Advertisement
Advertisement
Cisco Nexus 6000 Series NX-OS Unicast
Routing Configuration Guide, Release 7.x
First Published January 30, 2014
Cisco Systems, Inc.
www.cisco.com
Cisco has more than 200 offices worldwide.
Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices.
Text Part Number:
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks . Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
©2014 Cisco Systems, Inc. All rights reserved.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
1
Contents
2
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Preface
This document describes the configuration details for Cisco NX-OS unicast routing in Cisco Nexus 6000
Series switches switches.
This chapter includes the following sections:
•
•
•
•
•
Communications, Services, and Additional Information, page 4
Audience
To use this guide, you must be familiar with IP and routing technology.
Organization
This document is organized into the following chapters:
Title
Chapter 5, “Configuring OSPFv2”
Chapter 6, “Configuring OSPFv3”
Chapter 7, “Configuring EIGRP”
Description
Presents an overview of unicast routing and brief descriptions of each feature.
Describes how to configure and manage IPv4, including
ARP and ICMP.
Describes how to configure and manage IPv6, including
ARP and ICMP.
Describes how to configure the OSPFv2 routing protocol for IPv4 networks.
Describes how to configure the OSPFv3 routing protocol for IPv6 networks.
Describes how to configure the Cisco EIGRP routing protocol for IPv4 networks.
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
1
Title
Chapter 8, “Configuring Basic BGP”
Description
Describes how to configure basic features for the BGP routing protocol for IPv4 networks.
Chapter 9, “Configuring Advanced BGP”
Describes how to configure advanced features for the
BGP routing protocol for IPv4 networks, including route redistribution and route aggregation.
Describes how to configure the RIP routing protocols for
IPv4 networks.
Chapter 11, “Configuring Static Routing”
Describes how to configure static routing for IPv4 networks.
Chapter 12, “Configuring Layer 3
Describes how to configure Layer 3 virtualization.
Chapter 13, “Managing the Unicast RIB and FIB”
Chapter 14, “Configuring Route Policy
Describes how to view and modify the unicast RIB and
FIB.
Describes how to configure the Route Policy Manager, including IP prefix lists and route maps for filtering and redistribution.
Chapter 15, “Configuring Policy Based
Chapter 17, “Configuring HSRP”
Chapter 18, “Configuring VRRP”
Describes how to configure Policy-Based Routing and includes guidelines, limitations, and examples.
Describes how to configure the Hot Standby Routing
Protocol.
Describes how to configure the Virtual Router
Redundancy Protocol.
Describes how to configure object tracking.
Chapter 19, “Configuring Object
Appendix 1, “IETF RFCs supported by
Cisco NX-OS Unicast Features, Release
Lists IETF RFCs supported by Cisco NX-OS.
Document Conventions
Note As part of our constant endeavor to remodel our documents to meet our customers’ requirements, we have modified the manner in which we document configuration tasks. As a result of this, you may find a deviation in the style used to describe these tasks, with the newly included sections of the document following the new format.
Command descriptions use these conventions:
Convention boldface font italic font
[ ]
Description
Commands and keywords are in boldface.
Arguments for which you supply values are in italics.
Elements in square brackets are optional.
2
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
[ x | y | z ] string
Optional alternative keywords are grouped in brackets and separated by vertical bars.
A nonquoted set of characters. Do not use quotation marks around the string or the string will include the quotation marks.
Screen examples use these conventions: screen font Terminal sessions and information that the switch displays are in screen font.
Information that you must enter is in boldface screen font.
boldface screen font italic screen font
Arguments for which you supply values are in italic screen font.
< >
[ ]
!, #
Nonprinting characters, such as passwords, are in angle brackets.
Default responses to system prompts are in square brackets.
An exclamation point (!) or a pound sign (#) at the beginning of a line of code indicates a comment line.
This document uses the following conventions:
Note Means reader take note . Notes contain helpful suggestions or references to material not covered in the manual.
Caution Means reader be careful . In this situation, you might do something that could result in equipment damage or loss of data.
Related Documentation
Documentation for Cisco Nexus 6000 Series switches Switches and Cisco Nexus 2000 Series Fabric
Extender is available at the following URL: http://www.cisco.com/en/US/products/ps9670/tsd_products_support_series_home.html
The following are related Cisco Nexus 6000 Series and Cisco Nexus 2000 Series Fabric Extender documents:
Release Notes
Cisco Nexus 6000 Series and Cisco Nexus 2000 Series Release Notes
Cisco Nexus 6000 Series Switch Release Notes
Maintain and Operate Guides
Cisco Nexus 6000 Series NX-OS Operations Guide
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
3
Installation and Upgrade Guides
Cisco Nexus 6000 Series Platform Hardware Installation Guide
Cisco Nexus 2000 Series Hardware Installation Guide
Regulatory Compliance and Safety Information for the Cisco Nexus 6000 Series Switches and Cisco
Nexus 2000 Series Fabric Extenders
Licensing Guide
Cisco NX-OS Licensing Guide
Command References
Cisco Nexus 6000 Series Command Reference
Error and System Messages
Cisco NX-OS System Messages Reference
Communications, Services, and Additional Information
•
•
•
•
•
•
To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager .
To get the business impact you’re looking for with the technologies that matter, visit Cisco Services .
To submit a service request, visit Cisco Support .
To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco Marketplace .
To obtain general networking, training, and certification titles, visit Cisco Press .
To find warranty information for a specific product or product family, access Cisco Warranty Finder .
Cisco Bug Search Tool
Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides you with detailed defect information about your products and software.
4
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
S e n d c o m m e n t s t o n e x u s 6 k - d o c f e e d b a c k @ c i s c o . c o m
New and Changed Information
Table 1
Feature
This chapter provides release-specific information for each new and changed feature in the Cisco Nexus
6000 Series NX-OS Unicast Routing Configuration Guide, Release 6.x
. The latest version of this document is available at the following Cisco website: http://www.cisco.com/en/US/products/ps9670/products_installation_and_configuration_guides_list.ht
ml
To check for additional information about Cisco NX-OS Release 5.x, see the Cisco Nexus 6000 Series
Switch NX-OS Release Notes available at the following Cisco website: http://www.cisco.com/en/US/products/ps9670/prod_release_notes_list.html
summarizes the new and changed features for the Cisco Nexus 6000 Series NX-OS Unicast
Routing Configuration Guide, Release 6.x
, and tells you where they are documented.
New and Changed Features for Release
Support for Virtual
Router Redundancy
Protocol version3
(VRRPv3) and Virtual
Router Redundancy
Service (VRRS)
Description
VRRP version 3 enables a group of switches to form a single virtual switch to provide redundancy and VRRS improves scalability of
VRRPv3.
Changed in
Release Where Documented
7.3(0)N1(1)
Web Cache
Communication Protocol
(WCCP) v2
WCCPv2 specifies interactions between one or more Cisco NX-OS routers and one or more cache engines.
6.0(2)N3(1)
OL-27935-02
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 6.x
5
S e n d c o m m e n t s t o n e x u s 6 k - d o c f e e d b a c k @ c i s c o . c o m
Table 1 New and Changed Features for Release (continued)
Feature
Bidirectional Forwarding
Detection (BFD)
Description
Changed in
Release Where Documented
BFD was introduced for OSPF, BGP, EIGRP.,
Static Routes, PIM, VRRP, and HSRP.
6.0(2)N2(1)
Chapter 11, “Configuring Static
Chapter 17, “Configuring HSRP,”
Policy-Based Routing
ECMP maximum paths
ACLs for ip-directed broadcast command
Chapter 18, “Configuring VRRP,”
This feature was introduced.
For BGP, EIGRP, and OSPF , the number of maximum paths that can be load-balanced to a destination in equal-cost multi-path (ECMP) routing has increased from 16 to 64.
6.0(2)N2(1)
Chapter 15, “Configuring Policy
6.0(2)N2(1) Chapter 1, “Overview,”
Chapter 4, “Configuring
OSPFv2,”
Chapter 6, “Configuring EIGRP,”
This feature was introduced.
Cisco Nexus 6000 switch Initial product release
Chapter 5, “Configuring
OSPFv3,”
Chapter 8, “Configuring
Advanced BGP,”
Load Sharing and ECMP, page 9-35
6.0(2)N1(2)
(For other 6.0(2)N1(2) features, see the Cisco Nexus 6000 Series
Release Notes, Cisco NX-OS
Release 6.x.
)
6.0(2)N1(1)
6
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 6.x
OL-27935-02
C H A P T E R
1
Overview
This chapter introduces the basic concepts for Layer 3 unicast routing protocols in Cisco NX-OS.
This chapter includes the following sections:
•
•
•
•
•
•
Information About Layer 3 Unicast Routing, page 1-1
Layer 3 Virtualization, page 1-10
Cisco NX-OS Fowarding Architecture, page 1-10
Summary of Layer 3 Unicast Routing Features, page 1-12
Information About Layer 3 Unicast Routing
Layer 3 unicast routing involves two basic activities: determining optimal routing paths and packet switching. You can use routing algorithms to calculate the optimal path from the router to a destination.
This calculation depends on the algorithm selected, route metrics, and other considerations such as load balancing and alternate path discovery.
This section includes the following topics:
•
Routing Fundamentals, page 1-2
•
•
•
•
•
•
•
•
•
Load Balancing and Equal Cost Multipath, page 1-6
Route Redistribution, page 1-6
Administrative Distance, page 1-7
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
1-1 OL-30923-01
Chapter 1 Overview
Information About Layer 3 Unicast Routing
Routing Fundamentals
Routing protocols use a
to evaluate the best path to the destination. A metric is a standard of measurement, such as a path bandwidth, that routing algorithms use to determine the optimal path to a destination. To aid path determination, routing algorithms initialize and maintain routing tables, that contain route information such as the IP destination address and the address of the next router or
by sending the packet to a particular router that represents the next hop on the way to the final destination. When a router receives an incoming packet, it checks the destination address and attempts to associate this address with the next hop. See the
“Unicast RIB” section on page 1-10
for more information about the route table.
Routing tables can contain other information such as the data about the desirability of a path. Routers compare metrics to determine optimal routes, and these metrics differ depending on the design of the routing algorithm used. See the
“Routing Metrics” section on page 1-3 .
Routers communicate with one another and maintain their routing tables by transmitting a variety of messages. The routing update message is one of these messages that consists of all or a portion of a routing table. By analyzing routing updates from all other routers, a router can build a detailed picture of the network topology. A link-state advertisement, which is another example of a message sent between routers, informs other routers of the link state of the sending router. You can also use link information to enable routers to determine optimal routes to network destinations. For more information, see the
“Routing Algorithms” section on page 1-8
.
Packet Switching
In packet switching, a host determines that it must send a packet to another host. Having acquired a router address by some means, the source host sends a packet addressed specifically to the router physical (Media Access Control [MAC]-layer) address but with the IP (network layer) address of the destination host.
The router examines the destination IP address and tries to find the IP address in the routing table. If the router does not know how to forward the packet, it typically drops the packet. If the router knows how to forward the packet, it changes the destination MAC address to the MAC address of the next hop router and transmits the packet.
The next hop might be the ultimate destination host or another router that executes the same switching decision process. As the packet moves through the internetwork, its physical address changes, but its
protocol address remains constant (see Figure 1-1
).
1-2
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 1 Overview
Information About Layer 3 Unicast Routing
Figure 1-1
Source host
PC
Packet Header Updates Through a Network
Packet
To: Destination host (Protocol address)
Router 1 (Physical address)
Router 1
Packet
To: Destination host (Protocol address)
Router 2 (Physical address)
Router 2
Router 3
To: Destination host (Protocol address)
Router 3 (Physical address)
Packet
Destination host
PC
To: Destination host (Protocol address)
Destination host (Physical address)
Packet
Routing Metrics
Routing algorithms use many different metrics to determine the best route. Sophisticated routing algorithms can base route selection on multiple metrics.
This section includes the following metrics:
•
•
•
•
•
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
1-3
Chapter 1 Overview
Information About Layer 3 Unicast Routing
•
Path Length
The
is the most common routing metric. Some routing protocols allow you to assign arbitrary costs to each network link. In this case, the path length is the sum of the costs associated with each link traversed. Other routing protocols define hop count, a metric that specifies the number of passes through internetworking products, such as routers, that a packet must take from a source to a destination.
Reliability
The
, in the context of routing algorithms, is the dependability (in terms of the bit-error rate) of each network link. Some network links might go down more often than others. After a network fails, certain network links might be repaired more easily or more quickly than other links. The reliability factors that you can take into account when assigning the reliability rating are arbitrary numeric values that you usually assign to network links.
Routing Delay
The routing
is the length of time required to move a packet from a source to a destination through the internetwork. The delay depends on many factors, including the bandwidth of intermediate network links, the port queues at each router along the way, the network congestion on all intermediate network links, and the physical distance that the packet needs to travel. Because the routing delay is a combination of several important variables, it is a common and useful metric.
Bandwidth
The
is the available traffic capacity of a link. For example, a 10-Gigabit Ethernet link would be preferable to a 1-Gigabit Ethernet link. Although the bandwidth is the maximum attainable throughput on a link, routes through links with greater bandwidth do not necessarily provide better routes than routes through slower links. For example, if a faster link is busier, the actual time required to send a packet to the destination could be greater.
Load
in a variety of ways, including CPU utilization and packets processed per second. Monitoring these parameters on a continual basis can be resource intensive.
Communication Cost
is a measure of the operating cost to route over a link. The communication cost is another important metric, especially if you do not care about performance as much as operating expenditures. For example, the line delay for a private line might be longer than a public line, but you can send packets over your private line rather than through the public lines that cost money for usage time.
1-4
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 1 Overview
Information About Layer 3 Unicast Routing
Router IDs
Each routing process has an associated
. You can configure the router ID to any interface in the system. If you do not configure the router ID, Cisco NX-OS selects the router ID based on the following criteria:
• Cisco NX-OS prefers loopback0 over any other interface. If loopback0 does not exist, then Cisco
NX-OS prefers the first loopback interface over any other interface type.
•
•
If you have not configured any loopback interfaces, Cisco NX-OS uses the first interface in the configuration file as the router ID. If you configure any loopback interface after Cisco NX-OS selects the router ID, the loopback interface becomes the router ID. If the loopback interface is not loopback0 and you configure loopback0 later with an IP address, the router ID changes to the IP address of loopback0.
If the interface that the router ID is based on changes, that new IP address becomes the router ID. If any other interface changes its IP address, there is no router ID change.
Autonomous Systems
An
(AS) is a network controlled by a single technical administration entity.
Autonomous systems divide global external networks into individual routing domains, where local routing policies are applied. This organization simplifies routing domain administration and simplifies consistent policy configuration.
Each autonomous system can support multiple interior routing protocols that dynamically exchange routing information through route
. The Regional Internet Registries assign a unique number to each public autonomous system that directly connects to the Internet. This autonomous system number (AS number) identifies both the routing process and the autonomous system.
Cisco NX-OS supports 4-byte AS numbers.
Table 1-1 lists the AS number ranges.
Table 1-1 AS Numbers
2-Byte Numbers
1 to 64511
64512 to 65534 0.64512 to 0.65534 64512 to 65534
65535
4-Byte Numbers in
AS.dot Notation
0.1 to 0.64511
0.65535
4-Byte Numbers in plaintext Notation Purpose
1 to 64511
65535
Public AS (assigned by RIR)
1
Private AS (assigned by local administrator)
Reserved
N/A 1.0 to 65535.65535 65536 to
4294967295
Public AS (assigned by RIR)
1.
RIR=Regional Internet Registries
Private autonomous system numbers are used for internal routing domains but must be translated by the router for traffic that is routed out to the Internet. You should not configure routing protocols to advertise private autonomous system numbers to external networks. By default, Cisco NX-OS does not remove private autonomous system numbers from routing updates.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
1-5
Chapter 1 Overview
Information About Layer 3 Unicast Routing
Note The autonomous system number assignment for public and private networks is governed by the Internet
Assigned Number Authority (IANA). For information about autonomous system numbers, including the reserved number assignment, or to apply to register an autonomous system number, refer to the following URL:
http://www.iana.org/
Convergence
A key aspect to measure for any routing algorithm is how much time a router takes to react to network topology changes. When a part of the network changes for any reason, such as a link failure, the routing information in different routers might not match. Some routers will have updated information about the
changed topology, other routers will still have the old information. The convergence
is the amount of time before all routers in the network have updated, matching routing information. The convergence time varies depending on the routing algorithm. Fast convergence minimizes the chance of lost packets caused by inaccurate routing information.
Load Balancing and Equal Cost Multipath
Routing protocols can use
load balancing or equal cost multipath (ECMP) to share traffic across
multiple paths.When a router learns multiple routes to a specific network, it installs the route with the lowest administrative distance in the routing table. If the router receives and installs multiple paths with the same administrative distance and cost to a destination, load balancing can occur. Load balancing distributes the traffic across all the paths, sharing the load. The number of paths used is limited by the number of entries that the routing protocol puts in the routing table. Cisco Nexus 5500 series switches support up to 16 paths and Cisco Nexus 6000 series switches support up to 64 paths to a destination for
BGP, EIGRP, and OSPF.
The Enhanced Interior Gateway Routing Protocol (EIGRP) also supports unequal cost load balancing.
For more information, see
Chapter 7, “Configuring EIGRP.”
Route Redistribution
If you have multiple routing protocols configured in your network, you can configure these protocols to share routing information by configuring route redistribution in each protocol. For example, you can configure Open Shortest Path First (OSPF) to advertise routes learned from the Border Gateway Protocol
(BGP). You can also redistribute static routes into any dynamic routing protocol. The router that is redistributing routes from another protocol sets a fixed route metric for those redistributed routes. This avoids the problem of incompatible route metrics between the different routing protocols. For example, routes redistributed from EIGRP into OSPF are assigned a fixed link cost metric that OSPF understands.
Route redistribution also uses an administrative distance (see the
routing protocol is given a lower administrative distance so that its routes are chosen over routes from another protocol with a higher administrative distance assigned.
1-6
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 1 Overview
Information About Layer 3 Unicast Routing
Administrative Distance
the value, the lower the trust rating. Typically, a route can be learned through more than one protocol.
Administrative distance is used to discriminate between routes learned from more than one protocol. The route with the lowest administrative distance is installed in the IP routing table.
Stub Routing
You can use stub routing in a hub-and-spoke network topology, where one or more end (stub) networks are connected to a remote router (the spoke) that is connected to one or more distribution routers (the hub). The remote router is adjacent only to one or more distribution routers. The only route for IP traffic to follow into the remote router is through a distribution router. This type of configuration is commonly used in WAN topologies in which the distribution router is directly connected to a WAN. The distribution router can be connected to many more remote routers. Often, the distribution router is connected to 100 or more remote routers. In a hub-and-spoke topology, the remote router must forward all nonlocal traffic to a distribution router, so it becomes unnecessary for the remote router to hold a complete routing table.
Generally, the distribution router sends only a default route to the remote router.
Only specified routes are propagated from the remote (stub) router. The stub router responds to all queries for summaries, connected routes, redistributed static routes, external routes, and internal routes with the message “inaccessible.” A router that is configured as a stub sends a special peer information packet to all neighboring routers to report its status as a stub router.
Any neighbor that receives a packet informing it of the stub status does not query the stub router for any routes, and a router that has a stub peer does not query that peer. The stub router depends on the distribution router to send the proper updates to all peers.
Figure 1-2 shows a simple hub-and-spoke configuration.
Figure 1-2 Simple Hub-and-Spoke Network
Internet
OL-30923-01
Corporate network
Distribution router
(hub)
Remote router
(spoke)
Stub routing does not prevent routes from being advertised to the remote router.
shows that the remote router can access the corporate network and the Internet through the distribution router only.
A full route table on the remote router, in this example, serves no functional purpose because the path to the corporate network and the Internet would always be through the distribution router. A larger route table would reduce only the amount of memory required by the remote router. The bandwidth and memory used can be lessened by summarizing and filtering routes in the distribution router. In this network topology, the remote router does not need to receive routes that have been learned from other networks because the remote router must send all nonlocal traffic, regardless of its destination, to the distribution router. To configure a true stub network, you should configure the distribution router to send only a default route to the remote router.
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
1-7
Chapter 1 Overview
Routing Algorithms
OSPF supports stub areas and EIGRP supports stub routers.
Routing Algorithms
Routing algorithms determine how a router gathers and reports reachability information, how it deals with topology changes, and how it determines the optimal route to a destination. Various types of routing algorithms exist, and each algorithm has a different impact on network and router resources. Routing algorithms use a variety of metrics that affect calculation of optimal routes. You can classify routing algorithms by type, such as static or dynamic, and interior or exterior.
This section includes the following topics:
•
Static Routes and Dynamic Routing Protocols, page 1-8
•
•
•
Interior and Exterior Gateway Protocols, page 1-8
Distance Vector Protocols, page 1-9
Link-State Protocols, page 1-9
Static Routes and Dynamic Routing Protocols
Static routes are route table entries that you manually configure. These static routes do not change unless you reconfigure them. Static routes are simple to design and work well in environments where network traffic is relatively predictable and where network design is relatively simple.
Because static routing systems cannot react to network changes, you should not use them for today’s large, constantly changing networks. Most routing protocols today use dynamic routing algorithms, which adjust to changing network circumstances by analyzing incoming routing update messages. If the message indicates that a network change has occurred, the routing software recalculates routes and sends out new routing update messages. These messages permeate the network, triggering routers to rerun their algorithms and change their routing tables accordingly.
You can supplement dynamic routing algorithms with static routes where appropriate. For example, you should configure each subnetwork with a static route to the IP
or router of last resort (a router to which all unrouteable packets are sent).
Interior and Exterior Gateway Protocols
You can separate networks into unique routing domains or autonomous systems. An autonomous system is a portion of an internetwork under common administrative authority that is regulated by a particular set of administrative guidelines. Routing protocols that route between autonomous systems are called exterior gateway protocols or interdomain protocols. BGP is an example of an exterior gateway protocol.
Routing protocols used within an autonomous system are called interior gateway protocols or intradomain protocols. EIGRP and OSPF are examples of interior gateway protocols.
1-8
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 1 Overview
Routing Algorithms
Distance Vector Protocols
Distance vector protocols use
algorithms (also known as Bellman-Ford algorithms) that call for each router to send all or some portion of its routing table to its neighbors. Distance vector algorithms define routes by distance (for example, the number of hops to the destination) and direction
(for example, the next-hop router). These routes are then broadcast to the directly connected neighbor routers. Each router uses these updates to verify and update the routing tables.
means that the routes learned from an interface are set as unreachable and advertised back along the interface that they were learned on during the next periodic update. This feature prevents the router from seeing its own route updates coming back.
Distance vector algorithms send updates at fixed intervals but can also send updates in response to changes in route metric values. These triggered updates can speed up the route convergence time. The
Routing Information Protocol (RIP) is a distance vector protocol.
Link-State Protocols
The
protocols, also known as shortest path first (SPF), share information with neighboring routers. Each router builds a link-state advertisement (LSA), which contains information about each link and directly connected neighbor router.
Each LSA has a sequence number. When a router receives an LSA and updates its link-state database, the LSA is flooded to all adjacent neighbors. If a router receives two LSAs with the same sequence number (from the same router), the router does not flood the last LSA received to its neighbors to prevent an LSA update loop. Because the router floods the LSAs immediately after they receive them, convergence time for link-state protocols is minimized.
Discovering neighbors and establishing adjacency is an important part of a link state protocol. Neighbors are discovered using special Hello packets that also serve as keepalive notifications to each neighbor router. Adjacency is the establishment of a common set of operating parameters for the link-state protocol between neighbor routers.
The LSAs received by a router are added to its link-state database. Each entry consists of the following parameters:
• Router ID (for the router that originated the LSA)
•
•
•
•
Neighbor ID
Link cost
Sequence number of the LSA
Age of the LSA entry
The router runs the SPF algorithm on the link-state database, building the shortest path tree for that router. This SPF tree is used to populate the routing table.
In link-state algorithms, each router builds a picture of the entire network in its routing tables. The link-state algorithms send small updates everywhere, while distance vector algorithms send larger updates only to neighboring routers.
Because they converge more quickly, link-state algorithms are somewhat less prone to routing loops than distance vector algorithms. However, link-state algorithms require more CPU power and memory than distance vector algorithms. Link-state algorithms can be more expensive to implement and support.
Link-state protocols are generally more scalable than distance vector protocols.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
1-9
Chapter 1 Overview
Layer 3 Virtualization
OSPF is an example of a link-state protocol.
Layer 3 Virtualization
Cisco NX-OS supports multiple Virtual Routing and Forwarding Instances (VRFs) and multiple routing information bases (
RIB s) to support multiple address domains. Each VRF is associated with a RIB and
this information is collected by the forwarding information base (FIB). A VRF represents a Layer 3 addressing domain. Each Layer 3 interface (logical or physical) belongs to one VRF. For more information, see
Chapter 12, “Configuring Layer 3 Virtualization.”
Cisco NX-OS Fowarding Architecture
The Cisco NX-OS forwarding architecture is responsible for processing all routing updates and populating the forwarding information on the switch.
This section includes the following topics:
•
•
•
•
•
•
Unicast Forwarding Distribution Module, page 1-11
Hardware Forwarding, page 1-12
Software Forwarding, page 1-12
Unicast RIB
The Cisco NX-OS forwarding architecture consists of multiple components, as shown in
Figure 1-3 Cisco NX-OS Forwarding Architecture
EIGRP BGP OSPF ARP
Switch components
URIB Adjacency Manager (AM)
Unicast FIB Distribution Module (uFDM)
Unicast Forwarding Information Base (UFIB)
1-10
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 1 Overview
Cisco NX-OS Fowarding Architecture
The unicast RIB maintains the routing table with directly connected routes, static routes, and routes learned from dynamic unicast routing protocols. The unicast RIB also collects adjacency information from sources such as the Address Resolution Protocol (ARP). The unicast RIB determines the best next-hop for a given route and populates the unicast forwarding information base (FIB) by using the services of unicast FIB distribution module (FDM).
Each dynamic routing protocol must update the unicast RIB for any route that has timed out. The unicast
RIB then deletes that route and recalculates the best next-hop for that route (if an alternate path is available).
Adjacency Manager
The adjacency manager maintains adjacency information for different protocols including ARP, Open
Shortest Path First version 2 (OSPFv2), Neighbor Discovery Protocol (NDP), and static configuration.
The most basic adjacency information is the Layer 3 to Layer 2 address mapping discovered by these protocols. Outgoing Layer 2 packets use the adjacency information to complete the Layer 2 header.
The adjacency manager can trigger ARP requests to find a particular Layer 3 to Layer 2 mapping. The new mapping becomes available when the corresponding ARP reply is received and processed. For IPv6, the adjacency manager finds the Layer 3 to Layer 2 mapping information from NDP. See Chapter 3,
“Configuring IPv6.”
Unicast Forwarding Distribution Module
The unicast forwarding distribution module distributes the forwarding path information from the unicast
RIB and other sources. The unicast RIB generates forwarding information which the unicast FIB programs into the hardware forwarding tables. The unicast forwarding distribution module also downloads the FIB information to newly inserted modules.
The unicast forwarding distribution module gathers adjacency information, rewrite information, and other platform-dependent information when updating routes in the unicast FIB. The adjacency and rewrite information consists of interface, next-hop, and Layer 3 to Layer 2 mapping information. The interface and next-hop information is received in route updates from the unicast RIB. The Layer 3 to
Layer 2 mapping is received from the adjacency manager.
FIB
The unicast FIB builds the information used for the hardware forwarding engine. The unicast FIB receives route updates from the unicast forwarding distribution module and sends the information along to be programmed in the hardware forwarding engine. The unicast FIB controls the addition, deletion, and modification of routes, paths, and adjacencies.
The unicast FIBs are maintained on a per-VRF and per-address-family basis, that is, one for IPv4 and one for IPv6 for each configured VRF. Based on route update messages, the unicast FIB maintains a per-VRF prefix and next-hop adjacency information database. The next-hop adjacency data structure contains the next-hop IP address and the Layer 2 rewrite information. Multiple prefixes could share a next-hop adjacency information structure.
The unicast FIB also enables and disables unicast reverse path forwarding (RPF) checks per interface.
The Cisco Nexus 5548 switch supports the following two RPF modes that can be configured on each ingress interface:
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
1-11
Chapter 1 Overview
Summary of Layer 3 Unicast Routing Features
•
•
RPF Strict Check—Packets that do not have a verifiable source address in the routers forwarding table or do not arrive on any of the return paths to the source are dropped.
RPF Loose Check—Packets have a verifiable source address in the routers forwarding table and the source is reachable through a physical interface. The ingress interface that receives the packet need not match any of the interfaces in the FIB.
Hardware Forwarding
Cisco NX-OS supports distributed packet forwarding. The ingress port takes relevant information from the packet header and passes the information to the local switching engine. The local switching engine does the Layer 3 lookup and uses this information to rewrite the packet header. The ingress module forwards the packet to the egress port. If the egress port is on a different module, the packet is forwarded using the switch fabric to the egress module. The egress module does not participate in the Layer 3 forwarding decision.
You also can use the show platform fib or show platform forwarding commands to display details on hardware forwarding.
Software Forwarding
The software forwarding path in Cisco NX-OS is used mainly to handle features that are not supported in hardware or to handle errors encountered during hardware processing. Typically, packets with IP options or packets that need fragmentation are passed to the CPU. The unicast RIB and the adjacency manager make the forwarding decisions based on the packets that should be switched in software or terminated.
Software forwarding is controlled by control plane policies and rate limiters.
Summary of Layer 3 Unicast Routing Features
This section provides a brief introduction to the Layer 3 unicast features and protocols supported in
Cisco NX-OS.
This section includes the following topics:
•
•
•
•
•
•
•
•
•
Layer 3 Virtualization, page 1-14
•
•
Route Policy Manager, page 1-14
First-Hop Redundancy Protocols, page 1-14
1-12
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 1 Overview
IPv4 and IPv6
IPv4 and IPv6
Layer 3 uses either the IPv4 or IPv6 protocol. IPv6 is a new IP protocol designed to replace IPv4, the
Internet protocol that is predominantly deployed and used throughout the world. IPv6 increases the number of network address bits from 32 bits (in IPv4) to 128 bits. For more information, see
or Chapter 3, “Configuring IPv6.”
OSPF
The OSPF protocol is a link-state routing protocol used to exchange network reachability information within an autonomous system. Each OSPF router advertises information about its active links to its neighbor routers. Link information consists of the link type, the link metric, and the neighbor router connected to the link. The advertisements that contain this link information are called link-state
advertisements. For more information, see Chapter 5, “Configuring OSPFv2.”
EIGRP
The EIGRP protocol is a unicast routing protocol that has the characteristics of both distance vector and link-state routing protocols. It is an improved version of IGRP, which is a Cisco proprietary routing protocol. EIGRP relies on its neighbors to provide the routes, typical to a distance vector routing protocol. It constructs the network topology from the routes advertised by its neighbors, similar to a link-state protocol, and uses this information to select loop-free paths to destinations. For more information, see
Chapter 7, “Configuring EIGRP.”
BGP
The Border Gateway Protocol (BGP) is an inter-autonomous system routing protocol. A BGP router advertises network reachability information to other BGP routers using Transmission Control Protocol
(TCP) as its reliable transport mechanism. The network reachability information includes the destination network prefix, a list of autonomous systems that needs to be traversed to reach the destination, and the next-hop router. Reachability information contains additional path attributes such as preference to a route, origin of the route, community and others. For more information, see
Chapter 9, “Configuring Advanced BGP.”
RIP
The Routing Information Protocol (RIP) is a distance-vector protocol that uses a hop count as its metric.
RIP is widely used for routing traffic in the global Internet and is an Interior Gateway Protocol (IGP), which means that it performs routing within a single autonomous system. For more information, see
Chapter 10, “Configuring RIP.”
Static Routing
Static routing allows you to enter a fixed route to a destination. This feature is useful for small networks where the topology is simple. Static routing is also used with other routing protocols to control default
routes and route distribution. For more information, see Chapter 11, “Configuring Static Routing.”
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
1-13
Chapter 1 Overview
Related Topics
Layer 3 Virtualization
Virtualization allows you to share physical resources across separate management domains.
Cisco NX-OS supports Layer 3 virtualization with VPN Routing and Forwarding (VRF). A VRF provides a separate address domain for configuring Layer 3 routing protocols. For more information, see
Chapter 12, “Configuring Layer 3 Virtualization.”
Route Policy Manager
The Route Policy Manager provides a route filtering capability in Cisco NX-OS. It uses route maps to filter routes distributed across various routing protocols and between different entities within a given routing protocol. Filtering is based on specific match criteria, which is similar to packet filtering by access control lists. For more information, see
Chapter 14, “Configuring Route Policy Manager.”
First-Hop Redundancy Protocols
A first-hop redundancy protocol (FHRP) allows you to provide redundant connections to your hosts. If an active first-hop router fails, the FHRP automatically selects a standby router to take over. You do not need to update the hosts with new IP addresses because the address is virtual and shared between each router in the FHRP group. For more information on the Hot Standby Router Protocol (HSRP), see
Chapter 17, “Configuring HSRP.” For more information on the Virtual Router Redundancy Protocol
(VRRP), see
Chapter 18, “Configuring VRRP.”
Object Tracking
Object tracking allows you to track specific objects on the network, such as the interface line protocol state, IP routing, and route reachability, and take action when the tracked object’s state changes. This feature allows you to increase the availability of the network and shorten recovery time if an object state goes down. For more information, see
Chapter 19, “Configuring Object Tracking.”
Related Topics
The following Cisco documents are related to the Layer 3 features:
•
•
Cisco Nexus 6000 Series NX-OS Multicast Routing Configuration Guide, Release 7.x
Exploring Autonomous System Numbers: http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_9-1/autonomous_system_numb ers.html
1-14
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
C H A P T E R
2
Configuring IPv4
This chapter describes how to configure Internet Protocol version 4 (IPv4), which includes addressing,
Address Resolution Protocol (ARP), and Internet Control Message Protocol (ICMP), on the Cisco
NX-OS switch.
This chapter includes the following sections:
•
•
•
•
•
Information About IPv4, page 2-1
Licensing Requirements for IPv4, page 2-7
Prerequisites for IPv4, page 2-7
Guidelines and Limitations, page 2-7
•
•
•
•
Configuring IP Directed Broadcasts, page 2-16
Configuration Examples for IPv4, page 2-20
Additional References, page 2-20
Information About IPv4
You can configure IP on the switch to assign IP addresses to network interfaces. When you assign IP addresses, you enable the interfaces and allow communication with the hosts on those interfaces.
You can configure an IP address as primary or secondary on a switch. An interface can have one primary
IP address and multiple secondary addresses. All networking switches on an interface should share the same primary IP address because the packets that are generated by the switch always use the primary
IPv4 address. Each IPv4 packet is based on the information from a source or destination IP address. See the
“Multiple IPv4 Addresses” section on page 2-2 .
You can use a subnet to mask the IP addresses. A mask is used to determine what subnet an IP address belongs to. An IP address contains the network address and the host address. A mask identifies the bits that denote the network number in an IP address. When you use the mask to subnet a network, the mask is then referred to as a subnet mask. Subnet masks are 32-bit values that allow the recipient of IP packets to distinguish the network ID portion of the IP address from the host ID portion of the IP address.
The IP feature in the Cisco NX-OS system is responsible for handling IPv4 packets, as well as the forwarding of IPv4 packets, which includes IPv4 unicast and multicast route lookup, reverse path forwarding (RPF) checks, software access control list/policy based routing (ACL/PBR) forwarding, and
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
2-1
Chapter 2 Configuring IPv4
Information About IPv4 and policy-based routing (PBR). The IP feature also manages the network interface IP address configuration, duplicate address checks, static routes, and packet send and receive interface for IP clients.
This section includes the following topics:
•
Multiple IPv4 Addresses, page 2-2
•
•
•
•
•
•
•
•
•
•
•
•
•
Address Resolution Protocol, page 2-3
Static and Dynamic Entries in the ARP Cache, page 2-4
Devices That Do Not Use ARP, page 2-4
ACLs for IP Directed Broadcast, page 2-6
Path MTU Discovery, page 2-5
Virtualization Support, page 2-7
Multiple IPv4 Addresses
The Cisco NX-OS system supports multiple IP addresses per interface. You can specify an unlimited number of secondary addresses for a variety of situations. The most common situations are as follows:
•
•
When there are not enough host IP addresses for a particular network interface. For example, if your subnetting allows up to 254 hosts per logical subnet, but on one physical subnet you must have 300 host addresses, then you can use secondary IP addresses on the routers or access servers to allow you to have two logical subnets using one physical subnet.
Two subnets of a single network might otherwise be separated by another network. You can create a single network from subnets that are physically separated by another network by using a secondary address. In these instances, the first network is extended, or layered on top of the second network.
A subnet cannot appear on more than one active interface of the router at a time.
Note If any switch on a network segment uses a secondary IPv4 address, all other switches on that same network interface must also use a secondary address from the same network or subnet. The inconsistent use of secondary addresses on a network segment can quickly cause routing loops.
2-2
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 2 Configuring IPv4
Information About IPv4
Address Resolution Protocol
Networking switches and Layer 3 switches use Address Resolution Protocol (ARP) to map IP (network layer) addresses to (Media Access Control [MAC]-layer) addresses to enable IP packets to be sent across networks. Before a switch sends a packet to another switch, it looks in its own ARP cache to see if there is a MAC address and corresponding IP address for the destination switch. If there is no entry, the source switch sends a broadcast message to every switch on the network.
Each switch compares the IP address to its own. Only the switch with the matching IP address replies to the switch that sends the data with a packet that contains the MAC address for the switch. The source switch adds the destination switch MAC address to its ARP table for future reference, creates a data-link header and trailer that encapsulates the packet, and proceeds to transfer the data.
shows the
ARP broadcast and response process.
Figure 2-1 ARP Process
Fred Barney
I need the address of 10.1.1.2.
I heard that broadcast. The message is for me.
Here is my MAC address: 00:1D:7E:1D:00:01.
When the destination switch lies on a remote network which is beyond another switch, the process is the same except that the switch that sends the data sends an ARP request for the MAC address of the default gateway. After the address is resolved and the default gateway receives the packet, the default gateway broadcasts the destination IP address over the networks connected to it. The switch on the destination switch network uses ARP to obtain the MAC address of the destination switch and delivers the packet.
ARP is enabled by default.
The default system-defined CoPP policy rate-limits ARP broadcast packets. The default system-defined
CoPP policy prevents an ARP broadcast storm from affecting the control plane traffic but does not affect bridged packets.
ARP Caching
ARP caching minimizes broadcasts and limits wasteful use of network resources. The mapping of IP addresses to MAC addresses occurs at each hop (switch) on the network for every packet sent over an internetwork, which may affect network performance.
ARP caching stores network addresses and the associated data-link addresses in memory for a period of time, which minimizes the use of valuable network resources to broadcast for the same address each time a packet is sent. You must maintain the cache entries since the cache entries are set to expire periodically because the information might become outdated. Every switch on a network updates its tables as addresses are broadcast.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
2-3
Chapter 2 Configuring IPv4
Information About IPv4
Static and Dynamic Entries in the ARP Cache
You must manually configure the IP addresses, subnet masks, gateways, and corresponding MAC addresses for each interface of each switch when using static routes. Static routing enables more control but requires more work to maintain the route table. You must update the table each time you add or change routes.
Dynamic routing uses protocols that enable the switches in a network to exchange routing table information with each other. Dynamic routing is more efficient than static routing because the route table is automatically updated unless you add a time limit to the cache. The default time limit is 25 minutes but you can modify the time limit if the network has many routes that are added and deleted from the cache.
Devices That Do Not Use ARP
When a network is divided into two segments, a bridge joins the segments and filters traffic to each segment based on MAC addresses. The bridge builds its own address table that uses MAC addresses only, as opposed to a switch, which has an ARP cache that contains both IP addresses and the corresponding MAC addresses.
Passive hubs are central-connection switches that physically connect other switches in a network. They send messages out on all their ports to the switches and operate at Layer 1 but do not maintain an address table.
Layer 2 switches determine which port is connected to a device to which the message is addressed and send only to that port, unlike a hub, which sends the message out all of its ports. However, Layer 3 switches are switches that build an ARP cache (table).
Reverse ARP
Reverse ARP (RARP) as defined by RFC 903 works the same way as ARP, except that the RARP request packet requests an IP address instead of a MAC address. RARP often is used by diskless workstations because this type of device has no way to store IP addresses to use when they boot. The only address that is known is the MAC address because it is burned into the hardware.
Use of RARP requires an RARP server on the same network segment as the router interface.
illustrates how RARP works.
Figure 2-2
Device A
Reverse ARP
RARP server
I am device A and sending a broadcast that uses my hardware address.
Can somone on the network tell me what my IP address is?
Okay, your hardware address is 00:1D:7E:1D:00:01 and your IP address is 10.0.0.2
2-4
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 2 Configuring IPv4
Information About IPv4
There are several limitations of RARP. Because of these limitations, most businesses use DHCP to assign IP addresses dynamically. DHCP is cost effective and requires less maintenance than RARP. The following are the most important limitations:
•
•
Because RARP uses hardware addresses, if the internetwork is large with many physical networks, a RARP server must be on every segment with an additional server for redundancy. Maintaining two servers for every segment is costly.
Each server must be configured with a table of static mappings between the hardware addresses and
IP addresses. Maintenance of the IP addresses is difficult.
• RARP only provides IP addresses of the hosts and not subnet masks or default gateways.
Proxy ARP
Proxy ARP enables a switch that is physically located on one network appear to be logically part of a different physical network connected to the same switch or firewall. Proxy ARP allows you to hide a switch with a public IP address on a private network behind a router and still have the switch appear to be on the public network in front of the router. By hiding its identity, the router accepts responsibility for routing packets to the real destination. Proxy ARP can help switches on a subnet reach remote subnets without configuring routing or a default gateway.
When switches are not in the same data link layer network but in the same IP network, they try to transmit data to each other as if they are on the local network. However, the router that separates the switches does not send a broadcast message because routers do not pass hardware-layer broadcasts and the addresses cannot be resolved.
When you enable Proxy ARP on the switch and it receives an ARP request, it identifies the request as a request for a system that is not on the local LAN. The switch responds as if it is the remote destination for which the broadcast is addressed, with an ARP response that associates the MAC address of the switch with the IP address of the remote destination. The local switch believes that it is directly connected to the destination, while in reality its packets are being forwarded from the local subnetwork toward the destination subnetwork by their local switch. By default, Proxy ARP is disabled.
Local Proxy ARP
You can use local Proxy ARP to enable a switch to respond to ARP requests for IP addresses within a subnet where normally no routing is required. When you enable local Proxy ARP, ARP responds to all
ARP requests for IP addresses within the subnet and forwards all traffic between hosts in the subnet. Use this feature only on subnets where hosts are intentionally prevented from communicating directly by the configuration on the switch to which they are connected.
Gratuitous ARP
Gratuitous ARP sends a request with identical source IP address and destination IP address to detect duplicate IP addresses. Cisco NX-OS Release 5.0(3) support enabling or disabling gratuitous ARP requests or ARP cache updates.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
2-5
Chapter 2 Configuring IPv4
Information About IPv4
ACLs for IP Directed Broadcast
You can use IP directed broadcast to broadcast to an IP subnet from a node that does not belong to it.
You can specify an ACL list for the broadcast.
Glean Throttling
When forwarding an incoming IP packet in a line card, if the Address Resolution Protocol (ARP) request for the next hop is not resolved, the line card forwards the packets to the supervisor (glean throttling).
The supervisor resolves the MAC address for the next hop and programs the hardware.
The Cisco Nexus 6000 Series device hardware has glean rate limiters to protect the supervisor from the glean traffic. If the maximum number of entries is exceeded, the packets for which the ARP request is not resolved continues to be processed in the software instead of getting dropped in the hardware.
When an ARP request is sent, the software adds a /32 drop adjacency in the hardware to prevent the packets to the same next-hop IP address to be forwarded to the supervisor. When the ARP is resolved, the hardware entry is updated with the correct MAC address. If the ARP entry is not resolved before a timeout period, the entry is removed from the hardware.
Path MTU Discovery
Path MTU discovery is a method for maximizing the use of available bandwidth in the network between the endpoints of a TCP connection. It is described in RFC 1191. Existing connections are not affected when this feature is turned on or off.
ICMP
You can use ICMP to provide message packets that report errors and other information that is relevant to IP processing. ICMP generates error messages, such as ICMP destination unreachable messages,
ICMP Echo Requests (which send a packet on a round trip between two hosts) and Echo Reply messages.
ICMP also provides many diagnostic functions and can send and redirect error packets to the host. By default, ICMP is enabled.
Some of the ICMP message types are as follows:
• Network error messages
•
•
•
Network congestion messages
Troubleshooting information
Timeout announcements
Note ICMP redirects are disabled on interfaces where the local proxy ARP feature is enabled.
2-6
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 2 Configuring IPv4
Licensing Requirements for IPv4
Virtualization Support
IPv4 supports Virtual Routing and Forwarding instances (VRFs). By default, Cisco NX-OS places you in the default VRF unless you specifically configure another VRF. For more information, see
Chapter 12, “Configuring Layer 3 Virtualization.”
Licensing Requirements for IPv4
The following table shows the licensing requirements for this feature:
Product License Requirement
Cisco NX-OS IPv4 requires no license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide .
Prerequisites for IPv4
IPv4 has the following prerequisites:
• IPv4 can only be configured on Layer 3 interfaces.
Guidelines and Limitations
IPv4 has the following configuration guidelines and limitations:
• You can configure a secondary IP address only after you configure the primary IP address.
Default Settings
Table 2-1 lists the default settings for IP parameters.
Table 2-1
Parameters
ARP timeout proxy ARP
Default IP Parameters
Default
1500 seconds disabled
Configuring IPv4
This section includes the following topics:
•
Configuring IPv4 Addressing, page 2-8
•
Configuring Multiple IP Addresses, page 2-9
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
2-7
Chapter 2 Configuring IPv4
Configuring IPv4
•
•
•
•
•
•
•
•
•
Configuring a Static ARP Entry, page 2-10
Configuring Proxy ARP, page 2-11
Configuring Local Proxy ARP, page 2-12
Configuring Path MTU Discovery, page 2-13
Configuring IP Directed Broadcasts, page 2-16
Configuring IP Glean Throttling, page 2-17
Configuring the Hardware IP Glean Throttle Maximum, page 2-18
Configuring a Hardware IP Glean Throttle Timeout, page 2-18
Verifying the IPv4 Configuration, page 2-19
Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Configuring IPv4 Addressing
You can assign a primary IP address for a network interface.
SUMMARY STEPS
4.
5.
6.
1.
2.
3.
configure terminal interface ethernet number no switchport ip address ip-address/length [secondary]
(Optional) show ip interface
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 interface ethernet number
Example: switch(config)# interface ethernet 2/3 switch(config-if)#
Step 3 no switchport
Example: switch(config-if)# no switchport
Purpose
Enters configuration mode.
Enters interface configuration mode.
Configures the interface as a Layer 3 routed interface.
2-8
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 2 Configuring IPv4
Configuring IPv4
Command
Step 4 ip address ip-address/length
[ secondary ]
Example: switch(config-if)# ip address 192.2.1.1
255.0.0.0
Step 5 show ip interface
Purpose
Specifies a primary or secondary IPv4 address for an interface.
• The network mask can be a four-part dotted decimal address. For example, 255.0.0.0 indicates that each bit equal to 1 means the corresponding address bit belongs to the network address.
• The network mask can be indicated as a slash (/) and a number - a prefix length. The prefix length is a decimal value that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address). A slash must precede the decimal value and there is no space between the IP address and the slash.
(Optional) Displays interfaces configured for IPv4.
Example: switch(config-if)# show ip interface
Step 6 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config-if)# copy running-config startup-config
This example shows how to assign an IPv4 address: switch# configure terminal switch(config)# interface ethernet 2/3 switch(config-if)# no switchport switch(config-if)# ip address 192.2.1.1 255.0.0.0
switch(config-if)# copy running-config startup-config
Configuring Multiple IP Addresses
You can only add secondary IP addresses after you configure primary IP addresses.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
configure terminal interface ethernet number no switchport ip address ip-address/length [secondary]
(Optional) show ip interface
(Optional) copy running-config startup-config
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
2-9
Chapter 2 Configuring IPv4
Configuring IPv4
DETAILED STEPS
Command
Step 1 configure terminal
Purpose
Enters configuration mode.
Example: switch# configure terminal switch(config)#
Step 2 interface ethernet number Enters interface configuration mode.
Example: switch(config)# interface ethernet 2/3 switch(config-if)#
Step 3 no switchport
Example: switch(config-if)# show ip interface
Step 6 copy running-config startup-config
Configures the interface as a Layer 3 routed interface.
Example: switch(config-if)# no switchport
Step 4 ip address ip-address/length
[ secondary ]
Specifies the configured address as a secondary IPv4 address.
Example: switch(config-if)# ip address 192.2.1.1
255.0.0.0 secondary
Step 5 show ip interface (Optional) Displays interfaces configured for IPv4.
(Optional) Saves this configuration change.
Example: switch(config-if)# copy running-config startup-config
Configuring a Static ARP Entry
You can configure a static ARP entry on the switch to map IP addresses to MAC hardware addresses, including static multicast MAC addresses.
SUMMARY STEPS
1.
2.
3.
4.
5.
configure terminal interface ethernet number no switchport ip arp ipaddr mac_addr
(Optional) copy running-config startup-config
2-10
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 2 Configuring IPv4
Configuring IPv4
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 interface ethernet number
Example: switch(config)# interface ethernet 2/3 switch(config-if)#
Step 3 no switchport
Example: switch(config-if)# no switchport
Step 4 ip arp ipaddr mac_addr
Example: switch(config-if)# ip arp 192.2.1.1
0019.076c.1a78
Step 5 copy running-config startup-config
Example: switch(config-if)# copy running-config startup-config
Purpose
Enters configuration mode.
Enters interface configuration mode.
Configures the interface as a Layer 3 routed interface.
Associates an IP address with a MAC address as a static entry.
(Optional) Saves this configuration change.
This example shows how to configure a static ARP entry: switch# configure terminal switch(config)# interface ethernet 2/3 switch(config-if)# no switchport switch(config-if)# ip arp 192.2.1.1 0019.076c.1a78
switch(config-if)# copy running-config startup-config
Configuring Proxy ARP
You can configure Proxy ARP on the switch to determine the media addresses of hosts on other networks or subnets.
SUMMARY STEPS
3.
4.
1.
2.
5.
configure terminal interface ethernet number no switchport ip proxy-arp
(Optional) copy running-config startup-config
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
2-11
Chapter 2 Configuring IPv4
Configuring IPv4
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 interface ethernet number
Example: switch(config)# interface ethernet 2/3 switch(config-if)#
Step 3 no switchport
Example: switch(config-if)# no switchport
Step 4 ip proxy-arp
Example: switch(config-if)# ip proxy-arp
Step 5 copy running-config startup-config
Example: switch(config-if)# copy running-config startup-config
Purpose
Enters configuration mode.
Enters interface configuration mode.
Configures the interface as a Layer 3 routed interface.
Enables Proxy ARP on the interface.
(Optional) Saves this configuration change.
This example shows how to configure Proxy ARP: switch# configure terminal switch(config)# interface ethernet 2/3 switch(config-if)# no switchport switch(config-if)# ip proxy-arp switch(config-if)# copy running-config startup-config
Configuring Local Proxy ARP
You can configure Local Proxy ARP on the switch.
SUMMARY STEPS
3.
4.
1.
2.
5.
configure terminal interface ethernet number no switchport ip local-proxy-arp
(Optional) copy running-config startup-config
2-12
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 2 Configuring IPv4
Configuring IPv4
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 interface ethernet number
Example: switch(config)# interface ethernet 2/3 switch(config-if)#
Step 3 no switchport
Example: switch(config-if)# no switchport
Step 4 ip local-proxy-arp
Example: switch(config-if)# ip local-proxy-arp
Step 5 copy running-config startup-config
Example: switch(config-if)# copy running-config startup-config
Purpose
Enters configuration mode.
Enters interface configuration mode.
Configures the interface as a Layer 3 routed interface.
Enables Local Proxy ARP on the interface.
(Optional) Saves this configuration change.
This example shows how to configure Local Proxy ARP: switch# configure terminal switch(config)# interface ethernet 2/3 switch(config-if)# no switchport switch(config-if)# ip local-proxy-arp switch(config-if)# copy running-config startup-config
Configuring Gratuitous ARP
You can configure gratuitous ARP on an interface.
SUMMARY STEPS
3.
4.
1.
2.
5.
configure terminal interface ethernet number no switchport ip arp gratuitous { request | update }
(Optional) copy running-config startup-config
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
2-13
Chapter 2 Configuring IPv4
Configuring IPv4
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 interface ethernet number
Example: switch(config)# interface ethernet 2/3 switch(config-if)#
Step 3 no switchport
Example: switch(config-if)# no switchport
Step 4 ip arp gratuitous { request | update }
Example: switch(config-if)# ip arp gratuitous request
Step 5 copy running-config startup-config
Example: switch(config-if)# copy running-config startup-config
Purpose
Enters configuration mode.
Enters interface configuration mode.
Configures the interface as a Layer 3 routed interface.
Enables gratuitous ARP on the interface. Default is enabled.
(Optional) Saves this configuration change.
This example shows how to disable gratuitous ARP requests: switch# configure terminal switch(config)# interface ethernet 2/3 switch(config-if)# no switchport switch(config-if)# no ip arp gratuitous request switch(config-if)# copy running-config startup-config
Configuring Path MTU Discovery
You can configure path MTU discovery on an interface.
SUMMARY STEPS
3.
4.
1.
2.
configure terminal interface ethernet number ip tcp path-mtu-discovery
(Optional) copy running-config startup-config
2-14
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 2 Configuring IPv4
Configuring IPv4
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 interface ethernet number
Example: switch(config)# interface ethernet 2/3 switch(config-if)#
Step 3 ip tcp path-mtu-discovery
Example: switch(config-if)# ip tcp path-mtu-discovery
Step 4 copy running-config startup-config
Example: switch(config-if)# copy running-config startup-config
Purpose
Enters configuration mode.
Enters interface configuration mode.
Enables path MTU discovery.
(Optional) Saves this configuration change.
Configuring IP Packet Verification
Apolina: Command not available on switch 172.29.231.33 in EXEC, config, interface modes
Cisco NX-OS supports an Intrusion Detection System (IDS) that checks for IP packet verification. You can enable or disable these IDS checks.
To enable IDS checks, use the following commands in global configuration mode:
Command hardware ip verify address { destination zero | identical | reserved | source
{broadcast | multicast }}
Purpose
Performs the following IDS checks on the IP address:
•
• destination zero —Drops IP packets if the destination IP address is 0.0.0.0.
identical —Drops IP packets if the source IP address is identical to the destination IP address.
hardware ip verify checksum hardware ip verify fragment
•
• reserved —Drops IP packets if the IP address is in the 127.x.x.x range.
source —Drops IP packets if the IP source address is either 255.255.255.255 (broadcast) or in the
224.x.x.x range (multicast).
Drops IP packets if the packet checksum is invalid.
Drops IP packets if the packet fragment has a nonzero offset and the DF bit is active.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
2-15
Chapter 2 Configuring IPv4
Configuring IPv4
Command hardware ip verify length { consistent | maximum { max-frag | max-tcp | udp } | minimum } hardware ip verify tcp tiny-frag hardware ip verify version
Purpose
Performs the following IDS checks on the IP address:
• consistent —Drops IP packets where the Ethernet frame size is greater than or equal to the IP packet length plus the Ethernet header.
•
• maximum max-frag —Drops IP packets if the maximum fragment offset is greater than 65536.
maximum max-tcp —Drops IP packets if the TCP length is greater than the IP payload length.
•
• maximum udp —Drops IP packets if the IP payload length is less than the UDP packet length.
minimum —Drops IP packets if the Ethernet frame length is less than the IP packet length plus four octets (the CRC length).
Drops TCP packets if the IP fragment offset is 1, or if the
IP fragment offset is 0 and the IP payload length is less than 16.
Drops IP packets if the ethertype is not set to 4 (IPv4).
Use the show hardware forwarding ip verify command to display the IP packet verification configuration.
Configuring IP Directed Broadcasts
An IP directed broadcast is an IP packet whose destination address is a valid broadcast address for some
IP subnet, but which originates from a node that is not itself part of that destination subnet.
A switch that is not directly connected to its destination subnet forwards an IP directed broadcast in the same way it would forward unicast IP packets destined to a host on that subnet. When a directed broadcast packet reaches a switch that is directly connected to its destination subnet, that packet is
"exploded" as a broadcast on the destination subnet. The destination address in the IP header of the packet is rewritten to the configured IP broadcast address for the subnet, and the packet is sent as a link-layer broadcast.
If directed broadcast is enabled for an interface, incoming IP packets whose addresses identify them as directed broadcasts intended for the subnet to which that interface is attached will be exploded as broadcasts on that subnet.
To enable IP directed broadcasts, use the following command in interface configuration mode:
Command ip directed-broadcast [acl-name]
Purpose
Enables the translation of a directed broadcast to physical broadcasts. An Access Control List (ACL) name may be specified. The name is a case-sensitive alphanumeric string up to 63 characters long.
2-16
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 2 Configuring IPv4
Configuring IPv4
Configuring IP Glean Throttling
Cisco NX-OS software supports glean throttling rate limiters to protect the supervisor from the glean traffic.
You can enable IP glean throttling.
Note We recommend that you configure the IP glean throttle feature by using the hardware ip glean throttle command to filter the unnecessary glean packets that are sent to the supervisor for ARP resolution for the next hops that are not reachable or do not exist. IP glean throttling boosts software performance and helps to manage traffic more efficiently.
SUMMARY STEPS
3.
4.
1.
2.
configure terminal hardware ip glean throttle no hardware ip glean throttle
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 hardware ip glean throttle
Example: switch(config)# hardware ip glean throttle
Step 3 no hardware ip glean throttle
Example: switch(config)# no hardware ip glean throttle
Step 4 copy running-config startup-config
Example: switch(config)# copy running-config startup-config
Purpose
Enters configuration mode.
Enables ARP throttling.
Disables ARP throttling.
(Optional) Saves this configuration change.
This example shows how to enable IP glean throttling: switch# configure terminal switch(config)# hardware ip glean throttle switch(config-if)# copy running-config startup-config
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
2-17
Chapter 2 Configuring IPv4
Configuring IPv4
Configuring the Hardware IP Glean Throttle Maximum
You can limit the maximum number of drop adjacencies that are installed in the Forwarding Information
Base (FIB).
SUMMARY STEPS
1.
2.
3.
4.
configure terminal hardware ip glean throttle maximum count no hardware ip glean throttle maximum count
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Purpose
Enters configuration mode.
Example: switch# configure terminal switch(config)#
Step 2 hardware ip glean throttle maximum count Configures the number of drop adjacencies that are installed in the FIB.
Example: switch(config)# hardware ip glean throttle maximum 2134
Step 3 no hardware ip glean throttle maximum count
Applies the default limits.
The default value is 1000. The range is from 0 to 4095 entries.
Example: switch(config)# no hardware ip glean throttle maximum 2134
Step 4 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config)# copy running-config startup-config
This example shows how to limit the maximum number of drop adjacencies that are installed in the FIB: switch# configure terminal switch(config)# hardware ip glean throttle maximum 2134 switch(config-if)# copy running-config startup-config
Configuring a Hardware IP Glean Throttle Timeout
You can configure a timeout for the installed drop adjacencies to remain in the FIB.
SUMMARY STEPS
1.
2.
configure terminal hardware ip glean throttle maximum timeout timeout-in-sec
2-18
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 2 Configuring IPv4
Verifying the IPv4 Configuration
3.
4.
no hardware ip glean throttle maximum timeout timeout-in-sec
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 hardware ip glean throttle maximum timeout timeout-in-sec
Example: switch(config)# hardware ip glean throttle maximum timeout 300
Step 3 no hardware ip glean throttle maximum timeout timeout-in-sec
Example: switch(config)# no hardware ip glean throttle maximum timeout 300
Step 4 copy running-config startup-config
Example: switch(config)# copy running-config startup-config
Purpose
Enters configuration mode.
Configures the timeout for the installed drop adjacencies to remain in the FIB.
Applies the default limits.
The timeout value is in seconds. The range is from 300 seconds (5 minutes) to 1800 seconds (30 minutes).
Note After the timeout period is exceeded, the drop adjacencies are removed from the FIB.
(Optional) Saves this configuration change.
This example shows how to configure a timeout for the drop adjacencies that are installed.
switch# configure terminal switch(config)# hardware ip glean throttle maximum timeout 300 switch(config-if)# copy running-config startup-config
Verifying the IPv4 Configuration
To display the IPv4 configuration, perform one of the following tasks:
Command show hardware forwarding ip verify show ip adjacency show ip arp show ip interface show ip arp statistics [ vrf vrf-name ]
Purpose
Displays the IP packet verification configuration.
Displays the adjacency table.
Displays the ARP table.
Displays IP-related interface information.
Displays the ARP statistics.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
2-19
Chapter 2 Configuring IPv4
Configuration Examples for IPv4
Configuration Examples for IPv4
This example shows how to configure an IPv4 address: configure terminal interface ethernet 1/2 no switchport ip address 192.2.1.1/16
Additional References
For additional information related to implementing IP, see the following sections:
•
•
Related Documents
Related Topic
IP CLI commands
Document Title
Cisco Nexus 6000 Series Command Reference, Cisco NX-OS
Releases 7.x
Standards
Standards Title
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
—
2-20
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
C H A P T E R
3
Configuring IPv6
This chapter describes how to configure Internet Protocol version 6 (IPv6), which includes addressing,
Neighbor Discovery Protocol (ND), and Internet Control Message Protocol version 6 (ICMPv6), on the
Cisco NX-OS device.
This chapter includes the following sections:
•
•
•
•
•
Information About IPv6, page 3-1
Licensing Requirements for IPv6, page 3-17
Prerequisites for IPv6, page 3-18
Guidelines and Limitations for IPv6, page 3-18
•
•
•
•
Verifying the IPv6 Configuration, page 3-24
Configuration Examples for IPv6, page 3-24
Additional References, page 3-25
Information About IPv6
IPv6, which is designed to replace IPv4, increases the number of network address bits from 32 bits (in
IPv4) to 128 bits. IPv6 is based on IPv4 but it includes a much larger address space and other improvements such as a simplified main header and extension headers.
The larger IPv6 address space allows networks to scale and provide global reachability. The simplified
IPv6 packet header format handles packets more efficiently. The flexibility of the IPv6 address space reduces the need for private addresses and the use of Network Address Translation (NAT), which translates private (not globally unique) addresses into a limited number of public addresses. IPv6 enables new application protocols that do not require special processing by border routers at the edge of networks.
IPv6 functionality, such as prefix aggregation, simplified network renumbering, and IPv6 site multihoming capabilities, enable more efficient routing. IPv6 supports Open Shortest Path First (OSPF) for IPv6 and multiprotocol Border Gateway Protocol (BGP).
This section includes the following topics:
•
•
IPv6 Address Formats, page 3-2
IPv6 Unicast Addresses, page 3-3
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
3-1
Chapter 3 Configuring IPv6
Information About IPv6
•
•
•
•
•
•
•
•
•
•
•
•
IPv6 Anycast Addresses, page 3-6
IPv6 Multicast Addresses, page 3-7
Simplified IPv6 Packet Header, page 3-10
Path MTU Discovery for IPv6, page 3-12
CDP IPv6 Address Support, page 3-12
IPv6 Neighbor Discovery, page 3-13
IPv6 Neighbor Solicitation Message, page 3-14
IPv6 Router Advertisement Message, page 3-15
IPv6 Neighbor Redirect Message, page 3-16
Virtualization Support, page 3-17
IPv6 Address Formats
An IPv6 address has 128 bits or 16 bytes. The address is divided into eight, 16-bit hexadecimal blocks separated by colons (:) in the format: x:x:x:x:x:x:x:x. Two examples of IPv6 addresses are as follows:
2001:0DB8:7654:3210:FEDC:BA98:7654:3210
2001:0DB8:0:0:8:800:200C:417A
IPv6 addresses contain consecutive zeros within the address. You can use two colons (::) at the beginning, middle, or end of an IPv6 address to replace the consecutive zeros.
shows a list of compressed IPv6 address formats.
Note You can use two colons (::) only once in an IPv6 address to replace the longest string of consecutive zeros within the address.
You can use a double colon as part of the IPv6 address when consecutive 16-bit values are denoted as zero. You can configure multiple IPv6 addresses per interface but only one link-local address.
The hexadecimal letters in IPv6 addresses are not case sensitive.
Table 3-1 Compressed IPv6 Address Formats
IPv6 Address Type
Unicast
Multicast
Loopback
Unspecified
Preferred Format Compressed Format
2001:0:0:0:0DB8:800:200C:417A 2001::0DB8:800:200C:417A
FF01:0:0:0:0:0:0:101
0:0:0:0:0:0:0:0:1
0:0:0:0:0:0:0:0:0
FF01::101
::1
::
A node may use the loopback address listed in
Table 3-1 to send an IPv6 packet to itself. The loopback
address in IPv6 is the same as the loopback address in IPv4. For more information, see
3-2
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 3 Configuring IPv6
Information About IPv6
Note You cannot assign the IPv6 loopback address to a physical interface. A packet that contains the IPv6 loopback address as its source or destination address must remain within the node that created the packet. IPv6 routers do not forward packets that have the IPv6 loopback address as their source or destination address.
Note You cannot assign an IPv6 unspecified address to an interface. You should not use the unspecified IPv6 addresses as destination addresses in IPv6 packets or the IPv6 routing header.
The IPv6 prefix is in the form documented in RFC 2373 where the IPv6 address is specified in hexadecimal using 16-bit values between colons. The prefix length is a decimal value that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address). For example, 2001:0DB8:8086:6502::/32 is a valid IPv6 prefix.
IPv6 Unicast Addresses
An IPv6 unicast address is an identifier for a single interface on a single node. A packet that is sent to a unicast address is delivered to the interface identified by that address. This section includes the following topics:
•
•
Aggregatable Global Addresses, page 3-3
Link-Local Addresses, page 3-5
•
•
•
IPv4-Compatible IPv6 Addresses, page 3-5
Unique Local Addresses, page 3-6
Aggregatable Global Addresses
An aggregatable global address is an IPv6 address from the aggregatable global unicast prefix. The structure of aggregatable global unicast addresses enables strict aggregation of routing prefixes that limits the number of routing table entries in the global routing table. Aggregatable global addresses are used on links that are aggregated upward through organizations and eventually to the Internet service providers (ISPs).
Aggregatable global IPv6 addresses are defined by a global routing prefix, a subnet ID, and an interface
ID. Except for addresses that start with binary 000, all global unicast addresses have a 64-bit interface
ID. The IPv6 global unicast address allocation uses the range of addresses that start with binary value
shows the structure of an aggregatable global address.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
3-3
Chapter 3 Configuring IPv6
Information About IPv6
Figure 3-1
3
Aggregatable Global Address Format
Provider
45 bits
Site
16 bits
Global Routing Prefix SLA
Host
64 bits
Interface ID
001
Addresses with a prefix of 2000::/3 (001) through E000::/3 (111) are required to have 64-bit interface identifiers in the extended universal identifier (EUI)-64 format. The Internet Assigned Numbers
Authority (IANA) allocates the IPv6 address space in the range of 2000::/16 to regional registries.
The aggregatable global address consists of a 48-bit global routing prefix and a 16-bit subnet ID or
Site-Level Aggregator (SLA). In the IPv6 aggregatable global unicast address format document (RFC
2374), the global routing prefix included two other hierarchically structured fields called Top-Level
Aggregator (TLA) and Next-Level Aggregator (NLA). The IETF decided to remove the TLS and NLA fields from the RFCs because these fields are policy based. Some existing IPv6 networks deployed before the change might still use networks that are on the older architecture.
A subnet ID, which is a 16-bit subnet field, can be used by individual organizations to create a local addressing hierarchy and to identify subnets. A subnet ID is similar to a subnet in IPv4, except that an organization with an IPv6 subnet ID can support up to 65,535 individual subnets.
An interface ID identifies interfaces on a link. The interface ID is unique to the link. In many cases, an interface ID is the same as or based on the link-layer address of an interface. Interface IDs used in aggregatable global unicast and other IPv6 address types have 64 bits and are in the modified EUI-64 format.
Interface IDs are in the modified EUI-64 format in one of the following ways:
•
•
For all IEEE 802 interface types (for example, Ethernet, and Fiber Distributed Data interfaces), the first three octets (24 bits) are the Organizationally Unique Identifier (OUI) of the 48-bit link-layer address (MAC address) of the interface, the fourth and fifth octets (16 bits) are a fixed hexadecimal value of FFFE, and the last three octets (24 bits) are the last three octets of the MAC address. The
Universal/Local (U/L) bit, which is the seventh bit of the first octet, has a value of 0 or 1. Zero indicates a locally administered identifier; 1 indicates a globally unique IPv6 interface identifier.
For all other interface types (for example, serial, loopback, ATM, Frame Relay types—the interface
ID is similar to the interface ID for IEEE 802 interface types; however, the first MAC address from the pool of MAC addresses in the router is used as the identifier because the interface does not have a MAC address.
Note For interfaces that use the Point-to-Point Protocol (PPP), where the interfaces at both ends of the connection might have the same MAC address, the interface identifiers at both ends of the connection are negotiated (picked randomly and, if necessary, reconstructed) until both identifiers are unique. The first MAC address in the router is used as the identifier for interfaces using PPP.
If no IEEE 802 interface types are in the router, link-local IPv6 addresses are generated on the interfaces in the router in the following sequence:
1.
The router is queried for MAC addresses (from the pool of MAC addresses in the router).
3-4
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 3 Configuring IPv6
Information About IPv6
2.
3.
If no MAC addresses are available in the router, the serial number of the router is used to form the link-local addresses.
If the serial number of the router cannot be used to form the link-local addresses, the router uses a
Message Digest 5 (MD5) hash to determine the MAC address of the router from the hostname of the router.
Link-Local Addresses
A link-local address is an IPv6 unicast address that can be automatically configured on any interface using the link-local prefix FE80::/10 (1111 1110 10) and the interface identifier in the modified EUI-64 format. Link-local addresses are used in the Neighbor Discovery Protocol (NDP) and the stateless autoconfiguration process. Nodes on a local link can use link-local addresses to communicate; the nodes do not need globally unique addresses to communicate.
shows the structure of a link-local address.
IPv6 routers cannot forward packets that have link-local source or destination addresses to other links.
Figure 3-2 Link-Local Address Format
128 bits
0 Interface ID
1111 1110 10
FE80::/10
10 bits
IPv4-Compatible IPv6 Addresses
An IPv4-compatible IPv6 address is an IPv6 unicast address that has zeros in the high-order 96 bits of the address and an IPv4 address in the low-order 32 bits of the address. The format of an
IPv4-compatible IPv6 address is 0:0:0:0:0:0:A.B.C.D or ::A.B.C.D. The entire 128-bit IPv4-compatible
IPv6 address is used as the IPv6 address of a node and the IPv4 address embedded in the low-order 32 bits is used as the IPv4 address of the node. IPv4-compatible IPv6 addresses are assigned to nodes that support both the IPv4 and IPv6 protocol stacks and are used in automatic tunnels.
structure of an IPv4-compatible IPv6 address and a few acceptable formats for the address.
Figure 3-3 IPv4-Compatible IPv6 Address Format
96 bits 32 bits
0 IPv4 address
::192.168.30.1
= ::C0A8:1E01
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
3-5
Chapter 3 Configuring IPv6
Information About IPv6
Unique Local Addresses
A unique local address is an IPv6 unicast address that is globally unique and is intended for local communications. It is not expected to be routable on the global Internet and is routable inside of a limited area, such as a site, and it may be routed between a limited set of sites. Applications may treat unique local addresses like global scoped addresses.
