbitrary number (xxx:y) or an
IP address and an arbitrary number
Device(config-vrf)#route-target 100:2
import
(A.B.C.D:y). The route-target-ext-community
should be the same as the route-distinguisher
entered in Step 4.
import map route-map Example:
(Optional) Associates a route map with the VRF.
Device(config-vrf)#import map importmap1
ip multicast-routing vrf vrf-name distributed (Optional) Enables global multicast routing
Example:
for VRF table.
Device(config-vrf)#ip multicast-routing vrf vpn1 distributed
interface interface-id Example:
Device(config-vrf)#interface gigabitethernet 1/0/2
Specifies the Layer 3 interface to be associated with the VRF, and enter interface configuration mode. The interface can be a routed port or an SVI.
ip vrf forwarding vrf-name Example:
Associates the VRF with the Layer 3 interface.
Device(config-if)#ip vrf forwarding vpn1
ip address ip-address mask Example:
Configures IP address for the Layer 3 interface.
Device(config-if)#ip address 10.1.5.1 255.255.255.0
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 485
Configuring a VPN Routing Session
Configuring Multi-VRF CE
Step 12 Step 13 Step 14 Step 15
Command or Action ip pim sparse-dense mode Example:
Purpose
Enables PIM on the VRF-associated Layer 3 interface.
Device(config-if)#ip pim sparse-dense mode
end Example:
Returns to privileged EXEC mode.
Device(config)#end
show ip vrf [brief | detail | interfaces] [vrf-name] Example:
Device#show ip vrf detail vpn1
copy running-config startup-config Example:
Device#copy running-config startup-config
Verifies the configuration. Displays information about the configured VRFs.
(Optional) Saves your entries in the configuration file.
Configuring a VPN Routing Session
Routing within the VPN can be configured with any supported routing protocol (RIP, OSPF, EIGRP, or ) or with static routing. The configuration shown here is for OSPF, but the process is the same for other protocols.
Note To configure an EIGRP routing process to run within a VRF instance, you must configure an autonomous-system number by entering the autonomous-system autonomous-system-number address-family configuration mode command.
Procedure
Step 1
Command or Action enable Example:
Device>enable
Purpose Enables privileged EXEC mode. Enter your password if prompted.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 486
Configuring Multi-VRF CE
Configuring VRF-Aware Services
Step 2 Step 3 Step 4
Command or Action configure terminal Example:
Purpose Enters global configuration mode.
Device#configure terminal
router ospf process-id vrf vrf-name Example:
Enables OSPF routing, specifies a VPN forwarding table, and enter router configuration mode.
Device(config)#router ospf 1 vrf vpn1
log-adjacency-changes Example:
(Optional) Logs changes in the adjacency state. This is the default state.
Device(config-router)#log-adjacency-changes
Step 5 Step 6 Step 7 Step 8
network network-number area area-id Example:
Defines a network address and mask on which OSPF runs and the area ID for that network address.
Device(config-router)#network 1 area 2
end Example:
Returns to privileged EXEC mode.
Device(config-router)#end
show ip ospf process-id Example:
Verifies the configuration of the OSPF network.
Device#show ip ospf 1
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device#copy running-config startup-config
Configuring VRF-Aware Services
These services are VRF-Aware: · ARP · Ping · Simple Network Management Protocol (SNMP) · Unicast Reverse Path Forwarding (uRPF) · Syslog
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 487
Configuring VRF-Aware Services for SNMP
Configuring Multi-VRF CE
· Traceroute · FTP and TFTP
Configuring VRF-Aware Services for SNMP
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device>enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device#configure terminal
snmp-server trap authentication vrf Example:
Enables SNMP traps for packets on a VRF.
Step 4
Device(config)#snmp-server trap authentication vrf
snmp-server engineID remote host vrf vpn-instance engine-id string
Example:
Configures a name for the remote SNMP engine on a switch.
Step 5
Device(config)#snmp-server engineID remote 172.16.20.3 vrf vpn1 80000009030000B064EFE100
snmp-server host host vrf vpn-instance traps Specifies the recipient of an SNMP trap
community
operation and specifies the VRF table to be used
Example:
for sending SNMP traps.
Step 6
Device(config)#snmp-server host 172.16.20.3 vrf vpn1 traps comaccess
snmp-server host host vrf vpn-instance informs community
Example:
Specifies the recipient of an SNMP inform operation and specifies the VRF table to be used for sending SNMP informs.
Device(config)#snmp-server host 172.16.20.3 vrf vpn1 informs comaccess
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 488
Configuring Multi-VRF CE
Configuring VRF-Aware Servcies for NTP
Step 7 Step 8
Command or Action
Purpose
snmp-server user user group remote host vrf Adds a user to an SNMP group for a remote
vpn-instance security model
host on a VRF for SNMP access.
Example:
Device(config)#snmp-server user abcd remote 172.16.20.3 vrf vpn1 priv v2c 3des secure3des
end Example:
Returns to privileged EXEC mode.
Device(config-if)#end
Configuring VRF-Aware Servcies for NTP
Configuring VRF-aware services for NTP comprises configuring the NTP servers and the NTP client interfaces connected to the NTP servers.
Before you begin Ensure connectivity between the NTP client and servers. Configure a valid IP address and subnet on the client interfaces that are connected to the NTP servers.
Configuring VRF-Aware Servcies for NTP on NTP Client Perform the following steps on the client interface that is connected to the NTP server.
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode.
· Enter your password, if prompted.
Device>enable
Step 2
configure terminal Example:
Device#configure terminal
Enters global configuration mode.
Step 3
interface interface-id
Specifies the Layer 3 interface to be associated
Example:
with the VRF, and enters the interface configuration mode.
Device(config)#interface gigabitethernet
1/0/1
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 489
Configuring VRF-Aware Servcies for NTP on NTP Client
Configuring Multi-VRF CE
Step 4 Step 5 Step 6 Step 7 Step 8
Step 9 Step 10
Step 11
Command or Action vrf forwarding vrf-name Example:
Device(config-if)#vrf forwarding A
Purpose Associates the VRF with the Layer 3 interface.
ip address ip-address subnet-mask
Example:
Device(config-if)#ip address 1.1.1.1 255.255.255.0
Enter the IP address for the interface.
no shutdown Example:
Device(config-if)#no shutdown
Enables the interface.
exit Example:
Device(config-if)exit
Exits the interface configuration mode.
ntp authentication-key number md5 md5-number
Example:
Device(config)#ntp authentication-key 1 md5 cisco123
Defines the authentication keys. The device does not synchronize to a time source unless the source has one of these authentication keys and the key number is specified by the ntp trusted-key number command.
Note
The authentication key number
and the MD5 passowrd must be
the same on both the client and
server.
ntp authenticate Example:
Enables the NTP authentication feature. NTP authentication is disabled by default.
Device(config)#ntp authenticate
ntp trusted-key key-number Example:
Device(config)#ntp trusted-key 1
Specifies one or more keys that an NTP server must provide in its NTP packets in order for the NTP client to synchronize to it. The range for trusted keys is from 1 to 65535. This command provides protection against accidentally synchronizing the NTP client to an NTP server that is not trusted.
ntp server vrf vrf-name
Configures NTP Server in the specified VRF.
Example:
Device(config)#ntp server vrf A 1.1.1.2 key 1
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 490
Configuring Multi-VRF CE
Configuring VRF-Aware Services for NTP on the NTP Server
Configuring VRF-Aware Services for NTP on the NTP Server Perform the following steps on the NTP server.
Procedure
Step 1
Command or Action enable Example:
Device>enable
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Step 2
configure terminal Example:
Device#configure terminal
Enters global configuration mode.
Step 3
Step 4 Step 5 Step 6 Step 7
ntp authentication-key number md5
Defines the authentication keys. The device
passowrd
does not synchronize to a time source unless
Example:
the source has one of these authentication keys and the key number is specified by the ntp
Device(config)#ntp authentication-key 1 trusted-key number command.
md5 cisco123
Note
The authentication key number
and the MD5 passowrd must be
the same on both the client and
server.
ntp authenticate Example:
Enables the NTP authentication feature. NTP authentication is disabled by default.
Device(config)#ntp authenticate
ntp trusted-key key-number Example:
Device(config)#ntp trusted-key 1
Specifies one or more keys that an NTP server must provide in its NTP packets in order for the NTP client to synchronize to it. The range for trusted keys is from 1 to 65535. This command provides protection against accidentally synchronizing the NTP client to an NTP server that is not trusted.
interface interface-id
Specifies the Layer 3 interface to be associated
Example:
with the VRF, and enters the interface configuration mode.
Device(config)#interface gigabitethernet
1/0/3
vrf forwarding vrf-name Example:
Associates the VRF with the Layer 3 interface.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 491
Configuring VRF-Aware Services for uRPF
Configuring Multi-VRF CE
Step 8 Step 9
Command or Action
Device(config-if)#vrf forwarding A
ip address ip-address subnet-mask Example:
Device(config-if)#ip address 1.1.1.2 255.255.255.0
exit Example:
Device(config-if)exit
Purpose Enter the IP address for the interface.
Exits the interface configuration mode.
Configuring VRF-Aware Services for uRPF
uRPF can be configured on an interface assigned to a VRF, and source lookup is done in the VRF table.
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device>enable
configure terminal Example:
Enters global configuration mode.
Device#configure terminal
Step 3 Step 4 Step 5 Step 6
interface interface-id Example:
Enters interface configuration mode, and specifies the Layer 3 interface to configure.
Device(config)#interface gigabitethernet 1/0/1
no switchport Example:
Removes the interface from Layer 2 configuration mode if it is a physical interface.
Device(config-if)#no switchport
ip vrf forwarding vrf-name Example:
Configures VRF on the interface.
Device(config-if)#ip vrf forwarding vpn2
ip address ip-address Example:
Enters the IP address for the interface.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 492
Configuring Multi-VRF CE
Configuring VRF-Aware RADIUS
Step 7 Step 8
Command or Action
Purpose
Device(config-if)#ip address 10.1.5.1
ip verify unicast reverse-path Example:
Enables uRPF on the interface.
Device(config-if)#ip verify unicast reverse-path
end Example:
Returns to privileged EXEC mode.
Device(config-if)#end
Configuring VRF-Aware RADIUS
To configure VRF-Aware RADIUS, you must first enable AAA on a RADIUS server. The switch supports the ip vrf forwarding vrf-name server-group configuration and the ip radius source-interface global configuration commands, as described in the Per VRF AAA Feature Guide.
Configuring VRF-Aware Services for Syslog
Procedure
Step 1
Command or Action enable Example:
Device>enable
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
configure terminal Example:
Device#configure terminal
Enters global configuration mode.
Step 3 Step 4
logging on Example:
Enables or temporarily disables logging of storage router event message.
Device(config)#logging on
logging host ip-address vrf vrf-name Example:
Specifies the host address of the syslog server where logging messages are to be sent.
Device(config)#logging host 10.10.1.0 vrf vpn1
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 493
Configuring VRF-Aware Services for Traceroute
Configuring Multi-VRF CE
Step 5 Step 6 Step 7 Step 8
Command or Action
logging buffered logging buffered size debugging Example:
Purpose Logs messages to an internal buffer.
Device(config)#logging buffered critical 6000 debugging
logging trap debugging Example:
Limits the logging messages sent to the syslog server.
Device(config)#logging trap debugging
logging facility facility Example:
Sends system logging messages to a logging facility.
Device(config)#logging facility user
end Example:
Returns to privileged EXEC mode.
Device(config-if)#end
Configuring VRF-Aware Services for Traceroute
Procedure
Step 1
Command or Action traceroute vrf vrf-name ipaddress Example:
Device(config)#traceroute vrf vpn2 10.10.1.1
Purpose
Specifies the name of a VPN VRF in which to find the destination address.
Configuring VRF-Aware Services for FTP and TFTP
So that FTP and TFTP are VRF-aware, you must configure some FTP/TFTP CLIs. For example, if you want to use a VRF table that is attached to an interface, say E1/0, you need to configure the ip tftp source-interface E1/0 or the ip ftp source-interface E1/0 command to inform TFTP or FTP server to use a specific routing table. In this example, the VRF table is used to look up the destination IP address. These changes are backward-compatible and do not affect existing behavior. That is, you can use the source-interface CLI to send packets out a particular interface even if no VRF is configured on that interface.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 494
Configuring Multi-VRF CE
Configuring VRF-Aware Services for FTP and TFTP
Procedure
Step 1
Command or Action enable Example:
Device>enable
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
configure terminal Example:
Device#configure terminal
Enters global configuration mode.
Step 3 Step 4 Step 5 Step 6 Step 7
ip ftp source-interface interface-type interface-number
Example:
Specifies the source IP address for FTP connections.
Device(config)#ip ftp source-interface gigabitethernet 1/0/2
end Example:
Returns to privileged EXEC mode.
Device(config)#end
configure terminal Example:
Enters global configuration mode.
Device#configure terminal
ip tftp source-interface interface-type interface-number Example:
Specifies the source IP address for TFTP connections.
Device(config)#ip tftp source-interface gigabitethernet 1/0/2
end Example:
Returns to privileged EXEC mode.
Device(config)#end
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 495
Monitoring VRF-Aware Services for ARP
Configuring Multi-VRF CE
Monitoring VRF-Aware Services for ARP
Procedure
Step 1
Command or Action show ip arp vrf vrf-name Example:
Device#show ip arp vrf vpn1
Monitoring VRF-Aware Services for Ping
Procedure
Step 1
Command or Action ping vrfvrf-nameip-host Example:
Device#ping vrf vpn1 ip-host
Purpose Displays the ARP table in the specified VRF.
Purpose Displays the ARP table in the specified VRF.
Monitoring Multi-VRF CE
This section provides information on commands for monitoring multi-VRF CE:
Table 37: Commands for Displaying Multi-VRF CE Information
Command show ip protocols vrf vrf-name
show ip route vrf vrf-name [connected] [protocol [as-number]] [list] [mobile] [odr] [profile] [static] [summary] [supernets-only] show ip vrf [brief | detail | interfaces] [vrf-name]
Purpose
Displays routing protocol information assoc a VRF.
Displays IP routing table information assoc a VRF.
Displays information about the defined VRF
Configuration Example: Multi-VRF CE
OSPF is the protocol used in VPN1, VPN2, and the global network. The examples following the illustration show how to configure a switch as CE Switch A, and the VRF configuration for customer switches D and F. Commands for configuring CE Switch C and the other customer switches are not included but would be similar.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 496
Configuring Multi-VRF CE Figure 23: Establishing a Multi-VRF CE Configuration Example
Configuration Example: Multi-VRF CE
On Switch A, enable routing and configure VRF.
Device#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Device(config)#ip routing Device(config)#ip vrf v11 Device(config-vrf)#rd 800:1 Device(config-vrf)#route-target export 800:1 Device(config-vrf)#route-target import 800:1 Device(config-vrf)#exit Device(config)#ip vrf v12 Device(config-vrf)#rd 800:2 Device(config-vrf)#route-target export 800:2 Device(config-vrf)#route-target import 800:2 Device(config-vrf)#exit
Configure the loopback and physical interfaces on Switch A. Gigabit Ethernet port 1 is a trunk connection to the PE. Gigabit Ethernet ports 8 and 11 connect to VPNs:
Device(config)#interface loopback1 Device(config-if)#ip vrf forwarding v11 Device(config-if)#ip address 8.8.1.8 255.255.255.0 Device(config-if)#exit
Device(config)#interface loopback2 Device(config-if)#ip vrf forwarding v12 Device(config-if)#ip address 8.8.2.8 255.255.255.0 Device(config-if)#exit
Device(config)#interface gigabitethernet1/0/5 Device(config-if)#switchport trunk encapsulation dot1q
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 497
Configuration Example: Multi-VRF CE
Configuring Multi-VRF CE
Device(config-if)#switchport mode trunk Device(config-if)#no ip address Device(config-if)#exit Device(config)#interface gigabitethernet1/0/8 Device(config-if)#switchport access vlan 208 Device(config-if)#no ip address Device(config-if)#exit Device(config)#interface gigabitethernet1/0/11 Device(config-if)#switchport trunk encapsulation dot1q Device(config-if)#switchport mode trunk Device(config-if)#no ip address Device(config-if)#exit
Configure the VLANs used on Switch A. VLAN 10 is used by VRF 11 between the CE and the PE. VLAN 20 is used by VRF 12 between the CE and the PE. VLANs 118 and 208 are used for the VPNs that include Switch F and Switch D, respectively:
Device(config)#interface vlan10 Device(config-if)#ip vrf forwarding v11 Device(config-if)#ip address 38.0.0.8 255.255.255.0 Device(config-if)#exit Device(config)#interface vlan20 Device(config-if)#ip vrf forwarding v12 Device(config-if)#ip address 83.0.0.8 255.255.255.0 Device(config-if)#exit Device(config)#interface vlan118 Device(config-if)#ip vrf forwarding v12 Device(config-if)#ip address 118.0.0.8 255.255.255.0 Device(config-if)#exit Device(config)#interface vlan208 Device(config-if)#ip vrf forwarding v11 Device(config-if)#ip address 208.0.0.8 255.255.255.0 Device(config-if)#exit
Configure OSPF routing in VPN1 and VPN2.
Switch D belongs to VPN 1. Configure the connection to Switch A by using these commands.
Device#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Device(config)#ip routing Device(config)#interface gigabitethernet1/0/2 Device(config-if)#no switchport Device(config-if)#ip address 208.0.0.20 255.255.255.0 Device(config-if)#exit
Device(config)#router ospf 101 Device(config-router)#network 208.0.0.0 0.0.0.255 area 0 Device(config-router)#end
Switch F belongs to VPN 2. Configure the connection to Switch A by using these commands.
Device#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Device(config)#ip routing Device(config)#interface gigabitethernet1/0/1 Device(config-if)#switchport trunk encapsulation dot1q Device(config-if)#switchport mode trunk Device(config-if)#no ip address Device(config-if)#exit
Device(config)#interface vlan118
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 498
Configuring Multi-VRF CE
Feature History for Multi-VRF CE
Device(config-if)#ip address 118.0.0.11 255.255.255.0 Device(config-if)#exit
Device(config)#router ospf 101 Device(config-router)#network 118.0.0.0 0.0.0.255 area 0 Device(config-router)#end
When used on switch B (the PE router), these commands configure only the connections to the CE device, Switch A.
Device#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Device(config)#ip vrf v1 Device(config-vrf)#rd 100:1 Device(config-vrf)#route-target export 100:1 Device(config-vrf)#route-target import 100:1 Device(config-vrf)#exit
Device(config)#ip vrf v2 Device(config-vrf)#rd 100:2 Device(config-vrf)#route-target export 100:2 Device(config-vrf)#route-target import 100:2 Device(config-vrf)#exit Device(config)#ip cef Device(config)#interface Loopback1 Device(config-if)#ip vrf forwarding v1 Device(config-if)#ip address 3.3.1.3 255.255.255.0 Device(config-if)#exit
Device(config)#interface Loopback2 Device(config-if)#ip vrf forwarding v2 Device(config-if)#ip address 3.3.2.3 255.255.255.0 Device(config-if)#exit
Device(config)#interface gigabitethernet1/1/0.10 Device(config-if)#encapsulation dot1q 10 Device(config-if)#ip vrf forwarding v1 Device(config-if)#ip address 38.0.0.3 255.255.255.0 Device(config-if)#exit
Device(config)#interface gigabitethernet1/1/0.20 Device(config-if)#encapsulation dot1q 20 Device(config-if)#ip vrf forwarding v2 Device(config-if)#ip address 83.0.0.3 255.255.255.0 Device(config-if)#exit
Device(config)#router bgp 100 Device(config-router)#address-family ipv4 vrf v2 Device(config-router-af)#neighbor 83.0.0.8 remote-as 800 Device(config-router-af)#neighbor 83.0.0.8 activate Device(config-router-af)#network 3.3.2.0 mask 255.255.255.0 Device(config-router-af)#exit Device(config-router)#address-family ipv4 vrf vl Device(config-router-af)#neighbor 38.0.0.8 remote-as 800 Device(config-router-af)#neighbor 38.0.0.8 activate Device(config-router-af)#network 3.3.1.0 mask 255.255.255.0 Device(config-router-af)#end
Feature History for Multi-VRF CE
This table provides release and related information for the features explained in this module.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 499
Feature History for Multi-VRF CE
Configuring Multi-VRF CE
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1 Multi-VRF CE
The switch supports multiple VPN routing/forwarding (multi-VRF) instances in customer edge (CE) devices (multi-VRF CE).
Cisco IOS XE Cupertino 17.7.1 Multi-VRF CE
Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 500
4 0 C H A P T E R
Protocol-Independent Features
· Distributed Cisco Express Forwarding and Load-Balancing Scheme for CEF Traffic , on page 501 · Number of Equal-Cost Routing Paths, on page 506 · Static Unicast Routes, on page 507 · Default Routes and Networks, on page 509 · Route Maps to Redistribute Routing Information, on page 511 · Policy-Based Routing, on page 517 · Filtering Routing Information, on page 522 · Managing Authentication Keys, on page 526 · Feature History for Protocol-Independent Features, on page 527
Distributed Cisco Express Forwarding and Load-Balancing Scheme for CEF Traffic
The following sections provide information about distributed Cisco express forwarding (CEF) and load-balancing scheme for CEF traffic.
Restrictions for Configuring a Load-Balancing Scheme for CEF Traffic
· You must globally configure load balancing on device or device stack members in the same way. · Per-packet load balancing for CEF traffic is not supported.
Information About Cisco Express Forwarding
Cisco Express Forwarding (CEF) is a Layer 3 IP switching technology used to optimize network performance. CEF implements an advanced IP look-up and forwarding algorithm to deliver maximum Layer 3 switching performance. CEF is less CPU-intensive than fast switching route caching, allowing more CPU processing power to be dedicated to packet forwarding. In a switch stack, the hardware uses distributed CEF (dCEF) in the stack. In dynamic networks, fast switching cache entries are frequently invalidated because of routing changes, which can cause traffic to be process switched using the routing table, instead of fast switched using the route cache. CEF and dCEF use the Forwarding Information Base (FIB) lookup table to perform destination-based switching of IP packets.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 501
CEF Load-Balancing Overview
Protocol-Independent Features
The two main components in CEF and dCEF are the distributed FIB and the distributed adjacency tables.
· The FIB is similar to a routing table or information base and maintains a mirror image of the forwarding information in the IP routing table. When routing or topology changes occur in the network, the IP routing table is updated, and those changes are reflected in the FIB. The FIB maintains next-hop address information based on the information in the IP routing table. Because the FIB contains all known routes that exist in the routing table, CEF eliminates route cache maintenance, is more efficient for switching traffic, and is not affected by traffic patterns.
· Nodes in the network are said to be adjacent if they can reach each other with a single hop across a link layer. CEF uses adjacency tables to prepend Layer 2 addressing information. The adjacency table maintains Layer 2 next-hop addresses for all FIB entries.
Because the switch or switch stack uses Application Specific Integrated Circuits (ASICs) to achieve Gigabit-speed line rate IP traffic, CEF or dCEF forwarding applies only to the software-forwarding path, that is, traffic that is forwarded by the CPU.
CEF Load-Balancing Overview
CEF load balancing allows you to optimize resources by distributing traffic over multiple paths. CEF load balancing works based on a combination of source and destination packet information.
You can configure load balancing on a per-destination. Because load-balancing decisions are made on the outbound interface, load balancing must be configured on the outbound interface.
Per-Destination Load Balancing for CEF Traffic
Per-destination load balancing allows the device to use multiple paths to achieve load sharing across multiple source-destination host pairs. Packets for a given source-destination host pair are guaranteed to take the same path, even if multiple paths are available. Traffic streams destined for different pairs tend to take different paths.
Per-destination load balancing is enabled by default when you enable CEF. To use per-destination load balancing, you do not perform any additional tasks once CEF is enabled. Per-destination is the load-balancing method of choice for most situations.
Because per-destination load balancing depends on the statistical distribution of traffic, load sharing becomes more effective as the number of source-destination host pairs increases.
You can use per-destination load balancing to ensure that packets for a given host pair arrive in order. All packets intended for a certain host pair are routed over the same link (or links).
Load-Balancing Algorithms for CEF Traffic
The following load-balancing algorithms are provided for use with CEF traffic. Select a load-balancing algorithm with the ip cef load-sharing algorithm command.
· Original algorithm--The original load-balancing algorithm produces distortions in load sharing across multiple devices because the same algorithm was used on every device. Depending on your network environment, you should select the algorithm.
· Universal algorithm--The universal load-balancing algorithm allows each device on the network to make a different load sharing decision for each source-destination address pair, which resolves load-sharing imbalances. The device is set to perform universal load sharing by default.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 502
Protocol-Independent Features
How to Configure Cisco Express Forwarding
How to Configure Cisco Express Forwarding
CEF or distributed CEF is enabled globally by default. If for some reason it is disabled, you can re-enable it by using the ip cef or ip cef distributed global configuration command.
Procedure Step 1
Command or Action configure terminal Example:
Purpose Enters global configuration mode.
Device# configure terminal
Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8
ip cef Example:
Device(config)# ip cef
ip cef distributed Example:
Enables CEF operation on a non-stacking switch. Go to Step 4.
Enables CEF operation on a active switch.
Device(config)# ip cef distributed
interface interface-id Example:
Enters interface configuration mode, and specifies the Layer 3 interface to configure.
Device(config)# interface gigabitethernet 1/0/1
ip route-cache cef Example:
Device(config-if)# ip route-cache cef
Enables CEF on the interface for software-forwarded traffic.
Note
The ip route-cache cef
command is enabled by default
and it cannot be disabled.
end Example:
Returns to privileged EXEC mode.
Device(config-if)# end
show ip cef Example:
Displays the CEF status on all interfaces.
Device# show ip cef
show cef linecard [detail] Example:
(Optional) Displays CEF-related interface information on a non-stacking switch.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 503
How to Configure a Load-Balancing for CEF Traffic
Protocol-Independent Features
Step 9 Step 10 Step 11 Step 12
Command or Action
Device# show cef linecard detail
show cef linecard [slot-number] [detail] Example:
Device# show cef linecard 5 detail
show cef interface [interface-id] Example:
Device# show cef interface gigabitethernet 1/0/1
show adjacency Example:
Device# show adjacency
copy running-config startup-config Example:
Device# copy running-config startup-config
Purpose
(Optional) Displays CEF-related interface information on a switch by stack member for all switches in the stack or for the specified switch. (Optional) For slot-number, enter the stack member switch number. Displays detailed CEF information for all interfaces or the specified interface.
Displays CEF adjacency table information.
(Optional) Saves your entries in the configuration file.
How to Configure a Load-Balancing for CEF Traffic
The following sections provide information on configuring load-balancing for CEF traffic.
Enabling or Disabling CEF Per-Destination Load Balancing
To enable or disable CEF per-destination load balancing, perform the following procedure:
Procedure
Step 1
Command or Action enable Example:
Purpose Enters global configuration mode.
Device# enable
Step 2
configure terminal Example:
Enters global configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 504
Protocol-Independent Features
Selecting a Tunnel Load-Balancing Algorithm for CEF Traffic
Command or Action
Device# configure terminal
Purpose
Step 3 Step 4 Step 5
interface interface-id Example:
Device(config-if)# interface gigabitethernet 1/0/1
[no] ip load-sharing per-destination Example:
Device(config-if)# ip load-sharing per-destination
end Example:
Device(config-if)# end
Enters interface configuration mode, and specifies the Layer 3 interface to configure.
Enables per-destination load balancing for CEF on the interface. The no ip load-sharing per-destination command disables per-destination load balancing for CEF on the interface. Exits interface configuration mode and returns to privileged EXEC mode.
Selecting a Tunnel Load-Balancing Algorithm for CEF Traffic
Select the tunnel algorithm when your network environment contains only a few source and destination pairs. The device is set to perform universal load sharing by default.
To select a tunnel load-balancing algorithm for CEF traffic, perform the following procedure:
Procedure
Step 1
Command or Action enable Example:
Purpose Enters global configuration mode.
Device# enable
Step 2
configure terminal Example:
Device# configure terminal
Enters global configuration mode.
Step 3
ip cef load-sharing algorithm {original | universal [id] } Example:
Device(config)# ip cef load-sharing algorithm universal
Selects a CEF load-balancing algorithm.
· The original keyword sets the load-balancing algorithm to the original algorithm, based on a source IP and destination IP hash.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 505
Example: Enabling or Disabling CEF Per-Destination Load Balancing
Protocol-Independent Features
Command or Action
Step 4
end Example:
Device(config)# end
Purpose · The universal keyword sets the load-balancing algorithm to one that uses a source IP, destination IP, Layer 3 Protocol, Layer 4 source port, Layer 4 destination port and IPv6 flow label (for IPv6 traffic).
· The id argument is a fixed identifier.
Returns to privileged EXEC mode.
Example: Enabling or Disabling CEF Per-Destination Load Balancing
Per-destination load balancing is enabled by default when you enable CEF. The following example shows how to disable per-destination load balancing:
Device> enable Device# configure terminal Device(config)# interface Ethernet1/0/1 Device(config-if)# no ip load-sharing per-destination Device(config-if)# end
Number of Equal-Cost Routing Paths
The following sections provide information about number of equal-cost routing paths.
Information About Equal-Cost Routing Paths
When a router has two or more routes to the same network with the same metrics, these routes can be thought of as having an equal cost. The term parallel path is another way to see occurrences of equal-cost routes in a routing table. If a router has two or more equal-cost paths to a network, it can use them concurrently. Parallel paths provide redundancy in case of a circuit failure and also enable a router to load balance packets over the available paths for more efficient use of available bandwidth. Equal-cost routes are supported across switches in a stack.
Even though the router automatically learns about and configures equal-cost routes, you can control the maximum number of parallel paths supported by an IP routing protocol in its routing table. Although the switch software allows a maximum of 32 equal-cost routes, the switch hardware will never use more than 16 paths per route.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 506
Protocol-Independent Features
How to Configure Equal-Cost Routing Paths
How to Configure Equal-Cost Routing Paths
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device# configure terminal
router {rip | ospf | eigrp} Example:
Enters router configuration mode.
Step 4 Step 5
Device(config)# router eigrp
maximum-paths maximum Example:
Device(config-router)# maximum-paths 2
Sets the maximum number of parallel paths for the protocol routing table. The range is from 1 to 16; the default is 4 for most IP routing protocols, but only 1 for BGP.
end Example:
Returns to privileged EXEC mode.
Step 6
Device(config-router)# end
show ip protocols Example:
Verifies the setting in the Maximum path field.
Step 7
Device# show ip protocols
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device# copy running-config startup-config
Static Unicast Routes
The following sections provide information about static unicast routes.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 507
Information About Static Unicast Routes
Protocol-Independent Features
Information About Static Unicast Routes
Static unicast routes are user-defined routes that cause packets moving between a source and a destination to take a specified path. Static routes can be important if the router cannot build a route to a particular destination and are useful for specifying a gateway of last resort to which all unroutable packets are sent.
The switch retains static routes until you remove them. However, you can override static routes with dynamic routing information by assigning administrative distance values. Each dynamic routing protocol has a default administrative distance, as listed in Table 41-16. If you want a static route to be overridden by information from a dynamic routing protocol, set the administrative distance of the static route higher than that of the dynamic protocol.
Table 38: Dynamic Routing Protocol Default Administrative Distances
Route Source Connected interface Static route Enhanced IRGP summary route Internal Enhanced IGRP IGRP OSPF Unknown
Default Distance 0 1 5 90 100 110 225
Static routes that point to an interface are advertised through RIP, IGRP, and other dynamic routing protocols, whether or not static redistribute router configuration commands were specified for those routing protocols. These static routes are advertised because static routes that point to an interface are considered in the routing table to be connected and hence lose their static nature. However, if you define a static route to an interface that is not one of the networks defined in a network command, no dynamic routing protocols advertise the route unless a redistribute static command is specified for these protocols.
When an interface goes down, all static routes through that interface are removed from the IP routing table. When the software can no longer find a valid next hop for the address specified as the forwarding router's address in a static route, the static route is also removed from the IP routing table.
Configuring Static Unicast Routes
Static unicast routes are user-defined routes that cause packets moving between a source and a destination to take a specified path. Static routes can be important if the router cannot build a route to a particular destination and are useful for specifying a gateway of last resort to which all unroutable packets are sent.
Follow these steps to configure a static route:
Procedure
Step 1
Command or Action enable
Purpose Enables privileged EXEC mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 508
Protocol-Independent Features
Default Routes and Networks
Command or Action Example:
Device> enable
Purpose · Enter your password if prompted.
Step 2
configure terminal Example:
Device# configure terminal
Enters global configuration mode.
Step 3 Step 4
ip route prefix mask {address | interface} [distance]
Example:
Establish a static route.
Device(config)# ip route prefix mask gigabitethernet 1/0/4
end Example:
Returns to privileged EXEC mode.
Device(config)# end
Step 5 Step 6
show ip route Example:
Device# show ip route
copy running-config startup-config Example:
Device# copy running-config startup-config
Displays the current state of the routing table to verify the configuration.
(Optional) Saves your entries in the configuration file.
What to do next Use the no ip route prefix mask {address| interface} global configuration command to remove a static route. The device retains static routes until you remove them.
Default Routes and Networks
The following sections provides information about default routes and networks.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 509
Information About Default Routes and Networks
Protocol-Independent Features
Information About Default Routes and Networks
A router might not be able to learn the routes to all other networks. To provide complete routing capability, you can use some routers as smart routers and give the remaining routers default routes to the smart router. (Smart routers have routing table information for the entire internetwork.) These default routes can be dynamically learned or can be configured in the individual routers. Most dynamic interior routing protocols include a mechanism for causing a smart router to generate dynamic default information that is then forwarded to other routers.
If a router has a directly connected interface to the specified default network, the dynamic routing protocols running on that device generate a default route. In RIP, it advertises the pseudonetwork 0.0.0.0.
A router that is generating the default for a network also might need a default of its own. One way a router can generate its own default is to specify a static route to the network 0.0.0.0 through the appropriate device.
When default information is passed through a dynamic routing protocol, no further configuration is required. The system periodically scans its routing table to choose the optimal default network as its default route. In IGRP networks, there might be several candidate networks for the system default. Cisco routers use administrative distance and metric information to set the default route or the gateway of last resort.
If dynamic default information is not being passed to the system, candidates for the default route are specified with the ip default-network global configuration command. If this network appears in the routing table from any source, it is flagged as a possible choice for the default route. If the router has no interface on the default network, but does have a path to it, the network is considered as a possible candidate, and the gateway to the best default path becomes the gateway of last resort.
How to Configure Default Routes and Networks
To configure default routes and networks, perform the following steps:
Procedure
Step 1
Command or Action configure terminal Example:
Purpose Enters global configuration mode.
Step 2
Device# configure terminal
ip default-network network number Example:
Specifies a default network.
Step 3
Device(config)# ip default-network 1
end Example:
Returns to privileged EXEC mode.
Step 4
Device(config)# end
show ip route Example:
Displays the selected default route in the gateway of last resort display.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 510
Protocol-Independent Features
Route Maps to Redistribute Routing Information
Step 5
Command or Action
Device# show ip route
copy running-config startup-config Example:
Device# copy running-config startup-config
Purpose
(Optional) Saves your entries in the configuration file.
Route Maps to Redistribute Routing Information
The following sections provide information about route maps to redistribute routing information.
Information About Route Maps
The switch can run multiple routing protocols simultaneously, and it can redistribute information from one routing protocol to another. Redistributing information from one routing protocol to another applies to all supported IP-based routing protocols.
You can also conditionally control the redistribution of routes between routing domains by defining enhanced packet filters or route maps between the two domains. The match and set route-map configuration commands define the condition portion of a route map. The match command specifies that a criterion must be matched. The set command specifies an action to be taken if the routing update meets the conditions defined by the match command. Although redistribution is a protocol-independent feature, some of the match and set route-map configuration commands are specific to a particular protocol.
One or more match commands and one or more set commands follow a route-map command. If there are no match commands, everything matches. If there are no set commands, nothing is done, other than the match. Therefore, you need at least one match or set command.
Note A route map with no set route-map configuration commands is sent to the CPU, which causes high CPU utilization.
You can also identify route-map statements as permit or deny. If the statement is marked as a deny, the packets meeting the match criteria are sent back through the normal forwarding channels (destination-based routing). If the statement is marked as permit, set clauses are applied to packets meeting the match criteria. Packets that do not meet the match criteria are forwarded through the normal routing channel.
How to Configure a Route Map
Although each of Steps 3 through 14 in the following section is optional, you must enter at least one match route-map configuration command and one set route-map configuration command.
Note The keywords are the same as defined in the procedure to control the route distribution.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 511
How to Configure a Route Map
Protocol-Independent Features
Procedure Step 1
Command or Action configure terminal Example:
Purpose Enters global configuration mode.
Step 2 Step 3
Device# configure terminal
route-mapmap-tag [permit | deny] [sequence Defines any route maps used to control
number]
redistribution and enter route-map
Example:
configuration mode.
map-tag--A meaningful name for the route
Device(config)# route-map rip-to-ospf map. The redistribute router configuration
permit 4
command uses this name to reference this route
map. Multiple route maps might share the same
map tag name.
(Optional) If permit is specified and the match criteria are met for this route map, the route is redistributed as controlled by the set actions. If deny is specified, the route is not redistributed.
sequence number (Optional)-- Number that indicates the position a new route map is to have in the list of route maps already configured with the same name.
match as-path path-list-number Example:
Matches a BGP AS path access list.
Step 4
Device(config-route-map)# match as-path 10
match community-list community-list-number Matches a BGP community list. [exact]
Example:
Step 5
Device(config-route-map)# match community-list 150
match ip address {access-list-number | access-list-name} [...access-list-number | ...access-list-name]
Example:
Matches a standard access list by specifying the name or number. It can be an integer from 1 to 199.
Device(config-route-map)# match ip address 5 80
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 512
Protocol-Independent Features
How to Configure a Route Map
Step 6 Step 7 Step 8 Step 9 Step 10 Step 11
Step 12
Command or Action match metric metric-value Example:
Purpose
Matches the specified route metric. The metric-value can be an EIGRP metric with a specified value from 0 to 4294967295.
Device(config-route-map)# match metric 2000
match ip next-hop {access-list-number | access-list-name} [...access-list-number | ...access-list-name]
Example:
Matches a next-hop router address passed by one of the access lists specified (numbered from 1 to 199).
Device(config-route-map)# match ip next-hop 8 45
match tag tag value [...tag-value] Example:
Matches the specified tag value in a list of one or more route tag values. Each can be an integer from 0 to 4294967295.
Device(config-route-map)# match tag 3500
match interfacetype number [...type-number] Matches the specified next hop route out one
Example:
of the specified interfaces.
Device(config-route-map)# match interface gigabitethernet 1/0/1
match ip route-source {access-list-number | Matches the address specified by the specified access-list-name} [...access-list-number | advertised access lists. ...access-list-name]
Example:
Device(config-route-map)# match ip route-source 10 30
match route-type {local | internal | external Matches the specified route-type:
[type-1 | type-2]}
· local--Locally generated BGP routes.
Example:
· internal--OSPF intra-area and interarea
Device(config-route-map)# match
routes or EIGRP internal routes.
route-type local
· external--OSPF external routes (Type 1
or Type 2) or EIGRP external routes.
set dampening halflife reuse suppress max-suppress-time
Example:
Sets BGP route dampening factors.
Device(config-route-map)# set dampening 30 1500 10000 120
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 513
How to Configure a Route Map
Protocol-Independent Features
Step 13 Step 14 Step 15 Step 16 Step 17 Step 18
Command or Action set local-preference value Example:
Purpose Assigns a value to a local BGP path.
Device(config-route-map)# set local-preference 100
set origin {igp | egp as | incomplete} Example:
Sets the BGP origin code.
Device(config-route-map)# set origin igp
set as-path {tag | prepend as-path-string} Example:
Modifies the BGP autonomous system path.
Device(config-route-map)# set as-path tag
set level {level-1 | level-2 | level-1-2 | stub-area | backbone}
Example:
Sets the level for routes that are advertised into the specified area of the routing domain. The stub-area and backbone are OSPF NSSA and backbone areas.
Device(config-route-map)# set level level-1-2
set metric metric value Example:
Sets the metric value to give the redistributed routes (for EIGRP only). The metric value is an integer from -294967295 to 294967295.
Device(config-route-map)# set metric 100
set metricbandwidth delay reliability loading Sets the metric value to give the redistributed
mtu
routes (for EIGRP only):
Example:
Device(config-route-map)# set metric 10000 10 255 1 1500
· bandwidth--Metric value or IGRP bandwidth of the route in kilobits per second in the range 0 to 4294967295
· delay--Route delay in tens of microseconds in the range 0 to 4294967295.
· reliability--Likelihood of successful packet transmission expressed as a number between 0 and 255, where 255 means 100 percent reliability and 0 means no reliability.
· loading--Effective bandwidth of the route expressed as a number from 0 to 255 (255 is 100 percent loading).
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 514
Protocol-Independent Features
How to Control Route Distribution
Step 19 Step 20 Step 21 Step 22 Step 23 Step 24
Command or Action
Purpose
· mtu--Minimum maximum transmission unit (MTU) size of the route in bytes in the range 0 to 4294967295.
set metric-type {type-1 | type-2} Example:
Sets the OSPF external metric type for redistributed routes.
Device(config-route-map)# set metric-type type-2
set metric-type internal Example:
Device(config-route-map)# set metric-type internal
set weight number Example:
Sets the multi-exit discriminator (MED) value on prefixes advertised to external BGP neighbor to match the IGP metric of the next hop.
Sets the BGP weight for the routing table. The value can be from 1 to 65535.
Device(config-route-map)# set weight 100
end Example:
Returns to privileged EXEC mode.
Device(config-route-map)# end
show route-map Example:
Displays all route maps configured or only the one specified to verify configuration.
Device# show route-map
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device# copy running-config startup-config
How to Control Route Distribution
Although each of Steps 3 through 14 in the following section is optional, you must enter at least one match route-map configuration command and one set route-map configuration command.
Note The keywords are the same as defined in the procedure to configure the route map for redistritbution.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 515
How to Control Route Distribution
Protocol-Independent Features
The metrics of one routing protocol do not necessarily translate into the metrics of another. For example, the RIP metric is a hop count, and the IGRP metric is a combination of five qualities. In these situations, an artificial metric is assigned to the redistributed route. Uncontrolled exchanging of routing information between different routing protocols can create routing loops and seriously degrade network operation.
If you have not defined a default redistribution metric that replaces metric conversion, some automatic metric translations occur between routing protocols:
· RIP can automatically redistribute static routes. It assigns static routes a metric of 1 (directly connected).
· Any protocol can redistribute other routing protocols if a default mode is in effect.
Procedure
Step 1
Command or Action configure terminal Example:
Purpose Enters global configuration mode.
Step 2
Device# configure terminal
router {rip | ospf | eigrp} Example:
Enters router configuration mode.
Step 3
Device(config)# router eigrp 10
redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [metric metric-value] [metric-type type-value] [match internal | external type-value] [tag tag-value] [route-map map-tag] [weight weight] [subnets]
Example:
Redistributes routes from one routing protocol to another routing protocol. If no route-maps are specified, all routes are redistributed. If the keyword route-map is specified with no map-tag, no routes are distributed.
Step 4 Step 5
Device(config-router)# redistribute eigrp 1
default-metric number Example:
Cause the current routing protocol to use the same metric value for all redistributed routes (RIP and OSPF).
Device(config-router)# default-metric 1024
default-metric bandwidth delay reliability loading mtu
Example:
Cause the EIGRP routing protocol to use the same metric value for all non-EIGRP redistributed routes.
Device(config-router)# default-metric 1000 100 250 100 1500
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 516
Protocol-Independent Features
Policy-Based Routing
Step 6 Step 7 Step 8
Command or Action end Example:
Device(config-router)# end
show route-map Example:
Device# show route-map
copy running-config startup-config Example:
Device# copy running-config startup-config
Purpose Returns to privileged EXEC mode.
Displays all route maps configured or only the one specified to verify configuration.
(Optional) Saves your entries in the configuration file.
Policy-Based Routing
Restrictions for Configuring Policy-based Routing
· PBR is not supported on GRE tunnel itself (applied under the GRE tunnel itself). · PBR does not apply to fragmented traffic. Fragmented traffic will follow a normal routing path. · PBR and Network Address Translation (NAT) are not supported on the same interface. PBR and NAT
work together only if they are configured on different interfaces.
Information About Policy-Based Routing
You can use policy-based routing (PBR) to configure a defined policy for traffic flows. By using PBR, you can have more control over routing by reducing the reliance on routes derived from routing protocols. PBR can specify and implement routing policies that allow or deny paths based on:
· Identity of a particular end system · Application · Protocol
You can use PBR to provide equal-access and source-sensitive routing, routing based on interactive versus batch traffic, or routing based on dedicated links. For example, you could transfer stock records to a corporate office on a high-bandwidth, high-cost link for a short time while transmitting routine application data such as e-mail over a low-bandwidth, low-cost link. With PBR, you classify traffic using access control lists (ACLs) and then make traffic go through a different path. PBR is applied to incoming packets. All packets received on an interface with PBR enabled are passed
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 517
How to Configure PBR
Protocol-Independent Features
through route maps. Based on the criteria defined in the route maps, packets are forwarded (routed) to the appropriate next hop.
· Route map statement marked as permit is processed as follows: · A match command can match on length or multiple ACLs. A route map statement can contain multiple match commands. Logical or algorithm function is performed across all the match commands to reach a permit or deny decision.
Note The match length command is not supported on Cisco Catalyst 9600X-SUP-2 Switches.
For example: match length A B match ip address acl1 acl2 match ip address acl3
A packet is permitted if it is permitted by match length A B or acl1 or acl2 or acl3 · If the decision reached is permit, then the action specified by the set command is applied on the packet . · If the decision reached is deny, then the PBR action (specified in the set command) is not applied. Instead the processing logic moves forward to look at the next route-map statement in the sequence (the statement with the next higher sequence number). If no next statement exists, PBR processing terminates, and the packet is routed using the default IP routing table.
You can use standard IP ACLs to specify match criteria for a source address or extended IP ACLs to specify match criteria based on an application, a protocol type, or an end station. The process proceeds through the route map until a match is found. If no match is found, normal destination-based routing occurs. There is an implicit deny at the end of the list of match statements. If match clauses are satisfied, you can use a set clause to specify the IP addresses identifying the next hop router in the path. Local PBR configuration supports setting DSCP marking for RADIUS packets generated for device administration purposes. Starting with the Cisco IOS XE Cupertino 17.7.1release, PBR can forward traffic into GRE tunnel. This applies to PBR applied on any interface and forwarding traffic into GRE tunnel.
How to Configure PBR
· Multicast traffic is not policy-routed. PBR applies only to unicast traffic. · You can enable PBR on a routed port or an SVI. · The switch supports PBR based on match length. · You can apply a policy route map to an EtherChannel port channel in Layer 3 mode, but you cannot
apply a policy route map to a physical interface that is a member of the EtherChannel. If you try to do
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 518
Protocol-Independent Features
How to Configure PBR
so, the command is rejected. When a policy route map is applied to a physical interface, that interface cannot become a member of an EtherChannel.
· When configuring match criteria in a route map, follow these guidelines: · Do not match ACLs that permit packets destined for a local address.
· Web Cache Communication Protocol (WCCP) and PBR are mutually exclusive on a switch interface. You cannot enable WCCP when PBR is enabled on an interface. The reverse is also true, you cannot enable PBR when WCCP is enabled on an interface. WCCP is not supported on Cisco Catalyst 9600X Series Switches.
· The number of hardware entries used by PBR depends on the route map itself, the ACLs used, and the order of the ACLs and route-map entries.
· PBR based on TOS, DSCP and IP Precedence are not supported.
· Set interface, set default next-hop and set default interface are not supported.
· ip next-hop recursive and ip next-hop verify availability features are not available and the next-hop should be directly connected.
· Policy-maps with no set actions are supported. Matching packets are routed normally.
· Policy-maps with no match clauses are supported. Set actions are applied to all packets.
By default, PBR is disabled on the switch. To enable PBR, you must create a route map that specifies the match criteria and the resulting action. Then, you must enable PBR for that route map on an interface. All packets arriving on the specified interface matching the match clauses are subject to PBR.
Packets that are generated by the switch (CPU), or local packets, are not normally policy-routed. When you globally enable local PBR on the switch, all unicast packets that originate on the switch are subject to local PBR. The protocols that are supported for local PBR are NTP, DNS, MSDP, SYSLOG and TFTP. Local PBR is disabled by default.
Local PBR is not supported on Cisco Catalyst 9600X Series Switches.
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Device# configure terminal
Enters global configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 519
How to Configure PBR
Protocol-Independent Features
Step 3
Step 4 Step 5 Step 6 Step 7 Step 8
Command or Action
Purpose
route-map map-tag [permit] [sequence Defines route maps that are used to control
number]
where packets are output, and enters route-map
Example:
configuration mode.
· map-tag -- A meaningful name for the
Device(config)# route-map pbr-map permit
route map. The ip policy route-map
interface configuration command uses
this name to reference the route map.
Multiple route-map statements with the
same map tag define a single route map.
· (Optional) permit -- If permit is specified and the match criteria are met for this route map, the route is policy routed as defined by the set actions.
· (Optional) sequence number -- The sequence number shows the position of the route-map statement in the given route map.
match ip address {access-list-number | access-list-name} [access-list-number |...access-list-name]
Example:
Device(config-route-map)# match ip address 110 140
Matches the source and destination IP addresses that are permitted by one or more standard or extended access lists. ACLs can match on more than one source and destination IP address.
If you do not specify a match command, the route map is applicable to all packets.
match length min max
Note
Example:
Device(config-route-map)# match length 64 1500
The match length min max command is not supported on Cisco Catalyst 9600X Series Switches.
Matches the length of the packet.
set ip next-hop ip-address [...ip-address]
Example:
Device(config-route-map)# set ip next-hop 10.1.6.2
Specifies the action to be taken on the packets that match the criteria. Sets next hop to which to route the packet (the next hop must be adjacent).
The next hop IP address can be a GRE tunnel.
exit Example:
Device(config-route-map)# exit
Returns to global configuration mode.
interface interface-id Example:
Enters interface configuration mode, and specifies the interface to be configured.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 520
Protocol-Independent Features
How to Configure PBR
Step 9
Step 10 Step 11 Step 12 Step 13 Step 14 Step 15 Step 16
Command or Action
Device(config)# interface gigabitethernet 1/0/1
Purpose
ip policy route-map map-tag
Enables PBR on a Layer 3 interface, and
Example:
identify the route map to use. You can configure only one route map on an interface.
Device(config-if)# ip policy route-map However, you can have multiple route map
pbr-map
entries with different sequence numbers. These
entries are evaluated in the order of sequence
number until the first match. If there is no
match, packets are routed as usual.
ip route-cache policy
(Optional) Enables fast-switching PBR. You
Example:
must enable PBR before enabling fast-switching PBR.
Device(config-if)# ip route-cache policy
exit Example:
Device(config-if)# exit
Returns to global configuration mode.
ip local policy route-map map-tag
Example:
Device(config)# ip local policy route-map local-pbr
(Optional) Enables local PBR to perform policy-based routing on packets originating at the switch. This applies to packets generated by the switch, and not to incoming packets.
end Example:
Device(config)# end
Returns to privileged EXEC mode.
show route-map [map-name] Example:
Device# show route-map
(Optional) Displays all the route maps configured or only the one specified to verify configuration.
show ip policy Example:
Device# show ip policy
(Optional) Displays policy route maps attached to the interface.
show ip local policy Example:
Device# show ip local policy
(Optional) Displays whether or not local policy routing is enabled and, if so, the route map being used.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 521
Filtering Routing Information
Protocol-Independent Features
Filtering Routing Information
Note When routes are redistributed between OSPF processes, no OSPF metrics are preserved.
Setting Passive Interfaces
To prevent other routers on a local network from dynamically learning about routes, you can use the passive-interface router configuration command to keep routing update messages from being sent through a router interface. When you use this command in the OSPF protocol, the interface address you specify as passive appears as a stub network in the OSPF domain. OSPF routing information is neither sent nor received through the specified router interface.
In networks with many interfaces, to avoid having to manually set them as passive, you can set all interfaces to be passive by default by using the passive-interface default router configuration command and manually setting interfaces where adjacencies are desired.
Use a network monitoring privileged EXEC command such as show ip ospf interface to verify the interfaces that you enabled as passive, or use the show ip interface privileged EXEC command to verify the interfaces that you enabled as active.
Procedure
Step 1
Command or Action configure terminal Example:
Purpose Enters global configuration mode.
Step 2
Device# configure terminal
router {rip | ospf | eigrp} Example:
Enters router configuration mode.
Step 3
Device(config)# router ospf
passive-interface interface-id Example:
Suppresses sending routing updates through the specified Layer 3 interface.
Step 4
Device(config-router)# passive-interface gigabitethernet 1/0/1
passive-interface default Example:
(Optional) Sets all interfaces as passive by default.
Device(config-router)# passive-interface default
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 522
Protocol-Independent Features
Controlling Advertising and Processing in Routing Updates
Step 5 Step 6 Step 7 Step 8
Command or Action no passive-interface interface type Example:
Purpose
(Optional) Activates only those interfaces that need to have adjacencies sent.
Device(config-router)# no passive-interface gigabitethernet1/0/3 gigabitethernet 1/0/5
network network-address Example:
(Optional) Specifies the list of networks for the routing process. The network-address is an IP address.
Device(config-router)# network 10.1.1.1
end Example:
Returns to privileged EXEC mode.
Device(config-router)# end
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device# copy running-config startup-config
Controlling Advertising and Processing in Routing Updates
You can use the distribute-list router configuration command with access control lists to suppress routes from being advertised in routing updates and to prevent other routers from learning one or more routes. When used in OSPF, this feature applies to only external routes, and you cannot specify an interface name.
You can also use a distribute-list router configuration command to avoid processing certain routes listed in incoming updates. (This feature does not apply to OSPF.)