A unique local address has the following characteristics:
•
•
•
•
It has a globally unique prefix (it has a high probability of uniqueness).
It has a well-known prefix to allow for easy filtering at site boundaries.
It allows sites to be combined or privately interconnected without creating any address conflicts or requiring renumbering of interfaces that use these prefixes.
It is ISP-independent and can be used for communications inside of a site without having any permanent or intermittent Internet connectivity.
• If it is accidentally leaked outside of a site through routing or the Domain Name Server (DNS), there is no conflict with any other addresses.
shows the structure of a unique local address.
Figure 3-4 Unique Local Address Structure
/7 /48 /64
FC00 Global ID 41 bits Interface ID
Local IPv6
Subnet prefix
Link prefix
•
•
•
•
Prefix — FC00::/7 prefix to identify local IPv6 unicast addresses.
Global ID — 41-bit global identifier used to create a globally unique prefix.
Subnet ID — 16-bit subnet ID is an identifier of a subnet within the site.
Interface ID — 64-bit ID
Site-Local Address
Because RFC 3879 deprecates the use of site-local addresses, you should follow the recommendations of unique local addressing (ULA) in RFC 4193 when you configure private IPv6 addresses.
IPv6 Anycast Addresses
An anycast address is an address that is assigned to a set of interfaces that belong to different nodes. A packet sent to an anycast address is delivered to the closest interface—as defined by the routing protocols in use—identified by the anycast address. Anycast addresses are syntactically indistinguishable from unicast addresses because anycast addresses are allocated from the unicast
3-6
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 3 Configuring IPv6
Information About IPv6 address space. Assigning a unicast address to more than one interface turns a unicast address into an anycast address. You must configure the nodes to which the anycast address can recognize that the address is an anycast address.
Note Anycast addresses can be used only by a router, not a host. Anycast addresses cannot be used as the source address of an IPv6 packet.
by a series of zeros (the interface ID). The subnet router anycast address can be used to reach a router on the link that is identified by the prefix in the subnet router anycast address.
Figure 3-5 IPv4 Packet Header Format
Version Hd Len Type of Service
Identification
Time to Live Protocol
Flags
Source Address
Destination Address
Options
Total Length
Fragment Offset
Header Checksum
Padding
Data Portion
32 bits
20 octets
Variable length
IPv6 Multicast Addresses
An IPv6 multicast address is an IPv6 address that has a prefix of FF00::/8 (1111 1111). An IPv6 multicast address is an identifier for a set of interfaces that belong to different nodes. A packet sent to a multicast address is delivered to all interfaces identified by the multicast address. The second octet following the prefix defines the lifetime and scope of the multicast address. A permanent multicast address has a lifetime parameter equal to 0; a temporary multicast address has a lifetime parameter equal to 1. A multicast address that has the scope of a node, link, site, organization, or a global scope, has a scope parameter of 1, 2, 5, 8, or E, respectively. For example, a multicast address with the prefix FF02::/16 is a permanent multicast address with a link scope.
Figure 3-6 shows the format of the IPv6 multicast
address.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
3-7
Chapter 3 Configuring IPv6
Information About IPv6
Figure 3-6 IPv6 Packet Header Format
Version Traffic Class
Payload Length
Flow Label
Next Header Hop Limit
Source Address
40 octets
Destination Address
Next Header Extension Header information
Variable length
Data Portion
32 bits
IPv6 nodes (hosts and routers) are required to join (where received packets are destined for) the following multicast groups:
• All-nodes multicast group FF02:0:0:0:0:0:0:1 (the scope is link-local)
• Solicited-node multicast group FF02:0:0:0:0:1:FF00:0000/104 for each of its assigned unicast and anycast addresses
IPv6 routers must also join the all-routers multicast group FF02:0:0:0:0:0:0:2 (the scope is link-local).
The solicited-node multicast address is a multicast group that corresponds to an IPv6 unicast or anycast address. IPv6 nodes must join the associated solicited-node multicast group for every unicast and anycast address to which it is assigned. The IPv6 solicited-node multicast address has the prefix
FF02:0:0:0:0:1:FF00:0000/104 concatenated with the 24 low-order bits of a corresponding IPv6 unicast or anycast address (see
Figure 3-7 ). For example, the solicited-node multicast address that corresponds
to the IPv6 address 2037::01:800:200E:8C6C is FF02::1:FF0E:8C6C. Solicited-node addresses are used in neighbor solicitation messages.
3-8
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 3 Configuring IPv6
Figure 3-7 IPv6 Extension Header Format
Information About IPv6
IPv6 base header
(40 octets)
Any number of extension headers
Data (for example,
TCP or UDP)
IPv6 packet
Next Header Ext Header Length
Extension Header Data
Note IPv6 has no broadcast addresses. IPv6 multicast addresses are used instead of broadcast addresses.
IPv4 Packet Header
The base IPv4 packet header has 12 fields with a total size of 20 octets (160 bits) (see
12 fields may be followed by an Options field, which is followed by a data portion that is usually the transport-layer packet. The variable length of the Options field adds to the total size of the IPv4 packet header. The shaded fields of the IPv4 packet header are not included in the IPv6 packet header.
Figure 3-8 IPv4 Packet Header Format
Version Hd Len Type of Service
Identification
Time to Live Protocol
Flags
Source Address
Destination Address
Options
Total Length
Fragment Offset
Header Checksum
Padding
Data Portion
32 bits
20 octets
Variable length
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
3-9
Chapter 3 Configuring IPv6
Information About IPv6
Simplified IPv6 Packet Header
The base IPv6 packet header has 8 fields with a total size of 40 octets (320 bits) (see Figure 3-6
).
Fragmentation is handled by the source of a packet and checksums at the data link layer and transport layer are used. The User Datagram Protocol (UDP) checksum checks the integrity of the inner packet and the base IPv6 packet header and Options field are aligned to 64 bits, which can facilitate the processing of IPv6 packets.
Table 3-2 lists the fields in the base IPv6 packet header.
Table 3-2
Field
Version
Traffic Class
Flow Label
Payload Length
Next Header
Hop Limit
Source Address
Base IPv6 Packet Header Fields
Destination Address
Description
Similar to the Version field in the IPv4 packet header, except that the field lists number 6 for IPv6 instead of number 4 for IPv4.
Similar to the Type of Service field in the IPv4 packet header. The
Traffic Class field tags packets with a traffic class that is used in differentiated services.
New field in the IPv6 packet header. The Flow Label field tags packets with a specific flow that differentiates the packets at the network layer.
Similar to the Total Length field in the IPv4 packet header. The
Payload Length field indicates the total length of the data portion of the packet.
Similar to the Protocol field in the IPv4 packet header. The value of the Next Header field determines the type of information that follows the base IPv6 header. The type of information that follows the base
IPv6 header can be a transport-layer packet, for example, a TCP or
UDP packet, or an Extension Header, as shown in
Similar to the Time to Live field in the IPv4 packet header. The value of the Hop Limit field specifies the maximum number of routers that an IPv6 packet can pass through before the packet is considered invalid. Each router decrements the value by one. Because no checksum is in the IPv6 header, the router can decrement the value without needing to recalculate the checksum, which saves processing resources.
Similar to the Source Address field in the IPv4 packet header, except that the field contains a 128-bit source address for IPv6 instead of a
32-bit source address for IPv4.
Similar to the Destination Address field in the IPv4 packet header, except that the field contains a 128-bit destination address for IPv6 instead of a 32-bit destination address for IPv4.
3-10
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 3 Configuring IPv6
Information About IPv6
Figure 3-9 IPv6 Packet Header Format
Version Traffic Class
Payload Length
Flow Label
Next Header Hop Limit
Source Address
40 octets
Destination Address
Next Header Extension Header information
Variable length
Data Portion
32 bits
Optional extension headers and the data portion of the packet are after the eight fields of the base IPv6 packet header. If present, each extension header is aligned to 64 bits. There is no fixed number of extension headers in an IPv6 packet. Each extension header is identified by the Next Header field of the previous header. Typically, the final extension header has a Next Header field of a transport-layer protocol, such as TCP or UDP.
Figure 3-7 shows the IPv6 extension header format.
Figure 3-10 IPv6 Extension Header Format
IPv6 base header
(40 octets)
Any number of extension headers
Data (for example,
TCP or UDP)
IPv6 packet
OL-30923-01
Next Header Ext Header Length
Extension Header Data
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
3-11
Chapter 3 Configuring IPv6
Information About IPv6
Table 3-3 lists the extension header types and their Next Header field values.
Table 3-3 IPv6 Extension Header Types
Header Type
Hop-by-hop options header
Destination options header
Routing header
Fragment header
Upper-layer headers
Next Header
Value
0
60
43
44
6 (TCP)
17 (UDP)
Description
Header that is processed by all hops in the path of a packet. When present, the hop-by-hop options header always follows immediately after the base IPv6 packet header.
Header that can follow any hop-by-hop options header. The header is processed at the final destination and at each visited address specified by a routing header. Alternatively, the destination options header can follow any Encapsulating Security Payload (ESP) header. The destination options header is processed only at the final destination.
Header that is used for source routing .
Header that is used when a source fragments a packet that is larger than the maximum transmission unit
(MTU) for the path between itself and a destination.
The Fragment header is used in each fragmented packet.
Headers that are used inside a packet to transport the data. The two main transport protocols are TCP and
UDP.
Path MTU Discovery for IPv6
As in IPv4, you can use path MTU discovery in IPv6 to allow a host to dynamically discover and adjust to differences in the MTU size of every link along a data path. In IPv6, however, fragmentation is handled by the source of a packet when the path MTU of one link along a given data path is not large enough to accommodate the size of the packets. Having IPv6 hosts handle packet fragmentation saves
IPv6 router processing resources and helps IPv6 networks run more efficiently. Once the path MTU is reduced by the arrival of an ICMP Too Big message, Cisco NX-OS retains the lower value. The connection does not increase the segment size to gauge the throughput.
Note In IPv6, the minimum link MTU is 1280 octets. We recommend that you use an MTU value of 1500 octets for IPv6 links.
CDP IPv6 Address Support
You can use the Cisco Discovery Protocol (CDP) IPv6 address support for the neighbor information feature to transfer IPv6 addressing information between two Cisco devices. Cisco Discovery Protocol support for IPv6 addresses provides IPv6 information to network management products and troubleshooting tools.
3-12
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 3 Configuring IPv6
Information About IPv6
ICMP for IPv6
You can use ICMP in IPv6 to provide information about the health of the network. ICMPv6, the version that works with IPv6, reports errors if packets cannot be processed correctly and sends informational messages about the status of the network. For example, if a router cannot forward a packet because it is too large to be sent out on another network, the router sends out an ICMPv6 message to the originating host. Additionally, ICMP packets in IPv6 are used in IPv6 neighbor discovery and path MTU discovery.
The path MTU discovery process ensures that a packet is sent using the largest possible size that is supported on a specific route.
A value of 58 in the Next Header field of the base IPv6 packet header identifies an IPv6 ICMP packet.
The ICMP packet follows all the extension headers and is the last piece of information in the IPv6 packet.Within the IPv6 ICMP packets, the ICMPv6 Type and ICMPv6 Code fields identify IPv6 ICMP packet specifics, such as the ICMP message type. The value in the Checksum field is computed by the sender and checked by the receiver from the fields in the IPv6 ICMP packet and the IPv6 pseudo header.
Note The IPv6 header does not have a checksum. But a checksum on the transport layer can determine if packets have not been delivered correctly. All checksum calculations that include the IP address in the calculation must be modified for IPv6 to accommodate the new 128-bit address. A checksum is generated using a pseudo header.
The ICMPv6 Payload field contains error or diagnostic information that relates to IP packet processing.
Figure 3-11 shows the IPv6 ICMP packet header format.
Figure 3-11 IPv6 ICMP Packet Header Format
Next header = 58
ICMPv6 packet
IPv6 base header
ICMPv6 packet
ICMPv6 Type ICMPv6 Code
ICMPv6 Payload
Checksum
IPv6 Neighbor Discovery
You can use the IPv6 Neighbor Discovery Protocol (NDP) to determine whether a neighboring router is reachable. IPv6 nodes use neighbor discovery to determine the addresses of nodes on the same network
(local link), to find neighboring routers that can forward their packets, to verify whether neighboring routers are reachable or not, and to detect changes to link-layer addresses. NDP uses ICMP messages to detect whether packets are sent to neighboring routers that are unreachable.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
3-13
Chapter 3 Configuring IPv6
Information About IPv6
IPv6 Neighbor Solicitation Message
A node sends a neighbor solicitation message, which has a value of 135 in the Type field of the ICMP packet header, on the local link when it wants to determine the link-layer address of another node on the same local link (see
Figure 3-12 ). The source address is the IPv6 address of the node that sends the
neighbor solicitation message. The destination address is the solicited-node multicast address that corresponds to the IPv6 address of the destination node. The neighbor solicitation message also includes the link-layer address of the source node.
Figure 3-12 IPv6 Neighbor Discovery—Neighbor Solicitation Message
ICMPv6 Type = 135
Src = A
Dst = solicited-node multicast of B
Data = link-layer address of A
Query = what is your link address?
ICMPv6 Type = 136
Src = B
Dst = A
Data = link-layer address of B
A and B can now exchange packets on this link
After receiving the neighbor solicitation message, the destination node replies by sending a neighbor advertisement message, which has a value of 136 in the Type field of the ICMP packet header, on the local link. The source address is the IPv6 address of the node (the IPv6 address of the node interface that sends the neighbor advertisement message). The destination address is the IPv6 address of the node that sends the neighbor solicitation message. The data portion includes the link-layer address of the node that sends the neighbor advertisement message.
After the source node receives the neighbor advertisement, the source node and destination node can communicate.
Neighbor solicitation messages can verify the reachability of a neighbor after a node identifies the link-layer address of a neighbor. When a node wants to verify the reachability of a neighbor, it uses the destination address in a neighbor solicitation message as the unicast address of the neighbor.
Neighbor advertisement messages are also sent when there is a change in the link-layer address of a node on a local link. When there is a change, the destination address for the neighbor advertisement is the all-nodes multicast address.
Neighbor unreachability detection identifies the failure of a neighbor or the failure of the forward path to the neighbor and is used for all paths between hosts and neighboring nodes (hosts or routers).
Neighbor unreachability detection is performed for neighbors to which only unicast packets are being sent and is not performed for neighbors to which multicast packets are being sent.
A neighbor is considered reachable when a positive acknowledgment is returned from the neighbor
(indicating that packets previously sent to the neighbor have been received and processed). A positive acknowledgment—from an upper-layer protocol (such as TCP)—indicates that a connection is making
3-14
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 3 Configuring IPv6
Information About IPv6 forward progress (reaching its destination). If packets are reaching the peer, they are also reaching the next-hop neighbor of the source. Forward progress is also a confirmation that the next-hop neighbor is reachable.
For destinations that are not on the local link, forward progress implies that the first-hop router is reachable. When acknowledgments from an upper-layer protocol are not available, a node probes the neighbor using unicast neighbor solicitation messages to verify that the forward path is still working.
The return of a solicited neighbor advertisement message from the neighbor is a positive acknowledgment that the forward path is still working (neighbor advertisement messages that have the solicited flag set to a value of 1 are sent only in response to a neighbor solicitation message). Unsolicited messages confirm only the one-way path from the source to the destination node; solicited neighbor advertisement messages indicate that a path is working in both directions.
Note A neighbor advertisement message that has the solicited flag set to a value of 0 is not considered as a positive acknowledgment that the forward path is still working.
Neighbor solicitation messages are also used in the stateless autoconfiguration process to verify the uniqueness of unicast IPv6 addresses before the addresses are assigned to an interface. Duplicate address detection is performed first on a new, link-local IPv6 address before the address is assigned to an interface (the new address remains in a tentative state while duplicate address detection is performed).
A node sends a neighbor solicitation message with an unspecified source address and a tentative link-local address in the body of the message. If another node is already using that address, the node returns a neighbor advertisement message that contains the tentative link-local address. If another node is simultaneously verifying the uniqueness of the same address, that node also returns a neighbor solicitation message. If no neighbor advertisement messages are received in response to the neighbor solicitation message and no neighbor solicitation messages are received from other nodes that are attempting to verify the same tentative address, the node that sent the original neighbor solicitation message considers the tentative link-local address to be unique and assigns the address to the interface.
IPv6 Router Advertisement Message
Router advertisement (RA) messages, which have a value of 134 in the Type field of the ICMP packet header, are periodically sent out to each configured interface of an IPv6 router. For stateless autoconfiguration to work properly, the advertised prefix length in RA messages must always be 64 bits.
The RA messages are sent to the all-nodes multicast address (see
Figure 3-13 IPv6 Neighbor Discovery—RA Message
Router advertisement
Router advertisement
Router advertisement packet definitions:
ICMPv6 Type = 134
Src = router link-local address
Dst = all-nodes multicast address
Data = options, prefix, lifetime, autoconfig flag
RA messages typically include the following information:
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
3-15
Chapter 3 Configuring IPv6
Information About IPv6
•
•
One or more onlink IPv6 prefixes that nodes on the local link can use to automatically configure their IPv6 addresses
Life-time information for each prefix included in the advertisement
Sets of flags that indicate the type of autoconfiguration (stateless or stateful) that can be completed •
•
•
Default router information (whether the router sending the advertisement should be used as a default router and, if so, the amount of time in seconds that the router should be used as a default router)
Additional information for hosts, such as the hop limit and MTU that a host should use in packets that it originates
RAs are also sent in response to router solicitation messages. Router solicitation messages, which have a value of 133 in the Type field of the ICMP packet header, are sent by hosts at system startup so that the host can immediately autoconfigure without needing to wait for the next scheduled RA message. The source address is usually the unspecified IPv6 address (0:0:0:0:0:0:0:0). If the host has a configured unicast address, the unicast address of the interface that sends the router solicitation message is used as the source address in the message. The destination address is the all-routers multicast address with a scope of the link. When an RA is sent in response to a router solicitation, the destination address in the
RA message is the unicast address of the source of the router solicitation message.
You can configure the following RA message parameters:
•
•
•
The time interval between periodic RA messages
The router life-time value, which indicates the usefulness of a router as the default router (for use by all nodes on a given link)
The network prefixes in use on a given link
The time interval between neighbor solicitation message retransmissions (on a given link) •
• The amount of time that a node considers a neighbor reachable (for use by all nodes on a given link)
The configured parameters are specific to an interface. The sending of RA messages (with default values) is automatically enabled on Ethernet interfaces. For other interface types, you must enter the no ipv6 nd suppress-ra command to send RA messages. You can disable the RA message feature on individual interfaces by entering the ipv6 nd suppress-ra command.
IPv6 Neighbor Redirect Message
Routers send neighbor redirect messages to inform hosts of better first-hop nodes on the path to a destination (see
). A value of 137 in the Type field of the ICMP packet header identifies an
IPv6 neighbor redirect message.
3-16
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 3 Configuring IPv6
Figure 3-14
Device B
IPv6 Neighbor Discovery—Neighbor Redirect Message
Host H
Licensing Requirements for IPv6
Device A
IPv6 packet
Neighbor redirect packet definitions:
ICMPv6 Type = 137
Src = link-local address of Device A
Dst = link-local address of Host H
Data = target address (link-local
address of Device B), options
(header of redirected packet)
Note: If the target is a host, the target address is equal to the destination address of the redirect packet and the options include the link-layer address of the target host (if known).
Subsequent IPv6 packets
Note A router must be able to determine the link-local address for each of its neighboring routers in order to ensure that the target address (the final destination) in a redirect message identifies the neighbor router by its link-local address. For static routing, you should specify the address of the next-hop router using the link-local address of the router. For dynamic routing, you must configure all IPv6 routing protocols to exchange the link-local addresses of neighboring routers.
After forwarding a packet, a router sends a redirect message to the source of the packet under the following circumstances:
•
•
•
The destination address of the packet is not a multicast address.
The packet was not addressed to the router.
The packet is about to be sent out the interface on which it was received.
•
•
The router determines that a better first-hop node for the packet resides on the same link as the source of the packet.
The source address of the packet is a global IPv6 address of a neighbor on the same link or a link-local address.
Virtualization Support
IPv6 supports virtual routing and forwarding (VRF) instances.
Licensing Requirements for IPv6
The following table shows the licensing requirements for this feature:
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
3-17
Chapter 3 Configuring IPv6
Prerequisites for IPv6
Product License Requirement
Cisco NX-OS IPv6 requires no license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide .
Prerequisites for IPv6
IPv6 has the following prerequisites:
•
•
You must be familiar with IPv6 basics such as IPv6 addressing, IPv6 header information, ICMPv6, and the IPv6 Neighbor Discovery (ND) Protocol.
Ensure that you follow the memory/processing guidelines when you make a device a dual-stack device (IPv4/IPv6).
Guidelines and Limitations for IPv6
IPv6 has the following configuration guidelines and limitations:
•
•
IPv6 packets are transparent to Layer 2 LAN switches because the switches do not examine Layer
3 packet information before forwarding IPv6 frames. IPv6 hosts can be directly attached to Layer 2
LAN switches.
You can configure multiple IPv6 global addresses within the same prefix on an interface. However, multiple IPv6 link-local addresses on an interface are not supported.
• Because RFC 3879 deprecates the use of site-local addresses, you should configure private IPv6 addresses according to the recommendations of unique local addressing (ULA) in RFC 4193.
Default Settings
Table 3-4 lists the default settings for IPv6 parameters.
Table 3-4 Default IPv6 Parameters
Parameters
ND reachable time neighbor solicitation retransmit interval
Default
0 milliseconds
1000 milliseconds
Configuring IPv6
This section includes the following topics:
•
•
•
Configuring IPv6 Addressing, page 3-19
Configuring IPv6 Neighbor Discovery, page 3-21
Optional IPv6 Neighbor Discovery, page 3-23
3-18
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 3 Configuring IPv6
Configuring IPv6
Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Configuring IPv6 Addressing
You must configure an IPv6 address on an interface so that the interface can forward IPv6 traffic. When you configure a global IPv6 address on an interface, it automatically configures a link-local address and activates IPv6 for that interface
SUMMARY STEPS
3.
or
1.
2.
configure terminal interface ethernet number ipv6 address { addr [ eui64 ] [ route-preference preference ] [ secondary ] tag tag-id ] ]
4.
5.
ipv6 address ipv6-address use-link-local-only
(Optional) show ipv6 interface
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 interface ethernet number
Example: switch(config)# interface ethernet 2/3 switch(config-if)#
Purpose
Enters configuration mode.
Enters interface configuration mode.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
3-19
Chapter 3 Configuring IPv6
Configuring IPv6
Command
Step 3 ipv6 address { addr [ eui64 ]
[ route-preference preference ]
[ secondary ] tag tag-id ] or ipv6 address ipv6-address use-link-local-only
Example: switch(config-if)# ipv6 address
2001:0DB8::1/10 or switch(config-if)# ipv6 address use-link-local-only
Step 4 show ipv6 interface
Example: switch(config-if)# show ipv6 interface
Step 5 copy running-config startup-config
Example: switch(config-if)# copy running-config startup-config
Purpose
Specifies an IPv6 address assigned to the interface and enables IPv6 processing on the interface.
Entering the ipv6 address command configures global
IPv6 addresses with an interface identifier (ID) in the low-order 64 bits of the IPv6 address. Only the 64-bit network prefix for the address needs to be specified; the last 64 bits are automatically computed from the interface ID.
Entering the ipv6 address use-link-local-only command configures a link-local address on the interface that is used instead of the link-local address that is automatically configured when IPv6 is enabled on the interface.
This command enables IPv6 processing on an interface without configuring an IPv6 address.
(Optional) Displays interfaces configured for IPv6.
(Optional) Saves this configuration change.
This example shows how to configure an IPv6 address: switch# configure terminal switch(config)# interface ethernet 3/1 switch(config-if)# ipv6 address ?
A:B::C:D/LEN IPv6 prefix format: xxxx:xxxx/ml, xxxx:xxxx::/ml, xxxx::xx/128 use-link-local-only Enable IPv6 on interface using only a single link-local address switch(config-if)# ipv6 address 2001:db8::/64 eui64
This example shows how to display an IPv6 interface: switch(config-if)# show ipv6 interface ethernet 3/1
Ethernet3/1, Interface status: protocol-down/link-down/admin-down, iod: 36
IPv6 address: 0dc3:0dc3:0000:0000:0218:baff:fed8:239d
IPv6 subnet: 0dc3:0dc3:0000:0000:0000:0000:0000:0000/64
IPv6 link-local address: fe80::0218:baff:fed8:239d (default)
IPv6 multicast routing: disabled
IPv6 multicast groups locally joined: ff02::0001:ffd8:239d ff02::0002 ff02::0001 ff02::0001:ffd8:239d
IPv6 multicast (S,G) entries joined: none
IPv6 MTU: 1500 (using link MTU)
IPv6 RP inbound packet-filtering policy: none
IPv6 RP outbound packet-filtering policy: none
IPv6 inbound packet-filtering policy: none
IPv6 outbound packet-filtering policy: none
IPv6 interface statistics last reset: never
IPv6 interface RP-traffic statistics: (forwarded/originated/consumed)
Unicast packets: 0/0/0
Unicast bytes: 0/0/0
3-20
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 3 Configuring IPv6
Configuring IPv6
Multicast packets: 0/0/0
Multicast bytes: 0/0/0
Configuring IPv6 Neighbor Discovery
You can configure IPv6 neighbor discovery on the router. NDP enables IPv6 nodes and routers to determine the link-layer address of a neighbor on the same link, find neighboring routers, and keep track of neighbors.
SUMMARY STEPS
4.
5.
1.
2.
3.
configure terminal interface ethernet number ipv6 nd [hop-limit hop-limit | managed-config-flag | mtu mtu | ns-interval interval | other-config-flag | prefix | ra-interval interval | ra-lifetime lifetime | reachable-time time | redirects | retrans-timer time | suppress-ra]
(Optional) show ipv6 nd interface
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 interface ethernet number
Example: switch(config)# interface ethernet 2/31 switch(config-if)#
Purpose
Enters configuration mode.
Enters interface configuration mode.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
3-21
Chapter 3 Configuring IPv6
Configuring IPv6
Command
Step 3 ipv6 nd [hop-limit hop-limit | managed-config-flag | mtu mtu | ns-interval interval | other-config-flag
| prefix | ra-interval interval | ra-lifetime lifetime | reachable-time time | redirects | retrans-timer time | suppress-ra]
Example: switch(config-if)# ipv6 nd prefix
Purpose
Neighbor discovery is enabled automatically when you configure an IPv6 address. This command enables the following additional IPv6 neighbor discovery options on the interface:
• hop-limit hop-limit
IPv6 neighbor discovery packets. The range is from 0 to 255.
—Advertises the hop limit in
• managed-config-flag —Advertises in ICMPv6 router-advertisement messages to use stateful address autoconfiguration to obtain address information.
• mtu mtu —Advertises the maximum transmission unit (MTU) in ICMPv6 router-advertisement messages on this link. The range is from 1280 to
65535 bytes.
•
•
•
• ns-interval interval —Configures the retransmission interval between IPv6 neighbor solicitation messages. The range is from 1000 to
3600000 milliseconds.
other-config-flag —Indicates in ICMPv6 router-advertisement messages that hosts use stateful auto configuration to obtain nonaddress related information.
prefix —Advertises the IPv6 prefix in the router-advertisement messages.
ra-interval interval —Configures the interval between sending ICMPv6 router-advertisement messages. The range is from 4 to 1800 seconds.
•
•
•
•
• ra-lifetime lifetime —Advertises the lifetime of a default router in ICMPv6 router-advertisement messages. The range is from 0 to 9000 seconds.
reachable-time time —Advertises the time when a node considers a neighbor up after receiving a reachability confirmation in ICMPv6 router-advertisement messages. The range is from
0 to 9000 seconds.
redirects —Enables sending ICMPv6 redirect messages.
retrans-timer time —Advertises the time between neighbor-solicitation messages in ICMPv6 router-advertisement messages. The range is from
0 to 9000 seconds.
suppress-ra —Disables sending ICMPv6 router-advertisement messages.
3-22
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 3 Configuring IPv6
Configuring IPv6
Command
Step 4 show ipv6 nd interface
Example: switch(config-if)# show ipv6 nd interface
Step 5 copy running-config startup-config
Example: switch(config-if)# copy running-config startup-config
Purpose
(Optional) Displays interfaces configured for IPv6 neighbor discovery.
(Optional) Saves this configuration change.
This example shows how to configure IPv6 neighbor discovery reachable time: switch# configure terminal switch(config)# interface ethernet 3/1 switch(config-if)# ipv6 nd reachable-time 10
This example shows how to display an IPv6 neighbor discovery interface: switch(config-if)# show ipv6 nd interface ethernet 3/1
ICMPv6 ND Interfaces for VRF "default"
Ethernet3/1, Interface status: protocol-down/link-down/admin-down
IPv6 address: 0dc3:0dc3:0000:0000:0218:baff:fed8:239d
ICMPv6 active timers:
Last Neighbor-Solicitation sent: never
Last Neighbor-Advertisement sent: never
Last Router-Advertisement sent:never
Next Router-Advertisement sent in: 0.000000
Router-Advertisement parameters:
Periodic interval: 200 to 600 seconds
Send "Managed Address Configuration" flag: false
Send "Other Stateful Configuration" flag: false
Send "Current Hop Limit" field: 64
Send "MTU" option value: 1500
Send "Router Lifetime" field: 1800 secs
Send "Reachable Time" field: 10 ms
Send "Retrans Timer" field: 0 ms
Neighbor-Solicitation parameters:
NS retransmit interval: 1000 ms
ICMPv6 error message parameters:
Send redirects: false
Send unreachables: false
Optional IPv6 Neighbor Discovery
You can use the following optional IPv6 Neighbor Discovery commands:
Command ipv6 nd hop-limit ipv6 nd managed-config-flag
Purpose
Configures the maximum number of hops used in router advertisements and all IPv6 packets that are originated by the router.
Sets the managed address configuration flag in IPv6 router advertisements.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
3-23
Verifying the IPv6 Configuration
Command ipv6 nd mtu ipv6 nd ns-interval ipv6 nd other-config-flag ipv6 nd ra-interval ipv6 nd ra-lifetime ipv6 nd reachable-time ipv6 nd redirects ipv6 nd retrans-timer ipv6 nd suppress-ra
Chapter 3 Configuring IPv6
Purpose
Sets the maximum transmission unit (MTU) size of IPv6 packets sent on an interface.
Configures the interval between IPv6 neighbor solicitation retransmissions on an interface.
Configures the other stateful configuration flag in IPv6 router advertisements.
Configures the interval between IPv6 router advertisement
(RA) transmissions on an interface.
Configures the router lifetime value in IPv6 router advertisements on an interface.
Configures the amount of time that a remote IPv6 node is considered reachable after some reachability confirmation event has occurred.
Enables ICMPv6 redirect messages to be sent.
Configures the advertised time between neighbor solicitation messages in router advertisements.
Suppresses IPv6 router advertisement transmissions on a
LAN interface.
Verifying the IPv6 Configuration
To display the IPv6 configuration, perform one of the following tasks:
Command show ipv6 interface show ipv6 adjacency show ipv6 icmp show ipv6 nd show ipv6 neighbor
Purpose
Displays IPv6-related interface information.
Displays the adjacency table.
Displays ICMPv6 information.
Displays IPv6 neighbor discovery interface information.
Displays IPv6 neighbor entry.
Configuration Examples for IPv6
This example shows how to configure IPv6: configure terminal interface ethernet 3/1 ipv6 address 2001:db8::/64 eui64
ipv6 nd reachable-time 10
3-24
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 3 Configuring IPv6
Additional References
Additional References
For additional information related to implementing IPv6, see the following sections:
•
•
Related Documents
Related Topic
IPv6 CLI commands
Document Title
Cisco Nexus 6000 Series NX-OS Unicast Routing Command
Reference, Release 7.x
Standards
Standards Title
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
—
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
3-25
Additional References
Chapter 3 Configuring IPv6
3-26
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
C H A P T E R
4
Configuring WCCPv2
This chapter describes how to configure the Web Cache Communication Protocol version 2 (WCCPv2) on the Cisco NX-OS device.
This chapter includes the following sections:
•
•
•
•
•
Information About WCCPv2, page 4-1
Licensing Requirements for WCCPv2, page 4-9
Prerequisites for WCCPv2, page 4-9
Guidelines and Limitations for WCCPv2, page 4-9
•
•
•
•
Verifying the WCCPv2 Configuration, page 4-15
Configuration Examples for WCCPv2, page 4-15
Additional References, page 4-16
Information About WCCPv2
WCCPv2 specifies interactions between one or more Cisco NX-OS routers and one or more cache engines. WCCPv2 transparently redirects selected types of traffic through a group of routers. The selected traffic is redirected to a group of cache engines to optimize resource usage and lower response times.
Cisco NX-OS does not support WCCPv1.
This section includes the following topics:
•
•
•
•
•
WCCPv2 Authentication, page 4-5
Packet Return Method, page 4-7
Virtualization Support for WCCPv2, page 4-7
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
4-1 OL-30923-01
Chapter 4 Configuring WCCPv2
Information About WCCPv2
WCCPv2 Overview
WCCPv2 enables the Cisco NX-OS router to transparently redirect packets to cache engines. WCCPv2 does not interfere with normal router operations. Using WCCPv2, the router can redirect requests on configured interfaces to cache engines rather than to intended host sites. With WCCPv2, the router can balance traffic loads across a cluster of cache engines (cache cluster) and ensure fault-tolerant and fail-safe operation in the cluster. As you add or delete cache engines from a cache cluster, WCCPv2 dynamically redirects the packets to the currently available cache engines.
WCCPv2 accepts the traffic at the cache engine and establishes the connection with the traffic originator
(the client). The cache engine acts as if it were the original destination server. If the requested object is not available on the cache engine, the cache engine establishes its own connection out to the original destination server to retrieve the object.
WCCPv2 communicates between routers and cache engines on UDP port 2048.
By allowing a cache cluster to connect to multiple routers, WCCPv2 provides redundancy and a distributed architecture for instances when a cache engine must connect to many interfaces. In addition,
WCCPv2 allows you to keep all the cache engines in a single cluster, which avoids the unnecessary duplication of web pages across several clusters.
This section includes the following topics:
•
WCCPv2 Service Types, page 4-2
•
•
•
•
WCCPv2 Designated Cache Engine, page 4-4
WCCPv2 Service Types
A service is a defined traffic type that the router redirects to a cache engine with the WCCPv2 protocol.
You can configure the router to run one of the following cache-related services:
•
•
Well-known —The router and the cache engine know the traffic type. An example is the web cache service on TCP port 80 for HTTP.
Dynamic service—A service in which the cache engine describes the type of redirected traffic to the router.
Service Groups
A service group is a subset of cache engines within a cluster and the routers connected to the cluster that are running the same service.
Figure 4-1 shows a service group within a cache cluster. The cache engines
and the routers can be a part of multiple service groups.
4-2
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 4 Configuring WCCPv2
Information About WCCPv2
Figure 4-1 WCCPv2 Cache Cluster and Service Group
Internet
Service group
Cache 1
Clients
Clients
Cache 2
Clients
Clients
Clients
Cache 3
Clients
You can configure a service group as open or closed. An open service group forwards traffic without redirection if there is no cache engine to redirect the traffic to. A closed service group drops traffic if there is no cache engine to redirect the traffic to.
The service group defines the traffic that is redirected to individual cache engines in that service group.
The service group definition consists of the following:
•
•
•
•
Service ID (0–255)
Service Type
Priority of the service group
•
•
Protocol (TCP or UDP) of redirected traffic
Service flags
Up to eight TCP or UDP port numbers (either all source or all destination port numbers)
Service Group Lists
WCCPv2 requires that each cache engine be aware of all the routers in the service group. You can configure a list of router addresses for each of the routers in the group on each cache engine.
The following sequence of events details how WCCPv2 configuration works:
Step 1
Step 2
You configure each cache engine with a list of routers.
Each cache engine announces its presence and generates a list of all routers with which it has established communications.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
4-3
Chapter 4 Configuring WCCPv2
Information About WCCPv2
Step 3 The routers reply with their view (list) of cache engines in the group.
The cache engines and routers exchange control messages every 10 seconds by default.
WCCPv2 Designated Cache Engine
WCCPv2 designates one cache engine as the lead. If there is a group of cache engines, the one seen by all routers and the one that has the lowest IP address becomes the designated cache engine. The designated cache engine determines how traffic should be allocated across cache engines. The traffic assignment method is passed to the entire service group from the designated cache engine so that the routers of the group can redirect the packets and the cache engines of the group can manage their traffic load better.
Cisco NX-OS uses the mask method to assign traffic. The designated cache engine assigns the mask and value sets to the router in the WCCP Redirect Assignment message. The router matches these mask and value sets to the source IP address, destination IP address, source port, and destination port of each packet. The router redirects the packet to the cache engine if the packet matches an assigned mask and value set. If the packet does not match an assigned mask and value set, the router forwards the packet without any redirection.
Redirection
You can use an IP access list as a redirect list to specify a subset of traffic to redirect with WCCPv2. You can apply this access list for ingress traffic on an interface.
shows how redirection applies to ingress traffic.
Figure 4-2
WCCP
Redirect-In
WCCP Redirection
Ingress
Interface
Cisco Nexus device
Egress
Interface
L2 L2
WCCP-Enabled
Appliance
4-4
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 4 Configuring WCCPv2
Information About WCCPv2
WCCPv2 Authentication
WCCPv2 can authenticate a device before it adds that device to the service group. Message Digest
(MD5) authentication allows each WCCPv2 service group member to use a secret key to generate a keyed MD5 digest string that is part of the outgoing packet. At the receiving end, a keyed digest of an incoming packet is generated. If the MD5 digest within the incoming packet does not match the generated digest, WCCP ignores the packet.
WCCPv2 rejects packets in any of the following cases:
•
•
The authentication schemes differ on the router and in the incoming packet.
The MD5 digests differ on the router and in the incoming packet.
Redirection Method
WCCPv2 negotiates the packet redirection method between the router and the cache engine. Cisco
NX-OS uses this traffic redirection method for all cache engines in a service group.
WCCPv2 redirects packets using the following forwarding method:
• Layer 2 Destination MAC rewrite—WCCPv2 replaces the destination MAC address of the packet with the MAC address of the cache engine that needs to handle the packet. The cache engine and the router must be adjacent to Layer 2.
You can also configure an access control list (ACL), called a redirect list, for a WCCPv2 service group.
This ACL can either permit a packet to go through the WCCPv2 redirection process or deny the WCCP redirection and send the packet through the normal packet forwarding procedure.
The set of translations for the permit and deny rules are given below:
Note In the list of translations, the Permit action translates to traffic redirection and Deny action translates to normal packet forwarding.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
4-5
Information About WCCPv2
Chapter 4 Configuring WCCPv2
Rule
Type Permit Deny
Permit Redirects traffic of specific criteria + Normal packet forwarding for rest of the traffic
Normal packet forwarding for traffic of specific criteria +
Redirects traffic of specific criteria +
Normal packet forwarding for rest of the traffic
Permit all Deny all
Redirects all traffic
Normal packet forwarding for all traffic
Deny Normal packet forwarding for traffic of specific criteria +
Redirects specific traffic + Normal packet forwarding for rest of the traffic
Permit all
Redirects all traffic
Normal packet forwarding for all traffic
Normal packet forwarding for traffic of specific criteria +
Redirect rest of the traffic
Deny all
Normal packet forwarding for all traffic
Normal packet forwarding for all traffic
Normal packet forwardin g for a specific traffic +
Redirects the rest of the traffic
Redirects all traffic
Normal packet forwarding for all traffic
Normal packet forwarding for all traffic
Normal packet forwardin g for all traffic
Normal packet forwarding for all traffic
4-6
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 4 Configuring WCCPv2
Information About WCCPv2
Note You can configure an Access Control List (ACL), called a redirect list for a WCCPv2 service group. If the
ACL is configured with deny ip any any, then traffic will be forwarded normally and not through WCCP
Packet Return Method
WCCPv2 filters packets to determine which redirected packets have been returned from the cache engine and which packets have not. WCCPv2 does not redirect the returned packets, because the cache engine has determined that these packets should not be cached. WCCPv2 returns packets that the cache engine does not service to the router that transmitted them.
A cache engine might return a packet for one of the following reasons:
• The cache engine is overloaded and cannot service the packets.
• The cache engine is filtering certain conditions that make caching packets counterproductive such as when IP authentication has been turned on.
WCCPv2 negotiates the packet return method between the router and the cache engine. Cisco NX-OS uses this traffic return method for all cache engines in a service group.
WCCPv2 returns packets using the following forwarding method:
• Destination MAC rewrite—WCCPv2 replaces the destination MAC address of the packet with the
MAC address of the router that originally redirected the packet. The cache engine and the router must be adjacent to Layer 2.
Virtualization Support for WCCPv2
WCCPv2 supports virtual routing and forwarding (VRF) instances. VRFs exist within virtual device contexts (VDCs). By default, Cisco Nexus 6000 Series switches place you in the default VDC and default VRF.
WCCP redirection occurs within a VRF. You must configure the WCCP cache engine so that the forward and return traffic to and from the cache engine occurs from interfaces that are a part of the same VRF.
The VRF used for the WCCP on an interface should match the VRF configured on that interface.
If you change the VRF membership of an interface, Cisco Nexus 6000 Series switches remove all Layer
3 configurations, including WCCPv2.
WCCPv2 Error Handling for SPM Operations
The Service Policy Manager (SPM) supervisor component acts as a data path manager for the WCCP
Manager. The WCCP manager is shielded from the underlying platform specifics by the SPM and is portable to platform variations. The WCCP manager has a set of SPM APIs to pass the configurations that are mapped and programmed in the hardware. These APIs can process and parse the application data that is implemented and maintained in one single handler.
The interface redirects that failed to be programmed by the SPM are stored until there is a service group configuration change through the CLI or an RA message. The WCCP manager retries programming policies that failed previously.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
4-7
Chapter 4 Configuring WCCPv2
Information About WCCPv2
The WCCP manager sends policy updates to the SPM in intervals to program TCAM entries in the hardware. These policy updates can be triggered by the CLI or through RA (Redirect-Assign) messages.
When the WCCP is notified of an SPM error, a syslog message appears.
Support for Configurable Service Group Timers
A single WCCP service group can have up to 32 routers and 32 cache engines. The cache engine uses a
WCCP Here I Am (HIA) message to send its properties to the router. HIA messages are sent every 10 seconds by default. You might need to configure the HIA timer for every service group. This timer is used to determine the HIA timeout for all clients on the service group.
4-8
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 4 Configuring WCCPv2
Licensing Requirements for WCCPv2
Licensing Requirements for WCCPv2
The following table shows the licensing requirements for this feature:
Product License Requirement
Cisco NX-OS WCCPv2 requires the LAN_BASE_SERVICES_PKG license. For a complete explanation of the Cisco
NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide .
Prerequisites for WCCPv2
WCCPv2 has the following prerequisites:
•
•
You must globally enable the WCCPv2 feature (see the
“Enabling WCCPv2” section on page 4-10
You can configure WCCPv2 on Layer 3, VLAN interfaces, port channels, and port channel subinterfaces.
).
Guidelines and Limitations for WCCPv2
WCCPv2 has the following configuration guidelines and limitations:
•
•
A WCCPv2 service group supports up to 32 routers and 32 cache engines.
All cache engines in a cluster must include all routers that service the cluster in its configuration. If a cache engine within a cluster does not include one or more of the routers in its configuration, the service group detects the inconsistency and the cache engine is not allowed to operate within the service group.
•
•
•
•
•
The cache engine cannot be on the same interface with the redirect in statement.
WCCPv2 works with IPv4 networks only.
Do not configure policy-based routing and WCCPv2 on the same interface.
Do not configure more than one service of WCCPv2 on the same interface.
•
•
•
•
Do not configure Network Address Translation (NAT) and WCCP on the same interface.
Cisco Nexus 6000 Series switches remove all Layer 3 configuration on an interface when you change the interface VRF membership, port-channel membership, or the port mode to Layer 2.
Wildcard masks are not supported for the WCCPv2 redirect list.
Cisco NX-OS does not support WCCPv2 on tunnel interfaces.
•
WCCPv2 requires the client, server, and WCCPv2 client to be on separate interfaces. If you migrate a topology from a Cisco Catalyst 6500 Series switch deployment, it might not be supported.
WCCPv2 configured for use with HSRP/VRRP in non-VPC topologies does not support WCCP redirection. If HSRP/VRRP is configured, use VPC topology to perform WCCP redirection.
Default Settings
Table 4-1 lists the default settings for WCCPv2 parameters.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
4-9
Chapter 4 Configuring WCCPv2
Configuring WCCPv2
Table 4-1
Parameters
Authentication
WCCPv2
Default WCCPv2 Parameters
Default
No authentication
Disable
Configuring WCCPv2
To configure WCCPv2, follow these steps:
Step 1
Step 2
Step 3
Enable the WCCPv2 feature. See the
“Enabling WCCPv2” section on page 4-10
.
Configure a service group. See the
“Configuring a WCCPv2 Service Group” section on page 4-11
.
•
•
•
This section includes the following topics:
Configuring a WCCPv2 Service Group, page 4-11
•
Applying WCCPv2 Redirection to an Interface, page 4-13
Configuring WCCPv2 in a VRF, page 4-13
Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Enabling WCCPv2
You must enable the WCCPv2 feature before you can configure WCCPv2.
DETAILED STEPS
To enable the WCCPv2 feature, use the following command in global configuration mode:
Command feature wccp
Example : switch(config)# feature wccp
Purpose
Enables the WCCPv2 feature in a VDC.
To disable the WCCPv2 feature in a VDC and remove all associated configuration, use the following command in global configuration mode:
4-10
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 4 Configuring WCCPv2
Configuring WCCPv2
Command no feature wccp
Example : switch(config)# no feature wccp
Purpose
Disables the WCCPv2 feature in a VDC and removes all associated configuration.
Configuring a WCCPv2 Service Group
You can configure a WCCPv2 service group. You can optionally configure the following:
• Open or closed mode (with a service list)—Controls the traffic type that this service group handles.
• WCCPv2 authentication—Authenticates the WCCPv2 messages using an MD5 digest. WCCPv2 discards messages that fail authentication.
Note You must configure the same authentication on all members of the WCCPv2 service group.
• Redirection-list—Controls the traffic that is redirected to the cache engine.
Closed mode for dynamic service groups requires a service list access control list (ACL) that specifies the protocol and port information that is used for the service group. If there are no members in the service group, packets that match the service-list ACL are dropped.
Note The service-list keyword ACL must have only protocol and port information. To restrict traffic that is considered for redirection, use the redirect-list keyword.
Note You must enter the ip wccp command with all your required parameters. Any subsequent entry of the ip wccp command overwrites the earlier configuration.
BEFORE YOU BEGIN
Enable the WCCPv2 feature (see the “Enabling WCCPv2” section on page 4-10 ).
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
4-11
Chapter 4 Configuring WCCPv2
Configuring WCCPv2
DETAILED STEPS
To configure a WCCPv2 service group, use the following command in global configuration mode:
Command ip wccp { service-number | web-cache } [ mode
{ open [ redirect-list acl-name ] | closed service-list acl-name }][ password [ 0 7 ] pwstring ]
Example : switch(config)# ip wccp web-cache
Purpose
Creates an open or closed mode service group.
The service list identifies a named extended IP access list that defines the packets that match the service. This list is required only when the service is defined as closed mode. The s ervice-access-list can be any case-sensitive, alphanumeric string up to 64 characters.
Example : switch(config)# ip wccp 10 password Test1 redirect-list httpTest
Optional parameters are as follows:
• mode —Configures the service group in open or closed mode. The default is open. For closed mode, use this keyword to configure an IP access list to define the traffic type that matches this service.
•
• password —Configures MD5 authentication for a service group. Use password 0 pwstring to store the password in clear text. Use password 7 pwstring to store the password in encrypted form. You can use the password 7 keywords for an already encrypted password.
redirect-list —Configures a global WCCPv2 redirection list for the service group to control the traffic that is redirected to the cache engine.
• service-list —Configures an IP access list that defines the traffic type redirected by the service group.
The service-number range is from 1 to 255. The acl-name can be any case-sensitive, alphanumeric string up to 64 characters. The pwstring can be any case-sensitive, alphanumeric string up to eight characters
4-12
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 4 Configuring WCCPv2
Configuring WCCPv2
Applying WCCPv2 Redirection to an Interface
To apply WCCPv2 redirection on an interface, use the following commands in interface configuration mode:
Command ip wccp service-number redirect in
Example : switch(config-if)# ip wccp 10 redirect in ip wccp web-cache redirect in
Example : switch(config-if)# ip wccp web-cache redirect in
Purpose
Applies WCCPv2 redirection on the ingress traffic for this interface.
Applies WCCPv2 redirection on the ingress web cache traffic for this interface.
This example shows how to configure a router to redirect web-related packets without a destination of
19.20.2.1 to the web cache: switch(config)# access-list 100 switch(config-acl)# deny ip any host 192.0.2.1
switch(config-acl)# permit ip any any switch(config-acl)# exit switch(config)# ip wccp web-cache redirect-list 100 switch(config)# interface ethernet 2/1 switch(config-if)# ip wccp web-cache redirect in
Configuring WCCPv2 in a VRF
You can configure WCCPv2 redirection on an interface in a VRF.
Note The WCCPv2 VRF must match the VRF configured on the interface.
SUMMARY STEPS
1.
2.
3.
4.
5.
configure terminal vrf-context vrf-name ip wccp { service-number | web-cache } [ mode { open [ redirect-list acl-name ] | closed service-list acl-name }]] [ password [ 0 7 ] pwstring ]
(Optional) show ip wccp [ vrf vrf-name ]
(Optional) copy running-config startup-config
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
4-13
Chapter 4 Configuring WCCPv2
Configuring WCCPv2
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 vrf context vrf-name
Example: switch(config)# vrf context Red switch(config-vrf)#
Step 3 ip wccp { service-number | web-cache }
[ mode { open [ redirect-list acl-name ] | closed service-list acl-name }][ password
[ 0 7 ] pwstring ]
Example : switch(config-vrf)# ip wccp 10
Example : switch(config-vrf)# ip wccp web-cache password Test1 redirect-list httpTest
Step 4 show ip wccp [ vrf vrf-name ]
Example : switch(config-vrf)# show ip wccp vrf Red
Step 5 copy running-config startup-config
Enters VRF configuration mode. The vrf-name can be any case-sensitive, alphanumeric string up to 63 characters.
Creates an open or closed mode service group. The service list identifies a named extended IP access list that defines the packets that matches the service. This list is required only when the service is defined as closed mode.
Optional parameters are as follows:
•
• mode —Configures the service group in open or closed mode. The default is open. For closed mode, use this keyword to configure an IP access list to define the traffic type that matches this service. password —Configures MD5 authentication for a service group. Use password 0 pwstring to store the password in clear text. Use password 7 pwstring to store the password in encrypted form.
You can use the password 7 keywords for an already encrypted password.
•
• redirect-list —Configures a global WCCPv2 redirection list for the service group to control the traffic that is redirected to the cache engine. service-list —Configures an IP access list that defines the traffic type redirected by the service group.
The service-number range is from 1 to 255. The acl-name can be any case-sensitive, alphanumeric string up to 64 characters. The pwstring can be any case-sensitive, alphanumeric string up to eight characters
(Optional) Displays information about WCCPv2. The vrf-name can be any case-sensitive, alphanumeric string up to 64 characters.
(Optional) Saves this configuration change.
Example: switch(config-vrf)# copy running-config startup-config
Purpose
Enters global configuration mode.
4-14
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 4 Configuring WCCPv2
Verifying the WCCPv2 Configuration
This example shows how to configure WCCPv2 in VRF Red on interface Ethernet 2/1: switch# configure terminal switch(config)# vrf context Red switch(config-vrf)# ip wccp web-cache password Test1 redirect-list httpTest switch(config-vrf)# interface ethernet 2/1 switch(config-if)# vrf member Red switch(config-if)# ip wccp web-cache redirect in
Verifying the WCCPv2 Configuration
To display the WCCPv2 configuration, perform one of the following tasks:
Command show ip wccp [ vrf vrf-name ] [ service-number | web-cache ] show ip interface show ip wccp [
[ ethernet-number service-number |
] web-cache ]
Purpose
Displays the WCCPv2 status for all groups or one group in a VRF.
Displays the WCCPv2 interface information.
Displays the WCCPv2 service group status.
Displays the clients in a WCCPv2 service group.
show ip wccp [ service-number | web-cache ] detail show ip wccp [ service-number | web-cache ] mask
Displays the WCCPv2 mask assignment.
show ip wccp [ service-number | web-cache ] service
Displays the WCCPv2 service group definition.
show ip wccp [ service-number | web-cache ] view Displays the WCCPv2 group membership.
Configuration Examples for WCCPv2
This example shows how to configure WCCPv2 authentication on router redirect web-related packets without a destination of 192.0.2.1 to the web cache: access-list 100 deny ip any host 192.0.2.1
permit ip any any feature wccp ip wccp web-cache password 0 Test1 redirect-list 100 interface ethernet 1/2 ip wccp web-cache redirect in no shutdown
Note See the Cisco Nexus 6000 Series NX-OS Security Configuration Guide, Release 7.x
, for information about IP access lists.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
4-15
Chapter 4 Configuring WCCPv2
Additional References
Additional References
For additional information related to implementing WCCPv2, see the following sections:
•
•
Related Documents
Related Topic
WCCPv2 CLI commands
Document Title
Cisco Nexus 6000 Series NX-OS Unicast Routing Command
Reference, Release 7.x
Standards
Standards Title
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
—
4-16
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
C H A P T E R
5
Configuring OSPFv2
This chapter describes how to configure Open Shortest Path First version 2 (OSPFv2) for IPv4 networks.
This chapter includes the following sections:
•
•
•
•
•
•
•
•
•
•
•
Information About OSPFv2, page 5-1
Licensing Requirements for OSPFv2, page 5-12
Prerequisites for OSPFv2, page 5-12
Guidelines and Limitations, page 5-12
Configuring Basic OSPFv2, page 5-13
Configuring Advanced OSPFv2, page 5-23
Verifying the OSPFv2 Configuration, page 5-43
Displaying OSPFv2 Statistics, page 5-44
Configuration Examples for OSPFv2, page 5-44
Additional References, page 5-45
Information About OSPFv2
OSPFv2 is an IETF link-state protocol (see the
“Link-State Protocols” section on page 1-9
) for IPv4 networks. An OSPFv2 router sends a special message, called a
, out each OSPF-enabled interface to discover other OSPFv2 neighbor routers. Once a neighbor is discovered, the two routers compare information in the hello packet to determine if the routers have compatible configurations. The neighbor routers attempt to establish
adjacency , which means that the routers synchronize their
link-state databases to ensure that they have identical OSPFv2 routing information. Adjacent routers share
(LSAs) that include information about the operational state of each link, the cost of the link, and any other neighbor information. The routers then flood these received LSAs out every OSPF-enabled interface so that all OSPFv2 routers eventually have identical link-state databases.
When all OSPFv2 routers have identical link-state databases, the network is
(see the
“Convergence” section on page 1-6
). Each router then uses Dijkstra’s Shortest Path First (SPF) algorithm to build its route table.
You can divide OSPFv2 networks into areas. Routers send most LSAs only within one area, which reduces the CPU and memory requirements for an OSPF-enabled router.
OSPFv2 supports IPv4, while OSPFv3 supports IPv6. For more information, see
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01 5-1
Chapter 5 Configuring OSPFv2
Information About OSPFv2
Hello Packet
OSPFv2 routers periodically send hello packets on every OSPF-enabled interface. The
determines how frequently the router sends these hello packets and is configured per interface. OSPFv2 uses hello packets for the following tasks:
•
•
•
•
Neighbor discovery
Keepalives
Bidirectional communications
Designated router election (see the
“Designated Routers” section on page 5-3
)
The hello packet contains information about the originating OSPFv2 interface and router, including the assigned OSPFv2 cost of the link, the hello interval, and optional capabilities of the originating router.
An OSPFv2 interface that receives these hello packets determines if the settings are compatible with the receiving interface settings. Compatible interfaces are considered neighbors and are added to the
neighbor table (see the “Neighbors” section on page 5-2
).
Hello packets also include a list of router IDs for the routers that the originating interface has communicated with. If the receiving interface sees its own router ID in this list, then bidirectional communication has been established between the two interfaces.
OSPFv2 uses hello packets as a keepalive message to determine if a neighbor is still communicating. If a router does not receive a hello packet by the configured
(usually a multiple of the hello interval), then the neighbor is removed from the local neighbor table.
Neighbors
This section includes the following topics:
•
•
•
•
•
•
•
•
•
Link-State Advertisements, page 5-5
OSPFv2 and the Unicast RIB, page 5-7
An OSPFv2 interface must have a compatible configuration with a remote interface before the two can be considered neighbors. The two OSPFv2 interfaces must match the following criteria:
•
•
•
•
•
Hello interval
Dead interval
Area ID (see the
Authentication
Optional capabilities
5-2
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 5 Configuring OSPFv2
Information About OSPFv2
If there is a match, the following information is entered into the neighbor table:
•
•
Neighbor ID—The router ID of the neighbor.
Priority—Priority of the neighbor. The priority is used for designated router election (see the
“Designated Routers” section on page 5-3 ).
•
•
•
•
•
State—Indication of whether the neighbor has just been heard from, is in the process of setting up bidirectional communications, is sharing the link-state information, or has achieved full adjacency.
Dead time—Indication of the time since the last Hello packet was received from this neighbor.
IP Address—The IP address of the neighbor.
Designated Router—Indication of whether the neighbor has been declared as the designated router or as the backup designated router (see the
“Designated Routers” section on page 5-3
).
Local interface—The local interface that received the hello packet for this neighbor.
Adjacency
Not all neighbors establish adjacency. Depending on the network type and designated router establishment, some neighbors become fully adjacent and share LSAs with all their neighbors, while
other neighbors do not. For more information, see the “Designated Routers” section on page 5-3
.
Adjacency is established using Database Description packets, Link State Request packets, and Link State
Update packets in OSPF. The Database Description packet includes only the LSA headers from the link-state database of the neighbor (see the
“Link-State Database” section on page 5-7
). The local router compares these headers with its own link-state database and determines which LSAs are new or updated.
The local router sends a Link State Request packet for each LSA that it needs new or updated information on. The neighbor responds with a Link State Update packet. This exchange continues until both routers have the same link-state information.
Designated Routers
Networks with multiple routers present a unique situation for OSPF. If every router floods the network with LSAs, the same link-state information will be sent from multiple sources. Depending on the type of network, OSPFv2 might use a single router, the
( DR ), to control the LSA floods and represent the network to the rest of the OSPFv2 area (see the
“Areas” section on page 5-4 ). If the DR
fails, OSPFv2 selects a
backup designated router (BDR). If the DR fails, OSPFv2 uses the BDR.
Network types are as follows:
• Point-to-point—A network that exists only between two routers. All neighbors on a point-to-point network establish adjacency and there is no DR.
• Broadcast—A network with multiple routers that can communicate over a shared medium that allows broadcast traffic, such as Ethernet. OSPFv2 routers establish a DR and BDR that controls
LSA flooding on the network. OSPFv2 uses the well-known IPv4 multicast addresses 224.0.0.5 and a MAC address of 0100.5300.0005 to communicate with neighbors.
The DR and BDR are selected based on the information in the Hello packet. When an interface sends a
Hello packet, it sets the priority field and the DR and BDR field if it knows who the DR and BDR are.
The routers follow an election procedure based on which routers declare themselves in the DR and BDR fields and the priority field in the Hello packet. As a final tie breaker, OSPFv2 chooses the highest router
IDs as the DR and BDR.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
5-3
Chapter 5 Configuring OSPFv2
Information About OSPFv2
All other routers establish adjacency with the DR and the BDR and use the IPv4 multicast address
224.0.0.6 to send LSA updates to the DR and BDR.
Figure 5-1 shows this adjacency relationship
between all routers and the DR.
DRs are based on a router interface. A router might be the DR for one network and not for another network on a different interface.
Figure 5-1
Router A
DR in Multi-Access Network
Router B Router C
Router D or DR
Router E
= Multi-access network
= Logical connectivity to Designated Router for OSPF
Areas
You can limit the CPU and memory requirements that OSPFv2 puts on the routers by dividing an
OSPFv2 network into
.
An area is a logical division of routers and links within an OSPFv2 domain that creates separate subdomains. LSA flooding is contained within an area, and the link-state database is limited to links within the area. You can assign an area ID to the interfaces within the defined area.
The Area ID is a 32-bit value that you can enter as a number or in dotted decimal notation, such as
10.2.3.1.
Cisco NX-OS always displays the area in dotted decimal notation.
If you define more than one area in an OSPFv2 network, you must also define the backbone area, which has the reserved area ID of 0. If you have more than one area, then one or more routers become
(ABRs). An ABR connects to both the backbone area and at least one other defined area
(see
5-4
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 5 Configuring OSPFv2
Figure 5-2 OSPFv2 Areas
Area 0
ABR1
Area 5
ABR2
Information About OSPFv2
Area 3
The ABR has a separate link-state database for each area to which it connects. The ABR sends Network
Summary (type 3) LSAs (see the
“Route Summarization” section on page 5-10
) from one connected area to the backbone area. The backbone area sends summarized information about one area to another area.
In
Figure 5-2 , Area 0 sends summarized information about Area 5 to Area 3.
OSPFv2 defines one other router type: the autonomous system boundary router (ASBR). This router connects an OSPFv2 area to another autonomous system. An autonomous system is a network controlled by a single technical administration entity. OSPFv2 can redistribute its routing information into another autonomous system or receive redistributed routes from another autonomous system. For more information, see
“Advanced Features” section on page 5-8
.)
Link-State Advertisements
OSPFv2 uses link-state advertisements (LSAs) to build its routing table.
This section includes the following topics:
•
•
•
•
•
Flooding and LSA Group Pacing, page 5-6
LSA Types
Table 5-1 shows the LSA types supported by Cisco NX-OS.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
5-5
Chapter 5 Configuring OSPFv2
Information About OSPFv2
Table 5-1 LSA Types
Type Name
1
2
3
4
Router LSA
Description
LSA sent by every router. This LSA includes the state and the cost of all links and a list of all OSPFv2 neighbors on the link. Router LSAs trigger an
SPF recalculation. Router LSAs are flooded to local OSPFv2 area.
Network LSA LSA sent by the DR. This LSA lists all routers in the multi-access network.
Network LSAs trigger an SPF recalculation. See the
“Designated Routers” section on page 5-3 .
Network
Summary LSA
LSA sent by the area border router to an external area for each destination in the local area. This LSA includes the link cost from the area border router
to the local destination. See the “Areas” section on page 5-4 .
ASBR Summary
LSA
LSA sent by the area border router to an external area. This LSA advertises the link cost to the ASBR only. See the
.
5 AS External
LSA
LSA generated by the ASBR. This LSA includes the link cost to an external autonomous system destination. AS External LSAs are flooded throughout the autonomous system. See the
.
7 NSSA External
LSA
LSA generated by the ASBR within a not-so-stubby area (NSSA). This LSA includes the link cost to an external autonomous system destination. NSSA
External LSAs are flooded only within the local NSSA. See the “Areas” section on page 5-4 .
9–11 Opaque LSAs LSA used to extend OSPF. See the
“Opaque LSAs” section on page 5-7 .
Link Cost
Each OSPFv2 interface is assigned a
. The cost is an arbitrary number. By default, Cisco NX-OS assigns a cost that is the configured reference bandwidth divided by the interface bandwidth. By default, the reference bandwidth is 40 Gb/s. The link cost is carried in the LSA updates for each link.
Flooding and LSA Group Pacing
When an OSPFv2 router receives an LSA, it forwards that LSA out every OSPF-enabled interface, flooding the OSPFv2 area with this information. This LSA flooding guarantees that all routers in the network have identical routing information. LSA flooding depends on the OSPFv2 area configuration
(see the
“Areas” section on page 5-4 ). The LSAs are flooded based on the
link-state refresh time (every
30 minutes by default). Each LSA has its own link-state refresh time.
You can control the flooding rate of LSA updates in your network by using the LSA group pacing feature. LSA group pacing can reduce high CPU or buffer utilization. This feature groups LSAs with similar link-state refresh times to allow OSPFv2 to pack multiple LSAs into an OSPFv2 Update message.
By default, LSAs with link-state refresh times within four minutes of each other are grouped together.
You should lower this value for large link-state databases or raise it for smaller databases to optimize the OSPFv2 load on your network.
5-6
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 5 Configuring OSPFv2
Information About OSPFv2
Link-State Database
Each router maintains a link-state database for the OSPFv2 network. This database contains all the collected LSAs, and includes information on all the routes through the network. OSPFv2 uses this information to calculate the bast path to each destination and populates the routing table with these best paths.
LSAs are removed from the link-state database if no LSA update has been received within a set interval, called the MaxAge. Routers flood a repeat of the LSA every 30 minutes to prevent accurate link-state information from being aged out. Cisco NX-OS supports the LSA grouping feature to prevent all LSAs
Opaque LSAs
Opaque LSAs allow you to extend OSPF functionality. Opaque LSAs consist of a standard LSA header followed by application-specific information. This information might be used by OSPFv2 or by other applications. OSPFv2 uses Opaque LSAs to support OSPFv2 Graceful Restart capability (see the
“Graceful Restart” section on page 3-11 ). Three Opaque LSA types are defined as follows:
•
•
•
LSA type 9—Flooded to the local network.
LSA type 10—Flooded to the local area.
LSA type 11—Flooded to the local autonomous system.
OSPFv2 and the Unicast RIB
OSPFv2 runs the Dijkstra shortest path first algorithm on the link-state database. This algorithm selects the best path to each destination based on the sum of all the link costs for each link in the path. The resultant shortest path for each destination is then put in the OSPFv2 route table. When the OSPFv2 network is converged, this route table feeds into the unicast RIB. OSPFv2 communicates with the unicast
RIB to do the following:
•
•
Add or remove routes
Handle route redistribution from other protocols
• Provide convergence updates to remove stale OSPFv2 routes and for stub router advertisements (see the
“OSPFv2 Stub Router Advertisements” section on page 5-11
)
OSPFv2 also runs a modified Dijkstra algorithm for fast recalculation for summary and external (type
3, 4, 5, and 7) LSA changes.
Authentication
You can configure authentication on OSPFv2 messages to prevent unauthorized or invalid routing updates in your network. Cisco NX-OS supports two authentication methods:
• Simple password authentication
• MD5 authentication digest
You can configure the OSPFv2 authentication for an OSPFv2 area or per interface.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
5-7
Chapter 5 Configuring OSPFv2
Information About OSPFv2
Simple Password Authentication
Simple password authentication uses a simple clear-text password that is sent as part of the OSPFv2 message. The receiving OSPFv2 router must be configured with the same clear-text password to accept the OSPFv2 message as a valid route update. Because the password is in clear text, anyone who can watch traffic on the network can learn the password.
MD5 Authentication
You should use MD5 authentication to authenticate OSPFv2 messages. You configure a password that is shared at the local router and all remote OSPFv2 neighbors. For each OSPFv2 message, Cisco NX-OS creates an MD5 one-way message digest based on the message itself and the encrypted password. The interface sends this digest with the OSPFv2 message. The receiving OSPFv2 neighbor validates the digest using the same encrypted password. If the message has not changed, the digest calculation is identical and the OSPFv2 message is considered valid.
MD5 authentication includes a sequence number with each OSPFv2 message to ensure that no message is replayed in the network.
Advanced Features
Cisco NX-OS supports a number of advanced OSPFv2 features that enhance the usability and scalability of OSPFv2 in the network. This section includes the following topics:
•
•
•
•
•
•
Route Redistribution, page 5-10
Route Summarization, page 5-10
•
•
•
•
OSPFv2 Stub Router Advertisements, page 5-11
Multiple OSPFv2 Instances, page 5-11
Virtualization Support, page 5-12
Stub Area
You can limit the amount of external routing information that floods an area by making it a
. A stub area is an area that does not allow AS External (type 5) LSAs (see the
“Link-State Advertisements” section on page 5-5
). These LSAs are usually flooded throughout the local autonomous system to propagate external route information. Stub areas have the following requirements:
•
•
All routers in the stub area are stub routers. See the
No ASBR routers exist in the stub area.
“Stub Routing” section on page 1-7
.
• You cannot configure virtual links in the stub area.
5-8
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 5 Configuring OSPFv2
Information About OSPFv2
Figure 5-3 shows an example of an OSPFv2 autonomous system where all routers in area 0.0.0.10 have
to go through the ABR to reach external autonomous systems. area 0.0.0.10 can be configured as a stub area.
Figure 5-3 Stub Area
ABR
Backbone Area 10
Stub area
ASBR
Not-So-Stubby Area
A Not-so-Stubby Area (
) is similar to a stub area, except that an NSSA allows you to import autonomous system external routes within an NSSA using redistribution. The NSSA ASBR redistributes these routes and generates NSSA External (type 7) LSAs that it floods throughout the NSSA. You can optionally configure the area border router (ABR) that connects the NSSA to other areas to translate this
NSSA External LSA to AS External (type 5) LSAs. The ABR then floods these AS External LSAs throughout the OSPFv2 autonomous system. Summarization and filtering are supported during the translation. See the
“Link-State Advertisements” section on page 5-5 for details on NSSA External
LSAs.
You can, for example, use NSSA to simplify administration if you are connecting a central site using
OSPFv2 to a remote site that is using a different routing protocol. Before NSSA, the connection between the corporate site border router and a remote router could not be run as an OSPFv2 stub area because routes for the remote site could not be redistributed into a stub area. With NSSA, you can extend OSPFv2 to cover the remote connection by defining the area between the corporate router and remote router as an NSSA (see the
“Configuring NSSA” section on page 5-26 ).
The backbone Area 0 cannot be an NSSA.
Virtual Links
Stub areas use a default route for all traffic that needs to go through the backbone area to the external autonomous system. The default route is 0.0.0.0 for IPv4.
Virtual links allow you to connect an OSPFv2 area ABR to a backbone area ABR when a direct physical
connection is not available. Figure 5-4
shows a virtual link that connects Area 3 to the backbone area through Area 5.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
5-9
Chapter 5 Configuring OSPFv2
Information About OSPFv2
Figure 5-4 Virtual Links
Area 0
ABR2
Area 5
ABR1
Area 3
You can also use virtual links to temporarily recover from a partitioned area, which occurs when a link within the area fails, isolating part of the area from reaching the designated ABR to the backbone area.
Route Redistribution
OSPFv2 can learn routes from other routing protocols by using route redistribution. See the
routes or a default link cost for all redistributed routes.
Route redistribution uses route maps to control which external routes are redistributed. See
“Configuring Route Policy Manager,”
for details on configuring route maps. You can use route maps to modify parameters in the AS External (type 5) and NSSA External (type 7) LSAs before these external routes are advertised in the local OSPFv2 autonomous system.
Route Summarization
Because OSPFv2 shares all learned routes with every OSPF-enabled router, you might want to use route summarization to reduce the number of unique routes that are flooded to every OSPF-enabled router.
Route summarization simplifies route tables by replacing more-specific addresses with an address that represents all the specific addresses. For example, you can replace 10.1.1.0/24, 10.1.2.0/24, and
10.1.3.0/24 with one summary address, 10.1.0.0/16.
Typically, you would summarize at the boundaries of area border routers (ABRs). Although you could configure summarization between any two areas, it is better to summarize in the direction of the backbone so that the backbone receives all the aggregate addresses and injects them, already summarized, into other areas. The two types of summarization are as follows:
•
•
Inter-area route summarization
External route summarization
You configure inter-area route summarization on ABRs, summarizing routes between areas in the autonomous system. To take advantage of summarization, you should assign network numbers in areas in a contiguous way to be able to lump these addresses into one range.
5-10
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 5 Configuring OSPFv2
Information About OSPFv2
External route summarization is specific to external routes that are injected into OSPFv2 using route redistribution. You should make sure that external ranges that are being summarized are contiguous.