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Device# configure terminal
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 523
Filtering Sources of Routing Information
Protocol-Independent Features
Step 3 Step 4
Step 5 Step 6 Step 7
Command or Action router {rip | eigrp} Example:
Purpose Enters router configuration mode.
Device(config)# router eigrp 10
distribute-list {access-list-number |
Permits or denies routes from being advertised
access-list-name} out [interface-name | routing in routing updates, depending upon the action
process | autonomous-system-number]
listed in the access list.
Example:
Device(config-router)# distribute 120 out gigabitethernet 1/0/7
distribute-list {access-list-number | access-list-name} in [type-number]
Example:
Suppresses processing in routes listed in updates.
Device(config-router)# distribute-list 125 in
end Example:
Returns to privileged EXEC mode.
Device(config-router)# end
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device# copy running-config startup-config
Filtering Sources of Routing Information
Because some routing information might be more accurate than others, you can use filtering to prioritize information coming from different sources. An administrative distance is a rating of the trustworthiness of a routing information source, such as a router or group of routers. In a large network, some routing protocols can be more reliable than others. By specifying administrative distance values, you enable the router to intelligently discriminate between sources of routing information. The router always picks the route whose routing protocol has the lowest administrative distance.
Because each network has its own requirements, there are no general guidelines for assigning administrative distances.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 524
Protocol-Independent Features
Filtering Sources of Routing Information
Procedure
Step 1
Command or Action enable Example:
Step 2
Device> enable
configure terminal Example:
Step 3
Device# configure terminal
router {rip | ospf | eigrp} Example:
Step 4
Device(config)# router eigrp 10
distance weight {ip-address {ip-address mask}} [ip access list] Example:
Device(config-router)# distance 50 10.1.5.1
Step 5 Step 6 Step 7
end Example:
Device(config-router)# end
show ip protocols Example:
Device# show ip protocols
copy running-config startup-config Example:
Device# copy running-config startup-config
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Enters global configuration mode.
Enters router configuration mode.
Defines an administrative distance. weight--The administrative distance as an integer from 10 to 255. Used alone, weight specifies a default administrative distance that is used when no other specification exists for a routing information source. Routes with a distance of 255 are not installed in the routing table. (Optional) ip access list--An IP standard or extended access list to be applied to incoming routing updates. Returns to privileged EXEC mode.
Displays the default administrative distance for a specified routing process.
(Optional) Saves your entries in the configuration file.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 525
Managing Authentication Keys
Protocol-Independent Features
Managing Authentication Keys
Key management is a method of controlling authentication keys used by routing protocols. Not all protocols can use key management. Authentication keys are available for EIGRP and RIP Version 2.
Prerequisites
Before you manage authentication keys, you must enable authentication. See the appropriate protocol section to see how to enable authentication for that protocol. To manage authentication keys, define a key chain, identify the keys that belong to the key chain, and specify how long each key is valid. Each key has its own key identifier (specified with the key number key chain configuration command), which is stored locally. The combination of the key identifier and the interface associated with the message uniquely identifies the authentication algorithm and Message Digest 5 (MD5) authentication key in use.
How to Configure Authentication Keys
You can configure multiple keys with life times. Only one authentication packet is sent, regardless of how many valid keys exist. The software examines the key numbers in order from lowest to highest, and uses the first valid key it encounters. The lifetimes allow for overlap during key changes. Note that the router must know these lifetimes.
Procedure
Step 1
Command or Action configure terminal Example:
Purpose Enters global configuration mode.
Step 2
Device# configure terminal
key chain name-of-chain Example:
Identifies a key chain, and enter key chain configuration mode.
Step 3
Device(config)# key chain key10
key number Example:
Identifies the key number. The range is 0 to 2147483647.
Step 4 Step 5
Device(config-keychain)# key 2000
key-string text Example:
Device(config-keychain)# Room 20, 10th floor
Identifies the key string. The string can contain from 1 to 80 uppercase and lowercase alphanumeric characters, but the first character cannot be a number.
accept-lifetime start-time {infinite | end-time (Optional) Specifies the time period during
| duration seconds}
which the key can be received.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 526
Protocol-Independent Features
Feature History for Protocol-Independent Features
Step 6
Step 7 Step 8 Step 9
Command or Action
Purpose
Example:
The start-time and end-time syntax can be either
hh:mm:ss Month date year or hh:mm:ss date
Device(config-keychain)# accept-lifetime Month year. The default is forever with the
12:30:00 Jan 25 1009 infinite
default start-time and the earliest acceptable date as January 1, 1993. The default end-time
and duration is infinite.
send-lifetime start-time {infinite | end-time | (Optional) Specifies the time period during
duration seconds}
which the key can be sent.
Example:
The start-time and end-time syntax can be either
hh:mm:ss Month date year or hh:mm:ss date
Device(config-keychain)# accept-lifetime Month year. The default is forever with the
23:30:00 Jan 25 1019 infinite
default start-time and the earliest acceptable date as January 1, 1993. The default end-time
and duration is infinite.
end Example:
Returns to privileged EXEC mode.
Device(config-keychain)# end
show key chain Example:
Displays authentication key information.
Device# show key chain
copy running-config startup-config Example:
(Optional) Saves your entries in the configuration file.
Device# copy running-config startup-config
Feature History for Protocol-Independent Features
This table provides release and related information for the features explained in this module. These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 527
Feature History for Protocol-Independent Features
Protocol-Independent Features
Release Cisco IOS XE Gibraltar 16.11.1
Cisco IOS XE Cupertino 17.7.1 Cisco IOS XE Dublin 17.11.1
Feature
Feature Information
Protocol-Independent
Cisco Express Forwarding (CEF)
Features-Distributed Cisco Express is a Layer 3 IP switching
Forwarding
technology used to optimize
network performance.
Protocol-Independent Features-Policy-Based Routing
Use policy-based routing (PBR) to configure a defined policy for traffic flows. By using PBR, you can have more control over routing by reducing the reliance on routes derived from routing protocols.
Protocol-Independent
Key management is a method of
Features-Managing Authentication controlling authentication keys used
Keys
by routing protocols.
Authentication keys are available
for EIGRP and RIP Version 2.
Protocol-Independent
Support for this feature was
Features-Distributed Cisco Express introduced on the Cisco Catalyst
Forwarding and Managing
9600 Series Supervisor 2 Module
Authentication Keys
(C9600X-SUP-2).
Protocol-Independent Features-PBR support on GRE Tunnel
Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 1 Module .
Protocol-Independent Features-Policy-Based Routing
Support for this feature was introduced on Cisco Catalyst 9600X Series Switches.
Use the Cisco Feature Navigator to find information about platform and software image support.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 528
4 1 C H A P T E R
Configuring VRF aware PBR
· Restrictions for VRF aware PBR, on page 529 · Information about VRF aware PBR, on page 530 · How to Configure VRF aware PBR, on page 531 · Configuration Examples for VRF aware PBR, on page 551 · Feature History for VRF aware PBR, on page 558
Restrictions for VRF aware PBR
· The route map commands set global and set vrf cannot be configured together on the same route-map. · The same PBR cannot be applied to multiple unique VRF interfaces. The exception is when the PBR
policy contains a set global or set vrf as the set command. · Different route map command options (set ip vrf,set ip default vrf,set vrf) cannot be configured on the
same route-map under the same sequence or a different sequence. Multiple unique route map command options (such as set vrf) can be configured using different sequence number in route-map. · Cisco Catalyst 9600X-SUP-2 Module does not support the following set clauses:
· set global · set ip default vrf · set ipv6 default vrf · set ip default global · set ipv6 default global · set ip default next-hop · set ipv6 default next-hop · The match length min max command is not supported on Cisco Catalyst 9600X-SUP-2 Module.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 529
Information about VRF aware PBR
Configuring VRF aware PBR
Information about VRF aware PBR
Overview
VRF-lite is a feature that enables a service provider to support two or more VPNs, where IP addresses can be overlapped among the VPNs. VRF-lite uses input interfaces to distinguish routes for different VPNs and forms virtual packet-forwarding tables by associating one or more Layer 3 interfaces with each VRF.
Starting with Cisco IOS XE 16.12.1 release, PBR can be configured on VRF lite interfaces.
MPLS cannot be configured on the same VRF lite interface that has PBR configured on it.
VRF aware PBR can be of the following types:
· Inherit VRF: For Inherit VRF the VRF context is implicitly inherited for the ingress interface. Packets enter the VRF interface and are policy routed or forwarded out of the same VRF. The VRF routing and forwarding table is used when a route lookup is required to apply a set route policy to a packet.
· Inter VRF: For Inter VRF the VRF context needs to be specified explicitly. In this case, packets enter a VRF interface and are policy routed or forwarded to another VRF interface
· VRF to Global Routing Table: Packets enter the VRF interface and are policy routed or forwarded out of the Global Routing Table. The context for the Global Routing Table needs to be explicitly specified.
· Global Routing Table to VRF: Packets enter a global interface and are policy routed or forwarded out of a VRF interface
VRF aware PBR set clauses
You can enable VRF selection by PBR packets through one of the following options · A route map
· The Global Routing Table
· A specified VRF
You can enable policy based routing of packets for a VRF instance by using route map commands with the following set clauses
· set ip vrf vrf-name next-hop ip-address [ip-address]: Indicates where to route IPv4 packets that pass a match criteria of a route map using the next-hop specified for the VRF.
· set ipv6 vrf vrf-name next-hop ip-address [ip-address]: Indicates where to route IPv6 packets that pass a match criteria of a route map using the next-hop specified for the VRF.
· set global: Routes the packets through the global routing table. The command is useful to route ingress packets belonging to a specific VRF through the global routing table.
· set vrf: Routes packets using a particular VRF table through any of the interfaces belonging to that VRF. If there is no route in the VRF table, the packet will be dropped.
· set ip global next-hop: Indicates which next hop to forward the IPv4 packets that match the criterion of route-map for PBR. Uses the Global Routing table for reaching the next hop.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 530
Configuring VRF aware PBR
How to Configure VRF aware PBR
· set ipv6 global next-hop: Indicates which next hop to forward the IPv6 packets that match the criterion of route-map for PBR. Uses the Global Routing table for reaching the next hop.
· set ip default vrf vrf-name nexthop ip-address [ip-address]: Verifies the presence of the IP address in the routing table of the VRF. If the IP address is present the packet is not policy routed but forwarded based on the routing table. If the IP address is absent in the routing table, the packet is policy routed and sent to the specified next hop.
· set ipv6 default vrf vrf-name nexthop ip-address [ip-address]: Verifies the presence of the IPv6 address in the routing table of the VRF. If the IPv6 address is present the packet is not policy routed but forwarded based on the routing table. If the IPv6 address is absent in the routing table, the packet is policy routed and sent to the specified next hop.
· set ip default global: Configures IPv4 VRF to global routing.
· set ipv6 default global: Configures IPv6 VRF to global routing.
· set ip default next-hop: Indicates where to send IPv4 packets that pass a match criterion of a route map for PBR and for which no explicit route to a destination is specified.
· set ipv6 default next-hop: Indicates where to send IPv6 output packets that pass a match criterion of a route map for policy routing and for which no explicit route to a destination is specified.
How to Configure VRF aware PBR
Configuring Inherit-VRF in a Route Map
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3 Step 4
Device# configure terminal
ip
Specifies the IP access list type and enters the
access-list{standard|extended}[access-list-name|access-list-number] corresponding access list configuration mode.
Example:
You can specify a standard, extended, or named access list.
Device(config)# ip access-list standard
10
[sequence-number]{permit|deny}protocol Defines the criteria for which the access list
source source-wildcard destination
will permit or deny packets.
destination-wildcard
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 531
Configuring Inherit-VRF in a Route Map
Configuring VRF aware PBR
Step 5 Step 6
Step 7 Step 8 Step 9 Step 10 Step 11 Step 12 Step 13
Command or Action Example:
Device(config-ipv4-acl)# 10 permit 133.33.33.0 0.0.0.255
Purpose
route-map map-tag [permit |deny][sequence-number]
Example:
Device(config-route-map)# route-map vrf1_vrf1 permit 10
Defines the conditions for enabling Policy Based Routing. Enters route-map configuration mode.
match ip-address{acl-number [acl-number|acl-name ]|acl-name [acl-name |acl-number]}
Example:
Device(config-route-map)# match ip address 10
Performs policy routing on matched packets. IP access lists and extended ACLs are supported.
match length min max
Matches the length of the packet.
Example:
Device(config-route-map)# match length 64 1500
set ip next-hop ip-address[ip-address]
Example:
Device(config-route-map)# set ip next-hop 135.35.35.2
Specifies the next hop for routing packets.
interface HundredGigE rack/slot/module/port Configures a Hundred Gigabit Ethernet
Example:
Device(config-if)# interface
interface and enters interface configuration mode.
HundredGigE1/0/11
no switchport Example:
Device(config-if)# no switchport
Configures the interface as a Layer 3 Ethernet interface.
vrf forwarding vrf-name Example:
Device(config-if)vrf forwarding vrf1
Associates the VRF with the Layer 3 interface.
ip address ip-address subnet-mask
Example:
Device(config-if-vrf)ip address 100.1.1.1 255.255.255.0
Enters the IP address for the interface.
ip policy route-map map-tag Example:
Identifies the route map to use for PBR.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 532
Configuring VRF aware PBR
Configuring IPv6 Inherit-VRF in a Route Map
Step 14 Step 15 Step 16 Step 17 Step 18
Command or Action
Purpose
Device(config-if) ip policy route-map vrf1_vrf1
end Example:
Device(config-f)# end
Exits interface configuration mode and returns to privileged EXEC mode.
interface HundredGigE rack/slot/module/port Configures a Hundred Gigabit Ethernet
Example:
Device(config)# interface
interface and enters interface configuration mode.
HundredGigE1/0/25
no switchport Example:
Device(config-if)# no switchport
Configures the interface as a Layer 3 Ethernet interface.
vrf forwarding vrf-name
Associates the VRF with the Layer 3 interface.
Example:
Device(config-if)# vrf forwarding vrf1
ip address ip-address subnet-mask
Example:
Device(config-if-vrf)ip address 135.35.35.1 255.255.255.0
Enters the IP address for the interface.
Configuring IPv6 Inherit-VRF in a Route Map
Procedure Step 1
Command or Action enable Example:
Step 2
Device> enable
configure terminal Example:
Step 3
Device# configure terminal
ip access-list{standard |extended}[access-list-name |access-list-number]
Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Enters global configuration mode.
Specifies the IP access list type and enters the corresponding access list configuration mode. You can specify a standard, extended, or named access list.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 533
Configuring IPv6 Inherit-VRF in a Route Map
Configuring VRF aware PBR
Step 4
Step 5 Step 6
Step 7 Step 8 Step 9 Step 10 Step 11
Command or Action
Device(config)# ipv6 access-list acl_vrf1
Purpose
[sequence-number]{permit|deny}protocol Defines the criteria for which the access list
source source-wildcard destination
will permit or deny packets.
destination-wildcard
Example:
Device(config-ipv6-acl)# 10 permit ipv6 1333::/64 2000::/64
route-map map-tag [permit |deny][sequence-number]
Example:
Device(config-route-map)# route-map vrf1_vrf1_v6 permit 10
Defines the conditions for enabling Policy Based Routing. Enters route-map configuration mode.
match ip-address{acl-number [acl-number|acl-name ]|acl-name [acl-name |acl-number]}
Example:
Device(config-route-map)# match ipv6 address acl_vrf1
Performs policy routing on matched packets. IP access lists and extended ACLs are supported.
match length min max
Matches the length of the packet.
Example:
Device(config-route-map)# match length 64 1500
set ip next-hop ip-address[ip-address]
Example:
Device(config-route-map)# set ipv6 next-hop 1335::1
Specifies the next hop for IPv6 routing packets.
interface HundredGigE rack/slot/module/port Configures a Hundred Gigabit Ethernet
Example:
Device(config-if)# interface
interface and enters interface configuration mode.
HundredGigE1/0/11
no switchport Example:
Device(config-if)# no switchport
Configures the interface as a Layer 3 Ethernet interface.
vrf forwarding vrf-name Example:
Device(config-if)vrf forwarding vrf1
Associates the VRF with the Layer 3 interface.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 534
Configuring VRF aware PBR
Configuring Inter-VRF in a Route Map
Step 12 Step 13 Step 14 Step 15 Step 16 Step 17 Step 18 Step 19
Command or Action
ip address ip-address subnet-mask Example:
Device(config-if-vrf) ipv6 address 1000::1/64
Purpose Enters the IP address for the interface.
ip policy route-map map-tag
Identifies the route map to use for PBR.
Example:
Device(config-if)ipv6 policy route-map vrf1_vrf1_v6
end Example:
Device(config-if)end
Exits interface configuration mode and returns to privileged EXEC mode.
interface HundredGigE rack/slot/module/port Configures a Hundred Gigabit Ethernet
Example:
interface and enters interface configuration mode.
Device(config)# interface
HundredGigE1/0/25
no switchport Example:
Device(config-if)# no switchport
Configures the interface as a Layer 3 Ethernet interface.
vrf forwarding vrf-name
Associates the VRF with the Layer 3 interface.
Example:
Device(config-if)# vrf forwarding vrf1
ip address ip-address subnet-mask
Example:
Device(config-if-vrf) ipv6 address 1335::2/64
Enters the IP address for the interface.
ipv6 enable Example:
Device(cofig-if) ipv6 enable
Enables IPv6 processing on an interface that has not been configured with an explicit IPv6 address.
Configuring Inter-VRF in a Route Map
Before you begin You can use the following set clauses of the route-map commands:
· set ip vrf vrf-namenext-hopip-address[ip-address]: Indicates where to route IPv4 packets that pass a match criteria of a route map using the next-hop specified for the VRF.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 535
Configuring Inter-VRF in a Route Map
Configuring VRF aware PBR
· set ip default vrf vrf-namenexthopip-address[ip-address]: Verifies the presence of the IP address in the routing table of the VRF. If the IP address is present the packet is not policy routed but forwarded based on the routing table. If the IP address is absent in the routing table, the packet is policy routed and sent to the specified next hop.
· set vrf: Routes packets using a particular VRF table through any of the interfaces belonging to that VRF. If there is no route in the VRF table, the packet will be dropped.
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3 Step 4
Step 5 Step 6
Device# configure terminal
ip access-list {standard |extended}[access-list-name |access-list-number]
Example:
Device# ip access-list standard 10
Specifies the IP access list type and enters the corresponding access list configuration mode. You can specify a standard, extended, or named access list.
[sequence-number]{permit|deny}protocol Defines the criteria for which the access list
source source-wildcard destination
will permit or deny packets. Match criteria can
destination-wildcard
be defined based on IP addresses, IP address
Example:
ranges, and other IP packet access list filtering options. Named, numbered, standard, and
Device(config-ipv4-acl)# 10 permit 133.33.33.0 0.0.0.255
extended access lists are supported. You can use all IP access list configuration options in
Cisco IOS software to define match criteria.
route-map map-tag [permit |deny][sequence-number]
Example:
Device(config-route-map)# route-map vrf1_vrf2 permit 10
Defines the conditions for redistributing routes from one routing protocol into another, or enables policy routing. Enters route-map configuration mode.
match ip-address {acl-number [acl-number Distributes any routes that have a destination
|acl-name ]|acl-name
network number address that is permitted by
[acl-name|acl-number]}
a standard or extended access list, and
Example:
performs policy routing on matched packets.
Device(config-route-map)# match ip
· ·IP access lists are supported.
address 10
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 536
Configuring VRF aware PBR
Configuring Inter-VRF in a Route Map
Step 7
Step 8 Step 9 Step 10 Step 11 Step 12
Command or Action
Purpose
· ·The example configures the route map to use standard access list 1 to define match criteria.
set ip vrf vrf-name next-hop {ip-address Note
The set ip default
[ip-address]|}
vrfvrf-namenext-hop{ip-address[ip-addre
· set ip default vrfvrf-namenext-hop{ip-address[ip-address]|}
set clause is not supported on Cisco Catalyst Series Switches.
· set vrfvrf-name
The set ip vrf
Example:
vrf-namenext-hopip-address[ip-address]
Device(config-route-map)# set ip vrf command indicates where to route IPv4
vrf2 next-hop 135.35.35.2
packets that pass a match criteria of a route
or
map using the next-hop specified for the VRF.
Device(config-route-map)# set ip default
vrf vrf2 next-hop 135.35.35.2
The default keyword verifies the presence of
or
the IP address in the routing table of the VRF.
Device(config-route-map)# set vrf vrf2 If the IP address is present the packet is not
policy routed but forwarded based on the
routing table. If the IP address is absent in the
routing table, the packet is policy routed and
sent to the specified next hop.
The set vrf keyword routes packets using a particular VRF table through any of the interfaces belonging to that VRF. If there is no route in the VRF table, the packet will be dropped.
interface HundredGigE rack/slot/module/port Configures a Hundred Gigabit Ethernet
Example:
Device(config-if)# interface
interface and enters interface configuration mode.
HundredGigE1/0/11
no switchport Example:
Device(config-if)# no switchport
Configures the interface as a Layer 3 Ethernet interface.
vrf forwarding vrf-name
Associates the VRF with the Layer 3 interface.
Example:
Device(config-if)# vrf forwarding vrf1
ip address ip-address subnet-mask
Example:
Device(config-if-vrf)# ip address 100.1.1.1 255.255.255.0
Enters the IP address for the interface.
ip policy route-map map-tag Example:
Identifies the route map to use for PBR.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 537
Configuring IPv6 Inter-VRF in a Route Map
Configuring VRF aware PBR
Step 13 Step 14 Step 15 Step 16 Step 17
Command or Action
Purpose
Device(config-if)# ip policy route-map vrf1_vrf2
end Example:
Device(config-if)# end
Exits interface configuration mode and returns to privileged EXEC mode.
interface HundredGigE rack/slot/module/port Configures a Hundred Gigabit Ethernet
Example:
Device(config)# interface
interface and enters interface configuration mode.
HundredGigE1/0/25
no switchport Example:
Device(config-if)# no switchport
Configures the interface as a Layer 3 Ethernet interface.
vrf forwarding vrf-name
Associates the VRF with the Layer 3 interface.
Example:
Device(config-if)# vrf forwarding vrf2
ip address ip-address subnet-mask
Example:
Device(config-if-vrf)ip address 135.35.35.1 255.255.255.0
Enters the IP address for the interface.
Configuring IPv6 Inter-VRF in a Route Map
Before you begin You can use the following set clauses of the route-map commands:
· set ipv6 vrf vrf-name next-hopip-address[ip-address]: Indicates where to route IPv6 packets that pass a match criteria of a route map using the next-hop specified for the VRF.
· set ip default vrf vrf-namenexthopip-address[ip-address]: Verifies the presence of the IP address in the routing table of the VRF. If the IP address is present the packet is not policy routed but forwarded based on the routing table. If the IP address is absent in the routing table, the packet is policy routed and sent to the specified next hop.
· set vrf: Routes packets using a particular VRF table through any of the interfaces belonging to that VRF. If there is no route in the VRF table, the packet will be dropped.
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 538
Configuring VRF aware PBR
Configuring IPv6 Inter-VRF in a Route Map
Step 2 Step 3 Step 4
Step 5 Step 6
Step 7
Command or Action
Device> enable
configure terminal Example:
Purpose Enters global configuration mode.
Device# configure terminal
ip access-list {standard |extended}[access-list-name |access-list-number]
Example:
Device# ipv6 access-list acl_vrf1
Specifies the IP access list type and enters the corresponding access list configuration mode. You can specify a standard, extended, or named access list.
[sequence-number]{permit|deny}protocol Defines the criteria for which the access list
source source-wildcard destination
will permit or deny packets. Match criteria can
destination-wildcard
be defined based on IPv6 addresses, IPv6
Example:
address ranges, and other IPv6 packet access list filtering options. Named, numbered,
Device(config-ipv6-acl)# 10 permit ipv6 standard, and extended access lists are
1333::/64 2000::/64
supported. You can use all IPv6 access list
configuration options in Cisco IOS software
to define match criteria.
route-map map-tag [permit |deny][sequence-number]
Example:
Device(config-route-map)# route-map vrf1_vrf2_v6 permit 10
Defines the conditions for redistributing routes from one routing protocol into another, or enables policy routing. Enters route-map configuration mode.
match ip-address {acl-number [acl-number Distributes any routes that have a destination
|acl-name ]|acl-name [acl-name
network number address that is permitted by
|acl-number ]}
a standard or extended access list, and
Example:
performs policy routing on matched packets.
Device(config-route-map)# match ipv6
· ·IPv6 access lists are supported.
address acl_vrf1
· ·The example configures the route map
to use standard access list 1 to define
match criteria.
set ip vrf vrf-name next-hop {ip-address The set ipv6 vrf
[ip-address]|}
vrf-namenext-hopip-address[ip-address]
· set ip default vrfvrf-name next-hop{ip-address [ip-address]|}
· set vrfvrf-name
Example:
command indicates where to route IPv4 packets that pass a match criteria of a route map using the next-hop specified for the VRF.
The default keyword verifies the presence of the IP address in the routing table of the VRF.
Device(config-route-map)# set ipv6 vrf If the IP address is present the packet is not
vrf2 next-hop 1335::1
policy routed but forwarded based on the
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 539
Configuring IPv6 Inter-VRF in a Route Map
Configuring VRF aware PBR
Step 8 Step 9 Step 10 Step 11 Step 12 Step 13 Step 14 Step 15 Step 16
Command or Action
Purpose
or
routing table. If the IP address is absent in the
Device(config-route-map)# set ipv6 default vrf vrf2 next-hop 1335::1 or
routing table, the packet is policy routed and sent to the specified next hop.
Device(config-route-map)# set vrf vrf2
interface HundredGigE rack/slot/module/port Configures a Hundred Gigabit Ethernet
Example:
Device(config-if)# interface
interface and enters interface configuration mode.
HundredGigE1/0/11
no switchport Example:
Device(config-if)# no switchport
Configures the interface as a Layer 3 Ethernet interface.
vrf forwarding vrf-name
Associates the VRF with the Layer 3 interface.
Example:
Device(config-if)# vrf forwarding vrf1
ip address ip-address subnet-mask
Example:
Device(config-if-vrf)# ipv6 address 1000::1/64
Enters the IP address for the interface.
ip policy route-map map-tag
Identifies the route map to use for PBR.
Example:
Device(config-if)# ipv6 policy route-map vrf1_vrf2_v6
end Example:
Device(config-if)# end
Exits interface configuration mode and returns to privileged EXEC mode.
interface HundredGigE rack/slot/module/port Configures a Hundred Gigabit Ethernet
Example:
interface and enters interface configuration mode.
Device(config)# interface
HundredGigE1/0/25
no switchport Example:
Device(config-if)# no switchport
Configures the interface as a Layer 3 Ethernet interface.
vrf forwarding vrf-name Example:
Device(config-if)vrf forwarding vrf2
Associates the VRF with the Layer 3 interface.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 540
Configuring VRF aware PBR
Configuring VRF to Global Routing Table selection in a Route Map
Step 17 Step 18
Command or Action ip address ip-address subnet-mask Example:
Device(config-if-vrf) ipv6 address 1335::2/64
ipv6 enable Example:
Device(cofig-if) ipv6 enable
Purpose Enters the IP address for the interface.
Enables IPv6 processing on an interface that has not been configured with an explicit IPv6 address.
Configuring VRF to Global Routing Table selection in a Route Map
Before you begin You can use the following set clauses of the route-map commands:
· set ip global next hop: indicates where to forward IPv4/IPv6 packets that pass a match criterion of a route map for PBR and for which the global routing table is used.
· set global: routes the packets through the global routing table.
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3 Step 4
Device# configure terminal
ip access-list {standard |extended}[access-list-name |access-list-number]
Example:
Device# ip access-list standard 10
Specifies the IP access list type and enters the corresponding access list configuration mode. You can specify a standard, extended, or named access list.
[sequence-number ]{permit|deny}protocol Defines the criteria for which the access list
source source-wildcard destination
will permit or deny packets. Match criteria can
destination-wildcard
be defined based on IP addresses, IP address
Example:
ranges, and other IP packet access list filtering options. Named, numbered, standard, and
Device(config-ipv4-acl)# 10 permit 133.33.33.0 0.0.0.255
extended access lists are supported. You can
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 541
Configuring VRF to Global Routing Table selection in a Route Map
Configuring VRF aware PBR
Step 5 Step 6
Step 7
Step 8 Step 9 Step 10 Step 11
Command or Action
Purpose
use all IP access list configuration options in Cisco IOS software to define match criteria.
route-map map-tag [permit |deny ][sequence-number]
Example:
Device(config-route-map)# route-map vrf1_global permit 10
Defines the conditions for redistributing routes from one routing protocol into another, or enables policy routing. Enters route-map configuration mode.
match ip-address {acl-number [acl-number Forwards any routes that have a destination
|acl-name ]|acl-name [acl-name
network number address that is permitted by
|acl-number]}
a standard or extended access list, and
Example:
performs policy routing on matched packets.
Device(config-route-map)# match ip
· ·IP access lists are supported.
address 10
· ·The example configures the route map
to use standard access list 1 to define
match criteria.
set ip default global next-hop ip-address Specifies the next hop for routing packets. [ip-address]
· set global
Example:
Device(config-route-map)# set ip default global next-hop 135.35.35.2
or Device(config-route-map)# set global
interface HundredGigE rack/slot/module/port Configures a Hundred Gigabit Ethernet
Example:
interface and enters interface configuration mode.
Device(config-if)# interface
HundredGigE1/0/11
no switchport Example:
Device(config-if)# no switchport
Configures the interface as a Layer 3 Ethernet interface.
vrf forwarding vrf-name
Associates the VRF with the Layer 3 interface.
Example:
Device(config-if)# vrf forwarding vrf1
ip address ip-address subnet-mask
Example:
Device(config-if-vrf)#ip address 100.1.1.1 255.255.255.0
Enters the IP address for the interface.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 542
Configuring VRF aware PBR
Configuring IPv6 VRF to Global Routing Table selection in a Route Map
Step 12 Step 13 Step 14 Step 15 Step 16
Command or Action
Purpose
ip policy route-map map-tag
Identifies the route map to use for PBR.
Example:
Device(config-if)# ip policy route-map vrf1_global
end Example:
Device(config-f)# end
Exits interface configuration mode and returns to privileged EXEC mode.
interface HundredGigE rack/slot/module/port Configures a Hundred Gigabit Ethernet
Example:
interface and enters interface configuration mode.
Device(config)# interface
HundredGigE1/0/25
no switchport Example:
Device(config-if)# no switchport
Configures the interface as a Layer 3 Ethernet interface.
ip address ip-address subnet-mask
Example:
Device(config-if-vrf)ip address 135.35.35.1 255.255.255.0
Enters the IP address for the interface.
Configuring IPv6 VRF to Global Routing Table selection in a Route Map
Before you begin You can use the following set clauses of the route-map commands:
· set ipv6 global next hop: indicates where to forward IPv6 packets that pass a match criterion of a route map for PBR and for which the global routing table is used.
· set global: routes the packets through the global routing table.
Procedure Step 1
Command or Action enable Example:
Step 2
Device> enable
configure terminal Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Enters global configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 543
Configuring IPv6 VRF to Global Routing Table selection in a Route Map
Configuring VRF aware PBR
Step 3 Step 4 Step 5 Step 6
Step 7 Step 8
Command or Action
Purpose
Device# configure terminal
ip access-list {standard |extended}[access-list-name |access-list-number]
Example:
Device# ipv6 access-list acl_vrf1
Specifies the IP access list type and enters the corresponding access list configuration mode. You can specify a standard, extended, or named access list.
[sequence-number ]{permit|deny}protocol Defines the criteria for which the access list
source source-wildcard destination
will permit or deny packets. Match criteria can
destination-wildcard
be defined based on IP addresses, IP address
Example:
ranges, and other IP packet access list filtering options. Named, numbered, standard, and
Device(config-ipv6-acl)# 10 permit ipv6 extended access lists are supported. You can
1333::/64 2000::/64
use all IP access list configuration options in
Cisco IOS software to define match criteria.
route-map map-tag [permit |deny ][sequence-number]
Example:
Device(config-route-map)# route-map vrf1_global_v6 permit 10
Defines the conditions for redistributing routes from one routing protocol into another, or enables policy routing. Enters route-map configuration mode.
match ip-address {acl-number [acl-number Forwards any routes that have a destination
|acl-name ]|acl-name
network number address that is permitted by
[acl-name|acl-number]}
a standard or extended access list, and
Example:
performs policy routing on matched packets.
Device(config-route-map)# match ipv6
· ·IP access lists are supported.
address acl_vrf1
· ·The example configures the route map
to use standard access list 1 to define
match criteria.
set ip default global next-hop ip-address[ip-address]
· set global
Example:
Device(config-route-map)# set ipv6 default global next-hop 1335::1 or Device(config-route-map)# set global
Specifies the next hop for routing packets.
interface HundredGigE rack/slot/module/port Configures a Hundred Gigabit Ethernet
Example:
Device(config-if)# interface
interface and enters interface configuration mode.
HundredGigE1/0/11
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 544
Configuring VRF aware PBR
Configuring Global Routing Table to VRF in a Route Map
Step 9 Step 10 Step 11 Step 12 Step 13 Step 14 Step 15 Step 16 Step 17
Command or Action no switchport Example:
Device(config-if)# no switchport
Purpose
Configures the interface as a Layer 3 Ethernet interface.
vrf forwarding vrf-name Example:
Device(config-if)vrf forwarding vrf1
Associates the VRF with the Layer 3 interface.
ip address ip-address subnet-mask
Example:
Device(config-if-vrf) ipv6 address 1000::1/64
Enters the IP address for the interface.
ip policy route-map map-tag
Identifies the route map to use for PBR.
Example:
Device(config-if)ipv6 policy route-map vrf1_global_v6
end Example:
Device(config-if) end
Exits interface configuration mode and returns to privileged EXEC mode.
interface HundredGigE rack/slot/module/port Configures a Hundred Gigabit Ethernet
Example:
interface and enters interface configuration mode.
Device(config)# interface
HundredGigE1/0/25
no switchport Example:
Device(config-if)# no switchport
Configures the interface as a Layer 3 Ethernet interface.
ip address ip-address subnet-mask
Example:
Device(config-if-vrf) ipv6 address 1335::2/64
Enters the IP address for the interface.
ipv6 enable Example:
Device(cofig-if) ipv6 enable
Enables IPv6 processing on an interface that has not been configured with an explicit IPv6 address.
Configuring Global Routing Table to VRF in a Route Map
Before you begin You can use the following set clauses of the route-map commands:
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 545
Configuring Global Routing Table to VRF in a Route Map
Configuring VRF aware PBR
· set ip vrf vrf-namenext-hopip-address[ip-address]: Indicates where to route IPv4 packets that pass a match criteria of a route map using the next-hop specified for the VRF.
· set ip default vrf vrf-namenexthopip-address[ip-address]: Verifies the presence of the IP address in the routing table of the VRF. If the IP address is present the packet is not policy routed but forwarded based on the routing table. If the IP address is absent in the routing table, the packet is policy routed and sent to the specified next hop.
· set vrf: Routes packets using a particular VRF table through any of the interfaces belonging to that VRF. If there is no route in the VRF table, the packet will be dropped.
Procedure Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Step 2
Device> enable
configure terminal Example:
Enters global configuration mode.
Step 3 Step 4
Step 5 Step 6
Device# configure terminal
ip access-list {standard |extended}[access-list-name |access-list-number]
Example:
Device# ip access-list standard 10
Specifies the IP access list type and enters the corresponding access list configuration mode. You can specify a standard, extended, or named access list.
[sequence-number ]{permit |deny}protocol Defines the criteria for which the access list
source source-wildcard destination
will permit or deny packets. Match criteria can
destination-wildcard
be defined based on IP addresses, IP address
Example:
ranges, and other IP packet access list filtering options. Named, numbered, standard, and
Device(config-ipv4-acl)# 10 permit 133.33.33.0 0.0.0.255
extended access lists are supported. You can use all IP access list configuration options in
Cisco IOS software to define match criteria.
route-map map-tag [permit|deny ][sequence-number]
Example:
Device(config-route-map)# route-map global_vrf permit 10
Defines the conditions for forwarding routes from one routing protocol into another, or enables policy routing. Enters route-map configuration mode.
match ip-address {acl-number [acl-number Forwards any routes that have a destination
|acl-name ]|acl-name [acl-name
network number address that is permitted by
|acl-number]}
a standard or extended access list, and
Example:
performs policy routing on matched packets.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 546
Configuring VRF aware PBR
Configuring Global Routing Table to VRF in a Route Map
Step 7
Step 8 Step 9 Step 10 Step 11 Step 12
Command or Action
Device(config-route-map)# match ip address 10
Purpose · ·IP access lists are supported.
· ·The example configures the route map to use standard access list 1 to define match criteria.
set ip vrf vrf-name next-hop
The set ip vrf
ip-address[ip-address]
vrf-namenext-hopip-address[ip-address]
· set ip default vrfvrf-namenext-hop{ip-address[ip-address]
command indicates where to route IPv4 packets that pass a match criteria of a route map using the next-hop specified for the VRF.
· set vrfvrf-name
Example:
The default keyword verifies the presence of the IP address in the routing table of the VRF.
Device(config-route-map)# set ip vrf If the IP address is present the packet is not
vrf2 next-hop 135.35.35.2
policy routed but forwarded based on the
or
Device(config-route-map)# set ip default routing table. If the IP address is absent in the
vrf vrf2 next-hop 135.35.35.2
routing table, the packet is policy routed and
or
sent to the specified next hop.
Device(config-route-map)# set vrf vrf2
The set vrf keyword routes packets using a
particular VRF table through any of the
interfaces belonging to that VRF. If there is no
route in the VRF table, the packet will be
dropped.
interface HundredGigE rack/slot/module/port Configures a Hundred Gigabit Ethernet
Example:
Device(config-if)# interface
interface and enters interface configuration mode.
HundredGigE1/0/11
no switchport Example:
Device(config-if)# no switchport
Configures the interface as a Layer 3 Ethernet interface.
ip address ip-address subnet-mask
Example:
Device(config-if-vrf)ip address 100.1.1.1 255.255.255.0
Enters the IP address for the interface.
ip policy route-map map-tag
Identifies the route map to use for PBR.
Example:
Device(config-if) ip policy route-map global_vrf1
end Example:
Device(config-if)# end
Exits interface configuration mode and returns to privileged EXEC mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 547
Configuring IPv6 Global Routing Table to VRF in a Route Map
Configuring VRF aware PBR
Step 13 Step 14 Step 15 Step 16
Command or Action
Purpose
interface HundredGigE rack/slot/module/port Configures a Hundred Gigabit Ethernet
Example:
Device(config)# interface
interface and enters interface configuration mode.
HundredGigE1/0/25
no switchport Example:
Device(config-if)# no switchport
Configures the interface as a Layer 3 Ethernet interface.
vrf forwarding vrf-name
Associates the VRF with the Layer 3 interface.
Example:
Device(config-if)# vrf forwarding vrf2
ip address ip-address subnet-mask
Example:
Device(config-if-vrf)# ip address 135.35.35.1 255.255.255.0
Enters the IP address for the interface.
Configuring IPv6 Global Routing Table to VRF in a Route Map
Before you begin You can use the following set clauses of the route-map commands:
· set ipv6 vrf vrf-name next-hopip-address[ip-address]: Indicates where to route IPv6 packets that pass a match criteria of a route map using the next-hop specified for the VRF.
· set ip default vrf vrf-namenexthopip-address[ip-address]: Verifies the presence of the IP address in the routing table of the VRF. If the IP address is present the packet is not policy routed but forwarded based on the routing table. If the IP address is absent in the routing table, the packet is policy routed and sent to the specified next hop.
· set vrf: Routes packets using a particular VRF table through any of the interfaces belonging to that VRF. If there is no route in the VRF table, the packet will be dropped.
Procedure Step 1
Command or Action enable Example:
Step 2
Device> enable
configure terminal Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Enters global configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 548
Configuring VRF aware PBR
Configuring IPv6 Global Routing Table to VRF in a Route Map
Step 3 Step 4 Step 5 Step 6
Step 7
Command or Action
Purpose
Device# configure terminal
ip access-list {standard |extended}[access-list-name |access-list-number]
Example:
Device# ipv6 access-list acl_vrf1
Specifies the IP access list type and enters the corresponding access list configuration mode. You can specify a standard, extended, or named access list.
[sequence-number]{permit|deny}protocol Defines the criteria for which the access list
source source-wildcard destination
will permit or deny packets. Match criteria can
destination-wildcard
be defined based on IP addresses, IP address
Example:
ranges, and other IP packet access list filtering options. Named, numbered, standard, and
Device(config-ipv6-acl)# 10 permit ipv6 extended access lists are supported. You can
1333::/64 2000::/64
use all IP access list configuration options in
Cisco IOS software to define match criteria.
route-map map-tag [permit |deny ][sequence-number]
Example:
Device(config-route-map)# route-map global_vrf_v6 permit 10
Defines the conditions for forwarding routes from one routing protocol into another, or enables policy routing. Enters route-map configuration mode.
match ip-address {acl-number [acl-number Forwards any routes that have a destination
|acl-name ]|acl-name
network number address that is permitted by
[acl-name|acl-number]}
a standard or extended access list, and
Example:
performs policy routing on matched packets.
Device(config-route-map)# match ipv6
· ·IPv6 access lists are supported.
address acl_vrf1
· ·The example configures the route map
to use standard access list 1 to define
match criteria.
set ip vrf vrf-name next-hop
The set ipv6 vrf
ip-address[ip-address]
vrf-namenext-hopip-address[ip-address]
· set ip default vrfvrf-namenext-hop{ip-address[ip-address]
command indicates where to route IPv4 packets that pass a match criteria of a route map using the next-hop specified for the VRF.
· set vrfvrf-name
Example:
The default keyword verifies the presence of the IP address in the routing table of the VRF.
Device(config-route-map)# set ipv6 vrf If the IP address is present the packet is not
vrf2 next-hop 1335::1 or Device(config-route-map)# set ipv6
policy routed but forwarded based on the routing table. If the IP address is absent in the
default vrf vrf2 next-hop 1335::1
routing table, the packet is policy routed and
or
sent to the specified next hop.
Device(config-route-map)# set vrf vrf2
The set vrf keyword routes packets using a
particular VRF table through any of the
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 549
Configuring IPv6 Global Routing Table to VRF in a Route Map
Configuring VRF aware PBR
Step 8 Step 9 Step 10 Step 11 Step 12 Step 13 Step 14 Step 15 Step 16
Command or Action
Purpose
interfaces belonging to that VRF. If there is no route in the VRF table, the packet will be dropped.
interface HundredGigE rack/slot/module/port Configures a Hundred Gigabit Ethernet
Example:
Device(config-if)# interface
interface and enters interface configuration mode.
HundredGigE1/0/11
no switchport Example:
Device(config-if)# no switchport
Configures the interface as a Layer 3 Ethernet interface.
ip address ip-address subnet-mask
Example:
Device(config-if-vrf)# ipv6 address 1000::1/64
Enters the IP address for the interface.
ip policy route-map map-tag
Identifies the route map to use for PBR.
Example:
Device(config-if)# ipv6 policy route-map global_vrf_v6
end Example:
Device(config-if)# end
Exits interface configuration mode and returns to privileged EXEC mode.
interface HundredGigE rack/slot/module/port Configures a Hundred Gigabit Ethernet
Example:
interface and enters interface configuration mode.
Device(config)# interface
HundredGigE1/0/25
no switchport Example:
Device(config-if)# no switchport
Configures the interface as a Layer 3 Ethernet interface.
vrf forwarding vrf-name
Associates the VRF with the Layer 3 interface.
Example:
Device(config-if)# vrf forwarding vrf2
ip address ip-address subnet-mask
Example:
Device(config-if-vrf)# ipv6 address 1335::2/64
Enters the IP address for the interface.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 550
Configuring VRF aware PBR
Configuration Examples for VRF aware PBR
Step 17
Command or Action ipv6 enable Example:
Device(cofig-if)# ipv6 enable
Purpose
Enables IPv6 processing on an interface that has not been configured with an explicit IPv6 address.
Configuration Examples for VRF aware PBR
Example: Configuring a VRF interface as an inherit VRF in a route map
This example shows how to configure a VRF interface as a inherit VRF in a route map.
Device(config)# ip access-list standard 10 Device(config-ipv4-acl)# 10 permit 133.33.33.0 0.0.0.255 Device(config-route-map)# route-map vrf1_vrf1 permit 10 Device(config-route-map)# match ip address 10 Device(config-route-map)# match length 64 1500 Device(config-route-map)# set ip next-hop 135.35.35.2 Device(config-if)# interface HundredGigE1/0/11 Device(config-if)# no switchport Device(config-if)# vrf forwarding vrf1 Device(config-if-vrf)# ip address 100.1.1.1 255.255.255.0 Device(config-if)# ip policy route-map vrf1_vrf1 Device(config-if)# end Device(config)# interface HundredGigE1/0/25 Device(config-if)# no switchport Device(config-if)# vrf forwarding vrf1 Device(config-if-vrf)# ip address 135.35.35.1 255.255.255.0
Example: Configuring an IPv6 VRF interface as an inherit VRF in a route map
This example shows how to configure an IPv6 VRF interface as a inherit VRF in a route map.
Device(config)# ipv6 access-list acl_vrf1 Device(config-ipv4-acl)# sequence 10 permit ipv6 1333::/64 2000::/64 Device(config-route-map)# route-map vrf1_vrf1_v6 permit 10 Device(config-route-map)# match ipv6 address acl_vrf1 Device(config-route-map)# match length 64 1500 Device(config-route-map)# set ipv6 next-hop 1335::1 Device(config-if)# interface HundredGigE1/0/11 Device(config-if)# no switchport Device(config-if)# vrf forwarding vrf1 Device(config-if)# ipv6 address 1000::1/64 Device(config-if)# ipv6 policy route-map vrf1_vrf1_v6
Device(config-if)# end Device(config)# interface HundredGigE1/0/25 Device(config-if)# no switchport Device(config-if)# vrf forwarding vrf1 Device(config-if-vrf)# ipv6 address 1335::2/64 Device(config-if-vrf)# ipv6 enable
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 551
Example: Configuring a VRF interface as an Inter VRF in a route map using the set ip vrf clause
Configuring VRF aware PBR
Example: Configuring a VRF interface as an Inter VRF in a route map using the set ip vrf clause
This example shows how to configure a VRF interface as an Inter VRF in a route map using the set ip vrf clause.
Device# ip access-list standard 10 Device(config-ipv4-acl)# 10 permit 133.33.33.0 0.0.0.255 Device(config-route-map)# route-map vrf1_vrf2 permit 10 Device(config-route-map)# match ip address 10 Device(config-route-map)# set ip vrf vrf2 next-hop 135.35.35.2 Device(config-if)# interface HundredGigE1/0/11 Device(config-if)# no switchport Device(config-if)# vrf forwarding vrf1 Device(config-if-vrf)# ip address 100.1.1.1 255.255.255.0 Device(config-if)# ip policy route-map vrf1_vrf1 Device(config-if)# end Device(config)# interface HundredGigE1/0/25 Device(config-if)# no switchport Device(config-if)# vrf forwarding vrf2 Device(config-if-vrf)# ip address 135.35.35.1 255.255.255.0
Example: Configuring a VRF interface as an IPv6 Inter VRF in a route map using the set ip vrf clause
This example shows how to configure an IPv6 VRF interface as an Inter VRF in a route map using the set ip vrf clause.
Device# ipv6 access-list acl_vrf1 Device(config-ipv4-acl)# sequence 10 permit ipv6 1333::/64 2000::/64 Device(config-route-map)# route-map vrf1_vrf2_v6 permit 10 Device(config-route-map)# match ipv6 address acl_vrf1 Device(config-route-map)# set ipv6 vrf vrf2 next-hop 1335::1 Device(config-if)# interface HundredGigE1/0/11 Device(config-if)# no switchport Device(config-if)# vrf forwarding vrf1 Device(config-if)# ipv6 address 1000::1/64 Device(config-if)# ipv6 policy route-map vrf1_vrf1_v6 Device(config-if)# end Device(config)# interface HundredGigE1/0/25 Device(config-if)# no switchport Device(config-if)# vrf forwarding vrf2 Device(cofig-if-vrf)# ipv6 address 1335::2/64 Device(config-if-vrf)# ipv6 enable
Example: Configuring a VRF interface as an Inter VRF in a route map using the set ip default vrf clause
This example shows how to configure a VRF interface as an Inter VRF in a route map using the set ip vrf clause.
Device# ip access-list standard 10 Device(config-ipv4-acl)# 10 permit 133.33.33.0 0.0.0.255 Device(config-route-map)# route-map vrf1_vrf2 permit 10 Device(config-route-map)# match ip address 10 Device(config-route-map)# set ip default vrf vrf2 next-hop 135.35.35.2 Device(config-if)# interface HundredGigE1/0/11
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 552
Configuring VRF aware PBR
Example: Configuring an IPv6 VRF interface as an Inter VRF in a route map using the set ip default vrf clause
Device(config-if)# no switchport Device(config-if)# vrf forwarding vrf1 Device(config-if-vrf)#ip address 100.1.1.1 255.255.255.0 Device(config-if-vrf)# ip policy route-map vrf1_vrf2 Device(config-if-vrf)# end Device(config-if)# interface HundredGigE1/0/25 Device(config-if)# no switchport Device(config-if)# vrf forwarding vrf2 Device(config-if-vrf)# ip address 135.35.35.1 255.255.255.0
Example: Configuring an IPv6 VRF interface as an Inter VRF in a route map using the set ip default vrf clause
This example shows how to configure an IPv6 VRF interface as an Inter VRF in a route map using the set ip vrf clause.
Device# ipv6 access-list acl_vrf1 Device(config-ipv6-acl)# sequence 10 permit ipv6 1333::/64 2000::/64 Device(config-route-map)# route-map vrf1_vrf2_v6 permit 10 Device(config-route-map)# match ipv6 address acl_vrf1 Device(config-route-map)# set ipv6 default vrf vrf2 next-hop 1335::1 Device(config-if)# interface HundredGigE1/0/11 Device(config-if)# no switchport Device(config-if)# vrf forwarding vrf1 Device(config-if-vrf)# ipv6 address 1000::1/64 Device(config-if-vrf)# ipv6 policy route-map vrf1_vrf2_v6 Device(config-if-vrf)# end Device(config-if)# interface HundredGigE1/0/25 Device(config-if)# no switchport Device(config-if)# vrf forwarding vrf2 Device(config-if-vrf)# ipv6 address 1335::2/64 Device(config-if-vrf)# ipv6 enable
Example: Configuring a VRF interface as an Inter VRF in a route map using the set vrf clause
This example shows how to configure a VRF interface as an Inter VRF in a route map using the set vrf clause.
Device# ip access-list standard 10 Device(config-ipv4-acl)# 10 permit 133.33.33.0 0.0.0.255 Device(config-route-map)# route-map vrf1_vrf2 permit 10 Device(config-route-map)# match ip address 10 Device(config-route-map)# set vrf vrf2 Device(config-if)# interface HundredGigE1/0/11 Device(config-if)# no switchport Device(config-if)# vrf forwarding vrf1 Device(config-if-vrf)# ip address 100.1.1.1 255.255.255.0 Device(config-if)# ip policy route-map vrf1_vrf2 Device(config-if)# end Device(config)# interface HundredGigE1/0/25 Device(config-if)# no switchport Device(config-if)# vrf forwarding vrf2 Device(config-if-vrf)# ip address 135.35.35.1 255.255.255.0
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 553
Example: Configuring an IPv6 VRF interface as an Inter VRF in a route map using the set vrf clause
Configuring VRF aware PBR
Example: Configuring an IPv6 VRF interface as an Inter VRF in a route map using the set vrf clause
This example shows how to configure an IPv6 VRF interface as an Inter VRF in a route map using the set vrf clause.
Device# ipv6 access-list acl_vrf1 Device(config-ipv4-acl)# sequence 10 permit ipv6 1333::/64 2000::/64 Device(config-route-map)# route-map vrf1_vrf2_v6 permit 10 Device(config-route-map)# match ipv6 address acl_vrf1 Device(config-route-map)# set vrf vrf2 Device(config-if)# interface HundredGigE1/0/11 Device(config-if)# no switchport Device(config-if)# vrf forwarding vrf1 Device(config-if)# ipv6 address 1000::1/64 Device(confog-f)# ipv6 policy route-map vrf1_vrf2_v6 Device(config-if)# end Device(config)# interface HundredGigE1/0/25 Device(config-if)# no switchport Device(config-if)# vrf forwarding vrf2 Device(config-if-vrf)# ipv6 address 1335::2/64 Device(config-if-vrf)# ipv6 enable
Example: Configuring a VRF to Global Routing Table in a Route Map using the set ip default global clause
This example shows how to configure packets from a VRF to Global Routing Table in a route map using the set ip default global clause.
Device# ip access-list standard 10 Device(config-ipv4-acl)# 10 permit 133.33.33.0 0.0.0.255 Device(config-route-map)# route-map vrf1_global permit 10 Device(config-route-map)# match ip address 10 Device(config-route-map)# set ip default global next-hop 135.35.35.2 Device(config-if)# interface HundredGigE1/0/11 Device(config-if)# no switchport Device(config-if)# vrf forwarding vrf1 Device(config-if-vrf)# ip address 100.1.1.1 255.255.255.0 Device(config-if)# ip policy route-map vrf1_global Device(config-if)# end Device(config)# interface HundredGigE1/0/25 Device(config-if)# no switchport Device(config-if-vrf)# ip address 135.35.35.1 255.255.255.0
Example: Configuring an IPv6 VRF to Global Routing Table in a Route Map using the set ip default global clause
This example shows how to configure packets from an IPv6 VRF to Global Routing Table in a route map using the set ip default global clause.