Summarizing overlapping ranges from two different routers could cause packets to be sent to the wrong destination. Configure external route summarization on ASBRs that are redistributing routes into OSPF.
When you configure a summary address, Cisco NX-OS automatically configures a discard route for the summary address to prevent routing black holes and route loops.
OSPFv2 Stub Router Advertisements
You can configure an OSPFv2 interface to act as a stub router using the OSPFv2 stub router advertisements feature. Use this feature when you want to limit the OSPFv2 traffic through this router, such as when you want to introduce a new router to the network in a controlled manner or limit the load on a router that is already overloaded. You might also want to use this feature for various administrative or traffic engineering reasons.
OSPFv2 stub router advertisements do not remove the OSPFv2 router from the network topology, but they do prevent other OSPFv2 routers from using this router to route traffic to other parts of the network.
Only the traffic that is destined for this router or directly connected to this router is sent.
OSPFv2 stub router advertisements mark all stub links (directly connected to the local router) to the cost of the local OSPFv2 interface. All remote links are marked with the maximum cost (0xFFFF).
Multiple OSPFv2 Instances
Cisco NX-OS supports multiple instances of the OSPFv2 protocol that run on the same node. You cannot configure multiple instances over the same interface. By default, every instance uses the same system router ID. You must manually configure the router ID for each instance if the instances are in the same
OSPFv2 autonomous system.
SPF Optimization
Cisco NX-OS optimizes the SPF algorithm in the following ways:
• Partial SPF for Network (type 2) LSAs, Network Summary (type 3) LSAs, and AS External (type
5) LSAs—When there is a change on any of these LSAs, Cisco NX-OS performs a faster partial calculation rather than running the whole SPF calculation.
• SPF timers—You can configure different timers for controlling SPF calculations. These timers include exponential backoff for subsequent SPF calculations. The exponential backoff limits the
CPU load of multiple SPF calculations.
BFD
OSPFv2 supports bidirectional forwarding detection (BFD). BFD is a detection protocol that provides fast forwarding-path failure detection times. BFD provides subsecond failure detection between two adjacent devices and can be less CPU-intensive than protocol hello messages because some of the BFD load can be distributed onto the data plane on supported modules. See the Cisco Nexus 6000 Series
NX-OS Interfaces Configuration Guide, Release 7.x
for more information.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
5-11
Chapter 5 Configuring OSPFv2
Licensing Requirements for OSPFv2
Virtualization Support
OSPFv2 supports Virtual Routing and Forwarding (VRFs) instances. Each OSPFv2 instance can support multiple VRFs, up to the system limit.
Licensing Requirements for OSPFv2
The following table shows the licensing requirements for this feature:
Product License Requirement
Cisco NX-OS OSPFv2 requires a LAN Base Services license. For a complete explanation of the Cisco NX-OS licensing scheme and how to obtain and apply licenses, see the Cisco NX-OS Licensing Guide.
Prerequisites for OSPFv2
OSPFv2 has the following prerequisites:
•
•
•
You must be familiar with routing fundamentals to configure OSPF.
You are logged on to the switch.
•
You have configured at least one interface for IPv4 that is capable of communicating with a remote
OSPFv2 neighbor.
You have installed the LAN Base Services license.
• You have completed the OSPFv2 network strategy and planning for your network. For example, you must decide whether multiple areas are required.
You have enabled the OSPF feature (see the “Enabling the OSPFv2 Feature” section on page 5-13
).
Guidelines and Limitations
OSPFv2 has the following configuration guidelines and limitations:
•
•
You can have up to four instances of OSPFv2.
You can have up to four instances of OSPFv2 in a VDC.
•
•
Cisco NX-OS displays areas in dotted decimal notation regardless of whether you enter the area in decimal or dotted decimal notation.
If you configure OSPF in a vPC environment, use the following timer commands in router configuration mode on the core switch to ensure fast OSPF convergence when a vPC peer-link is shut down: switch(config-router)# timers throttle spf 1 50 50 switch(config-router)# timers lsa-arrival 10
Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
5-12
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 5 Configuring OSPFv2
Default Settings
Default Settings
Table 5-2 lists the default settings for OSPFv2 parameters.
Table 5-2 Default OSPFv2 Parameters
Parameters
Hello interval
Dead interval
Graceful restart grace period
Graceful restart notify period
OSPFv2 feature
Stub router advertisement announce time
Reference bandwidth for link cost calculation
LSA minimal arrival time
LSA group pacing
SPF calculation initial delay time
SPF calculation hold time
SPF calculation initial delay time
Default
10 seconds
40 seconds
60 seconds
15 seconds
Disabled
600 seconds
40 Gb/s
1000 milliseconds
240 seconds
0 milliseconds
5000 milliseconds
0 milliseconds
Configuring Basic OSPFv2
Configure OSPFv2 after you have designed your OSPFv2 network.
This section includes the following topics:
•
•
•
•
Enabling the OSPFv2 Feature, page 5-13
Creating an OSPFv2 Instance, page 5-14
Configuring Optional Parameters on an OSPFv2 Instance, page 5-16
Configuring Optional Parameters on an OSPFv2 Instance, page 5-16
•
•
•
Configuring Networks in OSPFv2, page 5-16
Configuring Authentication for an Area, page 5-19
Configuring Authentication for an Interface, page 5-21
Enabling the OSPFv2 Feature
You must enable the OSPFv2 feature before you can configure OSPFv2.
SUMMARY STEPS
1.
2.
3.
configure terminal feature ospf
(Optional) show feature
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01 5-13
Chapter 5 Configuring OSPFv2
Configuring Basic OSPFv2
4.
(Optional) copy running-config startup-config
DETAILED STEPS
To enable the OSPFv2 feature, follow these steps:
Command
Step 1 configure terminal
Purpose
Enters configuration mode.
Example: switch# configure terminal switch(config)#
Step 2 feature ospf Enables the OSPFv2 feature.
Example: switch(config)# feature ospf
Step 3 show feature (Optional) Displays enabled and disabled features.
Example: switch(config)# show feature
Step 4 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config)# copy running-config startup-config
Use the no feature ospf command to disable the OSPFv2 feature and remove all associated configurations.
Command no feature ospf
Example: switch(config)# no feature ospf
Purpose
Disables the OSPFv2 feature and removes all associated configurations.
RELATED TOPICS
•
Configuring Optional Parameters on an OSPFv2 Instance, page 5-16
Creating an OSPFv2 Instance
The first step in configuring OSPFv2 is to create an OSPFv2 instance. You assign a unique instance tag for this OSPFv2 instance. The instance tag can be any string.
For more information about OSPFv2 instance parameters, see the
“Configuring Advanced OSPFv2” section on page 5-23 .
BEFORE YOU BEGIN
Ensure that you have enabled the OSPF feature (see the
“Enabling the OSPFv2 Feature” section on page 5-13 ).
Use the show ip ospf instance-tag command to verify that the instance tag is not in use.
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
5-14 OL-30923-01
Chapter 5 Configuring OSPFv2
Configuring Basic OSPFv2
OSPFv2 must be able to obtain a router identifier (for example, a configured loopback address) or you must configure the router ID option.
SUMMARY STEPS
1.
2.
3.
4.
5.
configure terminal router ospf instance-tag
(Optional) router-id ip-address
(Optional) show ip ospf instance-tag
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 router ospf instance-tag
Example: switch(config)# router ospf 201 switch(config-router)#
Step 3 router-id ip-address
Example: switch(config-router)# router-id
192.0.2.1
Purpose
Enters configuration mode.
Creates a new OSPFv2 instance with the configured instance tag.
Step 4 show ip ospf instance-tag
Example : switch(config-router)# show ip ospf 201
Step 5 copy running-config startup-config
Example: switch(config)# copy running-config startup-config
(Optional) Configures the OSPFv2 router ID. This IP address identifies this OSPFv2 instance and must exist on a configured interface in the system.
This command restarts the OSPFv2 process automatically and changes the router ID after it is configured.
(Optional) Displays OSPF information.
(Optional) Saves this configuration change.
Use the no router ospf command to remove the OSPFv2 instance and all associated configurations.
Command no router ospf instance-tag
Example: switch(config)# no router ospf 201
Purpose
Deletes the OSPF instance and the associated configurations.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
5-15
Chapter 5 Configuring OSPFv2
Configuring Basic OSPFv2
This command does not remove OSPF configuration in interface mode. You must manually remove any
OSPFv2 commands configured in interface mode.
Configuring Optional Parameters on an OSPFv2 Instance
You can configure optional parameters for OSPF.
For more information about OSPFv2 instance parameters, see the
“Configuring Advanced OSPFv2” section on page 5-23 .
BEFORE YOU BEGIN
Ensure that you have enabled the OSPF feature (see the
“Enabling the OSPFv2 Feature” section on page 5-13 ).
OSPFv2 must be able to obtain a router identifier (for example, a configured loopback address) or you must configure the router ID option.
DETAILED STEPs
Command distance number
Example: switch(config-router)# distance 25 log-adjacency-changes [ detail ]
Example: switch(config-router)# log-adjacency-changes maximum-paths path-number
Example: switch(config-router)# maximum-paths 4
Purpose
Configures the administrative distance for this
OSPFv2 instance. The range is from 1 to 255. The default is 110.
Generates a system message whenever a neighbor changes state.
Configures the maximum number of equal OSPFv2 paths to a destination in the route table. This command is used for load balancing. The range is from 1 to 64. The default is 8.
This example shows how to create an OSPFv2 instance with a maximum of four equal paths per destination: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# maximum-paths 4 switch(config-router)# copy running-config startup-config
Configuring Networks in OSPFv2
You can configure a network to OSPFv2 by associating it through the interface that the router uses to connect to that network (see the
“Neighbors” section on page 5-2 ). You can add all networks to the
default backbone area (Area 0), or you can create new areas using any decimal number or an IP address.
Note All areas must connect to the backbone area either directly or through a virtual link.
5-16
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 5 Configuring OSPFv2
Configuring Basic OSPFv2
Note OSPF is not enabled on an interface until you configure a valid IP address for that interface.
BEFORE YOU BEGIN
Ensure that you have enabled the OSPF feature (see the
“Enabling the OSPFv2 Feature” section on page 5-13
).
SUMMARY STEPS
5.
6.
7.
3.
4.
1.
2.
configure terminal interface interface-type slot/port no switchport ip address ip-prefix/length ip router ospf instance-tag area area-id [ secondaries none ]
(Optional) show ip ospf instance-tag interface interface-type slot/port
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 interface interface-type slot/port
Example: switch(config)# interface ethernet 1/2 switch(config-if)#
Purpose
Enters configuration mode.
Enters interface configuration mode.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port .
Step 3 no switchport Configures the interface as a Layer 3 routed interface.
Example: switch(config-if)# no switchport
Step 4 ip address ip-prefix/length Assigns an IP address and subnet mask to this interface.
Example: switch(config-if)# ip address
192.0.2.1/16
Step 5 ip router ospf instance-tag area area-id
[ secondaries none ]
Adds the interface to the OSPFv2 instance and area.
Example: switch(config-if)# ip router ospf 201 area 0.0.0.15
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
5-17
Chapter 5 Configuring OSPFv2
Configuring Basic OSPFv2
Command
Step 6 show ip ospf instance-tag interface interface-type slot/port
Example : switch(config-if)# show ip ospf 201 interface ethernet 1/2
Step 7 copy running-config startup-config
Example: switch(config)# copy running-config startup-config
Purpose
(Optional) Displays OSPF information.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port .
(Optional) Saves this configuration change.
You can configure the following optional parameters for OSPFv2 in interface configuration mode:
Command ip ospf cost number
Example: switch(config-if)# ip ospf cost 25 ip ospf dead-interval seconds
Purpose
Configures the OSPFv2 cost metric for this interface. The default is to calculate cost metric, based on reference bandwidth and interface bandwidth. The range is from 1 to 65535.
Configures the OSPFv2 dead interval, in seconds.
The range is from 1 to 65535. The default is four times the hello interval, in seconds.
Example: switch(config-if)# ip ospf dead-interval
50 ip ospf hello-interval seconds
Example: switch(config-if)# ip ospf hello-interval
25 ip ospf mtu-ignore
Example: switch(config-if)# ip ospf mtu-ignore ip ospf passive-interface
Configures the OSPFv2 hello interval, in seconds.
The range is from 1 to 65535. The default is 10 seconds.
Configures OSPFv2 to ignore any IP MTU mismatch with a neighbor. The default is to not establish adjacency if the neighbor MTU does not match the local interface MTU.
Suppresses routing updates on the interface.
Example: switch(config-if)# ip ospf passive-interface ip ospf priority number
Example: switch(config-if)# ip ospf priority 25 ip ospf shutdown
Configures the OSPFv2 priority, used to determine the DR for an area. The range is from 0 to 255. The default is 1. See the
“Designated Routers” section on page 5-3 .
Shuts down the OSPFv2 instance on this interface.
Example: switch(config-if)# ip ospf shutdown
5-18
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 5 Configuring OSPFv2
Configuring Basic OSPFv2
This example shows how to add a network area 0.0.0.10 in OSPFv2 instance 201: switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# no switchport switch(config-if)# ip address 192.0.2.1/16 switch(config-if)# ip router ospf 201 area 0.0.0.10
switch(config-if)# copy running-config startup-config
Use the show ip ospf interface command to verify the interface configuration. Use the show ip ospf neighbor command to see the neighbors for this interface.
Configuring Authentication for an Area
You can configure authentication for all networks in an area or for individual interfaces in the area.
Interface authentication configuration overrides area authentication.
BEFORE YOU BEGIN
Ensure that you have enabled the OSPF feature (see the
“Enabling the OSPFv2 Feature” section on page 5-13
).
Ensure that all neighbors on an interface share the same authentication configuration, including the shared authentication key.
Create the key-chain for this authentication configuration. See the Cisco Nexus 6000 Series NX-OS
Security Configuration Guide, Release 7.x.
SUMMARY STEPS
4.
5.
6.
1.
2.
3.
7.
8.
configure terminal router ospf instance-tag area area-id authentication [ message-digest ] interface interface-type slot/port no switchport
(Optional) ip ospf authentication-key [ 0 | 3 ] key or
(Optional) ip ospf message-digest-key key-id md5 [ 0 | 3 ] key
(Optional) show ip ospf instance-tag interface interface-type slot/port
(Optional) copy running-config startup-config
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
5-19
Chapter 5 Configuring OSPFv2
Configuring Basic OSPFv2
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 router ospf instance-tag
Example: switch(config)# router ospf 201 switch(config-router)#
Step 3 area area-id authentication
[ message-digest ]
Purpose
Enters configuration mode.
Creates a new OSPFv2 instance with the configured instance tag.
Configures the authentication mode for an area.
Example: switch(config-router)# area 0.0.0.10 authentication
Step 4 interface interface-type slot/port
Example: switch(config-router)# interface ethernet 1/2 switch(config-if)#
Step 5 no switchport
Enters interface configuration mode.
Note If this is a 10G breakout port, the syntax is slot / QSFP-module / port . slot / port
Configures the interface as a Layer 3 routed interface.
Example: switch(config-if)# no switchport
Step 6 ip ospf authentication-key [ 0 | 3 ] key
Example: switch(config-if)# ip ospf authentication-key 0 mypass
(Optional) Configures simple password authentication for this interface. Use this command if the authentication is not set to key-chain or message-digest. 0 configures the password in clear text. 3 configures the password as 3DES encrypted. ip ospf message-digest-key key-id md5 [ 0
| 3 ] key
Example: switch(config-if)# ip ospf message-digest-key 21 md5 0 mypass
(Optional) Configures message digest authentication for this interface. Use this command if the authentication is set to message-digest. The key-id range is from 1 to 255. The MD5 option 0 configures the password in clear text and 3 configures the pass key as 3DES encrypted.
Step 7 show ip ospf instance-tag interface interface-type slot/port
(Optional) Displays OSPF information.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port .
Example : switch(config-if)# show ip ospf 201 interface ethernet 1/2
Step 8 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config)# copy running-config startup-config
5-20
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 5 Configuring OSPFv2
Configuring Basic OSPFv2
Configuring Authentication for an Interface
You can configure authentication for individual interfaces in the area. Interface authentication configuration overrides area authentication.
BEFORE YOU BEGIN
Ensure that you have enabled the OSPF feature (see the
“Enabling the OSPFv2 Feature” section on page 5-13
).
Ensure that all neighbors on an interface share the same authentication configuration, including the shared authentication key.
Create the key-chain for this authentication configuration. See the Cisco Nexus 6000 Series NX-OS
Security Configuration Guide, Release 7.x.
SUMMARY STEPS
7.
8.
5.
6.
9.
3.
4.
1.
2.
configure terminal interface interface-type slot/port no switchport ip ospf authentication [ message-diges t]
(Optional) ip ospf authentication key-chain key-id
(Optional) ip ospf authentication-key [ 0 | 3 ] key
(Optional) ip ospf message-digest-key key-id md5 [ 0 | 3 ] key
(Optional) show ip ospf instance-tag interface interface-type slot/port
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 interface interface-type slot/port
Example: switch(config)# interface ethernet 1/2 switch(config-if)#
Purpose
Enters configuration mode.
Enters interface configuration mode.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port .
Step 3 no switchport
Example: switch(config-if)# no switchport
Step 4 ip ospf authentication [ message-digest ]
Example: switch(config-if)# ip ospf authentication
Configures the interface as a Layer 3 routed interface.
Enables interface authentication mode for OSPFv2 for either cleartext or message-digest type. Overrides area-based authentication for this interface. All neighbors must share this authentication type.
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01 5-21
Chapter 5 Configuring OSPFv2
Configuring Basic OSPFv2
Command
Step 5 ip ospf authentication key-chain key-name
Purpose
(Optional) Configures interface authentication to use key chains for OSPFv2. See the Cisco Nexus 6000
Series NX-OS Security Configuration Guide, Release
7.x
, for details on key chains.
Example: switch(config-if)# ip ospf authentication key-chain Test1
Step 6 ip ospf authentication-key [ 0 | 3 | 7 ] key
Example: switch(config-if)# ip ospf authentication-key 0 mypass
Step 8 show ip ospf instance-tag interface interface-type slot/port
Example : switch(config-if)# show ip ospf 201 interface ethernet 1/2
(Optional) Configures simple password authentication for this interface. Use this command if the authentication is not set to key-chain or message-digest.
The options are as follows:
•
•
•
•
0—configures the password in clear text.
3—configures the pass key as 3DES encrypted.
Step 7 ip ospf message-digest-key key-id md5 [ 0
| 3 | 7 ] key
Example: switch(config-if)# ip ospf message-digest-key 21 md5 0 mypass
• 7—configures the key as Cisco type 7 encrypted.
(Optional) Configures message digest authentication for this interface. Use this command if the authentication is set to message-digest.The key-id range is from 1 to 255. The MD5 options are as follows:
0—configures the password in clear text.
3—configures the pass key as 3DES encrypted.
• 7—configures the key as Cisco type 7 encrypted.
(Optional) Displays OSPF information.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port .
Step 9 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config)# copy running-config startup-config
This example shows how to set an interface for simple, unencrypted passwords and set the password for
Ethernet interface 1/2: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# exit switch(config)# interface ethernet 1/2 switch(config-if)# no switchport switch(config-if)# ip router ospf 201 area 0.0.0.10
switch(config-if)# ip ospf authentication switch(config-if)# ip ospf authentication-key 0 mypass switch(config-if)# copy running-config startup-config
5-22
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 5 Configuring OSPFv2
Configuring Advanced OSPFv2
Configuring Advanced OSPFv2
Configure OSPFv2 after you have designed your OSPFv2 network.
This section includes the following topics:
•
•
•
•
•
•
•
•
•
•
•
•
Configuring Graceful Restart, page 3-40Configuring Filter Lists for Border Routers, page 5-23
Configuring Stub Areas, page 5-24
Configuring a Totally Stubby Area, page 5-26
Configuring Virtual Links, page 5-28
Configuring Redistribution, page 5-30
Limiting the Number of Redistributed Routes, page 5-32
Configuring Route Summarization, page 5-34
Configuring Stub Route Advertisements, page 5-35
Modifying the Default Timers, page 5-36
Configuring Graceful Restart, page 3-40
Restarting an OSPFv2 Instance, page 5-40
Configuring Graceful Restart, page 3-40
Configuring Filter Lists for Border Routers
You can separate your OSPFv2 domain into a series of areas that contain related networks. All areas must connect to the backbone area through an area border router (ABR). OSPFv2 domains also can connect to external domains, through an
autonomous system border router (ASBR). See the
.
ABRs have the following optional configuration parameters:
•
•
Area range—Configures route summarization between areas.
Filter list—Filters the Network Summary (type 3) LSAs on an ABR that are allowed in from an external area.
ASBRs also support filter lists.
BEFORE YOU BEGIN
Ensure that you have enabled the OSPF feature (see the
“Enabling the OSPFv2 Feature” section on page 5-13
).
Create the route map that the filter list uses to filter IP prefixes in incoming or outgoing Network
Summary (type 3) LSAs. See
Chapter 14, “Configuring Route Policy Manager.”
SUMMARY STEPS
1.
2.
3.
4.
configure terminal router ospf instance-tag area area-id filter-list route-map map-name { in | out }
(Optional) show ip ospf policy statistics
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
5-23
Chapter 5 Configuring OSPFv2
Configuring Advanced OSPFv2
5.
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 router ospf instance-tag
Example: switch(config)# router ospf 201 switch(config-router)#
Step 3 area area-id filter-list route-map map-name { in | out }
Purpose
Enters configuration mode.
Creates a new OSPFv2 instance with the configured instance tag.
Filters incoming or outgoing Network Summary (type
3) LSAs on an ABR.
Example: switch(config-router)# area 0.0.0.10 filter-list route-map FilterLSAs in
Step 4 show ip ospf policy statistics area id filter-list { in | out }
Example : switch(config-if)# show ip ospf policy statistics area 0.0.0.10 filter-list in
Step 5 copy running-config startup-config
Example: switch(config)# copy running-config startup-config
(Optional) Displays OSPF policy information.
(Optional) Saves this configuration change.
This example shows how to configure a filter list in area 0.0.0.10: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# area 0.0.0.10 filter-list route-map FilterLSAs in switch(config-router)# copy running-config startup-config
Configuring Stub Areas
You can configure a stub area for part of an OSPFv2 domain where external traffic is not necessary. Stub areas block AS External (type 5) LSAs, limiting unnecessary routing to and from selected networks. See the
“Stub Area” section on page 5-8
. You can optionally block all summary routes from going into the stub area.
BEFORE YOU BEGIN
Ensure that you have enabled the OSPF feature (see the
“Enabling the OSPFv2 Feature” section on page 5-13 ).
Ensure that there are no virtual links or ASBRs in the proposed stub area.
5-24
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 5 Configuring OSPFv2
Configuring Advanced OSPFv2
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
configure terminal router ospf instance-tag area area-id stub
(Optional) area area-id default-cost cost
(Optional) show ip ospf instance-tag
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 router ospf instance-tag
Example: switch(config)# router ospf 201 switch(config-router)#
Step 3 area area-id stub
Example: switch(config-router)# area 0.0.0.10 stub
Step 4 area area-id default-cost cost
Example: switch(config-router)# area 0.0.0.10 default-cost 25
Step 5 show ip ospf instance-tag
Example : switch(config-if)# show ip ospf 201
Step 6 copy running-config startup-config
Example: switch(config)# copy running-config startup-config
Purpose
Enters configuration mode.
Creates a new OSPFv2 instance with the configured instance tag.
Creates this area as a stub area.
(Optional) Sets the cost metric for the default summary route sent into this stub area. The range is from 0 to
16777215. The default is 1.
(Optional) Displays OSPF information.
(Optional) Saves this configuration change.
This example shows how to create a stub area: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# area 0.0.0.10 stub switch(config-router)# copy running-config startup-config
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
5-25
Chapter 5 Configuring OSPFv2
Configuring Advanced OSPFv2
Configuring a Totally Stubby Area
You can create a totally stubby area and prevent all summary route updates from going into the stub area.
To create a totally stubby area, use the following command in router configuration mode:
Command area area-id stub no-summary
Example: switch(config-router)# area 20 stub no-summary
Purpose
Creates this area as a totally stubby area.
Configuring NSSA
You can configure an NSSA for part of an OSPFv2 domain where limited external traffic is required.
See the
“Not-So-Stubby Area” section on page 5-9
. You can optionally translate this external traffic to an AS External (type 5) LSA and flood the OSPFv2 domain with this routing information. An NSSA can be configured with the following optional parameters:
•
•
No redistribution—Redistributed routes bypass the NSSA and are redistributed to other areas in the
OSPFv2 autonomous system. Use this option when the NSSA ASBR is also an ABR.
Default information originate—Generates an NSSA External (type 7) LSA for a default route to the external autonomous system. Use this option on an NSSA ASBR if the ASBR contains the default route in the routing table. This option can be used on an NSSA ABR whether or not the ABR contains the default route in the routing table.
•
•
•
Route map—Filters the external routes so that only those routes that you want are flooded throughout the NSSA and other areas.
Translate—Translates NSSA External LSAs to AS External LSAs for areas outside the NSSA. Use this command on an NSSA ABR to flood the redistributed routes throughout the OSPFv2 autonomous system. You can optionally suppress the forwarding address in these AS External LSAs.
If you choose this option, the forwarding address is set to 0.0.0.0.
No summary—Blocks all summary routes from flooding the NSSA. Use this option on the NSSA
ABR.
BEFORE YOU BEGIN
Ensure that you have enabled the OSPF feature (see the
“Enabling the OSPFv2 Feature” section on page 5-13 ).
Ensure that there are no virtual links in the proposed NSSA and that it is not the backbone area.
SUMMARY STEPS
1.
configure terminal
4.
5.
2.
3.
router ospf instance-tag area area-id nssa [ no-redistribution ] [ default-information-originate [ route-map map-name ]]
[ no-summary ] [ translate type7 { always | never } [ suppress-fa ]]
(Optional) area area-id default-cost cost
(Optional) show ip ospf instance-tag
5-26
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 5 Configuring OSPFv2
Configuring Advanced OSPFv2
6.
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 router ospf instance-tag
Example: switch(config)# router ospf 201 switch(config-router)#
Step 3 area area-id nssa [ no-redistribution ]
[ default-information-originate ]
[ route-map map-name ]] [ no-summary ]
[ translate type7 { always | never }
[ suppress-fa ]]
Example: switch(config-router)# area 0.0.0.10 nssa
Step 4 area area-id default-cost cost
Example: switch(config-router)# area 0.0.0.10 default-cost 25
Step 5 show ip ospf instance-tag
Example : switch(config-if)# show ip ospf 201
Step 6 copy running-config startup-config
Example: switch(config)# copy running-config startup-config
Purpose
Enters configuration mode.
Creates a new OSPFv2 instance with the configured instance tag.
Creates this area as an NSSA.
(Optional) Sets the cost metric for the default summary route sent into this NSSA.
(Optional) Displays OSPF information.
(Optional) Saves this configuration change.
This example shows how to create an NSSA that blocks all summary route updates: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# area 0.0.0.10 nssa no-summary switch(config-router)# copy running-config startup-config
This example shows how to create an NSSA that generates a default route: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# area 0.0.0.10 nssa default-info-originate switch(config-router)# copy running-config startup-config
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
5-27
Chapter 5 Configuring OSPFv2
Configuring Advanced OSPFv2
This example shows how to create an NSSA that filters external routes and blocks all summary route updates: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# area 0.0.0.10 nssa route-map ExternalFilter no-summary switch(config-router)# copy running-config startup-config
This example shows how to create an NSSA that always translates NSSA External (type 5) LSAs to AS
External (type 7) LSAs: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# area 0.0.0.10 nssa translate type 7 always switch(config-router)# copy running-config startup-config
Configuring Virtual Links
A virtual link connects an isolated area to the backbone area through an intermediate area. See the
“Virtual Links” section on page 5-9
. You can configure the following optional parameters for a virtual link:
• Authentication—Sets a simple password or MD5 message digest authentication and associated keys.
•
•
•
•
Dead interval—Sets the time that a neighbor waits for a Hello packet before declaring the local router as dead and tearing down adjacencies.
Hello interval—Sets the time between successive Hello packets.
Retransmit interval—Sets the estimated time between successive LSAs.
Transmit delay—Sets the estimated time to transmit an LSA to a neighbor.
Note You must configure the virtual link on both routers involved before the link becomes active.
You cannot add a virtual link to a stub area.
BEFORE YOU BEGIN
Ensure that you have enabled the OSPF feature (see the
“Enabling the OSPFv2 Feature” section on page 5-13 ).
SUMMARY STEPS
1.
2.
3.
4.
5.
configure terminal router ospf instance-tag area area-id virtual-link router-id
(Optional) show ip ospf virtual-link [ brief ]
(Optional) copy running-config startup-config
5-28
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 5 Configuring OSPFv2
Configuring Advanced OSPFv2
DETAILED STEPS
Command
Step 1 configure terminal
Purpose
Enters configuration mode.
Example: switch# configure terminal switch(config)#
Step 2 router ospf instance-tag Creates a new OSPFv2 instance with the configured instance tag.
Example: switch(config)# router ospf 201 switch(config-router)#
Step 3 area area-id virtual-link router-id
Example: switch(config-router)# area 0.0.0.10 virtual-link 10.1.2.3
switch(config-router-vlink)#
Step 4 show ip ospf virtual-link [ brief ]
Creates one end of a virtual link to a remote router.
You must create the virtual link on that remote router to complete the link.
(Optional) Displays OSPF virtual link information.
Example : switch(config-router-vlink)# show ip ospf virtual-link
Step 5 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config-router-vlink)# copy running-config startup-config
You can configure the following optional commands in virtual link configuration mode:
Command authentication [ key-chain key-id | message-digest | null ]
Example: switch(config-router-vlink)# authentication message-digest authentication-key [ 0 | 3 ] key
Example: switch(config-router-vlink)# authentication-key 0 mypass dead-interval seconds
Example : switch(config-router-vlink)# dead-interval 50 hello-interval seconds
Example: switch(config-router-vlink)# hello-interval 25
Purpose
(Optional) Overrides area-based authentication for this virtual link.
(Optional) Configures a simple password for this virtual link. Use this command if the authentication is not set to key-chain or message-digest. 0 configures the password in clear text. 3 configures the password as 3DES encrypted.
(Optional) Configures the OSPFv2 dead interval, in seconds. The range is from 1 to 65535. The default is four times the hello interval, in seconds.
(Optional) Configures the OSPFv2 hello interval, in seconds. The range is from 1 to 65535. The default is 10 seconds.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
5-29
Chapter 5 Configuring OSPFv2
Configuring Advanced OSPFv2
Command message-digest-key key-id md5 [ 0 | 3 ] key
Example: switch(config-router-vlink)# message-digest-key 21 md5 0 mypass
Purpose
(Optional) Configures message digest authentication for this virtual link. Use this command if the authentication is set to message-digest. 0 configures the password in cleartext. 3 configures the pass key as 3DES encrypted.
retransmit-interval seconds (Optional) Configures the OSPFv2 retransmit interval, in seconds. The range is from 1 to 65535. The default is 5.
Example : switch(config-router-vlink)# retransmit-interval 50 transmit-delay seconds (Optional) Configures the OSPFv2 transmit-delay, in seconds. The range is from 1 to 450. The default is 1.
Example: switch(config-router-vlink)# transmit-delay 2
This example shows how to create a simple virtual link between two ABRs.
The configuration for ABR 1 (router ID 27.0.0.55) is as follows: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# area 0.0.0.10 virtual-link 10.1.2.3
switch(config-router-vlink)# copy running-config startup-config
The configuration for ABR 2 (Router ID 10.1.2.3) is as follows: switch# configure terminal switch(config)# router ospf 101 switch(config-router)# area 0.0.0.10 virtual-link 27.0.0.55
switch(config-router-vlink)# copy running-config startup-config
Configuring Redistribution
You can redistribute routes learned from other routing protocols into an OSPFv2 autonomous system through the ASBR.
You can configure the following optional parameters for route redistribution in OSPF:
• Default information originate—Generates an AS External (type 5) LSA for a default route to the external autonomous system.
Note Default information originate ignores match statements in the optional route map.
• Default metric—Sets all redistributed routes to the same cost metric.
Note If you redistribute static routes, Cisco NX-OS also redistributes the default static route.
Note Redistribution does not work if the access list is used as a match option in route-maps.
5-30
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 5 Configuring OSPFv2
Configuring Advanced OSPFv2
BEFORE YOU BEGIN
Ensure that you have enabled the OSPF feature (see the
“Enabling the OSPFv2 Feature” section on page 5-13
).
Create the necessary route maps used for redistribution.
SUMMARY STEPS
3.
4.
1.
2.
5.
6.
configure terminal router ospf instance-tag redistribute { bgp id | direct | eigrp id | isis id | ospf id | rip id | static } route-map map-name default-information originate [ always ] [ route-map map-name ] default-metric cost
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Purpose
Enters configuration mode.
Example: switch# configure terminal switch(config)#
Step 2 router ospf instance-tag
Example: switch(config-router)# default-information-originate route-map
DefaultRouteFilter
Creates a new OSPFv2 instance with the configured instance tag.
Example: switch(config)# router ospf 201 switch(config-router)#
Step 3 redistribute { bgp id | direct | eigrp id
| isis id | ospf id | rip id | static } route-map map-name
Redistributes the selected protocol into OSPF through the configured route map.
Example: switch(config-router)# redistribute bgp
64496 route-map FilterExternalBGP
Note If you redistribute static routes, Cisco NX-OS also redistributes the default static route.
Step 4 default-information originate [ always ]
[ route-map map-name]
Creates a default route into this OSPF domain if the default route exists in the RIB. Use the following optional keywords:
• always —Always generate the default route of
0.0.0. even if the route does not exist in the RIB.
•
Note route-map —Generate the default route if the route map returns true.
This command ignores match statements in the route map.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
5-31
Chapter 5 Configuring OSPFv2
Configuring Advanced OSPFv2
Command
Step 5 default-metric cost
Example: switch(config-router)# default-metric 25
Step 6 copy running-config startup-config
Purpose
Sets the cost metric for the redistributed routes. This does not apply to directly connected routes. Use a route map to set the default metric for directly connected routes.
(Optional) Saves this configuration change.
Example: switch(config-router)# copy running-config startup-config
This example shows how to redistribute the Border Gateway Protocol (BGP) into OSPF: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# redistribute bgp route-map FilterExternalBGP switch(config-router)# copy running-config startup-config
Limiting the Number of Redistributed Routes
Route redistribution can add many routes to the OSPFv2 route table. You can configure a maximum limit to the number of routes accepted from external protocols. OSPFv2 provides the following options to configure redistributed route limits:
•
•
Fixed limit—Logs a message when OSPFv2 reaches the configured maximum. OSPFv2 does not accept any more redistributed routes. You can optionally configure a threshold percentage of the maximum where OSPFv2 will log a warning when that threshold is passed.
Warning only—Logs a warning only when OSPFv2 reaches the maximum. OSPFv2 continuse to accept redistributed routes.
• Widthdraw—Starts the timeout period when OSPFv2 reaches the maximum. After the timeout period, OSPFv2 requests all redistributed routes if the current number of redistributed routes is less than the maximum limit. If the current number of redistributed routes is at the maximum limit,
OSPFv2 withdraws all redistributed routes. You must clear this condition before OSPFv2 accepts more redistributed routes.
You can optionally configure the timeout period.
BEFORE YOU BEGIN
Ensure that you have enabled the OSPF feature (see the
“Enabling the OSPFv2 Feature” section on page 5-13 ).
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
configure terminal router ospf instance-tag redistribute { bgp id | direct| eigrp id | isis id | ospf id | rip id | static } route-map map-name redistribute maximum-prefix max [ threshold ] [ warning-only | withdraw [ num-retries timeout ]]
(Optional) show running-config ospf
(Optional) copy running-config startup-config
5-32
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 5 Configuring OSPFv2
Configuring Advanced OSPFv2
DETAILED STEPS
Command
Step 1 configure terminal
Purpose
Enters configuration mode.
Example: switch# configure terminal switch(config)#
Step 2 router ospf instance-tag Creates a new OSPFv2 instance with the configured instance tag.
Example: switch(config)# router ospf 201 switch(config-router)#
Step 3 redistribute { bgp id | direct | eigrp id
| isis id | ospf id | rip id | static } route-map map-name
Redistributes the selected protocol into OSPF through the configured route map.
Example: switch(config-router)# redistribute bgp route-map FilterExternalBGP
Step 4 redistribute maximum-prefix max
[ threshold ] [ warning-only | withdraw
[ num-retries timeout ]]
Example: switch(config-router)# redistribute maximum-prefix 1000 75 warning-only
Step 5 show running-config ospf
Specifies a maximum number of prefixes that OSPFv2 will distribute. The range is from 0 to 65536.
Optionally specifies the following:
•
• threshold —Percent of maximum prefixes that will trigger a warning message.
warning-only —Logs an warning message when the maximum number of prefixes is exceeded.
• withdraw —Withdraws all redistributed routes.
Optionally tries to retrieve the redistributed routes. The num-retries range is from 1 to 12. The timeout is 60 to 600 seconds. The default is 300 seconds. Use clear ip ospf redistribution if all routes are withdrawn.
(Optional) Displays the OSPFv2 configuration.
Example: switch(config-router)# show running-config ospf
Step 6 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config-router)# copy running-config startup-config
This example shows how to limit the number of redistributed routes into OSPF: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# redistribute bgp route-map FilterExternalBGP switch(config-router)# redistribute maximum-prefix 1000 75
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
5-33
Chapter 5 Configuring OSPFv2
Configuring Advanced OSPFv2
Configuring Route Summarization
You can configure route summarization for inter-area routes by configuring an address range that is summarized. You can also configure route summarization for external, redistributed routes by configuring a summary address for those routes on an ASBR. See the
“Route Summarization” section on page 5-10
.
BEFORE YOU BEGIN
Ensure that you have enabled the OSPF feature (see the
“Enabling the OSPFv2 Feature” section on page 5-13 ).
SUMMARY STEPS
3.
4.
1.
2.
5.
6.
configure terminal router ospf instance-tag area area-id range ip-prefix/length [ no-advertise ] summary-address ip-prefix/length [ no-advertise | tag tag-id ]
(Optional) show ip ospf summary-address
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 router ospf instance-tag
Example: switch(config)# router ospf 201 switch(config-router)#
Step 3 area area-id range ip-prefix/length
[ no-advertise ]
Example: switch(config-router)# area 0.0.0.10 range 10.3.0.0/16
Step 4 summary-address ip-prefix/length
[ no-advertise | tag tag]
Example: switch(config-router)# summary-address
10.5.0.0/16 tag 2
Purpose
Enters configuration mode.
Creates a new OSPFv2 instance with the configured instance tag.
Creates a summary address on an ABR for a range of addresses and optionally does note advertise this summary address in a Network Summary (type 3)
LSA.
Creates a summary address on an ASBR for a range of addresses and optionally assigns a tag for this summary address that can be used for redistribution with route maps.
5-34
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 5 Configuring OSPFv2
Configuring Advanced OSPFv2
Command
Step 5 show ip ospf summary-address
Example : switch(config-router)# show ip ospf summary-address
Step 6 copy running-config startup-config
Example: switch(config-router)# copy running-config startup-config
Purpose
(Optional) Displays information about OSPF summary addresses.
(Optional) Saves this configuration change.
This example shows how to create summary addresses between areas on an ABR: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# area 0.0.0.10 range 10.3.0.0/16 switch(config-router)# copy running-config startup-config
This example shows how to create summary addresses on an ASBR; switch# configure terminal switch(config)# router ospf 201 switch(config-router)# summary-address 10.5.0.0/16 switch(config-router)# copy running-config startup-config
Configuring Stub Route Advertisements
Use stub route advertisements when you want to limit the OSPFv2 traffic through this router for a short time. See the
“OSPFv2 Stub Router Advertisements” section on page 5-11 .
Stub route advertisements can be configured with the following optional parameters:
•
•
On startup—Sends stub route advertisements for the specified announce time.
Wait for BGP—Sends stub router advertisements until BGP converges.
BEFORE YOU BEGIN
Ensure that you have enabled the OSPF feature (see the
“Enabling the OSPFv2 Feature” section on page 5-13
).
SUMMARY STEPS
1.
2.
3.
4.
configure terminal router ospf instance-tag max-metric router-lsa [ on-startup [ announce-time ] [ wait-for bgp tag ]]
(Optional) copy running-config startup-config
Note You should not save the running configuration of a router when it is configured for a graceful shutdown because the router will continue to advertise a maximum metric after it is reloaded.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
5-35
Chapter 5 Configuring OSPFv2
Configuring Advanced OSPFv2
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 router ospf instance-tag
Example: switch(config)# router ospf 201 switch(config-router)#
Step 3 max-metric router-lsa [ on-startup
[ announce-time ] [ wait-for bgp tag ]]
Example: switch(config-router)# max-metric router-lsa
Step 4 copy running-config startup-config
Example: switch(config-router)# copy running-config startup-config
Purpose
Enters configuration mode.
Creates a new OSPFv2 instance with the configured instance tag.
Configures OSPFv2 stub route advertisements.
On-start-up, advertise when it first comes up or system start time. Wait for BGP to come up.
(Optional) Saves this configuration change.
This example shows how to enable the stub router advertisements feature on startup for the default 600 seconds: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# max-metric router-lsa on-startup switch(config-router)# copy running-config startup-config
Modifying the Default Timers
OSPFv2 includes a number of timers that control the behavior of protocol messages and shortest path first (SPF) calculations. OSPFv2 includes the following optional timer parameters:
• LSA arrival time—Sets the minimum interval allowed between LSAs arriving from a neighbor.
LSAs that arrive faster than this time are dropped.
•
•
Pacing LSAs—Set the interval at which LSAs are collected into a group and refreshed, checksummed, or aged. This timer controls how frequently LSA updates occur and optimizes how many are sent in an LSA update message (see the
“Flooding and LSA Group Pacing” section on page 5-6 ).
Throttle LSAs—Set rate limits for generating LSAs. This timer controls how frequently an LSA is generated if no topology change occurs.
• Throttle SPF calculation—Controls how frequently the SPF calculation is run.
At the interface level, you can also control the following timers:
•
•
Retransmit interval—Sets the estimated time between successive LSAs.
Transmit delay—Sets the estimated time to transmit an LSA to a neighbor.
5-36
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 5 Configuring OSPFv2
Configuring Advanced OSPFv2
BEFORE YOU BEGIN
Ensure that you have enabled the OSPF feature (see the
“Enabling the OSPFv2 Feature” section on page 5-13
).
SUMMARY STEPS
See the
“Configuring Networks in OSPFv2” section on page 5-16 for information about the hello
interval and dead timer.
1.
2.
3.
configure terminal router ospf instance-tag timers lsa-arrival msec timers lsa-group-pacing seconds
6.
7.
4.
5.
timers throttle lsa start-time hold-interval max-time timers throttle spf delay-time hold-time interface type slot/port no switchport
10.
11.
8.
9.
ip ospf hello-interval seconds ip ospf dead-interval seconds ip ospf retransmit-interval seconds ip ospf transmit-delay seconds 12.
13.
14.
(Optional) show ip ospf
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 router ospf instance-tag
Example: switch(config)# router ospf 201 switch(config-router)#
Step 3 timers lsa-arrival msec
Example: switch(config-router)# timers lsa-arrival 2000
Step 4 timers lsa-group-pacing seconds
Example: switch(config-router)# timers lsa-group-pacing 1800
Purpose
Enters configuration mode.
Creates a new OSPFv2 instance with the configured instance tag.
Sets the LSA arrival time in milliseconds. The range is from 10 to 600000. The default is 1000 milliseconds.
Sets the interval in seconds for grouping LSAs. The range is from 1 to 1800. The default is 240 seconds.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
5-37
Chapter 5 Configuring OSPFv2
Configuring Advanced OSPFv2
Command
Step 5 timers throttle lsa start-time hold-interval max-time
Purpose
Sets the rate limit in milliseconds for generating LSAs with the following timers: start-time —The range is from 50 to 5000 milliseconds.
The default value is 50 milliseconds.
Example: switch(config-router)# timers throttle lsa 3000 6000 6000 hold-interva l—The range is from 50 to 30,000 milliseconds. The default value is 5000 milliseconds.
max-time —The range is from 50 to 30,000 milliseconds. The default value is 5000 milliseconds.
Step 6 timers throttle spf delay-time hold-time max-wait
Example: switch(config-router)# timers throttle spf 3000 2000 4000
Sets the SPF best path schedule initial delay time and the minimum hold time in seconds between SPF best path calculations. The range is from 1 to 600000. The default is no delay time and 5000 millisecond hold time.
Step 7 interface type slot/port
Example : switch(config)# interface ethernet 1/2 switch(config-if)#
Enters interface configuration mode.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port .
Step 8 no switchport
Example : switch(config-if)# show ip ospf
Step 14 copy running-config startup-config
Configures the interface as a Layer 3 routed interface.
Example: switch(config-if)# no switchport
Step 9 ip ospf hello-interval seconds Sets the hello interval this interface. The range is from
1 to 65535. The default is 10.
Example: switch(config-if)# ip ospf retransmit-interval 30
Step 10 ip ospf dead-interval seconds
Example: switch(config-if)# ip ospf dead-interval
30
Sets the dead interval for this interface. The range is from 1 to 65535.
Step 11 ip ospf retransmit-interval seconds Sets the estimated time in seconds between LSAs transmitted from this interface. The range is from 1 to
65535. The default is 5.
Example: switch(config-if)# ip ospf retransmit-interval 30
Step 12 ip ospf transmit-delay seconds Sets the estimated time in seconds to transmit an LSA to a neighbor. The range is from 1 to 450. The default is 1.
Example: switch(config-if)# ip ospf transmit-delay 450 switch(config-if)#
Step 13 show ip ospf (Optional) Displays information about OSPF.
(Optional) Saves this configuration change.
Example: switch(config-if)# copy running-config startup-config
5-38
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 5 Configuring OSPFv2
Configuring Advanced OSPFv2
This example shows how to control LSA flooding with the lsa-group-pacing option: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# timers lsa-group-pacing 300 switch(config-router)# copy running-config startup-config
SUMMARY STEPS
4.
5.
6.
7.
8.
1.
2.
3.
configure terminal router ospf instance-tag graceful-restart
(Optional) graceful-restart grace-period seconds
(Optional) graceful-restart helper-disable
(Optional) graceful-restart planned-only
(Optional) show ip ospf instance-tag
(Optional) copy running-config startup-config
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
5-39
Chapter 5 Configuring OSPFv2
Configuring Advanced OSPFv2
DETAILED STEPS
Command
Step 1 configure terminal
Purpose
Enters configuration mode.
Example: switch# configure terminal switch(config)#
Step 2 router ospf instance-tag Creates a new OSPFv2 instance with the configured instance tag.
Example: switch(config)# router ospf 201 switch(config-router)#
Step 3 graceful-restart Enables a graceful restart. A graceful restart is enabled by default.
Example: switch(config-router)# graceful-restart
Step 4 graceful-restart grace-period seconds
Example: switch(config-router)# graceful-restart grace-period 120
Step 5 graceful-restart helper-disable
(Optional) Sets the grace period, in seconds. The range is from 5 to 1800. The default is 60 seconds.
(Optional) Disables helper mode. Enabled by default.
Example: switch(config-router)# graceful-restart helper-disable
Step 6 graceful-restart planned-only
Example: switch(config-router)# graceful-restart planned-only
Step 7 show ip ospf instance-tag
(Optional) Configures a graceful restart for planned restarts only.
(Optional) Displays OSPF information.
Example : switch(config-if)# show ip ospf 201
Step 8 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config)# copy running-config startup-config
This example shows how to enable a graceful restart if it has been disabled and set the grace period to
120 seconds: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# graceful-restart switch(config-router)# graceful-restart grace-period 120 switch(config-router)# copy running-config startup-config
Restarting an OSPFv2 Instance
You can restart an OSPv2 instance. This clears all neighbors for the instance.
5-40
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 5 Configuring OSPFv2
Configuring Advanced OSPFv2
To restart an OSPFv2 instance and remove all associated neighbors, use the following command:
Command restart ospf instance-tag
Example: switch(config)# restart ospf 201
Purpose
Restarts the OSPFv2 instance and removes all neighbors.
Configuring OSPFv2 with Virtualization
You can configure multiple OSPFv2 instances. You can also create multiple VRFs and use the same or multiple OSPFv2 instances in each VRF. You assign an OSPFv2 interface to a VRF.
Note Configure all other parameters for an interface after you configure the VRF for an interface. Configuring a VRF for an interface deletes all the configuration for that interface.
BEFORE YOU BEGIN
Ensure that you have enabled the OSPF feature (see the
“Enabling the OSPFv2 Feature” section on page 5-13
).
SUMMARY STEPS
3.
4.
1.
2.
configure terminal vrf context vrf_name router ospf instance-tag vrf vrf-name maximum-paths paths interface interface-type slot/port
5.
6.
7.
8.
no switchport vrf member vrf-name ip-address ip-prefix/length 9.
10.
11.
ip router ospf instance-tag area area-id
(Optional) copy running-config startup-config
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
5-41
Chapter 5 Configuring OSPFv2
Configuring Advanced OSPFv2
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch(config-if)# ip address
192.0.2.1/16
Purpose
Enters configuration mode.
Example: switch# configure terminal switch(config)#
Step 2 vrf context vrf-name Creates a new VRF and enters VRF configuration mode.
Example: switch(config)# vrf context
RemoteOfficeVRF switch(config-vrf)#
Step 3 router ospf instance-tag Creates a new OSPFv2 instance with the configured instance tag.
Example: switch(config-vrf)# router ospf 201 switch(config-router)#
Step 4 vrf vrf-name
Example: switch(config-if)# no switchport
Step 8 vrf member vrf-name
Enters VRF configuration mode.
Example: switch(config-router)# vrf
RemoteOfficeVRF switch(config-router-vrf)#
Step 5 maximum-paths paths
Example : switch(config-router-vrf)# maximum-paths
4
(Optional) Configures the maximum number of equal
OSPFv2 paths to a destination in the route table for this
VRF. Used for load balancing.
Step 6 interface interface-type slot/port
Example : switch(config-router-vrf)# interface ethernet 1/2 switch(config-if)#
Enters interface configuration mode.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port .
Step 7 no switchport Configures the interface as a Layer 3 routed interface.
Adds this interface to a VRF.
Example: switch(config-if)# vrf member
RemoteOfficeVRF
Step 9 ip address ip-prefix/length Configures an IP address for this interface. You must do this step after you assign this interface to a VRF.
5-42
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 5 Configuring OSPFv2
Verifying the OSPFv2 Configuration
Command
Step 10 ip router ospf instance-tag area area-id
Purpose
Assigns this interface to the OSPFv2 instance and area configured.
Example: switch(config-if)# ip router ospf 201 area 0
Step 11 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config)# copy running-config startup-config
This example shows how to create a VRF and add an interface to the VRF: switch# configure terminal switch(config)# vrf context NewVRF switch(config)# router ospf 201 switch(config)# interface ethernet 1/2 switch(config-if)# no switchport switch(config-if)# vrf member NewVRF switch(config-if)# ip address 192.0.2.1/16 switch(config-if)# ip router ospf 201 area 0 switch(config)# copy running-config startup-config
Verifying the OSPFv2 Configuration
To display the OSPFv2 configuration information, perform one of the following tasks:
Command Purpose show ip ospf show ip ospf border-routers [ vrf
{ vrf-name | all | default | management }]
Displays the OSPFv2 configuration.
Displays the OSPFv2 border router configuration.
show ip ospf database [ vrf { vrf-name | all
| default | management }]
Displays the OSPFv2 link-state database summary.
show ip ospf interface number [ vrf
{ vrf-name | all | default | management }]
Displays the OSPFv2 interface configuration.
show ip ospf lsa-content-changed-list interface
type number [ vrf { vrf-name | all
| default | management }]
Displays the OSPFv2 LSAs that have changed.
show ip ospf neighbors [ neighbor-id ]
[ detail ] [ interface
type number ] [ vrf
{ vrf-name | all | default | management }]
[ summary ]
Displays the list of OSPFv2 neighbors.
show ip ospf request-list neighbor-id
[ interface
type number ] [ vrf { vrf-name | all | default | management }]
Displays the list of OSPFv2 link-state requests.
show ip ospf retransmission-list neighbor-id [ interface
type number ] [ vrf
{ vrf-name | all | default | management }]
Displays the list of OSPFv2 link-state retransmissions.
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01 5-43
Chapter 5 Configuring OSPFv2
Displaying OSPFv2 Statistics
Command show ip ospf route [ ospf-route ]
[ summary ] [ vrf { vrf-name | all | default | management }]
Purpose
Displays the internal OSPFv2 routes.
show ip ospf summary-address [ vrf
{ vrf-name | all | default | management }] show ip ospf virtual-links [ brief ] [ vrf
{ vrf-name | all | default | management }] show ip ospf vrf { vrf-name | all | default | management } show running-configuration ospf
Displays information about the OSPFv2 summary addresses.
Displays information about OSPFv2 virtual links.
Displays information about VRF-based OSPFv2 configuration.
Displays the current running OSPFv2 configuration.
Displaying OSPFv2 Statistics
To display OSPFv2 statistics, use the following commands:
Command Purpose show ip ospf policy statistics area area-id filter-list { in | out } [ vrf { vrf-name | all | default | management }]
Displays the OSPFv2 route policy statistics for an area.
show ip ospf policy statistics redistribute
{ bgp id | direct | eigrp id | isis id | ospf id | rip id | static } vrf { vrf-name | all | default
| management }]
Displays the OSPFv2 route policy statistics.
show ip ospf statistics [ vrf { vrf-name | all
| default | management }]
Displays the OSPFv2 event counters.
show ip ospf traffic [ interface type number ] [ vrf { vrf-name | all | default | management }]
Displays the OSPFv2 packet counters.
Configuration Examples for OSPFv2
This example shows how to configure OSPFv2: feature ospf router ospf 201 router-id 290.0.2.1
interface ethernet 1/2 no switchport ip router ospf 201 area 0.0.0.10
ip ospf authentication ip ospf authentication-key 0 mypass
5-44
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 5 Configuring OSPFv2
Additional References
Additional References
For additional information related to implementing OSPF, see the following sections:
•
•
Related Documents
Related Topic
OSPFv2 CLI commands
OSPFv3 for IPv6 networks
Route maps
Document Title
Cisco Nexus 6000 Series Command Reference, Cisco NX-OS
Releases 7.x
Chapter 7, “Configuring OSPFv3”
Chapter 14, “Configuring Route Policy Manager”
MIBs
MIBs
• OSPF-MIB
• OSPF-TRAP-MIB
MIBs Link
To locate and download MIBs, go to the following URL: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
5-45
Additional References
Chapter 5 Configuring OSPFv2
5-46
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Configuring OSPFv3
C H A P T E R
6
This chapter describes how to configure Open Shortest Path First version 3 (OSPFv3) for IPv6 networks on the Cisco NX-OS device.
This chapter includes the following sections:
•
•
•
•
Information About OSPFv3, page 6-1
Licensing Requirements for OSPFv3, page 6-11
Prerequisites for OSPFv3, page 6-12
Guidelines and Limitations for OSPFv3, page 6-12
•
•
•
•
•
•
•
•
Configuring Basic OSPFv3, page 6-13
Configuring Advanced OSPFv3, page 6-19
Verifying the OSPFv3 Configuration, page 6-40
Configuration Examples for OSPFv3, page 6-41
Additional References, page 6-41
Information About OSPFv3
OSPFv3 is an IETF link-state protocol (see the
“Overview” section on page 1-1
). An OSPFv3 router
sends a special message, called a Hello Packet ,
out each OSPF-enabled interface to discover other
OSPFv3 neighbor routers. Once a neighbor is discovered, the two routers compare information in the
Hello packet to determine if the routers have compatible configurations. The neighbor routers attempt to establish
, which means that the routers synchronize their link-state databases to ensure that they have identical OSPFv3 routing information. Adjacent routers share
(LSAs) that include information about the operational state of each link, the cost of the link, and any other neighbor information. The routers then flood these received LSAs out every OSPF-enabled interface so that all OSPFv3 routers eventually have identical link-state databases. When all OSPFv3
routers have identical link-state databases, the network is converged
(see the
“Convergence” section on page 1-6
). Each router then uses Dijkstra’s Shortest Path First (SPF) algorithm to build its route table.
You can divide OSPFv3 networks into areas. Routers send most LSAs only within one area, which reduces the CPU and memory requirements for an OSPF-enabled router.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
6-1
Chapter 6 Configuring OSPFv3
Information About OSPFv3
OSPFv3 supports IPv6. For information about OSPF for IPv4, see
Chapter 6, “Configuring OSPFv3” .
This section includes the following topics:
•
Comparison of OSPFv3 and OSPFv2, page 6-2
•
•
•
•
•
•
•
•
•
Link-State Advertisement, page 6-5
OSPFv3 and the IPv6 Unicast RIB, page 6-8
Address Family Support, page 6-8
Comparison of OSPFv3 and OSPFv2
Much of the OSPFv3 protocol is the same as in OSPFv2. OSPFv3 is described in RFC 2740.
The key differences between the OSPFv3 and OSPFv2 protocols are as follows:
• OSPFv3 expands on OSPFv2 to provide support for IPv6 routing prefixes and the larger size of IPv6 addresses.
•
•
•
•
•
LSAs in OSPFv3 are expressed as prefix and prefix length instead of address and mask.
The router ID and area ID are 32-bit numbers with no relationship to IPv6 addresses.
OSPFv3 uses link-local IPv6 addresses for neighbor discovery and other features.
OSPFv3 uses IPv6 for authentication.
OSPFv3 redefines LSA types.
Hello Packet
OSPFv3 routers periodically send Hello packets on every OSPF-enabled interface. The
determines how frequently the router sends these Hello packets and is configured per interface. OSPFv3 uses Hello packets for the following tasks:
•
•
Neighbor discovery
Keepalives
•
•
Bidirectional communications
Designated router election (see the
“Designated Routers” section on page 6-4
)
The Hello packet contains information about the originating OSPFv3 interface and router, including the assigned OSPFv3 cost of the link, the hello interval, and optional capabilities of the originating router.
An OSPFv3 interface that receives these Hello packets determines if the settings are compatible with the receiving interface settings. Compatible interfaces are considered neighbors and are added to the
neighbor table (see the “Neighbors” section on page 6-3
).
6-2
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 6 Configuring OSPFv3
Information About OSPFv3
Hello packets also include a list of router IDs for the routers that the originating interface has communicated with. If the receiving interface sees its own router ID in this list, bidirectional communication has been established between the two interfaces.
OSPFv3 uses Hello packets as a keepalive message to determine if a neighbor is still communicating. If a router does not receive a Hello packet by the configured
(usually a multiple of the hello interval), the neighbor is removed from the local neighbor table.
Neighbors
An OSPFv3 interface must have a compatible configuration with a remote interface before the two can be considered neighbors. The two OSPFv3 interfaces must match the following criteria:
•
•
Hello interval
Dead interval
•
•
Area ID (see the “Areas” section on page 6-5 )
Authentication
• Optional capabilities
If there is a match, the information is entered into the neighbor table:
•
•
•
•
Neighbor ID—Router ID of the neighbor router.
Priority—Priority of the neighbor router. The priority is used for designated router election (see the
“Designated Routers” section on page 6-4 ).
State—Indication of whether the neighbor has just been heard from, is in the process of setting up bidirectional communications, is sharing the link-state information, or has achieved full adjacency.
Dead time—Indication of how long since the last Hello packet was received from this neighbor.
•
•
Link-local IPv6 address—Link-local IPv6 address of the neighbor.
Designated router—Indication of whether the neighbor has been declared as the designated router or backup designated router (see the
“Designated Routers” section on page 6-4 ).
• Local interface—Local interface that received the Hello packet for this neighbor.
When the first Hello packet is received from a new neighbor, the neighbor is entered into the neighbor table in the initialization state. Once bidirectional communication is established, the neighbor state becomes two-way. ExStart and exchange states come next, as the two interfaces exchange their link-state database. Once this is complete, the neighbor moves into the full state, which signifies full adjacency. If the neighbor fails to send any Hello packets in the dead interval, the neighbor is moved to the down state and is no longer considered adjacent.
Adjacency
Not all neighbors establish adjacency. Depending on the network type and designated router establishment, some neighbors become fully adjacent and share LSAs with all their neighbors, while
other neighbors do not. For more information, see the “Designated Routers” section on page 6-4
.
Adjacency is established using Database Description packets, Link State Request packets, and Link State
Update packets in OSPFv3. The Database Description packet includes the LSA headers from the link-state database of the neighbor (see the
“Link-State Database” section on page 6-7
). The local router compares these headers with its own link-state database and determines which LSAs are new or updated.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
6-3
Chapter 6 Configuring OSPFv3
Information About OSPFv3
The local router sends a Link State Request packet for each LSA that it needs new or updated information on. The neighbor responds with a Link State Update packet. This exchange continues until both routers have the same link-state information.
Designated Routers
Networks with multiple routers present a unique situation for OSPFv3. If every router floods the network with LSAs, the same link-state information is sent from multiple sources. Depending on the type of network, OSPFv3 might use a single router, the
( DR ), to control the LSA floods and represent the network to the rest of the OSPFv3 area (see the
). If the DR fails, OSPFv3 selects a
(BDR). If the DR fails, the BDR becomes the DR.
Network types are as follows:
•
•
Point-to-point—A network that exists only between two routers. All neighbors on a point-to-point network establish adjacency and there is no DR.
Broadcast—A network with multiple routers that can communicate over a shared medium that allows broadcast traffic, such as Ethernet. OSPFv3 routers establish a DR and BDR that controls
LSA flooding on the network. OSPFv3 uses the well-known IPv6 multicast addresses, FF02::5, and a MAC address of 0100.5300.0005 to communicate with neighbors.
The DR and BDR are selected based on the information in the Hello packet. When an interface sends a
Hello packet, it sets the priority field and the DR and BDR field if it knows who the DR and BDR are.
The routers follow an election procedure based on which routers declare themselves in the DR and BDR fields and the priority field in the Hello packet. As a final determinant, OSPFv3 chooses the highest router IDs as the DR and BDR.
All other routers establish adjacency with the DR and the BDR and use the IPv6 multicast address
FF02::6 to send LSA updates to the DR and BDR.
Figure 6-1 shows this adjacency relationship between
all routers and the DR.
DRs are based on a router interface. A router might be the DR for one network and not for another network on a different interface.
Figure 6-1 DR in Multi-Access Network
Router A Router B Router C
Router D or DR
Router E
= Multi-access network
= Logical connectivity to Designated Router for OSPF
6-4
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 6 Configuring OSPFv3
Areas
Information About OSPFv3
You can limit the CPU and memory requirements that OSPFv3 puts on the routers by dividing an
s .
An area is a logical division of routers and links within an OSPFv3 domain that creates separate subdomains. LSA flooding is contained within an area, and the link-state database is limited to links within the area. You can assign an area ID to the interfaces within the defined area.
The Area ID is a 32-bit value that can be expressed as a number or in dotted decimal notation, such as
10.2.3.1.
Cisco NX-OS always displays the area in dotted decimal notation.
If you define more than one area in an OSPFv3 network, you must also define the backbone area, which has the reserved area ID of 0. All areas must connect to the backbone area. If you have more than one area, then one or more routers become area border routers (ABRs). An ABR connects to both the backbone area and at least one other defined area (see
Figure 6-2 OSPFv3 Areas
ABR1
Area 0
Area 3
Area 5
ABR2
The ABR has a separate link-state database for each area which it connects to. The ABR sends Inter-Area
Prefix (type 3) LSAs (see the
“Route Summarization” section on page 6-10
) from one connected area to the backbone area. The backbone area sends summarized information about one area to another area. In
Figure 6-2 , Area 0 sends summarized information about Area 5 to Area 3.
OSPFv3 defines one other router type: the autonomous system boundary router (ASBR). This router connects an OSPFv3 area to another autonomous system. An autonomous system is a network controlled by a single technical administration entity. OSPFv3 can redistribute its routing information into another autonomous system or receive redistributed routes from another autonomous system. For more information, see the
“Advanced Features” section on page 6-8 .
Link-State Advertisement
OSPFv3 uses link-state advertisements (LSAs) to build its routing table.
This section includes the following topics:
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
6-5
Chapter 6 Configuring OSPFv3
Information About OSPFv3
•
•
•
•
Flooding and LSA Group Pacing, page 6-7
LSA Types
Table 6-1 shows the LSA types supported by Cisco Nexus 6000 Series switches.
Table 6-1 LSA Types
Type Name
1
2
Router LSA
Description
LSA sent by every router. This LSA includes the state and cost of all links but does not include prefix information. Router LSAs trigger an SPF recalculation. Router LSAs are flooded to the local OSPFv3 area.
Network LSA LSA sent by the DR. This LSA lists all routers in the multi-access network but does not include prefix information. Network LSAs trigger an SPF
recalculation. See the “Designated Routers” section on page 6-4
.
3
4
5
7
Inter-Area
Prefix LSA
Inter-Area
Router LSA
AS External
LSA
Type-7 LSA
LSA sent by the area border router to an external area for each destination in local area. This LSA includes the link cost from the border router to the local destination. See the
.
LSA sent by the area border router to an external area. This LSA advertises the link cost to the ASBR only. See the
.
LSA generated by the ASBR. This LSA includes the link cost to an external autonomous system destination. AS External LSAs are flooded throughout the autonomous system. See the
.
LSA generated by the ASBR within an NSSA. This LSA includes the link cost to an external autonomous system destination. Type-7 LSAs are flooded only within the local NSSA. See the
8 Link LSA
9
11
Intra-Area
Prefix LSA
Grace LSAs
LSA sent by every router, using a link-local flooding scope (see the
“Flooding and LSA Group Pacing” section on page 6-7
. This LSA includes the link-local address and IPv6 prefixes for this link.
LSA sent by every router. This LSA includes any prefix or link state changes. Intra-Area Prefix LSAs are flooded to the local OSPFv3 area.
This LSA does not trigger an SPF recalculation.
LSA sent by a restarting router, using a link-local flooding scope. This LSA is used for a graceful restart of OSPFv3. See the
Link Cost
Each OSPFv3 interface is assigned a
. The cost is an arbitrary number. By default, Cisco Nexus
6000 Series switches assigns a cost that is the configured reference bandwidth divided by the interface bandwidth. By default, the reference bandwidth is 40 Gb/s. The link cost is carried in the LSA updates for each link.
6-6
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 6 Configuring OSPFv3
Information About OSPFv3
Flooding and LSA Group Pacing
OSPFv3 floods LSA updates to different sections of the network, depending on the LSA type. OSPFv3 uses the following flooding scopes:
• Link-local—The LSA is flooded only on the local link. Used for Link LSAs and Grace LSAs.
•
•
Area-local—The LSA is flooded throughout a single OSPFv3 area only. Used for Router LSAs,
Network LSAs, Inter-Area-Prefix LSAs, Inter-Area-Router LSAs, and Intra-Area-Prefix LSAs.
AS scope—The LSA is flooded throughout the routing domain. An AS scope is used for AS External
LSAs.
LSA flooding guarantees that all routers in the network have identical routing information. LSA flooding depends on the OSPFv3 area configuration (see the
). The LSAs are flooded based on the
link-state refresh time (every 30 minutes by default). Each LSA has its own link-state
refresh time.
You can control the flooding rate of LSA updates in your network by using the LSA group pacing feature. LSA group pacing can reduce high CPU or buffer utilization. This feature groups LSAs with similar link-state refresh times to allow OSPFv3 to pack multiple LSAs into an OSPFv3 Update message.
By default, LSAs with link-state refresh times within 10 seconds of each other are grouped together. You should lower this value for large link-state databases or raise it for smaller databases to optimize the
OSPFv3 load on your network.
Link-State Database
Each router maintains a link-state database for the OSPFv3 network. This database contains all the collected LSAs and includes information on all the routes through the network. OSPFv3 uses this information to calculate the bast path to each destination and populates the routing table with these best paths.
LSAs are removed from the link-state database if no LSA update has been received within a set interval, called the MaxAge. Routers flood a repeat of the LSA every 30 minutes to prevent accurate link-state information from being aged out. Cisco Nexus 6000 Series switches supports the LSA grouping feature
Group Pacing” section on page 6-7
.
Multi-Area Adjacency
OSPFv3 multi-area adjacency allows you to configure a link on the primary interface that is in more than one area. This link becomes the preferred intra-area link in those areas. Multi-area adjacency establishes a point-to-point unnumbered link in an OSPFv3 area that provides a topological path for that area. The primary adjacency uses the link to advertise an unnumbered point-to-point link in the Router LSA for the corresponding area when the neighbor state is full.
The multi-area interface exists as a logical construct over an existing primary interface for OSPFv3; however, the neighbor state on the primary interface is independent of the multi-area interface. The multi-area interface establishes a neighbor relationship with the corresponding multi-area interface on the neighboring router. See the
“Configuring Multi-Area Adjacency” section on page 6-25
for more information.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
6-7
Chapter 6 Configuring OSPFv3
Information About OSPFv3
OSPFv3 and the IPv6 Unicast RIB
OSPFv3 runs the Dijkstra shortest path first algorithm on the link-state database. This algorithm selects the best path to each destination based on the sum of all the link costs for each link in the path. The shortest path for each destination is then put in the OSPFv3 route table. When the OSPFv3 network is converged, this route table feeds into the IPv6 unicast RIB. OSPFv3 communicates with the IPv6 unicast
RIB to do the following:
• Add or remove routes
•
•
Handle route redistribution from other protocols
Provide convergence updates to remove stale OSPFv3 routes and for stub router advertisements (see the
“Multiple OSPFv3 Instances” section on page 6-11
)
OSPFv3 also runs a modified Dijkstra algorithm for fast recalculation for Inter-Area Prefix, Inter-Area
Router, AS-External, type-7, and Intra-Area Prefix (type 3, 4, 5, 7, 8) LSA changes.
Address Family Support
Cisco Nexus 6000 Series switches supports multiple address families, such as unicast IPv6 and multicast
IPv6. OSPFv3 features that are specific to an
address family are as follows:
•
•
Default routes
Route summarization
•
•
Route redistribution
Filter lists for border routers
• SPF optimization
Use the address-family ipv6 unicast command to enter the IPv6 unicast address family configuration mode when configuring these features.
Advanced Features
Cisco Nexus 6000 Series switches supports advanced OSPFv3 features that enhance the usability and scalability of OSPFv3 in the network.
This section includes the following topics:
•
•
•
•
•
Route Redistribution, page 6-10
Route Summarization, page 6-10
•
•
•
Multiple OSPFv3 Instances, page 6-11
Virtualization Support, page 6-11
6-8
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 6 Configuring OSPFv3
Information About OSPFv3
Stub Area
You can limit the amount of external routing information that floods an area by making it a
. A stub area is an area that does not allow AS External (type 5) LSAs (see the
propagate external route information. Stub areas have the following requirements:
• All routers in the stub area are stub routers. See the
“Administrative Distance” section on page 1-7 .
•
•
No ASBR routers exist in the stub area.
You cannot configure virtual links in the stub area.
Figure 6-3 shows an example an OSPFv3 autonomous system where all routers in area 0.0.0.10 have to
go through the ABR to reach external autonomous systems. Area 0.0.0.10 can be configured as a stub area.
Figure 6-3 Stub Area
ABR
Backbone Area 10
Stub area
ASBR
Stub areas use a default route for all traffic that needs to go through the backbone area to the external autonomous system. The default route is an Inter-Area-Prefix LSA with the prefix length set to 0 for
IPv6.
Not-So-Stubby Area
A Not-So-Stubby Area (
NSSA ) is similar to the stub area, except that an NSSA allows you to import
autonomous system external routes within an NSSA using redistribution. The NSSA ASBR redistributes these routes and generates type-7 LSAs that it floods throughout the NSSA. You can optionally configure the ABR that connects the NSSA to other areas to translate this type-7 LSA to AS External (type 5)
LSAs. The ABR then floods these AS External LSAs throughout the OSPFv3 autonomous system.