Device# ipv6 access-list acl_vrf1 Device(config-ipv4-acl)# sequence 10 permit ipv6 1333::/64 2000::/64 Device(config-route-map)# route-map vrf1_global_v6 permit 10 Device(config-route-map)# match ipv6 address acl_vrf1 Device(config-route-map)# set ipv6 default global next-hop 1335::1 Device(config-if)# interface HundredGigE1/0/11 Device(config-if)# no switchport
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 554
Configuring VRF aware PBR
Example: Configuring a VRF to Global Routing Table in a Route Map using the set global clause
Device(config-if)# vrf forwarding vrf1 Device(config-if)# ipv6 address 1000::1/64 Device(config-if)# ipv6 policy route-map vrf1_global_v6 Device(config-if)# end Device(config)# interface HundredGigE1/0/25 Device(config-if)# no switchport Device(config-if-vrf)# ipv6 address 1335::2/64 Device(config-if-vrf)# ipv6 enable
Example: Configuring a VRF to Global Routing Table in a Route Map using the set global clause
This example shows how to configure packets from a VRF to Global Routing Table in a route map using the set global clause.
Device# ip access-list standard 10 Device(config-ipv4-acl)# 10 permit 133.33.33.0 0.0.0.255 Device(config-route-map)# route-map vrf1_global permit 10 Device(config-route-map)# match ip address 10 Device(config-route-map)# set global Device(config-if)# interface HundredGigE1/0/11 Device(config-if)# no switchport Device(config-if)# vrf forwarding vrf1 Device(config-if-vrf)# ip address 100.1.1.1 255.255.255.0 Device(config-if)# ip policy route-map vrf1_global Device(config-if)# end Device(config)# interface HundredGigE1/0/25 Device(config-if)# no switchport Device(config-if-vrf)ip address 135.35.35.1 255.255.255.0
Example: Configuring an IPv6 VRF to Global Routing Table in a Route Map using the set global clause
This example shows how to configure packets from an IPv6 VRF to Global Routing Table in a route map using the set global clause.
Device# ipv6 access-list acl_vrf1 Device(config-ipv6-acl)# sequence 10 permit ipv6 1333::/64 2000::/64 Device(config-route-map)# route-map vrf1_global_v6 permit 10 Device(config-route-map)# match ipv6 address acl_vrf1 Device(config-route-map)# set global Device(config-if)# interface HundredGigE1/0/11 Device(config-if)# no switchport Device(config-if)# vrf forwarding vrf1 Device(config-if-vrf)# ipv6 address 1000::1/64 Device(config-if)# ipv6 policy route-map vrf1_global_v6 Device(config-if)# end Device(config)# interface HundredGigE1/0/25 Device(config-if)# no switchport Device(config-if-vrf)# ipv6 address 1335::2/64 Device(config-if-vrf)# ipv6 enable
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 555
Example: Configuring Global Routing Table to VRF in a Route Map using the set ip vrf clause
Configuring VRF aware PBR
Example: Configuring Global Routing Table to VRF in a Route Map using the set ip vrf clause
This example shows how to configure routing and forwarding of packets from Gloal Routing Table to a VRF in a route map using the set ip vrf clause.
Device# ip access-list standard 10 Device(config-ipv4-acl)# 10 permit 133.33.33.0 0.0.0.255 Device(config-route-map)# route-map global_vrf permit 10 Device(config-route-map)# match ip address 10 Device(config-route-map)# set ip vrf vrf2 next-hop 135.35.35.2 Device(config-if)# interface HundredGigE1/0/11 Device(config-if)# no switchport Device(config-if-vrf)# ip address 100.1.1.1 255.255.255.0 Device(config-if)# ip policy route-map global_vrf Device(config-if)# end Device(config)# interface HundredGigE1/0/25 Device(config-if)# no switchport Device(config-if)# vrf forwarding vrf2 Device(config-if-vrf)# ip address 135.35.35.1 255.255.255.0
Example: Configuring Global Routing Table to an IPv6 VRF in a Route Map using the set ipv6 vrf clause
This example shows how to configure routing and forwarding of packets from Gloal Routing Table to an IPv6 VRF in a route map using the set ipv6 vrf clause.
Device# ipv6 access-list acl_vrf1 Device(config-ipv4-acl)# sequence 10 permit ipv6 1333::/64 2000::/64 Device(config-route-map)# route-map global_vrf_v6 permit 10 Device(config-route-map)# match ipv6 address acl_vrf1 Device(config-route-map)# set ipv6 vrf vrf2 next-hop 1335::1 Device(config-if)# interface HundredGigE1/0/11 Device(config-if)# no switchport Device(config-if-vrf)# ipv6 address 1000::1/64 Device(config-if)# ipv6 policy route-map global_vrf_v6 Device(config-if)# end Device(config)# interface HundredGigE1/0/25 Device(config-if)# no switchport Device(config-if)# vrf forwarding vrf2 Device(config-if-vrf)# ipv6 address 1335::2/64 Device(config-if-vrf)# ipv6 enable
Example: Configuring Global Routing Table to VRF in a Route Map using the set ip default vrf clause
This example shows how to configure routing and forwarding of packets from Gloal Routing Table to a VRF in a route map using the set ip vrf clause.
Device# ip access-list standard 10 Device(config-ipv4-acl)# 10 permit 133.33.33.0 0.0.0.255 Device(config-route-map)# route-map global_vrf permit 10 Device(config-route-map)# match ip address 10 Device(config-route-map)# set ip default vrf vrf2 next-hop 135.35.35.2 Device(config-if)# interface HundredGigE1/0/11 Device(config-if-vrf)# ip address 100.1.1.1 255.255.255.0 Device(config-if-vrf)#ip policy route-map global_vrf
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 556
Configuring VRF aware PBR
Example: Configuring Global Routing Table to IPv6 VRF in a Route Map using the set ipv6 default vrf clause
Device(config-if)# end Device(config)# interface HundredGigE1/0/25 Device(config-if)# no switchport Device(config-if)# vrf forwarding vrf2 Device(config-if-vrf)# ip address 135.35.35.1 255.255.255.0
Example: Configuring Global Routing Table to IPv6 VRF in a Route Map using the set ipv6 default vrf clause
This example shows how to configure routing and forwarding of packets from Gloal Routing Table to a VRF in a route map using the set ipv6 default vrf clause.
Device# ipv6 access-list acl_vrf1 Device(config-ipv4-acl)# sequence 10 permit ipv6 1333::/64 2000::/64 Device(config-route-map)# route-map global_vrf_v6 permit 10 Device(config-route-map)# match ipv6 address acl_vrf1 Device(config-route-map)# set ipv6 default vrf vrf2 next-hop 1335::1 Device(config-if)# interface HundredGigE1/0/11 Device(config-if-vrf)# ipv6 address 1000::1/64 Device(config-if-vrf)# ipv6 policy route-map global_vrf_v6 Device(config-if)# end Device(config)# interface HundredGigE1/0/25 Device(config-if)# no switchport Device(config-if)# vrf forwarding vrf2 Device(config-if-vrf)# ipv6 address 1335::2/64 Device(config-if-vrf)# ipv6 enable
Example: Configuring Global Routing Table to VRF in a Route Map using the set vrf clause
This example shows how to configure routing and forwarding of packets from Gloal Routing Table to a VRF in a route map using the set vrf clause.
Device# ip access-list standard 10 Device(config-ipv4-acl)# 10 permit 133.33.33.0 0.0.0.255 Device(config-route-map)# route-map global_vrf permit 10 Device(config-route-map)# match ip address 10 Device(config-route-map)# set vrf vrf2 Device(config-if)# interface HundredGigE1/0/11 Device(config-if)# no switchport Device(config-if-vrf)# ip address 100.1.1.1 255.255.255.0 Device(config-if)# ip policy route-map global_vrf Device(config-if)# end Device(config)# interface HundredGigE1/0/25 Device(config-if)# no switchport Device(config-if)# vrf forwarding vrf2 Device(config-if-vrf)#ip address 135.35.35.1 255.255.255.0
Example: Configuring Global Routing Table to IPv6 VRF in a Route Map using the set vrf clause
This example shows how to configure routing and forwarding of packets from Gloal Routing Table to an IPv6 VRF in a route map using the set vrf clause.
Device# ipv6 access-list acl_vrf1 Device(config-ipv4-acl)# sequence 10 permit ipv6 1333::/64 2000::/64
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 557
Feature History for VRF aware PBR
Configuring VRF aware PBR
Device(config-route-map)# route-map global_vrf_v6 permit 10 Device(config-route-map)# match ipv6 address acl_vrf1 Device(config-route-map)# set vrf vrf2 Device(config-if)# interface HundredGigE1/0/11 Device(config-if)# no switchport Device(config-if-vrf)# ipv6 address 1000::1/64 Device(config-if)# ipv6 policy route-map global_vrf_v6 Device(config-if)# end Device(config)# interface HundredGigE1/0/25 Device(config-if)# no switchport Device(config-if)# vrf forwarding vrf2 Device(config-if-vrf)#ipv6 address 1335::2/64 Device(config-if-verf)# ipv6 enable
Feature History for VRF aware PBR
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Amsterdam 17.1.1 VRF aware PBR
PBR can be configured on VRF lite interfaces.
Cisco IOS XE Dublin 17.11.1 VRF aware PBR
Support for this feature was introduced on Cisco Catalyst 9600X Series Switches.
Use the Cisco Feature Navigator to find information about platform and software image support.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 558
4 2 C H A P T E R
Configuring VRF-lite
· Information About VRF-lite, on page 559 · Guidelines for Configuring VRF-lite, on page 560 · How to Configure VRF-lite, on page 562 · Additional Information for VRF-lite, on page 576 · Verifying VRF-lite Configuration, on page 577 · Configuration Examples for VRF-lite, on page 578 · Additional References for VRF-Lite, on page 582 · Feature History for Multicast VRF-lite, on page 582
Information About VRF-lite
VRF-lite is a feature that enables a service provider to support two or more VPNs, where IP addresses can be overlapped among the VPNs. VRF-lite uses input interfaces to distinguish routes for different VPNs and forms virtual packet-forwarding tables by associating one or more Layer 3 interfaces with each VRF. Interfaces in a VRF can be either physical, such as Ethernet ports, or logical, such as VLAN SVIs, but a Layer 3 interface cannot belong to more than one VRF at any time.
Note VRF-lite interfaces must be Layer 3 interfaces.
VRF-lite includes these devices: · Customer edge (CE) devices provide customer access to the service provider network over a data link to one or more provider edge routers. The CE device advertises the site's local routes to the provider edge router and learns the remote VPN routes from it. A Cisco Catalyst Switch can be a CE. · Provider routers (or core routers) are any routers in the service provider network that do not attach to CE devices.
With VRF-lite, multiple customers can share one CE, and only one physical link is used between the CE and the PE. The shared CE maintains separate VRF tables for each customer and switches or routes packets for each customer based on its own routing table. VRF-lite extends limited PE functionality to a CE device, giving it the ability to maintain separate VRF tables to extend the privacy and security of a VPN to the branch office. The following figure displays a configuration where each Cisco Catalyst switch acts as multiple virtual CEs. Because VRF-lite is a Layer 3 feature, each interface in a VRF must be a Layer 3 interface.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 559
Guidelines for Configuring VRF-lite Figure 24: Cisco Catalyst Switches Acting as Multiple Virtual CEs
Configuring VRF-lite
This figure illustrates the packet-forwarding process in a VRF-lite CE-enabled network. · When the CE receives a packet from a VPN, it looks up the routing table based on the input interface. When a route is found, the CE forwards the packet to the PE. · When the ingress PE receives a packet from the CE, it performs a VRF lookup. When a route is found, the router adds a corresponding MPLS label to the packet and sends it to the MPLS network. · When an egress PE receives a packet from the network, it strips the label and uses the label to identify the correct VPN routing table. The egress PE then performs the normal route lookup. When a route is found, it forwards the packet to the correct adjacency. · When a CE receives a packet from an egress PE, it uses the input interface to look up the correct VPN routing table. If a route is found, the CE forwards the packet within the VPN.
To configure VRF, create a VRF table and specify the Layer 3 interface associated with the VRF. You then configure the routing protocols in the VPN and between the CE and the PE. BGP is the preferred routing protocol used to distribute VPN routing information across the providers' backbone. The VRF-lite network has three major components:
· VPN route target communities--Lists all other members of a VPN community. You need to configure VPN route targets for each VPN community member.
· Multiprotocol BGP peering of VPN community PE routers--Propagates VRF reachability information to all members of a VPN community. You need to configure BGP peering in all PE routers within a VPN community.
· VPN forwarding--Transports all traffic between all VPN community members across a VPN service-provider network.
Guidelines for Configuring VRF-lite
IPv4 and IPv6 · A switch with VRF-lite is shared by multiple customers, and all customers have their own routing tables.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 560
Configuring VRF-lite
Guidelines for Configuring VRF-lite
· Because customers use different VRF tables, you can reuse the same IP addresses. Overlapped IP addresses are allowed in different VPNs.
· VRF-lite lets multiple customers share the same physical link between the PE and the CE. Trunk ports with multiple VLANs separate packets among customers. All customers have their own VLANs.
· For the PE router, there is no difference between using VRF-lite or using multiple CEs. In Information About VRF-lite, on page 559, multiple virtual Layer 3 interfaces are connected to the VRF-lite device.
· The Cisco Catalyst switch supports configuring VRF by using physical ports, VLAN SVIs, or a combination of both. You can connect SVIs through an access port or a trunk port.
· A customer can use multiple VLANs as long because they do not overlap with those of other customers. A customer's VLANs are mapped to a specific routing table ID that is used to identify the appropriate routing tables stored on the switch.
· The Layer 3 TCAM resource is shared between all VRFs. To ensure that any one VRF has sufficient CAM space, use the maximum routes command.
· A Cisco Catalyst switch using VRF can support one global network and multiple VRFs. The total number of routes supported is limited by the size of the TCAM.
· A single VRF can be configured for both IPv4 and IPv6.
· If an incoming packet's destination address is not found in the vrf table, the packet is dropped. Also, if insufficient TCAM space exists for a VRF route, hardware switching for that VRF is disabled and the corresponding data packets are sent to software for processing.
IPv4 Specific · You can use most routing protocols (BGP, OSPF, EIGRP, RIP and static routing) between the CE and the PE. However, we recommend using external BGP (EBGP) for these reasons: · BGP does not require multiple algorithms to communicate with multiple CEs.
· BGP is designed for passing routing information between systems run by different administrations.
· BGP makes simplifies passing attributes of the routes to the CE.
· The Cisco Catalyst switch supports PIM-SM and PIM-SSM protocols.
· The capability vrf-lite subcommand under router ospf should be used when configuring OSPF as the routing protocol between the PE and the CE.
IPv6 specific · VRF-aware OSPFv3, BGPv6, EIGRPv6, and IPv6 static routing are supported.
· VRF-aware IPv6 route applications include: ping, telnet, ssh, tftp, ftp and traceroute. (This list does not include the management interface, which is handled differently even though you can configure both IPv4 or IPv6 VRF under it.)
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 561
How to Configure VRF-lite
Configuring VRF-lite
How to Configure VRF-lite
This section provides information about configuring VRF-lite.
Configuring VRF-lite for IPv4
This section provides information about configuring VRF-lite for IPv4.
Configuring VRF-Aware Services
IP services can be configured on global interfaces and within the global routing instance. IP services are enhanced to run on multiple routing instances; they are VRF-aware. Any configured VRF in the system can be specified for a VRF-aware service. VRF-aware services are implemented in platform-independent modules. VRF provides multiple routing instances in Cisco IOS. Each platform has its own limit on the number of VRFs it supports. VRF-aware services have the following characteristics:
· The user can ping a host in a user-specified VRF.
· ARP entries are learned in separate VRFs. The user can display Address Resolution Protocol (ARP) entries for specific VRFs.
Configuring the User Interface for ARP
Procedure
Step 1
Command or Action show ip arp vrf vrf-name Example:
Device# show ip arp vrf vrf-name
Purpose
Displays the ARP table (static and dynamic entries) in the specified VRF.
Step 2
arp vrf vrf-name ip-address mac-address ARPA Creates a static ARP entry in the specified VRF.
Example:
Device(config)# arp vrf vrf-name ip-address mac-address ARPA
Configuring Per-VRF for TACACS+ Servers
The per-VRF for TACACS+ servers feature enables you to configure per-virtual route forwarding (per-VRF) authentication, authorization, and accounting (AAA) on TACACS+ servers. You can create the VRF routing table (shown in Steps 3 and 4) and configure the interface (Steps 6, 7, and 8). The actual configuration of per-VRF on a TACACS+ server is done in Steps 10 through 13.
Before you begin Before configuring per-VRF on a TACACS+ server, you must have configured AAA and a server group.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 562
Configuring VRF-lite
Configuring Per-VRF for TACACS+ Servers
Procedure Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10
Command or Action enable Example:
Device> enable
Purpose
Enables privileged EXEC mode. Enter your password if prompted.
configure terminal Example:
Device# configure terminal
Enters global configuration mode.
vrf definition vrf-name Example:
Configures a VRF table and enters VRF configuration mode.
Device(config)# vrf definition vrf-name
rd route-distinguisher
Example:
Device(config-vrf)# rd route-distinguisher
Creates routing and forwarding tables for a VRF instance.
exit Example:
Device(config-vrf)# exit
Exits VRF configuration mode.
interface interface-name Example:
Configures an interface and enters interface configuration mode.
Device(config)# interface interface-name
vrf forwarding vrf-name
Example:
Device(config-if)# vrf forwarding vrf-name
Configures a VRF for the interface.
ip address ip-address mask [secondary] Example:
Sets a primary or secondary IP address for an interface.
Device(config-if)# ip address ip-address mask [secondary]
exit Example:
Device(config-vrf)# exit
Exits interface configuration mode.
aaa group server tacacs+ group-name
Groups different TACACS+ server hosts into
Example:
distinct lists and distinct methods and enters server-group configuration mode.
Device(config)# aaa group server tacacs+
tacacs1
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 563
Configuring Multicast VRFs
Configuring VRF-lite
Step 11
Step 12 Step 13 Step 14
Command or Action
server-private {ip-address | name} [nat] [single-connection] [port port-number] [timeout seconds] [key [0 | 7] string]
Example:
Device(config-sg-tacacs+)# server-private 10.1.1.1 port 19 key cisco
Purpose
Configures the IP address of the private TACACS+ server for the group server.
vrf forwarding vrf-name
Example:
Device(config-sg-tacacs+)# vrf forwarding vrf-name
Configures the VRF reference of a AAA TACACS+ server group.
ip tacacs source-interface subinterface-name Uses the IP address of a specified interface for
Example:
all outgoing TACACS+ packets.
Device(config-sg-tacacs+)# ip tacacs source-interface subinterface-name
exit Example:
Device(config-sg-tacacs)# exit
Exits server-group configuration mode.
Example
The following example lists all the steps to configure per-VRF TACACS+:
Device> enable Device# configure terminal Device(config)# vrf definition cisco Device(config-vrf)# rd 100:1 Device(config-vrf)# exit Device(config)# interface Loopback0 Device(config-if)# vrf forwarding cisco Device(config-if)# ip address 10.0.0.2 255.0.0.0 Device(config-if)# exit Device(config-sg-tacacs+)# vrf forwarding cisco Device(config-sg-tacacs+)# ip tacacs source-interface Loopback0 Device(config-sg-tacacs)# exit
Configuring Multicast VRFs
Procedure Step 1
Command or Action configure terminal Example:
Device# configure terminal
Purpose Enters global configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 564
Configuring VRF-lite
Configuring Multicast VRFs
Step 2 Step 3 Step 4 Step 5 Step 6
Step 7 Step 8 Step 9 Step 10
Command or Action ip routing Example:
Device(config)# ip routing
Purpose Enables IP routing.
vrf definition vrf-name Example:
Configures a VRF table and enters VRF configuration mode.
Device(config)# vrf definition vrf-name
ip multicast-routing vrf vrf-name Example:
(Optional) Enables global multicast routing for VRF table.
Device(config-vrf)# ip multicast-routing vrf vrf-name
rd route-distinguisher
Example:
Device(config-vrf)# rd route-distinguisher
Creates a VRF table by specifying a route distinguisher. Enter either an AS number and an arbitrary number (xxx:y) or an IP address and arbitrary number (A.B.C.D:y).
route-target {export | import | both}
Creates a list of import, export, or import and
route-target-ext-community
export route target communities for the
Example:
specified VRF. Enter either an AS system number and an arbitrary number (xxx:y) or an
Device(config-vrf)# route-target {export IP address and an arbitrary number
| import | both} route-target-ext-community
(A.B.C.D:y).
The route-target-ext-community value should be the same as the route-distinguisher value entered in Step 4.
import map route-map Example:
(Optional) Associates a route map with the VRF.
Device(config-vrf)# import map route-map
interface interface-id
Enters interface configuration mode and
Example:
specifies the Layer 3 interface to be associated with the VRF. The interface can be a routed
Device(config)# interface interface-id port or a SVI.
vrf forwarding vrf-name
Example:
Device(config-if)# vrf forwarding vrf-name
Associates the VRF with the Layer 3 interface.
ip address ip-address mask
Configures IP address for the Layer 3 interface.
Example:
Device(config-if)# ip address ip-address mask
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 565
Configuring IPv4 VRFs
Configuring VRF-lite
Step 11 Step 12 Step 13 Step 14
Command or Action
Purpose
ip pim sparse-mode Example:
Enables PIM on the VRF-associated Layer 3 interface.
Device(config-if)# ip pim sparse-mode
end Example:
Device(config-if)# end
Returns to privileged EXEC mode.
show vrf definition [brief | detail | interfaces] Verifies the configuration. Display information
[vrf-name]
about the configured VRFs.
Example:
Device# show vrf definition brief
copy running-config startup-config
Example:
Device# copy running-config startup-config
(Optional) Saves your entries in the configuration file.
Example
The following example shows how to configure multicast within a VRF table:
Device(config)# ip routing Device(config)# vrf definition multiVrfA Device(config-vrf)# ip multicast-routing vrf multiVrfA Device(config-vrf)# interface GigabitEthernet3/1/0 Device(config-if)# vrf forwarding multiVrfA Device(config-if)# ip address 172.21.200.203 255.255.255.0 Device(config-if)# ip pim sparse-mode
Configuring IPv4 VRFs
Procedure Step 1 Step 2 Step 3
Command or Action configure terminal Example:
Device# configure terminal
ip routing Example:
Device# configure terminal
vrf definition vrf-name Example:
Purpose Enters global configuration mode.
Enters global configuration mode.
Names the VRF and enters VRF configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 566
Configuring VRF-lite
Configuring IPv4 VRFs
Step 4 Step 5
Step 6 Step 7 Step 8 Step 9 Step 10 Step 11
Command or Action
Purpose
Device(config)# vrf definition vrf-name
rd route-distinguisher
Example:
Device(config-vrf)# rd route-distinguisher
Creates a VRF table by specifying a route distinguisher. Enter either an Autonomous System number number and an arbitrary number (xxx:y) or an IP address and arbitrary number (A.B.C.D:y).
route-target {export | import | both}
Creates a list of import, export, or import and
route-target-ext-community
export route target communities for the
Example:
specified VRF. Enter either an AS system number and an arbitrary number (xxx:y) or an
Device(config-vrf)# route-target {export IP address and an arbitrary number
| import | both} route-target-ext-community
(A.B.C.D:y).
Note
This command is effective only
if BGP is running.
import map route-map Example:
(Optional) Associates a route map with the VRF.
Device(config-vrf)# import map route-map
interface interface-id
Example:
Device(config-vrf)# interface interface-id
Enters interface configuration mode and specify the Layer 3 interface to be associated with the VRF. The interface can be a routed port or SVI.
vrf forwarding vrf-name
Example:
Device(config-if)# vrf forwarding vrf-name
Associates the VRF with the Layer 3 interface.
end Example:
Device(config-if)# end
Returns to privileged EXEC mode.
show vrf definition [brief | detail | interfaces] [vrf-name]
Example:
Device# show vfr definition [brief | detail | interfaces] [vrf-name]
Verifies the configuration. Displays information about the configured VRFs.
copy running-config startup-config
Example:
Device# copy running-config startup-config
(Optional) Saves your entries in the configuration file.
Use the no vrf definitionvrf-name global configuration command to delete a VRF and to remove all interfaces from it. Use the no vrf
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 567
Configuring VRF-lite for IPv6
Configuring VRF-lite
Command or Action
Purpose
forwarding interface configuration command to remove an interface from the VRF.
Configuring VRF-lite for IPv6
This section provides information about configuring VRF-lite for IPv6.
Configuring VRF-Aware Services
IPv6 services can be configured on global interfaces and within the global routing instance. IPv6 services are enhanced to run on multiple routing instances; they are VRF-aware. Any configured VRF in the system can be specified for a VRF-aware service. VRF-aware services are implemented in platform-independent modules. VRF provides multiple routing instances in Cisco IOS. Each platform has its own limit on the number of VRFs it supports. VRF-aware services have the following characteristics:
· The user can ping a host in a user-specified VRF. · Neighbor Discovery entries are learned in separate VRFs. The user can display Neighbor Discovery
(ND) entries for specific VRFs.
The following services are VRF-aware: · Ping · Unicast Reverse Path Forwarding (uRPF) · Traceroute · FTP and TFTP · Telnet and SSH · NTP
Configuring the User Interface for PING Perform the following task to configure a VRF-aware ping:
Procedure
Step 1
Command or Action ping vrf vrf-name ipv6-host Example:
Device# ping vrf vrf-name ipv6-host
Purpose
Pings an IPv6 host or address in the specified VRF.
Configuring the User Interface for uRPF You can configure uRPF on an interface assigned to a VRF. Source lookup is performed in the VRF table
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 568
Configuring VRF-lite
Configuring the User Interface for Traceroute
Procedure
Step 1
Command or Action configure terminal Example:
Device# configure terminal
Purpose Enters global configuration mode.
Step 2
interface interface-id Example:
Enters interface configuration mode and specifies the Layer 3 interface to configure.
Device(config)# interface interface-id
Step 3
no switchport Example:
Device(config-if)# no switchport
Removes the interface from Layer 2 configuration mode if it is a physical interface.
Step 4
vrf forwarding vrf-name
Example:
Device(config-if)# vrf forwarding vrf-name
Configures VRF on the interface.
Step 5
ipv6 address ip-address subnet-mask
Enters the IPv6 address for the interface.
Example:
Device(config-if)# ip address ip-address mask
Step 6
ipv6 verify unicast source reachable-via rx Enables uRPF on the interface. allow-default
Example:
Device(config-if)# ipv6 verify unicast source reachable-via rx allow-default
Step 7
end Example:
Device(config-if)# end
Returns to privileged EXEC mode.
Configuring the User Interface for Traceroute
Procedure
Step 1
Command or Action
traceroute vrf vrf-name ipv6address Example:
Device# traceroute vrf vrf-name ipv6address
Purpose
Specifies the name of a VPN VRF in which to find the destination address.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 569
Configuring the User Interface for Telnet and SSH
Configuring VRF-lite
Configuring the User Interface for Telnet and SSH
Procedure
Step 1
Command or Action
Purpose
telnet ipv6-address/vrf vrf-name Example:
Connects through Telnet to an IPv6 host or address in the specified VRF.
Device# telnet ipv6-address/vrf vrf-name
Step 2
ssh -l username -vrf vrf-name ipv6-host Example:
Connects through SSH to an IPv6 host or address in the specified VRF.