Summarization and filtering are supported during the translation. See the
“Link-State Advertisement” section on page 6-5 for details on type-7 LSAs.
You can, for example, use an NSSA to simplify administration if you are connecting a central site using
OSPFv3 to a remote site that is using a different routing protocol. Before an NSSA, the connection between the corporate site border router and a remote router could not be run as an OSPFv3 stub area because routes for the remote site could not be redistributed into a stub area. With an NSSA, you can extend OSPFv3 to cover the remote connection by defining the area between the corporate router and remote router as an NSSA (see the
“Configuring NSSA” section on page 6-23 ).
The backbone Area 0 cannot be an NSSA.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
6-9
Chapter 6 Configuring OSPFv3
Information About OSPFv3
Virtual Links
Virtual links allow you to connect an OSPFv3 area ABR to a backbone area ABR when a direct physical connection is not available.
Figure 6-4 shows a virtual link that connects Area 3 to the backbone area
through Area 5.
Figure 6-4 Virtual Links
Area 0
ABR2
ABR1
Area 5 Area 3
You can also use virtual links to temporarily recover from a partitioned area, which occurs when a link within the area fails, isolating part of the area from reaching the designated ABR to the backbone area.
Route Redistribution
OSPFv3 can learn routes from other routing protocols by using route redistribution. See the
routes or a default link cost for all redistributed routes.
Route redistribution uses route maps to control which external routes are redistributed. You must configure a route map with the redistribution to control which routes are passed into OSPFv3. A route map allows you to filter routes based on attributes such as the destination, origination protocol, route type, route tag, and so on. You can use route maps to modify parameters in the AS External (type 5) and
NSSA External (type 7) LSAs before these external routes are advertised in the local OSPFv3
autonomous system. For more information, see Chapter 14, “Configuring Route Policy Manager,”
Route Summarization
Because OSPFv3 shares all learned routes with every OSPF-enabled router, you might want to use route summarization to reduce the number of unique routes that are flooded to every OSPF-enabled router.
Route summarization simplifies route tables by replacing more-specific addresses with an address that represents all the specific addresses. For example, you can replace 2010:11:22:0:1000::1 and
2010:11:22:0:2000:679:1 with one summary address, 2010:11:22::/32.
6-10
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 6 Configuring OSPFv3
Licensing Requirements for OSPFv3
Typically, you would summarize at the boundaries of area border routers (ABRs). Although you could configure summarization between any two areas, it is better to summarize in the direction of the backbone so that the backbone receives all the aggregate addresses and injects them, already summarized, into other areas. The two types of summarization are as follows:
•
•
Inter-area route summarization
External route summarization
You configure inter-area route summarization on ABRs, summarizing routes between areas in the autonomous system. To take advantage of summarization, assign network numbers in areas in a contiguous way to be able to lump these addresses into one range.
External route summarization is specific to external routes that are injected into OSPFv3 using route redistribution. You should make sure that external ranges that are being summarized are contiguous.
Summarizing overlapping ranges from two different routers could cause packets to be sent to the wrong destination. Configure external route summarization on ASBRs that are redistributing routes into
OSPFv3.
When you configure a summary address, Cisco Nexus 6000 Series switches automatically configures a discard route for the summary address to prevent routing black holes and route loops.
Multiple OSPFv3 Instances
Cisco Nexus 6000 Series switches supports multiple instances of the OSPFv3 protocol. By default, every instance uses the same system router ID. You must manually configure the router ID for each instance if the instances are in the same OSPFv3 autonomous system.
The OSPFv3 header includes an instance ID field to identify that OSPFv3 packet for a particular
OSPFv3 instance. You can assign the OSPFv3 instance. The interface drops all OSPFv3 packets that do not have a matching OSPFv3 instance ID in the packet header.
Cisco Nexus 6000 Series switches allows only one OSPFv3 instance on an interface.
SPF Optimization
Cisco Nexus 6000 Series switches optimizes the SPF algorithm in the following ways:
•
•
Partial SPF for Network (type 2) LSAs, Inter-Area Prefix (type 3) LSAs, and AS External (type 5)
LSAs—When there is a change on any of these LSAs, Cisco Nexus 6000 Series switches performs a faster partial calculation rather than running the whole SPF calculation.
SPF timers—You can configure different timers for controlling SPF calculations. These timers include exponential backoff for subsequent SPF calculations. The exponential backoff limits the
CPU load of multiple SPF calculations.
Virtualization Support
OSPFv3 supports virtual routing and forwarding (VRF) instances.
Licensing Requirements for OSPFv3
The following table shows the licensing requirements for this feature:
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
6-11
Chapter 6 Configuring OSPFv3
Prerequisites for OSPFv3
Product License Requirement
Cisco NX-OS OSPFv3 requires a LAN Base Services license. For a complete explanation of the Cisco NX-OS licensing scheme and how to obtain and apply licenses, see the Cisco NX-OS Licensing Guide.
Prerequisites for OSPFv3
OSPFv3 has the following prerequisites:
•
•
You must be familiar with routing fundamentals to configure OSPFv3.
You must be logged on to the switch.
•
•
•
•
•
You have configured at least one interface for IPv6 that is capable of communicating with a remote
OSPFv3 neighbor.
You have installed the LAN Base Services license.
You have completed the OSPFv3 network strategy and planning for your network. For example, you must decide whether multiple areas are required.
You have enabled OSPFv3 (see the
“Enabling OSPFv3” section on page 6-13
).
You are familiar with IPv6 addressing and basic configuration. See
for information on IPv6 routing and addressing.
Guidelines and Limitations for OSPFv3
OSPFv3 has the following configuration guidelines and limitations:
• You can have up to four instances of OSPFv3 in a VDC.
•
•
•
Cisco NX-OS displays areas in dotted decimal notation regardless of whether you enter the area in decimal or dotted decimal notation.
Bidirectional Forwarding Detection (BFD) is not supported for OSPFv3.
If you configure OSPFv3 in a virtual port channel (vPC) environment, use the following timer commands in router configuration mode on the core switch to ensure fast OSPFv3 convergence when a vPC peer link is shut down: switch (config-router)# timers throttle spf 1 50 50 switch (config-router)# timers lsa-arrival 10
Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Default Settings
Table 6-2 lists the default settings for OSPFv3 parameters.
6-12
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 6 Configuring OSPFv3
Table 6-2 Default OSPFv3 Parameters
Parameters
Hello interval
Dead interval
Graceful restart grace period
Graceful restart notify period
OSPFv3 feature
Stub router advertisement announce time
Reference bandwidth for link cost calculation
LSA minimal arrival time
LSA group pacing
SPF calculation initial delay time
SPF calculation hold time
SPF calculation initial delay time
Default
10 seconds
40 seconds
60 seconds
15 seconds
Disabled
600 seconds
40 Gb/s
1000 milliseconds
10 seconds
0 milliseconds
5000 milliseconds
0 milliseconds
Configuring Basic OSPFv3
Configure OSPFv3 after you have designed your OSPFv3 network.
This section includes the following topics:
•
•
•
Creating an OSPFv3 Instance, page 6-14
Configuring Networks in OSPFv3, page 6-17
Enabling OSPFv3
You must enable OSPFv3 before you can configure OSPFv3.
SUMMARY STEPS
3.
4.
1.
2.
configure terminal feature ospfv3
(Optional) show feature
(Optional) copy running-config startup-config
Configuring Basic OSPFv3
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
6-13
Chapter 6 Configuring OSPFv3
Configuring Basic OSPFv3
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 feature ospfv3
Example: switch(config)# feature ospfv3
Step 3 show feature
Example: switch(config)# show feature
Step 4 copy running-config startup-config
Example: switch(config)# copy running-config startup-config
Purpose
Enters configuration mode.
Enables OSPFv3.
(Optional) Displays enabled and disabled features.
(Optional) Saves this configuration change.
To disable the OSPFv3 feature and remove all associated configuration, use the following command in configuration mode.
Command no feature ospfv3
Example: switch(config)# no feature ospfv3
Purpose
Disables the OSPFv3 feature and removes all associated configuration.
Creating an OSPFv3 Instance
The first step in configuring OSPFv3 is to create an instance or OSPFv3 instance. You assign a unique instance tag for this OSPFv3 instance. The instance tag can be any string. For each OSPFv3 instance, you can also configure the following optional parameters:
•
•
Router ID—Configures the router ID for this OSPFv3 instance. If you do not use this parameter, the
Administrative distance—Rates the trustworthiness of a routing information source. For more information, see the
“Administrative Distance” section on page 1-7 .
•
•
•
Log adjacency changes—Creates a system message whenever an OSPFv3 neighbor changes its state.
Maximum paths—Sets the maximum number of equal paths that OSPFv3 installs in the route table for a particular destination. Use this parameter for load balancing between multiple paths.
Reference bandwidth—Controls the calculated OSPFv3 cost metric for a network. The calculated cost is the reference bandwidth divided by the interface bandwidth. You can override the calculated cost by assigning a link cost when a network is added to the OSPFv3 instance. For more information, see the
“Configuring Networks in OSPFv3” section on page 6-17 .
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
6-14 OL-30923-01
Chapter 6 Configuring OSPFv3
Configuring Basic OSPFv3
BEFORE YOU BEGIN
You must enable OSPFv3 and create the OSPFv3 instance (see the
“Enabling OSPFv3” section on page 6-13
).
Ensure that the OSPFv3 instance tag that you plan on using is not already in use on this router.
Use the show ospfv3 instance-tag command to verify that the instance tag is not in use.
OSPFv3 must be able to obtain a router identifier (for example, a configured loopback address) or you must configure the router ID option.
SUMMARY STEPS
For more information about OSPFv3 instance parameters, see the
“Configuring Advanced OSPFv3” section on page 6-19 .
1.
2.
3.
4.
5.
configure terminal router ospfv3 instance-tag
(Optional) router-id ip-address
(Optional) show ipv6 ospfv3 instance-tag
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Purpose
Enters configuration mode.
Example: switch# configure terminal switch(config)#
Step 2 router ospfv3 instance-tag
Creates a new OSPFv3 instance with the configured instance tag.
Example: switch(config)# router ospfv3 201 switch(config-router)#
Step 3 router-id ip-address
Example: switch(config-router)# router-id
192.0.2.1
Step 4 show ipv6 ospfv3 instance-tag
Example : switch(config-router)# show ipv6 ospfv3
201
Step 5 copy running-config startup-config
(Optional) Saves this configuration change.
Example: switch(config)# copy running-config startup-config
(Optional) Configures the OSPFv3 router ID. This ID uses the dotted decimal notation and identifies this
OSPFv3 instance and must exist on a configured interface in the system.
This command restarts the OSPFv3 process automatically and changes the router ID after it is configured.
(Optional) Displays OSPFv3 information.
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01 6-15
Chapter 6 Configuring OSPFv3
Configuring Basic OSPFv3
To remove the OSPFv3 instance and all associated configuration, use the following command in configuration mode:
Command no router ospfv3 instance-tag
Example: switch(config)# no router ospfv3 201
Purpose
Deletes the OSPFv3 instance and all associated configuration.
Note This command does not remove OSPFv3 configuration in interface mode. You must manually remove any OSPFv3 commands configured in interface mode.
You can configure the following optional parameters for OSPFv3 in router configuration mode:
Command log-adjacency-changes [ detail ]
Example: switch(config-router)# log-adjacency-changes passive-interface default
Example: switch(config-router)# passive-interface default
Purpose
Generates a system message whenever a neighbor changes state.
Suppresses routing updates on all interfaces. This command is overridden by the VRF or interface command mode configuration.
You can configure the following optional parameters for OSPFv3 in address family configuration mode:
Command distance number
Example: switch(config-router-af)# distance 25 maximum-paths paths
Example: switch(config-router-af)# maximum-paths 4
Purpose
Configures the administrative distance for this
OSPFv3 instance. The range is from 1 to 255. The default is 110.
Configures the maximum number of equal OSPFv3 paths to a destination in the route table. The range is from 1 to 64. The default is 8. This command is used for load balancing.
This example shows how to create an OSPFv3 instance with a maximum of four equal OSPFv3 paths per destination: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# maximum-paths 4 switch(config-router)# copy running-config startup-config
6-16
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 6 Configuring OSPFv3
Configuring Basic OSPFv3
Configuring Networks in OSPFv3
You can configure a network to OSPFv3 by associating it through the interface that the router uses to connect to that network (see the
“Neighbors” section on page 6-3 ). You can add all networks to the
default backbone area (Area 0), or you can create new areas using any decimal number or an IP address.
Note All areas must connect to the backbone area either directly or through a virtual link.
Note OSPFv3 is not enabled on an interface until you configure a valid IPv6 address for that interface.
BEFORE YOU BEGIN
You must enable OSPFv3 and create the OSPFv3 instance (see the
“Enabling OSPFv3” section on page 6-13
).
SUMMARY STEPS
3.
4.
1.
2.
5.
6.
configure terminal interface interface-type slot/port ipv6 address ipv6-prefix/length ipv6 router ospfv3 instance-tag area area-id [ secondaries none ]
(Optional) show ipv6 ospfv3 instance-tag interface interface-type slot/port
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 interface interface-type slot/port
Example: switch(config)# interface ethernet 1/2 switch(config-if)#
Step 3 ipv6 address ipv6-prefix/length
Example: switch(config-if)# ipv6 address
2001:0DB8::1/48
Purpose
Enters configuration mode.
Enters interface configuration mode.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port .
Assigns an IPv6 address to this interface.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
6-17
Chapter 6 Configuring OSPFv3
Configuring Basic OSPFv3
Command
Step 4 ipv6 router ospfv3 instance-tag area area-id [ secondaries none ]
Purpose
Adds the interface to the OSPFv3 instance and area.
Example: switch(config-if)# ipv6 router ospfv3
201 area 0
Step 5 show ipv6 ospfv3 instance-tag interface interface-type slot/port
(Optional) Displays OSPFv3 information.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port .
Example : switch(config-if)# show ipv6 ospfv3 201 interface ethernet 1/2
Step 6 copy running-config startup-config
(Optional) Saves this configuration change.
Example: switch(config)# copy running-config startup-config
You can configure the following optional parameters for OSPFv3 in interface configuration mode:
Command ospfv3 cost number
Example: switch(config-if)# ospfv3 cost 25 ospfv3 dead-interval seconds
Example: switch(config-if)# ospfv3 dead-interval 50 ospfv3 hello-interval seconds
Example: switch(config-if)# ospfv3 hello-interval
25 ospfv3 instance instance
Purpose
Configures the OSPFv3 cost metric for this interface. The default is to calculate a cost metric, based on the reference bandwidth and interface bandwidth. The range is from 1 to 65535.
Configures the OSPFv3 dead interval, in seconds.
The range is from 1 to 65535. The default is four times the hello interval, in seconds.
Configures the OSPFv3 hello interval, in seconds.
The range is from 1 to 65535. The default is 10 seconds.
Example: switch(config-if)# ospfv3 instance 25 ospfv3 mtu-ignore
Example: switch(config-if)# ospfv3 mtu-ignore ospfv3 network { broadcast | point-point }
Configures the OSPFv3 instance ID. The range is from 0 to 255. The default is 0. The instance ID is link-local in scope.
Configures OSPFv3 to ignore any IP maximum transmission unit (MTU) mismatch with a neighbor. The default is to not establish adjacency if the neighbor MTU does not match the local interface MTU.
Sets the OSPFv3 network type.
Example: switch(config-if)# ospfv3 network broadcast
6-18
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 6 Configuring OSPFv3
Configuring Advanced OSPFv3
Command
[ default | no ] ospfv3 passive-interface
Example: switch(config-if)# ospfv3 passive-interface
Purpose
Suppresses routing updates on the interface. This command overrides the router or VRF command mode configuration. The default option removes this interface mode command and reverts to the router or VRF configuration, if present.
ospfv3 priority number
Example: switch(config-if)# ospfv3 priority 25 ospfv3 shutdown
Example: switch(config-if)# ospfv3 shutdown
Configures the OSPFv3 priority, used to determine the DR for an area. The range is from 0 to 255. The default is 1. See the
“Designated Routers” section on page 6-4
.
Shuts down the OSPFv3 instance on this interface.
This example shows how to add a network area 0.0.0.10 in OSPFv3 instance 201: switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ipv6 address 2001:0DB8::1/48 switch(config-if)# ipv6 router ospfv3 201 area 0.0.0.10
switch(config-if)# copy running-config startup-config
Configuring Advanced OSPFv3
Configure OSPFv3 after you have designed your OSPFv3 network.
This section includes the following topics:
•
Configuring Filter Lists for Border Routers, page 6-20
•
•
•
•
Configuring Stub Areas, page 6-21
Configuring a Totally Stubby Area, page 6-22
Configuring Multi-Area Adjacency, page 6-25
•
•
•
•
•
•
•
•
Configuring Virtual Links, page 6-26
Configuring Redistribution, page 6-28
Limiting the Number of Redistributed Routes, page 6-30
Configuring Route Summarization, page 6-32
Modifying the Default Timers, page 6-34
Configuring Graceful Restart, page 6-36
Restarting an OSPFv3 Instance, page 6-37
Configuring OSPFv3 with Virtualization, page 6-38
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
6-19
Chapter 6 Configuring OSPFv3
Configuring Advanced OSPFv3
Configuring Filter Lists for Border Routers
You can separate your OSPFv3 domain into a series of areas that contain related networks. All areas must connect to the backbone area through an area border router (ABR). OSPFv3 domains can connect to external domains as well through an autonomous system border router (ASBR). See the
.
ABRs have the following optional configuration parameters:
•
•
Area range—Configures route summarization between areas. For more information, see the
“Configuring Route Summarization” section on page 6-32
.
Filter list—Filters the Inter-Area Prefix (type 3) LSAs that are allowed in from an external area on an ABR.
ASBRs also support filter lists.
BEFORE YOU BEGIN
Create the route map that the filter list uses to filter IP prefixes in incoming or outgoing Inter-Area Prefix
(type 3) LSAs. See
Chapter 14, “Configuring Route Policy Manager.”
You must enable OSPFv3 and create the OSPFv3 instance (see the
“Enabling OSPFv3” section on page 6-13 ).
SUMMARY STEPS
3.
4.
1.
2.
5.
6.
configure terminal router ospfv3 instance-tag address-family ipv6 unicast area area-id filter-list route-map map-name { in | out }
(Optional) show ipv6 ospfv3 policy statistics area id filter-list { in | out }
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 router ospfv3 instance-tag
Example: switch(config)# router ospfv3 201 switch(config-router)#
Step 3 address-family ipv6 unicast
Example: switch(config-router)# address-family ipv6 unicast switch(config-router-af)#
Purpose
Enters configuration mode.
Creates a new OSPFv3 instance with the configured instance tag.
Enters IPv6 unicast address family mode.
6-20
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 6 Configuring OSPFv3
Configuring Advanced OSPFv3
Command
Step 4 area area-id filter-list route-map map-name { in | out }
Purpose
Filters incoming or outgoing Inter-Area Prefix (type 3)
LSAs on an ABR.
Example: switch(config-router-af)# area 0.0.0.10 filter-list route-map FilterLSAs in
Step 5 show ipv6 ospfv3 policy statistics area id filter-list { in | out }
(Optional) Displays OSPFv3 policy information.
Example : switch(config-if)# show ipv6 ospfv3 policy statistics area 0.0.0.10 filter-list in
Step 6 copy running-config startup-config
Example: switch(config-router)# copy running-config startup-config
(Optional) Saves this configuration change.
This example shows how to configure a filter list for a border router: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# address-family ipv6 unicast switch(config-router-af)# area 0.0.0.10 filter-list route-map FilterLSAs in switch(config-router-af)# copy running-config startup-config
Configuring Stub Areas
You can configure a stub area for part of an OSPFv3 domain where external traffic is not necessary. Stub areas block AS External (type 5) LSAs, limiting unnecessary routing to and from selected networks. See the
“Stub Area” section on page 6-9 . You can optionally block all summary routes from going into the
stub area.
BEFORE YOU BEGIN
You must enable OSPFv3 and create the OSPFv3 instance (see the
“Enabling OSPFv3” section on page 6-13
).
Ensure that there are no virtual links or ASBRs in the proposed stub area.
SUMMARY STEPS
3.
4.
5.
6.
1.
2.
configure terminal router ospfv3 instance-tag area area-id stub
(Optional) address-family ipv6 unicast
(Optional) area area-id default-cost cost
(Optional) copy running-config startup-config
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
6-21
Chapter 6 Configuring OSPFv3
Configuring Advanced OSPFv3
DETAILED STEPS
Command
Step 1 configure terminal
Purpose
Enters configuration mode.
Example: switch# configure terminal switch(config)#
Step 2 router ospfv3 instance-tag
Creates a new OSPFv3 instance with the configured instance tag.
Example: switch(config)# router ospfv3 201 switch(config-router)#
Step 3 area area-id stub
Creates this area as a stub area.
Example: switch(config-router)# area 0.0.0.10 stub
Step 4 address-family ipv6 unicast
(Optional) Enters IPv6 unicast address family mode.
Example: switch(config-router)# address-family ipv6 unicast switch(config-router-af)#
Step 5 area area-id default-cost cost
Example: switch(config-router-af)# area 0.0.0.10 default-cost 25
Step 6 copy running-config startup-config
(Optional) Sets the cost metric for the default summary route sent into this stub area. The range is from 0 to
16777215.
(Optional) Saves this configuration change.
Example: switch(config-router)# copy running-config startup-config
This shows how to create a stub area that blocks all summary route updates: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# area 0.0.0.10 stub no-summary switch(config-router)# copy running-config startup-config
Configuring a Totally Stubby Area
You can create a totally stubby area and prevent all summary route updates from going into the stub area.
To create a totally stubby area, use the following command in router configuration mode:
Command area area-id stub no-summary
Example: switch(config-router)# area 20 stub no-summary
Purpose
Creates this area as a totally stubby area.
6-22
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 6 Configuring OSPFv3
Configuring Advanced OSPFv3
Configuring NSSA
You can configure an NSSA for part of an OSPFv3 domain where limited external traffic is required.
See the
“Not-So-Stubby Area” section on page 6-9 . You can optionally translate this external traffic to
an AS External (type 5) LSA and flood the OSPFv3 domain with this routing information. An NSSA can be configured with the following optional parameters:
• No redistribution—Redistributes routes that bypass the NSSA to other areas in the OSPFv3 autonomous system. Use this option when the NSSA ASBR is also an ABR.
•
•
Default information originate—Generates a Type-7 LSA for a default route to the external autonomous system. Use this option on an NSSA ASBR if the ASBR contains the default route in the routing table. This option can be used on an NSSA ABR whether or not the ABR contains the default route in the routing table.
Route map—Filters the external routes so that only those routes you want are flooded throughout the NSSA and other areas.
•
•
Translate—Translates Type-7 LSAs to AS External (type 5) LSAs for areas outside the NSSA. Use this command on an NSSA ABR to flood the redistributed routes throughout the OSPFv3 autonomous system. You can optionally suppress the forwarding address in these AS External LSAs.
No summary—Blocks all summary routes from flooding the NSSA. Use this option on the NSSA
ABR.
BEFORE YOU BEGIN
You must enable OSPFv3 and create the OSPFv3 instance (see the
“Enabling OSPFv3” section on page 6-13
).
Ensure that there are no virtual links in the proposed NSSA and that it is not the backbone area.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
configure terminal router ospfv3 instance-tag area area-id nssa [ no-redistribution ] [ default-information-originate] [ route-map map-name ]
[ no-summary ] [ translate type7 { always | never } [ suppress-fa ]]
(Optional) address-family ipv6 unicast
(Optional) area area-id default-cost cost
(Optional) copy running-config startup-config
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
6-23
Chapter 6 Configuring OSPFv3
Configuring Advanced OSPFv3
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 router ospfv3 instance-tag
Example: switch(config)# router ospfv3 201 switch(config-router)#
Step 3 area area-id nssa [ no-redistribution ]
[ default-information-originate ]
[ route-map map-name ][ no-summary ]
[ translate type7 { always | never }
[ suppress-fa ]]
Purpose
Enters configuration mode.
Creates a new OSPFv3 instance with the configured instance tag.
Creates this area as an NSSA.
Example: switch(config-router)# area 0.0.0.10 nssa
Step 4 address-family ipv6 unicast
(Optional) Enters IPv6 unicast address family mode.
Example: switch(config-router)# address-family ipv6 unicast switch(config-router-af)#
Step 5 area area-id default-cost cost
Example: switch(config-router-af)# area 0.0.0.10 default-cost 25
Step 6 copy running-config startup-config
(Optional) Sets the cost metric for the default summary route sent into this NSSA. The range is from 0 to
16777215.
(Optional) Saves this configuration change.
Example: switch(config-router)# copy running-config startup-config
This example shows how to create an NSSA that blocks all summary route updates: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# area 0.0.0.10 nssa no-summary switch(config-router)# copy running-config startup-config
This example shows how to create an NSSA that generates a default route: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# area 0.0.0.10 nssa default-info-originate switch(config-router)# copy running-config startup-config
6-24
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 6 Configuring OSPFv3
Configuring Advanced OSPFv3
This example shows how to create an NSSA that filters external routes and blocks all summary route updates: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# area 0.0.0.10 nssa route-map ExternalFilter no-summary switch(config-router)# copy running-config startup-config
This example shows how to create an NSSA that always translates Type-7 LSAs to AS External (type 5)
LSAs: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# area 0.0.0.10 nssa translate type 7 always switch(config-router)# copy running-config startup-config
This example shows how to create an NSSA that blocks all summary route updates: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# area 0.0.0.10 nssa no-summary switch(config-router)# copy running-config startup-config
Configuring Multi-Area Adjacency
You can add more than one area to an existing OSPFv3 interface. The additional logical interfaces support multi-area adjacency.
BEFORE YOU BEGIN
You must enable OSPFv3 and create the OSPFv3 instance (see the
“Enabling OSPFv3” section on page 6-13
).
Ensure that you have configured a primary area for the interface (see the
.
SUMMARY STEPS
1.
2.
3.
4.
5.
configure terminal interface interface-type slot/port ipv6 router ospfv3 instance-tag multi-area area-id
(Optional) show ipv6 ospfv3 instance-tag interface interface-type slot/port
(Optional) copy running-config startup-config
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
6-25
Chapter 6 Configuring OSPFv3
Configuring Advanced OSPFv3
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 interface interface-type slot/port
Example: switch(config)# interface ethernet 1/2 switch(config-if)#
Purpose
Enters configuration mode.
Enters interface configuration mode.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port .
Step 3 ipv6 router ospfv3 instance-tag multi-area area-id
Adds the interface to another area.
Example: switch(config-if)# ipv6 router ospfv3
201 multi-area 3
Step 4 show ipv6 ospfv3 instance-tag interface interface-type slot/port
(Optional) Displays OSPFv3 information.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port .
Example : switch(config-if)# show ipv6 ospfv3 201 interface ethernet 1/2
Step 5 copy running-config startup-config
(Optional) Saves this configuration change.
Example: switch(config)# copy running-config startup-config
This example shows how to add a second area to an OSPFv3 interface: switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ipv6 address 2001:0DB8::1/48 switch(config-if)# ipv6 router ospfv3 201 area 0.0.0.10
switch(config-if)# ipv6 router ospfv3 201 multi-area 20 switch(config-if)# copy running-config startup-config
Configuring Virtual Links
A virtual link connects an isolated area to the backbone area through an intermediate area. See the
link:
• Authentication—Sets simple password or MD5 message digest authentication and associated keys.
•
•
•
Dead interval—Sets the time that a neighbor waits for a Hello packet before declaring the local router as dead and tearing down adjacencies.
Hello interval—Sets the time between successive Hello packets.
Retransmit interval—Sets the estimated time between successive LSAs.
6-26
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 6 Configuring OSPFv3
Configuring Advanced OSPFv3
• Transmit delay—Sets the estimated time to transmit an LSA to a neighbor.
Note You must configure the virtual link on both routers involved before the link becomes active.
BEFORE YOU BEGIN
You must enable OSPFv3 and create the OSPFv3 instance (see the
“Enabling OSPFv3” section on page 6-13
).
SUMMARY STEPS
3.
4.
1.
2.
5.
configure terminal router ospfv3 instance-tag area area-id virtual-link router-id
(Optional) show ipv6 ospfv3 virtual-link [ brief ]
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Purpose
Enters configuration mode.
Example: switch# configure terminal switch(config)#
Step 2 router ospfv3 instance-tag
Creates a new OSPFv3 instance with the configured instance tag.
Example: switch(config)# router ospfv3 201 switch(config-router)#
Step 3 area area-id virtual-link router-id
Example: switch(config-router)# area 0.0.0.10 virtual-link 2001:0DB8::1 switch(config-router-vlink)#
Step 4 show ipv6 ospfv3 virtual-link [ brief ]
Creates one end of a virtual link to a remote router.
You must create the virtual link on that remote router to complete the link.
Example : switch(config-if)# show ipv6 ospfv3 virtual-link
Step 5 copy running-config startup-config
Example: switch(config-router)# copy running-config startup-config
(Optional) Displays OSPFv3 virtual link information.
(Optional) Saves this configuration change.
You can configure the following optional commands in virtual link configuration mode:
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
6-27
Chapter 6 Configuring OSPFv3
Configuring Advanced OSPFv3
Command dead-interval seconds
Example : switch(config-router-vlink)# dead-interval 50 hello-interval seconds
Example: switch(config-router-vlink)# hello-interval 25 retransmit-interval seconds
Example : switch(config-router-vlink)# retransmit-interval 50 transmit-delay seconds
Example: switch(config-router-vlink)# transmit-delay 2
Purpose
(Optional) Configures the OSPFv3 dead interval, in seconds. The range is from 1 to 65535. The default is four times the hello interval, in seconds.
(Optional) Configures the OSPFv3 hello interval, in seconds. The range is from 1 to 65535. The default is 10 seconds.
(Optional) Configures the OSPFv3 retransmit interval, in seconds. The range is from 1 to 65535. The default is 5.
(Optional) Configures the OSPFv3 transmit-delay, in seconds. The range is from 1 to 450. The default is 1.
These examples show how to create a simple virtual link between two ABRs:
Configuration for ABR 1 (router ID 2001:0DB8::1) is as follows: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# area 0.0.0.10 virtual-link 2001:0DB8::10 switch(config-router)# copy running-config startup-config
Configuration for ABR 2 (router ID 2001:0DB8::10) is as follows: switch# configure terminal switch(config)# router ospfv3 101 switch(config-router)# area 0.0.0.10 virtual-link 2001:0DB8::1 switch(config-router)# copy running-config startup-config
Configuring Redistribution
You can redistribute routes learned from other routing protocols into an OSPFv3 autonomous system through the ASBR.
You can configure the following optional parameters for route redistribution in OSPFv3:
• Default information originate—Generates an AS External (type 5) LSA for a default route to the external autonomous system.
Note Default information originate ignores match statements in the optional route map.
• Default metric—Sets all redistributed routes to the same cost metric.
Note If you redistribute static routes, Cisco NX-OS also redistributes the default static route.
6-28
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 6 Configuring OSPFv3
Configuring Advanced OSPFv3
Note Redistribution does not work if the access list is used as a match option in route-maps.
BEFORE YOU BEGIN
Create the necessary route maps used for redistribution.
You must enable OSPFv3 and create the OSPFv3 instance (see the
“Enabling OSPFv3” section on page 6-13
).
SUMMARY STEPS
5.
6.
7.
3.
4.
1.
2.
configure terminal router ospfv3 instance-tag address-family ipv6 unicast redistribute { bgp id | direct | isis id | rip id | static } route-map map-name default-information originate [ always ] [ route-map map-name ] default-metric cost
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Purpose
Enters configuration mode.
Example: switch# configure terminal switch(config)#
Step 2 router ospfv3 instance-tag
Creates a new OSPFv3 instance with the configured instance tag.
Example: switch(config)# router ospfv3 201 switch(config-router)#
Step 3 address-family ipv6 unicast
Enters IPv6 unicast address family mode.
Example: switch(config-router)# address-family ipv6 unicast switch(config-router-af)#
Step 4 redistribute { bgp id | direct | isis id
| rip id | static } route-map map-name
Example: switch(config-router-af)# redistribute bgp route-map FilterExternalBGP
Redistributes the selected protocol into OSPFv3 through the configured route map.
Note If you redistribute static routes, Cisco NX-OS also redistributes the default static route.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
6-29
Chapter 6 Configuring OSPFv3
Configuring Advanced OSPFv3
Command
Step 5 default-information originate [ always ]
[ route-map map-name]
Example: switch(config-router-af)# default-information-originate route-map
DefaultRouteFilter
Step 6 default-metric cost
Example: switch(config-router-af)# default-metric
25
Step 7 copy running-config startup-config
Purpose
Creates a default route into this OSPFv3 domain if the default route exists in the RIB. Use the following optional keywords:
• always —Always generates the default route of
0.0.0. even if the route does not exist in the RIB.
•
Note route-map —Generates the default route if the route map returns true.
This command ignores match statements in the route map.
Sets the cost metric for the redistributed routes. The range is from 1 to 16777214. This command does not apply to directly connected routes. Use a route map to set the default metric for directly connected routes.
(Optional) Saves this configuration change.
Example: switch(config-router)# copy running-config startup-config
This example shows how to redistribute the Border Gateway Protocol (BGP) into OSPFv3: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# address-family ipv6 unicast switch(config-router-af)# redistribute bgp route-map FilterExternalBGP switch(config-router-af)# copy running-config startup-config
Limiting the Number of Redistributed Routes
Route redistribution can add many routes to the OSPFv3 route table. You can configure a maximum limit to the number of routes accepted from external protocols. OSPFv3 provides the following options to configure redistributed route limits:
• Fixed limit—Logs a message when OSPFv3 reaches the configured maximum. OSPFv3 does not accept any more redistributed routes. You can optionally configure a threshold percentage of the maximum where OSPFv3 logs a warning when that threshold is passed.
•
•
Warning only—Logs a warning only when OSPFv3 reaches the maximum. OSPFv3 continues to accept redistributed routes.
Withdraw—Starts the configured timeout period when OSPFv3 reaches the maximum. After the timeout period, OSPFv3 requests all redistributed routes if the current number of redistributed routes is less than the maximum limit. If the current number of redistributed routes is at the maximum limit, OSPFv3 withdraws all redistributed routes. You must clear this condition before
OSPFv3 accepts more redistributed routes. You can optionally configure the timeout period.
BEFORE YOU BEGIN
You must enable OSPFv3 and create the OSPFv3 instance (see the
“Enabling OSPFv3” section on page 6-13 ).
6-30
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 6 Configuring OSPFv3
Configuring Advanced OSPFv3
SUMMARY STEPS
5.
6.
7.
3.
4.
1.
2.
configure terminal router ospfv3 instance-tag address-family ipv6 unicast redistribute { bgp id | direct | isis id | rip id | static } route-map map-name redistribute maximum-prefix max [ threshold ] [ warning-only | withdraw [ num-retries timeout ]]
(Optional) show running-config ospfv3
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Purpose
Enters configuration mode.
Example: switch# configure terminal switch(config)#
Step 2 router ospfv3 instance-tag
Creates a new OSPFv3 instance with the configured instance tag.
Example: switch(config)# router ospfv3 201 switch(config-router)#
Step 3 address-family ipv6 unicast
Enters IPv6 unicast address family mode.
Example: switch(config-router)# address-family ipv6 unicast switch(config-router-af)#
Step 4 redistribute { bgp id | direct | isis id
| rip id | static } route-map map-name
Redistributes the selected protocol into OSPFv3 through the configured route map.
Example: switch(config-router-af)# redistribute bgp route-map FilterExternalBGP
Step 5 redistribute maximum-prefix max
[ threshold ] [ warning-only | withdraw
[ num-retries timemout ]]
Example: switch(config-router)# redistribute maximum-prefix 1000 75 warning-only
Specifies a maximum number of prefixes that OSPFv3 distributes. The range is from 0 to 65536. Optionally, specifies the following:
•
•
• threshold —Percent of maximum prefixes that triggers a warning message.
warning-only —Logs an warning message when the maximum number of prefixes is exceeded.
withdraw —Withdraws all redistributed routes and optionally tries to retrieve the redistributed routes. The num-retries range is from 1 to 12. The timeout range is from 60 to 600 seconds. The default is 300 seconds.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
6-31
Chapter 6 Configuring OSPFv3
Configuring Advanced OSPFv3
Command
Step 6 show running-config ospfv3
Example: switch(config-router)# show running-config ospfv3
Step 7 copy running-config startup-config
Example: switch(config-router)# copy running-config startup-config
Purpose
(Optional) Displays the OSPFv3 configuration.
(Optional) Saves this configuration change.
This example shows how to limit the number of redistributed routes into OSPFv3: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# address-family ipv6 unicast switch(config-router-af)# redistribute bgp route-map FilterExternalBGP switch(config-router-af)# redistribute maximum-prefix 1000 75
Configuring Route Summarization
You can configure route summarization for inter-area routes by configuring an address range that is summarized. You can also configure route summarization for external, redistributed routes by configuring a summary address for those routes on an ASBR. For more information, see the
Summarization” section on page 6-10
.
BEFORE YOU BEGIN
You must enable OSPFv3 and create the OSPFv3 instance (see the
“Enabling OSPFv3” section on page 6-13 ).
SUMMARY STEPS
5.
6.
7.
1.
2.
3.
4.
configure terminal router ospfv3 instance-tag address-family ipv6 unicast area area-id range ipv6-prefix/length [ no-advertise ] [ cost cost ] or summary-address ipv6-prefix/length [ no-advertise ] [ tag tag ]
(Optional) show ipv6 ospfv3 summary-address
(Optional) copy running-config startup-config
6-32
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 6 Configuring OSPFv3
Configuring Advanced OSPFv3
DETAILED STEPS
Command
Step 1 configure terminal
Purpose
Enters configuration mode.
Example: switch# configure terminal switch(config)#
Step 2 router ospfv3 instance-tag
Creates a new OSPFv3 instance with the configured instance tag.
Example: switch(config)# router ospfv3 201 switch(config-router)#
Step 3 address-family ipv6 unicast
Enters IPv6 unicast address family mode.
Example: switch(config-router)# address-family ipv6 unicast switch(config-router-af)#
Step 4 area area-id range ipv6-prefix/length
[ no-advertise ] [ cost cost ]
Example: switch(config-router-af)# area 0.0.0.10 range 2001:0DB8::/48 advertise
Step 5 summary-address ipv6-prefix/length
[ no-advertise ][ tag tag ]
Example: switch(config-router-af)# summary-address 2001:0DB8::/48 tag 2
Step 6 show ipv6 ospfv3 summary-address
Creates a summary address on an ABR for a range of addresses and o ptionally advertises this summary address in a Inter-Area Prefix (type 3) LSA. The cost range is from 0 to 16777215.
Creates a summary address on an ASBR for a range of addresses and optionally assigns a tag for this summary address that can be used for redistribution with route maps.
(Optional) Displays information about OSPFv3 summary addresses.
Example : switch(config-router)# show ipv6 ospfv3 summary-address
Step 7 copy running-config startup-config
(Optional) Saves this configuration change.
Example: switch(config-router)# copy running-config startup-config
This example shows how to create summary addresses between areas on an ABR: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# address-family ipv6 unicast switch(config-router)# area 0.0.0.10 range 2001:0DB8::/48 switch(config-router)# copy running-config startup-config
This example shows how to create summary addresses on an ASBR: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# address-family ipv6 unicast switch(config-router)# summary-address 2001:0DB8::/48 switch(config-router)# copy running-config startup-config
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
6-33
Chapter 6 Configuring OSPFv3
Configuring Advanced OSPFv3
Modifying the Default Timers
OSPFv3 includes a number of timers that control the behavior of protocol messages and shortest path first (SPF) calculations. OSPFv3 includes the following optional timer parameters:
• LSA arrival time—Sets the minimum interval allowed between LSAs arriving from a neighbor.
LSAs that arrive faster than this time are dropped.
•
•
Pacing LSAs—Sets the interval at which LSAs are collected into a group and refreshed, checksummed, or aged. This timer controls how frequently LSA updates occur and optimizes how
Throttle LSAs—Sets rate limits for generating LSAs. This timer controls how frequently LSAs are generated after a topology change occurs.
• Throttle SPF calculation—Controls how frequently the SPF calculation is run.
At the interface level, you can also control the following timers:
•
•
Retransmit interval—Sets the estimated time between successive LSAs.
Transmit delay—Sets the estimated time to transmit an LSA to a neighbor.
See the
“Configuring Networks in OSPFv3” section on page 6-17
for information on the hello interval and dead timer.
SUMMARY STEPS
1.
8.
9.
6.
7.
4.
5.
2.
3.
10.
11.
configure terminal router ospfv3 instance-tag timers lsa-arrival msec timers lsa-group-pacing seconds timers throttle lsa start-time hold-interval max-time address-family ipv6 unicast timers throttle spf delay-time hold-time interface type slot/port ospfv3 retransmit-interval seconds ospfv3 transmit-delay seconds
(Optional) copy running-config startup-config
6-34
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 6 Configuring OSPFv3
Configuring Advanced OSPFv3
DETAILED STEPS
Command
Step 1 configure terminal
Purpose
Enters configuration mode.
Example: switch# configure terminal switch(config)#
Step 2 router ospfv3 instance-tag
Creates a new OSPFv3 instance with the configured instance tag.
Example: switch(config)# router ospfv3 201 switch(config-router)#
Step 3 timers lsa-arrival msec
Sets the LSA arrival time in milliseconds. The range is from 10 to 600000. The default is 1000 milliseconds.
Example: switch(config-router)# timers lsa-arrival 2000
Step 4 timers lsa-group-pacing seconds
Sets the interval in seconds for grouping LSAs. The range is from 1 to 1800. The default is 10 seconds.
Example: switch(config-router)# timers lsa-group-pacing 200
Step 5 timers throttle lsa start-time hold-interval max-time
Example: switch(config-router)# timers throttle lsa network 350 5000 6000
Step 6 address-family ipv6 unicast
Sets the rate limit in milliseconds for generating LSAs.
You can configure the following timers: start-time —The range is from 50 to 5000 milliseconds.
The default value is 50 milliseconds.
hold-interva l—The range is from 50 to 30,000 milliseconds. The default value is 5000 milliseconds.
max-time —The range is from 50 to 30,000 milliseconds. The default value is 5000 milliseconds.
Enters IPv6 unicast address family mode.
Example: switch(config-router)# address-family ipv6 unicast switch(config-router-af)#
Step 7 timers throttle spf delay-time hold-time
Example: switch(config-router)# timers throttle spf 3000 2000
Step 8 interface type slot/port
Example : switch(config)# interface ethernet 1/2 switch(config-if)#
Sets the SPF best path schedule initial delay time and the minimum hold time in seconds between SPF best- path calculations. The range is from 1 to 600000. The default is no delay time and 5000 millisecond hold time.
Enters interface configuration mode.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port .
Step 9 ospfv3 retransmit-interval seconds
Example: switch(config-if)# ospfv3 retransmit-interval 30
Sets the estimated time in seconds between LSAs transmitted from this interface. The range is from 1 to
65535. The default is 5.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
6-35
Chapter 6 Configuring OSPFv3
Configuring Advanced OSPFv3
Command
Step 10 ospfv3 transmit-delay seconds
Example: switch(config-if)# ospfv3 transmit-delay
600 switch(config-if)#
Step 11 copy running-config startup-config
Purpose
Sets the estimated time in seconds to transmit an LSA to a neighbor. The range is from 1 to 450. The default is 1.
(Optional) Saves this configuration change.
Example: switch(config-if)# copy running-config startup-config
This example shows how to control LSA flooding with the lsa-group-pacing option: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# timers lsa-group-pacing 300 switch(config-router)# copy running-config startup-config
Configuring Graceful Restart
Graceful restart is enabled by default. You can configure the following optional parameters for graceful restart in an OSPFv3 instance:
•
•
•
Grace period—Configures how long neighbors should wait after a graceful restart has started before tearing down adjacencies.
Helper mode disabled—Disables helper mode on the local OSPFv3 instance. OSPFv3 does not participate in the graceful restart of a neighbor.
Planned graceful restart only—Configures OSPFv3 to support graceful restart only in the event of a planned restart.
BEFORE YOU BEGIN
You must enable OSPFv3 and create the OSPFv3 instance (see the
“Enabling OSPFv3” section on page 6-13 ).
Ensure that all neighbors are configured for graceful restart with matching optional parameters set.
SUMMARY STEPS
6.
7.
4.
5.
8.
1.
2.
3.
configure terminal router ospfv3 instance-tag graceful-restart graceful-restart grace-period seconds graceful-restart helper-disable graceful-restart planned-only
(Optional) show ipv6 ospfv3 instance-tag
(Optional) copy running-config startup-config
6-36
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 6 Configuring OSPFv3
Configuring Advanced OSPFv3
DETAILED STEPS
Command
Step 1 configure terminal
Purpose
Enters configuration mode.
Example: switch# configure terminal switch(config)#
Step 2 router ospfv3 instance-tag
Creates a new OSPFv3 instance with the configured instance tag.
Example: switch(config)# router ospfv3 201 switch(config-router)#
Step 3 graceful-restart
Enables graceful restart. A graceful restart is enabled by default.
Example: switch(config-router)# graceful-restart
Step 4 graceful-restart grace-period seconds
Example: switch(config-router)# graceful-restart grace-period 120
Step 5 graceful-restart helper-disable
Sets the grace period, in seconds. The range is from 5 to 1800. The default is 60 seconds.
Disables helper mode. Enabled by default.
Example: switch(config-router)# graceful-restart helper-disable
Step 6 graceful-restart planned-only
Configures graceful restart for planned restarts only.
Example: switch(config-router)# graceful-restart planned-only
Step 7 show ipv6 ospfv3 instance-tag
(Optional) Displays OSPFv3 information.
Example : switch(config-if)# show ipv6 ospfv3 201
Step 8 copy running-config startup-config
(Optional) Saves this configuration change.
Example: switch(config)# copy running-config startup-config
This shows how to enable graceful restart if it has been disabled and set the grace period to 120 seconds: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# graceful-restart switch(config-router)# graceful-restart grace-period 120 switch(config-router)# copy running-config startup-config
Restarting an OSPFv3 Instance
You can restart an OSPv3 instance. This action clears all neighbors for the instance.
To restart an OSPFv3 instance and remove all associated neighbors, use the following command:
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
6-37
Chapter 6 Configuring OSPFv3
Configuring Advanced OSPFv3
Command restart ospfv3 instance-tag
Example: switch(config)# restart ospfv3 201
Purpose
Restarts the OSPFv3 instance and removes all neighbors.
Configuring OSPFv3 with Virtualization
You can configure multiple OSPFv3 instances. You can also create multiple VRFs and use the same or multiple OSPFv3 instances in each VRF. You assign an OSPFv3 interface to a VRF.
Note Configure all other parameters for an interface after you configure the VRF for an interface. Configuring a VRF for an interface deletes all the configuration for that interface.
BEFORE YOU BEGIN
You must enable OSPFv3 and create the OSPFv3 instance (see the
“Enabling OSPFv3” section on page 6-13 ).
SUMMARY STEPS
1.
8.
9.
6.
7.
4.
5.
2.
3.
10.
configure terminal vrf context vrf_name router ospfv3 instance-tag vrf vrf-name
(Optional) maximum-paths paths interface type slot/port vrf member vrf-name ipv6 address ipv6-prefix/length ipv6 router ospfv3 instance-tag area area-id
(Optional) copy running-config startup-config
6-38
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 6 Configuring OSPFv3
Configuring Advanced OSPFv3
DETAILED STEPS
Command
Step 1 configure terminal
Purpose
Enters configuration mode.
Example: switch# configure terminal switch(config)#
Step 2 vrf context vrf-name
Creates a new VRF and enters VRF configuration mode.
Example: switch(config)# vrf context
RemoteOfficeVRF switch(config-vrf)#
Step 3 router ospfv3 instance-tag
Creates a new OSPFv3 instance with the configured instance tag.
Example: switch(config)# router ospfv3 201 switch(config-router)#
Step 4 vrf vrf-name
Enters VRF configuration mode.
Example: switch(config-router)# vrf
RemoteOfficeVRF switch(config-router-vrf)#
Step 5 maximum-paths paths
Example: switch(config-router-vrf)# maximum-paths
4
Step 6 interface type slot/port
Example : switch(config)# interface ethernet 1/2 switch(config-if)#
(Optional) Configures the maximum number of equal
OSPFv3 paths to a destination in the route table for this
VRF. Use this command for load balancing.
Enters interface configuration mode.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port .
Adds this interface to a VRF.
Step 7 vrf member vrf-name
Example: switch(config-if)# vrf member
RemoteOfficeVRF
Step 8 ipv6 address ipv6-prefix/length
Example: switch(config-if)# ipv6 address
2001:0DB8::1/48
Step 9 ipv6 router ospfv3 instance-tag area area-id
Example: switch(config-if)# ipv6 router ospfv3
201 area 0
Step 10 copy running-config startup-config
Example: switch(config)# copy running-config startup-config
Configures an IP address for this interface. You must do this step after you assign this interface to a VRF.
Assigns this interface to the OSPFv3 instance and area configured.
(Optional) Saves this configuration change.
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01 6-39
Chapter 6 Configuring OSPFv3
Verifying the OSPFv3 Configuration
This example shows how to create a VRF and add an interface to the VRF: switch# configure terminal switch(config)# vrf context NewVRF switch(config-vrf)# exit switch(config)# router ospfv3 201 switch(config-router)# exit switch(config)# interface ethernet 1/2 switch(config-if)# vrf member NewVRF switch(config-if)# ipv6 address 2001:0DB8::1/48 switch(config-if)# ipv6 router ospfv3 201 area 0 switch(config-if)# copy running-config startup-config
Verifying the OSPFv3 Configuration
To display the OSPFv3 configuration, perform one of the following tasks:
Command show ipv6 ospfv3 show ipv6 ospfv3 border-routers show ipv6 ospfv3 database show ipv6 ospfv3 interface type number [ vrf
{ vrf-name | all | default | management }] show ipv6 ospfv3 neighbors
Purpose
Displays the OSPFv3 configuration.
Displays the internal OSPFv3 routing table entries to an ABR and ASBR.
Displays lists of information related to the
OSPFv3 database for a specific router.
Displays the OSPFv3 interface configuration.
show ipv6 ospfv3 request-list show ipv6 ospfv3 retransmission-list show ipv6 ospfv3 summary-address show running-configuration ospfv3
Displays the neighbor information. Use the clear ospfv3 neighbors command to remove adjacency with all neighbors.
Displays a list of LSAs requested by a router.
Displays a list of LSAs waiting to be retransmitted.
Displays a list of all summary address redistribution information configured under an
OSPFv3 instance.
Displays the current running OSPFv3 configuration.
Monitoring OSPFv3
To display OSPFv3 statistics, use the following commands:
6-40
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 6 Configuring OSPFv3
Configuration Examples for OSPFv3
Command show ipv6 ospfv3 memory show ipv6 ospfv3 policy statistics area area-id filter-list { in | out } [ vrf { vrf-name
| all | default | management }] show ipv6 ospfv3 policy statistics redistribute { bgp id | direct | isis id | rip id
| static } vrf { vrf-name | all | default | management }] show ipv6 ospfv3 statistics [ vrf { vrf-name
| all | default | management }] show ipv6 ospfv3 traffic [ interface type number ] [ vrf { vrf-name | all | default | management }]
Purpose
Displays the OSPFv3 memory usage statistics.
Displays the OSPFv3 route policy statistics for an area.
Displays the OSPFv3 route policy statistics.
Displays the OSPFv3 event counters.
Displays the OSPFv3 packet counters.
Configuration Examples for OSPFv3
This example shows how to configure OSPFv3: feature ospfv3 router ospfv3 201 router-id 290.0.2.1
interface ethernet 1/2 ipv6 address 2001:0DB8::1/48 ipv6 router ospfv3 201 area 0.0.0.10
Related Topics
The following topics can give more information on OSPFv3:
•
Chapter 6, “Configuring OSPFv3”
•
Chapter 14, “Configuring Route Policy Manager”
Additional References
For additional information related to implementing OSPFv3, see the following sections:
•
•
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
6-41
Additional References
Related Documents
Related Topic
OSPFv3 CLI commands
Chapter 6 Configuring OSPFv3
Document Title
Cisco Nexus 6000 Series NX-OS Unicast Routing Command
Reference, Release 7.x
6-42
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
C H A P T E R
7
Configuring EIGRP
This chapter describes how to configure the Enhanced Interior Gateway Routing Protocol (
) on the Cisco NX-OS switch.
This chapter includes the following sections:
•
•
•
•
•
Information About EIGRP, page 7-1
Licensing Requirements for EIGRP, page 7-7
Prerequisites for EIGRP, page 7-7
Guidelines and Limitations, page 7-8
•
•
•
•
Configuring Basic EIGRP, page 7-9
Configuring Advanced EIGRP, page 7-14
Configuring the Administrative Distance of Routes, page 7-28
•
•
•
•
Verifying the EIGRP Configuration, page 7-30
Displaying EIGRP Statistics, page 7-31
Configuration Examples for EIGRP, page 7-31
Additional References, page 7-32
Information About EIGRP
EIGRP combines the benefits of distance vector protocols with the features of link-state protocols.
EIGRP sends out periodic hello messages for neighbor discovery. Once EIGRP learns a new neighbor, it sends a one-time update of all the local EIGRP routes and route metrics. The receiving EIGRP router calculates the route distance based on the received metrics and the locally assigned cost of the link to that neighbor. After this initial full route table update, EIGRP sends incremental updates to only those neighbors affected by the route change. This process speeds convergence and minimizes the bandwidth used by EIGRP.
This section includes the following topics:
•
•
•
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01 7-1
Chapter 7 Configuring EIGRP
Information About EIGRP
EIGRP Components
EIGRP has the following basic components:
•
Reliable Transport Protocol, page 7-2
•
•
Neighbor Discovery and Recovery, page 7-2
Diffusing Update Algorithm, page 7-2
Reliable Transport Protocol
The
Reliable Transport Protocol guarantees ordered delivery of EIGRP packets to all neighbors. (See
the “Neighbor Discovery and Recovery” section on page 7-2
.) The Reliable Transport Protocol supports an intermixed transmission of multicast and unicast packets. The reliable transport can send multicast packets quickly when unacknowledged packets are pending. This provision helps to ensure that the convergence time remains low for various speed links. See the
transmissions.
The Reliable Transport Protocol includes the following message types:
•
•
•
•
Hello—Used for neighbor discovery and recovery. By default, EIGRP sends a periodic multicast hello message on the local network at the configured
hello interval . By default, the hello interval is
5 seconds.
Acknowledgement—Verifies reliable reception of Updates, Queries, and Replies.
Updates—Sends to affected neighbors when routing information changes. Updates include the route destination, address mask, and route metrics such as delay and bandwidth. The update information is stored in the EIGRP topology table.
Queries and Replies—Sent as necessary as part of the Diffusing Update Algorithm used by EIGRP.
Neighbor Discovery and Recovery
EIGRP uses the hello messages from the Reliable Transport Protocol to discover neighboring EIGRP routers on directly attached networks. EIGRP adds neighbors to the neighbor table. The information in the neighbor table includes the neighbor address, the interface it was learned on, and the
, which indicates how long EIGRP should wait before declaring a neighbor unreachable. By default, the hold time is three times the hello interval or 15 seconds.
EIGRP sends a series of Update messages to new neighbors to share the local EIGRP routing information. This route information is stored in the EIGRP topology table. After this initial transmission of the full EIGRP route information, EIGRP sends Update messages only when a routing change occurs.
These Update messages contain only the new or changed information and are sent only to the neighbors affected by the change. See the
“EIGRP Route Updates” section on page 7-3
.
EIGRP also uses the Hello messages as a keepalive to its neighbors. As long as hello messages are received, Cisco NX-OS can determine that a neighbor is alive and functioning.
Diffusing Update Algorithm
The
Diffusing Update Algorithm (DUAL) calculates the routing information based on the destination
networks in the topology table. The topology table includes the following information:
• IPv4 address/mask—The network address and network mask for this destination.
7-2
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 7 Configuring EIGRP
Information About EIGRP
• Successors—The IP address and local interface connection for all
or neighbors that advertise a shorter distance to the destination than the current
.
• Feasibility distance (FD)—The lowest calculated distance to the destination. The feasibility distance is the sum of the advertised distance from a neighbor plus the cost of the link to that neighbor.
DUAL uses the distance metric to select efficient, loop-free paths. DUAL selects routes to insert into the unicast Routing Information Base (RIB) based on feasible successors. When a topology change occurs,
DUAL looks for feasible successors in the topology table. If there are feasible successors, DUAL selects the feasible successor with the lowest feasible distance and inserts that into the unicast RIB, avoiding unnecessary recomputation.
When there are no feasible successors but there are neighbors advertising the destination, DUAL transitions from the passive state to the active state and triggers a recomputation to determine a new successor or next-hop router to the destination. The amount of time required to recompute the route affects the convergence time. EIGRP sends Query messages to all neighbors, searching for feasible successors. Neighbors that have a feasible successor send a Reply message with that information.
Neighbors that do not have feasible successors trigger a DUAL recomputation.
EIGRP Route Updates
When a topology change occurs, EIGRP sends an Update message with only the changed routing information to affected neighbors. This Update message includes the distance information to the new or updated network destination.
The distance information in EIGRP is represented as a composite of available route metrics, including bandwidth, delay, load utilization, and link reliability. Each metric has an associated weight that determines if the metric is included in the distance calculation. You can configure these metric weights.
You can fine-tune link characteristics to achieve optimal paths, but we recommend that you use the default settings for most configurable metrics.
This section includes the following topics:
•
•
•
Internal Route Metrics, page 7-3
External Route Metrics, page 7-4
EIGRP and the Unicast RIB, page 7-4
Internal Route Metrics
Internal routes are routes that occur between neighbors within the same EIGRP autonomous system.
These routes have the following metrics:
•
•
•
Next hop—The IP address of the next-hop router.
Delay—The sum of the delays configured on the interfaces that make up the route to the destination network. Configured in tens of microseconds.
Bandwidth—The calculation from the lowest configured bandwidth on an interface that is part of the route to the destination.
Note We recommend you use the default bandwidth value. EIGRP also uses the bandwidth parameter.
• MTU—The smallest maximum transmission unit value along the route to the destination.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
7-3
Chapter 7 Configuring EIGRP
Information About EIGRP
• Hop count—The number of hops or routers that the route passes through to the destination. This metric is not directly used in the DUAL computation.
•
•
Reliability—An indication of the reliability of the links to the destination.
Load—An indication of how much traffic is on the links to the destination.
By default, EIGRP uses the bandwidth and delay metrics to calculate the distance to the destination. You can modify the metric weights to include the other metrics in the calculation.
External Route Metrics
•
•
•
External routes are routes that occur between neighbors in different EIGRP autonomous systems. These routes have the following metrics:
Next hop—The IP address of the next-hop router.
Router ID—The router ID of the router that redistributed this route into EIGRP.
•
•
•
AS Number—The autonomous system number of the destination.
Protocol ID—A code that represents the routing protocol that learned the destination route.
Tag—An arbitrary tag that can be used for route maps.
Metric—The route metric for this route from the external routing protocol.
EIGRP and the Unicast RIB
EIGRP adds all learned routes to the EIGRP topology table and the unicast RIB. When a topology change occurs, EIGRP uses these routes to search for a feasible successor. EIGRP also listens for notifications from the unicast RIB for changes in any routes redistributed to EIGRP from another routing protocol.
Advanced EIGRP
You can use the advanced features of EIGRP to optimize your EIGRP configuration. This section includes the following topics:
•
•
•
•
•
•
Route Redistribution, page 7-6
•
•
•
•
Virtualization Support, page 7-7
7-4
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 7 Configuring EIGRP
Information About EIGRP
Address Families
EIGRP supports the IPv4 and IPv6 address families.
Address family configuration mode includes the following EIGRP features:
•
•
Authentication
AS number
•
•
•
Default route
Metrics
Distance
Graceful restart •
•
•
Logging
Load balancing
•
•
•
Redistribution
Router ID
•
Stub router
Timers
You cannot configure the same feature in more than one configuration mode. For example, if you configure the default metric in router configuration mode, you cannot configure the default metric in address family mode.
Authentication
You can configure authentication on EIGRP messages to prevent unauthorized or invalid routing updates in your network. EIGRP authentication supports MD5 authentication digest.
You can configure the EIGRP authentication per virtual routing and forwarding (VRF) instance or interface using key-chain management for the authentication keys. Key-chain management allows you to control changes to the authentication keys used by MD5 authentication digest. See the Cisco Nexus
6000 Series NX-OS Security Configuration Guide, Release 7.x, for more details about creating key-chains.
For MD5 authentication, you configure a password that is shared at the local router and all remote
EIGRP neighbors. When an EIGRP message is created, Cisco NX-OS creates an MD5 one-way message digest based on the message itself and the encrypted password and sends this digest along with the
EIGRP message. The receiving EIGRP neighbor validates the digest using the same encrypted password.
If the message has not changed, the calculation is identical and the EIGRP message is considered valid.
MD5 authentication also includes a sequence number with each EIGRP message that is used to ensure that no message is replayed in the network.
Stub Routers
You can use the EIGRP stub routing feature to improve network stability, reduce resource usage, and simplify stub router configuration. Stub routers connect to the EIGRP network through a remote router.
See the
“Stub Routing” section on page 1-7 .
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
7-5
Chapter 7 Configuring EIGRP
Information About EIGRP
When using EIGRP stub routing, you need to configure the distribution and remote routers to use EIGRP and configure only the remote router as a stub. EIGRP stub routing does not automatically enable summarization on the distribution router. In most cases, you need to configure summarization on the distribution routers.
Without EIGRP stub routing, even after the routes that are sent from the distribution router to the remote router have been filtered or summarized, a problem might occur. For example, if a route is lost somewhere in the corporate network, EIGRP could send a query to the distribution router. The distribution router could then send a query to the remote router even if routes are summarized. If a problem communicating over the WAN link between the distribution router and the remote router occurs,
EIGRP could get stuck in active condition and cause instability elsewhere in the network. EIGRP stub routing allows you to prevent queries to the remote router.
Route Summarization
You can configure a summary aggregate address for a specified interface. Route summarization simplifies route tables by replacing a number of more-specific addresses with an address that represents all the specific addresses. For example, you can replace 10.1.1.0/24, 10.1.2.0/24, and 10.1.3.0/24 with one summary address, 10.1.0.0/16.
If more specific routes are in the routing table, EIGRP advertises the summary address from the interface with a metric equal to the minimum metric of the more specific routes.
Note EIGRP does not support automatic route summarization.
Route Redistribution
You can use EIGRP to redistribute direct routes, static routes, routes learned by other EIGRP autonomous systems, or routes from other protocols. You configure route map with the redistribution to control which routes are passed into EIGRP. A route map allows you to filter routes based on attributes
such as the destination, origination protocol, route type, route tag, and so on. See Chapter 14,
“Configuring Route Policy Manager.”
You also configure the default metric that is used for all imported routes into EIGRP.
Load Balancing
You can use load balancing to allow a router to distribute traffic over all the router network ports that are the same distance from the destination address. Load balancing increases the utilization of network segments, which increases effective network bandwidth.
Cisco NX-OS supports the Equal Cost Multiple Paths (ECMP) feature with up to 64 equal-cost paths in the EIGRP route table and the unicast RIB. You can configure EIGRP to load balance traffic across some or all of those paths.
Note EIGRP in Cisco NX-OS does not support unequal cost load balancing.
Split Horizon
You can use split horizon to ensure that EIGRP never advertises a route out of the interface where it was learned.
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
7-6 OL-30923-01
Chapter 7 Configuring EIGRP
Licensing Requirements for EIGRP
Split horizon is a method that controls the sending of EIGRP update and query packets. When you enable split horizon on an interface, Cisco NX-OS does not send update and query packets for destinations that were learned from this interface. Controlling update and query packets in this manner reduces the possibility of routing loops.
Split horizon with poison reverse configures EIGRP to advertise a learned route as unreachable back through that the interface that EIGRP learned the route from.
EIGRP uses split horizon or split horizon with poison reverse in the following scenarios:
•
•
Exchanging topology tables for the first time between two routers in startup mode.
Advertising a topology table change.
• Sending a query message.
By default, the split horizon feature is enabled on all interfaces.
BFD
This feature supports bidirectional forwarding detection (BFD). BFD is a detection protocol designed to provide fast forwarding-path failure detection times. BFD provides subsecond failure detection between two adjacent devices and can be less CPU-intensive than protocol hello messages because some of the
BFD load can be distributed onto the data plane on supported modules. See the Cisco Nexus 6000 Series
NX-OS Interfaces Configuration Guide, Release 7.x
for more information.
Virtualization Support
Cisco NX-OS supports multiple instances of the EIGRP protocol that runs on the same system. EIGRP supports Virtual Routing and Forwarding instances (VRFs).
By default, every instance uses the same system router ID. You can optionally configure a unique router
ID for each instance.
Licensing Requirements for EIGRP
The following table shows the licensing requirements for this feature:
Product License Requirement
Cisco NX-OS EIGRP requires a LAN Base Services license. For a complete explanation of the Cisco NX-OS licensing scheme and how to obtain and apply licenses, see the Cisco NX-OS Licensing Guide.
Prerequisites for EIGRP
EIGRP has the following prerequisites:
You must enable the EIGRP feature (see the
“Enabling the EIGRP Feature” section on page 7-9
).
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
7-7
Chapter 7 Configuring EIGRP
Guidelines and Limitations
Guidelines and Limitations
EIGRP has the following configuration guidelines and limitations:
• When you configure a table map, administrative distance of the routes and the metric, the configuration commands make the EIGRP neighbours to flap. This is an expected behavior.
•
•
A metric configuration (either through the default-metric configuration option or through a route map) is required for redistribution from any other protocol, connected routes, or static routes (see
Chapter 14, “Configuring Route Policy Manager”
).
For graceful restart, an NSF-aware router must be up and completely converged with the network before it can assist an NSF-capable router in a graceful restart operation.
•
•
•
•
•
For graceful restart, neighboring switches participating in the graceful restart must be NSF-aware or NSF-capable.
Cisco NX-OS EIGRP is compatible with EIGRP in the Cisco IOS software.
Do not change the metric weights without a good reason. If you change the metric weights, you must apply the change to all EIGRP routers in the same autonomous system.
Consider using stubs for larger networks.
•
•
•
•
•
Avoid redistribution between different EIGRP autonomous systems because the EIGRP vector metric will not be preserved.
The no ip next-hop-self command does not guarantee reachability of the next hop.
The ip passive-interface eigrp command suppresses neighbors from forming.
Cisco NX-OS does not support IGRP or connecting IGRP and EIGRP clouds.
Autosummarization is not enabled by default.
Cisco NX-OS supports only IP.
Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Default Settings
Table 7-1 lists the default settings for EIGRP parameters.
Table 7-1 Default EIGRP Parameters
Parameters
Administrative distance
Bandwidth percent
Default
• Internal routes—90
• External routes—170
50 percent
7-8
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 7 Configuring EIGRP
Configuring Basic EIGRP
Table 7-1 Default EIGRP Parameters (continued)
Parameters
Default metric for redistributed routes
EIGRP feature
Hello interval
Hold time
Equal-cost paths
Metric weights
Next-hop address advertised
NSF convergence time
NSF route-hold time
NSF signal time
Redistribution
Split horizon
Default
• bandwidth—100000 Kb/s
•
• delay—100 (10 microsecond units) reliability—255
•
• loading—1
MTU—1500
Disabled
5 seconds
15 seconds
8
1 0 1 0 0
IP address of local interface
120
240
20
Disabled
Enabled
Configuring Basic EIGRP
•
•
•
This section includes the following topics:
•
•
Enabling the EIGRP Feature, page 7-9
Creating an EIGRP Instance, page 7-10
Restarting an EIGRP Instance, page 7-12
Shutting Down an EIGRP Instance, page 7-13
Shutting Down EIGRP on an Interface, page 7-13
Enabling the EIGRP Feature
You must enable the EIGRP feature before you can configure EIGRP.
SUMMARY STEPS
1.
2.
3.
4.
configure terminal feature eigrp
(Optional) show feature
(Optional) copy running-config startup-config
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
7-9
Chapter 7 Configuring EIGRP
Configuring Basic EIGRP
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 feature eigrp
Example: switch(config)# feature eigrp
Step 3 show feature
Example: switch(config)# show feature
Step 4 copy running-config startup-config
Example: switch(config)# copy running-config startup-config
Purpose
Enters configuration mode.
Enables the EIGRP feature.
(Optional) Displays information about enabled features.
(Optional) Saves this configuration change.
Use the no feature eigrp command to disable the EIGRP feature and remove all associated configuration.
Command no feature eigrp
Example: switch(config)# no feature eigrp
Purpose
Disables the EIGRP feature and removes all associated configuration.
Creating an EIGRP Instance
You can create an EIGRP instance and associate an interface with that instance. You assign a unique autonomous system number for this EIGRP process (see the
redistribution.
BEFORE YOU BEGIN
Ensure that you have enabled the EIGRP feature (see the
“Enabling the EIGRP Feature” section on page 7-9 ).
EIGRP must be able to obtain a router ID (for example, a configured loopback address) or you must configure the router ID option.
SUMMARY STEPS
1.
2.
If you configure an instance tag that does not qualify as an AS number, you must configure the AS number explicitly or this EIGRP instance will remain in the shutdown state.
configure terminal
7-10
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 7 Configuring EIGRP
Configuring Basic EIGRP
9.
10.
7.
8.
5.
6.
3.
4.
router eigrp instance-tag
(Optional) log-adjacency-changes
(Optional) log-neighbor-warnings [ seconds ] interface interface-type slot/port no switchport ip router eigrp instance-tag show ip eigrp interfaces
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 router eigrp instance-tag
Example: switch(config)# router eigrp Test1 switch(config-router)#
Purpose
Enters configuration mode.
Step 3 log-adjacency-changes
Example: switch(config-router)# log-adjacency-changes
Step 4 log-neighbor-warnings [ seconds ]
Example : switch(config-router)# log-neighbor-warnings
Step 5 interface interface-type slot/port
Example: switch(config-router)# interface ethernet 1/2 switch(config-if)#
Step 6 no switchport
Example: switch(config-if)# no switchport
Creates a new EIGRP process with the configured instance tag. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
If you configure an instance-tag that does not qualify as an AS number, you must use the autonomous-system command to configure the AS number explicitly or this EIGRP instance will remain in the shutdown state.
(Optional). Generates a system message whenever an adjacency changes state. This command is enabled by default.
(Optional) Generates a system message whenever a neighbor warning occurs. You can configure the time between warning messages, from 1 to 65535, in seconds. The default is 10 seconds. This command is enabled by default.
Enters interface configuration mode. Use ?
to determine the slot and port ranges.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port .
Configures the interface as a Layer 3 routed interface.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
7-11
Chapter 7 Configuring EIGRP
Configuring Basic EIGRP
Command
Step 7 ip router eigrp instance-tag
Example : switch(config-if)# ip router eigrp Test1
Step 8 show ip eigrp interfaces
Purpose
Associates this interface with the configured EIGRP process. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
Displays information about EIGRP interfaces.
Example : switch(config-if)# show ip eigrp interfaces
Step 9 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config)# copy running-config startup-config
Use the no router eigrp command to remove the EIGRP process and the associated configuration.
Command no router eigrp instance-tag
Example: switch(config)# no router eigrp Test1
Purpose
Deletes the EIGRP process and all associated configuration.
Note You should also remove any EIGRP commands configured in interface mode if you remove the EIGRP process.
This example shows how to create an EIGRP process and configure an interface for EIGRP: switch# configure terminal switch(config-router)# router eigrp Test1 switch(config-router)# address-family ipv4 unicast switch(config-router-af)# autonomous-system 1 switch(config-router-af)# exit switch(config-router)# exit switch(config)# interface ethernet 1/2 switch(config-if)# no switchport switch(config-if)# ipv6 router eigrp Test1 switch(config-if)# no shutdown switch(config-if)# copy running-config startup-config
For more information about other EIGRP parameters, see the
“Configuring Advanced EIGRP” section on page 7-14
.
Restarting an EIGRP Instance
You can restart an EIGRP instance. This clears all neighbors for the instance.
To restart an EIGRP instance and remove all associated neighbors, use the following commands:
7-12
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 7 Configuring EIGRP
Configuring Basic EIGRP
Command flush-routes
Example: switch(config)# flush-routes restart eigrp instance-tag
Example: switch(config)# restart eigrp Test1
Purpose
(Optional) Flushes all EIGRP routes in the unicast
RIB when this EIGRP instance restarts.
Restarts the EIGRP instance and removes all neighbors. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
Shutting Down an EIGRP Instance
You can gracefully shut down an EIGRP instance. This action emoves all routes and adjacencies but preserves the EIGRP configuration.
To disable an EIGRP instance, use the following command in address family mode:
Command switch(config-router-af)# shutdown
Example: switch(config-router-af)# shutdown
Purpose
Disables this instance of EIGRP. The EIGRP router configuration remains.
Configuring a Passive Interface for EIGRP
You can configure a passive interface for EIGRP. A passive interface does not participate in EIGRP adjacency but the network address for the interfacee remains in the EIGRP topology table.
To configure a passive interface for EIGRP, use the following command in interface configuration mode:
Command ip passive-interface eigrp instance-tag
Purpose
Suppresses EIGRP hellos, which prevents neighbors from forming and sending routing updates on an
EIGRP interface. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
Shutting Down EIGRP on an Interface
You can gracefully shut down EIGRP on an interface. This action removes all adjacencies and stops
EIGRP traffic on this interface but preserves the EIGRP configuration.
To disable EIGRP on an interface, use the following command in interface configuration mode:
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
7-13
Chapter 7 Configuring EIGRP
Configuring Advanced EIGRP
Command switch(config-if)# ip eigrp instance-tag shutdown
Example: switch(config-router)# ip eigrp Test1 shutdown
Purpose
Disables EIGRP on this interface. The EIGRP interface configuration remains. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
Configuring Advanced EIGRP
This section includes the following topics:
•
•
•
•
•
•
•
•
•
•
Configuring Authentication in EIGRP, page 7-14
Configuring EIGRP Stub Routing, page 7-16
Configuring a Summary Address for EIGRP, page 7-17
Redistributing Routes into EIGRP, page 7-18
Limiting the Number of Redistributed Routes, page 7-20
Configuring Load Balancing in EIGRP, page 7-22
Adjusting the Interval Between Hello Packets and the Hold Time, page 7-25
Disabling Split Horizon, page 7-25
Configuring the Administrative Distance of Routes, page 7-28
Configuring Authentication in EIGRP
You can configure EIGRP authentication for the EIGRP process or for individual interfaces. Interface
EIGRP authentication configuration overrides the EIGRP process-level authentication configuration.
BEFORE YOU BEGIN
Ensure that you have enabled the EIGRP feature (see the
“Enabling the EIGRP Feature” section on page 7-9 ).
Ensure that all neighbors for an EIGRP process share the same authentication configuration, including the shared authentication key.
Create the key-chain for this authentication configuration. See the Cisco Nexus 6000 Series NX-OS
Security Configuration Guide, Release 7.x
.
SUMMARY STEPS
1.
2.
3.
configure terminal router eigrp instance-tag address-family ipv4 unicast
7-14
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 7 Configuring EIGRP
Configuring Advanced EIGRP
10.
11.
8.
9.
6.
7.
4.
5.
authentication key-chain key-chain authentication mode md5 interface interface-type slot/port no switchport ip router eigrp instance-tag ip authentication key-chain eigrp instance-tag key-chain ip authentication mode eigrp instance-tag md5
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Purpose
Enters configuration mode.
Example: switch# configure terminal switch(config)#
Step 2 router eigrp instance-tag
Example: switch(config)# router eigrp Test1 switch(config-router)#
Creates a new EIGRP process with the configured instance tag. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
Step 3 address-family { ipv4 unicast
If you configure an instance-tag that does not qualify as an AS number, you must use the autonomous-system command to configure the AS number explicitly or this EIGRP instance will remain in the shutdown state.
Enters the address-family configuration mode. This command is optional for IPv4.
Example: switch(config-router)# address-family ipv4 unicast switch(config-router-af)#
Step 4 authentication key-chain key-chain
Example: switch(config-router-af)# authentication key-chain routeKeys
Associates a key chain with this EIGRP process for this VRF. The key chain can be any case-sensitive, alphanumeric string up to 20 characters.
Step 5 authentication mode md5
Example: switch(config-router-af)# authentication mode md5
Configures MD5 message digest authentication mode for this VRF.
Step 6 interface interface-type slot/port
Example: switch(config-router-af) interface ethernet 1/2 switch(config-if)#
Enters interface configuration mode. Use ?
to find the supported interfaces.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port .
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
7-15
Chapter 7 Configuring EIGRP
Configuring Advanced EIGRP
Command
Step 7 no switchport
Example: switch(config-if)# no switchport
Step 8 { ip router eigrp instance-tag
Example : switch(config-if)# ip router eigrp Test1
Step 9 { ip authentication key-chain eigrp instance-tag key-chain
Associates this interface with the configured EIGRP process. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
Example: switch(config-if)# ip authentication key-chain eigrp Test1 routeKeys
Step 10 { ip authentication mode eigrp instance-tag md5
Example: switch(config-if)# ip authentication mode eigrp Test1 md5
Step 11 copy running-config startup-config
Associates a key chain with this EIGRP process for this interface. This configuration overrides the authentication configuration set in the router VRF mode.
The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
Configures the MD5 message digest authentication mode for this interface. This configuration overrides the authentication configuration set in the router VRF mode.
The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
(Optional) Saves this configuration change.
Example: switch(config)# copy running-config startup-config
Purpose
Configures the interface as a Layer 3 routed interface.
This example shows how to configure MD5 message digest authentication for EIGRP over Ethernet interface 1/2: switch# configure terminal switch(config)# router eigrp Test1 switch(config-router)# exit switch(config)# interface ethernet 1/2 switch(config-if)# no switchport switch(config-if)# ip router eigrp Test1 switch(config-if)# ip authentication key-chain eigrp Test1 routeKeys switch(config-if)# ip authentication mode eigrp Test1 md5 switch(config-if)# copy running-config startup-config
Configuring EIGRP Stub Routing
To configure a router for EIGRP stub routing, use the following command in address-family configuration mode:
7-16
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 7 Configuring EIGRP
Configuring Advanced EIGRP
Command switch(config-router-af)# stub [ direct | receive-only | redistributed [ direct ] leak-map map-name ]
Example: switch(config-router-af)# eigrp stub redistributed
Purpose
Configures a remote router as an EIGRP stub router.
The map name can be any case-sensitive, alphanumeric string up to 20 characters.
This example shows how to configure a stub router to advertise directly connected and redistributed routes: switch# configure terminal switch(config)# router eigrp Test1 switch(config-router)# address-family ipv4 unicast switch(config-router-af)# stub direct redistributed switch(config-router-af)# copy running-config startup-config
Use the show ip eigrp neighbor detail command to verify that a router has been configured as a stub router. The last line of the output shows the stub status of the remote or spoke router. This example shows the output from the show ip eigrp neighbor detail command:
Router# show ip eigrp neighbor detail
IP-EIGRP neighbors for process 201
H Address Interface Hold Uptime SRTT RTO Q Seq Type
(sec) (ms) Cnt Num
0 10.1.1.2 Se3/1 11 00:00:59 1 4500 0 7
Version 12.1/1.2, Retrans: 2, Retries: 0
Stub Peer Advertising ( CONNECTED SUMMARY ) Routes
Configuring a Summary Address for EIGRP
You can configure a summary aggregate address for a specified interface. If any more specific routes are in the routing table, EIGRP will advertise the summary address out the interface with a metric equal to the minimum of all more specific routes. See the
“Route Summarization” section on page 7-6 .
To configure a summary aggregate address, use the following command in interface configuration mode:
Command switch(config-if)# { ip summary-address eigrp instance-tag ip-prefix/length
[ distance | leak-map map-name ]
Example: switch(config-if)# ip summary-address eigrp Test1 192.0.2.0/8
Purpose
Configures a summary aggregate address as either an IP address and network mask, or an IP prefix/length. The instance tag and map name can be any case-sensitive, alphanumeric string up to 20 characters.
You can optionally configure the administrative distance for this aggregate address. The default administrative distance is 5 for aggregate addresses.
This example causes EIGRP to summarize network 192.0.2.0 out Ethernet 1/2 only:
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
7-17
Chapter 7 Configuring EIGRP
Configuring Advanced EIGRP switch(config)# interface ethernet 1/2 switch(config-if)# no switchport switch(config-if)# ip summary-address eigrp Test1 192.0.2.0 255.255.255.0
Redistributing Routes into EIGRP
You can redistribute routes in EIGRP from other routing protocols.
Note Redistribution does not work if the access list is used as a match option in route-maps.
BEFORE YOU BEGIN
Ensure that you have enabled the EIGRP feature (see the
“Enabling the EIGRP Feature” section on page 7-9 ).
You must configure the metric (either through the default-metric configuration option or through a route map) for routes redistributed from any other protocol.
You must create a route map to control the types of routes that are redistributed into EIGRP. See
Chapter 14, “Configuring Route Policy Manager.”
SUMMARY STEPS
5.
6.
7.
3.
4.
1.
2.
configure terminal router eigrp instance-tag address-family ipv4 unicast redistribute { bgp as | { eigrp | ospf | ospfv3 | rip } instance-tag | direct | static } route-map name default-metric bandwidth delay reliability loading mtu show ip eigrp route-map statistics redistribute
(Optional) copy running-config startup-config
7-18
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 7 Configuring EIGRP
Configuring Advanced EIGRP
DETAILED STEPS
Command
Step 1 configure terminal
Purpose
Enters configuration mode.
Example: switch# configure terminal switch(config)#
Step 2 router eigrp instance-tag
Example: switch(config)# router eigrp Test1 switch(config-router)#
Step 3 address-family { ipv4 unicast
Creates a new EIGRP process with the configured instance tag. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
If you configure an instance-tag that does not qualify as an AS number, you must use the autonomous-system command to configure the AS number explicitly or this EIGRP instance will remain in the shutdown state.
Enters the address-family configuration mode.
This command is optional for IPv4.
Example: switch(config-router)# address-family ipv4 unicast switch(config-router-af)#
Step 4 redistribute { bgp as | { eigrp | ospf | ospfv3 | rip } instance-tag | direct | static } route-map name
Example: switch(config-router-af)# redistribute bgp 100 route-map BGPFilter
Injects routes from one routing domain into
EIGRP. The instance tag and map name can be any case-sensitive, alphanumeric string up to
20 characters.
Step 5 default-metric bandwidth delay reliability loading mtu
Example : switch(config-router-af)# default-metric
500000 30 200 1 1500
Sets the metrics assigned to routes learned through route redistribution. The default values are as follows:
• bandwidth—100000 Kb/s
•
• delay—100 (10 microsecond units) reliability—255
Step 6 show { ip eigrp route-map statistics redistribute
•
• loading—1
MTU—1492
Displays information about EIGRP route map statistics.
Example : switch(config-router-af)# show ip eigrp route-map statistics redistribute bgp
Step 7 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config)# copy running-config startup-config
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
7-19
Chapter 7 Configuring EIGRP
Configuring Advanced EIGRP
This example shows how to redistribute BGP into EIGRP for IPv4: switch# configure terminal switch(config)# router eigrp Test1 switch(config-router)# redistribute bgp 100 route-map BGPFilter switch(config-router)# default-metric 500000 30 200 1 1500 switch(config-router)# copy running-config startup-config
Limiting the Number of Redistributed Routes
Route redistribution can add many routes to the EIGRP route table. You can configure a maximum limit to the number of routes accepted from external protocols. EIGRP provides the following options to configure redistributed route limits:
•
•
Fixed limit—Logs a message when EIGRP reaches the configured maximum. EIGRP does not accept any more redistributed routes. You can optionally configure a threshold percentage of the maximum where EIGRP will log a warning when that threshold is passed.
Warning only—Logs a warning only when EIGRP reaches the maximum. EIGRP continues to accept redistributed routes.
• Withdraw—Start the timeout period when EIGRP reaches the maximum. After the timeout period,
EIGRP requests all redistributed routes if the current number of redistributed routes is less than the maximum limit. If the current number of redistributed routes is at the maximum limit, EIGRP withdraws all redistributed routes. You must clear this condition before EIGRP accepts more redistributed routes.
You can optionally configure the timeout period.
BEFORE YOU BEGIN
Ensure that you have enabled the EIGRP feature (see the
“Enabling the EIGRP Feature” section on page 7-9 ).
SUMMARY STEPS
3.
4.
1.
2.
5.
6.
configure terminal router eigrp instance-tag redistribute { bgp id | direct | eigrp id | ospf id | rip id | static } route-map map-name redistribute maximum-prefix max [ threshold ] [ warning-only | withdraw [ num-retries timeout ]]
(Optional) show running-config eigrp
(Optional) copy running-config startup-config
7-20
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 7 Configuring EIGRP
Configuring Advanced EIGRP
DETAILED STEPS
Command
Step 1 configure terminal
Purpose
Enters configuration mode.
Example: switch# configure terminal switch(config)#
Step 2 router eigrp instance-tag Creates a new EIGRP instance with the configured instance tag.
Example: switch(config)# router eigrp Test1 switch(config-router)#
Step 3 redistribute { bgp id | direct | eigrp id
| ospf id | rip id | static } route-map map-name
Redistributes the selected protocol into EIGRP through the configured route map.
Example: switch(config-router)# redistribute bgp route-map FilterExternalBGP
Step 4 redistribute maximum-prefix max
[ threshold ] [ warning-only | withdraw
[ num-retries timeout ]]
Example: switch(config-router)# redistribute maximum-prefix 1000 75 warning-only
Step 5 show running-config eigrp
Specifies a maximum number of prefixes that EIGRP will distribute. The range is from 0 to 65536.
Optionally specifies the following:
•
• threshold —Percent of maximum prefixes that will trigger a warning message.
warning-only —Logs an warning message when the maximum number of prefixes is exceeded.
• withdraw —Withdraws all redistributed routes.
Optionally tries to retrieve the redistributed routes. The num-retries range is from 1 to 12. The timeout is from 60 to 600 seconds. The default is
300 seconds. Use clear ip eigrp redistribution if all routes are withdrawn.
(Optional) Displays the EIGRP configuration.
Example: switch(config-router)# show running-config eigrp
Step 6 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config-router)# copy running-config startup-config
This example shows how to limit the number of redistributed routes into EIGRP: switch# configure terminal switch(config)# router eigrp Test1 switch(config-router)# redistribute bgp route-map FilterExternalBGP switch(config-router)# redistribute maximum-prefix 1000 75
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
7-21
Chapter 7 Configuring EIGRP
Configuring Advanced EIGRP
Configuring Load Balancing in EIGRP
You can configure load balancing in EIGRP. You can configure the number of Equal Cost Multiple Path
(ECMP) routes using the maximum paths option. See the
“Configuring Load Balancing in EIGRP” section on page 7-22 .
BEFORE YOU BEGIN
Ensure that you have enabled the EIGRP feature (see the
“Enabling the EIGRP Feature” section on page 7-9 ).
SUMMARY STEPS
3.
4.
1.
2.
5.
configure terminal router eigrp instance-tag address-family ipv4 unicast maximum-paths num-paths
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 router eigrp instance-tag
Example: switch(config)# router eigrp Test1 switch(config-router)#
Step 3 address-family { ipv4 unicast
Example: switch(config-router)# address-family ipv4 unicast switch(config-router-af)#
Purpose
Enters configuration mode.
Creates a new EIGRP process with the configured instance tag. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
If you configure an instance-tag that does not qualify as an AS number, you must use the autonomous-system command to configure the AS number explicitly or this EIGRP instance will remain in the shutdown state.
Enters the address-family configuration mode.
This command is optional for IPv4.
7-22
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 7 Configuring EIGRP
Configuring Advanced EIGRP
Command
Step 4 maximum-paths num-paths
Example: switch(config-router-af)# maximum-paths 5
Step 5 copy running-config startup-config
Example: switch(config-router-af)# copy running-config startup-config
Purpose
Sets the number of equal cost paths that
EIGRP will accept in the route table. The range is from 1 to 64. The default is 8.
(Optional) Saves this configuration change.
This example shows how to configure equal cost load balancing for EIGRP over IPv4 with a maximum of six equal cost paths: switch# configure terminal switch(config)# router eigrp Test1 switch(config-router)# maximum-paths 6 switch(config-router)# copy running-config startup-config
Configuring Graceful Restart for EIGRP
You can configure graceful restart or nonstop forwarding for EIGRP. See the “Graceful Restart” section on page 4-7 .
Note Graceful restart is enabled by default.
BEFORE YOU BEGIN
Ensure that you have enabled the EIGRP feature (see the
“Enabling the EIGRP Feature” section on page 7-9
).
An NSF-aware router must be up and completely converged with the network before it can assist an
NSF-capable router in a graceful restart operation.
Neighboring switches participating in the graceful restart must be NSF-aware or NSF-capable.
SUMMARY STEPS
7.
8.
5.
6.
3.
4.
1.
2.
configure terminal router eigrp instance-tag address-family ipv4 unicast graceful-restart timers nsf converge seconds timers nsf route-hold seconds timers nsf signal seconds
(Optional) copy running-config startup-config
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
7-23
Chapter 7 Configuring EIGRP
Configuring Advanced EIGRP
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 router eigrp instance-tag
Purpose
Enters configuration mode.
Example: switch(config)# router eigrp Test1 switch(config-router)#
Creates a new EIGRP process with the configured instance tag. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
If you configure an instance-tag that does not qualify as an AS number, you must use the autonomous-system command to configure the AS number explicitly or this EIGRP instance will remain in the shutdown state.
Enters the address-family configuration mode.
This command is optional for IPv4.
Step 3 address-family { ipv4 unicast
Example: switch(config-router)# address-family ipv4 unicast switch(config-router-af)#
Step 4 graceful-restart
Example: switch(config-router-af)# graceful-restart
Step 5 timers nsf converge seconds
Enables graceful restart. This feature is enabled by default.
Example : switch(config-router-af)# timers nsf converge
100
Step 6 timers nsf route-hold seconds
Example : switch(config-router-af)# timers nsf route-hold 200
Step 7 timers nsf signal seconds
Example : switch(config-router-af)# timers nsf signal 15
Step 8 copy running-config startup-config
Example: switch(config-router-af)# copy running-config startup-config
Sets the time limit for the convergence after a switchover. The range is from 60 to 180 seconds. The default is 120.
Sets the hold time for routes learned from the graceful restart-aware peer. The range is from
20 to 300 seconds. The default is 240.
Sets the time limit for signaling a graceful restart. The range is from 10 to 360 seconds.
(Optional) Saves this configuration change.
This example shows how to configure graceful restart for EIGRP over IPv4 using the default timer values: switch# configure terminal switch(config)# router eigrp Test1 switch(config-router)# address-family ipv4 unicast switch(config-router-af)# graceful-restart switch(config-router-af)# copy running-config startup-config
7-24
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 7 Configuring EIGRP
Configuring Advanced EIGRP
Adjusting the Interval Between Hello Packets and the Hold Time
You can adjust the interval between hello messages and the hold time.
By default, hello messages are sent every 5 seconds. The hold time is advertised in hello messages and indicates to neighbors the length of time that they should consider the sender valid. The default hold time is three times the hello interval, or 15 seconds.
To change the interval between hello packets, use the following command in interface configuration mode:
Command switch(config-if)# { ip hello-interval eigrp instance-tag seconds
Example: switch(config-if)# ip hello-interval eigrp Test1 30
Purpose
Configures the hello interval for an EIGRP routing process. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters. The range is from 1 to 65535 seconds. The default is 5.
On very congested and large networks, the default hold time might not be sufficient time for all routers to receive hello packets from their neighbors. In this case, you might want to increase the hold time.
To change the hold time, use the following command in interface configuration mode:
Command switch(config-if)# { ip hold-time eigrp instance-tag seconds
Example: switch(config-if)# ip hold-time eigrp
Test1 30
Purpose
Configures the hold time for an EIGRP routing process.
The instance tag can be any case-sensitive, alphanumeric string up to 20 characters. The range is from 1 to 65535.
Use the show ip eigrp interface detail command to verify timer configuration.
Disabling Split Horizon
You can use split horizon to block route information from being advertised by a router out of any interface from which that information originated. Split horizon usually optimizes communications among multiple routing switches, particularly when links are broken.
By default, split horizon is enabled on all interfaces.
To disable split horizon, use the following command in interface configuration mode:
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
7-25
Chapter 7 Configuring EIGRP
Configuring Advanced EIGRP
Command switch(config-if)# no { ip split-horizon eigrp instance-tag
Example: switch(config-if)# no ip split-horizon eigrp
Test1
Purpose
Disables split horizon.
Tuning EIGRP
You can configure optional parameters to tune EIGRP for your network.
You can configure the following optional parameters in address-family configuration mode:
Command default-information originate [ always | route-map map-name ]
Example: switch(config-router-af)# default-information originate always distance internal external
Example : switch(config-router-af)# distance 25 100 metric maximum-hops hop-count
Example: switch(config-router-af)# metric maximum-hops 70
Purpose
Originates or accepts the default route with prefix
0.0.0.0/0. When a route map is supplied, the default route is originated only when the route map yields a true condition. The map name can be any case-sensitive, alphanumeric string up to 20 characters.
Configures the administrative distance for this
EIGRP process. The range is from 1 to 255. The internal value sets the distance for routes learned from within the same autonomous system (the default value is 90). The external value sets the distance for routes learned from an external autonomous system (the default value is 170).
Sets maximum allowed hops for an advertised route. Routes over this maximum are advertised as unreachable. The range is from 1 to 255. The default is 100.
7-26
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 7 Configuring EIGRP
Configuring Advanced EIGRP
Command Purpose metric weights tos k1 k2 k3 k4 k5
Example: switch(config-router-af)# metric weights 0
1 3 2 1 0
Adjusts the EIGRP metric or K value. EIGRP uses the following formula to determine the total metric to the network: metric = [k1*bandwidth + (k2*bandwidth)/(256 – load) + k3*delay] * [k5/(reliability + k4)]
Default values and ranges are as follows:
• TOS—0. The range is from 0 to 8.
•
• k1—1. The range is from 0 to 255.
k2—0. The range is from 0 to 255.
timers active-time { time-limit | disabled }
Example : switch(config-router-af)# timers active-time 200.
•
• k3—1. The range is from 0 to 255.
k4—0. The range is from 0 to 255.
• k5—0. The range is from 0 to 255.
Sets the time the router waits in minutes (after sending a query) before declaring the route to be stuck in the active (SIA) state. The range is from 1 to 65535. The default is 3.
You can configure the following optional parameters in interface configuration mode:
Command
{ ip bandwidth eigrp instance-tag bandwidth
Example: switch(config-if)# ip bandwidth eigrp
Test1 30000
{ ip bandwidth-percent eigrp instance-tag percent
Example: switch(config-if)# ip bandwidth-percent eigrp Test1 30 no ip delay eigrp instance-tag delay
Example: switch(config-if)# ip delay eigrp Test1
100
{ ip distribute-list eigrp instance-tag
{ prefix-list name | route-map name} { in | out }
Purpose
Configures the bandwidth metric for EIGRP on an interface. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters. The bandwidth range is from 1 to
2,560,000,000 Kb/s.
Configures the percentage of bandwidth that
EIGRP might use on an interface. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
The percent range is from 0 to 100. The default is
50.
Configures the delay metric for EIGRP on an interface. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters. The delay range is from 1 to 16777215
(in tens of microseconds).
Configures the route filtering policy for EIGRP on this interface. The instance tag, prefix list name, and route map name can be any case-sensitive, alphanumeric string up to 20 characters.
Example: switch(config-if)# ip distribute-list eigrp Test1 route-map EigrpTest in
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
7-27
Chapter 7 Configuring EIGRP
Configuring Advanced EIGRP
Command no { ip next-hop-self eigrp instance-tag
Example: switch(config-if)# ip next-hop-self eigrp
Test1
{ ip offset-list eigrp instance-tag
{ prefix-list name | route-map name} { in | out } offset
Example: switch(config-if)# ip offfset-list eigrp
Test1 prefix-list EigrpList in
{ ip passive-interface eigrp instance-tag
Purpose
Configures EIGRP to use the received next-hop address rather than the address for this interface.
The default is to use the IP address of this interface for the next-hop address. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
Adds an offset to incoming and outgoing metrics to routes learned by EIGRP. The instance tag, prefix list name, and route map name can be any case-sensitive, alphanumeric string up to 20 characters.
Example: switch(config-if)# ip passive-interface eigrp Test1
Suppresses EIGRP hellos, which prevents neighbors from forming and sending routing updates on an EIGRP interface. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
Configuring the Administrative Distance of Routes
You can set the administrative distance of routes added by EIGRP into the RIB.
BEFORE YOU BEGIN
You must enable EIGRP.
Ensure that you are in the correct VDC (or use the switchto vdc command).
Step 1
Step 2
Step 3
Step 4
Enters global configuration mode.
switch# configure terminal
Creates a new EIGRP instance and enters router configuration mode.
switch(config)# router eigrp instance-tag
Configures a table map with route map information. You can enter up to 63 alphanumeric characters for the map name. The filter keyword filters routes rejected by the route map and does not download them to the RIB.
switch(config-router)# table-map route-map-name [ filter ]
(Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
switch(config)# copy running-config startup-config
7-28
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 7 Configuring EIGRP
Configuring Virtualization for EIGRP
Configuring Virtualization for EIGRP
You can create multiple VRFs and use the same or multiple EIGRP processes in each VRF. You assign an interface to a VRF.
Note Configure all other parameters for an interface after you configure the VRF for an interface. Configuring a VRF for an interface deletes all other configuration for that interface.
BEFORE YOU BEGIN
Ensure that you have enabled the EIGRP feature (see the
“Enabling the EIGRP Feature” section on page 7-9
).
SUMMARY STEPS
7.
8.
5.
6.
3.
4.
1.
2.
configure terminal vrf context vrf-name router eigrp instance-tag interface ethernet slot/port no switchport vrf member vrf-name ip router eigrp instance-tag
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 vrf context vrf-name
Example: switch(config)# vrf context
RemoteOfficeVRF switch(config-vrf)#
Step 3 router eigrp instance-tag
Example: switch(config)# router eigrp Test1 switch(config-router)#
Purpose
Enters configuration mode.
Creates a new VRF and enters VRF configuration mode. The VRN name can be any case-sensitive, alphanumeric string up to 20 characters.
Creates a new EIGRP process with the configured instance tag. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
If you configure an instance-tag that does not qualify as an AS number, you must use the autonomous-system command to configure the AS number explicitly or this EIGRP instance will remain in the shutdown state.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
7-29
Chapter 7 Configuring EIGRP
Verifying the EIGRP Configuration
Command
Step 4 interface ethernet slot/port
Example : switch(config)# interface ethernet 1/2 switch(config-if)#
Purpose
Enters interface configuration mode. Use ?
to find the slot and port ranges.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port .
Step 5 no switchport Configures the interface as a Layer 3 routed interface.
Example: switch(config-if)# no switchport
Step 6 vrf member vrf-name
Example: switch(config-if)# vrf member
RemoteOfficeVRF
Step 7 { ip router eigrp instance-tag
Adds this interface to a VRF. The VRF name can be any case-sensitive, alphanumeric string up to 20 characters.
Example : switch(config-if)# ip router eigrp Test1
Step 8 copy running-config startup-config
Adds this interface to the EIGRP process. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
(Optional) Saves this configuration change.
Example: switch(config-if)# copy running-config startup-config
This example shows how to create a VRF and add an interface to the VRF: switch# configure terminal switch(config)# vrf context NewVRF switch(config-vrf)# router eigrp Test1 switch(config-router)# interface ethernet 1/2 switch(config-if)# no switchport switch(config-if)# ip router eigrp Test1 switch(config-if)# vrf member NewVRF switch(config-if)# copy running-config startup-config
Verifying the EIGRP Configuration
To display the EIGRP configuration information, perform one of the following tasks:
Command show ip eigrp [ instance-tag ]
Purpose
Displays a summary of the configured EIGRP processes.
show ip eigrp [ instance-tag ] interfaces
[ type number ] [ brief ] [ detail ]
Displays information about all configured EIGRP interfaces.
show ip eigrp instance-tag neighbors [ type number ] [ detail ]
Displays information about all the EIGRP neighbors. Use this command to verify the EIGRP neighbor configuration.
7-30
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 7 Configuring EIGRP
Displaying EIGRP Statistics
Command show ip eigrp [ instance-tag ] route
[ ip-prefix/length ] [ active ] [ all-links ]
[ detail-links ] [ pending ] [ summary ]
[ zero-successors ] [ vrf vrf-name ] show ip eigrp [ instance-tag ] topology
[ ip-prefix/length ] [ active ] [ all-links ]
[ detail-links ] [ pending ] [ summary ]
[ zero-successors ] [ vrf vrf-name ] show running-configuration eigrp
Purpose
Displays information about all the EIGRP routes.
Displays information about the EIGRP topology table.
Displays the current running EIGRP configuration.
Displaying EIGRP Statistics
To display EIGRP statistics, use the following commands:
Command show ip eigrp [ instance-tag ] accounting
[ vrf vrf-name ] show ip eigrp [ instance-tag ] route-map statistics redistribute show ip eigrp [ instance-tag ] traffic [ vrf vrf-name ]
Purpose
Displays accounting statistics for EIGRP.
Displays redistribution statistics for EIGRP.
Displays traffic statistics for EIGRP.
Configuration Examples for EIGRP
This example shows how to configure EIGRP: feature eigrp interface ethernet 1/2 no switchport ip address 192.0.2.55/24 ip router eigrp Test1 no shutdown router eigrp Test1 router-id 192.0.2.1
Related Topics
See
Chapter 14, “Configuring Route Policy Manager”
for more information on route maps.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
7-31
Chapter 7 Configuring EIGRP
Additional References
Additional References
For additional information related to implementing EIGRP, see the following sections:
•
•
Related Documents
Related Topic
EIGRP CLI commands http://www.cisco.com/warp/public/103/1.html
http://www.cisco.com/en/US/tech/tk365/technologies
_q_and_a_item09186a008012dac4.shtml
Document Title
Cisco Nexus 6000 Series Command Reference, Cisco NX-OS
Releases 7.x
Introduction to EIGRP Tech Note
EIGRP Frequently Asked Questions
MIBs
MIBs
CISCO-EIGRP-MIB
MIBs Link
To locate and download MIBs, go to the following URL: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
7-32
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Configuring Basic BGP
C H A P T E R
8
This chapter describes how to configure Border Gateway Protocol (BGP) on a Cisco NX-OS switch.
This chapter includes the following sections:
•
•
•
•
•
•
•
•
•
•
•
•
•
Information About Basic BGP, page 8-1
Licensing Requirements for Basic BGP, page 8-7
Prerequisites for BGP, page 8-7
Guidelines and Limitations for BGP, page 8-7
CLI Configuration Modes, page 8-8
Configuring Basic BGP, page 8-10
Configuring Basic BGP, page 8-10
.Verifying the Basic BGP Configuration, page 8-20
Displaying BGP Statistics, page 8-22
Configuration Examples for Basic BGP, page 8-22
Additional References, page 8-23
Information About Basic BGP
Cisco NX-OS supports BGP version 4, which includes multiprotocol extensions that allow BGP to carry routing information for IP multicast routes and multiple Layer 3 protocol address families. BGP uses
TCP as a reliable transport protocol to create TCP sessions with other BGP-enabled switches.
BGP uses a path-vector routing algorithm to exchange routing information between BGP-enabled networking switches or
. Based on this information, each BGP speaker determines a path to reach a particular destination while detecting and avoiding paths with routing loops. The routing information includes the actual route prefix for a destination, the path of autonomous systems to the destination, and additional path attributes.
BGP selects a single path, by default, as the best path to a destination host or network. Each path carries well-known mandatory, well-known discretionary, and optional transitive attributes that are used in BGP best-path analysis. You can influence BGP path selection by altering some of these attributes by configuring BGP policies. See the
“Route Policies and Resetting BGP Sessions” section on page 9-3 for
more information.
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01 8-1
Chapter 8 Configuring Basic BGP
Information About Basic BGP
BGP also supports load balancing or equal-cost multipath (ECMP). See the
Multipath” section on page 9-6 for more information.
This section includes the following topics:
•
BGP Autonomous Systems, page 8-2
•
•
•
•
•
•
Administrative Distance, page 8-2
BGP Router Identifier, page 8-3
BGP and the Unicast RIB, page 8-7
BGP Autonomous Systems
(AS) is a network controlled by a single administration entity. An autonomous system forms a routing domain with one or more interior gateway protocols (IGPs) and a consistent set of routing policies. BGP supports 16-bit and 32-bit autonomous system numbers. For more information, see the
“Autonomous Systems” section on page 1-5
.
Separate BGP autonomous systems dynamically exchange routing information through external BGP
(eBGP) peering sessions. BGP speakers within the same autonomous system can exchange routing information through internal BGP (iBGP) peering sessions.
4-Byte AS Number Support
BGP supports 2-byte or 4-byte AS numbers. Cisco NX-OS displays 4-byte AS numbers in plain-text notation (that is, as 32-bit integers). You can configure 4-byte AS numbers as either plain-text notation
(for example, 1 to 4294967295), or AS.dot notation (for example, 1.0). For more information, see the
“Autonomous Systems” section on page 1-5 .
Administrative Distance
is a rating of the trustworthiness of a routing information source. By default,
BGP uses the administrative distances shown in
.
Table 8-1
Distance
External
Internal
Local
BGP Default Administrative Distances
Default Value
20
200
200
Function
Applied to routes learned from eBGP.
Applied to routes learned from iBGP.
Applied to routes originated by the router.
Note The administrative distance does not influence the BGP path selection algorithm, but it does influence whether BGP-learned routes are installed in the IP routing table.
8-2
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 8 Configuring Basic BGP
Information About Basic BGP
For more information, see the “Administrative Distance” section on page 1-7
.
BGP Peers
A BGP speaker does not discover another BGP speaker automatically. You must configure the relationships between BGP speakers. A
is a BGP speaker that has an active TCP connection to another BGP speaker.
BGP Sessions
BGP uses TCP port 179 to create a TCP session with a peer. When a TCP connection is established between peers, each BGP peer initially exchanges all of its routes—the complete BGP routing table—with the other peer. After this initial exchange, the BGP peers send only incremental updates when a topology change occurs in the network or when a routing policy change occurs. In the periods of inactivity between these updates, peers exchange special messages called
. The
the maximum time limit that can elapse between receiving consecutive BGP update or keepalive messages.
Cisco NX-OS supports the following peer configuration options:
• Individual IPv4 or IPv4 address—BGP establishes a session with the BGP speaker that matches the remote address and AS number.
•
•
IPv4 prefix peers for a single AS number—BGP establishes sessions with BGP speakers that match the prefix and the AS number.
Dynamic AS number prefix peers—BGP establishes sessions with BGP speakers that match the prefix and an AS number from a list of configured AS numbers.
Dynamis AS Numbers for Prefix Peers
Cisco NX-OS accepts a range or list of AS numbers to establish BGP sessions. For example, if you configure BGP to use IPv4 prefix 192.0.2.0/8 and AS numbers 33, 66, and 99, BGP establishes a session with 192.0.2.1 with AS number 66 but rejects a session from 192.0.2.2 with AS number 50.)
Cisco NX-OS does not associate prefix peers with dynamic AS numbers as either interior BGP (iBGP) or external BGP (eBGP) sessions until after the session is established. See
for more information on iBGP and eBGP.
Note The dynamic AS number prefix peer configuration overrides the individual AS number configuration that is inherited from a BGP template. See
Chapter 9, “Configuring Advanced BGP,”
for more information on templates.
BGP Router Identifier
To establish BGP sessions between peers, BGP must have a
router ID , which is sent to BGP peers in the
OPEN message when a BGP session is established. The BGP router ID is a 32-bit value that is often represented by an IPv4 address. You can configure the router ID. By default, Cisco NX-OS sets the router ID to the IPv4 address of a loopback interface on the router. If no loopback interface is configured
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
8-3
Chapter 8 Configuring Basic BGP
Information About Basic BGP on the router, then the software chooses the highest IPv4 address configured to a physical interface on the router to represent the BGP router ID. The BGP router ID must be unique to the BGP peers in a network.
If BGP does not have a router ID, it cannot establish any peering sessions with BGP peers.
BGP Path Selection
Although BGP might receive advertisements for the same route from multiple sources, BGP selects only one path as the best path. BGP puts the selected path in the IP routing table and propagates the path to its peers.
The best-path algorithm runs each time that a path is added or withdrawn for a given network. The best-path algorithm also runs if you change the BGP configuration. BGP selects the best path from the set of valid paths available for a given network.
Cisco NX-OS implements the BGP best-path algorithm in the following steps:
Step 1
Step 2
Step 3
Compares two paths to determine which is better (see the
“Step 1—Comparing Pairs of Paths” section on page 8-4
).
Iterates over all paths and determines in which order to compare the paths to select the overall best path
(see the
“Step 2—Determining the Order of Comparisons” section on page 8-6
).
Determines whether the old and new best paths differ enough so that the new best path should be used
(see the
“Step 3—Determining the Best-Path Change Suppression” section on page 8-6
).
Note The order of comparison determined in Part 2 is important. Consider the case where you have three paths, A, B, and C. When Cisco NX-OS compares A and B, it chooses A. When Cisco NX-OS compares
B and C, it chooses B. But when Cisco NX-OS compares A and C, it might not choose A because some
BGP metrics apply only among paths from the same neighboring autonomous system and not among all paths.
The path selection uses the the BGP AS-path attribute. The AS-path attribute includes the list of autonomous system numbers (AS numbers) traversed in the advertised path. If you subdivide your BGP autonomous system into a collection or confederation of autonomous systems, the AS path contains confederation segments that list these locally defined autonomous systems.
Step 1—Comparing Pairs of Paths
This first step in the BGP best-path algorithm compares two paths to determine which path is better. The following sequence describes the basic steps that Cisco NX-OS uses to compare two paths to determine the better path:
1.
2.
Cisco NX-OS chooses a valid path for comparison. (For example, a path that has an unreachable next hop is not valid.)
Cisco NX-OS chooses the path with the highest weight.
3.
4.
Cisco NX-OS chooses the path with the highest local preference.
If one of the paths is locally originated, Cisco NX-OS chooses that path.
8-4
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 8 Configuring Basic BGP
Information About Basic BGP
5.
Cisco NX-OS chooses the path with the shorter AS path.
Note When calculating the length of the AS path, Cisco NX-OS ignores confederation segments, and counts AS sets as 1. See the
“AS Confederations” section on page 9-4 for more information.
6.
7.
Cisco NX-OS chooses the path with the lower origin. Interior Gateway Protocol (IGP) is considered lower than EGP.
Cisco NX-OS chooses the path with the lower multi- exit discriminator (MED).
You can configure a number of options that affect whether or not this step is performed. In general,
Cisco NX-OS compares the MED of both paths if the paths were received from peers in the same autonomous system; otherwise, Cisco NX-OS skips the MED comparison.
You can configure Cisco NX-OS to always perform the best-path algorithm MED comparison, regardless of the peer autonomous system in the paths. See the
comparison that depends on the AS-path attributes of the two paths being compared: a.
If a path has no AS path or the AS path starts with an AS_SET, then the path is internal, and
Cisco NX-OS compares the MED to other internal paths.
b.
If the AS path starts with an AS_SEQUENCE, then the peer autonomous system is the first AS number in the sequence, and Cisco NX-OS compares the MED to other paths that have the same peer autonomous system.
c.
If the AS path contains only confederation segments or starts with confederation segments followed by an AS_SET, the path is internal and Cisco NX-OS compares the MED to other internal paths.
d.
If the AS path starts with confederation segments followed by an AS_SEQUENCE, then the peer autonomous system is the first AS number in the AS_SEQUENCE, and Cisco NX-OS compares the MED to other paths that have the same peer autonomous system.
Note If Cisco NX-OS receives no MED attribute with the path, then Cisco NX-OS considers the
MED to be 0 unless you configure the best-path algorithm to set a missing MED to the highest possible value. See the
“Tuning the Best-Path Algorithm” section on page 9-9 for
more information.
8.
9.
e.
If the nondeterministic MED comparison feature is enabled, the best path algorithm uses the
Cisco IOS style of MED comparison. See the
“Tuning the Best-Path Algorithm” section on page 9-9
for more information.
If one path is from an internal peer and the other path is from an external peer, then Cisco NX-OS chooses the path from the external peer.
If the paths have different IGP metrics to their next-hop addresses, then Cisco NX-OS chooses the path with the lower IGP metric.
10.
Cisco NX-OS uses the path that was selected by the best-path algorithm the last time that it was run.
If all path parameters in Step 1 through Step 9 are the same, then you can configure the best-path
algorithm to compare the router IDs. See the “Tuning the Best-Path Algorithm” section on page 9-9
for more information. If the path includes an originator attribute, then Cisco NX-OS uses that attribute as the router ID to compare to; otherwise, Cisco NX-OS uses the router ID of the peer that sent the path. If the paths have different router IDs, Cisco NX-OS chooses the path with the lower router ID.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
8-5
Chapter 8 Configuring Basic BGP
Information About Basic BGP
Note When using the attribute originator as the router ID, it is possible that two paths have the same router ID. It is also possible to have two BGP sessions with the same peer router, and therefore you can receive two paths with the same router ID.
11.
Cisco NX-OS selects the path with the shorter cluster length. If a path was not received with a cluster list attribute, the cluster length is 0.
12.
Cisco NX-OS chooses the path received from the peer with the lower IP address. Locally generated paths (for example, redistributed paths) have a peer IP address of 0.
Note Paths that are equal after step 9 can be used for multipath if you configure multipath. See the
Sharing and Multipath” section on page 9-6
for more information.
Step 2—Determining the Order of Comparisons
The second step of the BGP best-path algorithm implementation is to determins the order in which Cisco
NX-OS compares the paths:
1.
Cisco NX-OS partitions the paths into groups. Within each group Cisco NX-OS compares the MED among all paths. Cisco NX-OS uses the same rules as in the
this comparison results in one group being chosen for each neighbor autonomous system. If you configure the bgp bestpath med always command, then Cisco NX-OS chooses just one group that contains all the paths.
2.
3.
Cisco NX-OS determines the best path in each group by iterating through all paths in the group and keeping track of the best one so far. Cisco NX-OS compares each path with the temporary best path found so far and if the new path is better, it becomes the new temporary best path and Cisco NX-OS compares it with the next path in the group.
Cisco NX-OS forms a set of paths that contain the best path selected from each group in Step 2.
Cisco NX-OS selects the overall best path from this set of paths by going through them as in Step 2.
Step 3—Determining the Best-Path Change Suppression
The next part of the implementation is to determine whether Cisco NX-OS will use the new best path or suppress the new best path. The router can continue to use the existing best path if the new one is identical to the old path (if the router ID is the same). Cisco NX-OS continues to use the existing best path to avoid route changes in the network.
You can turn off the suppression feature by configuring the best-path algorithm to compare the router
IDs. See the
“Tuning the Best-Path Algorithm” section on page 9-9
for more information. If you configure this feature, the new best path is always preferred to the existing one.
You cannot suppress the best-path change if any of the following conditions occur:
•
•
•
The existing best path is no longer valid.
Either the existing or new best paths were received from internal (or confederation) peers or were locally generated (for example, by redistribution).
The paths were received from the same peer (the paths have the same router ID).
• The paths have different weights, local preferences, origins, or IGP metrics to their next-hop addresses.
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
8-6 OL-30923-01
Chapter 8 Configuring Basic BGP
Licensing Requirements for Basic BGP
• The paths have different MEDs.
BGP and the Unicast RIB
BGP communicates with the unicast routing information base (unicast RIB) to store IPv4 routes in the unicast routing table. After selecting the best path, if BGP determines that the best path change needs to be reflected in the routing table, it sends a route update to the unicast RIB.
BGP receives route notifications regarding changes to its routes in the unicast RIB. It also receives route notifications about other protocol routes to support redistribution.
BGP also receives notifications from the unicast RIB regarding next-hop changes. BGP uses these notifications to keep track of the reachability and IGP metric to the next-hop addresses.
Whenever the next-hop reachability or IGP metrics in the unicast RIB change, BGP triggers a best-path recalculation for affected routes.
BGP Virtualization
BGP supports Virtual Routing and Forwarding instances (VRFs).
Licensing Requirements for Basic BGP
The following table shows the licensing requirements for this feature:
Product License Requirement
Cisco NX-OS BGP requires a LAN Enterprise Services license. For a complete explanation of the Cisco NX-OS licensing scheme and how to obtain and apply licenses, see the Cisco NX-OS Licensing Guide.
Note Make sure the LAN Base Services license is installed on the switch to enable Layer 3 interfaces.
Prerequisites for BGP
BGP has the following prerequisites:
• You must enable the BGP feature (see the
“Enabling the BGP Feature” section on page 8-10
).
•
•
You should have a valid router ID configured on the system.
You must have an AS number, either assigned by a Regional Internet Registry (RIR) or locally administered.
•
•
You must configure at least one IGP that is capable of recursive next-hop resolution.
You must configure an address family under a neighbor for the BGP session establishment.
Guidelines and Limitations for BGP
BGP has the following configuration guidelines and limitations:
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
8-7
Chapter 8 Configuring Basic BGP
Default Settings
•
•
•
•
•
•
•
•
•
•
The dynamic AS number prefix peer configuration the overrides individual AS number configuration inherited from a BGP template.
If you configure a dynamic AS number for prefix peers in an AS confederation, BGP establishes sessions with only the AS numbers in the local confederation.
BGP sessions created through a dynamic AS number prefix peer ignore any configured eBGP multihop time-to-live (TTL) value or a disabled check for directly connected peers.
Configure a router ID for BGP to avoid automatic router ID changes and session flaps.
Use the maximum-prefix configuration option per peer to restrict the number of routes received and system resources used.
Configure the update-source to establish a session with BGP/eBGP multihop sessions.
Specify a BGP policy if you configure redistribution.
Define the BGP router ID within a VRF.
If you decrease the keepalive and hold timer values, you might experience BGP session flaps.
If you configure VRFs, enter the desired VRF (see
Chapter 12, “Configuring Layer 3
Default Settings
Table 8-2 lists the default settings for BGP parameters.
Table 8-2 Default BGP Parameters
Parameters
BGP feature keep alive interval hold timer
Default
Disabled
60 seconds
180 seconds
CLI Configuration Modes
The following sections describe how to enter each of the CLI configuration modes for BGP. From a mode, you can enter the ?
command to display the commands available in that mode.
This section includes the following topics:
•
Global Configuration Mode, page 8-9
•
•
•
Address Family Configuration Mode, page 8-9
Neighbor Configuration Mode, page 8-9
Neighbor Address Family Configuration Mode, page 8-10
8-8
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 8 Configuring Basic BGP
CLI Configuration Modes
Global Configuration Mode
Use global configuration mode to create a BGP process and configure advanced features such as AS confederation and route dampening. For more information, see
Chapter 9, “Configuring Advanced
This example shows how to enter router configuration mode: switch# configuration switch(config)# router bgp 64496 switch(config-router)#
BGP supports Virtual Routing and Forwarding (VRF). You can configure BGP within the appropriate
VRF if you are using VRFs in your network. See the
“Configuring Virtualization” section on page 9-38
for more information.
This example shows how to enter VRF configuration mode: switch(config)# router bgp 64497 switch(config-router)# vrf vrf_A switch(config-router-vrf)#
Address Family Configuration Mode
You can optionally configure the address families that BGP supports. Use the address-family command in router configuration mode to configure features for an address family. Use the address-family command in neighbor configuration mode to configure the specific address family for the neighbor.
You must configure the address families if you are using route redistribution, address aggregation, load balancing, and other advanced features.
This example shows how to enter address family configuration mode from the router configuration mode: switch(config)# router bgp 64496 switch(config-router)# address-family ipv6 unicast switch(config-router-af)#
This example shows how to enter VRF address family configuration mode if you are using VRFs: switch(config)# router bgp 64497 switch(config-router)# vrf vrf_A switch(config-router-vrf)# address-family ipv6 unicast switch(config-router-vrf-af)#
Neighbor Configuration Mode
Cisco NX-OS provides the neighbor configuration mode to configure BGP peers. You can use neighbor configuration mode to configure all parameters for a peer.
This example shows how to enter neighbor configuration mode: switch(config)# router bgp 64496 switch(config-router)# neighbor 192.0.2.1
switch(config-router-neighbor)#
This example shows how to enter VRF neighbor configuration mode:
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
8-9
Chapter 8 Configuring Basic BGP
Configuring Basic BGP switch(config)# router bgp 64497 switch(config-router)# vrf vrf_A switch(config-router-vrf)# neighbor 192.0.2.1
switch(config-router-vrf-neighbor)#
Neighbor Address Family Configuration Mode
An address family configuration submode inside the neighbor configuration submode is available for entering address family-specific neighbor configuration and enabling the address family for the neighbor. Use this mode for advanced features such as limiting the number of prefixes allowed for this neighbor and removing private AS numbers for eBGP.
This example shows how to enter neighbor address family configuration mode: switch(config)# router bgp 64496 switch(config-router# neighbor 192.0.2.1
switch(config-router-neighbor)# address-family ipv4 unicast switch(config-router-neighbor-af)#
This example shows how to enter VRF neighbor address family configuration mode: switch(config)# router bgp 64497 switch(config-router)# vrf vrf_A switch(config-router-vrf)# neighbor 209.165.201.1
switch(config-router-vrf-neighbor)# address-family ipv6 unicast switch(config-router-vrf-neighbor-af)#
Configuring Basic BGP
To configure a basic BGP, you need to enable BGP and configure a BGP peer. Configuring a basic BGP network consists of a few required tasks and many optional tasks. You must configure a BGP routing process and BGP peers.
This section includes the following topics:
•
Enabling the BGP Feature, page 8-10
•
•
•
•
•
•
Creating a BGP Instance, page 8-11
Restarting a BGP Instance, page 8-13
Configuring BGP Peers, page 8-13
Configuring Dynamic AS Numbers for Prefix Peers, page 8-15
Clearing BGP Information, page 8-17
Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Enabling the BGP Feature
You must enable the BGP feature before you can configure BGP.
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
8-10 OL-30923-01
Chapter 8 Configuring Basic BGP
Configuring Basic BGP
SUMMARY STEPS
1.
2.
3.
4.
configure terminal feature bgp
(Optional) show feature
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 feature bgp
Example: switch(config)# feature bgp
Step 3 show feature
Example: switch(config)# show feature
Step 4 copy running-config startup-config
Example: switch(config)# copy running-config startup-config
Purpose
Enters configuration mode.
Enables the BGP feature.
(Optional) Displays enabled and disabled features.
(Optional) Saves this configuration change.
Use the no feature bgp command to disable the BGP feature and remove all associated configuration.
Command no feature bgp
Example: switch(config)# no feature bgp
Purpose
Disables the BGP feature and removes all associated configuration.
Creating a BGP Instance
You can create a BGP instance and assign a router ID to the BGP instance. See the
Identifier” section on page 8-3 . Cisco NX-OS supports 2-byte or 4-byte autonomous system (AS)
numbers in plain-text notation or as.dot notation. See the
“4-Byte AS Number Support” section on page 8-2
for more information.
BEFORE YOU BEGIN
Ensure that you have enabled the BGP feature (see the
“Enabling the BGP Feature” section on page 8-10
).
BGP must be able to obtain a router ID (for example, a configured loopback address).
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
8-11
Chapter 8 Configuring Basic BGP
Configuring Basic BGP
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
configure terminal router bgp autonomous-system-number
(Optional) router-id ip-address address-family ipv4 { unicast | multicast }
(Optional) network ip-prefix [ route-map map-name ]
(Optional) show bgp all
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 router bgp autonomous-system-number
Example: switch(config)# router bgp 64496 switch(config-router)#
Step 3 router-id ip-address
Example : switch(config-router-af)# network
192.0.2.0
Step 6 show bgp all
Enables BGP and assigns the AS number to the local
BGP speaker. The AS number can be a 16-bit integer or a 32-bit integer in the form of a higher 16-bit decimal number and a lower 16-bit decimal numbe in xx.xx format.
(Optional) Configures the BGP router ID. This IP address identifies this BGP speaker. This command triggers an automatic notification and session reset for the BGP neighbor sessions.
Example: switch(config-router)# router-id
192.0.2.255
Step 4 address-family ipv4 { unicast | multicast }
Example: switch(config-router)# address-family ipv4 unicast switch(config-router-af)#
Step 5 network ip-prefix [ route-map map-name ]
Enters global address family configuration mode for the IPv4 or IPv6 address family. This command triggers an automatic notification and session reset for all BGP neighbors.
(Optional) Specifies a network as local to this autonomous system and adds it to the BGP routing table.
For exterior protocols, the network command controls which networks are advertised. Interior protocols use the network command to determine where to send updates.
(Optional) Displays information about all BGP address families.
Example : switch(config-router-af)# show bgp all
Step 7 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config-router-af)# copy running-config startup-config
Purpose
Enters configuration mode.
8-12
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 8 Configuring Basic BGP
Configuring Basic BGP
Use the no router bgp command to remove the BGP process and the associated configuration.
Command no router bgp autonomous-system-number
Example: switch(config)# no router bgp 201
Purpose
Deletes the BGP process and the associated configuration.
This example shows how to enable BGP with the IPv4 unicast address family and manually add one network to advertise: switch# configure terminal switch(config)# router bgp 64496 switch(config-router)# address-family ipv4 unicast switch(config-router-af)# network 192.0.2.0
switch(config-router-af)# copy running-config startup-config
Restarting a BGP Instance
You can restart a BGP instance and clear all peer sessions for the instance.
To restart a BGP instance and remove all associated peers, use the following command:
Command restart bgp instance-tag
Example: switch(config)# restart bgp 201
Purpose
Restarts the BGP instance and resets or reestablishes all peering sessions.
Shutting Down BGP
You can shut down the BGP protocol and gracefully disable BGP and retain the configuration.
To shut down BGP, use the following command in router configuration mode:
Command shutdown
Example: switch(config-router)# shutdown
Purpose
Gracefully shuts down BGP.
Configuring BGP Peers
You can configure a BGP peer within a BGP process. Each BGP peer has an associated keepalive timer and hold timers. You can set these timers either globally or for each BGP peer. A peer configuration overrides a global configuration.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
8-13
Chapter 8 Configuring Basic BGP
Configuring Basic BGP
Note You must configure the address family under neighbor configuration mode for each peer.
BEFORE YOU BEGIN
Ensure that you have enabled the BGP feature (see the
“Enabling the BGP Feature” section on page 8-10 ).
SUMMARY STEPS
7.
8.
5.
6.
9.
3.
4.
1.
2.
configure terminal router bgp autonomous-system-number neighbor ip-address remote-as as-number
(Optional) description text
(Optional) timers keepalive-time hold-time
(Optional) shutdown address-family ipv4 { unicast | multicast }
(Optional) show bgp ipv4 { unicast | multicast } neighbors
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 router bgp autonomous-system-number
Example: switch(config)# router bgp 64496 switch(config-router)#
Step 3 neighbor ip-address remote-as as-number
Example: switch(config-router)# neighbor
209.165.201.1 remote-as 64497 switch(config-router-neighbor)#
Step 4 description text
Example: switch(config-router-neighbor)# description Peer Router B switch(config-router-neighbor)#
Purpose
Enters configuration mode.
Enables BGP and assigns the AS number to the local
BGP speaker. The AS number can be a 16-bit integer or a 32-bit integer in the form of a higher 16-bit decimal number and a lower 16-bit decimal numbe in xx.xx format.
Configures the IPv4 address and AS number for a remote BGP peer. The ip-address format is x.x.x.x.
(Optional) Adds a description for the neighbor. The description is an alphanumeric string up to 80 characters.
8-14
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 8 Configuring Basic BGP
Configuring Basic BGP
Command
Step 5 timers keepalive-time hold-time
Example: switch(config-router-neighbor)# timers
30 90
Step 6 shutdown
Purpose
(Optional) Adds the keepalive and hold time BGP timer values for the neighbor. The range is from 0 to
3600 seconds. The default is 60 seconds for the keepalive time and 180 seconds for the hold time.
Example: switch(config-router-neighbor)# shutdown
Step 7 address-family { ipv4 { unicast | multicast }
(Optional) Administratively shuts down this BGP neighbor. This command triggers an automatic notification and session reset for the BGP neighbor sessions.
Enters neighbor address family configuration mode for the unicast IPv4 or IPv6 address family.
Example: switch(config-router-neighbor)# address-family ipv4 unicast switch(config-router-neighbor-af)#
Step 8 show bgp { ipv4 { unicast | multicast } neighbors
(Optional) Displays information about BGP peers.
Example : switch(config-router-neighbor-af)# show bgp ipv4 unicast neighbors
Step 9 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config-router-neighbor-af) copy running-config startup-config
This example shows how to configure a BGP peer: switch# configure terminal switch(config)# router bgp 64496 switch(config-router)# neighbor 192.0.2.1 remote-as 64497 switch(config-router-neighbor)# description Peer Router B switch(config-router-neighbor)# address-family ipv4 unicast switch(config-router-neighbor-af)# copy running-config startup-config
Configuring Dynamic AS Numbers for Prefix Peers
You can configure multiple BGP peers within a BGP process. You can limit BGP session establishment to a single AS number or multiple AS numbers in a route map.
BGP sessions configured through dynamic AS numbers for prefix peers ignore the ebgp-multihop command and the disable-connected-check command.
You can change the list of AS numbers in the route map, but you must use the no neighbor command to change the route-map name. Changes to the AS numbers in the configured route map affect only new sessions.
BEFORE YOU BEGIN
Ensure that you have enabled the BGP feature (see the
“Enabling the BGP Feature” section on page 8-10
).
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
8-15
Chapter 8 Configuring Basic BGP
Configuring Basic BGP
SUMMARY STEPS
1.
2.
3.
4.
5.
configure terminal router bgp autonomous-system-number neighbor prefix remote-as route-map map-name
(Optional) show bgp ipv4 { unicast | multicast } neighbors
(Optional) copy running-config startup-config
DETAILED STEPS
8-16
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 router bgp autonomous-system-number
Example: switch(config)# router bgp 64496 switch(config-router)#
Step 3 neighbor prefix remote-as route-map map-name
Example: switch(config-router)# neighbor
192.0.2.0/8 remote-as routemap BGPPeers switch(config-router-neighbor)#
Purpose
Enters configuration mode.
Enables BGP and assigns the AS number to the local
BGP speaker. The AS number can be a 16-bit integer or a 32-bit integer in the form of a higher 16-bit decimal number and a lower 16-bit decimal numbe in xx.xx format.
Configures the IPv 4 prefix and a route map for the list of accepted AS numbers for the remote BGP peers.
The prefix format for IPv4 is x.x.x.x/length. The length range is from 1 to 32.
The map-name can be any case-sensitive, alphanumeric string up to 63 characters.
(Optional) Displays information about BGP peers.
Step 4 show bgp ipv4 { unicast | multicast } neighbors
Example : switch(config-router-neighbor-af)# show bgp ipv4 unicast neighbors
Step 5 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config-router-neighbor-af) copy running-config startup-config
This example shows how to configure dynamic AS numbers for a prefix peer: switch# configure terminal switch(config)# route-map BGPPeers switch(config-route-map)# match as-number 64496, 64501-64510 switch(config-route-map)# match as-number as-path-list List1, List2 switch(config-route-map)# exit switch(config)# router bgp 64496 switch(config-router)# neighbor 192.0.2.0/8 remote-as route-map BGPPeers switch(config-router-neighbor)# description Peer Router B switch(config-router-neighbor)# address-family ipv4 unicast switch(config-router-neighbor-af)# copy running-config startup-config
See
Chapter 14, “Configuring Route Policy Manager” for information on route maps.
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 8 Configuring Basic BGP
Configuring Basic BGP
Clearing BGP Information
To clear BGP information, use the following commands:
Command clear bgp all { neighbor | * | as-number | peer-template name | prefix } [ vrf vrf-name ]
Purpose
Clears one or more neighbors from all address families. * clears all neighbors in all address families. The arguments are as follows:
•
• neighbor —IPv4 address of a neighbor.
as-number — Autonomous system number.
The AS number can be a 16-bit integer or a
32-bit integer in the form of higher 16-bit decimal number and a lower 16-bit decimal number in xx.xx format.
•
• name —Peer template name. The name can be any case-sensitive, alphanumeric string up to
64 characters.
prefix —IPv4 prefix. All neighbors within that prefix are cleared.
clear bgp clear bgp all all dampening [ vrf flap-statistics [ vrf-name vrf
] vrf-name ]
• vrf-name —VRF name. All neighbors in that
VRF are cleared. The name can be any case-sensitive, alphanumeric string up to 64 characters.
Clears route flap dampening networks in all address families. The vrf-name can be any case-sensitive, alphanumeric string up to 64 characters.
Clears route flap statistics in all address families.
The vrf-name can be any case-sensitive, alphanumeric string up to 64 characters.
clear bgp
[ vrf ip { vrf-name ] unicast | multicast } dampening Clears route flap dampening networks in the selected address family. The vrf-name can be any case-sensitive, alphanumeric string up to 64 characters.
clear bgp ip { unicast | multicast } flap-statistics
[ vrf vrf-name ]
Clears route flap statistics in the selected address family. The vrf-name can be any case-sensitive, alphanumeric string up to 64 characters.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
8-17
Chapter 8 Configuring Basic BGP
Configuring Basic BGP
Command clear bgp ip { unicast | multicast } { neighbor | *
| as-number | peer-template name | prefix } [ vrf vrf-name ]
Purpose
Clears one or more neighbors from the selected address family. * clears all neighbors in the address family. The arguments are as follows:
• neighbor —IPv4 address of a neighbor.
•
• as-number — Autonomous system number.
The AS number can be a 16-bit integer or a
32-bit integer in the form of higher 16-bit decimal number and a lower 16-bit decimal number in xx.xx format.
name —Peer template name. The name can be any case-sensitive, alphanumeric string up to
64 characters.
•
• prefix —IPv4 prefix. All neighbors within that prefix are cleared.
vrf-name —VRF name. All neighbors in that
VRF are cleared. The name can be any case-sensitive, alphanumeric string up to 64 characters.
clear ip bgp { ip { unicast | multicast }}
{ neighbor | * | as-number | peer-template name | prefix } [ vrf vrf-name ]
Clears one or more neighbors. * clears all neighbors in the address family. The arguments are as follows:
•
•
•
• neighbor —IPv4 address of a neighbor.
as-number — Autonomous system number.
The AS number can be a 16-bit integer or a
32-bit integer in the form of higher 16-bit decimal number and a lower 16-bit decimal number in xx.xx format.
name —Peer template name. The name can be any case-sensitive, alphanumeric string up to
64 characters.
prefix —IPv4 prefix. All neighbors within that prefix are cleared.
• vrf-name —VRF name. All neighbors in that
VRF are cleared. The name can be any case-sensitive, alphanumeric string up to 64 characters.
clear ip bgp dampening [ ip-neighbor | ip-prefix ]
[ vrf vrf-name ]
Clears route flap dampening in one or more networks. The arguments are as follows:
•
•
• ip-neighbor —IPv4 address of a neighbor.
ip-prefix —IPv4. All neighbors within that prefix are cleared.
vrf-name —VRF name. All neighbors in that
VRF are cleared. The name can be any case-sensitive, alphanumeric string up to 64 characters.
8-18
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 8 Configuring Basic BGP
Configuring Basic BGP
Command clear ip bgp flap-statistics [ ip-neighbor | ip-prefix ] [ vrf vrf-name ]
Purpose
Clears route flap statistics in one or more networks. The arguments are as follows:
• ip-neighbor —IPv4 address of a neighbor.
•
• ip-prefix —IPv4. All neighbors within that prefix are cleared.
vrf-name —VRF name. All neighbors in that
VRF are cleared. The name can be any case-sensitive, alphanumeric string up to 64 characters.
clear ip mbgp { ip { unicast | multicast }}
{ neighbor | * | as-number | peer-template name | prefix } [ vrf vrf-name ]
Clears one or more neighbors. * clears all neighbors in the address family. The arguments are as follows:
•
•
•
•
• neighbor —IPv4 address of a neighbor.
as-number — Autonomous system number.
The AS number can be a 16-bit integer or a
32-bit integer in the form of higher 16-bit decimal number and a lower 16-bit decimal number in xx.xx format.
name —Peer template name. The name can be any case-sensitive, alphanumeric string up to
64 characters.
prefix —IPv4 prefix. All neighbors within that prefix are cleared.
vrf-name —VRF name. All neighbors in that
VRF are cleared. The name can be any case-sensitive, alphanumeric string up to 64 characters.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
8-19
Chapter 8 Configuring Basic BGP
.Verifying the Basic BGP Configuration
Command clear ip mbgp dampening [ ip-neighbor | ip-prefix ] [ vrf vrf-name ] clear ip mbgp flap-statistics [ ip-neighbor | ip-prefix ] [ vrf vrf-name ]
Purpose
Clears route flap dampeningin one or more networks. The arguments are as follows:
• ip-neighbor —IPv4 address of a neighbor.
•
• ip-prefix —IPv4. All neighbors within that prefix are cleared.
vrf-name —VRF name. All neighbors in that
VRF are cleared. The name can be any case-sensitive, alphanumeric string up to 64 characters.
Clears route flap statistics one or more networks.
The arguments are as follows:
•
•
• ip-neighbor —IPv4 address of a neighbor.
ip-prefix —IPv4. All neighbors within that prefix are cleared.
vrf-name —VRF name. All neighbors in that
VRF are cleared. The name can be any case-sensitive, alphanumeric string up to 64 characters.
Note The Cisco NX-OS switch may not flush BGP routes after the BGP session is cleared.
.Verifying the Basic BGP Configuration
To display the BGP configuration information, perform the following tasks:
Command Purpose show bgp all show bgp
[ summary convergence [
] [ vrf vrf vrf-name vrf-name ]
] Displays the BGP information for all address families.
Displays the BGP information for all address families.
Displays the BGP routes that match a BGP community.
show bgp ip { unicast | multicast } [ ip-address ] community { regexp expression | [ community ]
[ no-advertise ] [ no-export ]
[ no-export-subconfed ]} [ vrf vrf-name ] show bgp [ vrf vrf-name ] ip { unicast | multicast }
[ ip-address ] community-list list-nam e [ vrf vrf-name ]
Displays the BGP routes that match a BGP community list.
show bgp ip { unicast | multicast } [ ip-address ] extcommunity { regexp expression | generic
[ non-transitive | transitive ] aa4:nn
[ exact-match ]} [ vrf vrf-name ]
Displays the BGP routes that match a BGP extended community.
8-20
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 8 Configuring Basic BGP
.Verifying the Basic BGP Configuration
Command show bgp ip { unicast | multicast } [ ip-address ]
{ dampening dampened-paths [ regexp expression ]} [ vrf vrf-name ]
Purpose show bgp ip { unicast | multicast } [ ip-address ] extcommunity-list list-nam e [ exact-match ] [ vrf vrf-name ]
Displays the BGP routes that match a BGP extended community list.
Displays the information for BGP route dampening. Use the command to clear the route flap dampening information.
clear bgp dampening
Displays the BGP route history paths.
show bgp ip { unicast | multicast } [ ip-address ] history-paths [ regexp expression ] [ vrf vrf-name ] show bgp ip { unicast | multicast } [ ip-address ] filter-list list-name [ vrf vrf-name ]
Displays the information for the BGP filter list.
show bgp ip { unicast | multicast } [ ip-address ] neighbors [ ip-address ] [ vrf vrf-name ]
Displays the information for BGP peers. Use the clear bgp neighbors command to clear these neighbors.
show bgp ip { unicast | multicast } [ ip-address ]
{ nexthop | nexthop-database } [ vrf vrf-name ] show bgp paths show bgp ip { unicast | multicast } [ ip-address ] policy name [ vrf vrf-name ]
Displays the information for the BGP route next hop.
Displays the BGP path information.
Displays the BGP policy information. Use the clear bgp policy command to clear the policy information.
Displays the BGP routes that match the prefix list.
show bgp ip { unicast | multicast } [ ip-address ] prefix-list list-name [ vrf vrf-name ] show bgp ip { unicast | multicast } [ ip-address ] received-paths [ vrf vrf-name ] show bgp ip { unicast | multicast } [i p-address ] regexp expression [ vrf vrf-name ] show bgp ip { unicast | multicast } [ ip-address ] route-map map-name [ vrf vrf-name ] show bgp peer-policy name [ vrf vrf-name ] show bgp show bgp show bgp show ip peer-session process bgp options name peer-template
[ vrf name [ vrf-name vrf
] vrf-name ]
Displays the BGP paths stored for soft reconfiguration.
Displays the BGP routes that match the AS_path regular expression.
Displays the BGP routes that match the route map.
Displays the information about BGP peer policies.
Displays the information about BGP peer sessions.
Displays the information about BGP peer templates. Use the clear bgp peer-template command to clear all neighbors in a peer template.
Displays the BGP process information.
Displays the BGP status and configuration information. This command has multiple options.
See the Cisco Nexus 6000 Series Command
Reference, Cisco NX-OS Releases 7.x
, for more information.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
8-21
Chapter 8 Configuring Basic BGP
Displaying BGP Statistics
Command show ip mbgp options show running-configuration bgp
Purpose
Displays the BGP status and configuration information. This command has multiple options.
See the Cisco Nexus 6000 Series Command
Reference, Cisco NX-OS Releases 7.x
, for more information.
Displays the current running BGP configuration.
Displaying BGP Statistics
To display BGP statistics, use the following commands:
Command show bgp ip { unicast | multicast }
[ ip-address ] flap-statistics [ vrf vrf-name ] show bgp sessions [ vrf vrf-name ] show bgp show bgp sessions [ statistics vrf vrf-name ]
Purpose
Displays the BGP route flap statistics. Use the clear bgp flap-statistics command to clear these statistics.
Displays the BGP sessions for all peers. Use the clear bgp sessions command to clear these statistics.
Displays the BGP sessions for all peers. Use the clear bgp sessions command to clear these statistics.
Displays the BGP statistics.
Configuration Examples for Basic BGP
This example shows a basic BGP configuration: feature bgp router bgp 64496 neighbor 2001:ODB8:0:1::55 remote-as 64496 address-family ipv4 unicast next-hop-self
This example shows a basic BGP configuration: address-family router bgp 64496 address-family ipv4 unicast
network 1.1.10 mask 255.255.255.0
neighbor 10.1.1.1 remote-as 64496
address-family ipv4 unicast
Related Topics
The following topics relate to BGP:
•
Chapter 14, “Configuring Route Policy Manager.”
Where to Go Next
See
Chapter 9, “Configuring Advanced BGP”
for details on the following features:
8-22
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 8 Configuring Basic BGP
Additional References
MIBs
MIBs
BGP4-MIB
CISCO-BGP4-MIB
•
•
•
Peer templates
Route redistribution
Route maps
Additional References
For additional information related to implementing BGP, see the following sections:
•
•
Related Documents
Related Topic
BGP CLI commands
Document Title
Cisco Nexus 6000 Series Command Reference, Cisco NX-OS
Releases 7.x
MIBs Link
To locate and download MIBs, go to the following URL: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
8-23
Additional References
Chapter 8 Configuring Basic BGP
8-24
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
C H A P T E R
9
Configuring Advanced BGP
This chapter describes how to configure advanced features of the Border Gateway Protocol (BGP) on the Cisco NX-OS switch.