Device# ssh -l username -vrf vrf-name ipv6-host
Configuring the User Interface for NTP
Procedure
Step 1
Command or Action configure terminal Example:
Device# configure terminal
Purpose Enters global configuration mode.
Step 2 Step 3
ntp server vrf vrf-name ipv6-host
Configure the NTP server in the specified VRF.
Example:
Device(config)# ntp server vrf vrf-name ipv6-host
ntp peer vrf vrf-name ipv6-host
Example:
Device(config)# ntp peer vrf vrf-name ipv6-host
Configure the NTP peer in the specified VRF.
Configuring IPv6 VRFs
Procedure Step 1 Step 2
Command or Action configure terminal Example:
Device# configure terminal
vrf definition vrf-name Example:
Purpose Enters global configuration mode.
Names the VRF and enters VRF configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 570
Configuring VRF-lite
Configuring IPv6 VRFs
Step 3 Step 4 Step 5
Step 6 Step 7 Step 8 Step 9 Step 10
Command or Action
Purpose
Device(config)# vrf definition vrf-name
rd route-distinguisher
Example:
Device(config-vrf)# rd route-distinguisher
(Optional) Creates a VRF table by specifying a route distinguisher. Enter either an Autonomous System number and an arbitrary number (xxx:y) or an IP address and arbitrary number (A.B.C.D:y).
address-family ipv4 | ipv6 Example:
(Optional) IPv4 by default. Configuration MUST for IPv6.
Device(config-vrf)# address-family ipv4 | ipv6
route-target {export | import | both}
Creates a list of import, export, or import and
route-target-ext-community
export route target communities for the
Example:
specified VRF. Enter either an AS system number and an arbitrary number (xxx:y) or an
Device(config-vrf)# route-target {export IP address and an arbitrary number
| import | both} route-target-ext-community
(A.B.C.D:y).
Note
This command is effective only
if BGP is running.
exit-address-family Example:
Exits VRF address-family configuration mode and return to VRF configuration mode.
Device(config-vrf)# exit-address-family
vrf definition vrf-name
Enters VRF configuration mode.
Example:
Device(config)# vrf definition vrf-name
ipv6 multicast multitopology
Enables multicast specific RPF topology.
Example:
Device(config-vrf-af)# ipv6 multicast multitopology
address-family ipv6 multicast
Enter multicast IPv6 address-family.
Example:
Device(config-vrf)# address-family ipv6 multicast
end Example:
Device(config-vrf-af)# end
Returns to privileged EXEC mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 571
Associating Interfaces to the Defined VRFs
Configuring VRF-lite
Example
This example shows how to configure VRFs:
Device(config)# vrf definition red Device(config-vrf)# rd 100:1 Device(config-vrf)# address family ipv6 Device(config-vrf-af)# route-target both 200:1 Device(config-vrf)# exit-address-family Device(config-vrf)# vrf definition red Device(config-vrf)# ipv6 multicast multitopology Device(config-vrf)# address-family ipv6 multicast Device(config-vrf-af)# end
Associating Interfaces to the Defined VRFs
Procedure
Step 1
Command or Action
interface interface-id Example:
Device(config-vrf)# interface interface-id
Purpose
Enters interface configuration mode and specify the Layer 3 interface to be associated with the VRF. The interface can be a routed port or SVI.
Step 2
no switchport Example:
Device(config-if)# no switchport
Removes the interface from configuration mode if it is a physical interface.
Step 3
vrf forwarding vrf-name
Example:
Device(config-if)# vrf forwarding vrf-name
Associates the VRF with the Layer 3 interface.
Step 4
ipv6 enable Example:
Device(config-if)# ipv6 enable
Enable IPv6 on the interface.
Step 5
ipv6 address ip-address subnet-mask
Example:
Device(config-if)# ipv6 address ip-address subnet-mask
Enters the IPv6 address for the interface.
Step 6
show ipv6 vrf [brief | detail | interfaces] [vrf-name]
Verifies the configuration. Displays information about the configured VRFs.
Example:
Device# show ipv6 vrf [brief | detail | interfaces] [vrf-name]
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 572
Configuring VRF-lite
Populate VRF with Routes via Routing Protocols
Step 7
Command or Action
copy running-config startup-config Example:
Device# copy running-config startup-config
Purpose
(Optional) Saves your entries in the configuration file.
Example
This example shows how to associate an interface to VRFs:
Switch(config-vrf)# interface ethernet0/1 Switch(config-if)# vrf forwarding red Switch(config-if)# ipv6 enable Switch(config-if)# ipv6 address 5000::72B/64
Populate VRF with Routes via Routing Protocols
This section provides information about populating VRF with routes via routing protocols. Configuring VRF Static Routes
Procedure
Step 1
Command or Action configure terminal Example:
Device# configure terminal
Purpose Enters global configuration mode.
Step 2
ipv6 route [vrf vrf-name] ipv6-prefix/prefix-length {ipv6-address | interface-type interface-number [ipv6-address]}
To configure static routes specific to VRF.
Example:
Device(config)# ipv6 route [vrf vrf-name] ipv6-prefix/prefix-length {ipv6-address | interface-type interface-number
[ipv6-address]}
Example
Device(config)# ipv6 route vrf v6a 7000::/64 TenGigabitEthernet32 4000::2
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 573
Configuring OSPFv3 Router Process
Configuring VRF-lite
Configuring OSPFv3 Router Process
Procedure
Step 1
Command or Action configure terminal Example:
Device# configure terminal
Purpose Enters global configuration mode.
Step 2
router ospfv3 process-id Example:
Enables OSPFv3 router configuration mode for the IPv6 address family.
Device(config)# router ospfv3 process-id
Step 3
area area-ID [default-cot | nssa | stub]
Example:
Device(config-router)# area area-ID [default-cot | nssa | stub]
Configures the OSPFv3 area.
Step 4
router-id router-id
Example:
Device(config-router)# router-id router-id
Use a fixed router ID.
Step 5
address-family ipv6 unicast vrf vrf-name
Example:
Device(config-router)# address-family ipv6 unicast vrf vrf-name
Enters IPv6 address family configuration mode for OSPFv3 in VRF vrf-name
Step 6
redistribute source-protocol [process-id] options
Example:
Device(config-router)# redistribute source-protocol [process-id] options
Redistributes IPv6 routes from one routing domain into another routing domain.
Step 7
end Example:
Device(config-router)# end
Returns to privileged EXEC mode.
Example
This example shows how configure the OSPFv3 router process:
Device(config-router)# router ospfv3 1 Device(config-router)# router-id 1.1.1.1 Device(config-router)# address-family ipv6 unicast Device(config-router-af)# exit-address-family
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 574
Configuring VRF-lite
Enabling OSPFv3 on an Interface
Enabling OSPFv3 on an Interface
Procedure
Step 1
Command or Action configure terminal Example:
Device# configure terminal
Purpose Enters global configuration mode.
Step 2
interface type-number
Specifies an interface type and number, and
Example:
places the switch in interface configuration mode.
Device(config-vrf)# interface type-number
Step 3
ospfv3 process-id area area-ID ipv6 [instance Enables OSPFv3 on an interface with IPv6 AF. instance-id]
Example:
Device(config-if)# ospfv3 process-id area area-ID ipv6 [instance instance-id]
Step 4
end Example:
Device(config-if)# end
Returns to privileged EXEC mode.
Example
This example show how to enable OSPFv3 on an interface:
Device(config)# interface GigabitEthernet2/1 Device(config-if)# no switchport Device(config-if)# ipv6 address 4000::2/64 Device(config-if)# ipv6 enable Device(config-if)# ipv6 ospf 1 area 0 Device(config-if)# end
Configuring EIGRPv6 Routing Process
Procedure
Step 1
Command or Action configure terminal Example:
Device# configure terminal
Step 2
router eigrp virtual-instance-name
Example:
Device(config)# router eigrp virtual-instance-name
Purpose Enters global configuration mode.
Configures the EIGRP routing process and enters router configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 575
Additional Information for VRF-lite
Configuring VRF-lite
Step 3
Step 4 Step 5 Step 6 Step 7
Command or Action
address-family ipv6 vrf vrf-name autonomous-system autonomous-system-number
Example:
Device(config-router)# address-family ipv6 vrf vrf-name autonomous-system autonomous-system-number
Purpose
Enables EIGRP IPv6 VRF-Lite and enters address family configuration mode.
topology {base | topology-name tid number Configures an EIGRP process to route IP traffic
Example:
under the specified topology instance and enters address family topology configuration mode.
Device(config-router-af)# topology {base
| topology-name tid number
exit-aftopology
Example:
Device(config-router-af-topology)# exit-aftopology
Exits address family topology configuration mode.
eigrp router-id ip-address
Enables the use of a fixed router-id.
Example:
Device(config-router)# eigrp router-id ip-address
end Example:
Device(config-router)# end
Exits router configuration mode.
Example This example shows how to configure an EIGRP routing process:
Device(config)# router eigrp test Device(config-router)# address-family ipv6 unicast vrf b1 autonomous-system 10 Device(config-router-af)# topology base Device(config-router-af-topology)# exit-af-topology Device(config-router)# eigrp router-id 2.3.4.5 Device(config-router)# exit-address-family
Additional Information for VRF-lite
This section provides additional information about VRF-lite.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 576
Configuring VRF-lite
VPN Co-existence Between IPv4 and IPv6
VPN Co-existence Between IPv4 and IPv6
Backward compatibility between the "older" CLI for configuring IPv4 and the "new" CLI for IPv6 exists. This means that a configuration might contain both CLI. The IPv4 CLI retains the ability to have on the same interface, an IP address defined within a VRF as well as an IPv6 address defined in the global routing table.
For example:
vrf definition red rd 100:1 address family ipv6 route-target both 200:1 exit-address-family
! vrf definition blue
rd 200:1 route-target both 200:1 ! interface Ethernet0/0 vrf forwarding red ip address 50.1.1.2 255.255.255.0 ipv6 address 4000::72B/64 ! interface Ethernet0/1 vrf forwarding blue ip address 60.1.1.2 255.255.255.0 ipv6 address 5000::72B/64
In this example, all addresses (v4 and v6) defined for Ethernet0/0 refer to VRF red whereas for Ethernet0/1, the IP address refers to VRF blue but the ipv6 address refers to the global IPv6 routing table.
Verifying VRF-lite Configuration
This section provides steps for verifying VRF-lite configuration.
Displaying IPv4 VRF-lite Status
To display information about VRF-lite configuration and status, perform one of the following tasks:
Command
Purpose
Device# show ip protocols vrf vrf-name Displays routing protocol information associated with a VRF.
Device# show ip route vrf vrf-name [connected] [protocol [as-number]] [list] [mobile] [odr] [profile] [static] [summary][supernets-only]
Displays IP routing table information associated with a VRF.
Device# show vrf definition [brief | Displays information about the defined VRF instances. detail | interfaces] [vrf-name]
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 577
Configuration Examples for VRF-lite
Configuring VRF-lite
Command
Purpose
Device# bidir vrf instance-name a.b.c.d | Displays information about the defined VRF instances. active | bidriectional| count | interface | proxy | pruned | sparse | ssm | static | summary
This example shows how to display multicast route table information within a VRF instance:
Switch# show ip mroute 226.0.0.2
IP Multicast Routing Table Flags: S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet, X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement, U - URD, I - Received Source Specific Host Report, Z - Multicast Tunnel, z - MDT-data group sender, Y - Joined MDT-data group, y - Sending to MDT-data group, G - Received BGP C-Mroute, g - Sent BGP C-Mroute, N - Received BGP Shared-Tree Prune, n - BGP C-Mroute suppressed, Q - Received BGP S-A Route, q - Sent BGP S-A Route, V - RD & Vector, v - Vector, p - PIM Joins on route, x - VxLAN group, c - PFP-SA cache created entry Outgoing interface flags: H - Hardware switched, A - Assert winner, p - PIM Join Timers: Uptime/Expires Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 226.0.0.2), 00:01:17/stopped, RP 1.11.1.1, flags: SJCF Incoming interface: Null, RPF nbr 0.0.0.0 Outgoing interface list: Vlan100, Forward/Sparse, 00:01:17/00:02:36
(5.0.0.11, 226.0.0.2), 00:01:17/00:01:42, flags: FT Incoming interface: Vlan5, RPF nbr 0.0.0.0 Outgoing interface list: Vlan100, Forward/Sparse, 00:01:17/00:02:36
Configuration Examples for VRF-lite
This section provides configuration examples for VRF-lite.
Configuration Example for IPv6 VRF-lite
The following topology illustrates how to use OSPFv3 for CE-PE routing.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 578
Configuring VRF-lite Figure 25: VRF-lite Configuration Example
Configuration Example for IPv6 VRF-lite
Configuring CE1 Switch
ipv6 unicast-routing vrf definition v1
rd 100:1 ! address-family ipv6 exit-address-family !
vrf definition v2 rd 200:1 !
address-family ipv6 exit-address-family
!
interface Vlan100 vrf forwarding v1 ipv6 address 1000:1::1/64 ospfv3 100 ipv6 area 0
!
interface Vlan200 vrf forwarding v2 ipv6 address 2000:1::1/64 ospfv3 200 ipv6 area 0
!
interface GigabitEthernet 1/0/1 switchport access vlan 100 end
interface GigabitEthernet 1/0/2 switchport access vlan 200 end
interface GigabitEthernet 1/0/24 switchport trunk encapsulation dot1q
switchport mode trunk end
router ospfv3 100 router-id 10.10.10.10
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 579
Configuration Example for IPv6 VRF-lite
! address-family ipv6 unicast vrf v1
redistribute connected area 0 normal exit-address-family !
router ospfv3 200 router-id 20.20.20.20 ! address-family ipv6 unicast vrf v2 redistribute connected area 0 normal exit-address-family
!
Configuring PE Switch
ipv6 unicast-routing
vrf definition v1 rd 100:1 !
address-family ipv6 exit-address-family
!
vrf definition v2 rd 200:1 !
address-family ipv6 exit-address-family
! interface Vlan600
vrf forwarding v1 no ipv6 address ipv6 address 1000:1::2/64 ospfv3 100 ipv6 area 0 !
interface Vlan700 vrf forwarding v2 no ipv6 address ipv6 address 2000:1::2/64 ospfv3 200 ipv6 area 0
!
interface Vlan800 vrf forwarding v1 ipv6 address 3000:1::7/64 ospfv3 100 ipv6 area 0
! interface Vlan900
vrf forwarding v2 ipv6 address 4000:1::7/64 ospfv3 200 ipv6 area 0 !
interface GigabitEthernet 1/0/1 switchport trunk encapsulation dot1q switchport mode trunk exit
interface GigabitEthernet 1/0/2
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 580
Configuring VRF-lite
Configuring VRF-lite
switchport trunk encapsulation dot1q
switchport mode trunk exit
router ospfv3 100 router-id 30.30.30.30 ! address-family ipv6 unicast vrf v1 redistribute connected area 0 normal exit-address-family !
address-family ipv6 unicast vrf v2 redistribute connected area 0 normal
exit-address-family !
Configuring CE2 Switch
ipv6 unicast-routing
vrf definition v1 rd 100:1 !
address-family ipv6 exit-address-family
!
vrf definition v2 rd 200:1 !
address-family ipv6 exit-address-family
!
interface Vlan100 vrf forwarding v1
ipv6 address 1000:1::3/64 ospfv3 100 ipv6 area 0
!
interface Vlan200 vrf forwarding v2 ipv6 address 2000:1::3/64 ospfv3 200 ipv6 area 0
!
interface GigabitEthernet 1/0/1 switchport access vlan 100 end
interface GigabitEthernet 1/0/2 switchport access vlan 200 end
interface GigabitEthernet 1/0/24 switchport trunk encapsulation dot1q switchport mode trunk end
router ospfv3 100
Configuration Example for IPv6 VRF-lite
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 581
Additional References for VRF-Lite
Configuring VRF-lite
router-id 40.40.40.40 ! address-family ipv6 unicast vrf v1
redistribute connected area 0 normal exit-address-family !
router ospfv3 200 router-id 50.50.50.50 ! address-family ipv6 unicast vrf v2 redistribute connected
area 0 normal exit-address-family
!
Additional References for VRF-Lite
Related Documents
Related Topic
Document Title
For complete syntax and usage information for the See the IP Multicast Routing Commands section of the
commands used in this chapter.
Command Reference (Catalyst 9600 Series Switches)
Standards and RFCs Standard/RFC RFC 6763 Multicast DNS Internet-Draft
Title DNS-Based Service Discovery Multicast
Feature History for Multicast VRF-lite
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1 IPv6 Multicast support with VRF-Lite
IPv6 VRF-Lite allows a service provider to support two or more VPNs with overlapping IP addresses using one interface.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 582
Configuring VRF-lite
Feature History for Multicast VRF-lite
Release Cisco IOS XE Cupertino 17.7.1
Feature
IPv6 Multicast support with VRF-Lite
Feature Information
Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 583
Feature History for Multicast VRF-lite
Configuring VRF-lite
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 584
4 3 C H A P T E R
Configuring Unicast Reverse Path Forwarding
· Prerequisites for Unicast Reverse Path Forwarding, on page 585 · Restrictions for Unicast Reverse Path Forwarding, on page 585 · Information About Unicast Reverse Path Forwarding, on page 586 · How to Configure Unicast Reverse Path Forwarding, on page 592 · Monitoring and Maintaining Unicast Reverse Path Forwarding, on page 593 · Example: Configuring Unicast RPF, on page 595 · Feature History for Unicast Reverse Path Forwarding, on page 595
Prerequisites for Unicast Reverse Path Forwarding
· Unicast Reverse Path Forwarding (RPF) requires Cisco Express Forwarding to function properly on a device.
· Prior to configuring Unicast RPF, you must configure the following access control lists (ACLs): · Configure standard or extended ACL to mitigate the transmission of invalid IP addresses (by performing egress filtering). Configuring standard or extended ACLs permit only valid source addresses to leave your network and enter the Internet. · Configure standard or extended ACL entries to drop (deny) packets that have invalid source IP addresses (by performing ingress filtering). Invalid source IP addresses include the following types: · Broadcast addresses (including multicast addresses) · Loopback addresses · Private addresses (RFC 1918, Address Allocation for Private Internets) · Reserved addresses · Source addresses that fall outside the range of valid addresses that are associated with the protected network
Restrictions for Unicast Reverse Path Forwarding
The following basic restrictions apply to multihomed clients:
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 585
Information About Unicast Reverse Path Forwarding
Configuring Unicast Reverse Path Forwarding
· Clients should not be multihomed on the same device because multihoming defeats the purpose of creating a redundant service for a client.
· Ensure that packets that flow up the link (out to the Internet) match the route advertised out of the link. Otherwise, Unicast RPF filters these packets as malformed packets.
· This feature is not supported on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2).
Information About Unicast Reverse Path Forwarding
The Unicast Reverse Path Forwarding feature helps to mitigate problems that are caused by the introduction of malformed or forged (spoofed) IP source addresses into a network by discarding IP packets that lack a verifiable IP source address. For example, a number of common types of denial-of-service (DoS) attacks, including Smurf and Tribal Flood Network (TFN), can take advantage of forged or rapidly changing source IP addresses to allow attackers to thwart efforts to locate or filter the attacks. For Internet service providers (ISPs) that provide public access, Unicast RPF deflects such attacks by forwarding only packets that have source addresses that are valid and consistent with the IP routing table. This action protects the network of the ISP, its customer, and the rest of the Internet.
Note Enabling IPv4 unicast RPF also enables IPv6 unicast RPF. This is applicable only for the Cisco Catalyst 9600 Series Supervisor 2 Module.
Unicast RPF Operation
When Unicast RPF is enabled on an interface of a device, the device examines all packets received as input on that interface to ensure that the source address and source interface information appears in the routing table and matches the interface on which packets are received. This ability to "look backwards" is available only when Cisco Express Forwarding is enabled on a device because the lookup relies on the presence of a Forwarding Information Base (FIB). Cisco Express Forwarding generates a FIB as part of its operation.
Note Unicast RPF is an input function and is applied only on the input interface of a device at the upstream end of a connection.
Unicast RPF does a reverse lookup in the Cisco Express Forwarding table to check if any packet received at the interface of a device arrives on the best return path (or return route) to the source of the packet. If the packet was received from one of the best reverse path routes, the packet is forwarded as normal. No reverse path route on the interface from which the packet was received can mean that the source address was modified. If Unicast RPF cannot find a reverse path for the packet, the packet is dropped or forwarded, depending on whether an access control list (ACL) is specified by using the ip verify unicast reverse-path command in interface configuration mode.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 586
Configuring Unicast Reverse Path Forwarding
Per-Interface Statistics
Note With Unicast RPF, all equal-cost "best" return paths are considered valid. Unicast RPF supports multiple return paths, provided that each path is equal to the others in terms of the routing cost (such as number of hops, weights, and so on) and the route is available in the FIB. Unicast RPF also functions where Enhanced Interior Gateway Routing Protocol (EIGRP) variants are used.
Before forwarding a packet that is received at the interface on which Unicast RPF and ACLs have been configured, Unicast RPF does the following checks:
1. If input ACLs are configured on the inbound interface.
2. If the packet has arrived on the best return path to the source by doing a reverse lookup in the FIB table.
3. Does a lookup of the Cisco Express Forwarding table for packet forwarding.
4. Checks output ACLs on the outbound interface.
5. Forwards the packet.
Per-Interface Statistics
Each time a packet is dropped or forwarded at an interface, that information is counted two ways: globally on the device and at each interface where you have applied Unicast RPF. Global statistics on dropped packets provide information about potential attacks on the network; however, these global statistics do not help to specify which interface is the source of the attack.
Per-interface statistics allow network administrators to track two types of information about malformed packets: Unicast RPF drops and Unicast RPF suppressed drops. Statistics on the number of packets that Unicast RPF drops help to identify the interface that is the entry point of the attack. The Unicast RPF drop count tracks the number of drops at the interface. The Unicast RPF suppressed drop count tracks the number of packets that failed the Unicast RPF check but were forwarded because of the permit permission set up in the ACL. Using the drop count and suppressed drop count statistics, a network administrator can takes steps to isolate the attack at a specific interface.
The figure below illustrates how Unicast RPF and CEF work together to validate IP source addresses by verifying packet return paths. In this example, a customer has sent a packet having a source address of 192.168.1.1 from interface FDDI 2/0/0. Unicast RPF checks the FIB to see if 192.168.1.1 has a path to FDDI 2/0/0. If there is a matching path, the packet is forwarded. If there is no matching path, the packet is dropped.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 587
Per-Interface Statistics Figure 26: Unicast RPF Validating IP Source Addresses
Configuring Unicast Reverse Path Forwarding
The figure below illustrates how Unicast RPF drops packets that fail validation. In this example, a customer has sent a packet having a source address of 209.165.200.225, which is received at interface FDDI 2/0/0. Unicast RPF checks the FIB to see if 209.165.200.225 has a return path to FDDI 2/0/0. If there is a matching path, the packet is forwarded. In this case, there is no reverse entry in the routing table that routes the customer packet back to source address 209.165.200.225 on interface FDDI 2/0/0, and so the packet is dropped.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 588
Configuring Unicast Reverse Path Forwarding
Implementation of Unicast Reverse Path Forwarding Notification
Figure 27: Unicast RPF Dropping Packets That Fail Verification
Implementation of Unicast Reverse Path Forwarding Notification
Unicast RPF is a security feature that verifies the validity of the source IP of an incoming packet. When a packet arrives at an interface and its source IP is unknown in the routing table or is a known bad source address, Unicast RPF drops the packet. IP verification of the source is done to prevent the DoS attacks by detecting problems with the incoming packets on an interface. However, deploying Unicast RPF without some automated monitoring capability is a challenge. The CISCO-IP-URPF-MIB lets you specify a Unicast RPF drop-rate threshold on interfaces of a managed device that will send an SNMP notification when the threshold is exceeded. The MIB includes objects for specifying global and per-interface drop counts and drop rates and a method to generate SNMP traps when the drop rate exceeds a configurable per-interface threshold. Although you can configure some parameters globally, you must configure the CISCO-IP-URPF-MIB on individual interfaces.
Security Policy and Unicast RPF
When determining how to deploy Unicast Reverse Path Forwarding (RPF), consider the following points: · Apply Unicast RPF at the downstream interface, away from the larger portion of the network, preferably at the edges of your network. The further you apply Unicast RPF, the finer the granularity you have in mitigating address spoofing and in identifying sources of spoofed addresses. For example, applying Unicast RPF on an aggregation device helps to mitigate attacks from many downstream networks or
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 589
Ingress and Egress Filtering Policy for Unicast RPF
Configuring Unicast Reverse Path Forwarding
clients and is simple to administer, but Unicast RPF does not help in identifying the source of the attack. Applying Unicast RPF at the network access server helps to limit the scope of the attack and trace the source of the attack. However, deploying Unicast RPF across many sites adds to the administration cost of operating a network.
· When you deploy Unicast RPF on many entities on a network (for example, across the Internet, intranet, and extranet resources), you have better chances of mitigating large-scale network disruptions throughout the Internet community, and of tracing the source of an attack.
· Unicast RPF does not inspect IP packets that are encapsulated in tunnels, such as the generic routing encapsulation (GRE), Layer 2 Tunneling Protocol (L2TP), or Point-to-Point Tunneling Protocol (PPTP). Configure Unicast RPF on a home gateway so that Unicast RPF processes network traffic only after tunneling and encryption layers are stripped off from the packets.
Ingress and Egress Filtering Policy for Unicast RPF
Note Unicast RPF with access control lists (ACLs) is not supported on the Cisco Catalyst 9600 Series Supervisor 2 Module
Unicast RPF can be more effective at mitigating spoofing attacks when combined with a policy of ingress and egress filtering by using ACLs. Ingress filtering applies filters to traffic that is received at a network interface from either internal or external networks. With ingress filtering, packets that arrive from other networks or the Internet and that have a source address that matches a local network or private or broadcast addresses are dropped. For example, in ISP environments, ingress filtering can be applied to traffic that is received at a device from either a client (customer) or the Internet. Egress filtering applies filters to the traffic that exits a network interface (the sending interface). By filtering packets on devices that connect your network to the Internet or to other networks, you can permit only packets with valid source IP addresses to leave your network. For more information on network filtering, refer to RFC 2267, Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing.
Where to Use Unicast Reverse Path Forwarding
Unicast RPF can be used in any "single-homed" environment where there is essentially only one access point out of the network, which means that there is only one upstream connection to the network. Networks having one access point offer the best example of symmetric routing, which means that the interface where a packet enters the network is also the best return path to the source of the IP packet. Unicast RPF is best used at the network perimeter for Internet, intranet, or extranet environments, or in ISP environments for customer network terminations.
Routing Table Requirements
Unicast Reverse Path Forwarding (RPF) uses the routing information in Cisco Express Forwarding tables for routing traffic. The amount of routing information that must be available in Cisco Express Forwarding tables depends on the device where Unicast RPF is configured and the functions the device performs in the network.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 590
Configuring Unicast Reverse Path Forwarding
Where Not to Use Unicast Reverse Path Forwarding
For example, in an ISP environment where a device is a leased-line aggregation device for customers, the information about static routes that are redistributed into the Interior Gateway Protocol (IGP) or Internal Border Gateway Protocol (IBGP) (depending on which technique is used in the network) is required in the routing table. Because Unicast RPF is configured on customer interfaces, only minimal routing information is required. If a single-homed ISP configures Unicast RPF on the gateway to the Internet, the full Internet routing table information is required by Unicast RPF to help protect the ISP from external denial of service (DoS) attacks that use addresses that are not in the Internet routing table.