This chapter includes the following sections:
•
•
•
•
•
Information About Advanced BGP, page 9-1
Licensing Requirements for Advanced BGP, page 9-11
Prerequisites for BGP, page 9-12
Guidelines and Limitations for BGP, page 9-12
•
•
•
•
•
Configuring Advanced BGP, page 9-13
Verifying the Advanced BGP Configuration, page 9-47
Displaying BGP Statistics, page 9-48
Additional References, page 9-49
Information About Advanced BGP
BGP is an interdomain routing protocol that provides loop-free routing between organizations or autonomous systems. Cisco NX-OS supports BGP version 4. BGP version 4 includes multiprotocol extensions that allow BGP to carry routing information for IP multicast routes and multiple Layer 3 protocol address families. BGP uses TCP as a reliable transport protocol to create TCP sessions with other BGP-enabled switches called BGP peers. When connecting to an external organization, the router creates external BGP (eBGP) peering sessions. BGP peers within the same organization exchange routing information through internal BGP (iBGP) peering sessions.
This section includes the following topics:
•
•
•
•
•
•
Route Policies and Resetting BGP Sessions, page 9-3 eBGP, page 9-3 iBGP, page 9-3
Capabilities Negotiation, page 9-5
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01 9-1
Chapter 9 Configuring Advanced BGP
Information About Advanced BGP
•
•
•
•
•
•
•
•
•
•
Load Sharing and Multipath, page 9-6
BGP Additional Paths, page 9-7
BGP Conditional Advertisement, page 9-8
BGP Next-Hop Address Tracking, page 9-9
Route Redistribution, page 9-9
Virtualization Support, page 9-11
Peer Templates
BGP peer templates allow you to create blocks of common configurations that you can reuse across similar BGP peers. Each block allows you to define a set of attributes that a peer then inherits. You can choose to override some of the inherited attributes as well, making it a very flexible scheme for simplifying the repetitive nature of BGP configurations.
Cisco NX-OS implements three types of peer templates:
• The peer-session template defines BGP peer session attributes, such as the transport details, remote autonomous system number of the peer, and session timers. A peer-session template can also inherit attributes from another peer-session template (with locally defined attributes that override the attributes from an inherited peer-session).
•
•
A peer-policy template defines the address-family dependent policy aspects for a peer including the inbound and outbound policy, filter-lists, and prefix-lists. A peer-policy template can inherit from a set of peer-policy templates. Cisco NX-OS evaluates these peer-policy templates in the order specified by the preference value in the inherit configuration. The lowest number is preferred over higher numbers.
The peer template can inherit the peer-session and peer-policy templates to allow for simplified peer definitions. It is not mandatory to use a peer template but it can simplify the BGP configuration by providing reusable blocks of configuration.
Authentication
You can configure authentication for a BGP neighbor session. This authentication method adds an MD5 authentication digest to each TCP segment sent to the neighbor to protect BGP against unauthorized messages and TCP security attacks.
Note The MD5 password must be identical between BGP peers.
9-2
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 9 Configuring Advanced BGP
Information About Advanced BGP
Route Policies and Resetting BGP Sessions
You can associate a route policy to a BGP peer. Route policies use route maps to control or modify the routes that BGP recognizes. You can configure a route policy for inbound or outbound route updates.
The route policies can match on different criteria, such as a prefix or AS_path attribute, and selectively accept or deny the routes. Route policies can also modify the path attributes.
When you change a route policy applied to a BGP peer, you must reset the BGP sessions for that peer.
Cisco NX-OS supports the following three mechanisms to reset BGP peering sessions:
•
•
Hard reset—A hard reset tears down the specified peering sessions, including the TCP connection, and deletes routes coming from the specified peer. This option interrupts packet flow through the
BGP network. Hard reset is disabled by default.
Soft reconfiguration inbound—A soft reconfiguration inbound triggers routing updates for the specified peer without resetting the session. You can use this option if you change an inbound route policy. Soft reconfiguration inbound saves a copy of all routes received from the peer before processing the routes through the inbound route policy. If you change the inbound route policy,
Cisco NX-OS passes these stored routes through the modified inbound route policy to update the route table without tearing down existing peering sessions. Soft reconfiguration inbound can use significant memory resources to store the unfiltered BGP routes. Soft reconfiguration inbound is disabled by default.
•
•
Route Refresh—A route refresh updates the inbound routing tables dynamically by sending route refresh requests to supporting peers when you change an inbound route policy. The remote BGP peer responds with a new copy of its routes that the local BGP speaker processes with the modified route policy. Cisco NX-OS automatically sends an outbound route refresh of prefixes to the peer.
BGP peers advertise the route refresh capability as part of the BGP capability negotiation when establishing the BGP peer session. Route refresh is the preferred option and enabled by default.
Note BGP also uses route maps for route redistribution, route aggregation, route dampening, and other features. See
Chapter 14, “Configuring Route Policy Manager,”
for more information on route maps.
eBGP
External BGP (eBGP) allows you to connect BGP peers from different autonomous systems to exchange routing updates. Connecting to external networks enables traffic from your network to be forwarded to other networks and across the Internet.
You should use loopback interfaces for establishing eBGP peering sessions because loopback interfaces are less susceptible to interface flapping. An interface flap occurs when the interface is administratively brought up or down because of a failure or maintenance issue. See the
attribute.
iBGP
Internal BGP (iBGP) allows you to connect BGP peers within the same autonomous system. You can use iBGP for multihomed BGP networks (networks that have more than one connection to the same external autonomous system).
Figure 9-1 shows an iBGP network within a larger BGP network.
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01 9-3
Chapter 9 Configuring Advanced BGP
Information About Advanced BGP
Figure 9-1
AS20
Z eBGP iBGP Network
AS10
A iBGP iBGP iBGP
C iBGP iBGP
B D iBGP networks are fully meshed. Each iBGP peer has a direct connection to all other iBGP peers to prevent network loops.
Note You should configure a separate interior gateway protocol in the iBGP network.
This section includes the following topics:
•
•
AS Confederations
A fully meshed iBGP network becomes complex as the number of iBGP peers grows. You can reduce the iBGP mesh by dividing the autonomous system into multiple subautonomous systems and grouping them into a single confederation. A confederation is a group of iBGP peers that use the same autonomous system number to communicate to external networks. Each subautonomous system is fully meshed within itself and has a few connections to other subautonomous systems in the same confederation.
Figure 9-2 shows the BGP network from Figure 9-1
, split into two subautonomous systems and one confederation.
Figure 9-2
AS20
Z eBGP
AS Confederation
AS10
AS1
A
Confederation peers
AS2
C iBGP iBGP
B D
9-4
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 9 Configuring Advanced BGP
Information About Advanced BGP
In this example, AS10 is split into two subautonomous systems, AS1 and AS2. Each subautonomous system is fully meshed, but there is only one link between the subautonomous systems. By using AS confederations, you can reduce the number of links compared to the fully meshed autonomous system in
.
Route Reflector
You can alternately reduce the iBGP mesh by using a route reflector configuration. Route reflectors pass learned routes to neighbors so that all iBGP peers do not need to be fully meshed.
Figure 9-1 shows a simple iBGP configuration with four meshed iBGP speakers (router A, B, C, and D).
Without route reflectors, when router A receives a route from an external neighbor, it advertises the route to all three iBGP neighbors.
When you configure an iBGP peer to be a route reflector, it becomes responsible for passing iBGP learned routes to a set of iBGP neighbors.
In
router A, it advertises (reflects) the routes to routers C and D. Router A no longer has to advertise to both routers C and D.
Figure 9-3
AS20
Z eBGP
Route Reflector
AS10
A C iBGP iBGP
B D
The route reflector and its client peers form a cluster. You do not have to configure all iBGP peers to act as client peers of the route reflector. You must configure any nonclient peer as fully meshed to guarantee that complete BGP updates reach all peers.
Capabilities Negotiation
A BGP speaker can learn about BGP extensions supported by a peer by using the capabilities negotiation feature. Capabilities negotiation allows BGP to use only the set of features supported by both BGP peers on a link.
If a BGP peer does not support capabilities negotiation, Cisco NX-OS will attempt a new session to the peer without capabilities negotiation if you have configured the address family as IPv4.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
9-5
Chapter 9 Configuring Advanced BGP
Information About Advanced BGP
Route Dampening
Route dampening is a BGP feature that minimizes the propagation of flapping routes across an internetwork. A route flaps when it alternates between the available and unavailable states in rapid succession.
For example, consider a network with three BGP autonomous systems: AS1, AS2, and AS3. Suppose that a route in AS1 flaps (it becomes unavailable). Without route dampening, AS1 sends a withdraw message to AS2. AS2 propagates the withdrawal message to AS3. When the flapping route reappears,
AS1 sends an advertisement message to AS2, which sends the advertisement to AS3. If the route repeatedly becomes unavailable, and then available, AS1 sends many withdrawal and advertisement messages that propagate through the other autonomous systems.
Route dampening can minimize flapping. Suppose that the route flaps. AS2 (in which route dampening is enabled) assigns the route a penalty of 1000. AS2 continues to advertise the status of the route to neighbors. Each time that the route flaps, AS2 adds to the penalty value. When the route flaps so often that the penalty exceeds a configurable suppression limit, AS2 stops advertising the route, regardless of how many times that it flaps. The route is now dampened.
The penalty placed on the route decays until the reuse limit is reached. At that time, AS2 advertises the route again. When the reuse limit is at 50 percent, AS2 removes the dampening information for the route.
Note The router does not apply a penalty to a resetting BGP peer when route dampening is enabled, even though the peer reset withdraws the route.
Load Sharing and Multipath
BGP can install multiple equal-cost eBGP or iBGP paths into the routing table to reach the same destination prefix. Traffic to the destination prefix is then shared across all the installed paths.
The BGP best-path algorithm considers the paths as equal-cost paths if the following attributes are identical:
•
•
•
Weight
Local preference
•
•
AS_path
Origin code
Multi-exit discriminator (MED)
• IGP cost to the BGP next hop
BGP selects only one of these multiple paths as the best path and advertises the path to the BGP peers.
Note Paths received from different AS confederations are considered as equal-cost paths if the external
AS_path values and the other attributes are identical.
Note When you configure a route reflector for iBGP multipath, and the route reflector advertises the selected best path to its peers, the next hop for the path is not modified.
9-6
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 9 Configuring Advanced BGP
Information About Advanced BGP
Note Nexus OS performs BGP AS PATH check for both iBGP (VPNv4) and eBGP and if it finds its own AS in MP-BGP update, it discards the route. Use ALLOWAS-IN attribute for VPNv4 neighbors to resolve this issue.
BGP Additional Paths
In Cisco NX-OS releases prior to 6.1, only one BGP best path is advertised, and the BGP speaker accepts only one path for a given prefix from a given peer. If a BGP speaker receives multiple paths for the same prefix within the same session, it uses the most recent advertisement.
Beginning with Cisco NX-OS Release 6.1, BGP supports the additional paths feature, which allows the
BGP speaker to propagate and accept multiple paths for the same prefix without the new paths replacing any previous ones. This feature allows BGP speaker peers to negotiate whether they support advertising and receiving multiple paths per prefix and advertising such paths. A special 4-byte path ID is added to the network layer reachability information (NLRI) to differentiate multiple paths for the same prefix sent across a peer session. The following figure illustrates the BGP additional paths capability.
Route Aggregation
You can configure aggregate addresses. Route aggregation simplifies route tables by replacing a number of more specific addresses with an address that represents all the specific addresses. For example, you can replace these three more specific addresses, 10.1.1.0/24, 10.1.2.0/24, and 10.1.3.0/24 with one aggregate address, 10.1.0.0/16.
Aggregate prefixes are present in the BGP route table so that fewer routes are advertised.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
9-7
Chapter 9 Configuring Advanced BGP
Information About Advanced BGP
Figure 9-4
RR
Prefix 100.0.0.0/24
P
P
P a a a th1 vi th2 vi th 3 vi a a a
R1
R2
R 3
BGP Route Advertisement with the Additional Paths Capability
RR the s b end e s s t p a a ll a v a il ab th) to R4, le p us a th s (not j ing the p a th identifier prepended to the NLRI in order to di s ting u i s h m u ltiple p a th s .
us t
UPDATE 1:
NLRI: 1:100.0.0.0/24
P a th vi a R1
UPDATE 2:
NLRI: 2:100.0.0.0/24
P a th vi a R2
UPDATE 3 :
NLRI: 3 :100.0.0.0/24
P a th vi a R 3
Note Cisco NX-OS does not support automatic route aggregation.
Route aggregation can lead to forwarding loops. To avoid this problem, when BGP generates an advertisement for an aggregate address, it automatically installs a summary discard route for that aggregate address in the local routing table. BGP sets the administrative distance of the summary discard to 220 and sets the route type to discard. BGP does not use discard routes for next-hop resolution.
BGP Conditional Advertisement
BGP conditional advertisement allows you to configure BGP to advertise or withdraw a route based on whether or not a prefix exists in the BGP table. This feature is useful, for example, in multihomed networks, in which you want BGP to advertise some prefixes to one of the providers only if information from the other provider is not present.
Consider an example network with three BGP autonomous systems: AS1, AS2, and AS3, where AS1 and
AS3 connect to the Internet and to AS2. Without conditional advertisement, AS2 propagates all routes to both AS1 and AS3. With conditional advertisement, you can configure AS2 to advertise certain routes to AS3 only if routes from AS1 do not exist (if for example, the link to AS1 fails).
BGP conditional advertisement adds an exist or not-exist test to each route that matches the configured
route map. See the “Configuring BGP Conditional Advertisement” section on page 9-36 for more
information.
9-8
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 9 Configuring Advanced BGP
Information About Advanced BGP
BGP Next-Hop Address Tracking
BGP monitors the next-hop address of installed routes to verify next-hop reachability and to select, install, and validate the BGP best path. BGP next-hop address tracking speeds up this next-hop reachability test by triggering the verification process when routes change in the RIB that may affect
BGP next-hop reachability.
BGP receives notifications from the RIB when next-hop information changes (event-driven notifications). BGP is notified when any of the following events occurs:
•
•
•
•
•
Next hop becomes unreachable.
Next hop becomes reachable.
Fully recursed IGP metric to the next hop changes.
First hop IP address or first hop interface changes.
•
•
•
Next hop becomes connected.
Next hop becomes unconnected.
Next hop becomes a local address.
Next hop becomes a nonlocal address.
Note Reachability and recursed metric events trigger a best-path recalculation.
Event notifications from the RIB are classified as critical and noncritical. Notifications for critical and noncritical events are sent in separate batches. However, a noncritical event is sent with the critical events if the noncritical event is pending and there is a request to read the critical events.
• Critical events are related to the reachability (reachable and unreachable), connectivity (connected and unconnected), and locality (local and nonlocal) of the next hops. Notifications for these events are not delayed.
• Noncritical events include only the IGP metric changes.
See the
“Configuring BGP Next-Hop Address Tracking” section on page 9-23
for more information.
Route Redistribution
You can configure BGP to redistribute static routes or routes from other protocols. You configure a route policy with the redistribution to control which routes are passed into BGP . A route policy allows you to filter routes based on attributes such as the destination, origination protocol, route type, route tag, and so on. See
Chapter 14, “Configuring Route Policy Manager,”
for more information.Prior to Cisco
NX-OS Release 5.2(1), when you redistribute BGP to IGP, iBGP is redistributed as well. To override this behavior, you must insert an additional deny statement into the route map. iBGP is not redistributed to IGP by default.
You can use route maps to override the default behavior, but be careful when doing so as incorrect use of route maps can result in network loops. The following example shows how to use route maps to change the default behavoir.
You can change the default behavoir by modifying the route map as follows: route-map foo permit 10
match route-type internal router ospf 1
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
9-9
Chapter 9 Configuring Advanced BGP
Information About Advanced BGP
redistribute bgp 100 route-map foo
BFD
This feature supports bidirectional forwarding detection (BFD) for IPv4 only. BFD is a detection protocol designed to provide fast forwarding-path failure detection times. BFD provides subsecond failure detection between two adjacent devices and can be less CPU-intensive than protocol hello messages because some of the BFD load can be distributed onto the data plane on supported modules.
BFD for BGP is supported on eBGP peers and iBGP single-hop peers. Configure the update-source option in neighbor configuration mode for iBGP single-hop peers using BFD.
Note BFD is not supported on other iBGP peers or for multihop eBGP peers.
See the Cisco Nexus 6000 Series NX-OS Interfaces Configuration Guide, Release 7.x
for more information.
Tuning BGP
You can modify the default behavior of BGP through BGP timers and by adjusting the best-path algorithm.
This section includes the following topics:
•
•
Tuning the Best-Path Algorithm, page 9-10
BGP Timers
BGP uses different types of timers for neighbor session and global protocol events. Each established session has a minimum of two timers for sending periodic keepalive messages and for timing out sessions when peer keepalives do not arrive within the expected time. In addition, there are other timers for handling specific features. Typically, you configure these timers in seconds. The timers include a random adjustment so that the same timers on different BGP peers trigger at different times.
Tuning the Best-Path Algorithm
You can modify the default behavior of the best-path algorithm through optional configuration parameters, including changing how the algorithm handles the MED attribute and the router ID.
Multiprotocol BGP
BGP on Cisco NX-OS supports multiple address families. Multiprotocol BGP (MP-BGP) carries different sets of routes depending on the address family. For example, BGP can carry one set of routes for IPv4 unicast routing, and one set of routes for IPv4 multicast routing. You can use MP-BGP for reverse-path forwarding (RPF) checks in IP multicast networks.
9-10
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 9 Configuring Advanced BGP
Licensing Requirements for Advanced BGP
Note Because Multicast BGP does not propagate multicast state information, you need a multicast protocol, such as Protocol Independent Multicast (PIM).
Use the router address-family and neighbor address-family configuration modes to support multiprotocol BGP configurations. MP-BGP maintains separate RIBs for each configured address family, such as a unicast RIB and a multicast RIB for BGP.
A multiprotocol BGP network is backward compatible but BGP peers that do not support multiprotocol extensions cannot forward routing information, such as address family identifier information, that the multiprotocol extensions carry.
Low Memory Handling
BGP reacts to low memory for the following conditions:
•
•
Minor alert—BGP does not establish any new eBGP peers. BGP continues to establish new iBGP peers and confederate peers. Established peers remain, but reset peers are not reestablished.
Severe alert—BGP shuts down select established eBGP peers every two minutes until the memory alert becomes minor. For each eBGP peer, BGP calculates the ratio of total number of paths received to the number of paths selected as best paths. The peers with the highest ratio are selected to be shut down to reduce memory usage. You must clear a shutdown eBGP peer before you can bring the eBGP peer back up to avoid oscillation.
Note You can exempt important eBGP peers from this selection process.
• Critical alert—BGP gracefully shuts down all the established peers. You must clear a shutdown BGP peer before you can bring the BGP peer back up.
See the
“Tuning BGP” section on page 9-40 for more information on how to exempt a BGP peer from
shutdown due to a low memory condition.
Virtualization Support
Cisco NX-OS supports multiple instances of BGP that run on the same system.
Licensing Requirements for Advanced BGP
The following table shows the licensing requirements for this feature:
Product License Requirement
Cisco NX-OS BGP requires an LAN Enterprise Services license. For a complete explanation of the Cisco NX-OS licensing scheme and how to obtain and apply licenses, see the Cisco NX-OS Licensing Guide .
Note Make sure the LAN Base Services license is installed on the switch to enable Layer 3 interfaces.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
9-11
Chapter 9 Configuring Advanced BGP
Prerequisites for BGP
Prerequisites for BGP
BGP has the following prerequisites:
• You must enable the BGP feature (see the
“Enabling the BGP Feature” section on page 8-10 ).
•
•
You should have a valid router ID configured on the system.
You must have an AS number, either assigned by a Regional Internet Registry (RIR) or locally administered.
•
•
You must have reachability (such as an interior gateway protocol (IGP), a static route, or a direct connection) to the peer that you are trying to make a neighbor relationship with.
You must explicitly configure an address family under a neighbor for the BGP session establishment.
Guidelines and Limitations for BGP
BGP has the following configuration guidelines and limitations:
•
•
The dynamic AS number prefix peer configuration overrides the individual AS number configuration inherited from a BGP template.
If you configure a dynamic AS number for prefix peers in an AS confederation, BGP establishes sessions with only the AS numbers in the local confederation.
•
•
•
•
•
BGP sessions created through a dynamic AS number prefix peer ignore any configured eBGP multihop time-to-live (TTL) value or a disabled check for directly connected peers.
Configure a router ID for BGP to avoid automatic router ID changes and session flaps.
Use the maximum-prefix configuration option per peer to restrict the number of routes received and system resources used.
Configure the update-source to establish a session with eBGP multihop sessions.
•
•
Specify a BGP route map if you configure redistribution.
Configure the BGP router ID within a VRF.
Cisco NX-OS does not support multi-hop BFD. BFD for BGP has the following limitations:
– BFD is supported only for BGP IPv4.
–
–
BFD is supported only for eBGP peers and iBGP single-hop peers.
To enable BFD for iBGP single-hop peers, you must configure the update-source option on the physical interface.
•
– BFD is not supported for multi-hop iBGP peers and multi-hop eBGP peers.
If you decrease the keepalive and hold timer values, the network might experience session flaps.
Default Settings
Table 9-1 lists the default settings for BGP parameters.
9-12
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
Table 9-1 Default BGP Parameters
Parameters
BGP feature keep alive interval hold timer
Default disabled
60 seconds
180 seconds
Configuring Advanced BGP
This section describes how to configure advanced BGP and includes the following topics:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Configuring BGP Session Templates, page 9-14
Configuring BGP Peer-Policy Templates, page 9-16
Configuring BGP Peer Templates, page 9-18
Configuring Prefix Peering, page 9-21
Configuring BGP Authentication, page 9-22
Resetting a BGP Session, page 9-22
Modifying the Next-Hop Address, page 9-23
Configuring BGP Next-Hop Address Tracking, page 9-23
Configuring Next-Hop Filtering, page 9-24
Disabling Capabilities Negotiation, page 9-24
BGP Additional Paths, page 9-24
Configuring AS Confederations, page 9-32
Configuring Route Reflector, page 9-32
Configuring Route Dampening, page 9-34
Configuring Load Sharing and ECMP, page 9-35
Configuring Maximum Prefixes, page 9-35
Configuring Dynamic Peer Prioritization, page 9-35
Configuring Aggregate Addresses, page 9-36
Configuring BGP Conditional Advertisement, page 9-36
Configuring Route Redistribution, page 9-38
Configuring a Graceful Restart, page 6-36
Configuring Virtualization, page 9-44
Configuring Policy-Based Administrative Distance, page 9-46
Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
9-13
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
Configuring BGP Session Templates
You can use BGP session templates to simplify BGP configuration for multiple BGP peers with similar configuration needs. BGP templates allow you to reuse common configuration blocks. You configure
BGP templates first, and then apply these templates to BGP peers.
With BGP session templates, you can configure session attributes such as inheritance, passwords, timers, and security.
A peer-session template can inherit from one other peer-session template. You can configure the second template to inherit from a third template. The first template also inherits this third template. This indirect inheritance can continue for up to seven peer-session templates.
Any attributes configured for the neighbor take priority over any attributes inherited by that neighbor from a BGP template.
BEFORE YOU BEGIN
Note Ensure that you have enabled the BGP feature (see the
“Enabling the BGP Feature” section on page 8-10 ).When editing a template, you can use the
no form of a command at either the peer or template level to explicitly override a setting in a template. You must use the default form of the command to reset that attribute to the default state.
SUMMARY STEPS
1.
2.
3.
4.
configure terminal router bgp autonomous-system-number template peer-session template-name password number password
5.
6.
timers keepalive hold exit neighbor ip-address remote-as as-number
9.
10.
7.
8.
inherit peer-session template-name
(Optional) description text
(Optional) show bgp peer-session template-name
11.
(Optional) copy running-config startup-config
9-14
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
DETAILED STEPS
Command
Step 1 configure terminal
Purpose
Enters configuration mode.
Example : switch# configure terminal switch(config)#
Step 2 router bgp autonomous-system-number Enables BGP and assigns the autonomous system number to the local BGP speaker.
Example : switch(config)# router bgp 65536 switch(config-router)#
Step 3 template peer-session template-name Enters peer-session template configuration mode.
Example : switch(config-router)# template peer-session BaseSession switch(config-router-stmp)#
Step 4 password number password
Example : switch(config-router-stmp)# password 0 test
Step 5 timers keepalive hold
(Optional) Adds the clear text password test to the neighbor. The password is stored and displayed in type
3 encrypted form (3DES).
Example : switch(config-router-stmp)# timers 30 90
Step 6 exit
(Optional) Adds the BGP keepalive and holdtimer values to the peer-session template.
The default keepalive interval is 60. The default hold time is 180.
Exits peer-session template configuration mode.
Example : switch(config-router-stmp)# exit switch(config-router)#
Step 7 neighbor ip-address remote-as as-number
Example: switch(config-router)# neighbor
192.168.1.2 remote-as 65536 switch(config-router-neighbor)#
Step 8 inherit peer-session template-name
Places the router in the neighbor configuration mode for BGP routing and configures the neighbor IP address.
Applies a peer-session template to the peer.
Example : switch(config-router-neighbor)# inherit peer-session BaseSession switch(config-router-neighbor)
Step 9 description text (Optional) Adds a description for the neighbor.
Example : switch(config-router-neighbor)# description Peer Router A switch(config-router-neighbor)
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
9-15
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
Command
Step 10 show bgp peer-session template-name
Purpose
(Optional) Displays the peer-policy template.
Example: switch(config-router-neighbor)# show bgp peer-session BaseSession
Step 11 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config-router-neighbor)# copy running-config startup-config
Use the show bgp neighbor command to see the template applied. See the Cisco Nexus 6000 Series
Command Reference, Cisco NX-OS Releases 7.x
, for details on all commands available in the template.
This example shows how to configure a BGP peer-session template and apply it to a BGP peer: switch# configure terminal switch(config)# router bgp 65536 switch(config-router)# template peer-session BaseSession switch(config-router-stmp)# timers 30 90 switch(config-router-stmp)# exit switch(config-router)# neighbor 192.168.1.2 remote-as 65536 switch(config-router-neighbor)# inherit peer-session BaseSession switch(config-router-neighbor)# description Peer Router A switch(config-router-neighbor)# address-family ipv4 unicast switch(config-router-neighbor)# copy running-config startup-config
Configuring BGP Peer-Policy Templates
You can configure a peer-policy template to define attributes for a particular address family. You assign a preference to each peer-policy template and these templates are inherited in the order specified, for up to five peer-policy templates in a neighbor address family.
Cisco NX-OS evaluates multiple peer policies for an address family using the preference value. The lowest preference value is evaluated first. Any attributes configured for the neighbor take priority over any attributes inherited by that neighbor from a BGP template.
Peer-policy templates can configure address family-specific attributes such as AS-path filter lists, prefix lists, route reflection, and soft reconfiguration.
BEFORE YOU BEGIN
Note Ensure that you have enabled the BGP feature (see the
“Enabling the BGP Feature” section on page 8-10 ).When editing a template, you can use the
no form of a command at either the peer or template level to explicitly override a setting in a template. You must use the default form of the command to reset that attribute to the default state.
SUMMARY STEPS
1.
2.
configure terminal router bgp autonomous-system-number
9-16
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
3.
4.
template peer-policy template-name advertise-active-only maximum-prefix number
7.
8.
5.
6.
exit neighbor ip-address remote-as as-number address-family ipv4 {multicast | unicast } inherit peer-policy template-name preference 9.
10.
11.
(Optional) show bgp peer-policy template-name
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example : switch# configure terminal switch(config)#
Step 2 router bgp autonomous-system-number
Example : switch(config)# router bgp 65536 switch(config-router)#
Step 3 template peer-policy template-name
Example : switch(config-router)# template peer-policy BasePolicy switch(config-router-ptmp)#
Step 4 advertise-active-only
Example : switch(config-router-ptmp)# advertise-active-only
Step 5 maximum-prefix number
Example : switch(config-router-ptmp)# maximum-prefix 20
Step 6 exit
Example : switch(config-router-ptmp)# exit switch(config-router)#
Step 7 neighbor ip-address remote-as as-number
Example: switch(config-router)# neighbor
192.168.1.2 remote-as 65536 switch(config-router-neighbor)#
Purpose
Enters configuration mode.
Enables BGP and assigns the autonomous system number to the local BGP speaker.
Creates a peer-policy template.
(Optional) Advertises only active routes to the peer.
(Optional) Sets the maximum number of prefixes allowed from this peer.
Exits peer-policy template configuration mode.
Places the router in neighbor configuration mode for
BGP routing and configures the neighbor IP address.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
9-17
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
Command
Step 8 address-family ipv4 { multicast | unicast }
Purpose
Enters global address family configuration mode for the IPv4 address family.
Example : switch(config-router-neighbor)# address-family ipv4 unicast switch(config-router-neighbor-af)#
Step 9 inherit peer-policy template-name preference
Applies a peer-policy template to the peer address family configuration and assigns the preference value for this peer policy.
Example : switch(config-router-neighbor-af)# inherit peer-policy BasePolicy 1
Step 10 show bgp peer-policy template-name (Optional) Displays the peer-policy template.
Example: switch(config-router-neighbor-af)# show bgp peer-policy BasePolicy
Step 11 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config-router-neighbor-af)# copy running-config startup-config
Use the show bgp neighbor command to see the template applied. See the Cisco Nexus 6000 Series
Command Reference, Cisco NX-OS Releases 7.x
, for details on all commands available in the template.
This example shows how to configure a BGP peer-session template and apply it to a BGP peer: switch# configure terminal switch(config)# router bgp 65536 switch(config-router)# template peer-session BasePolicy switch(config-router-ptmp)# maximum-prefix 20 switch(config-router-ptmp)# exit switch(config-router)# neighbor 192.168.1.1 remote-as 65536 switch(config-router-neighbor)# address-family ipv4 unicast switch(config-router-neighbor-af)# inherit peer-policy BasePolicy switch(config-router-neighbor-af)# copy running-config startup-config
Configuring BGP Peer Templates
You can configure BGP peer templates to combine session and policy attributes in one reusable configuration block. Peer templates can also inherit peer-session or peer-policy templates. Any attributes configured for the neighbor take priority over any attributes inherited by that neighbor from a BGP template. You configure only one peer template for a neighbor, but that peer template can inherit peer-session and peer-policy templates.
Peer templates support session and address family attributes, such as eBGP multihop time-to-live, maximum prefix, next-hop self, and timers.
9-18
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
BEFORE YOU BEGIN
Note Ensure that you have enabled the BGP feature (see the
“Enabling the BGP Feature” section on page 8-10
).When editing a template, you can use the no form of a command at either the peer or template level to explicitly override a setting in a template. You must use the default form of the command to reset that attribute to the default state.
SUMMARY STEPS
3.
4.
1.
2.
configure terminal router bgp autonomous-system-number template peer template-name
(Optional) inherit peer-session template-name
(Optional) address-family { ipv4 | ipv6 } { multicast | unicast }
(Optional) inherit peer template-name
5.
6.
7.
8.
exit
(Optional) timers keepalive hold exit 9.
10.
11.
12.
neighbor ip-address remote-as as-number inherit peer template-name
(Optional) timers keepalive hold
13.
14.
(Optional) show bgp peer-template template-name
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example : switch# configure terminal switch(config)#
Step 2 router bgp autonomous-system-number
Example : switch(config)# router bgp 65536
Step 3 template peer template-name
Example : switch(config-router)# template peer
BasePeer switch(config-router-neighbor)#
Purpose
Enters configuration mode.
Enters BGP mode and assigns the autonomous system number to the local BGP speaker.
Enters peer template configuration mode.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
9-19
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
Command
Step 4 inherit peer-sessio n template-name
Example : switch(config-router-neighbor)# address-family ipv4 unicast switch(config-router-neighbor-af)#
Step 6 inherit peer template-name
Purpose
(Optional) Inherits a peer-session template in the peer template.
Example : switch(config-router-neighbor)# inherit peer-session BaseSession
Step 5 address-family ipv4 { multicast | unicast } (Optional) Configures the global address family configuration mode for the IPv4 or IPv6 address family.
(Optional) Applies a peer template to the neighbor address family configuration.
Example : switch(config-router-neighbor-af)# inherit peer BasePolicy
Step 7 exit Exits BGP neighbor address family configuration mode.
Example : switch(config-router-neighbor-af)# exit switch(config-router-neighbor)#
Step 8 timers keepalive hold
Example : switch(config-router-neighbor)# timers
45 100
Step 9 exit
(Optional) Adds the BGP timer values to the peer.
These values override the timer values in the peer-session template, BaseSession.
Exits BGP peer template configuration mode.
Example : switch(config-router-neighbor)# exit switch(config-router)#
Step 10 neighbor ip-address remote-as as-number Places the router in neighbor configuration mode for
BGP routing and configures the neighbor IP address.
Example: switch(config-router)# neighbor
192.168.1.2 remote-as 65536 switch(config-router-neighbor)#
Step 11 inherit peer template-name Inherits the peer template.
Example : switch(config-router-neighbor)# inherit peer BasePeer
Step 12 timers keepalive hold
Example : switch(config-router-neighbor)# timers
60 120
Step 13 show bgp peer-template template-name
(Optional) Adds the BGP timer values to this neighbor.
These values override the timer values in the peer template and the peer-session template.
(Optional) Displays the peer template.
Example: switch(config-router-neighbor-af)# show bgp peer-template BasePeer
Step 14 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config-router-neighbor-af)# copy running-config startup-config
9-20
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
Use the show bgp neighbor command to see the template applied. See the Cisco Nexus 6000 Series
Command Reference, Cisco NX-OS Releases 7.x
, for details on all commands available in the template.
This example shows how to configure a BGP peer template and apply it to a BGP peer: switch# configure terminal switch(config)# router bgp 65536 switch(config-router)# template peer BasePeer switch(config-router-neighbor)# inherit peer-session BaseSession switch(config-router-neighbor)# address-family ipv4 unicast switch(config-router-neighbor-af)# inherit peer-policy BasePolicy 1 switch(config-router-neighbor-af)# exit switch(config-router-neighbor)# exit switch(config-router)# neighbor 192.168.1.2 remote-as 65536 switch(config-router-neighbor)# inherit peer BasePeer switch(config-router-neighbor)# copy running-config startup-config
Configuring Prefix Peering
BGP supports the definition of a set of peers using a prefix for both IPv4. This feature allows you to not have to add each neighbor to the configuration.
When defining a prefix peering, you must specify the remote AS number with the prefix. BGP accepts any peer that connects from that prefix and autonomous system if the prefix peering does not exceed the configured maximum peers allowed.
When a BGP peer that is part of a prefix peering disconnects, Cisco NX-OS holds its peer structures for a defined prefix peer timeout value. An established peer can reset and reconnect without danger of being blocked because other peers have consumed all slots for that prefix peering.
To configure the BGP prefix peering timeout value, use the following command in router configuration mode:
Command timers prefix-peer-timeout value
Example : switch(config-router-neighbor)# timers prefix-peer-timeout 120
Purpose
Configures the timeout value for prefix peering.
The range is from 0 to 1200 seconds. The default value is 30.
To configure the maximum number of peers, use the following command in neighbor configuration mode:
Command maximum-peers value
Example : switch(config-router-neighbor)# maximum-peers 120
Purpose
Configures the maximum number of peers for this prefix peering. The range is from 1 to 1000.
This example shows how to configure a prefix peering that accepts up to 10 peers: switch(config)# router bgp 65536 switch(config-router)# timers prefix-peer-timeout 120 switch(config-router)# neighbor 10.100.200.0/24 remote-as 65536
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01 9-21
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP switch(config-router-neighbor)# maximum-peers 10 switch(config-router-neighbor)# address-family ipv4 unicast switch(config-router-neighbor-af)#
Use the show ip bgp neighbor command to show the details of the configuration for that prefix peering with a list of the currently accepted instances and the counts of active, maximum concurrent, and total accepted peers.
Configuring BGP Authentication
You can configure BGP to authenticate route updates from peers using MD5 digests.
To configure BGP to use MD5 authentication, use the following command in neighbor configuration mode:
Command password [ 0 | 3 | 7 ] string
Example : switch(config-router-neighbor)# password
BGPpassword
Purpose
Configures an MD5 password for BGP neighbor sessions.
Resetting a BGP Session
If you modify a route policy for BGP, you must reset the associated BGP peer sessions. If the BGP peers do not support route refresh, you can configure a soft reconfiguration for inbound policy changes. Cisco
NX-OS automatically attempts a soft reset for the session.
To configure soft reconfiguration inbound, use the following command in neighbor address-family configuration mode:
Command soft-reconfiguration inbound
Example : switch(config-router-neighbor-af)# soft-reconfiguration inbound
Purpose
Enables soft reconfiguration to store the inbound
BGP route updates. This command triggers an automatic soft clear or refresh of BGP neighbor sessions.
To reset a BGP neighbor session, use the following command in any mode:
Command clear bgp ip { unicast | multicast } ip-address soft { in | out }
Example : switch# clear bgp ip unicast 192.0.2.1 soft in
Purpose
Resets the BGP session without tearing down the
TCP session.
9-22
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
Modifying the Next-Hop Address
You can modify the next-hop address used in a route advertisement in the following ways:
• Disable the next-hop calculation and use the local BGP speaker address as the next-hop address.
• Set the next-hop address as a third-party address. Use this feature in situations where the original next-hop address is on the same subnet as the peer that the route is being sent to. Using this feature saves an extra hop during forwarding.
To modify the next-hop address, use the following parameters in commands address-family configuration mode:
Command next-hop-self
Example : switch(config-router-neighbor-af)# next-hop-self next-hop-third-party
Example : switch(config-router-neighbor-af)# next-hop-third-party
Purpose
Uses the local BGP speaker address as the next-hop address in route updates. This command triggers an automatic soft clear or refresh of BGP neighbor sessions.
Sets the next-hop address as a third-party address.
Use this command for single-hop EBGP peers that do not have next-hop-self configured.
Configuring BGP Next-Hop Address Tracking
BGP next-hop address tracking is enabled by default and cannot be disabled.
You can modify the delay interval between RIB checks to increase the performance of BGP next-hop tracking. You can configure the critical timer for routes that affect BGP next-hop reachability, and you can configure the noncritical timer for all other routes in the BGP table.
To modify the BGP next-hop address tracking, use the following commands address-family configuration mode:
Command nexthop trigger-delay { critical | non-critical } milliseconds
Example : switch(config-router-af)# nexthop trigger-delay critical 5000 nexthop route-map name
Example : switch(config-router-af)# nexthop route-map nextHopLimits
Purpose
Specifies the next-hop address tracking delay timer for critical next-hop reachability routes and for noncritical routes. The range is from 1 to
4294967295 milliseconds. The critical timer default is 3000. The noncritical timer default is
10000.
Specifies a route map to match the BGP next-hop addresses to. The name can be any case-sensitive, alphanumeric string up to 63 characters.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
9-23
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
Configuring Next-Hop Filtering
BGP next-hop filtering allows you to specify that when a next-hop address is checked with the RIB, the underlying route for that next-hop address is passed through the route map. If the route map rejects the route, the next-hop address is treated as unreachable.
BGP marks all next hops that are rejected by the route policy as invalid and does not calculate the best path for the routes that use the invalid next-hop address.
To configure BGP next-hop filtering, use the following command in address-family configuration mode:
Command nexthop route-map name
Example : switch(config-router-af)# nexthop route-map nextHopLimits
Purpose
Specifies a route map to match the BGP next-hop route to. The name can be any case-sensitive, alphanumeric string up to 63 characters.
Disabling Capabilities Negotiation
You can disable capabilities negotiations to interoperate with older BGP peers that do not support capabilities negotiation.
To disable capabilities negotiation, use the following command in neighbor configuration mode:
Command dont-capability-negotiate
Example : switch(config-router-neighbor)# dont-capability-negotiate
Purpose
Disables capabilities negotiation. You must manually reset the BGP sessions after configuring this command.
BGP Additional Paths
BGP supports sending and receiving multiple paths per prefix and advertising such paths.
Configuring Sending and Receiving of Additional Paths, page 9-24
Advertising the Capability of Sending and Receiving Additional Paths, page 9-26
Configuring Advertised Paths, page 9-27
Configuring Additional Path Selection, page 9-28
Configuring Sending and Receiving of Additional Paths
You can configure the capability of sending and receiving additional paths to and from the BGP peers.
9-24
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
Procedure
OL-30923-01
Command
Step 1 configure terminal
Example : switch# configure terminal switch(config)#
Step 2 router bgp number
Example : switch(config)# router bgp 1
Step 3 address-family ipv4 unicast
Example : switch(config-router)# address-family ipv4 unicast
Step 4 additional-paths send
Example : switch(config-router-af)# additional-paths send
Purpose
Enters Global Configuration Mode.
Enters the router BGP configuration mode.
Enters the address family configuration mode.
Enables the send capability of additional paths for all of the neighbors under address family.
Step 5 [no] additional-paths send
Example : switch(config-router-af)# additional-paths send
Enables the send capability of additional paths for all of the neighbors under address family.
The no form of this command disables the send capability.
Step 6 [no] additional-paths receive
[disable]
Enables the receive capability of additional paths for all of the neighbors under address family, for which the capability has not been disabled.
Example : s witch(config-router-af) # additional-paths receive
[disable]
The no form of this command disables the capability to receive additional paths from the peer.
Step 7 show bgp neighbor Displays the advertised additional paths send or receive capability to the remote peer.
Example : switch(config)# show bgp neighbor
Step 8 copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example : switch(config)# copy running-config startup-config
This example shows how to enable the additional paths send and receive capability for neighbors under the specified address family for which this capability has not been disabled: switch(config)# router bgp 100 switch(config-router)# neighbor 10.131.31.2 remote-as 100 switch(config-router-neighbor)# address-family ipv4 unicast switch(config-router-neighbor-af)# additional-paths send switch(config-router-neighbor-af)# additional-paths receive switch(config)# show bgp neighbor
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
9-25
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP switch(config)# copy running-config startup-config
Advertising the Capability of Sending and Receiving Additional Paths
You can configure BGP to advertise the capability of sending and receiving additional paths to and from the BGP peers.
Procedure
Command
Step 1 configure terminal
Example : switch# configure terminal switch(config)#
Step 2 router bgp number
Example : switch(config)# router bgp
100
Purpose
Enters Global Configuration Mode.
Enters the router BGP configuration mode.
Step 3 neighbor IP-address remote-as number
Configures a BGP neighbor and enters the neighbor configuration mode.
Example : switch(config-router)# neighbor 10.131.31.2 remote-as 100
Step 4 address-family ipv4 unicast
Example : switch(config-router-neighbor
)# address-family ipv4 unicast
Enters the address family configuration mode.
Step 5 [no] capability additional paths send [disable]
Example : switch(config-router-neighbor
-af)# capability additional paths send [disable]
Advertises the capability to send additional paths to the BGP peer. The disable option disables the advertising capability of sending additional paths.
The no form of this command disables the capability of sending additional paths.
Step 6 [no] capability additional paths receive [disable]
Example : switch
(config-router-neighbor-af)# capability additional paths receive [disable]
Advertises the capability to receive additional paths to the BGP peer. The disable option disables the advertising capability of receiving additional paths.
The no form of this command disables the capability of receiving additional paths.
9-26
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
Command
Step 7 show bgp neighbor
Example :
Switch(config)# show bgp neighbor
Purpose
Displays the advertised additional paths send or receive capability to the remote peer.
Step 8 copy running-config startup-config
Example : switch(config)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
This example shows how to advertise the capability to send and receive additional paths to the BGP peer: switch(config)# router bgp 100 switch(config-router)# neighbor 10.131.31.2
remote-as 100 switch(config-router-neighbor)# address-family ipv4 unicast switch(config-router-neighbor-af)# capability additional-paths send switch(config-router-neighbor-af)# capability additional-paths receive switch(config)# show bgp neighbor switch(config)# copy running-config startup-config
Configuring Advertised Paths
You can specify the paths that are advertised for BGP.
Procedure
Command
Step 1 configure terminal
Example : switch# configure terminal switch(config)#
Step 2 route-map path-selection rmap Enters the route-map path-selection configuration mode.
Example : switch(config)# route-map path-selection rmap
Purpose
Enters Global Configuration Mode.
Step 3 [ no]set path-selection all advertise
Specifies the paths to be advertised for a given prefix.
Example : switch(config-route-map)# set path-selection all advertise
The no form of this command specifies that only the best path be advertised.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
9-27
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
Command
Step 4 show bgp neighbor{ipv4 | ipv6} unicastip-address | ipv6-prefix [ vrfvrf-name]
Purpose
It displays the BGP neighbor information.
Example : switch(config)# show bgp neighbor{ipv4 | ipv6} unicastip-address | ipv6-prefix [ vrfvrf-name]
Step 5 copy running-config startup-config
Example : switch(config)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
This example shows how to specify the paths to be advertised for the specified prefix: switch(config)# route-map PATH_SELECTION_RMAP switch(config-route-map)# match ip address prefix-list pl switch(config)# show bgp ip4 unicast switch(config)# copy running-config startup-config
Configuring Additional Path Selection
You can configure the capability of selecting additional paths for a prefix.
Procedure
Command
Step 1 configure terminal
Example : switch# configure terminal switch(config)#
Step 2 router bgp number
Example : switch(config)# router bgp
100
Purpose
Enters Global Configuration Mode.
Enters the router BGP configuration mode.
Step 3 address-family {ipv4 | ipv6} unicast
Enters the address family configuration mode.
Example : switch(config-router)# address-family {ipv4 | ipv6} unicast
9-28
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
Command
Step 4 [ no] additional-paths selection route-map map-name
Purpose
Configures the capability of sending and receiving additional paths to and from the BGP peers.
The no form of this command specifies that only the best path be advertised.
Example : switch(config-router-af)# additional-paths selection route-map map-name
Step 5 show bgp {ipv4 | ipv6} unicast[ ip-address | ipv6-prefix] [vrf vrf-name ]
Displays the local peer has advertised the additional paths send or receive capability to the remote peer.
Example : switch(config) # show bgp
{ipv4 | ipv6} unicast[ ip-address | ipv6-prefix]
[vrf vrf-name]
Step 6 copy running-config startup-config
(Optional)
Example : switch(config)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
This example shows how to specify that all paths be advertised for the specified prefix: switch(config)# router bgp 100 switch(config-router)# address-family ipv4 unicast switch(config-router-af)# additional-paths selection route-map PATH_SELECTION_RMAP switch(config)# copy running-config startup-config
Configuring eBGP
This section includes the following topics:
•
•
•
•
Disabling eBGP Single-Hop Checking, page 9-29
Configuring eBGP Multihop, page 9-30
Disabling a Fast External Failover, page 9-30
Limiting the AS-path Attribute, page 9-31
Disabling eBGP Single-Hop Checking
You can configure eBGP to disable checking whether a single-hop eBGP peer is directly connected to the local router. Use this option for configuring a single-hop loopback eBGP session between directly connected switches.
To disable checking whether or not a single-hop eBGP peer is directly connected, use the following command in neighbor configuration mode:
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
9-29
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
Command disable-connected-check
Example : switch(config-router-neighbor)# disable-connected-check
Purpose
Disables checking whether or not a single-hop eBGP peer is directly connected. You must manually reset the BGP sessions after using this command.
Configuring eBGP Multihop
You can configure the eBGP time-to-live (TTL) value to support eBGP multihop. In some situations, an eBGP peer is not directly connected to another eBGP peer and requires multiple hops to reach the remote eBGP peer. You can configure the eBGP TTL value for a neighbor session to allow these multihop sessions.
To configure eBGP multihop, use the following command in neighbor configuration mode:
Command ebgp-multihop ttl-value
Example : switch(config-router-neighbor)# ebgp-multihop 5
Purpose
Configures the eBGP TTL value for eBGP multihop. The range is from 2 to 255. You must manually reset the BGP sessions after using this command.
Disabling a Fast External Failover
Typically, when a BGP router loses connectivity to a directly connected eBGP peer, BGP triggers a fast external failover by resetting the eBGP session to the peer. You can disable this fast external failover to limit the instability caused by link flaps.
To disable fast external failover, use the following command in router configuration mode:
Command no fast-external-failover
Example : switch(config-router)# no fast-external-failover
Purpose
Disables a fast external failover for eBGP peers.
This command is enabled by default.
Configuring Local AS Support
The local AS feature allows a router to appear to be a member of a second autonomous system (AS), in addition to its real AS. Local AS allows two ISPs to merge without modifying peering arrangements.
Routers in the merged ISP become members of the new autonomous system but continue to use their old
AS numbers for their customers.
This feature can only be used for true eBGP peers. You cannot use this feature for two peers that are members of different confederation sub-autonomous systems.
9-30
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
To configure eBGP local AS support, use the following command in neighbor configuration mode:
Command local-as number [no-prepend [replace-as
[dual-as]]]
Example : switch(config-router-neighbor)# local-as
1.1
Purpose
Configures eBGP to prepend the local AS number to the AS_PATH attribute.The AS number can be a
16-bit integer or a 32-bit integer in the form of a higher 16-bit decimal number and a lower 16-bit decimal number in xx.xx format.
This example shows how to configure local AS support on a VRF: switch(config)# router bgp 1 switch(config-router)# vrf test switch(config-router-vrf)# local-as 1 switch(config-router-vrf)# show running-config bgp
Limiting the AS-path Attribute
You can configure eBGP to discard routes that have a high number of AS numbers in the AS-path attribute.
To discard routes that have a high number of AS numbers in the AS-path attribute, use the following command in router configuration mode:
Command maxas-limit number
Example : switch(config-router)# maxas-limit 50
Purpose
Discards eBGP routes that have a number of
AS-path segments that exceed the specified limit.
The range is from 1 to 2000.
Configuring the General Time-To-Live Security Mechanism
The General Time-To-Live Security Mechanism (GTSM) protects eBGP peering sessions from CPU utilization-based attacks. GTSM checks the time-to-live (TTL) value of incoming eBGP packets and discards forged BGP packets in the hardware.
When you enable GTSM for a peer, Cisco NX-OS sends out BGP packets to the peer with a TTL value of 255. For packets received from the peer, Cisco NX-OS verifies that the TTL value is greater than or equal to the configured incoming TTL value. If this check fails, Cisco NX-OS discards the packets in the hardware. The incoming TTL value is derived from the hop count configured for the peer. If the peer is just one hop away (single-hop eBGP), the incoming TTL value is expected to be 255. If the eBGP peer is multiple hops away, then the incoming TTL value is calculated to be (255–hop count). The configured hop count should be the maximum for all possible paths between the two peers.
Note GTSM is applicable only to eBGP peers and is disabled by default. You can enable GTSM on a per-peer or a per-peer-template basis.
Note You cannot configure GTSM if you use the ebgp-multihop command. Also, you cannot configure
GTSM with a hop count of two or more, if the disable-connected-check command is configured.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
9-31
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
Configuring AS Confederations
To configure an AS confederation, you must specify a confederation identifier. The group of autonomous systems within the AS confederation looks like a single autonomous system with the confederation identifier as the autonomous system number.
To configure a BGP confederation identifier, use the following command in router configuration mode:
Command confederation identifier as-number
Example : switch(config-router)# confederation identifier 4000
Purpose
Configures a confederation identifier for an AS confederation. This command triggers an automatic notification and session reset for the
BGP neighbor sessions.
To configure the autonomous systems that belong to the AS confederation, use the following command in router configuration mode:
Command bgp confederation peers as-number
[ as-number2...
]
Example : switch(config-router)# bgp confederation peers 5 33 44
Purpose
Specifies a list of autonomous systems that belong to the confederation. This command triggers an automatic notification and session reset for the
BGP neighbor sessions.
Configuring Route Reflector
You can configure iBGP peers as route reflector clients to the local BGP speaker, which acts as the route reflector. Together, a route reflector and its clients form a cluster. A cluster of clients usually has a single route reflector. In such instances, the cluster is identified by the router ID of the route reflector. To increase redundancy and avoid a single point of failure in the network, you can configure a cluster with more than one route reflector. You must configure all route reflectors in the cluster with the same 4-byte cluster ID so that a route reflector can recognize updates from route reflectors in the same cluster.
BEFORE YOU BEGIN
Ensure that you have enabled the BGP feature (see the
“Enabling the BGP Feature” section on page 8-10 ).
SUMMARY STEPS
3.
4.
1.
2.
5.
6.
configure terminal router bgp as-number cluster-id cluster-id address-family ipv4 { unicast | multicast }
(Optional) client-to-client reflection exit
9-32
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
7.
8.
neighbor ip-address remote-as as-number address-family ipv4 { unicast | multicast } route-reflector-client 9.
10.
11.
show bgp ip { unicast | multicast } neighbors
(Optional) copy running-config startup-config
DETAILED STEPS
Command or Action
Step 1 configure terminal
Purpose
Enters configuration mode.
Example : switch# configure terminal switch(config)#
Step 2 router bgp as-number Enters BGP mode and assigns the autonomous system number to the local BGP speaker.
Example : switch(config)# router bgp 65536 switch(config-router)#
Step 3 cluster-id cluster-id
Example : switch(config-router)# cluster-id
192.0.2.1
Step 4 address-family ipv4 { unicast | multicast }
Configures the local router as one of the route reflectors that serve the cluster. You specify a cluster ID to identify the cluster. This command triggers an automatic soft clear or refresh of BGP neighbor sessions.
Enters router address family configuration mode for the specified address family.
Example : switch(config-router)# address-family ipv4 unicast switch(config-router-af)#
Step 5 client-to-client reflection
Example : switch(config-router-af)# client-to-client reflection
(Optional) Configures client-to-client route reflection.
This feature is enabled by default. This command triggers an automatic soft clear or refresh of BGP neighbor sessions.
Step 6 exit Exits router address configuration mode.
Example : switch(config-router-neighbor)# exit switch(config-router)#
Step 7 neighbor ip-address remote-as as-number
Configures the IP address and AS number for a remote
BGP peer.
Example: switch(config-router)# neighbor
192.0.2.10 remote-as 65536 switch(config-router-neighbor)#
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
9-33
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
Command or Action
Step 8 address-family ipv4 { unicast | multicast }
Example: switch(config-router-neighbor)# address-family ipv4 unicast switch(config-router-neighbor-af)#
Step 9 route-reflector-client
Example : switch(config-router-neighbor-af)# route-reflector-client
Step 10 show bgp ip { unicast | multicast } neighbors
Example: switch(config-router-neighbor-af)# show bgp ip unicast neighbors
Step 11 copy running-config startup-config
Example: switch(config-router-neighbor-af)# copy running-config startup-config
Purpose
Enters neighbor address family configuration mode for the unicast IPv4 or IPv6 address family.
Configures the switch as a BGP route reflector and configures the neighbor as its client. This command triggers an automatic notification and session reset for the BGP neighbor sessions.
(Optional) Displays the BGP peers.
(Optional) Saves this configuration change.
This example shows how to configure the router as a route reflector and add one neighbor as a client: switch(config)# router bgp 65536 switch(config-router)# neighbor 192.0.2.10 remote-as 65536 switch(config-router-neighbor)# address-family ip unicast switch(config-router-neighbor-af)# route-reflector-client switch(config-router-neighbor-af)# copy running-config startup-config
Configuring Route Dampening
You can configure route dampening to minimize route flaps propagating through your iBGP network.
To configure route dampening, use the following command in address-family or VRF address family configuration mode:
Command dampening [{ half-life reuse-limit suppress-limit max-suppress-time | route-map map-name }]
Example : switch(config-router-af)# dampening route-map bgpDamp
Purpose
Disables capabilities negotiation. The parameter values are as follows:
•
•
• half-life—The range is from 1 to 45.
reuse-limit—The range is from 1 to 20000.
• suppress-limit—The range is from 1 to 20000.
max-suppress-time—The range is from 1 to
255.
9-34
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
Configuring Load Sharing and ECMP
You can configure the maximum number of paths that BGP adds to the route table for equal-cost multipath load balancing.
To configure the maximum number of paths, use the following command in router address-family configuration mode:
Command maximum-paths [ ibgp ] maxpaths
Example : switch(config-router-af)# maximum-paths 12
Purpose
Configures the maximum number of equal-cost paths for load sharing. The range is from 1 to 64.
The default is 8.
Configuring Maximum Prefixes
You can configure the maximum number of prefixes that BGP can receive from a BGP peer. If the number of prefixes exceeds this value, you can optionally configure BGP to generate a warning message or tear down the BGP session to the peer.
To configure the maximum allowed prefixes for a BGP peer, use the following command in neighbor address-family configuration mode:
Command maximum-prefix maximum [ threshold ]
[ restart time | warming-only ]
Example : switch(config-router-neighbor-af)# maximum-prefix 12
Purpose
Configures the maximum number of prefixes from a peer. The parameter ranges are as follows:
•
• maximum —The range is from 1 to 300000.
Threshold —The range is from 1 to 100 percent. The default is 75 percent.
• time —The range is from 1 to 65535 minutes.
This command triggers an automatic notification and session reset for the BGP neighbor sessions if the prefix limit is exceeded.
Configuring Dynamic Peer Prioritization
You can configure dynamic peer prioritization to protect BGP sessions from CPU utilization-based denial-of-service (DoS) attacks. You use dynamic peer prioritization to dynamically configure hardware packet filters to prioritize packets from configured and established peers that are bound to the supervisor and to discard packets from unknown senders.
To configure dynamic peer prioritization, use the following command in router configuration mode:
Command dynamic-prioritization bgp
Example : switch(config)# dynamic-prioritization bgp
Purpose
Enables dynamic peer prioritization. Enabled by default.
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01 9-35
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
Configuring Dynamic Capability
You can configure dynamic capability for a BGP peer.
To configure dynamic capability, use the following command in neighbor configuration mode:
Command dynamic-capability
Example : switch(config-router-neighbor)# dynamic-capability
Purpose
Enables dynamic capability. This command triggers an automatic notification and session reset for the BGP neighbor sessions.
This command is disabled by default.
Configuring Aggregate Addresses
You can configure aggregate address entries in the BGP route table.
To configure an aggregate address, use the following command in router address-family configuration mode:
Command aggregate-address ip-prefix/length
[ as-set ] [ summary-only ] [ advertise-map map-name ] [ attribute-map map-name ]
[suppress -map map-name ]
Example : switch(config-router-af)# aggregate-address 192.0.2.0/8 as-set
Purpose
Creates an aggregate address. The path advertised for this route is an autonomous system set that consists of all elements contained in all paths that are being summarized:
• The as-set keyword generates autonomous system set path information and community information from contributing paths.
•
•
•
•
The summary-only keyword filters all more specific routes from updates.
The advertise-map keyword and argument specify the route map used to select attribute information from selected routes.
The attribute-map keyword and argument specify the route map used to select attribute information from the aggregate.
The suppress-map keyword and argument conditionally filters more specific routes.
Configuring BGP Conditional Advertisement
You can configure BGP conditional advertisement to limit the routes that BGP propagates. You define the following two route maps:
• Advertise map—Specifies the conditions that the route must match before BGP considers the conditional advertisement. This route map can contain any appropriate match statements.
9-36
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
BEFORE YOU BEGIN
Ensure that you have enabled the BGP feature (see the
“Enabling the BGP Feature” section on page 8-10
).
SUMMARY STEPS
• Exist map or nonexist map—Defines the prefix that must exist in the BGP table before BGP propagates a route that matches the advertise map. The nonexist map defines the prefix that must not exist in the BGP table before BGP propagates a route that matches the advertise map. BGP processes only the permit statements in the prefix list match statements in these route maps.
If the route does not pass the condition, BGP withdraws the route if it exists in the BGP table.
5.
6.
7.
3.
4.
1.
2.
configure terminal router bgp as-number neighbor ipaddress remote-as as-number address-family ipv4 { unicast | multicast } advertise-map adv-map { exist-map exist-rmap | non-exist-map nonexist-rmap }
(Optional) show ip bgp neighbor
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 router bgp as-number
Example : switch(config)# router bgp 65536 switch(config-router)#
Step 3 neighbor ip-address remote-as as-number
Example: switch(config-router)# neighbor
192.168.1.2 remote-as 65537 switch(config-router-neighbor)#
Step 4 address-family ipv4 { unicast | multicast }
Purpose
Enters configuration mode.
Enters BGP mode and assigns the autonomous system number to the local BGP speaker.
Places the router in neighbor configuration mode for
BGP routing and configures the neighbor IP address.
Enters address family configuration mode.
Example : switch(config-router-neighbor)# address-family ipv4 multicast switch(config-router-neighbor-af)#
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
9-37
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
Command
Step 5 advertise-map adv-map { exist-map exist-rmap | non-exist-map nonexist-rmap }
Example : switch(config-router-neighbor-af)# advertise-map advertise exist-map exist
Step 6 show ip bgp neighbor
Purpose
Configures BGP to conditionally advertise routes based on the two configured route maps:
• adv-map—Specifies a route map with match statements that the route must pass before BGP passes the route to the next route map. The adv-map is a case-sensitive, alphanumeric string up to 63 characters.
•
• exist-rmap—Specifies a route map with match statements for a prefix list. A prefix in the BGP table must match a prefix in the prefix list before
BGP will advertise the route. The exist-rmap is a case-sensitive, alphanumeric string up to 63 characters.
nonexist-rmap—Specifies a route map with match statements for a prefix list. A prefix in the BGP table must not match a prefix in the prefix list before BGP will advertise the route. The nonexist-rmap is a case-sensitive, alphanumeric string up to 63 characters.
(Optional) Displays information about BGP and the configured conditional advertisement route maps.
Example: switch(config-router-neighbor-af)# show ip bgp neighbor
Step 7 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config-router-neighbor-af)# copy running-config startup-config
This example shows how to configure BGP conditional advertisement: switch# configure terminal switch(config)# router bgp 65536 switch(config-router)# neighbor 192.0.2.2 remote-as 65537 switch(config-router-neighbor)# address-family ipv4 unicast switch(config-router-neighbor-af)# advertise-map advertise exist-map exist switch(config-router-neighbor-af)# exit switch(config-router-neighbor)# exit switch(config-router)# exit switch(config)# route-map advertise switch(config-route-map)# match as-path pathList switch(config-route-map)# exit switch(config)# route-map exit switch(config-route-map)# match ip address prefix-list plist switch(config-route-map)# exit switch(config)# ip prefix-list plist permit 209.165.201.0/27
Configuring Route Redistribution
You can configure BGP to accept routing information from another routing protocol and redistribute that information through the BGP network. Optionally, you can assign a default route for redistributed routes.
9-38
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
Note Redistribution does not work if the access list is used as a match option in route-maps.
BEFORE YOU BEGIN
Ensure that you have enabled the BGP feature (see the
“Enabling the BGP Feature” section on page 8-10
).
SUMMARY STEPS
3.
4.
1.
2.
5.
6.
configure terminal router bgp as-number address-family ipv4 { unicast | multicast } redistribute { direct | { eigrp | ospf | ospfv3 | rip } instance-tag | static } route-map map-name
(Optional) default-metric value
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 router bgp as-number
Example: switch(config)# router bgp 65536 switch(config-router)#
Step 3 address-family ipv4 { unicast | multicast }
Purpose
Enters configuration mode.
Enters BGP mode and assigns the autonomous system number to the local BGP speaker.
Enters address family configuration mode.
Example : switch(config-router)# address-family ipv4 unicast switch(config-router-af)#
Step 4 redistribute { direct | { eigrp | ospf | ospfv3 | rip } instance-tag | static } route-map map-name
Redistributes routes from other protocols into BGP.
See the “Configuring Route Maps” section on page 14-13
for more information about route maps.
Example : switch(config-router-af)# redistribute eigrp 201 route-map Eigrpmap
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
9-39
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
Command
Step 5 default-metric value
Purpose
(Optional) Generates a default route into BGP.
Example : switch(config-router-af)# default-metric
33
Step 6 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config-router-af)# copy running-config startup-config
This example shows how to redistribute EIGRP into BGP: switch# configure terminal switch(config)# router bgp 65536 switch(config-router)# address-family ipv4 unicast switch(config-router-af)# redistribute eigrp 201 route-map Eigrpmap switch(config-router-af)# copy running-config startup-config
Tuning BGP
You can tune BGP characteristics through a series of optional parameters.
To tune BGB, use the following optional commands in router configuration mode:
Command enforce-first-as
Example: switch(config-router)# enforce-first-as
Purpose bestpath [ always-compare-med | compare-routerid | med { missing-as-worst | non-deterministic }]
Example : switch(config-router)# bestpath always-compare-med
Modifies the best-path algorithm. The optional parameters are as follows:
• always-compare-med —Compares MED on paths from different autonomous systems.
•
• compare-routerid —Compares the router IDs for identical eBGP paths.
med missing-as-worst — Sees a missing MED as the highest MED.
• med non-deterministic —Does not always select the best MED path from among the paths from the same autonomous system.
Enforces the neighbor autonomous system to be the first AS number listed in the AS_path attribute for eBGP.
log-neighbor-changes Generates a system message when a neighbor changes state.
Example : switch(config-router)# log-neighbor-changes
9-40
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
Command router-id id
Example : switch(config-router)# router-id
209.165.20.1
timers [ bestpath-delay delay | bgp keepalive holdtime | prefix-peer-timeout timeout ]
Example : switch(config-router)# timers bgp 90 270
Purpose
Manually configures the router ID for this BGP speaker.
Sets the BGP timer values. The optional parameters are as follows:
• delay —Initial best-path timeout value after a restart. The range is from 0 to 3600 seconds.
The default value is 300.
•
• keepalive—BGP session keepalive time. The range is from 0 to 3600 seconds. The default value is 60.
holdtime—BGP session hold time.The range is from 0 to 3600 seconds. The default value is
180.
• timeout—Prefix peer timeout value. The range is from 0 to 1200 seconds. The default value is
30.
You must manually reset the BGP sessions after configuring this command.
To tune BGP, use the following optional command in router address-family configuration mode:
Command distance ebgp-distance ibgp distance local-distance
Example : switch(config-router-af)# distance 20 100
200
Purpose
Sets the administrative distance for BGP. The range is from 1 to 255. The defaults are as follows:
• eBGP distance—20.
•
• iBGP distance—200.
local distance—220. Local distance is the administrative distance used for aggregate discard routes when they are installed in the
RIB.
To tune BGP, use the following optional commands in neighbor configuration mode:
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
9-41
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
Command description string
Example : switch(config-router-neighbor)# description main site low-memory exempt
Example : switch(config-router-neighbor)# low-memory exempt
Exempts this BGP neighbor from a possible shutdown due to a low memory condition.
transport connection-mode passive
Example: switch(config-router-neighbor)# transport connection-mode passive remove-private-as
Example : switch(config-router-neighbor)# remove-private-as
Purpose
Sets a descriptive string for this BGP peer. The string can be up to 80 alphanumeric characters.
Allows a passive connection setup only. This BGP speaker does not initiate a TCP connection to a
BGP peer. You must manually reset the BGP sessions after configuring this command.
Removes private AS numbers from outbound route updates to an eBGP peer. This command triggers an automatic soft clear or refresh of BGP neighbor sessions.
update-source interface-type number
Example : switch(config-router-neighbor)# update-source ethernet 2/1
Configures the BGP speaker to use the source IP address of the configured interface for BGP sessions to the peer. This command triggers an automatic notification and session reset for the
BGP neighbor sessions.
To tune BGP, use the following optional commands in neighbor address-family configuration mode:
Command suppress-inactive
Example : switch(config-router-neighbor-af)# suppress-inactive default-originate [ route-map map-name ]
Example : switch(config-router-neighbor-af)# default-originate filter-list list-name { in | out }
Example: switch(config-router-neighbor-af)# filter-list BGPFilter in prefix-list list-name { in | out }
Example: switch(config-router-neighbor-af)# prefix-list PrefixFilter in
Purpose
Advertises the best (active) routes only to the BGP peer. This command triggers an automatic soft clear or refresh of BGP neighbor sessions.
Generates a default route to the BGP peer.
Applies an AS_path filter list to this BGP peer for inbound or outbound route updates. This command triggers an automatic soft clear or refresh of BGP neighbor sessions.
Applies a prefix list to this BGP peer for inbound or outbound route updates. This command triggers an automatic soft clear or refresh of BGP neighbor sessions.
9-42
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
Command send-community
Example : switch(config-router-neighbor-af)# send-community send-extcommunity
Example : switch(config-router-neighbor-af)# send-extcommunity
Purpose
Sends the community attribute to this BGP peer.
This command triggers an automatic soft clear or refresh of BGP neighbor sessions.
Sends the extended community attribute to this
BGP peer. This command triggers an automatic soft clear or refresh of BGP neighbor sessions.
Configuring a Graceful Restart
You can configure a graceful restart and enable the graceful restart helper feature for BGP.
BEFORE YOU BEGIN
SUMMARY STEPS
3.
4.
5.
6.
7.
1.
2.
configure terminal router bgp as-number graceful-restart graceful-restart [ restart-time time | stalepath-time time ] graceful-restart-helper
(Optional) show running-config bgp
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 router bgp as-number
Example: switch(config)# router bgp 65536 switch(config-router)#
Step 3 graceful-restart
Example: switch(config-router)# graceful-restart
Purpose
Enters configuration mode.
Creates a new BGP process with the configured autonomous system number.
Enables a graceful restart and the graceful restart helper functionality. This command is enabled by default.
This command triggers an automatic notification and session reset for the BGP neighbor sessions.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
9-43
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
Command
Step 4 graceful-restart [ restart-time time | stalepath-time time ]
Example: switch(config-router)# graceful-restart restart-time 300
Step 5 graceful-restart-helper
Example: switch(config-router)# graceful-restart-helper
Step 6 show running-config bgp
Purpose
Configures the graceful restart timers.
The optional parameters are as follows:
•
• restart-time—Maximum time for a restart sent to the BGP peer. The range is from 1 to 3600 seconds. The default is 120.
stalepath-time—Maximum time that BGP will keep the stale routes from the restarting BGP peer.
The range is from 1 to 3600 seconds. The default is 300.
This command triggers an automatic notification and session reset for the BGP neighbor sessions.
Enables the graceful restart helper functionality. Use this command if you have disabled graceful restart but you still want to enable graceful restart helper functionality. This command triggers an automatic notification and session reset for the BGP neighbor sessions.
(Optional) Displays the BGP configuration.
Example: switch(config-router)# show running-config bgp
Step 7 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config-router)# copy running-config startup-config
This example shows how to enable a graceful restart: switch# configure terminal switch(config)# router bgp 65536 switch(config-router)# graceful-restart switch(config-router)# copy running-config startup-config
Configuring Virtualization
You can create multiple VRFs and use the same BGP process in each VRF.
BEFORE YOU BEGIN
Ensure that you have enabled the BGP feature (see the
“Enabling the BGP Feature” section on page 8-10 ).
SUMMARY STEPS
1.
2.
configure terminal vrf context vrf-name
9-44
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP
5.
6.
3.
4.
7.
exit router bgp as-number vrf vrf-name neighbor ip-address remote-as as-number
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 vrf context vrf-name
Example: switch(config)# vrf context
RemoteOfficeVRF switch(config-vrf)#
Step 3 exit
Example: switch(config-vrf)# exit switch(config)#
Step 4 router bgp as-number
Example: switch(config)# router bgp 65536 switch(config-router)#
Step 5 vrf vrf-name
Example: switch(config-router)# vrf
RemoteOfficeVRF switch(config-router-vrf)#
Step 6 neighbor ip-address remote-as as-number
Example: switch(config-router-vrf)# neighbor
209.165.201.1 remote-as 65536 switch(config-router--vrf-neighbor)#
Step 7 copy running-config startup-config
Example: switch(config-router-vrf-neighbor)# copy running-config startup-config
Purpose
Enters configuration mode.
Creates a new VRF and enters VRF configuration mode.
Exits VRF configuration mode.
Creates a new BGP process with the configured autonomous system number.
Enters the router VRF configuration mode and associates this BGP instance with a VRF.
Configures the IP address and AS number for a remote
BGP peer.
(Optional) Saves this configuration change.
This example shows how to create a VRF and configure the router ID in the VRF: switch# configure terminal switch(config)# vrf context NewVRF switch(config-vrf)# exit switch(config)# router bgp 65536 switch(config-router)# vrf NewVRF
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01 9-45
Chapter 9 Configuring Advanced BGP
Configuring Advanced BGP switch(config-router-vrf)# neighbor 209.165.201.1 remote-as 65536 switch(config-router-vrf-neighbor)# copy running-config startup-config
Configuring Policy-Based Administrative Distance
You can configure a distance for external BGP (eBGP) and internal BGP (iBGP) routes that match a policy described in the configured route map. The distance configured in the route map is downloaded to the unicast RIB along with the matching routes. BGP uses the best path to determine the administrative distance when downloading next hops in the unicast RIB table. If there is no match or a deny clause in the policy, BGP uses the distance configured in the distance command or the default distance for routes.
The policy-based administrative distance feature is useful when there are two or more different routes to the same destination from two different routing protocols.
BEFORE YOU BEGIN
•
•
You must enable BGP.
Ensure that you are in the correct VDC (or use the switchto vdc command).
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Enters global configuration mode.
switch# configure terminal
Creates a prefix list to match IP packets or routes with the permit keyword.
switch(config)# ip prefix-list name
seq number
permit prefix-length
Creates a route map and enters route-map configuration mode with the permit keyword. If the match criteria for the route is met in the policy, the packet is policy routed.
switch(config)# route-map map-tag
permit sequence-number
Matches IPv4 network routes based on a prefix list. The prefix-list name can be any alphanumeric string up to 63 characters.
switch(config-route-map)# match ip address prefix-list prefix-list-name
Specifies the administrative distance for interior BGP (iBGP) or exterior BGP (eBGP) routes and BGP routes originated in the local autonomous system. The range is from 1 to 255.
switch(config-route-map)# set distance
value
Exits route-map configuration mode.
switch(config-route-map)# exit
Enters BGP mode and assigns the AS number to the local BGP speaker.
switch(config)# router bgp as-number
Enters address family configuration mode.
switch(config-router)# address-family {ipv4 | ipv6 | vpnv4 | vpnv6} unicast
9-46
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 9 Configuring Advanced BGP
Verifying the Advanced BGP Configuration
Step 9 Configures the selective administrative distance for a route map for BGP routes before forwarding them to the RIB table. The table-map name can be any alphanumeric string up to 63 characters.
switch(config-router-af)# table-map map-name
Note You can also configure the table-map command under the VRF address-family configuration mode.
Step 10 (Optional) Displays forwarding information distribution.
switch(config-router-af)# show forwarding distribution
Step 11 (Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
switch(config)# copy running-config startup-config
Verifying the Advanced BGP Configuration
To display the BGP configuration information, perform one of the following tasks:
Command show bgp all [ summary ] [ vrf vrf-name ]
Purpose
Displays the BGP information for all address families.
show bgp convergence [ vrf vrf-name ] show bgp ip { unicast | multicast } [ ip-address ] community { regexp expression | [ community ]
[ no-advertise ] [ no-export ]
[ no-export-subconfed ]} [ vrf vrf-name ]
Displays the BGP information for all address families.
Displays the BGP routes that match a BGP community.
show bgp [ vrf vrf-name ] ip { unicast | multicast }
[ ip-address ] community-list list-nam e [ vrf vrf-name ]
Displays the BGP routes that match a BGP community list.
show bgp ip { unicast | multicast } [ ip-address ] extcommunity { regexp expression | generic
[ non-transitive | transitive ] aa4:nn
[ exact-match ]} [ vrf vrf-name ]
Displays the BGP routes that match a BGP extended community.
show bgp ip { unicast | multicast } [ ip-address ] extcommunity-list list-nam e [ exact-match ] [ vrf vrf-name ]
Displays the BGP routes that match a BGP extended community list.
show bgp ip { unicast | multicast } [ ip-address ]
{ dampening dampened-paths [ regexp expression ]} [ vrf vrf-name ]
Displays the information for BGP route dampening. Use the clear bgp dampening command to clear the route flap dampening information.
show bgp ip { unicast | multicast } [ ip-address ] history-paths [ regexp expression ] [ vrf vrf-name ]
Displays the BGP route history paths.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
9-47
Chapter 9 Configuring Advanced BGP
Displaying BGP Statistics
Command show bgp ip { unicast | multicast } [ ip-address ] filter-list list-name [ vrf vrf-name ] show bgp ip { unicast | multicast } [ ip-address ] neighbors [ ip-address ] [ vrf vrf-name ]
Purpose
Displays the information for the BGP filter list.
Displays the information for BGP peers. Use the clear bgp neighbors command to clear these neighbors.
show bgp ip { unicast | multicast } [ ip-address ]
{ nexthop | nexthop-database } [ vrf vrf-name ] show bgp paths show bgp ip { unicast | multicast } [ ip-address ] policy name [ vrf vrf-name ]
Displays the information for the BGP route next hop.
Displays the BGP path information.
Displays the BGP policy information. Use the clear bgp policy command to clear the policy information.
Displays the BGP routes that match the prefix list.
show bgp ip { unicast | multicast } [ ip-address ] prefix-list list-name [ vrf vrf-name ] show bgp ip { unicast | multicast } [ ip-address ] received-paths [ vrf vrf-name ] show bgp ip { unicast | multicast } [ ip-address ] regexp expression [ vrf vrf-name ] show bgp ip { unicast | multicast } [ ip-address ] route-map map-name [ vrf vrf-name ] show bgp peer-policy name [ vrf vrf-name ] show bgp show bgp show bgp show ip show ip peer-session peer-template process bgp options mbgp options name [ vrf name [ show running-configuration bgp vrf-name vrf
] vrf-name ]
Displays the BGP paths stored for soft reconfiguration.
Displays the BGP routes that match the AS_path regular expression.
Displays the BGP routes that match the route map.
Displays the information about BGP peer policies.
Displays the information about BGP peer sessions.
Displays the information about BGP peer templates. Use the clear bgp peer-template command to clear all neighbors in a peer template.
Displays the BGP process information.
Displays the BGP status and configuration information. This command has multiple options.
See the Cisco Nexus 6000 Series Command
Reference, Cisco NX-OS Releases 7.x
, for more information.
Displays the BGP status and configuration information. This command has multiple options.
See the Cisco Nexus 6000 Series Command
Reference, Cisco NX-OS Releases 7.x
, for more information.
Displays the current running BGP configuration.
Displaying BGP Statistics
To display BGP statistics, use the following commands:
9-48
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 9 Configuring Advanced BGP
Related Topics
Command show bgp ip { unicast | multicast }
[ ip-address ] flap-statistics [ vrf vrf-name ] show bgp sessions [ vrf vrf-name ] show bgp show bgp sessions [ statistics vrf vrf-name ]
Purpose
Displays the BGP route flap statistics. Use the clear bgp flap-statistics command to clear these statistics.
Displays the BGP sessions for all peers. Use the clear bgp sessions command to clear these statistics.
Displays the BGP sessions for all peers. Use the clear bgp sessions command to clear these statistics.
Displays the BGP statistics.
Related Topics
The following topics can give more information on BGP:
•
•
Chapter 9, “Configuring Advanced BGP”
Chapter 14, “Configuring Route Policy Manager”
Additional References
For additional information related to implementing BGP, see the following sections:
•
•
Related Documents
Related Topic
BGP CLI commands
Document Title
Cisco Nexus 6000 Series Command Reference, Cisco NX-OS
Releases 7.x
MIBs
MIBs
BGP4-MIB
CISCO-BGP4-MIB
MIBs Link
To locate and download MIBs, go to the following URL: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
9-49
Additional References
Chapter 9 Configuring Advanced BGP
9-50
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
C H A P T E R
10
Configuring RIP
This chapter describes how to configure the Routing Information Protocol (RIP).
This chapter includes the following sections:
•
•
•
•
•
•
•
•
•
•
•
Information About RIP, page 10-1
Licensing Requirements for RIP, page 10-4
Prerequisites for RIP, page 10-4
Guidelines and Limitations, page 10-4
Verifying the RIP Configuration, page 10-17
Displaying RIP Statistics, page 10-17
Configuration Examples for RIP, page 10-18
Additional References, page 10-18
Information About RIP
This section includes the following topics:
•
•
•
•
•
•
•
•
RIPv2 Authentication, page 10-2
Route Summarization, page 10-3
Route Redistribution, page 10-3
Virtualization Support, page 10-4
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
10-1 OL-30923-01
Chapter 10 Configuring RIP
Information About RIP
RIP Overview
RIP uses User Datagram Protocol (UDP) data packets to exchange routing information in small internetworks. RIPv2 supports IPv4. RIPv2 uses an optional authentication feature supported by the
RIPv2 protocol (see the
“RIPv2 Authentication” section on page 10-2 ).
RIP uses the following two message types:
•
•
Request—Sent to the multicast address 224.0.0.9 to request route updates from other RIP-enabled routers.
). The router also sends response messages after it receives a Request message. The response message contains the entire RIP route table. RIP sends multiple response packets for a request if the RIP routing table cannot fit in one response packet.
RIP uses a
for the routing metric . The hop count is the number of routers that a packet can traverse before reaching its destination. A directly connected network has a metric of 1; an unreachable network has a metric of 16. This small range of metrics makes RIP an unsuitable routing protocol for large networks.
RIPv2 Authentication
You can configure authentication on RIP messages to prevent unauthorized or invalid routing updates in your network. Cisco NX-OS supports a simple password or an MD5 authentication digest.
You can configure the RIP authentication per interface by using key-chain management for the authentication keys. Key-chain management allows you to control changes to the authentication keys used by an MD5 authentication digest or simple text password authentication. See the Cisco Nexus 6000
Series NX-OS Security Configuration Guide, Release 7.x, for more details about creating key-chains.
To use an MD5 authentication digest, you configure a password that is shared at the local router and all remote RIP neighbors. Cisco NX-OS creates an MD5 one-way message digest based on the message itself and the encrypted password and sends this digest with the RIP message (Request or Response).
The receiving RIP neighbor validates the digest by using the same encrypted password. If the message has not changed, the calculation is identical and the RIP message is considered valid.
An MD5 authentication digest also includes a sequence number with each RIP message to ensure that no message is replayed in the network.
Split Horizon
You can use split horizon to ensure that RIP never advertises a route out of the interface where it was learned.
Split horizon is a method that controls the sending of RIP update and query packets. When you enable split horizon on an interface, Cisco NX-OS does not send update packets for destinations that were learned from this interface. Controlling update packets in this manner reduces the possibility of routing loops.
You can use split horizon with poison revers to configure an interface to advertise routes learned by RIP as unreachable over the interface that learned the routes.
shows a sample RIP network with split horizon with poison reverse enabled.
10-2
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 10 Configuring RIP
Information About RIP
Figure 10-1 RIP with Split Horizon Poison Reverse
Router A route x unreachable
Router B route x unreachable
Router C route x route x route x
Router C learns about route X and advertises that route to router B. Router B in turn advertises route X to router A, but sends a route X unreachable update back to router C.
By default, split horizon is enabled on all interfaces.
Route Filtering
You can configure a route policy on a RIP-enabled interface to filter the RIP updates. Cisco NX-OS updates the route table with only those routes that the route policy allows.
Route Summarization
You can configure multiple summary aggregate addresses for a specified interface. Route summarization simplifies route tables by replacing a number of more-specific addresses with an address that represents all the specific addresses. For example, you can replace 10.1.1.0/24, 10.1.2.0/24, and 10.1.3.0/24 with one summary address, 10.1.0.0/16.
If more specific routes are in the routing table, RIP advertises the summary address from the interface with a metric equal to the maximum metric of the more specific routes.
Note Cisco NX-OS does not support automatic route summarization.
Route Redistribution
You can use RIP to redistribute static routes or routes from other protocols. When you configure redistribution, use a route policy to control which routes are passed into RIP. A route policy allows you to filter routes based on attributes such as the destination, origination protocol, route type, route tag, and so on. For more information, see
Chapter 14, “Configuring Route Policy Manager.”
Whenever you redistribute routes into a RIP routing domain, by default Cisco NX-OS does not redistribute the default route into the RIP routing domain. You can generate a default route into RIP, which can be controlled by a route policy.
You also configure the default metric that is used for all imported routes into RIP.
Load Balancing
You can use load balancing to allow a router to distribute traffic over all the router network ports that are the same distance from the destination address. Load balancing increases the utilization of network segments and increases effective network bandwidth.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
10-3
Chapter 10 Configuring RIP
Licensing Requirements for RIP
Cisco NX-OS supports the Equal Cost Multiple Paths (ECMP) feature with up to 16 equal-cost paths in the RIP route table and the unicast RIB. You can configure RIP to load balance traffic across some or all of those paths.
Virtualization Support
Cisco NX-OS supports multiple instances of the RIP protocol that runs on the same system. RIP supports
Virtual Routing and Forwarding instances (VRFs).
By default, Cisco NX-OS places you in the default VRF unless you specifically configure another VRF.
See
Chapter 12, “Configuring Layer 3 Virtualization.”
Licensing Requirements for RIP
The following table shows the licensing requirements for this feature:
Product
DCNM
License Requirement
RIP requires no license. Any feature not included in a license package is bundled with the Cisco DCNM and is provided at no charge to you. For a complete explanation of the DCNM licensing scheme, see the Cisco
DCNM Licensing Guide .
Cisco NX-OS RIP requires a LAN Base Services license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide .
Note Make sure the LAN Base Services license is installed on the switch to enable Layer 3 interfaces.
Prerequisites for RIP
RIP has the following prerequisites:
•
You must enable the RIP feature (see the “Enabling the RIP Feature” section on page 10-5
).
Guidelines and Limitations
RIP has the following configuration guidelines and limitations:
•
•
Cisco NX-OS does not support RIPv1. If Cisco NX-OS receives a RIPv1 packet, it logs a message and drops the packet.
Cisco NX-OS does not establish adjacencies with RIPv1 routers.
Default Settings
Table 10-1 lists the default settings for RIP parameters.
10-4
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 10 Configuring RIP
Configuring RIP
Table 10-1 Default RIP Parameters
Parameters
Maximum paths for load balancing
Split horizon
Default
16
Enabled
Configuring RIP
•
•
•
This section includes the following topics:
•
•
Enabling the RIP Feature, page 10-5
Creating a RIP Instance, page 10-6
•
•
Configuring RIP on an Interface, page 10-8
Configuring a Passive Interface, page 10-11
Configuring Route Summarization, page 10-11
Configuring Route Summarization, page 10-11
•
•
Configuring Route Redistribution, page 10-12
Configuring Virtualization, page 10-13
Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Enabling the RIP Feature
You must enable the RIP feature before you can configure RIP.
SUMMARY STEPS
1.
2.
3.
4.
configure terminal feature rip
(Optional) show feature
(Optional) copy running-config startup-config
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
10-5
Chapter 10 Configuring RIP
Configuring RIP
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 feature rip
Example: switch(config)# feature rip
Step 3 show feature
Example: switch(config)# show feature
Step 4 copy running-config startup-config
Example: switch(config)# copy running-config startup-config
Purpose
Enters configuration mode.
Enables the RIP feature.
(Optional) Displays enabled and disabled features.
(Optional) Saves this configuration change.
Use the no feature rip command to disable the RIP feature and remove all associated configuration.
Command no feature rip
Example: switch(config)# no feature rip
Purpose
Disables the RIP feature and removes all associated configuration.
Creating a RIP Instance
You can create a RIP instance and configure the address family for that instance.
BEFORE YOU BEGIN
Ensure that you have enabled the RIP feature (see the
“Enabling the RIP Feature” section on page 10-5 ).
SUMMARY STEPS
1.
2.
3.
4.
5.
configure terminal router rip instance-tag address-family ipv4 unicast
(Optional) show ip rip [ instance instance-tag ] [ vrf vrf-name ]
(Optional) copy running-config startup-config
10-6
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 10 Configuring RIP
Configuring RIP
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 router rip instance-tag
Example: switch(config)# router RIP Enterprise switch(config-router)#
Step 3 address-family ipv4 unicast
Example: switch(config-router)# address-family ipv4 unicast switch(config-router-af)#
Creates a new RIP instance with the configured instance-tag .
Configures the address family for this RIP instance and enters address-family configuration mode.
Step 4 show ip rip [ instance instance-tag ] [ vrf vrf-name ]
(Optional) Displays a summary of RIP information for all RIP instances.
Example : switch(config-router-af)# show ip rip
Step 5 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config-router-af)# copy running-config startup-config
Purpose
Enters configuration mode.
Use the no router rip command to remove the RIP instance and the associated configuration.
Command no router rip instance-tag
Example: switch(config)# no router rip Enterprise
Purpose
Deletes the RIP instance and all associated configuration.
Note You must also remove any RIP commands configured in interface mode.
You can configure the following optional parameters for RIP in address-family configuration mode:
Command distance value
Example: switch(config-router-af)# distance 30 maximum-paths number
Example: switch(config-router-af)# maximum-paths 6
Purpose
Sets the administrative distance for RIP. The range is from 1 to 255. The default is 120. See the
“Administrative Distance” section on page 1-7
.
Configures the maximum number of equal-cost paths that RIP maintains in the route table. The range is from 1 to 16. The default is 16.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
10-7
Chapter 10 Configuring RIP
Configuring RIP
This example shows how to create a RIP instance for IPv4 and set the number of equal-cost paths for load balancing: switch# configure terminal switch(config)# router rip Enterprise switch(config-router)# address-family ipv4 unicast switch(config-router-af)# max-paths 10 switch(config-router-af)# copy running-config startup-config
Restarting a RIP Instance
You can restart a RIP instance. This clears all neighbors for the instance.
To restart an RIP instance and remove all associated neighbors, use the following command:
Command restart rip instance-tag
Example: switch(config)# restart rip Enterprise
Purpose
Restarts the RIP instance and removes all neighbors.
Configuring RIP on an Interface
You can add an interface to a RIP instance.
BEFORE YOU BEGIN
Ensure that you have enabled the RIP feature (see the
“Enabling the RIP Feature” section on page 10-5 ).
SUMMARY STEPS
3.
4.
1.
2.
5.
6.
configure terminal interface interface-type slot/port no switchport ip router rip instance-tag
(Optional) show ip rip [ instance instance-tag ] interface [ interface-type slot/port ] [ vrf vrf-name ]
[ detail ]
(Optional) copy running-config startup-config
10-8
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 10 Configuring RIP
Configuring RIP
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 interface interface-type slot/port
Example: switch(config)# interface ethernet 1/2 switch(config-if)#
Purpose
Enters configuration mode.
Enters interface configuration mode.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port .
Step 3 no switchport
Example: switch(config-if)# no switchport
Step 4 ip router rip instance-tag
Example : switch(config-if)# ip router rip
Enterprise
Step 5 show ip rip [ instance instance-tag ] interface [ interface-type slot/port ]
[ vrf vrf-name ] [ detail ]
Example : switch(config-if)# show ip rip
Enterprise tethernet 1/2
Step 6 copy running-config startup-config
Example: switch(config-if)# copy running-config startup-config
Configures the interface as a Layer 3 routed interface.
Associates this interface with a RIP instance.
(Optional) Displays RIP information for an interface.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port .
(Optional) Saves this configuration change.
This example shows how to add the Ethernet 1/2 interface to a RIP instance: switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# no switchport switch(config-if)# ip router rip Enterprise switch(config)# copy running-config startup-config
Configuring RIP Authentication
You can configure authentication for RIP packets on an interface.
BEFORE YOU BEGIN
Ensure that you have enabled the RIP feature (see the
“Enabling the RIP Feature” section on page 10-5
).
Configure a key chain if necessary before enabling authentication. See the Cisco Nexus 6000 Series
NX-OS Security Configuration Guide, Release 7.x, for details on implementing key chains.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
10-9
Chapter 10 Configuring RIP
Configuring RIP
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
configure terminal interface interface-type slot/port no switchport ip rip authentication mode { text | md5 } ip rip authentication key-chain key
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 interface interface-type slot/port
Example: switch(config)# interface ethernet 1/2 switch(config-if)#
Purpose
Enters configuration mode.
Enters interface configuration mode.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port .
Step 3 no switchport Configures the interface as a Layer 3 routed interface.
Example: switch(config-if)# no switchport
Step 4 ip rip authentication mode { text | md5 }
Example : switch(config-if)# ip rip authentication mode md5
Sets the authentication type for RIP on this interface as cleartext or MD5 authentication digest.
Step 5 ip rip authentication key-chain key
Example : switch(config-if)# ip rip authentication keychain RIPKey
Configures the authentication key used for RIP on this interface.
Step 6 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config-if)# copy running-config startup-config
10-10
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 10 Configuring RIP
Configuring RIP
This example shows how to create a key chain and configure MD5 authentication on a RIP interface: switch# configure terminal switch(config)# key chain RIPKey switch(config)# key-string myrip switch(config)# accept-lifetime 00:00:00 Jan 01 2000 infinite switch(config)# send-lifetime 00:00:00 Jan 01 2000 infinite switch(config)# interface ethernet 1/2 switch(config-if)# no switchport switch(config-if)# ip rip authentication mode md5 switch(config-if)# ip rip authentication keychain RIPKey switch(config-if)# copy running-config startup-config
Configuring a Passive Interface
You can configure a RIP interface to receive routes but not send route updates by setting the interface to passive mode.
To configure a RIP interface in passive mode, use the following command in interface configuration mode:
Command ip rip passive-interface
Example : switch(config-if)# ip rip passive-interface
Purpose
Sets the interface into passive mode.
Configuring Split Horizon with Poison Reverse
You can configure an interface to advertise routes learned by RIP as unreachable over the interface that learned the routes by enabling poison reverse.
To configure split horizon with poison reverse on an interface, use the following command in interface configuration mode:
Command ip rip poison-reverse
Example : switch(config-if)# ip rip poison-reverse
Purpose
Enables split horizon with poison reverse. Split horizon with poison reverse is disabled by default.
Configuring Route Summarization
You can create aggregate addresses that are represented in the routing table by a summary address. Cisco
NX-OS advertises the summary address metric that is the smallest metric of all the more-specific routes.
To configure a summary address on an interface, use the following command in interface configuration mode:
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
10-11
Chapter 10 Configuring RIP
Configuring RIP
Command ip rip summary-address ip-prefix/mask-len
Purpose
Configures a summary address for RIP for IPv4 addresses.
Example : switch(config-if)# ip router rip summary-address 192.0.2.0/24
Configuring Route Redistribution
You can configure RIP to accept routing information from another routing protocol and redistribute that information through the RIP network. Redistributed routes can optionally be assigned a default route.
Note Redistribution does not work if the access list is used as a match option in route-maps.
BEFORE YOU BEGIN
Ensure that you have enabled the RIP feature (see the
“Enabling the RIP Feature” section on page 10-5 ).
for details on configuring route maps.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
configure terminal router rip instance-tag address-family ipv4 unicast redistribute { bgp as | direct | eigrp | ospf | ospfv3 | rip } instance-tag | static } route-map map-name
(Optional) default-information originate [ always ] [ route-map map-name ]
(Optional) default-metric value
(Optional) show ip rip route [{ ip-prefix [ longer-prefixes | shorter-prefixes]] [ vrf vrf-name ]
[ summary ]
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 router rip instance-tag
Example: switch(config)# router rip Enterprise switch(config-router)#
Purpose
Enters configuration mode.
Creates a new RIP instance with the configured instance-tag .
10-12
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 10 Configuring RIP
Configuring RIP
Command
Step 3 address-family ipv4 unicast
Purpose
Enters address family configuration mode.
Example : switch(config-router)# address-family ipv4 unicast switch(config-router-af)#
Step 4 redistribute { bgp as | direct |{ eigrp | ospf | ospfv3 | rip } instance-tag | static } route-map map-name
Redistributes routes from other protocols into RIP. See the
“Configuring Route Maps” section on page 14-13
for more information about route maps.
Example : switch(config-router-af)# redistribute eigrp 201 route-map RIPmap
Step 5 default-information originate [ always ]
[ route-map map-name ]
(Optional) Generates a default route into RIP, optionally controlled by a route map.
Example : switch(config-router-af)# default-information originate always
Step 6 default-metric value
Example : switch(config-router-af)# default-metric
10
(Optional) Sets the default metric for all redistributed routes. The range is from 1 to 15. The default is 1.
Step 7 show ip rip route [ ip-prefix
[ longer-prefixes | shorter-prefixes ]
[ vrf vrf-name] [ summary ]
(Optional) Shows the routes in RIP.
Example: switch(config-router-af)# show ip rip route
Step 8 copy running-config startup-config
Example: switch(config-router-af)# copy running-config startup-config
(Optional) Saves this configuration change.
This example shows how to redistribute EIGRP into RIP: switch# configure terminal switch(config)# router rip Enterprise switch(config-router)# address-family ipv4 unicast switch(config-router-af)# redistribute eigrp 201 route-map RIPmap switch(config-router-af)# copy running-config startup-config
Configuring Virtualization
You can create multiple VRFs and use the same or multiple RIP instances in each VRF. You assign a RIP interface to a VRF.
Note Configure all other parameters for an interface after you configure the VRF for an interface. Configuring a VRF for an interface deletes all the configuration for that interface.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
10-13
Chapter 10 Configuring RIP
Configuring RIP
BEFORE YOU BEGIN
Ensure that you have enabled the RIP feature (see the
“Enabling the RIP Feature” section on page 10-5 ).
SUMMARY STEPS
1.
2.
3.
configure terminal vrf vrf-name exit router rip instance-tag
10.
11.
4.
5.
6.
7.
vrf context vrf_name
(Optional) address-family ipv4 unicast
(Optional) redistribute { bgp as | direct | { eigrp | ospf | ospfv3 | rip } instance-tag | static } route-map map-name interface ethernet slot/port 8.
9.
no switchport vrf member vrf-name ip-address ip-prefix/length ip router rip instance-tag 12.
13.
14.
(Optional) show ip rip [ instance instance-tag ] interface [ interface-type slot/port ] [ vrf vrf-name ]
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 vrf vrf-name
Example: switch(config)# vrf RemoteOfficeVRF switch(config-vrf)#
Step 3 exit
Example: switch(config-vrf)# exit switch(config)#
Step 4 router rip instance-tag
Example: switch(config)# router rip Enterprise switch(config-router)#
Purpose
Enters configuration mode.
Creates a new VRF.
Exits VRF configuration mode.
Creates a new RIP instance with the configured instance tag.
10-14
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 10 Configuring RIP
Configuring RIP
OL-30923-01
Command
Step 5 vrf context vrf-name
Purpose
Creates a new VRF and enters VRF configuration mode.
Example: switch(config)# vrf context
RemoteOfficeVRF switch(config-vrf)#
Step 6 address-family ipv4 unicast
Example : switch(config-router-vrf-af)# interface ethernet 1/2 switch(config-if)#
(Optional) Configures the VRF address family for this
RIP instance.
Example : switch(config-router-vrf)# address-family ipv4 unicast switch(config-router-vrf-af)#
Step 7 redistribute { bgp as | direct | { eigrp | ospf | ospfv3 | rip } instance-tag | static } route-map map-name
(Optional) Redistributes routes from other protocols into RIP. See the
“Configuring Route Maps” section on page 14-13
for more information about route maps.
Example : switch(config-router-vrf-af)# redistribute eigrp 201 route-map RIPmap
Step 8 interface ethernet slot/port Enters interface configuration mode.
Note If this is a 10G breakout port, the syntax is slot / QSFP-module / port . slot / port
Step 9 no switchport Configures the interface as a Layer 3 routed interface.
Example: switch(config-if)# no switchport
Step 10 vrf member vrf-name Adds this interface to a VRF.
Example: switch(config-if)# vrf member
RemoteOfficeVRF
Step 11 ip address ip-prefix/length Configures an IP address for this interface. You must do this step after you assign this interface to a VRF.
Example: switch(config-if)# ip address
192.0.2.1/16
Step 12 ip router rip instance-tag Associates this interface with a RIP instance.
Example : switch(config-if)# ip router rip
Enterprise
Step 13 show ip rip [ instance i nstance-tag ] interface [ interface-type slot/port ]
[ vrf vrf-name ]
Example : switch(config-if)# show ip rip
Enterprise ethernet 1/2
(Optional) Displays RIP information for an interface. in a VRF.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port .
Step 14 copy running-config startup-config
Example: switch(config-if)# copy running-config startup-config
(Optional) Saves this configuration change.
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
10-15
Chapter 10 Configuring RIP
Configuring RIP
This example shows how to create a VRF and add an interface to the VRF: switch# configure terminal switch(config)# vrf context RemoteOfficeVRF switch(config-vrf)# exit switch(config)# router rip Enterprise switch(config-router)# vrf RemoteOfficeVRF switch(config-router-vrf)# address-family ipv4 unicast switch(config-router-vrf-af)# redistribute eigrp 201 route-map RIPmap switch(config-router-vrf-af)# interface ethernet 1/2 switch(config-if)# no switchport switch(config-if)# vrf member RemoteOfficeVRF switch(config-if)# ip address 192.0.2.1/16 switch(config-if)# ip router rip Enterprise switch(config-if)# copy running-config startup-config
Tuning RIP
You can tune RIP to match your network requirements. RIP uses several timers that determine the frequency of routing updates, the length of time before a route becomes invalid, and other parameters.
You can adjust these timers to tune routing protocol performance to better suit your internetwork needs.
Note You must configure the same values for the RIP timers on all RIP-enabled routers in your network.
You can use the following optional commands in address-family configuration mode to tune RIP:
Command timers basic update timeout holddown garbage-collection
Example: switch(config-router-af)# timers basic 40
120 120 100
Purpose
Sets the RIP timers in seconds. The parameters are as follows:
• update—The range is from 5 to any positive integer. The default is 30.
•
•
• timeout—The time that Cisco NX-OS waits before declaring a route as invalid. If Cisco
NX-OS does not receive route update information for this route before the timeout interval ends, Cisco NX-OS declares the route as invalid. The range is from 1 to any positive integer. The default is 180.
holddown—The time during which Cisco
NX-OS ignores better route information for an invalid route. The range is from 0 to any positive integer. The default is 180.
garbage-collection—The time from when
Cisco NX-OS marks a route as invalid until
Cisco NX-OS removes the route from the routing table. The range is from 1 to any positive integer. The default is 120.
You can use the following optional commands in interface configuration mode to tune RIP:
10-16
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 10 Configuring RIP
Verifying the RIP Configuration
Command ip rip metric-offset value
Purpose
Adds a value to the metric for every router received on this interface. The range is from 1 to 15. The default is 1.
Example : switch(config-if)# ip rip metric-offset 10 ip rip route-filter { prefix-list list-name
| route-map map-name | [ in | out ]}
Specifies a route map to filter incoming or outgoing
RIP updates.
Example : switch(config-if)# ip rip route-filter route-map InputMap in
Verifying the RIP Configuration
To display the RIP configuration information, perform one of the following tasks:
Command show ip rip instance [ instance-tag ] [ vrf vrf-name ] show ip rip [ instance instance-tag ] interface slot/port detail [ vrf vrf-name ]
Purpose
Displays the status for an instance of RIP.
Displays the RIP status for an interface.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port . show ip rip [ instance instance-tag ] neighbor
[ interface-type number ] [ vrf vrf-name ] show ip } rip [ instance instance-tag ] route
[ ip-prefix/lengh [ longer-prefixes | shorter--prefixes]] [summary ] [ vrf vrf-name ] show running-configuration rip
Displays the RIP neighbor table.
Displays the RIP route table.
Displays the current running RIP configuration.
Displaying RIP Statistics
To display the RIP statistics, use the following commands:
Command Purpose show ip rip [ instance instance-tag ] policy statistics redistribute { bgp as | direct |
{ eigrp | ospf | ospfv3 | rip } instance-tag | static } [ vrf vrf-name ]
Displays the RIP policy status.
show ip rip [ instance instance-tag ] statistics interface-type number ] [ vrf vrf-name ]
Displays the RIP statistics.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
10-17
Chapter 10 Configuring RIP
Configuration Examples for RIP
Use the clear ip rip policy command to clear policy statistics.
Use the clear ip rip statistics command to clear RIP statistics.
Configuration Examples for RIP
This example creates the Enterprise RIP instance in a VRF and adds Ethernet interface 1/2 to this RIP instance. The example also configures authentication for Ethernet interface 1/2 and redistributes EIGRP into this RIP domain.
vrf context NewVRF
!
feature rip router rip Enterprise vrf NewVRF address-family ip unicast redistribute eigrp 201 route-map RIPmap max-paths 10
!
interface ethernet 1/2 no switchport vrf NewVRF ip address 192.0.2.1/16 ip router rip Enterprise ip rip authentication mode md5 ip rip authentication keychain RIPKey
Related Topics
See
Chapter 14, “Configuring Route Policy Manager” for more information on route maps.
Additional References
For additional information related to implementing RIP, see the following sections:
•
•
10-18
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 10 Configuring RIP
Additional References
Related Documents
Related Topic
RIP CLI commands
Document Title
Cisco Nexus 6000 Series Command Reference, Cisco NX-OS
Releases 7.x
Standards
Standards Title
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
—
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
10-19
Additional References
Chapter 10 Configuring RIP
10-20
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Configuring Static Routing
C H A P T E R
11
This chapter describes how to configure static routing on the switch.
This chapter includes the following sections:
•
•
•
•
•
•
•
•
•
Information About Static Routing, page 11-1
Licensing Requirements for Static Routing, page 11-3
Prerequisites for Static Routing, page 11-3
Guidelines and Limitations, page 11-3
Configuring Static Routing, page 11-4
Verifying the Static Routing Configuration, page 11-6
Configuration Examples for Static Routing, page 11-6
Additional References, page 11-6
Information About Static Routing
Routers forward packets using either route information from route table entries that you manually configure or the route information that is calculated using dynamic routing algorithms.
Static routes, which define explicit paths between two routers, cannot be automatically updated; you must manually reconfigure static routes when network changes occur. Static routes use less bandwidth than dynamic routes. No CPU cycles are used to calculate and analyze routing updates.
You can supplement dynamic routes with static routes where appropriate. You can redistribute static routes into dynamic routing algorithms but you cannot redistribute routing information calculated by dynamic routing algorithms into the static routing table.
You should use static routes in environments where network traffic is predictable and where the network design is simple. You should not use static routes in large, constantly changing networks because static routes cannot react to network changes. Most networks use dynamic routes to communicate between routers but may have one or two static routes configured for special cases. Static routes are also useful for specifying a gateway of last resort (a default router to which all unroutable packets are sent).
This section includes the following topics:
•
Administrative Distance, page 11-2
•
Directly Connected Static Routes, page 11-2
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
11-1
Chapter 11 Configuring Static Routing
Information About Static Routing
•
•
•
•
•
Fully Specified Static Routes, page 11-2
Floating Static Routes, page 11-2
Remote Next Hops for Static Routes, page 11-3
Virtualization Support, page 11-3
Administrative Distance
An administrative distance is the metric used by routers to choose the best path when there are two or more routes to the same destination from two different routing protocols. An administrative distance guides the selection of one routing protocol (or static route) over another, when more than one protocol adds the same route to the unicast routing table. Each routing protocol is prioritized in order of most to least reliable using an administrative distance value.
Static routes have a default administrative distance of 1. A router prefers a static route to a dynamic route because the router considers a route with a low number to be the shortest. If you want a dynamic route to override a static route, you can specify an administrative distance for the static route. For example, if you have two dynamic routes with an administrative distance of 120, you would specify an administrative distance that is greater than 120 for the static route if you want the dynamic route to override the static route.
Directly Connected Static Routes
You need to specify only the output interface (the interface on which all packets are sent to the destination network) in a directly connected static route. The router assumes the destination is directly attached to the output interface and the packet destination is used as the next hop address. The next hop can be an interface, only for point-to-point interfaces. For broadcast interfaces, the next-hop must be an
IPv4or IPv6 address.
Fully Specified Static Routes
You must specify either the output interface (the interface on which all packets are sent to the destination network) or the next-hop address in a fully specified static route. You can use a fully specified static route when the output interface is a multi-access interface and you need to identify the next-hop address.
The next-hop address must be directly attached to the specified output interface.
Floating Static Routes
A floating static route is a static route that the router uses to back up a dynamic route. You must configure a floating static route with a higher administrative distance than the dynamic route that it backs up. In this instance, the router prefers a dynamic route to a floating static route. You can use a floating static route as a replacement if the dynamic route is lost.
Note By default, a router prefers a static route to a dynamic route because a static route has a smaller administrative distance than a dynamic route.
11-2
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 11 Configuring Static Routing
Virtualization Support
Remote Next Hops for Static Routes
You can specify the next-hop address of a neighboring router that is not directly connected to the router for static routes with remote (nondirectly attached) next hops. If a static route has remote next hops during data-forwarding, the next hops are recursively used in the unicast routing table to identify the corresponding directly attached next hop(s) that have reachability to the remote next hops.
BFD
Bidirectional forwarding detection (BFD) is supported for static routes. BFD is a detection protocol that provides fast forwarding-path failure detection times. BFD provides subsecond failure detection between two adjacent devices and can be less CPU-intensive than protocol hello messages because some of the BFD load can be distributed onto the data plane on supported modules. See the Cisco Nexus 6000
Series NX-OS Interfaces Configuration Guide, Release 7.x
for more information.
Virtualization Support
Static routes support Virtual Routing and Forwarding instances (VRFs).
Licensing Requirements for Static Routing
The following table shows the licensing requirements for this feature:
Product License Requirement
Cisco NX-OS Static routing requires no license. Any feature not included in a license package is bundled with the Cisco
NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco
NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide .
Note Make sure the LAN Base Services license is installed on the switch to enable Layer 3 interfaces.
Prerequisites for Static Routing
Static routing has the following prerequisites:
• The next-hop address for a static route must be reachable or the static route will not be added to the unicast routing table.
Guidelines and Limitations
Static routing has the following configuration guidelines and limitations:
• You can specify an interface as the next-hop address for a static route only for point-to-point interfaces such as GRE tunnels.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
11-3
Chapter 11 Configuring Static Routing
Default Settings
Default Settings
Table 11-1 lists the default settings for static routing parameters.
Table 11-1 Default Static Routing Parameters
Parameters administrative distance
Default
1
Configuring Static Routing
This section includes the following topics:
•
Configuring a Static Route, page 11-4
•
Configuring Virtualization, page 11-5
Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Configuring a Static Route
You can configure a static route on the router.
SUMMARY STEPS
1.
2.
3.
4.
configure terminal ip route { ip-prefix | ip-addr ip-mask } {[ next-hop | nh-prefix ] | [ interface next-hop | nh-prefix ]} [ tag tag-value [ pref ]]
(Optional) show ip static-route
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 ip route { ip-prefix | ip-addr ip-mask }
{[ next-hop | nh-prefix ] | [ interface next-hop | nh-prefix ]} [ tag tag-value
[ pref ]
Purpose
Enters configuration mode.
Configures a static route and the interface for this static route. You can optionally configure the next-hop address. The preference value sets the administrative distance. The range is from 1 to 255. The default is 1.
Example : switch(config)# ip route 192.0.2.0/8 ethernet 1/2 192.0.2.4
11-4
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 11 Configuring Static Routing
Configuring Static Routing
Command
Step 3 show { ip static-route
Example: switch(config)# show ip static-route
Step 4 copy running-config startup-config
Example: switch(config)# copy running-config startup-config
Purpose
(Optional) Displays information about static routes.
(Optional) Saves this configuration change.
This example shows how to configure a static route: switch# configure terminal switch(config)# ip route 192.0.2.0/8 192.0.2.10
switch(config)# copy running-config startup-config
Use the no ip static-route command to remove the static route.
Configuring Virtualization
You can configure a static route in a VRF.
SUMMARY STEPS
1.
2.
3.
4.
5.
configure terminal vrf context vrf-name ip route { ip-prefix | ip-addr ip-mask } { next-hop | nh-prefix | interface } [ tag tag-value [ pref ]]
(Optional) show ip static-route vrf vrf-nam e
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Purpose
Enters configuration mode.
Example: switch# configure terminal switch(config)#
Step 2 vrf context vrf-name Creates a VRF and enters VRF configuration mode.
Example: switch(config)# vrf context StaticVrf
Step 3 ip route { ip-prefix | ip-addr ip-mask }
{ next-hop | nh-prefix | interface } [ tag t ag-value [ pref ]
Example : switch(config-vrf)# ip route 192.0.2.0/8 ethernet 1/2
Configures a static route and the interface for this static route. You can optionally configure the next-hop address. The preference value sets the administrative distance. The range is from 1 to 255. The default is 1.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
11-5
Chapter 11 Configuring Static Routing
Verifying the Static Routing Configuration
Command
Step 4 show ip static-route vrf vrf-name
Purpose
(Optional) Displays information on static routes.
Example: switch(config-vrf)# show ip static-route
Step 5 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config-vrf)# copy running-config startup-config
This example shows how to configure a static route: switch# configure terminal switch(config)# vrf context StaticVrf switch(config-vrf)# ip route 192.0.2.0/8 192.0.2.10
switch(config-vrf)# copy running-config startup-config
Verifying the Static Routing Configuration
To display the static routing configuration information, use this command:
Command show ip static-route
Purpose
Displays the configured static routes.
Configuration Examples for Static Routing
This example shows how to configure static routing: configure terminal ip route 192.0.2.0/8 192.0.2.10
copy running-config startup-config
This example shows how to configure static routing for IPv6: configure terminal ipv6 route 43::/64 42::2 copy running-config startup-config
Additional References
For additional information related to implementing static routing, see the following sections:
•
11-6
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 11 Configuring Static Routing
Related Documents
Related Topic
Static Routing CLI
Document Title
Cisco Nexus 6000 Series Command Reference, Cisco NX-OS
Releases 7.x
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
11-7
Chapter 11 Configuring Static Routing
11-8
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
C H A P T E R
12
Configuring Layer 3 Virtualization
This chapter describes how to configure Layer 3 virtualization.
This chapter includes the following sections:
•
•
•
•
•
•
•
•
•
•
Layer 3 Virtualization, page 12-1
Licensing Requirements for VRFs, page 12-5
Prerequisites for VRF, page 10-6
Guidelines and Limitations, page 12-5
Verifying the VRF Configuration, page 12-13
Configuration Examples for VRF, page 12-13
Additional References, page 12-14
Layer 3 Virtualization
This section includes the following topics:
•
•
•
Overview of Layer 3 Virtualization, page 12-1
Overview of Layer 3 Virtualization
Cisco NX-OS supports virtual routing and forwarding instances (VRFs). Each VRF contains a separate address space with unicast and multicast route tables for IPv4 and IPv6 and makes routing decisions independent of any other VRF.
Each router has a default VRF and a management VRF. All Layer 3 interfaces and routing protocols exist in the default VRF until you assign them to another VRF. The mgmt0 interface exists in the management
VRF. With the VRF-lite feature, the switch supports multiple VRFs in customer edge (CE) switches.
VRF-lite allows a service provider to support two or more Virtual Private Networks (VPNs) with overlapping IP addresses using one interface.
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01 12-1
Chapter 12 Configuring Layer 3 Virtualization
Layer 3 Virtualization
Note The switch does not use Multiprotocol Label Switching (MPLS) to support VPNs.
VRF and Routing
All unicast and multicast routing protocols support VRFs. When you configure a routing protocol in a
VRF, you set routing parameters for the VRF that are independent of routing parameters in another VRF for the same routing protocol instance.
You can assign interfaces and route protocols to a VRF to create virtual Layer 3 networks. An interface exists in only one VRF.
Figure 12-1 shows one physical network split into two virtual networks with two
VRFs. Routers Z, A, and B exist in VRF Red and form one address domain. These routers share route updates that do not include router C because router C is configured in a different VRF.
Figure 12-1 VRFs in a Network
Router B
Router A
Router Z
Ethernet 1/1
VRF Red
Ethernet 2/1
VRF Red
Ethernet 2/2
VRF Blue
Router C
By default, Cisco NX-OS uses the VRF of the incoming interface to select which routing table to use for a route lookup. You can configure a route policy to modify this behavior and set the VRF that Cisco
NX-OS uses for incoming packets.
Cisco NX-OS supports route leaking (import and export) between VRFs in a VRF lite scenario. The following are guidelines for the VRF route-leak feature:
• Supports route-leak between any two non-default VRFs and route-leak from the default VRF to any other VRF.
•
•
•
•
•
Route-leak to the default VRF is not allowed as it is a global VRF.
The route-leak feature is implemented using export and import route-targets under the VRF context.
Filtering a part of the route-leak is done by using route-maps with the match ip address command.
By default, the maximum prefix that can be leaked is 1000 routes. This is configurable.
The route-leak feature must have an Enterprise license and the BGP feature enabled.
VRF-Lite
VRF-lite is a feature that enables a service provider to support two or more VPNs, where IP addresses can be overlapped among the VPNs. VRF-lite uses input interfaces to distinguish routes for different
VPNs and forms virtual packet-forwarding tables by associating one or more Layer 3 interfaces with each VRF. Interfaces in a VRF can be either physical, such as Ethernet ports, or logical, such as VLAN
SVIs, but a Layer 3 interface cannot belong to more than one VRF at any time.
12-2
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 12 Configuring Layer 3 Virtualization
Layer 3 Virtualization
Note Multiprotocol Label Switching (MPLS) and MPLS control plane are not supported in the VRF-lite implementation.
Note VRF-lite interfaces must be Layer 3 interfaces.
VRF-Aware Services
A fundamental feature of the Cisco NX-OS architecture is that every IP-based feature is VRF aware.
The following VRF-aware servics can select a particular VRF to reach a remote server or to filter information based on the selected VRF:
• AAA—See the Cisco Nexus 6000 Series NX-OS Security Configuration Guide, Release 7.x
, for more information.
•
•
•
•
Call Home—See the Cisco Nexus 6000 Series NX-OS System Management Configuration Guide,
Release 7.x
, for more information.
HSRP—See
Chapter 17, “Configuring HSRP”
for more information.
HTTP—See the Cisco Nexus 6000 Series NX-OS Fundamentals Configuration Guide, Release 7.x
, for more information.
Licensing—See the Cisco NX-OS Licensing Guide for more information.
•
•
•
•
NTP—See the Cisco Nexus 6000 Series NX-OS System Management Configuration Guide, Release
7.x
, for more information.
RADIUS—See the Cisco Nexus 6000 Series NX-OS Security Configuration Guide, Release 7.x
, for more information.
Ping and Traceroute —See the Cisco Nexus 6000 Series NX-OS Fundamentals Configuration Guide,
Release 7.x
, for more information.
SSH—See the Cisco Nexus 6000 Series NX-OS Fundamentals Configuration Guide, Release 7.x
, for more information.
•
•
•
•
SNMP—See the Cisco Nexus 6000 Series NX-OS System Management Configuration Guide,
Release 7.x
, for more information.
Syslog—See the Cisco Nexus 6000 Series NX-OS System Management Configuration Guide,
Release 7.x
, for more information.
TACACS+—See the Cisco Nexus 6000 Series NX-OS Security Configuration Guide, Release 7.x
, for more information.
TFTP—See the Cisco Nexus 6000 Series NX-OS Fundamentals Configuration Guide, Release 7.x
, for more information.
VRRP—See
Chapter 18, “Configuring VRRP”
for more information.
•
See the appropriate configuration guide for each service for more information on configuring VRF support in that service.
This section contains the following topics:
•
•
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
12-3
Chapter 12 Configuring Layer 3 Virtualization
Layer 3 Virtualization
•
Combining Reachability and Filtering, page 12-4
Reachability
Reachability indicates which VRF contains the routing information necessary to get to the server providing the service. For example, you can configure an SNMP server that is reachable on the management VRF. When you configure that server address on the router, you also configure which VRF that Cisco NX-OS must use to reach the server.
shows an SNMP server that is reachable over the management VRF. You configure router A to use the management VRF for SNMP server host 192.0.2.1.
Figure 12-2 Service VRF Reachability
Router A mgmt0
VRF management
SNMP Server
192.0.2.1
Filtering
Filtering allows you to limit the type of information that goes to a VRF-aware service based on the VRF.
For example, you can configure a syslog server to support a particular VRF.
syslog servers with each server supporting one VRF. syslog server A is configured in VRF Red, so Cisco
NX-OS sends only system messages generated in VRF Red to syslog server A.
Figure 12-3 Service VRF Filtering
Syslog Server A
Ethernet 2/1
VRF Red
Router A
Ethernet 2/2
VRF Blue
Syslog Server B
Combining Reachability and Filtering
You can combine reachability and filtering for VRF-aware services. You configure the VRF that Cisco
NX-OS uses to connect to that service as well as the VRF that the service supports. If you configure a service in the default VRF, you can optionally configure the service to support all VRFs.
shows an SNMP server that is reachable on the management VRF. You can configure the
SNMP server to support only the SNMP notifications from VRF Red, for example.
12-4
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 12 Configuring Layer 3 Virtualization
Licensing Requirements for VRFs
Figure 12-4
SNMP Server
192.0.2.1
Service VRF Reachability Filtering
Router A mgmt0
VRF management
Router B
Ethernet 2/1
VRF Red
Ethernet 2/2
VRF Blue
Router C
Licensing Requirements for VRFs
The following table shows the licensing requirements for this feature:
Product
DCNM
License Requirement
VRFs require no license. Any feature not included in a license package is bundled with the Cisco DCNM and is provided at no charge to you. For a complete explanation of the DCNM licensing scheme, see the
Cisco DCNM Licensing Guide .
Cisco NX-OS VRFs require no license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide .
Note The NX-OS base license allows you to use the default VRF and you can use the management VRF for the mgmt0 port. The two default VRFs are automatically created. VRF-lite allows you to create additional VRFs. The additional VRFs need the NX-OS base license as well.
Guidelines and Limitations
VRFs have the following configuration guidelines and limitations:
•
•
When you make an interface a member of an existing VRF, Cisco NX-OS removes all Layer 3 configuration. You should configure all Layer 3 parameters after adding an interface to a VRF.
You should add the mgmt0 interface to the management VRF and configure the mgmt0 IP address and other parameters after you add it to the management VRF.
•
•
•
If you configure an interface for a VRF before the VRF exists, the interface is operationally down until you create the VRF.
Cisco NX-OS creates the default and management VRFs by default. You should make the mgmt0 interface a member of the management VRF.
• The write erase boot command does not remove the management VRF configuration. You must use the write erase command and then the write erase boot command.
VRF-lite has the following guidelines and limitations:
A switch with VRF-lite has a separate IP routing table for each VRF, which is separate from the global routing table.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
12-5
Chapter 12 Configuring Layer 3 Virtualization
Default Settings
•
•
•
•
•
•
•
•
Because VRF-lite uses different VRF tables, the same IP addresses can be reused. Overlapped IP addresses are allowed in different VPNs.
VRF-lite does not support all MPLS-VRF functionality; it does not support label exchange, LDP adjacency, or labeled packets.
Multiple virtual Layer 3 interfaces can be connected to a VRF-lite switch.
The switch supports configuring a VRF by using physical ports, VLAN SVIs, or a combination of both. The SVIs can be connected through an access port or a trunk port.
The Layer 3 TCAM resource is shared between all VRFs.
A switch using VRF can support one global network and up to 64 VRFs. The total number of routes supported is limited by the size of the TCAM.
VRF-lite supports BGP, RIP, static routing, EIGRP, EIGRPv6, OSPF, and OSPFv3.
VRF-lite does not affect the packet switching rate.
Default Settings
Table 12-1 lists the default settings for VRF parameters.
Table 12-1 Default VRF Parameters
Parameters
Configured VRFs routing context
Default default, management default VRF
Configuring VRFs
This section contains the following topics:
•
•
Assigning VRF Membership to an Interface, page 12-8
•
•
•
Configuring VRF Parameters for a Routing Protocol, page 12-9
Configuring a VRF-Aware Service, page 12-11
Setting the VRF Scope, page 12-12
Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Creating a VRF
You can create a VRF in a switch.
12-6
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 12 Configuring Layer 3 Virtualization
Configuring VRFs
SUMMARY STEPS
1.
2.
3.
4.
5.
configure terminal vrf context name ip route { ip-prefix | ip-addr ip-mask } {[ next-hop | nh-prefix ] | [ interface next-hop | nh-prefix ]} [ tag tag-value [ pref ]]
(Optional) show vrf [ vrf-name ]
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 vrf context name
Example: switch(config)# vrf context Enterprise switch(config-vrf)#
Creates a new VRF and enters VRF configuration mode. The name can be any case-sensitive, alphanumeric string up to 32 characters.
Step 3 ip route { ip-prefix | ip-addr ip-mask }
{[ next-hop | nh-prefix ] | [ interface next-hop | nh-prefix ]} [ tag tag-value
[ pref ]
Configures a static route and the interface for this static route. You can optionally configure the next-hop address. The preference value sets the administrative distance. The range is from 1 to 255. The default is 1.
Example : switch(config-vrf)# ip route 192.0.2.0/8 ethernet 1/2 192.0.2.4
Step 4 show vrf [ vrf-name ] (Optional) Displays VRF information.
Example : switch(config-vrf)# show vrf Enterprise
Step 5 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config)# copy running-config startup-config
Purpose
Enters configuration mode.
Use the no vrf context command to delete the VRF and the associated configuration:
Command no vrf context name
Example: switch(config)# no vrf context Enterprise
Purpose
Deletes the VRF and all associated configuration.
Any commands available in global configuration mode are also available in VRF configuration mode.
This example shows how to create a VRF and add a static route to the VRF: switch# configure terminal
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01 12-7
Chapter 12 Configuring Layer 3 Virtualization
Configuring VRFs switch(config)# vrf context Enterprise switch(config-vrf)# ip route 192.0.2.0/8 ethernet 1/2 switch(config-vrf)# exit switch(config)# copy running-config startup-config
Assigning VRF Membership to an Interface
You can make an interface a member of a VRF.
BEFORE YOU BEGIN
Assign the IP address for an interface after you have configured the interface for a VRF.
SUMMARY STEPS
5.
6.
7.
3.
4.
1.
2.
configure terminal interface interface-type slot/port no switchport vrf member vrf-name ip-address ip-prefix/length
(Optional) show vrf vrf-name interface interface-type number
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 interface interface-type slot/port
Example : switch(config)# interface ethernet 1/2 switch(config-if)#
Purpose
Enters configuration mode.
Enters interface configuration mode.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port .
Step 3 no switchport
Example: switch(config-if)# no switchport
Step 4 vrf member vrf-name
Example: switch(config-if)# vrf member
RemoteOfficeVRF
Configures the interface as a Layer 3 routed interface.
Adds this interface to a VRF.
12-8
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 12 Configuring Layer 3 Virtualization
Configuring VRFs
Command
Step 5 ip address ip-prefix/length
Example: switch(config-if)# ip address
192.0.2.1/16
Step 6 show vrf vrf-name interface interface-type number
Purpose
Configures an IP address for this interface. You must do this step after you assign this interface to a VRF.
(Optional) Displays VRF information.
Example : switch(config-vrf)# show vrf Enterprise interface ethernet 1/2
Step 7 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config)# copy running-config startup-config
This example shows how to add an interface to the VRF: switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# no switchport switch(config-if)# vrf member RemoteOfficeVRF switch(config-if)# ip address 192.0.2.1/16 switch(config-if)# copy running-config startup-config
Configuring VRF Parameters for a Routing Protocol
You can associate a routing protocol with one or more VRFs. See the appropriate chapter for information on how to configure VRFs for the routing protocol. This section uses OSPFv2 as an example protocol for the detailed configuration steps.
SUMMARY STEPS
2.
3.
4.
1.
5.
6.
7.
configure terminal router ospf instance-tag vrf vrf-name
(Optional) maximum-paths paths interface interface-type slot/port no switchport vrf member vrf-name
8.
9.
10.
ip address ip-prefix/length ip router ospf i nstance-tag area area-id
(Optional) copy running-config startup-config
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
12-9
Chapter 12 Configuring Layer 3 Virtualization
Configuring VRFs
DETAILED STEPS
Command
Step 1 configure terminal
Purpose
Enters configuration mode.
Example: switch# configure terminal switch(config)#
Step 2 router ospf instance-tag Creates a new OSPFv2 instance with the configured instance tag.
Example: switch(config-vrf)# router ospf 201 switch(config-router)#
Step 3 vrf vrf-name Enters VRF configuration mode.
Example: switch(config-router)# vrf
RemoteOfficeVRF switch(config-router-vrf)#
Step 4 maximum-paths paths
Example: switch(config-router-vrf)# maximum-paths
4
(Optional) Configures the maximum number of equal
OSPFv2 paths to a destination in the route table for this
VRF. Used for load balancing.
Step 5 interface interface-type slot/port
Example : switch(config)# interface ethernet 1/2 switch(config-if)#
Enters interface configuration mode.
Note If this is a 10G breakout port, the syntax is slot / QSFP-module / port . slot / port
Step 6 no switchport Configures the interface as a Layer 3 routed interface.
Example: switch(config-if)# no switchport
Step 7 vrf member vrf-name Adds this interface to a VRF.
Example: switch(config-if)# vrf member
RemoteOfficeVRF
Step 8 ip address ip-prefix/length
Example: switch(config-if)# ip address
192.0.2.1/16
Step 9 ip router ospf instance-tag area area-id
Configures an IP address for this interface. You must do this step after you assign this interface to a VRF.
Assigns this interface to the OSPFv2 instance and area configured.
Example: switch(config-if)# ip router ospf 201 area 0
Step 10 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config)# copy running-config startup-config
This example shows how to create a VRF and add an interface to the VRF:
12-10
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 12 Configuring Layer 3 Virtualization
Configuring VRFs switch# configure terminal switch(config)# vrf context RemoteOfficeVRF switch(config-vrf)# exit switch(config)# router ospf 201 switch(config-router)# vrf RemoteOfficeVRF switch(config-router-vrf)# maximum-paths 4 switch(config-router-vrf)# interface ethernet 1/2 switch(config-if)# no switchport switch(config-if)# vrf member RemoteOfficeVRF switch(config-if)# ip address 192.0.2.1/16 switch(config-if)# ip router ospf 201 area 0 switch(config-if)# exit switch(config)# copy running-config startup-config
Configuring a VRF-Aware Service
to configure the service for VRFs. This section uses SNMP and IP domain lists as example services for the detailed configuration steps.
SUMMARY STEPS
1.
2.
3.
4.
5.
configure terminal snmp-server host ip-address [ filter_vrf vrf-name ] [ use-vrf vrf-name ] vrf context [ vrf-name ] ip domain-list domain-name [ all-vrfs ] [ use-vrf vrf-name ]
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 snmp-server host ip-address [ filter-vrf vrf-name ] [ use-vrf vrf-name ]
Example: switch(config)# snmp-server host
192.0.2.1 use-vrf Red switch(config-vrf)#
Configures a global SNMP server and configures the
VRF that Cisco NX-OS uses to reach the service. Use the filter-vrf keyword to filter information from the selected VRF to this server.
Step 3 vrf context vrf-name Creates a new VRF.
Example: switch(config)# vrf context Blue switch(config-vrf)#
Purpose
Enters configuration mode.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
12-11
Chapter 12 Configuring Layer 3 Virtualization
Configuring VRFs
Command
Step 4 ip domain-list domain-name
[ all-vrfs ][ use-vrf vrf-name ]
Purpose
Configures the domain list in the VRF and optionally configures the VRF that Cisco NX-OS uses to reach the domain name listed.
Example: switch(config-vrf)# ip domain-list List all-vrfs use-vrf Blue switch(config-vrf)#
Step 5 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config)# copy running-config startup-config
This example shows how to send SNMP information for all VRFs to SNMP host 192.0.2.1, reachable on VRF Red: switch# configure terminal switch(config)# snmp-server host 192.0.2.1 for-all-vrfs use-vrf Red switch(config)# copy running-config startup-config
This example shows how to Filter SNMP information for VRF Blue to SNMP host 192.0.2.12, reachable on VRF Red: switch# configure terminal switch(config)# vrf definition Blue switch(config-vrf)# snmp-server host 192.0.2.12 use-vrf Red switch(config)# copy running-config startup-config
Setting the VRF Scope
You can set the VRF scope for all EXEC commands (for example, show commands). This automatically restricts the scope of the output of EXEC commands to the configured VRF. You can override this scope by using the VRF keywords available for some EXEC commands.
To set the VRF scope, use the following command in EXEC mode:
Command routing-context vrf vrf-name
Example: switch# routing-context vrf red switch%red#
Purpose
Sets the routing context for all EXEC commands.
Default routing context is the default VRF.
To return to the default VRF scope, use the following command in EXEC mode:
Command routing-context vrf default
Example: switch%red# routing-context vrf default switch#
Purpose
Sets the default routing context.
12-12
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 12 Configuring Layer 3 Virtualization
Verifying the VRF Configuration
Verifying the VRF Configuration
To display the VRF configuration information, perform one of the following tasks:
Command show vrf [ vrf-name ] show vrf [ vrf-name ] detail show vrf [ vrf-name ] [ interface interface-type slot/port ]
Purpose
Displays the information for all or one VRF.
Displays detailed information for all or one VRF.
Displays the VRF status for an interface.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port .
Configuration Examples for VRF
This example shows how to configure VRF Red, add an SNMP server to that VRF, and add an instance of OSPF to VRF Red: configure terminal vrf context Red snmp-server host 192.0.2.12 use-vrf Red router ospf 201 interface ethernet 1/2 no switchport vrf member Red ip address 192.0.2.1/16 ip router ospf 201 area 0
This example shows how to configure VRF Red and Blue, add an instance of OSPF to each VRF, and create an SNMP context for each OSPF instance in each VRF.: configure terminal
!Create the VRFs vrf context Red vrf context Blue
!Create the OSPF instances and associate them with each VRF feature ospf router ospf Lab vrf Red router ospf Production vrf Blue
!Configure one interface to use ospf Lab on VRF Red interface ethernet 1/2 no switchport vrf member Red ip address 192.0.2.1/16 ip router ospf Lab area 0 no shutdown
!Configure another interface to use ospf Production on VRF Blue interface ethernet 10/2 no switchport vrf member Blue ip address 192.0.2.1/16 ip router ospf Production area 0 no shutdown
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
12-13
Chapter 12 Configuring Layer 3 Virtualization
Related Topics
!configure the SNMP server snmp-server user admin network-admin auth md5 nbv-12345 snmp-server community public ro
!Create the SNMP contexts for each VRF snmp-server context lab instance Lab vrf Red snmp-server context production instance Production vrf Blue
Use the SNMP context lab to access the OSPF-MIB values for the OSPF instance Lab in VRF
Red in this example.
Related Topics
The following topics can give more information on VRFs:
•
•
Cisco Nexus 6000 Series NX-OS Fundamentals Configuration Guide, Release 7.x
Cisco Nexus 6000 Series NX-OS System Management Configuration Guide, Release 7.x
Additional References
For additional information related to implementing virtualization, see the following sections:
•
•
Related Documents
Related Topic
VRF CLI
Document Title
Cisco Nexus 6000 Series Command Reference, Cisco NX-OS
Releases 7.x
Standards
Standards Title
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
—
12-14
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
C H A P T E R
13
Managing the Unicast RIB and FIB
This chapter describes how to manage routes in the unicast Routing Information Base (RIB) and the
Forwarding Information Base (FIB) on the Cisco NX-OS switch.
This chapter includes the following sections:
•
•
•
•
•
Information About the Unicast RIB and FIB, page 13-1
Licensing Requirements for the Unicast RIB and FIB, page 13-2
Managing the Unicast RIB and FIB, page 13-2
Verifying the Unicast RIB and FIB Configuration, page 13-7
Additional References, page 13-8
Information About the Unicast RIB and FIB
The unicast RIB (IPv4 RIB) and FIB are part of the Cisco NX-OS forwarding architecture, as shown in
Figure 13-1 Cisco NX-OS Forwarding Architecture
EIGRP BGP OSPF ARP
Switch components
URIB Adjacency Manager (AM)
Unicast FIB Distribution Module (uFDM)
Unicast Forwarding Information Base (UFIB)
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
13-1 OL-30923-01
Chapter 13 Managing the Unicast RIB and FIB
Licensing Requirements for the Unicast RIB and FIB
The unicast RIB maintains the routing table with directly connected routes, static routes, and routes learned from dynamic unicast routing protocols. The unicast RIB also collects adjacency information from sources such as the Address Resolution Protocol (ARP). The unicast RIB determines the best next hop for a given route and populates the unicast forwarding information base (FIBs) by using the services of the unicast FIB distribution module (FDM).
Each dynamic routing protocol must update the unicast RIB for any route that has timed out. The unicast
RIB then deletes that route and recalculates the best next hop for that route (if an alternate path is available).
This section includes the following topic:
•
FIB Tables
The hardware provides two tables: a TCAM table and a hash table. The TCAM table is shared between longest prefix match (LPM) route /32 unicast route. The hash table is shared between the /32 unicast entries and the multicast entries. Each table has approximately 8000 routes.
If the LPM becomes 90% full, a warning messages appears. A message appears when there is sufficient space in the LPM and total usage is 70% or less. When the table is 100% full, the following message is displayed:
FIB_TCAM_RESOURCE_EXHAUSTION:FIB TCAM exhausted
Licensing Requirements for the Unicast RIB and FIB
The following table shows the licensing requirements for this feature:
Product License Requirement
Cisco NX-OS The unicast RIB and FIB require no license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide .
Managing the Unicast RIB and FIB
This section includes the following topics:
•
Displaying Module FIB Information, page 13-3
•
•
•
•
•
Configuring Load Sharing in the Unicast FIB, page 13-4
Displaying Routing and Adjacency Information, page 13-4
Clearing Forwarding Information in the FIB, page 13-5
Estimating Memory Requirements for Routes, page 13-6
Clearing Routes in the Unicast RIB, page 13-6
13-2
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 13 Managing the Unicast RIB and FIB
Managing the Unicast RIB and FIB
Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Displaying Module FIB Information
You can display the FIB information on a switchmodule.
DETAILED STEPS
To display the FIB information on a switchmodule, use the following commands in any mode:
Command show ip fib adjacency { ethernet | port-channel | vlan } slot
Purpose
Displays the adjacency information for FIB.
Example: switch# show ip fib adjacency ethernet 2 show forwarding { ipv4 adjacency
{ ethernet | port-channel | vlan } slot
Displays the adjacency information for IPv4.
Example: switch# show forwarding ipv4 adjacency ethernet 2 show ip fib interfaces Displays the FIB interface information for IPv4.
Example: switch# show ip fib interfaces show ip fib route adjacency { ethernet
| port-channel | vlan } slot
Displays the route table for IPv4.
Example: switch# show ip fib route adjacency ethernet 2 show forwarding ipv4 route adjacency
{ ethernet | port-channel | vlan } slot
Displays the route table for IPv4.
Example: switch# show forwarding ipv4 route adjacency ethernet 2
This example shows how to display the FIB contents on a switch: switch# show ip fib route
IPv4 routes for table default/base
------------------+------------------+---------------------
Prefix | Next-hop | Interface
------------------+------------------+---------------------
0.0.0.0/32 Drop Null0
255.255.255.255/32 Receive sup-eth1
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
13-3
Chapter 13 Managing the Unicast RIB and FIB
Managing the Unicast RIB and FIB
Configuring Load Sharing in the Unicast FIB
Dynamic routing protocols, such as Open Shortest Path First (OSPF), support load balancing with equal-cost multipath (ECMP). The routing protocol determines its best routes based on the metrics configured for the protocol and installs up to the protocol-configured maximum paths in the unicast RIB.
The unicast RIB compares the administrative distances of all routing protocol paths in the RIB and selects a best path set from all of the path sets installed by the routing protocols. The unicast RIB installs this best path set into the FIB for use by the forwarding plane.
The forwarding plane uses a load-sharing algorithm to select one of the installed paths in the FIB to use for a given data packet.
You can globally configure the following load-sharing settings:
• load-share mode—Selects the best path based on the destination address and port or the source and the destination address and port.
• Universal ID—Sets the random seed for the hash algorithm. You do not need to configure the
Universal ID. Cisco NX-OS chooses the Universal ID if you do not configure it.
Note Load sharing uses the same path for all packets in a given flow. A flow is defined by the load-sharing method that you configure. For example, if you configure source-destination load sharing, then all packets with the same source IP address and destination IP address pair follow the same path.
To configure the unicast FIB load-sharing algorithm, use the following command in global configuration mode:
Command Purpose ip load-sharing address { destination port destination | source-destination
[ port source-destination ]}
[ universal-id seed ]
Configures the unicast FIB load-sharing algorithm for data traffic. The universal-id range is from 1 to
4294967295.
Example: switch(config)# ip load-sharing address source-destination
To display the unicast FIB load-sharing algorithm, use the following command in any mode:
Command show ip load-sharing
Example: switch(config)# show ip load-sharing
Purpose
Displays the unicast FIB load-sharing algorithm for data traffic.
Displaying Routing and Adjacency Information
You can display the routing and adjacency information.
13-4
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 13 Managing the Unicast RIB and FIB
Managing the Unicast RIB and FIB
To display the routing and adjacency information, use the following commands in any mode:
Command Purpose show ip route [ route-type | interface int-type number | next-hop ]
Example: switch# show ip route
Displays the unicast route table. The route-type argument can be a single route prefix, direct, static, or a dynamic route protocol. Use the ?
keyword to see the supported interfaces.
show ip adjacency [ prefix | interface-type number [ summary ]| non-best ] [ detail ] [ vrf vrf-id ]
Displays the adjacency table. The argument ranges are as follows:
• prefix —Any IPv4 prefix address.
Example: switch# show ip adjacency show ip routing [ route-type | interface int-type number | next-hop
| recursive-next-hop | summary | updated { since | until } time ]
•
• interface-type number —Use the ?
keyword to see the supported interfaces.
vrf-id —Any case-sensitive, alphanumeric string up to 32 characters.
Displays the unicast route table. The route-type argument can be a single route prefix, direct, static, or a dynamic route protocol. Use the ?
keyword to see the supported interfaces.
Example: switch# show routing summary
This example shows how to display the unicast route table: switch# show ip route
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
192.168.0.2/24, ubest/mbest: 1/0, attached
*via 192.168.0.32, Eth1/5, [0/0], 22:34:09, direct
192.168.0.32/32, ubest/mbest: 1/0, attached
*via 192.168.0.32, Eth1/5, [0/0], 22:34:09, local
This example shows the adjacency information: switch# show ip adjacency
IP Adjacency Table for VRF default
Total number of entries: 2
Address Age MAC Address Pref Source Interface Best
10.1.1.1 02:20:54 00e0.b06a.71eb 50 arp mgmt0 Yes
10.1.1.253 00:06:27 0014.5e0b.81d1 50 arp mgmt0 Yes
Clearing Forwarding Information in the FIB
You can clear one or more entries in the FIB. Clearing a FIB entry does not affect the unicast RIB.
Caution The clear forwarding command disrupts forwarding on the switch.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
13-5
Chapter 13 Managing the Unicast RIB and FIB
Managing the Unicast RIB and FIB
To clear an entry in the FIB, including a Layer 3 inconsistency, use the following command in any mode:
Command Purpose clear forwarding { ip | ipv4 } route {*
| prefix } [ vrf vrf-name ] [ module
{ slot | all }]
Clears one or more entries from the FIB. The route options are as follows:
• *—All routes.
Example: switch(config)# clear forwarding ipv4 route *
• prefix —Any IP prefix.
The vrf-name can be any case-sensitive, alphanumeric string up to 32 characters. The slot range is from 1 to 10.
Estimating Memory Requirements for Routes
You can estimate the memory that a number of routes and next-hop addresses will use.
To estimate the memory requirements for routes, use the following command in any mode:
Command show routing memory estimate routes num-routes next-hops num-nexthops
Example: switch# show routing memory estimate routes 1000 next-hops 1
Purpose
Displays the memory requirements for routes. The num-routes range is from 1000 to 1000000. The num-nexthops range is from 1 to 16.
Clearing Routes in the Unicast RIB
You can clear one or more routes from the unicast RIB.
Caution The * keyword is severely disruptive to routing.