Where Not to Use Unicast Reverse Path Forwarding
Do not use unicast RPF on interfaces that are internal to a network. Internal interfaces are likely to have routing asymmetry (see the figure below), which means that there can be multiple routes to the source of a packet. Unicast RPF is applied only where there is a natural or configured symmetry.
For example, devices at the edge of an ISP network are more likely to have symmetrical reverse paths than devices that are in the core of an ISP network. The best forwarding path to forward packets from devices that are at the core of an ISP network may not be the best forwarding path that is selected for packets that are returned to the device.
We recommend that you do not apply Unicast RPF where there is a chance of asymmetric routing, unless you configure access control lists (ACLs) to allow the device to accept incoming packets. ACLs permit the use of Unicast RPF when packets arrive through specific, less-optimal asymmetric input paths.
The figure below illustrates how Unicast RPF can block legitimate traffic in an asymmetric routing environment.
Figure 28: Unicast RPF Blocking Legitimate Traffic in an Asymmetric Routing Environment
Unicast Reverse Path Forwarding with BOOTP and DHCP
Unicast RPF allows packets with 0.0.0.0 as the source IP address and 255.255.255.255 as the destination IP address to pass through a network to enable Bootstrap Protocol (BOOTP) and DHCP functions to work properly when Unicast RPF is configured.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 591
How to Configure Unicast Reverse Path Forwarding
Configuring Unicast Reverse Path Forwarding
How to Configure Unicast Reverse Path Forwarding
The following section provide configuration information about unicast reverse path forwarding.
Configuring Unicast Reverse Path Forwarding
Before you begin
To use Unicast Reverse Path Forwarding, you must configure a device for Cisco Express Forwarding switching or distributed Cisco Express Forwarding switching. If Cisco Express Forwarding is not enabled globally on a device, Unicast RPF will not work on that device. If Cisco Express Forwarding is running on a device, individual interfaces on the device can be configured with other switching modes. Unicast RPF is an input-side function that is enabled on an interface or subinterface that supports any type of encapsulation, and Unicast RPF operates on IP packets that are received by the device.
Procedure
Step 1
Command or Action enable Example:
Device> enable
Purpose Enables privileged EXEC mode. Enter your password if prompted.
Step 2
configure terminal Example:
Device# configure terminal
Enters global configuration mode.
Step 3
ip cef distributed Example:
Device(config)# ip cef distributed
Enables Cisco Express Forwarding or distributed Cisco Express Forwarding on a device.
Step 4
interface slot/subslot/port
Selects the input interface on which you want
Example:
to apply Unicast Reverse Path Forwarding and enters interface configuration mode.
Device(config)# interface GigabitEthernet
0/0
The interface that is configured is the receiving
interface, which allows Unicast RPF to verify
the best return path before forwarding a packet
to the next destination.
Step 5
ip verify unicast reverse-path list
Example:
Device(config-if)# ip verify unicast reverse-path 197
Enables Unicast RPF on the interface.
· Use the list argument to identify an access list. If the access list denies network access, spoofed packets are dropped at the interface. If the access list permits network access, spoofed packets are forwarded to the destination address. Forwarded packets are counted in the interface statistics. If the
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 592
Configuring Unicast Reverse Path Forwarding
Troubleshooting Tips
Command or Action
Step 6
exit Example:
Device(config-if)# exit
Purpose access list includes the logging option, information about the spoofed packets is logged to the log server.
· Repeat this step for each access list that you want specify
Exits interface configuration mode.
Troubleshooting Tips
HSRP Failure
The failure to disable Unicast RPF before disabling Cisco Express Forwarding can cause a Hot Standby Router Protocol (HSRP) failure. If you want to disable Cisco Express Forwarding on a device, you must first disable Unicast RPF.
Monitoring and Maintaining Unicast Reverse Path Forwarding
This section describes commands used to monitor and maintain unicast RPF.
Command
Purpose
Device# show ip traffic
Displays global router statistics about Unicast RPF drops and suppressed drops.
Displays per-interface statistics about Unicast RPF drops and Device# show ip interface type suppressed drops.
Device# show access-lists
Displays the number of matches to a specific ACL.
Device(config-if)# no ip verify unicast reverse-path list
Disables Unicast RPF at the interface. Use the list option to disable Unicast RPF for a specific ACL at the interface.
Caution To disable CEF, you must first disable Unicast RPF. Failure to disable Unicast RPF before disabling CEF can cause HSRP failure. If you want to disable CEF on the router, you must first disable Unicast RPF.
Unicast RPF counts the number of packets dropped or suppressed because of malformed or forged source addresses. Unicast RPF counts dropped or forwarded packets that include the following global and per-interface information:
· Global Unicast RPF drops
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 593
Monitoring and Maintaining Unicast Reverse Path Forwarding
Configuring Unicast Reverse Path Forwarding
· Per-interface Unicast RPF drops
· Per-interface Unicast RPF suppressed drops
The show ip traffic command shows the total number (global count) of dropped or suppressed packets for all interfaces on the router. The Unicast RPF drop count is included in the IP statistics section.
Device# show ip traffic
IP statistics: Rcvd: 1471590 total, 887368 local destination 0 format errors, 0 checksum errors, 301274 bad hop count 0 unknown protocol, 0 not a gateway 0 security failures, 0 bad options, 0 with options Opts: 0 end, 0 nop, 0 basic security, 0 loose source route 0 timestamp, 0 extended security, 0 record route 0 stream ID, 0 strict source route, 0 alert, 0 other Frags: 0 reassembled, 0 timeouts, 0 couldn't reassemble 0 fragmented, 0 couldn't fragment Bcast: 205233 received, 0 sent Mcast: 463292 received, 462118 sent Sent: 990158 generated, 282938 forwarded ! The second line below ("0 unicast RPF") displays Unicast RPF packet dropping
information. Drop: 3 encapsulation failed, 0 unresolved, 0 no adjacency 0 no route, 0 unicast RPF, 0 forced drop
A nonzero value for the count of dropped or suppressed packets can mean one of two things:
· Unicast RPF is dropping or suppressing packets that have a bad source address (normal operation).
· Unicast RPF is dropping or suppressing legitimate packets because the route is misconfigured to use Unicast RPF in environments where asymmetric routing exists; that is, where multiple paths can exist as the best return path for a source address.
The show ip interface command shows the total of dropped or suppressed packets at a specific interface. If Unicast RPF is configured to use a specific ACL, that ACL information is displayed along with the drop statistics.
Device> show ip interface ethernet0/1/1
Unicast RPF ACL 197 1 unicast RPF drop 1 unicast RPF suppressed drop
The show access-lists command displays the number of matches found for a specific entry in a specific access list.
Device> show access-lists
Extended IP access list 197 deny ip 192.168.201.0 0.0.0.63 any log-input (1 match) permit ip 192.168.201.64 0.0.0.63 any log-input (1 match) deny ip 192.168.201.128 0.0.0.63 any log-input permit ip 192.168.201.192 0.0.0.63 any log-input
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 594
Configuring Unicast Reverse Path Forwarding
Example: Configuring Unicast RPF
Example: Configuring Unicast RPF
Device# configure terminal Device(config)# ip cef distributed Device(config)# interface GigabitEthernet 1/0/2 Device(config-if)# description Connection to Upstream ISP Device(config-if)# ip address 209.165.200.225 255.255.255.252 Device(config-if)# no ip redirects Device(config-if)# no ip directed-broadcast Device(config-if)# no ip proxy-arp Device(config-if)# ip verify unicast reverse-path
Device# configure terminal Device(config)# ip cef distributed Device(config)# interface GigabitEthernet 1/0/2 Device(config-if)# description Connection to Upstream ISP Device(config-if)# ip address 209.165.200.225 255.255.255.252 Device(config-if)# no ip redirects Device(config-if)# no ip directed-broadcast Device(config-if)# no ip proxy-arp Device(config-if)# ip verify unicast source reachable-via rx
Feature History for Unicast Reverse Path Forwarding
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1
Unicast Reverse Path Forwarding
Unicast RPF feature helps to mitigate problems that are caused by the introduction of malformed or forged (spoofed) IP source addresses into a network by discarding IP packets that lack a verifiable IP source address.
Cisco IOS XE Cupertino 17.7.1
Unicast Reverse Path Forwarding Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module.
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 595
Feature History for Unicast Reverse Path Forwarding
Configuring Unicast Reverse Path Forwarding
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 596
4 4 C H A P T E R
Configuring the Service Discovery Gateway
· Restrictions for Service Discovery Gateway, on page 597 · Information About the Service Discovery Gateway and mDNS, on page 597 · How to Configure Service Discovery Gateway, on page 600 · Monitoring Service Discovery Gateway, on page 604 · Configuration Examples, on page 604 · Where to Go Next for Configuring Services Discovery Gateway, on page 606 · Additional References for Service Discovery Gateway, on page 606 · Feature History for Service Discovery Gateway, on page 607
Restrictions for Service Discovery Gateway
The following are restrictions for configuring the Service Discovery Gateway:
· The Service Discovery Gateway does not support topologies with multiple hops. All network segments must be connected directly to it. The Service Discovery Gateway can learn services from all connected segments to build its cache and respond to requests acting as a proxy.
· The use of third-party mDNS servers or applications is not supported with this feature.
Information About the Service Discovery Gateway and mDNS
This section provides information about the Service Discovery Gateway and mDNS.
mDNS
mDNS was defined to achieve zero configuration, with zero configuration being defined as providing the following features:
· Addressing--Allocating IP addresses to hosts
· Naming--Using names to refer to hosts instead of IP addresses.
· Service discovery--Finding services automatically on the network
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 597
mDNS-SD
Configuring the Service Discovery Gateway
With mDNS, network users no longer have to assign IP addresses, assign host names, or type in names to access services on the network. Users only need to ask to see what network services are available, and choose from a list.
With mDNS, addressing is accomplished through the use of DHCP/DHCPv6 or IPv4 and IPv6 Link Local scoped addresses. The benefit of zero-configuration occurs when no infrastructure services such as DHCP or DNS are present and self-assigned link-local addressing can be used. The client can then select a random IPv4 address in the link-local range (169.254.0.0/24) or use its IPv6 link-local address (FE80::/10) for communication.
With mDNS, naming (name-to-address translation on a local network using mDNS) queries are sent over the local network using link-local scoped IP multicast. Because these DNS queries are sent to a multicast address (IPv4 address 224.0.0.251 or IPv6 address FF02::FB), no single DNS server with global knowledge is required to answer the queries. When a service or device sees a query for any service it is aware of, it provides a DNS response with the information from its cache.
With mDNS, service discovery is accomplished by browsing. An mDNS query is sent out for a given service type and domain, and any device that is aware of matching services replies with service information. The result is a list of available services for the user to choose from.
The mDNS protocol (mDNS-RFC), together with DNS Service Discovery (DNS-SD-RFC) achieves the zero-configuration addressing, naming, and service discovery.
mDNS-SD
Multicast DNS Service Discovery (mDNS-SD) uses DNS protocol semantics and multicast over well-known multicast addresses to achieve zero configuration service discovery. DNS packets are sent to and received on port 5353 using a multicast address of 224.0.0.251 and its IPv6 equivalent FF02::FB.
Because mDNS uses a link-local multicast address, its scope is limited to a single physical or logical LAN. If the networking reach needs to be extended to a distributed campus or to a wide-area environment consisting of many different networking technologies, mDNS gateway is implemented. An mDNS gateway provides a transport for mDNS packets across Layer 3 boundaries by filtering, caching, and redistributing services from one Layer 3 domain to another.
Service Discovery Gateway
The Service Discovery Gateway feature enables multicast Domain Name System (mDNS) to operate across Layer 3 boundaries (different subnets). An mDNS gateway provides transport for service discovery across Layer 3 boundaries by filtering, caching, and redistributing services from one Layer 3 domain (subnet) to another. Prior to implementation of this feature, mDNS was limited in scope to within a subnet because of the use of link-local scoped multicast addresses. This feature enhances Bring Your Own Device (BYOD).
mDNS Gateway and Subnets
You need to enable an mDNS gateway for service discovery to operate across subnets. You can enable mDNS gateway for a device or for an interface.
Note You need to configure service routing globally before configuring at the interface level.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 598
Configuring the Service Discovery Gateway
Filtering
After the device or interface is enabled, you can redistribute service discovery information across subnets. You can create service policies and apply filters on either incoming service discovery information (called IN-bound filtering) or outgoing service discovery information (called OUT-bound filtering).
Note If redistribution is enabled globally, global configuration is given higher priority than interface configuration.
Figure 29: Sample Networking Scenario
For example, if the mDNS gateway functionality is enabled on the router in this figure, then service information can be sent from one subnet to another and vice-versa. For example, the printer and fax service information being advertised in the network with IP address 192.0.2.6 are redistributed to the network with IP address 198.51.100.4. The printer and fax service information in the network with IP address 192.0.2.6 is learned by mDNS-enabled hosts and devices in the other network.
Filtering
After configuring the mDNS gateway and subnets, you can filter services that you want to redistribute. While creating a service list, the permit or deny command options are used:
· The permit command option allows you to permit or transport specific service list information.
· The deny option allows you to deny service list information that is available to be transported to other subnets.
You need to include a sequence number when using the permit or deny command option. The same service list name can be associated with multiple sequence numbers and each sequence number will be mapped to a rule.
Note If no filters are configured, then the default action is to deny service list information to be transported through the device or interface.
Query is another option that is provided when creating service lists. You can create queries using a service list. If you want to browse for a service, then active queries can be used. This function is helpful to keep the records refreshed in the cache.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 599
How to Configure Service Discovery Gateway
Configuring the Service Discovery Gateway
Note Active queries can only be used globally and cannot be used at the interface level.
A service end-point (such as a printer or fax) sends unsolicited announcements when a service starts up. After that, it sends unsolicited announcements whenever a network change event occurs (such as an interface coming up or going down). The device always responds to queries.
After creating a service list and using the permit or deny command options, you can filter using match statements (commands) based on service-instance, service-type, or message-type (announcement or query).
How to Configure Service Discovery Gateway
This section describes how to configure the Service Discovery Gateway.
Configuring the Service List
This procedure describes how to create a service list, apply a filter for the service list, and configure parameters for the service list name.
Procedure
Step 1
Command or Action enable Example:
Purpose
Enables privileged EXEC mode. Enter your password, if prompted.
Device> enable
Step 2 Step 3
configure terminal Example:
Enters global configuration mode.
Device# configure terminal
service-list mdns-sd service-list-name {deny Enters mDNS service discovery service list
sequence-number | permit sequence-number | mode. In this mode, you can:
query}
· Create a service list and apply a filter on
Example:
the service list according to the permit or
deny option that is applied to the sequence
Device(config)# service-list mdns-sd sl1
number.
permit 3
· Create a service list and associate a query
Device(config)# service-list mdns-sd sl4 query
for the service list name if the query option is used.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 600
Configuring the Service Discovery Gateway
Configuring the Service List
Step 4 Step 5
Command or Action
Purpose Note
The sequence number sets the priority of the rule. A rule with a lower sequence number is selected first and the service announcement or query is allowed or denied accordingly. You define the sequence number as per your network requirements.
match message-type {announcement | any | (Optional) Sets the message type to match. You
query}
can match the following message types:
Example:
· announcement
Device(config-mdns-sd-sl)# match message-type announcement
· any · query
These commands configure the parameters for the service list name that is created in step 2.
If the match message-type is an announcement, then the service list rule only allows service advertisements or announcements for the device. If the match message-type is a query, then only a query from the client for a certain service in the network is allowed.
Multiple service maps of the same name with different sequence numbers can be created and the evaluation of the filters will be ordered on the sequence number. Service lists are an ordered sequence of individual statements, each one has a permit or deny result. Evaluation of service list consists of a list scan, in a predetermined order, and an evaluation of the criteria of each statement that matches. A list scan is stopped once the first statement match is found and an action permit/deny associated with the statement match is performed. The default action after scanning through the entire list is to deny.
Note
You cannot use the match
command if you have used the
query option in the previous step.
The match command can be used
only for the permit or deny
option.
match service-instance { LINE }
(Optional) Sets the service instance to match.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 601
Enabling mDNS Gateway and Redistributing Services
Configuring the Service Discovery Gateway
Command or Action Example:
Device(config-mdns-sd-sl)## match service-instance servInst 1
Step 6
match service-type {LINE } Example:
Device(config-mdns-sd-sl)# match service-type _ipp._tcp
Step 7
end Example:
Device(config-mdns-sd-sl)# end
Purpose
This command configures the parameters for the service list name that is created in step 2.
Note
You cannot use the match
command if you have used the
query option in the previous step.
The match command can be used
only for the permit or deny
option.
(Optional) Sets the value of the mDNS service type string to match.
This command configures the parameters for the service list name that is created in step 2.
Note
You cannot use the match
command if you have used the
query option in the previous step.
The match command can be used
only for the permit or deny
option.
Returns to privileged EXEC mode.
What to do next Proceed to enable the mDNS gateway and redistribution of services.
Enabling mDNS Gateway and Redistributing Services
After enabling mDNS gateway for a device, you can apply filters (apply IN-bound filtering or OUT-bound filtering) and active queries by using service-policy and service-policy-query commands, respectively. You can redistribute services and service announcements using the redistribute mdns-sd command, and set some part of the system memory for cache using the cache-memory-max command.
Note By default, mDNS gateway is disabled on all interfaces.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 602
Configuring the Service Discovery Gateway
Enabling mDNS Gateway and Redistributing Services
Procedure
Step 1
Command or Action enable Example:
Device> enable
Purpose
Enables privileged EXEC mode. Enter your password, if prompted.
Step 2
configure terminal Example:
Device# configure terminal
Enters global configuration mode.
Step 3 Step 4
mdns-sd gateway Example:
Device(config)# mdns-sd gateway
Enables mDNS gateway functionality for a device and enters multicast DNS configuration (config-mdns) mode.
Note
This command enables the mDNS
function globally.
Note
Enter the mdns-sd gateway
source-interface if-name
command in either global-config
or interface-config mode, to
specify an alternate source
interface for outgoing mDNS
packets, so its IP address can be
used when there is none
configured on the outgoing
interface.
service-policy service-policy-name {IN | OUT} (Optional) For a service list, applies a filter on
Example:
incoming service discovery information (IN-bound filtering) or outgoing service
discovery information (OUT-bound filtering).
Device(config-mdns)# service-policy
serv-pol1 IN
Step 5 Step 6
redistribute mdns-sd Example:
Device(config-mdns)# redistribute mdns-sd
(Optional) Redistributes services or service announcements across subnets.
Note
If redistribution is enabled
globally, global configuration is
given higher priority than
interface configuration.
cache-memory-max cache-config-percentage (Optional) Sets some part of the system memory
Example:
(in percentage) for cache.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 603
Monitoring Service Discovery Gateway
Configuring the Service Discovery Gateway
Step 7
Command or Action
Purpose
Note Device(config-mdns)# cache-memory-max
20
By default, 10 percent of the system memory is set aside for cache. You can override the default value by using this command.
service-policy-query service-list-query-name (Optional) Configures service list-query
service-list-query-periodicity
periodicity.
Example:
Device(config-mdns)# service-policy-query sl-query1 100
Step 8
exit Example:
Device(config-mdns)# exit
(Optional) Returns to global configuration mode.
Step 9
end Example:
Device(config)# end
Returns to privileged EXEC mode.
Monitoring Service Discovery Gateway
Table 39: Monitoring Service Discovery Gateway
Command
Purpose
show mdns requests [detail | name record-name| type record-type [ name record-name]]
This command displays information for outstanding mDNS requests, including record name and record type information.
show mdns cache [interface type number | name This command displays mDNS cache information. record-name [type record-type]| type record-type]
show mdns statistics {all | service-list list-name | This command displays mDNS statistics. service-policy {all | interface type number }}
Configuration Examples
This section provides configuration examples for Service Discovery Gateway.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 604
Configuring the Service Discovery Gateway
Example: Specify Alternative Source Interface for Outgoing mDNS Packets
Example: Specify Alternative Source Interface for Outgoing mDNS Packets
The following example displays how to specify an alternate source interface for outgoing mDNS packets, so its IP address can be used when there is none configured on the outgoing interface.
Device(config)# mdns-sd gateway Device(config-mdns)# source-interface gigabitethernet 0/1/0
Example: Redistribute Service Announcements
The following example displays how to redistribute service announcements that are received on one interface over all the interfaces or over a specific interface.
Device(config)# mdns-sd gateway Device(config-mdns)# redistribute mdns-sd gigabitethernet 0/1/0
Example: Creating a Service-List, Applying a Filter and Configuring Parameters
The following example shows the creation of a service-list sl1. The permit command option is being applied on sequence number 3 and all services with message-type announcement are filtered and available for transport across various subnets that are associated with the device.
Device# configure terminal Device(config)# service-list mdns-sd sl1 permit 3 Device(config-mdns-sd-sl)#match message-type announcement Device(config-mdns)# exit
Example: Enabling mDNS Gateway and Redistributing Services
The following example shows how to enable an mDNS gateway for a device and enable redistribution of services across subnets. IN-bound filtering is applied on the service-list serv-pol1. Twenty percent of system memory is made available for cache and service-list-query periodicity is configured at 100 seconds.
Device# configure terminal Device# mdns-sd gateway Device(config-mdns)# service-policy serv-pol1 IN Device(config-mdns)# redistribute mdns-sd Device(config-mdns)# cache-memory-max 20 Device(config-mdns)# service-policy-query sl-query1 100 Device(config-mdns)# exit
Example: Global mDNS Configuration
The following example displays how to globally configure mDNS.
Device# configure terminal Device(config)# service-list mdns-sd mypermit-all permit 10
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 605
Example: Interface mDNS Configuration
Configuring the Service Discovery Gateway
Devic(config-mdns-sd-s1)# exit Device(config)# service-list mdns-sd querier query Device(config-mdns-sd-s1)# service-type _dns._udp Device(config-mdns-sd-s1)# end Device# configure terminal Device(config)#mdns-sd gateway Device(config-mdns)# service-policy mypermit-all IN Device(config-mdns)# service-policy mypermit-all OUT
Example: Interface mDNS Configuration
The following example displays how to configure mDNS for an interface.
Device(config)#interface Vlan136 Device(config-if)# description *** Mgmt VLAN *** Device(config-if)# ip address 9.7.136.10 255.255.255.0 Device(config-if)# ip helper-address 9.1.0.100 Device(config-if)# mdns-sd gateway Device(config-if-mdns-sd)# service-policy mypermit-all IN Device(config-if-mdns-sd)# service-policy mypermit-all OUT Device(config-if-mdns-sd)# service-policy-query querier 60
Where to Go Next for Configuring Services Discovery Gateway
You can configure the following: · IGMP · Wireless Multicast · PIM · SSM · IP Multicast Routing
Additional References for Service Discovery Gateway
Related Documents
Related Topic
Document Title
For complete syntax and usage information for the See the IP Multicast Routing Commands section of the
commands used in this chapter.
Command Reference (Catalyst 9600 Series Switches)
Standards and RFCs Standard/RFC RFC 6763
Title DNS-Based Service Discovery
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 606
Configuring the Service Discovery Gateway
Feature History for Service Discovery Gateway
Standard/RFC Multicast DNS Internet-Draft
Title Multicast
Feature History for Service Discovery Gateway
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1 Service Discovery Gateway
The Service Discovery Gateway feature enables multicast Domain Name System (mDNS) to operate across Layer 3 boundaries (different subnets).
Cisco IOS XE Dublin 17.11.1
Use of mdns-sd gateway instead of service-routing mdns-sd.
Use the mdns-sd gateway command instead of service-routing mdns-sd command to configure mDNS on a device.
The command service-routing mdns-sd will be deprecated in the future.
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 607
Feature History for Service Discovery Gateway
Configuring the Service Discovery Gateway
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 608
4 5 C H A P T E R
Configuring Generic Routing Encapsulation(GRE) Tunnel IP Source and Destination VRF Membership
· Restrictions for GRE Tunnel IP Source and Destination VRF Membership, on page 609 · Information About GRE Tunnel IP Source and Destination VRF Membership, on page 610 · How to Configure GRE Tunnel IP Source and Destination VRF Membership, on page 610 · Configuration Example for GRE Tunnel IP Source and Destination VRF Membership, on page 611 · Additional References, on page 612 · Feature History for Generic Routing Encapsulation Tunnel IP Source and Destination VRF Membership,
on page 612
Restrictions for GRE Tunnel IP Source and Destination VRF Membership
· Both ends of the tunnel must reside within the same VRF. · The VRF associated with the tunnel vrf command is the same as the VRF associated with the physical
interface over which the tunnel sends packets (outer IP packet routing). · The VRF associated with the tunnel by using the ip vrf forwarding command is the VRF that the packets
are to be forwarded in as the packets exit the tunnel (inner IP packet routing). · The feature does not support the fragmentation of multicast packets passing through a multicast tunnel. · The feature does not support the ISIS (Intermediate System to intermediate system) protocol. · On the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2), each interface must be
configured with a unique combination of tunnel source and destination.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 609
Configuring Generic Routing Encapsulation(GRE) Tunnel IP Source and Destination VRF Membership Information About GRE Tunnel IP Source and Destination VRF Membership
Information About GRE Tunnel IP Source and Destination VRF Membership
This feature allows you to configure the source and destination of a tunnel to belong to any Virtual Private Network (VPN) routing and forwarding (VRF) table. A VRF table stores routing data for each VPN. The VRF table defines the VPN membership of a customer site attached to the network access server (NAS). Each VRF table comprises an IP routing table, a derived Cisco Express Forwarding (CEF) table, and guidelines and routing protocol parameters that control the information that is included in the routing table.
Previously, GRE IP tunnels required the IP tunnel destination to be in the global routing table. The implementation of this feature allows you to configure a tunnel source and destination to belong to any VRF. As with existing GRE tunnels, the tunnel becomes disabled if no route to the tunnel destination is defined.
How to Configure GRE Tunnel IP Source and Destination VRF Membership
Follow these steps to configure GRE Tunnel IP Source and Destination VRF Membership:
Procedure
Step 1
Command or Action enable Example:
Device>enable
Step 2
configure terminal Example:
Device#configure terminal
Step 3
interface tunnelnumber Example:
Device(config)#interface tunnel 0
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Enters global configuration mode.
Enters interface configuration mode for the specified interface.
· number is the number associated with the tunnel interface.
Step 4
ip vrf forwardingvrf-name
Associates a virtual private network (VPN)
Example:
routing and forwarding (VRF) instance with an interface or subinterface.
Device(config-if)#ip vrf forwarding green
· vrf-name is the name assigned to a VRF.
Step 5
ip addressip-address subnet-mask
Example:
Device(config-if)#ip address 10.7.7.7 255.255.255.255
Specifies the interface IP address and subnet mask.
· ip-address specifies the IP address of the interface.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 610
Configuring Generic Routing Encapsulation(GRE) Tunnel IP Source and Destination VRF Membership Configuration Example for GRE Tunnel IP Source and Destination VRF Membership
Step 6
Step 7 Step 8
Command or Action
Purpose
· subnet-mask specifies the subnet mask of the interface.
tunnel source {ip-address |type number} Specifies the source of the tunnel interface.
Example:
Device(config-if)#tunnel source loop 0
· ip-address specifies the IP address to use as the source address for packets in the tunnel.
· type specifies the interface type (for example, serial).
· number specifies the port, connector, or interface card number. The numbers are assigned at the factory at the time of installation or when added to a system, and can be displayed using the show interfaces command.
tunnel destination {hostname|ip-address}
Example:
Device(config-if)#tunnel destination 10.5.5.5
Defines the tunnel destination.
· hostname specifies the name of the host destination.
· ip-address specifies the IP address of the host destination.
tunnel vrfvrf-name Example:
Device(config-if)#tunnel vrf finance1
Associates a VPN routing and forwarding (VRF) instance with a specific tunnel destination.
· vrf-name is the name assigned to a VRF.
Configuration Example for GRE Tunnel IP Source and Destination VRF Membership
In this example, packets received on interface e0 using VRF green are forwarded out of the tunnel through interface e1 using VRF blue.
ip vrf blue rd 1:1
ip vrf green rd 1:2
interface loop0 ip vrf forwarding blue ip address 10.7.7.7 255.255.255.255
interface tunnel0 ip vrf forwarding green ip address 10.3.3.3 255.255.255.0 tunnel source loop 0
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 611
Additional References
Configuring Generic Routing Encapsulation(GRE) Tunnel IP Source and Destination VRF Membership
tunnel destination 10.5.5.5 tunnel vrf blue
interface ethernet0 ip vrf forwarding green ip address 10.1.1.1 255.255.255.0
interface ethernet1 ip vrf forwarding blue ip address 10.2.2.2 255.255.255.0
ip route vrf blue 10.5.5.5 255.255.255.0 ethernet 1
Additional References
Table 40: Related Documents
Related Topic VRF tables
Tunnels
Document Title
"Configuring Multiprotocol Label Switching" chapter of the Cisco IOS Switching Services Configuration Guide, Release 12.2
Cisco IOS Interface Configuration Guide, Release 12.2
Feature History for Generic Routing Encapsulation Tunnel IP Source and Destination VRF Membership
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1
Generic Routing Encapsulation(GRE) Tunnel IP Source and Destination VRF Membership
GRE Tunnel IP Source and Destination VRF Membership feature allows you to configure the source and destination of a tunnel to belong to any VPN VRF table.
Cisco IOS XE Cupertino 17.7.1
Generic Routing Encapsulation(GRE) Tunnel IP Source and Destination VRF Membership
Support for this feature was introduced on the Cisco Catalyst 9600 Series Supervisor 2 Module.
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 612
4 6 C H A P T E R
Configuring Unicast and Multicast over Point-to-Multipoint GRE
· Prerequisites for Unicast and Multicast over Point-to-Multipoint GRE, on page 613 · Restrictions for Unicast and Multicast over Point-to-Multipoint GRE, on page 613 · Information About Unicast and Multicast over Point-to-Multipoint GRE , on page 614 · How to Configure Unicast and Multicast over Point-to-Multipoint GRE , on page 616 · Configuration Examples for Unicast and Multicast over Point-to-Multipoint GRE, on page 623 · Feature History for Unicast and Multicast over Point-to-Multipoint GRE, on page 625
Prerequisites for Unicast and Multicast over Point-to-Multipoint GRE
· Before configuring multicast routing over multipoint Generic Routing Encapsulation (mGRE), you should be familiar with the concepts of IP multicast routing technology and mGRE tunneling.
Restrictions for Unicast and Multicast over Point-to-Multipoint GRE
· This feature is not supported on the Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2). · IPv6 multicast over mGRE tunnel is not supported. · mGRE tunnel maximum transmission unit (MTU) does not get auto updated upon IP MTU change in
the underlying network. Tunnel MTU has to be updated manually. · mGRE can use only IPv4 as the transport protocol, and can tunnel both IPv4 and IPv6 packets across
the underlying network infrastructure. · Only IPv4 Next Hop Resolution Protocol (NHRP) is supported, , and as a result, an non-broadcast multiple
access network (NBMA) can only be IPv4. · Bidirectional Protocol Independent Multicast (PIM) is not supported.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 613
Information About Unicast and Multicast over Point-to-Multipoint GRE
Configuring Unicast and Multicast over Point-to-Multipoint GRE
· Tunnel source can be a Layer 3 etherchannel, loopback, physical, or Switched Virtual Interface (SVI).
· No feature interactions such as access control list (ACL), Cisco Discovery Protocol, Crypto support, IPSec, or quality of service (QoS) are supported on the mGRE tunnel.
· All routing protocol that uses mutlicast requires additional configurations.
Information About Unicast and Multicast over Point-to-Multipoint GRE
Information About NHRP
The Next Hop Resolution Protocol (NHRP) is like the Address Resolution Protocol (ARP) that dynamically maps a non-broadcast multiaccess (NBMA) network instead of manually configuring all the tunnel end points. With NHRP, systems attached to an NBMA network can dynamically learn the NBMA physical address of other systems that are part of that network, allowing these systems to directly communicate. This protocol provides an ARP-like solution which allow station data-link addresses to dynamically determine NHRP as a client and server protocol, where the hub is the Next Hop Server (NHS) and the spokes are the Next Hop Clients (NHCs). The hub maintains an NHRP database of public interface addresses of each spoke. Each spoke registers its non-NBMA (real) address when it boots up and queries the NHRP database for addresses of the destination spokes to build direct tunnels.
Information About mGRE
The traditional implementation of a GRE tunnel involves the configuration of a point-to-point tunnel going between two sites. This type of configuration works well when there are limited number of tunnels that need to be configured. However, if there are a large number of spoke sites, the configuration of the hub router and the number of independent IP address ranges (one per tunnel) can quickly get excessive. In such cases, you can use Multipoint GRE (mGRE) at the hub site and normal point-to-point GRE configuration at the spokes. mGRE is configured over an IPv4 core/underlying network and allows multiple destinations to be grouped into a single multipoint interface.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 614
Configuring Unicast and Multicast over Point-to-Multipoint GRE Figure 30: Sample mGRE Configuration at Hub and Spokes
Information About mGRE
There are two different ways to configure mGRE on the hub and leave a normal GRE configuration on spokes: · Static NHRP mapping statements on the hub router
· Dynamic NHRP mapping on the hub router
In static mappings, the hub router is manually configured with the spoke IP in the NHRP configuration and spokes are configured as point-to-point GRE tunnels. But if there are several branch routers, the configuration on the hub router becomes lengthy, and dynamic NHRP is used on the hub router. When using dynamic NHRP, the hub router requires that each of the spoke routers be configured to register with a Next Hop Server (NHS), which would also typically be the hub router. This NHS keeps track of the NHRP mappings so that the hub device knows where to send traffic (sent to multiple tunnel destinations). For this configuration to work correctly the IP address of the NHS server must also be statically mapped on spoke routers. With the above hub-spoke topology, the only available way for spokes to send traffic to other spokes is to forward traffic through the hub. This requires an extra hop that may not be required when forwarding traffic. Each of the spokes has the ability to forward traffic directly to each other on the underlying IP network. When this happens, it will be more efficient for the spoke-to-spoke traffic to be routed directly between the spokes without having to jump through the hub router. If both the hub and spokes are configured to use mGRE then the ability to set up dynamic spoke-to-spoke tunnels is permitted. With this configuration, each spoke still use the hub as an NHS which allows the hub to keep track of each of the spoke sites. It also allows mGRE and NHRP to work together to inform the spokes what the forwarding information is for the other spokes. This information can then be used for each of the spokes to dynamically set up mGRE tunnels between each of the other spokes, as required.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 615
How to Configure Unicast and Multicast over Point-to-Multipoint GRE
Configuring Unicast and Multicast over Point-to-Multipoint GRE
How to Configure Unicast and Multicast over Point-to-Multipoint GRE
Configuring Unicast mGRE for Hub
Perform this task to configure unicast mGRE for a hub:
Procedure Step 1
Command or Action enable Example:
Purpose
Enables privileged EXEC mode. Enter your password if prompted.
Step 2
Device>enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device#configure terminal
interface tunnel tunnel-number Example:
Configures an interface and enters interface configuration mode.
Step 4 Step 5 Step 6 Step 7
Device(config)#interface tunnel 1
tunnel mode gre multipoint
Example:
Device(config-if)#tunnel mode gre multipoint
Configures multipoint GRE as the tunnel mode.
ip ospf network point-to-multipoint
Example:
Device(config-if)#ip ospf network point-to-multipoint
If the underlying protocol is OSPF, execute this command to set the network type to point-to-multipoint.
ip address address mask
Configures the IP address of the tunnel.
Example:
Device(config-if)#ip address 10.1.1.1 255.255.255.255
ipv6 address address prefix
Example:
Device(config-if)#ipv6 address 2001:DB8:1::1
Configures the IPv6 address of the tunnel.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 616
Configuring Unicast and Multicast over Point-to-Multipoint GRE
Configuring Unicast mGRE at a Spoke
Step 8 Step 9 Step 10 Step 11 Step 12 Step 13 Step 14
Command or Action
tunnel source address Example:
Device(config-if)#tunnel source TenGigabitEthernet1/0/3
Purpose Configures the source IP address of the tunnel.
{ip | ipv6} nhrp network-id id
Defines the NHRP domain which differentiates
Example:
if multiple NHRP domains (GRE tunnel interfaces) are available on the same NHRP
Device(config-if)#ip nhrp network-id 1 router.
{ip | ipv6} nhrp registration timeout seconds Changes the interval that NHRP NHCs take to
Example:
send NHRP registration requests to configured NHRP NHSs.
Device(config-if)#ip nhrp registration
timeout 30
{ip | ipv6} nhrp holdtime seconds
Changes the number of seconds that NHRP
Example:
NBMA addresses are advertised as valid in positive NHRP responses.
Device(config-if)#ip nhrp holdtime 400
{ip | ipv6} nhrp authentication string
Specifies an authentication string.
Example:
Device(config-if)#ip nhrp authentication DMVPN
ip pim nbma-mode Example:
Device(config-if)#ip pim nbma-mode
Configures a multiaccess WAN interface to be in non-broadcast multiaccess (NBMA) mode.
end Example:
Device(config-if)#end
Exits interface configuration mode and returns to priviledged EXEC mode.
Configuring Unicast mGRE at a Spoke
Perform this task to configure unicast mGRE at spokes:
Procedure
Step 1
Command or Action enable Example:
Purpose
Enables privileged EXEC mode. Enter your password if prompted.
Device>enable
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 617
Configuring Unicast mGRE at the Hub
Configuring Unicast and Multicast over Point-to-Multipoint GRE
Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9
Command or Action configure terminal Example:
Purpose Enters global configuration mode.
Device#configure terminal
interface tunnel tunnel-number Example:
Configures an interface and enters interface configuration mode.
Device(config)#interface tunnel 1
ip nhrp map ip-address nbma-address Example:
Configures static IP-to-NBMA address mapping of a hub router on the spoke.
Device(config-if)#ip nhrp map 10.0.0.1 192.0.0.1
{ip | ipv6} nhrp map multicast nbma-address Enables IP multicast and broadcast packets
Example:
(example: routing protocol information) to be sent from the spoke to the hub.
Device(config-if)#ip nhrp map multicast
10.0.0.2
ip nhrp nhs nhs-address
Enables the spoke to send NHRP registration
Example:
request to the hub.
Device(config-if)#ip nhrp nhs 192.0.2.1
· Here nhs-address is the tunnel address of the hub.
ipv6 nhrp nhs nhs-address
Example:
Device(config-if)#ipv6 nhrp nhs 2001:DB8:1::2
Enables the spoke to send an NHRP registration request to the hub. Here nhs-address is the IPv6 address of the hub tunnel.
ipv6 nhrp map address/prefix nbma address
Example:
Device(config-if)#ipv6 nhrp map 2001:DB8:1::3 192.0.2.2
Configures static IPv6-to-NBMA address mapping of the hub on the spoke.
end Example:
Device(config-if)#end
Exits interface configuration mode and returns to privileged EXEC mode.
Configuring Unicast mGRE at the Hub
Perform this task to configure unicast mGRE at the hub:
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 618
Configuring Unicast and Multicast over Point-to-Multipoint GRE
Configuring Multicast mGRE
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Step 2
Device>enable
configure terminal Example:
Enters global configuration mode.
Step 3
Device#configure terminal
interface tunnel tunnel-number Example:
Configures an interface and enters interface configuration mode.
Step 4 Step 5 Step 6 Step 7
Device(config)#interface tunnel 1
{ip | ipv6} nhrp map multicast dynamic Enables the NHRP server (hub) to create a
Example:
broadcast/multicast mapping for the spoke when spoke routers register their unicast NHRP
Device(config-if)#ip nhrp map multicast mapping with the hub.
dynamic
{ip | ipv6} next-hop-self eigrp number
Enables the hub to use the next received hop
Example:
while sending routing protocol updates of one spoke to another, so that hosts behind hosts can
Device(config-if)#ip next-hop-self eigrp be reached directly.
10
{ip | ipv6} split-horizon eigrp number Example:
Enables routing protocol updates of one spoke to be sent to another spoke.
Device(config-if)#ip split-horizon eigrp 10
end Example:
Device(config-if)#end
Exits interface configuration mode and returns to privileged EXEC mode.
Configuring Multicast mGRE
To configure multicast mGRE, configure unicast mGRE first and then perform this task:
Procedure
Step 1
Command or Action enable Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 619
Verifying the mGRE Configuration
Configuring Unicast and Multicast over Point-to-Multipoint GRE
Step 2 Step 3 Step 4 Step 5 Step 6
Command or Action
Purpose
Device>enable
configure terminal Example:
Enters global configuration mode.
Device#configure terminal
interface tunnel tunnel-number Example:
Configures an interface and enters interface configuration mode.
Device(config)#interface tunnel 1
ip pim nbma-mode Example:
Device(config-if)#ip pim nbma-mode
ip pim sparse-mode Example:
Device(config-if)#ip pim sparse-mode
end Example:
Device(config-if)#end
Configures a multiaccess WAN interface to be in NBMA mode.
Enables IPv4 Protocol Independent Multicast (PIM) sparse mode on an interface.
Exits interface configuration mode and returns to priviledged EXEC mode.
Verifying the mGRE Configuration
Use the following commands to verify the mGRE configuration:
Procedure
Step 1 Step 2
enable Example:
Device>enable
Enables privileged EXEC mode. · Enter your password if prompted.
show ip nhrp Displays IPv4 Next Hop Resolution Protocol (NHRP) mapping information. Example:
Spoke2#show ip nhrp 10.0.0.1
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 620
Configuring Unicast and Multicast over Point-to-Multipoint GRE
Verifying the mGRE Configuration
10.0.0.1/32 via 10.0.0.1 Tunnel0 created 00:03:13, expire 00:06:47 Type: dynamic, Flags: router used nhop NBMA address: 192.0.0.1
Spoke2#show ip nhrp 10.0.0.3
10.0.0.3/32 via 10.0.0.3 Tunnel0 created 22:57:58, never expire Type: static, Flags: used NBMA address: 192.0.0.3
Step 3
show ipv6 nhrp
Displays IPv6 Next Hop Resolution Protocol (NHRP) mapping information.
Example:
HUB#show running-config | interface tunnel6
Building configuration...
Current configuration : 255 bytes ! interface Tunnel6
no ip address no ip redirects ipv6 address 2001:DB8:1::1/64 ipv6 eigrp 10 no ipv6 next-hop-self eigrp 10 no ipv6 split-horizon eigrp 10 ipv6 nhrp network-id 1 tunnel source FortyGigabitEthernet1/0/19 tunnel mode gre multipoint end
HUB#show ipv6 nhrp
2001:DB8:1::5/128 via 2001:DB8:1::5 Tunnel6 created 02:37:30, expire 00:07:29 Type: dynamic, Flags: registered nhop NBMA address: 192.168.0.2
2001:DB8:1::2A7:42FF:FE83:CEA0/128 via 2001:DB8:1::5 Tunnel6 created 02:37:30, expire 00:07:29 Type: dynamic, Flags: registered NBMA address: 192.168.0.2
HUB#
Spoke1#show running-config | interface tunnel6
Building configuration...
Current configuration : 292 bytes ! interface Tunnel6
no ip address no ip redirects ipv6 address 2001::5/64 ipv6 eigrp 10 ipv6 nhrp map multicast 192.168.0.3 ipv6 nhrp map 2001:DB8:1::1/64 192.168.0.3 ipv6 nhrp network-id 1 ipv6 nhrp nhs 2001:DB8:1::1
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 621
Verifying the mGRE Configuration
Configuring Unicast and Multicast over Point-to-Multipoint GRE
tunnel source FortyGigabitEthernet1/0/7 tunnel mode gre multipoint end
Spoke1#show ipv6 nhrp
2001:DB8:1::/64 via 2001:DB8:1::1 Tunnel6 created 02:46:17, never expire Type: static, Flags: NBMA address: 192.168.0.3
2001:DB8:1::2A7:42FF:FE83:CFE0/128 via 2001:DB8:1::2A7:42FF:FE83:CFE0 Tunnel6 created 02:45:39, never expire Type: static, Flags: nhs-ll NBMA address: 192.168.0.3
Spoke1#
Step 4
show ip route
Displays IPv4 content of the routing table.
Example:
Spoke2#show ip route 10.0.1.1
Routing entry for 10.0.1.1 Known via "eigrp 10", distance 90, metric 26880256, type internal Redistributing via eigrp 10 Last update from 10.0.0.3 on Tunnel0, 00:55:34 ago Routing Descriptor Blocks: * 10.0.0.3, from 10.0.0.3, 00:55:34 ago, via Tunnel0 Route metric is 26880256, traffic share count is 1 Total delay is 50010 microseconds, minimum bandwidth is 100 Kbit Reliability 255/255, minimum MTU 1472 bytes Loading 1/255, Hops 1
HUB#show ip route 10.0.1.2
Routing entry for 10.0.1.2/24 Known via "eigrp 10", distance 90, metric 26880256, type internal Redistributing via eigrp 10 Last update from 10.0.0.1 on Tunnel0, 00:56:45 ago Routing Descriptor Blocks: * 10.0.0.1, from 10.0.0.1, 00:56:45 ago, via Tunnel0 Route metric is 26880256, traffic share count is 1 Total delay is 50010 microseconds, minimum bandwidth is 100 Kbit Reliability 255/255, minimum MTU 1472 bytes Loading 1/255, Hops 1
HUB#
Step 5
show ipv6 route
Displays IPv6 content of the routing table.
Example:
Spoke1#show ipv6 route 2001:DB8:1::/64
Routing entry for 2001:DB8:1::/64 Known via "eigrp 10", distance 90, metric 27008000, type internal Route count is 1/1, share count 0 Routing paths: 2001:DB8:1::2A7:42FF:FE83:CFE0, Tunnel6 From 2001:DB8:1::2A7:42FF:FE83:CFE0
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 622
Configuring Unicast and Multicast over Point-to-Multipoint GRE
Configuration Examples for Unicast and Multicast over Point-to-Multipoint GRE
Last updated 00:03:07 ago Spoke1#
HUB#show ipv6 route 2001:DB8:1::/64
Routing entry for 2001:DB8:1::/64 Known via "eigrp 10", distance 90, metric 27008000, type internal Route count is 1/1, share count 0 Routing paths: 2001:DB8:1::2A7:42FF:FE83:CEA0, Tunnel6 From 2001:DB8:1::2A7:42FF:FE83:CEA0 Last updated 00:01:29 ago
HUB#
Step 6 Step 7
debug nhrp detail Displays NHRP registration and packet related information. debug tunnel Displays tunnel state changes and packet related information.
Configuration Examples for Unicast and Multicast over Point-to-Multipoint GRE
Example: Configuring Unicast mGRE for Hub
This example shows how to configure unicast mGRE for the hub:
Device>enable Device#configure terminal Device(config)#interface tunnel 1 Device(config-if)#tunnel mode gre multipoint Device(config-if)#ip ospf network point-to-multipoint Device(config-if)#ip address 10.1.1.1 255.255.255.255 Device(config-if)#ipv6 address 2001:DB8:1::1 Device(config-if)#tunnel source TenGigabitEthernet1/0/3 Device(config-if)#ip nhrp network-id 1 Device(config-if)#ip nhrp registration timeout 30 Device(config-if)#ip nhrp holdtime 400 Device(config-if)#ip nhrp authentication DMVPN Device(config-if)#ip pim nbma-mode Device(config-if)#end
Example: Configuring Unicast mGRE at Spoke
This example shows how to configure unicast mGRE at a spoke.
Device>enable Device#configure terminal Device(config)#interface tunnel 1
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 623
Example: Configuring Unicast mGRE at Hub
Configuring Unicast and Multicast over Point-to-Multipoint GRE
Device(config-if)#ip nhrp map 10.0.0.1 192.0.0.1 Device(config-if)#ip nhrp map multicast 10.0.0.2 Device(config-if)#ip nhrp nhs 192.0.2.1 Device(config-if)#ipv6 nhrp nhs 2001:DB8:1::2 Device(config-if)#ipv6 nhrp map 2001:DB8:1::3 192.0.2.2 Device(config-if)#end
Example: Configuring Unicast mGRE at Hub
This example shows how to configure unicast mGRE at the hub:
Device>enable Device#configure terminal Device(config)#interface tunnel 1 Device(config-if)#ip nhrp map multicast dynamic Device(config-if)#ip next-hop-self eigrp 10 Device(config-if)#ip split-horizon eigrp 10 Device(config-if)#end
Example: Configuring Multicast mGRE
This example shows how to configure multicast mGRE:
Device>enable Device#configure terminal Device(config)#interface tunnel 1 Device(config-if)#ip pim nbma-mode Device(config-if)#ip pim sparse-mode Device(config-if)#end
Sample mGRE Configuration at Hub and Spokes
Configuration at hub:
Device(config)#interface Tunnel0 Device(config-if)#ip address 172.16.0.2 255.255.255.0 Device(config-if)#no ip redirects Device(config-if)#ip nhrp authentication DMVPN Device(config-if)#ip nhrp network-id 1 Device(config-if)#ip nhrp registration timeout 30 Device(config-if)#no ip next-hop-self eigrp 10 Device(config-if)#no ip split-horizon eigrp 10 Device(config-if)#tunnel source TenGigabitEthernet1/0/3 Device(config-if)#tunnel mode gre multipoint Device(config-if)#tunnel key 4 Device(config-if)#end Device(config)#interface TenGigabitEthernet1/0/3 Device(config-if)#no switchport Device(config-if)#ip address 10.78.6.25. 255.255.255.0 Device(config-if)#end
Configuration at spoke1:
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 624
Configuring Unicast and Multicast over Point-to-Multipoint GRE
Feature History for Unicast and Multicast over Point-to-Multipoint GRE
Device(config)#interface Tunnel0 Device(config-if)#ip address 172.16.0.4 255.255.255.0 Device(config-if)#no ip redirects Device(config-if)#ip nhrp authentication DMVPN Device(config-if)#ip nhrp map 172.16.0.2 10.78.6.25 Device(config-if)#ip nhrp map multicast 10.78.6.25 Device(config-if)#ip nhrp network-id 1 Device(config-if)#ip nhrp nhs 172.16.0.2 Device(config-if)#ip nhrp registration timeout 30 Device(config-if)#tunnel source GigabitEthernet2/0/3 Device(config-if)#tunnel mode gre multipoint Device(config-if)#tunnel key 4 Device(config-if)#end Device(config)#interface GigabitEthernet2/0/3 Device(config-if)#no switchport Device(config-if)#ip address 209.165.202.129 255.255.255.0 Device(config-if)#end
Configuration at spoke2:
Device(config)#interface Tunnel0 Device(config-if)#ip address 172.16.0.3 255.255.255.0 Device(config-if)#no ip redirects Device(config-if)#ip nhrp authentication DMVPN Device(config-if)#ip nhrp map 172.16.0.2 10.78.6.25 Device(config-if)#ip nhrp map multicast 10.78.6.25 Device(config-if)#ip nhrp network-id 1 Device(config-if)#ip nhrp nhs 172.16.0.2 Device(config-if)#ip nhrp registration timeout 30 Device(config-if)#tunnel source GigabitEthernet1/0/3 Device(config-if)#tunnel mode gre multipoint Device(config-if)#tunnel key 4 Device(config-if)#end Device(config)#interface GigabitEthernet1/0/3 Device(config-if)#no switchport Device(config-if)#ip address 192.168.0.1 255.255.255.0 Device(config-if)#end
Feature History for Unicast and Multicast over Point-to-Multipoint GRE
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Gibraltar 16.11.1 Unicast and Multicast over Point-to-Multipoint GRE
The Unicast and Multicast over Point-to-Multipoint GRE feature allows to configure mGRE at the hub site and normal point-to-point GRE configuration at the spokes.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 625
Feature History for Unicast and Multicast over Point-to-Multipoint GRE
Configuring Unicast and Multicast over Point-to-Multipoint GRE
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 626
4 7 C H A P T E R
Troubleshooting IP Routing
· Overview, on page 627 · Support Articles, on page 627 · Feedback Request, on page 628 · Disclaimer and Caution, on page 628
Overview
This chapter provides links to documents authored by Cisco subject matter experts (SMEs). They aim to help you resolve technical issues without requiring a support ticket. If these documents are unable to resolve your issue, we recommend visiting the applicable Cisco Community. There is a wealth of information and advice available from fellow Cisco customers who may have experienced this issue already and provided a solution. If you are not able to find a resolution on the Community, it may be best that you raise a support ticket at Cisco Support. In cases where a support ticket has to be raised, these documents provide guidance about the data that should be collected and added to the support ticket. Specify the support document you referred, and TAC can create an improvement request with the document owner.
Support Articles
The documents in this section were created using specific software and hardware listed in the Components Used section of each article. However, this does not mean that they are limited to what is listed in Components Used, and generally remain relevant for later versions of software and hardware. Note that there could be some changes in the software or hardware that can cause commands to stop working, the syntax to change, or GUIs and CLIs to look different from one release to another.
The following are the support articles associated with this technology:
Document
Description
Troubleshoot Border Gateway Protocol Basics
This document describes how to troubleshoot the most common issues in Border Gateway Protocol (BGP) and provides basic guidelines.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 627
Feedback Request
Troubleshooting IP Routing
Feedback Request
Your input helps. A key aspect to improving these support documents is customer feedback. Note that these documents are owned and maintained by multiple teams within Cisco. If you find an issue specific to the document (unclear, confusing, information missing, etc):
· Provide feedback using the Feedback button located at the right panel of the corresponding article. The document owner will be notified, and will either update the article, or flag it for removal.
· Include information regarding the section, area, or issue you had with the document and what could be improved. Provide as much detail as possible.
Disclaimer and Caution
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
IP Routing Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9600 Switches) 628
DITA Open Toolkit XEP 4.30.961; modified using iText 2.1.7 by 1T3XT