To clear one or more entries in the unicast RIB, use the following commands in any mode:
13-6
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 13 Managing the Unicast RIB and FIB
Verifying the Unicast RIB and FIB Configuration
Command clear ip | ipv4 route {* | { route | prefix/length }[ next-hop interface ]}
[ vrf vrf-name ]
Example: switch(config)# clear ip route
10.2.2.2 clear routing [ multicast | unicast ]
[ ip | ipv4 ] {* | { route | prefix/length }[ next-hop interface ]}
[ vrf vrf-name ]
Example: switch(config)# clear routing ip
10.2.2.2
Purpose
Clears one or more routes from both the unicast RIB and all the module FIBs. The route options are as follows:
•
•
•
*—All routes.
route —An individual IP route.
prefix/length —Any IP prefix.
next-hop —The next-hop address •
• interface —The interface to reach the next-hop address.
The vrf-name can be any case-sensitive, alphanumeric string up to 32 characters.
Clears one or more routes from the unicast RIB. The route options are as follows:
•
•
•
*—All routes.
route —An individual IP route.
prefix/length —Any IP prefix.
next-hop —The next-hop address •
• interface —The interface to reach the next-hop address.
The vrf-name can be any case-sensitive, alphanumeric string up to 32 characters.
Verifying the Unicast RIB and FIB Configuration
To display the unicast RIB and FIB configuration information, perform one of the following tasks:
Command show forwarding adjacency show forwarding distribution { clients | fib-state } show forwarding interfaces show forwarding { ip | ipv4 } route show ip adjacency show ip route show routing
Purpose
Displays the adjacency table on a module.
Displays the FIB distribution information.
Displays the FIB information for a interface.
Displays routes in the FIB.
Displays the adjacency table.
Displays IPv4 routes from the unicast RIB.
Displays routes from the unicast RIB.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
13-7
Chapter 13 Managing the Unicast RIB and FIB
Additional References
Additional References
For additional information related to managing unicast RIB and FIB, see the following sections:
•
Related Documents
Related Topic
Unicast RIB and FIB CLI commands
Document Title
Cisco Nexus 6000 Series Command Reference, Cisco NX-OS
Releases 7.x
13-8
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
C H A P T E R
14
Configuring Route Policy Manager
This chapter describes how to configure the Route Policy Manager on the Cisco NX-OS switch.
This chapter includes the following sections:
•
•
•
•
•
•
•
•
•
Information About Route Policy Manager, page 14-1
Licensing Requirements for Route Policy Manager, page 14-5
Guidelines and Limitations, page 14-5
Configuring Route Policy Manager, page 14-6
Verifying the Route Policy Manager Configuration, page 14-18
Configuration Examples for Route Policy Manager, page 14-18
Additional References, page 14-19
Information About Route Policy Manager
Route Policy Manager supports route maps and IP prefix lists. These features are used for route redistribution and policy-based routing. A prefix list contains one or more IPv4 network prefixes and the associated prefix length values. You can use a prefix list by itself in features such as Border Gateway
Protocol (BGP) templates, route filtering, or redistribution of routes that are exchanged between routing domains.
Route maps can apply to both routes and IP packets. Route filtering and redistribution pass a route through a route map while policy based routing passes IP packets through a route map.
This section includes the following topics:
•
•
•
•
Route Redistribution and Route Maps, page 14-5
Policy-Based Routing, page 14-5
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
14-1 OL-30923-01
Chapter 14 Configuring Route Policy Manager
Information About Route Policy Manager
Prefix Lists
You can use prefix lists to permit or deny an address or range of addresses. Filtering by a prefix list involves matching the prefixes of routes or packets with the prefixes listed in the prefix list. An implicit deny is assumed if a given prefix does not match any entries in a prefix list.
You can configure multiple entries in a prefix list and permit or deny the prefixes that match the entry.
Each entry has an associated sequence number that you can configure. If you do not configure a sequence number, Cisco NX-OS assigns a sequence number automatically. Cisco NX-OS evaluates prefix lists starting with the lowest sequence number. Cisco NX-OS processes the first successful match for a given prefix. Once a match occurs, Cisco NX-OS processes the permit or deny statement and does not evaluate the rest of the prefix list.
Note An empty prefix list permits all routes.
MAC Lists
You can use MAC lists to permit or deny MAC address or range of addresses. A MAC list consists of a list of MAC addresses and optional MAC masks. A MAC mask is a wild-card mask that is logically
AND-ed with the MAC address when the route map matches on the MAC list entry. Filtering by a MAC list involves matching the MAC address of packets with the MAC addresses listed in the MAC list. An implicit deny is assumed if a given MAC address does not match any entries in a MAC list.
You can configure multiple entries in a MAC list and permit or deny the MAC addresses that match the entry. Each entry has an associated sequence number that you can configure. If you do not configure a sequence number, Cisco NX-OS assigns a sequence number automatically. Cisco NX-OS evaluates
MAC lists starting with the lowest sequence number. Cisco NX-OS processes the first successful match for a given MAC address. Once a match occurs, Cisco NX-OS processes the permit or deny statement and does not evaluate the rest of the MAC list.
MAC lists are used by Overlay Transport Virtualization (OTV) to filter overlay traffic.
Route Maps
You can use route maps for route redistribution or policy-based routing. Route map entries consist of a list of match and set criteria. The match criteria specify match conditions for incoming routes or packets, and the set criteria specify the action taken if the match criteria are met.
You can configure multiple entries in the same route map. These entries contain the same route map name and are differentiated by a sequence number.
You create a route map with one or more route map entries arranged by the sequence number under a unique route map name. The route map entry has the following parameters:
•
•
•
•
Sequence number
Permission—permit or deny
Match criteria
Set changes
By default, a route map processes routes or IP packets in a linear fashion, that is, starting from the lowest sequence number. You can configure the route map to process in a different order using the continue statement, which allows you to determine which route map entry to process next.
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
14-2 OL-30923-01
Chapter 14 Configuring Route Policy Manager
Information About Route Policy Manager
Match Criteria
You can use a variety of criteria to match a route or IP packet in a route map. Some criteria, such as BGP community lists, are applicable only to a specific routing protocol, while other criteria, such as the IP source or the destination address, can be used for any route or IP packet.
When Cisco NX-OS processes a route or packet through a route map, it compares the route or packet to each of the match statements configured. If the route or packet matches the configured criteria, Cisco
NX-OS processes it based on the permit or deny configuration for that match entry in the route map and any set criteria configured.
The match categories and parameters are as follows:
• IP access lists—(For policy-based routing only). Match based on source or destination IP address, protocol, or QoS parameters.
•
•
•
•
BGP parameters—Match based on AS numbers, AS-path, community attributes, or extended community attributes.
Prefix lists—Match based on an address or range of addresses.
Multicast parameters—Match based on rendezvous point, groups, or sources.
Other parameters—Match based on IP next-hop address or packet length.
Set Changes
Once a route or packet matches an entry in a route map, the route or packet can be changed based on one or more configured set statements.
The set changes are as follows:
• BGP parameters—Change the AS-path, tag, community, extended community, dampening, local preference, origin, or weight attributes.
•
•
•
Metrics—Change the route-metric, the route-tag, or the route-type.
Policy-based routing only—Change the interface or the default next-hop address.
Other parameters—Change the forwarding address or the IP next-hop address.
Access Lists
IP access lists can match the packet to a number of IP packet fields such as the following:
•
•
•
Source or destination IPv4 or IPv6 address
Protocol
•
Precedence
ToS
You can use ACLs in a route map for policy-based routing only. See the Cisco Nexus 6000 Series NX-OS
Security Configuration Guide, Release 7.x
, for more information on ACLs.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
14-3
Chapter 14 Configuring Route Policy Manager
Information About Route Policy Manager
AS Numbers for BGP
You can configure a list of AS numbers to match against BGP peers. If a BGP peer matches an AS number in the list and matches the other BGP peer configuration, BGP creates a session. If the BGP peer does not match an AS number in the list, BGP ignores the peer. You can configure the AS numbers as a list, a range of AS numbers, or you can use an AS-path list to compare the AS numbers against a regular expression.
AS-path Lists for BGP
You can configure an AS-path list to filter inbound or outbound BGP route updates. If the route update contains an AS-path attribute that matches an entry in the AS-path list, the router processes the route based on the permit or deny condition configured. You can configure AS-path lists within a route map.
You can configure multiple AS-path entries in an AS-path list by using the same AS-path list name. The router processes the first entry that matches.
Community Lists for BGP
You can filter BGP route updates based on the BGP community attribute by using community lists in a route map. You can match the community attribute based on a community list, and you can set the community attribute using a route map.
A community list contains one or more community attributes. If you configure more than one community attribute in the same community list entry, then the BGP route must match all community attributes listed to be considered a match.
You can also configure multiple community attributes as individual entries in the community list by using the same community list name. In this case, the router processes the first community attribute that matches the BGP route, using the permit or deny configuration for that entry.
You can configure community attributes in the community list in one of the following formats:
•
•
A named community attribute, such as internet or no-export.
In aa:nn format, where the first two bytes represent the two-byte AS number and the last two bytes represent a user-defined network number.
• A regular expression.
See the Cisco Nexus 6000 Series Command Reference, Cisco NX-OS Releases 7.x
, for more information on regular expressions.
Extended Community Lists for BGP
Extended community lists support 4-byte AS numbers. You can configure community attributes in the extended community list in one of the following formats:
•
•
In aa4:nn format, where the first four bytes represent the four-byte AS number and the last two bytes represent a a user-defined network number.
A regular expression.
See the Cisco Nexus 6000 Series Command Reference, Cisco NX-OS Releases 7.x
, for more information on regular expressions.
14-4
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 14 Configuring Route Policy Manager
Licensing Requirements for Route Policy Manager
Cisco NX-OS supports generic-specific extended community lists, which provide similar functionality to regular community lists for four-byte AS numbers. You can configure generic-specific extended community lists with the following properties:
•
•
Transitive—BGP propagates the community attributes across autonomous systems.
Nontransitive—BGP removes community attributes before propagating the route to another autonomous system.
Route Redistribution and Route Maps
You can use route maps to control the redistribution of routes between routing domains. Route maps match on the attributes of the routes to redistribute only those routes that pass the match criteria. The route map can also modify the route attributes during this redistribution using the set changes.
The router matches redistributed routes against each route map entry. If there are multiple match statements, the route must pass all of the match criteria. If a route passes the match criteria defined in a route map entry, the actions defined in the entry are executed. If the route does not match the criteria, the router compares the route against subsequent route map entries. Route processing continues until a match is made or the route is processed by all entries in the route map with no match. If the router processes the route against all entries in a route map with no match, the router accepts the route (inbound route maps) or forwards the route (outbound route maps).
Policy-Based Routing
You can use policy-based routing to forward a packet to a specified next-hop address based on the source of the packet or other fields in the packet header. For more information, see Chapter 17, “Configuring
Policy-Based Routing.”
Licensing Requirements for Route Policy Manager
The following table shows the licensing requirements for this feature:
Product License Requirement
Cisco NX-OS Route Policy Manager requires no license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide .
Guidelines and Limitations
Route Policy Manager has the following configuration guidelines and limitations:
•
•
•
An empty route map denies all the routes.
An empty prefix list permits all the routes.
Without any match statement in a route-map entry, the permission (permit or deny) of the route-map entry decides the result for all the routes or packets.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
14-5
Chapter 14 Configuring Route Policy Manager
Default Settings
•
•
•
•
If referred policies (for example, prefix lists) within a match statement of a route-map entry return either a no-match or a deny-match, Cisco NX-OS fails the match statement and processes the next route-map entry.
When you change a route map, Cisco NX-OS holds all the changes until you exit from the route-map configuration submode. Cisco NX-OS then sends all the changes to the protocol clients to take effect.
Because you can use a route map before you define it, verify that all your route maps exist when you finish a configuration change.
You can view the route-map usage for redistribution and filtering. Each individual routing protocol provides a way to display these statistics.
Default Settings
Table 14-1 lists the default settings for Route Policy Manager.
Table 14-1 Default Route Policy Manager Parameters
Parameters
Route Policy Manager
Default
Enabled
Configuring Route Policy Manager
Route Policy Manager configuration includes the following topics:
•
Configuring IP Prefix Lists, page 14-6
•
•
•
•
•
Configuring MAC Lists, page 14-8
Configuring AS-path Lists, page 14-9
Configuring Community Lists, page 14-10
Configuring Extended Community Lists, page 14-11
Configuring Route Maps, page 14-13
Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Configuring IP Prefix Lists
IP prefix lists match the IP packet or route against a list of prefixes and prefix lengths. You can create an IP prefix list for IPv4 and create an IPv6 prefix list for IPv6.
You can configure the prefix list entry to match the prefix length exactly, or to match any prefix with a length that matches the configured range of prefix lengths.
Use the ge and lt keywords to create a range of possible prefix lengths. The incoming packet or route matches the prefix list if the prefix matches and if the prefix length is greater than or equal to the ge keyword value (if configured) and less than or equal to the lt keyword value (if configured).
14-6
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 14 Configuring Route Policy Manager
Configuring Route Policy Manager
SUMMARY STEPS
1.
2.
3.
4.
5.
configure terminal
(Optional) { ip | ipv6 } prefix-list name description string ip prefix-list name [seq number ] [{permit | deny} prefix {[eq prefix-length ] | [ge prefix-length ] [le prefix-length ]}] or ipv6 prefix-list name [seq number ] [{permit | deny} prefix {[eq prefix-length ] | [ge prefix-length ]
[le prefix-length ]}]
(Optional) show { ip | ipv6 } prefix-list name
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Purpose
Enters configuration mode.
Example: switch# configure terminal switch(config)#
Step 2 { ip | ipv6 } prefix-list name description string
(Optional) Adds an information string about the prefix list.
Example : switch(config)# ip prefix-list
AllowPrefix description allows engineering server
Step 3 ip prefix-list name [ seq number ]
[{ permit | deny } prefix {[ eq prefix-length ] | [ ge prefix-length ] [ le prefix-length ]}]
Example: switch(config)# ip prefix-list
AllowPrefix seq 10 permit 192.0.2.0 eq
24
Creates an IPv4 prefix list or adds a prefix to an existing prefix list. The prefix length is matched as follows:
• eq—Matches the exact prefix length .
•
• ge—Matches a prefix length that is equal to or greater than the configured prefix length .
le—Matches a prefix length that is equal to or less than the configured prefix length .
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
14-7
Chapter 14 Configuring Route Policy Manager
Configuring Route Policy Manager
Command
Step 4 ip prefix-list name [ seq number ]
[{ permit | deny } prefix {[ eq prefix-length ] | [ ge prefix-length ] [ le prefix-length ]}]
Example: switch(config)# ip prefix-list
AllowPrefix seq 10 permit 192.0.2.0 eq
24 ipv6 prefix-list name [ seq number ]
[{ permit | deny } prefix {[ eq prefix-length ] | [ ge prefix-length ] [ le prefix-length ]}]
Example: switch(config)# ipv6 prefix-list
AllowIPv6Prefix seq 10 permit
2001:0DB8:: le 32
Step 5 show { ip | ipv6 } prefix-list name
Purpose
Creates an IPv4 prefix list or adds a prefix to an existing prefix list. The prefix length is matched as follows:
• eq—Matches the exact prefix length .
•
• ge—Matches a prefix length that is equal to or greater than the configured prefix length .
le—Matches a prefix length that is equal to or less than the configured prefix length .
Creates an IPv6 prefix list or adds a prefix to an existing prefix list. The prefix length is configured as follows:
•
• eq—Matches the exact prefix length .
ge—Matches a prefix length that is equal to or greater than the configured prefix length .
• le—Matches a prefix length that is equal to or less than the configured prefix length .
(Optional) Displays information about prefix lists.
Example : switch(config)# show ip prefix-list
AllowPrefix
Step 6 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch# copy running-config startup-config
This example shows how to create an IPv4 prefix list with two entries and apply the prefix list to a BGP neighbor: switch# configure terminal switch(config)# ip prefix-list allowprefix seq 10 permit 192.0.2.0/24 eq 24 switch(config)# ip prefix-list allowprefix seq 20 permit 209.165.201.0/27 eq 27 switch(config)# router bgp 65536:20 switch(config-router)# neighbor 192.0.2.1/16 remote-as 65535:20 switch(config-router-neighbor)# address-family ipv4 unicast switch(config-router-neighbor-af)# prefix-list allowprefix in
Configuring MAC Lists
You can configure a MAC list to permit or deny a range of MAC addresses.
SUMMARY STEPS
3.
4.
1.
2.
configure terminal mac-list name [seq number ] {permit | deny} mac-address [ mac-mask ]
(Optional) show mac-list name
(Optional) copy running-config startup-config
14-8
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 14 Configuring Route Policy Manager
Configuring Route Policy Manager
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 mac-list name [ seq number ] { permit | deny } mac-address {mac-mask]
Example: switch(config)# mac-list AllowMac seq 1 permit 0022.5579.a4c1 ffff.ffff.0000
Step 3 show mac-list name
Creates a MAC list or adds a MAC address to an existing MAC list. The seq range is from 1 to
4294967294. The mac-mask specifies the portion of the MAC address to match against and is in MAC address format.
(Optional) Displays information about MAC lists.
Example : switch(config)# show mac-list AllowMac
Step 4 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch# copy running-config startup-config
Purpose
Enters configuration mode.
Configuring AS-path Lists
You can specify an AS-path list filter on both inbound and outbound BGP routes. Each filter is an access list based on regular expressions. If the regular expression matches the representation of the AS-path attribute of the route as an ASCII string, then the permit or deny condition applies.
SUMMARY STEPS
1.
2.
3.
4.
configure terminal ip as-path access-list name { deny | permit } expression
(Optional) show ip as-path list name
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 ip as-path access-list name { deny | permit } expression
Example: switch(config)# ip as-path access-list
Allow40 permit 40
Purpose
Enters configuration mode.
Creates a BGP AS-path list using a regular expression.
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01 14-9
Chapter 14 Configuring Route Policy Manager
Configuring Route Policy Manager
Command
Step 3 show { ip | ipv6 } as-path-access-list name
Example : switch(config)# show ip as-path-access-list Allow40
Step 4 copy running-config startup-config
Example: switch# copy running-config startup-config
Purpose
(Optional) Displays information about as-path access lists.
(Optional) Saves this configuration change.
This example shows how to create an AS-path list with two entries and apply the AS path list to a BGP neighbor: switch# configure terminal switch(config)# ip as-path access-list AllowAS permit 64510 switch(config)# ip as-path access-list AllowAS permit 64496 switch(config)# copy running-config startup-config switch(config)# router bgp 65536:20 switch(config-router)# neighbor 192.0.2.1/16 remote-as 65535:20 switch(config-router-neighbor)# address-family ipv4 unicast switch(config-router-neighbor-af)# filter-list AllowAS in
Configuring Community Lists
You can use community lists to filter BGP routes based on the community attribute. The community number consists of a 4-byte value in the aa:nn format. The first two bytes represent the autonomous system number, and the last two bytes represent a user-defined network number.
When you configure multiple values in the same community list statement, all community values must match to satisfy the community list filter. When you configure multiple values in separate community list statements, the first list that matches a condition is processed.
Use community lists in a match statement to filter BGP routes based on the community attribute.
SUMMARY STEPS
3.
4.
1.
2.
configure terminal ip community-list standard list-name { deny | permit } [ community-list ] [ internet ] [ local-AS ]
[ no-advertise ] [ no-export ] or ip community-list expanded list-name { deny | permit } expression
(Optional) show ip community-list name
(Optional) copy running-config startup-config
14-10
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 14 Configuring Route Policy Manager
Configuring Route Policy Manager
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 ip community-list standard list-name
{ deny | permit } [ community-list ]
[ internet ] [ local-AS ] [ no-advertise ]
[ no-export ]
Purpose
Enters configuration mode.
Creates a standard BGP community list. The list-name can be any case-sensitive, alphanumeric string up to 63 characters. The community-list can be one or more communities in the aa:nn format.
Example: switch(config)# ip community-list standard BGPCommunity permit no-advertise 65536:20 ip community-list expanded list-name
{ deny | permit } expression
Example: switch(config)# ip community-list expanded BGPComplex deny
50000:[0-9][0-9]_
Creates an expanded BGP community list using a regular expression.
Step 3 show ip community-list name
Example : switch(config)# show ip community-list
BGPCommunity
Step 4 copy running-config startup-config
Example: switch# copy running-config startup-config
(Optional) Displays information about community lists.
(Optional) Saves this configuration change.
This example shows how to create a community list with two entries: switch# configure terminal switch(config)# ip community-list standard BGPCommunity permit no-advertise 65536:20 switch(config)# ip community-list standard BGPCommunity permit local-AS no-export switch(config)# copy running-config startup-config
Configuring Extended Community Lists
You can use extended community lists to filter BGP routes based on the community attribute. The community number consists of a 6-byte value in the aa4:nn format. The first four bytes represent the autonomous system number, and the last two bytes represent a user-defined network number.
When you configure multiple values in the same extended community list statement, all extended community values must match to satisfy the extended community list filter. When you configure multiple values in separate extended community list statements, the first list that matches a condition is processed.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
14-11
Chapter 14 Configuring Route Policy Manager
Configuring Route Policy Manager
Use extended community lists in a match statement to filter BGP routes based on the extended community attribute.
SUMMARY STEPS
3.
4.
1.
2.
configure terminal ip extcommunity-list standard list-name { deny | permit } 4bytegeneric { transitive | non-transitive } community1 [ community2 ] ip extcommunity-list expanded list-name { deny | permit } expression
(Optional) show ip extcommunity-list name
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Purpose
Enters configuration mode.
Example: switch# configure terminal switch(config)#
Step 2 ip extcommunity-list standard list-name
{ deny | permit } 4bytegeneric { transitive
| nontransitive } community1
[ community2...
]
Creates a standard BGP extended community list. The community can be one or more extended communities in the aa4:nn format.
Example: switch(config)# ip extcommunity-list standard BGPExtCommunity permit
4bytegeneric transitive 65536:20 ip extcommunity-list expanded list-name
{ deny | permit } expression
Creates an expanded BGP extended community list using a regular expression.
Example: switch(config)# ip extcommunity-list expanded BGPExtComplex deny
1.5:[0-9][0-9]_
Step 3 show ip community-list name (Optional) Displays information about extended community lists.
Example : switch(config)# show ip community-list
BGPCommunity
Step 4 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch# copy running-config startup-config
This example shows how to create a generic-specific extended community list: switch# configure terminal switch(config)# ip extcommunity-list standard test1 permit 4bytegeneric transitive
65536:40 65536:60 switch(config)# copy running-config startup-config
14-12
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 14 Configuring Route Policy Manager
Configuring Route Policy Manager
Configuring Route Maps
You can use route maps for route redistribution or route filtering. Route maps can contain multiple match criteria and multiple set criteria.
Configuring a route map for BGP triggers an automatic soft clear or refresh of BGP neighbor sessions.
SUMMARY STEPS
1.
2.
3.
4.
5.
configure terminal route-map map-name [ permit | deny ] [ seq ]
(Optional) continue seq
(Optional) exit
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 route-map map-name [ permit | deny ] [ seq ]
Example: switch(config)# route-map Testmap permit
10 switch(config-route-map)#
Creates a route map or enters route-map configuration mode for an existing route map. Use seq to order the entries in a route map.
Step 3 continue seq
Example: switch(config-route-map)# continue 10
Step 4 exit
(Optional) Determines what sequence statement to process next in the route map. Used only for filtering and redistribution.
(Optional) Exits route-map configuration mode.
Example : switch(config-route-map)# exit
Step 5 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config)# copy running-config startup-config
Purpose
Enters configuration mode.
You can configure the following optional match parameters for route maps in route-map configuration mode:
Note The default-information originate command ignores match statements in the optional route map.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
14-13
Chapter 14 Configuring Route Policy Manager
Configuring Route Policy Manager
Command match as-path name [ name...
]
Purpose
Matches against one or more AS-path lists. Create the AS-path list with the ip as-path access-list command.
Example: switch(config-route-map)# match as-path
Allow40 match as-number { number [ ,number...
] | as-path-list name [ name...
]}
Example: switch(config-route-map)# match as-number
33,50-60 match community name
[ name...
][ exact-match ]
Matches against one or more AS numbers or
AS-path lists. Create the AS-path list with the ip as-path access-list command. The number range is from 1 to 65535. The AS-path list name can be any case-sensitive, alphanumeric string up to 63 characters.
Matches against one or more community lists.
Create the community list with the ip community-list command.
Example: switch(config-route-map)# match community
BGPCommunity match extcommunity name
[ name...
][ exact-match ]
Matches against one or more extended community lists. Create the community list with the ip extcommunity-list command.
Example: switch(config-route-map)# match extcommunity BGPextCommunity match interface interface-type number
[ interface-type number...
]
Matches any routes that have their next hop out one of the configured interfaces. Use ? to find a list of supported interface types.
Example: switch(config-route-map)# match interface e 1/2 match ip address prefix-list name
[ name...
]
Matches against one or more IPv4 prefix lists. Use the ip prefix-list command to create the prefix list.
Example: switch(config-route-map)# match ip address prefix-list AllowPrefix match ipv6 address prefix-list name
[ name...
]
Example: switch(config-route-map)# match ip address prefix-list AllowIPv6Prefix
Matches against one or more IPv6 prefix lists. Use the ipv6 prefix-list command to create the prefix list.
match ip multicast [ source ipsource ]
[[ group ipgroup ] [ rp iprp ]]
Matches an IPv4 multicast packet based on the multicast source, group, or rendezvous point.
Example: switch(config-route-map)# match ip multicast rp 192.0.2.1
match ipv6 multicast [ source ipsource ]
[[ group ipgroup ] [ rp iprp ]]
Matches an IPv6 multicast packet based on the multicast source, group, or rendezvous point.
Example: switch(config-route-map)# match ip multicast source 2001:0DB8::1
14-14
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 14 Configuring Route Policy Manager
Configuring Route Policy Manager
Command match ip next-hop prefix-list name
[ name...
]
Purpose
Matches the IPv4 next-hop address of a route to one or more IP prefix lists. Use the ip prefix-list command to create the prefix list.
Example: switch(config-route-map)# match ip next-hop prefix-list AllowPrefix match ipv6 next-hop prefix-list name
[ name...
]
Matches the IPv6 next-hop address of a route to one or more IP prefix lists. Use the ipv6 prefix-list command to create the prefix list.
Example: switch(config-route-map)# match ipv6 next-hop prefix-list AllowIPv6Prefix match ip route-source prefix-list name
[ name...
]
Matches the IPv4 route source address of a route to one or more IP prefix lists. Use the ip prefix-list command to create the prefix list.
Example: switch(config-route-map)# match ip route-source prefix-list AllowPrefix match ipv6 route-source prefix-list name
[ name...
]
Example: switch(config-route-map)# match ipv6 route-source prefix-list AllowIPv6Prefix
•
•
•
Matches the IPv6 route-source address of a route to one or more IP prefix lists. Use the ipv6 prefix-list command to create the prefix list.
match mac-list name [ name...
]
Example: switch(config-route-map)# match mac-list
AllowMAC
Matches against one or more MAC lists. Use the mac-list command to create the MAC list. This command is primarily used by OTV to filter MAC routes in OTV control-plane traffic.
match metric value [ +- deviation.
]
[v alue..
]
Example: switch(config-route-map)# match mac-list
AllowMAC
Matches the route metric against one or more metric values or value ranges. Use +- deviation argument to set a metric range. The route map matches any route metric that falls the range: value - deviation to value + deviation .
match route-type route-type
Example: switch(config-route-map)# match route-type level 1 level 2
Matches against a type of route. The route-type can be one or more of the following:
• external
• internal
• level-1
•
• level-2 local nssa-external type-1 type-2
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
14-15
Chapter 14 Configuring Route Policy Manager
Configuring Route Policy Manager
Command match tag tagid [ tagid...
]
Example: switch(config-route-map)# match tag 2 match vlan vlan-id [ vlan-rang e]
Example: switch(config-route-map)# match vlan 3,
5-10
Purpose
Matches a route against one or more tags for filtering or redistribution.
Matches against a VLAN in an OTV MAC route.
You can configure the following optional set parameters for route maps in route-map configuration mode:
Command set as-path { tag | prepend { last-as number
| as-1 [ as-2...
]}}
Example: switch(config-route-map)# set as-path prepend 10 100 110
Purpose
Modifies an AS-path attribute for a BGP route. You can prepend the configured number of last AS numbers or a string of particular AS-path values
( as-1 as-2...as-n ).
set comm-list name delete
Example: switch(config-route-map)# set comm-list
BGPCommunity delete set community { none | additive | local-AS
| no-advertise | no-export | community-1
[community-2...]}
Example: switch(config-route-map)# set community local-AS
Removes communities from the community attribute of an inbound or outbound BGP route update. Use the ip community-list command to create the community list.
Sets the community attribute for a BGP route update.
Note When you use both the set community and set comm-list delete commands in the same sequence of a route map attribute, the deletion operation is performed before the set operation.
set dampening halflife reuse suppress duration
Example: switch(config-route-map)# set dampening 30
1500 10000 120
Note Use the send-community command in
BGP neighbor address family configuration mode to propagate BGP community attributes to BGP peers.
Sets the following BGP route dampening parameters:
• halflife —The range is from 1 to 45 minutes.
The default is 15.
•
• reuse —The range is from is 1 to 20000 seconds. The default is 750.
suppress —The range is from is 1 to 20000. The default is 2000.
• duration —The range is from is 1 to 255 minutes. The default is 60.
14-16
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 14 Configuring Route Policy Manager
Configuring Route Policy Manager
Command Purpose set extcomm-list name delete
Example: switch(config-route-map)# set extcomm-list
BGPextCommunity delete
Removes communities from the extended community attribute of an inbound or outbound
BGP route update. Use the ip extcommunity-list command to create the extended community list.
set extcommunity generic { transitive | nontransitive } { none | additive ] community-1 [community-2...]}
Example: switch(config-route-map)# set extcommunity generic transitive 1.0:30
Sets the extended community attribute for a BGP route update.
Note When you use both the set extcommunity and set extcomm-list delete commands in the same sequence of a route map attribute, the deletion operation is performed before the set operation.
set forwarding-address
Note Use the send-community command in
BGP neighbor address family configuration mode to propagate BGP extended community attributes to BGP peers.
Sets the forwarding address for OSPF.
Example: switch(config-route-map)# set forwarding-address set level { backbone | level-1 | level-1-2
| level-2 }
Sets what area to import routes to for IS-IS. The options for IS-IS are level-1, level-1-2, or level-2.
The default is level-1.
Example: switch(config-route-map)# set level backbone set local-preference value Sets the BGP local preference value. The range is from 0 to 4294967295.
Example: switch(config-route-map)# set local-preference 4000 set metric [ + | ] bandwidth-metric
Example: switch(config-route-map)# set metric +100
Adds or subtracts from the existing metric value.
The metric is in Kb/s. The range is from 0 to
4294967295.
set metric bandwidth [ delay reliability load mtu ]
Example: switch(config-route-map)# set metric 33 44
100 200 1500
Sets the route metric values.
Metrics are as follows:
•
• metric0 —Bandwidth in Kb/s. The range is from 0 to 4294967295.
metric1 —Delay in 10-microsecond units.
•
•
• metric2 —Reliability. The range is from 0 to
255 (100 percent reliable).
metric3 —Loading. The range is from 1 to 200
(100 percent loaded).
metric4 —MTU of the path. The range is from
1 to 4294967295.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
14-17
Chapter 14 Configuring Route Policy Manager
Verifying the Route Policy Manager Configuration
Command set metric-type { external | internal | type-1 | type-2 }
Example: switch(config-route-map)# set metric-type internal set origin { egp as-number | igp | incomplete }
Purpose
Sets the metric type for the destination routing protocol. The options are as follows: external—IS-IS external metric internal— IGP metric as the MED for BGP type-1—OSPF external type 1 metric type-2—OSPF external type 2 metric
Sets the BGP origin attribute. The EGP as-number range is from 0 to 65535.
Example: switch(config-route-map)# set origin incomplete set tag name
Example: switch(config-route-map)# set tag 33 set weight count
Example: switch(config-route-map)# set weight 33
Sets the tag value for the destination routing protocol. The name parameter is an unsigned integer.
Sets the weight for the BGP route. The range is from 0 to 65535.
The set metric-type internal command affects an outgoing policy and an eBGP neighbor only. If you configure both the metric and metric-type internal commands in the same BGP peer outgoing policy, then Cisco NX-OS ignores the metric-type internal command.
Verifying the Route Policy Manager Configuration
To display the route policy manager configuration information, perform one of the following tasks:
Command show ip community-list [ name ] show ip extcommunity-list [ name ] show [ ip ] prefix-list [ name ] show route-map [ name ]
Purpose
Displays information about a community list.
Displays information about an extended community list.
Displays information about an IPv4 prefix list.
Displays information about a route map.
Configuration Examples for Route Policy Manager
This example shows how to use an address family to configure BGP so that any unicast and multicast routes from neighbor 209.0.2.1 are accepted if they match access list 1: router bgp 64496
address-family ipv4 unicast
network 192.0.2.0/24
network 209.165.201.0/27 route-map filterBGP
14-18
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 14 Configuring Route Policy Manager
Related Topics route-map filterBGP match ip next-hop prefix-list AllowPrefix ip prefix-list AllowPrefix 10 permit 192.0.2.0 eq 24 ip prefix-list AllowPrefix 20 permit 209.165.201.0 eq 27
Related Topics
The following topics can give more information on Route Policy Manager:
•
•
Chapter 8, “Configuring Basic BGP”
Chapter 13, “Managing the Unicast RIB and FIB”
Additional References
For additional information related to implementing IP, see the following sections:
•
•
Related Documents
Related Topic
Route Policy Manager CLI commands
Document Title
Cisco Nexus 6000 Series Command Reference, Cisco NX-OS
Releases 7.x
Standards
Standards Title
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
—
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
14-19
Chapter 14 Configuring Route Policy Manager
14-20
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
C H A P T E R
15
Configuring Policy Based Routing
This chapter describes how to configure policy based routing on the Cisco NX-OS device.
This chapter includes the following sections:
•
•
•
•
•
•
•
•
•
•
Information About Policy Based Routing, page 15-1
Licensing Requirements for Policy-Based Routing, page 15-2
Prerequisites for Policy-Based Routing, page 15-2
Guidelines and Limitations for Policy-Based Routing, page 15-3
Configuring Policy-Based Routing, page 15-3
Verifying the Policy-Based Routing Configuration, page 15-6
Configuration Examples for Policy-Based Routing, page 15-7
Additional References, page 15-7
Information About Policy Based Routing
Policy-based routing allows you to configure a defined policy for IPv4 and IPv6 traffic flows, lessening reliance on routes derived from routing protocols. All packets received on an interface with policy-based routing enabled are passed through enhanced packet filters or route maps . The route maps dictate the policy, determining where to forward packets.
Route maps are composed of match and set statements that you can mark as permit or deny. You can interpret the statements as follows:
• If the packets match any route map statements, all the set statements are applied. One of these actions involves choosing the next hop.
• If the statement is marked as permit and the packets do not match any route-map statements, the packets are sent back through the normal forwarding channels and destination-based routing is performed.
For more information, see the “Route Maps” section on page 14-2 .
Policy-based routing includes the following features:
• Source-based routing—Routes traffic that originates from different sets of users through different connections across the policy routers.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
15-1
Chapter 15 Configuring Policy Based Routing
Licensing Requirements for Policy-Based Routing
This section includes the following topics:
•
•
Set Criteria for Policy-Based Routing, page 15-2
Policy Route Maps
Each entry in a route map contains a combination of match and set statements. The match statements define the criteria for whether appropriate packets meet the particular policy (that is, the conditions to be met). The set clauses explain how the packets should be routed once they have met the match criteria.
You can mark the route-map statements as permit or deny. If the statement is marked as a deny, the packets that meet the match criteria are sent back through the normal forwarding channels
(destination-based routing is performed). If the statement is marked as permit and the packets meet the match criteria, all the set clauses are applied. If the statement is marked as permit and the packets do not meet the match criteria, those packets are also forwarded through the normal routing channel.
Note Policy routing is specified on the interface that receives the packets, not on the interface from which the packets are sent.
Set Criteria for Policy-Based Routing
The set criteria in a route map is evaluated in the order listed in the route map. Set criteria specific to route maps used for policy-based routing are as follows:
• List of specified IP addresses—The IP address can specify the adjacent next-hop router in the path toward the destination to which the packets should be forwarded. The first IP address associated with a connected interface that is currently up is used to route the packets.
If the packets do not meet any of the defined match criteria, the packets are routed through the normal destination-based routing process.
Licensing Requirements for Policy-Based Routing
The following table shows the licensing requirements for this feature:
Product License Requirement
Cisco NX-OS Policy-based routing requires an Enterprise Services license. For a complete explanation of the Cisco
NX-OS licensing scheme and how to obtain and apply licenses, see the Cisco NX-OS Licensing Guide.
Prerequisites for Policy-Based Routing
Policy-based routing has the following prerequisites:
• Install the correct license.
• You must enable policy-based routing (see the
“Enabling the Policy-Based Routing Feature” section on page 15-3
).
15-2
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 15 Configuring Policy Based Routing
Guidelines and Limitations for Policy-Based Routing
• Assign an IP address on the interface and bring the interface up before you apply a route map on the interface for policy-based routing.
Guidelines and Limitations for Policy-Based Routing
Policy-based routing has the following configuration guidelines and limitations:
•
•
•
A policy-based routing route map can have only one match or set statement per route-map statement.
A match command can refer to only one ACL in a route map used for policy-based routing.
•
An ACL used in a policy-based routing route map cannot include a deny statement.
The same route map can be shared among different interfaces for policy-based routing as long as the interfaces belong to the same virtual routing and forwarding (VRF) instance.
• Setting a tunnel interface or an IP address via a tunnel interface as a next hop in a policy-based routing policy is not supported.
Default Settings
lists the default settings for policy-based routing parameters.
Table 15-1 Default Policy-based Routing Parameters
Parameters
Policy-based routing
Default
Disabled
Configuring Policy-Based Routing
This section includes the following topics:
•
Enabling the Policy-Based Routing Feature, page 15-3
•
Configuring a Route Policy, page 15-4
Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Enabling the Policy-Based Routing Feature
You must enable the policy-based routing feature before you can configure a route policy.
SUMMARY STEPS
1.
2.
3.
configure terminal feature pbr
(Optional) show feature
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
15-3
Chapter 15 Configuring Policy Based Routing
Configuring Policy-Based Routing
4.
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 feature pbr
Example: switch(config)# feature pbr
Step 3 show feature
Example: switch(config)# show feature
Step 4 copy running-config startup-config
Example: switch(config)# copy running-config startup-config
Purpose
Enters configuration mode.
Enables the policy-based routing feature.
(Optional) Displays enabled and disabled features.
(Optional) Saves this configuration change.
Use the no feature pbr command to disable the policy-based routing feature and remove all associated configuration.
Command no feature pbr
Example: switch(config)# no feature pbr
Purpose
Disables policy-based routing and removes all associated configuration.
Configuring a Route Policy
You can use route maps in policy-based routing to assign routing policies to the inbound interface. See the
“Configuring Route Maps” section on page 14-13
.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
configure terminal interface type slot/port ip policy route-map map name or ipv6 policy route-map map nam
(Optional) exit
(Optional) exit
(Optional) copy running-config startup-config
15-4
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 15 Configuring Policy Based Routing
Configuring Policy-Based Routing
DETAILED STEPS
Command
Step 1 configure terminal
Purpose
Enters configuration mode.
Example: switch# configure terminal switch(config)#
Step 2 interface type slot/port
Example : switch(config-route-map)# exit
Step 5 exit
Enters interface configuration mode.
Example: switch(config)# interface ethernet 1/2 switch(config-if)#
Step 3 ip policy route-map map-name Assigns a route map for IPv4 policy-based routing to the interface.
Example: switch(config-if)# ip policy route-map
Testmap ipv6 policy route-map map-name
Example: switch(config-if)# ipv6 policy route-map
TestIPv6map
Assigns a route map for IPv6 policy-based routing to the interface.
Step 4 exit (Optional) Exits route-map configuration mode.
(Optional) Exits global configuration mode.
Example : switch(config)# exit
Step 6 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch# copy running-config startup-config
This example shows how to add a route map to an interface: switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip policy route-map Testmap switch(config)# exit switch(config)# copy running-config startup-config
You can configure the following optional match parameters for route maps in route-map configuration mode:
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
15-5
Chapter 15 Configuring Policy Based Routing
Verifying the Policy-Based Routing Configuration
Command match ip address acess-list-name
Example: switch(config-route-map)# match ip address
ACL1
Purpose
Matches an IPv4 address against an IP access control list (ACL). This command is used for policy-based routing and is ignored by route filtering or redistribution.
match ipv6 address acess-list-name
Example: switch(config-route-map)# match ipv6 address ACLv6
Matches an IPv6 address against an IPv6 ACL.
This command is used for policy-based routing and is ignored by route filtering or redistribution.
You can configure the following optional set parameters for route maps in route-map configuration mode:
Command set ip next-hop address1 [ address2...
]
Example: switch(config-route-map)# set ip next-hop
192.0.2.1
set ipv6 next-hop address1 [ address2...
]
Purpose
Sets the IPv4 next-hop address for policy-based routing. This command uses the first valid next-hop address if multiple addresses are configured.
Sets the IPv6 next-hop address for policy-based routing. This command uses the first valid next-hop address if multiple addresses are configured.
Example: switch(config-route-map)# set ipv6 next-hop 2001:0DB8::1 set interface { null0 }
Example: switch(config-route-map)# set interface null0
Sets the interface used for routing. Use the interface to drop packets.
null0
Cisco Nexus 6000 Series switches routes the packet as soon as it finds a next hop and an interface.
Verifying the Policy-Based Routing Configuration
To display policy-based routing configuration information, perform one of the following tasks:
Command show [ ip | ipv6 ] policy show route-map [ name
[ name
]
] pbr-statistics
Purpose
Displays information about an IPv4 or IPv6 policy.
Displays policy statistics.
Use the route-map map-name pbr-statistics to enable policy statistics. Use the clear route-map map-name pbr-statistics to clear these policy statistics
15-6
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 15 Configuring Policy Based Routing
Configuration Examples for Policy-Based Routing
Configuration Examples for Policy-Based Routing
This example shows how to configure a simple route policy on an interface: feature pbr ip access-list pbr-sample
! permit tcp host 10.1.1.1 host 192.168.2.1 eq 80 route-map pbr-sample match ip address pbr-sample
!
set ip next-hop 192.168.1.1
route-map pbr-sample pbr-statistics interface ethernet 1/2 ip policy route-map pbr-sample
The following output verifies this configuration: switch# show route-map pbr-sample route-map pbr-sample, permit, sequence 10
Match clauses:
ip address (access-lists): pbr-sample
Set clauses:
ip next-hop 192.168.1.1 switch# show route-map pbr-sample pbr-statistics route-map pbr-sample, permit, sequence 10
Policy routing matches: 84 packets
Related Topics
The following topics can give more information on Policy Based Routing:
•
Chapter 14, “Configuring Route Policy Manager”
Additional References
For additional information related to implementing IP, see the following sections:
•
•
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
15-7
Chapter 15 Configuring Policy Based Routing
Additional References
Related Documents
Related Topic
Policy-based routing CLI commands
Document Title
Cisco Nexus 6000 Series NX-OS Unicast Routing Command
Reference, Release 7.x
Standards
Standards Title
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
—
15-8
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
C H A P T E R
16
Configuring IS-IS
This chapter describes how to configure Integrated Intermediate System-to-Intermediate System (IS-IS) on the Cisco NX-OS device.
This chapter includes the following sections:
•
•
•
•
•
Information About IS-IS, page 16-1
Licensing Requirements for IS-IS, page 16-7
Guidelines and Limitations for IS-IS, page 16-7
•
•
•
•
•
Verifying the IS-IS Configuration, page 16-32
Configuration Examples for IS-IS, page 16-33
Additional References, page 16-34
Information About IS-IS
IS-IS is an Interior Gateway Protocol (IGP) based on Standardization (ISO)/International Engineering
Consortium (IEC) 10589. Cisco Nexus 6000 Series switches supports Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6). IS-IS is a dynamic link-state routing protocol that can detect changes in the network topology and calculate loop-free routes to other nodes in the network. Each router maintains a link-state database that describes the state of the network and sends packets on every configured link to discover neighbors. IS-IS floods the link-state information across the network to each neighbor. The router also sends advertisements and updates on the link-state database through all the existing neighbors.
This section includes the following topics:
•
•
•
•
•
IS-IS Authentication, page 16-3
Route Summarization, page 16-4
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
16-1
Chapter 16 Configuring IS-IS
Information About IS-IS
•
•
•
•
•
Route Redistribution, page 16-5
Administrative Distance, page 16-5
High Availability and Graceful Restart, page 16-5
Multiple IS-IS Instances, page 16-6
IS-IS Overview
IS-IS sends a
hello packet out every configured interface to discover IS-IS neighbor routers. The hello
packet contains information, such as the authentication, area, and supported protocols, which the receiving interface uses to determine compatibility with the originating interface. The hello packets are also padded to ensure that IS-IS establishes adjacencies only with interfaces that have matching maximum transmission unit (MTU) settings. Compatible interfaces form adjacencies, which update routing information in the link-state database through link-state update messages (LSPs). By default, the router sends a periodic LSP refresh every 10 minutes and the LSPs remain in the link-state database for
20 minutes (the LSP lifetime). If the router does not receive an LSP refresh before the end of the LSP lifetime, the router deletes the LSP from the database.
The LSP interval must be less than the LSP lifetime or the LSPs time out before they are refreshed.
IS-IS sends periodic hello packets to adjacent routers. If you configure transient mode for hello packets, these hello packets do not include the excess padding used before IS-IS establishes adjacencies. If the
MTU value on adjacent routers changes, IS-IS can detect this change and send padded hello packets for a period of time. IS-IS uses this feature to detect mismatched MTU values on adjacent routers. For more information, see the
“Configuring the Transient Mode for Hello Padding” section on page 16-19
.
IS-IS Areas
You can design IS-IS networks as a single area that includes all routers in the network or as multiple areas that connect into a backbone or Level 2 area. Routers in a nonbackbone area are Level 1 routers that establish adjacencies within a local area (intra-area routing). Level 2 area routers establish adjacencies to other Level 2 routers and perform routing between Level 1 areas (inter-area routing). A router can have both Level 1 and Level 2 areas configured. These Level 1/Level 2 routers act as area border routers that route information from the local area to the Level 2 backbone area (see
Within a Level 1 area, routers know how to reach all other routers in that area. The Level 2 routers know how to reach other area border routers and other Level 2 routers. Level 1/Level 2 routers straddle the boundary between two areas, routing traffic to and from the Level 2 backbone area. Level1/Level2 routers use the attached (ATT) bit signal Level 1 routers to set a default route to this Level1/Level2 router to connect to the Level 2 area.
In some instances, such as when you have two or more Level1/Level 2 routers in an area, you may want to control which Level1/Level2 router that the Level 1 routers use as the default route to the Level 2 area.
You can configure which Level1/Level2 router sets the attached bit. For more information, see the
“Verifying the IS-IS Configuration” section on page 16-32
.
Each IS-IS instance in Cisco Nexus 6000 Series switches supports either a single Level 1 or Level 2 area, or one of each. By default, all IS-IS instances automatically support Level 1 and Level 2 routing.
16-2
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 16 Configuring IS-IS
Information About IS-IS
Figure 16-1 IS-IS Network Divided into Areas
L1 IS
L1 IS L1 IS
L1-2 IS
L1-2 IS
L2 IS
L2 IS
L1-2 IS
L1 IS
L1 IS
L1 link
L2 link
L1-2 link
An autonomous system boundary router (ASBR) advertises external destinations throughout the IS-IS autonomous system. External routes are the routes redistributed into IS-IS from any other protocol.
NET and System ID
Each IS-IS instance has an associated network entity title (NET). The NET is comprised of the IS-IS system ID, which uniquely identifies this IS-IS instance in the area and the area ID. For example, if the
NET is 47.0004.004d.0001.0001.0c11.1111.00, the system ID is 0000.0c11.1111.00 and the area is ID
47.0004.004d.0001.
Designated Intermediate System
IS-IS uses a designated intermediate system (DIS) in broadcast networks to prevent each router from forming unnecessary links with every other router on the broadcast network. IS-IS routers send LSPs to the DIS, which manages all the link-state information for the broadcast network. You can configure the
IS-IS priority that IS-IS uses to select the DIS in an area.
Note No DIS is required on a point-to-point network.
IS-IS Authentication
You can configure authentication to control adjacencies and the exchange of LSPs. Routers that want to become neighbors must exchange the same password for their configured level of authentication. IS-IS blocks a router that does not have the correct password. You can configure IS-IS authentication globally or for an individual interface for Level 1, Level 2, or both Level 1/Level 2 routing.
IS-IS supports the following authentication methods:
•
•
Clear text—All packets exchanged carry a cleartext 128-bit password.
MD5 digest—All packets exchanged carry a message digest that is based on a 128-bit key.
To provide protection against passive attacks, IS-IS never sends the MD5 secret key as cleartext through the network. In addition, IS-IS includes a sequence number in each packet to protect against replay attacks.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
16-3
Chapter 16 Configuring IS-IS
Information About IS-IS
You can use also keychains for hello and LSP authentication. See the Cisco Nexus 6000 Series NX-OS
Security Configuration Guide, Release 7.x
for information on keychain management.
Mesh Groups
A mesh group is a set of interfaces in which all routers reachable over the interfaces have at least one link to every other router. Many links can fail without isolating one or more routers from the network.
In normal flooding, an interface receives a new LSP and floods the LSP out over all other interfaces on the router. With mesh groups, when an interface that is part of a mesh group receives a new LSP, the interface does not flood the new LSP over the other interfaces that are part of that mesh group.
Note You may want to limit LSPs in certain mesh network topologies to improve network scalability. Limiting
LSP floods might also reduce the reliability of the network (in case of failures). For this reason, we recommend that you use mesh groups only if specifically required, and then only after you make a careful network design.
You can also configure mesh groups in block mode for parallel links between routers. In this mode, all
LSPs are blocked on that interface in a mesh group after the routers initially exchange their link-state information.
Overload Bit
IS-IS uses the overload bit to tell other routers not to use the local router to forward traffic but to continue routing traffic destined for that local router.
You may want to use the overload bit in these situations:
•
•
•
The router is in a critical condition.
Graceful introduction and removal of the router to/from the network.
Other (administrative or traffic engineering) reasons such as waiting for BGP convergence.
Route Summarization
You can configure a summary aggregate address. Route summarization simplifies route tables by replacing a number of more-specific addresses with an address that represents all the specific addresses.
For example, you can replace 10.1.1.0/24, 10.1.2.0/24, and 10.1.3.0/24 with one summary address,
10.1.0.0/16.
If more specific routes are in the routing table, IS-IS advertises the summary address with a metric equal to the minimum metric of the more specific routes.
Note Cisco Nexus 6000 Series switches does not support automatic route summarization.
16-4
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 16 Configuring IS-IS
Information About IS-IS
Route Redistribution
You can use IS-IS to redistribute static routes, routes learned by other IS-IS autonomous systems, or routes from other protocols. You must configure a route map with the redistribution to control which routes are passed into IS-IS. A route map allows you to filter routes based on attributes such as the destination, origination protocol, route type, route tag, and so on. For more information, see
“Configuring Route Policy Manager.”
Whenever you redistribute routes into an IS-IS routing domain, Cisco Nexus 6000 Series switches does not, by default, redistribute the default route into the IS-IS routing domain. You can generate a default route into IS-IS, which can be controlled by a route policy.
You also configure the default metric that is used for all imported routes into IS-IS.
Administrative Distance
The administrative distance is a rating of the trustworthiness of a routing information source. A higher value indicates a lower trust rating. The administrative distance is used to discriminate between routes learned from more than one routing protocol. The route with the lowest administrative distance is installed in the IP routing table.
You can configure the administrative distance for internal and external routes based on various match criteria for a given prefix. Routing protocols such as IS-IS configure the prefix into the Routing
Information Base (RIB), along with the next hops based on these metrics. If multiple paths are available for a prefix, the routing protocol chooses the best path based on the cost to reach the next hop and the administrative distance. You can specify that prefixes be considered based on specific routes. In prior releases, one administrative distance was sufficient for all internal routes.
Load Balancing
You can use load balancing to allow a router to distribute traffic over all the router network ports that are the same distance from the destination address. Load balancing increases the utilization of network segments and increases the effective network bandwidth.
Cisco Nexus 6000 Series switches support the Equal Cost Multiple Paths (ECMP) feature with up to 32 equal-cost paths in the IS-IS route table and the unicast RIB. You can configure IS-IS to load balance traffic across some or all of those paths.
High Availability and Graceful Restart
Cisco NX-OS provides a multilevel high-availability architecture. IS-IS supports stateful restart, which is also referred to as non-stop routing (NSR). If IS-IS experiences problems, it attempts to restart from its previous run-time state. The neighbors would not register any neighbor event in this case. If the first restart is not successful and another problem occurs, IS-IS attempts a graceful restart as per RFC 3847.
A graceful restart, or non-stop forwarding (NSF), allows IS-IS to remain in the data forwarding path through a process restart. When the restarting IS-IS interface is operational again, it rediscovers its neighbors, establishes adjacency, and starts sending its updates again. At this point, the NSF helpers recognize that the graceful restart has finished.
A stateful restart is used in the following scenarios:
• First recovery attempt after process experiences problems
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
16-5
Chapter 16 Configuring IS-IS
Information About IS-IS
• ISSU
A graceful restart is used in the following scenarios:
• Second recovery attempt after the process experiences problems within a 4-minute interval
• Manual restart of the process using the restart isis command
Note Graceful restart is on by default, and we strongly recommended that it not be disabled.
Multiple IS-IS Instances
Cisco Nexus 6000 Series switches supports multiple instances of the IS-IS protocol that run on the same node. You cannot configure multiple instances over the same interface. Every instance uses the same system router ID. For the number of supported IS-IS instances, see the Verified Scalability for Cisco
Nexus 6000 Series NX-OS Release 7.0(0)N1(1).
16-6
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 16 Configuring IS-IS
Licensing Requirements for IS-IS
Licensing Requirements for IS-IS
The following table shows the licensing requirements for this feature:
Product License Requirement
Cisco NX-OS IS-IS requires an Enterprise Services license. For a complete explanation of the Cisco NX-OS licensing scheme and how to obtain and apply licenses, see the Cisco NX-OS Licensing Guide.
Guidelines and Limitations for IS-IS
IS-IS has the following configuration guidelines and limitations:
• Equal Cost Multiple Paths (ECMP) is supported with up to 32 equal-cost paths in the IS-IS route table and the Unicast RIB.
Default Settings
lists the default settings for IS-IS parameters.
Table 16-1 Default IS-IS Parameters
Parameters
Administrative distance
Area level
DIS priority
Graceful restart
Hello multiplier
Hello padding
Hello time
IS-IS feature
LSP interval
LSP MTU
Maximum LSP lifetime
Maximum paths
Metric
Reference bandwidth
Default
115
Level-1-2
64
Enabled
3
Enabled
10 seconds
Disabled
33
1492
1200 seconds
4
40
40 Gbps
Configuring IS-IS
Step 1
To configure IS-IS, follow these steps:
Create an IS-IS instance (see the
“Creating an IS-IS Instance” section on page 16-9
).
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01 16-7
Chapter 16 Configuring IS-IS
Configuring IS-IS
Step 2
Step 3
Add an interface to the IS-IS instance (see the
“Configuring IS-IS on an Interface” section on page 16-12
).
Configure optional features, such as authentication, mesh groups, and dynamic host exchange.
This section contains the following topics:
•
IS-IS Configuration Modes, page 16-8
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Creating an IS-IS Instance, page 16-9
Restarting an IS-IS Instance, page 16-12
Shutting Down IS-IS, page 16-12
Configuring IS-IS on an Interface, page 16-12
Shutting Down IS-IS on an Interface, page 16-14
Configuring Default Passive Interfaces, page 16-14
Configuring IS-IS Authentication in an Area, page 16-16
Configuring IS-IS Authentication on an Interface, page 16-17
Configuring a Mesh Group, page 16-18
Configuring a Designated Intermediate System, page 16-18
Configuring Dynamic Host Exchange, page 16-18
Setting the Overload Bit, page 16-19
Configuring the Attached Bit, page 16-19
Configuring the Transient Mode for Hello Padding, page 16-19
Configuring a Summary Address, page 16-20
Configuring Redistribution, page 16-21
Limiting the Number of Redistributed Routes, page 16-23
Configuring the Administrative Distance of Routes, page 16-24
Disabling Strict Adjacency Mode, page 16-25
Configuring a Graceful Restart, page 16-26
Configuring Virtualization, page 16-28
Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
IS-IS Configuration Modes
The following sections show how to enter each of the configuration modes. From a mode, you can enter the ?
command to display the commands available in that mode.
This section includes the following topics:
•
Router Configuration Mode, page 16-9
16-8
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 16 Configuring IS-IS
Configuring IS-IS
•
Router Address Family Configuration Mode, page 16-9
Router Configuration Mode
This example shows how to enter router configuration mode: switch#: configure terminal switch(config)# router isis isp switch(config-router)#
Router Address Family Configuration Mode
This example shows how to enter router address family configuration mode: switch(config)# router isis isp switch(config-router)# address-family ipv4 unicast switch(config-router-af)#
Creating an IS-IS Instance
You can create an IS-IS instance and configure the area level for that instance.
SUMMARY STEPS
3.
4.
1.
2.
5.
6.
configure terminal router isis instance-tag net network-entity-title
(Optional) is-type {l evel-1 | level-2 | level-1-2 }
(Optional) show isis [ vrf vrf-name ] process
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 router isis instance-tag
Example: switch(config)# router isis Enterprise switch(config-router)#
Step 3 net network-entity-title
Example: switch(config-router)# net
47.0004.004d.0001.0001.0c11.1111.00
Purpose
Enters global configuration mode.
Creates a new IS-IS instance with the configured instance tag .
Configures the NET for this IS-IS instance.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
16-9
Chapter 16 Configuring IS-IS
Configuring IS-IS
Command
Step 4 is-type { level-1 | level-2 | level-1-2 }
Example: switch(config-router)# is-type level-2
Step 5 show isis [ vrf vrf-name ] process
Example : switch(config)# show isis process
Step 6 copy running-config startup-config
Example: switch(config)# copy running-config startup-config
Purpose
(Optional) Configures the area level for this IS-IS instance. The default is level-1-2.
(Optional) Displays a summary of IS-IS information for all IS-IS instances.
(Optional) Saves this configuration change.
To remove the IS-IS instance and the associated configuration, use the following command in configuration mode:
Command no router isis instance-tag
Example: switch(config)# no router isis Enterprise
Purpose
Deletes the IS-IS instance and all associated configurations.
Note You must also remove any IS-IS commands that are configured in interface mode to completely remove all configurations for the IS-IS instance.
16-10
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 16 Configuring IS-IS
Configuring IS-IS
You can configure the following optional parameters for IS-IS:
Command distance value
Purpose
Sets the administrative distance for IS-IS. The range is from 1 to 255. The default is 115.
Example: switch(config-router)# distance 30 log-adjacency-changes Sends a system message whenever an IS-IS neighbor changes the state.
Example: switch(config-router)# log-adjacency-changes lsp-mtu size
Example: switch(config-router)# lsp-mtu 600
Sets the MTU for LSPs in this IS-IS instance. The range is from 128 to 4352 bytes. The default is
1492.
maximum-paths number
Example: switch(config-router)# maximum-paths 6
Configures the maximum number of equal-cost paths that IS-IS maintains in the route table. The range is from 1 to 32. The default is 4.
reference-bandwidth bandwidth-value { Mbps
| Gbps }
Example: switch(config-router)# reference-bandwidth
100 Gbps
Sets the default reference bandwidth used for calculating the IS-IS cost metric. The range is from
1 to 4000 Gbps. The default is 40 Gbps.
The following example shows how to create an IS-IS instance in a level 2 area: switch# configure terminal switch(config)# router isis Enterprise switch(config-router)# net 47.0004.004d.0001.0001.0c11.1111.00
switch(config-router)# is-type level 2 switch(config-router)# copy running-config startup-config
To clear neighbor statistics and remove adjacencies, use the following command in router configuration mode:
Command clear isis [ instance-tag ] adjacency [ * | system-id | interface ]
Example : switch(config-if)# clear isis adjacency *
Purpose
Clears neighbor statistics and removed adjacencies for this IS-IS instance.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
16-11
Chapter 16 Configuring IS-IS
Configuring IS-IS
Restarting an IS-IS Instance
You can restart an IS-IS instance. This action clears all neighbors for the instance.
To restart an IS-IS instance and remove all associated neighbors, use the following command:
Command restart isis instance-tag
Example: switch(config)# restart isis Enterprise
Purpose
Restarts the IS-IS instance and removes all neighbors.
Shutting Down IS-IS
You can shut down the IS-IS instance. This action disables this IS-IS instance and retains the configuration.
To shut down the IS-IS instance, use the following command in router configuration mode:
Command shutdown
Example: switch(config-router)# shutdown
Purpose
Disables the IS-IS instance.
Configuring IS-IS on an Interface
You can add an interface to an IS-IS instance.
SUMMARY STEPS
4.
5.
6.
1.
2.
3.
configure terminal interface interface-type slot/port
(Optional) medium { broadcast | p2p }
{ ip | ipv6 } router isis instance-tag
(Optional) show isis [ vrf vrf-name ] [ instance-tag ] interface [ interface-type slot/port ]
(Optional) copy running-config startup-config
16-12
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 16 Configuring IS-IS
Configuring IS-IS
DETAILED STEPS
Command
Step 1 configure terminal
Purpose
Enters global configuration mode.
Example: switch# configure terminal switch(config)#
Step 2 interface interface-type slot/port Enters interface configuration mode.
Example: switch(config)# interface ethernet 1/2 switch(config-if)#
Step 3 medium { broadcast | p2p } (Optional) Configures the broadcast or point-to-point mode for the interface. IS-IS inherits this mode.
Example : switch(config-if)# medium p2p
Step 4 { ip | ipv6 } router isis instance-tag
Example : switch(config-if)# ip router isis
Enterprise
Step 5 show isis [ vrf vrf-name ] [ instance-tag ] interface [ interface-type slot/port ]
Associates this IPv4 or IPv6 interface with an IS-IS instance.
(Optional) Displays IS-IS information for an interface.
Example : switch(config)# show isis Enterprise ethernet 1/2
Step 6 copy running-config startup-config
Example: switch(config)# copy running-config startup-config
(Optional) Saves this configuration change.
You can configure the following optional parameters for IS-IS in interface mode:
Command isis circuit-type { level-1 | level-2 | level-1-2 }
Example : switch(config-if)# isis circuit-type level-2 isis metric value { level-1 | level-2 }
Example: switch(config-if)# isis metric 30 isis passive { level-1 | level-2 | level-1-2 }
Example: switch(config-if)# isis passive level-2
Purpose
Sets the type of adjacency that this interface participates in. Use this command only for routers that participate in both Level 1 and Level 2 areas.
Sets the IS-IS metric for this interface. The range is from 1 to 16777214. The default is 10.
Prevents the interface from forming adjacencies but still advertises the prefix associated with the interface.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
16-13
Chapter 16 Configuring IS-IS
Configuring IS-IS
This example shows how to add Ethernet 1/2 interface to an IS-IS instance: switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip router isis Enterprise switch(config-if)# copy running-config startup-config
Shutting Down IS-IS on an Interface
You can gracefully shut down IS-IS on an interface. This action removes all adjacencies and stops IS-IS traffic on this interface but preserves the IS-IS configuration.
To disable IS-IS on an interface, use the following command in interface configuration mode:
Command switch(config-if)# isis shutdown
Example: switch(config-router)# isis shutdown
Purpose
Disables IS-IS on this interface. The IS-IS interface configuration remains.
Configuring Default Passive Interfaces
You can configure all IS-IS interfaces as passive by default and then activate only those interfaces where adjacencies are desired.
SUMMARY STEPS
4.
5.
6.
1.
2.
3.
7.
8.
9.
configure terminal router isis instance-tag passive-interface default { level-1 | level-1-2 | level-2 } exit interface type slot/port isis passive-interface { level-1 | level-1-2 | level-2 }
(Optional) no isis passive-interface { level-1 | level-1-2 | level-2 } default isis passive-interface [ level-1 | level-1-2 | level-2 ]
(Optional) copy running-config startup-config
16-14
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 16 Configuring IS-IS
Configuring IS-IS
DETAILED STEPS
Command
Step 1 configure terminal
Example : switch(config-router)# exit switch(config)#
Step 5 interface type slot / port
Purpose
Enters global configuration mode.
Example: switch# configure terminal switch(config)#
Step 2 router isis instance-tag Creates a new IS-IS instance and enters router configuration mode.
Example: switch(config)# router isis 1 switch(config-router)#
Step 3 passive-interface default { level-1 | level-1-2 | level-2 }
Example : switch(config-router)# passive-interface default level-1
Removes the passive-interface commands on the interface (if any) and returns the interface to the default configuration.
Step 4 exit Exits router configuration mode.
Enters interface configuration mode.
Example : switch(config)# interface
GigabitEthernet 0/0/0/ switch(config-if)#
Step 6 isis passive-interface { level-1 | level-1-2 | level-2 }
Example : switch(config-if)# default isis passive-interface level-1
Step 9 copy running-config startup-config
Blocks the sending of routing updates on an IS-IS interface.
Example : switch(config-if)# isis passive-interface level-1
Step 7 no isis passive-interface { level-1 | level-1-2 | level-2 }
Example : switch(config-if)# no isis passive-interface level-1
Step 8 default isis passive-interface [ level-1
| level-1-2 | level-2 ]
(Optional) Reenables the sending of routing updates on an IS-IS interface and activates only those interfaces that need adjacencies.
Allows all IS-IS interfaces to be set as passive by default.
(Optional) Saves this configuration change.
Example: switch(config-router)# copy running-config startup-config
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
16-15
Chapter 16 Configuring IS-IS
Configuring IS-IS
Configuring IS-IS Authentication in an Area
You can configure IS-IS to authenticate LSPs in an area.
SUMMARY STEPS
3.
4.
5.
6.
1.
2.
configure terminal router isis instance-tag authentication-type { cleartext | md5 } {l evel-1 | level-2 } authentication key-chain key { level-1 | level-2 }
(Optional) authentication-check { level-1 | level-2 }
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 router isis instance-tag Creates a new IS-IS instance with the configured instance tag .
Example: switch(config)# router isis Enterprise switch(config-router)#
Step 3 authentication-type { cleartext | md5 }
{ level-1 | level-2 }
Example : switch(config-router)# authentication-type cleartext level-2
Step 4 authentication key-chain key { level-1 | level-2 }
Sets the authentication method used for a Level 1 or
Level 2 area as cleartext or as an MD5 authentication digest.
Configures the authentication key used for an IS-IS area-level authentication.
Example : switch(config-router)# authentication key-chain ISISKey level-2
Step 5 authentication-check { level-1 | level-2 } (Optional) Enables checking the authentication parameters in a received packet.
Example : switch(config-router)# authentication-check level-2
Step 6 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config-router)# copy running-config startup-config
Purpose
Enters global configuration mode.
16-16
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 16 Configuring IS-IS
Configuring IS-IS
This example shows how to configure cleartext authentication on an IS-IS instance: switch# configure terminal switch(config)# router isis Enterprise switch(config-router)# authentication-type cleartext level-2 switch(config-router)# authentication key-chain ISISKey level-2 switch(config-router)# copy running-config startup-config
Configuring IS-IS Authentication on an Interface
You can configure IS-IS to authenticate Hello packets on an interface.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
configure terminal interface interface-type slot/port isis authentication-type { cleartext | md5 } { level-1 | level-2 } isis authentication key-chain key { level-1 | level-2 }
(Optional) isis authentication-check { level-1 | level-2 }
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 interface interface-type slot/port
Example: switch(config)# interface ethernet 1/2 switch(config-if)#
Step 3 isis authentication-type { cleartext | md5 } { level-1 | level-2 }
Example : switch(config-if)# isis authentication-type cleartext level-2
Step 4 isis authentication key-chain key
{ level-1 | level-2 }
Example : switch(config-if)# isis authentication-key ISISKey level-2
Step 5 isis authentication-check { level-1 | level-2 }
Example : switch(config-if)# isis authentication-check
Purpose
Enters global configuration mode.
Enters interface configuration mode.
Sets the authentication type for IS-IS on this interface as cleartext or as an MD5 authentication digest.
Configures the authentication key used for IS-IS on this interface.
(Optional) Enables checking the authentication parameters in a received packet.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
16-17
Chapter 16 Configuring IS-IS
Configuring IS-IS
Command
Step 6 copy running-config startup-config
Example: switch(config-if)# copy running-config startup-config
Purpose
(Optional) Saves this configuration change.
This example shows how to configure cleartext authentication on an IS-IS instance: switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# isis authentication-type cleartext level-2 switch(config-if)# isis authentication key-chain ISISKey switch(config-if)# copy running-config startup-config
Configuring a Mesh Group
You can add an interface to a mesh group to limit the amount of LSP flooding for interfaces in that mesh group. You can optionally block all LSP flooding on an interface in a mesh group.
To add an interface to a mesh group, use the following command in interface configuration mode:
Command isis mesh-group { blocked | mesh-id }
Example : switch(config-if)# isis mesh-group 1
Purpose
Adds this interface to a mesh group. The range is from 1 to 4294967295.
Configuring a Designated Intermediate System
You can configure a router to become the designated intermediate system (DIS) for a multiaccess network by setting the interface priority.
To configure the DIS, use the following command in interface configuration mode:
Command isis priority number { level-1 | level-2 }
Example : switch(config-if)# isis priority 100 level-1
Purpose
Sets the priority for DIS selection. The range is from 0 to 127. The default is 64.
Configuring Dynamic Host Exchange
You can configure IS-IS to map between the system ID and the hostname for a router using dynamic host exchange.
To configure dynamic host exchange, use the following command in router configuration mode:
16-18
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 16 Configuring IS-IS
Configuring IS-IS
Command hostname dynamic
Example : switch(config-router)# hostname dynamic
Purpose
Enables dynamic host exchange.
Setting the Overload Bit
You can configure the router to signal other routers not to use this router as an intermediate hop in their shortest path first (SPF) calculations. You can optionally configure the overload bit temporarily on startup, until BGP converges.
In addition to setting the overload bit, you might also want to suppress certain types of IP prefix advertisements from LSPs for Level 1 or Level 2 traffic.
To set the overload bit, use the following command in router configuration mode:
Command set-overload-bit { always | on-startup
{ seconds | wait-for bgp as-number }}
[ suppress [ interlevel | external ]]
Example : switch(config-router)# set-overload-bit on-startup 30
Purpose
Sets the overload bit for IS-IS. The seconds range is from 5 to 86400.
Configuring the Attached Bit
You can configure the attached bit to control which Level 1/Level 2 router that the Level 1 routers use as the default route to the Level 2 area. If you disable setting the attached bit, the Level 1 routers do not use this Level 1/Level 2 router to reach the Level 2 area.
To configure the attached bit for a Level 1/Level 2 router, use the following command in router configuration mode:
Command
[ no ] attached-bit
Example : switch(config-router)# no attached-bit
Purpose
Configures the Level 1/Level 2 router to set the attached bit. This feature is enabled by default.
Configuring the Transient Mode for Hello Padding
You can configure the transient mode for hello padding to pad hello packets when IS-IS establishes adjacency and remove that padding after IS-IS establishes adjacency.
To configure the mode for hello padding, use the following command in router configuration mode:
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
16-19
Chapter 16 Configuring IS-IS
Configuring IS-IS
Command
[ no ] isis hello-padding
Example : switch(config-if)# no isis hello-padding
Purpose
Pads the hello packet to the full MTU. The default is enabled. Use the no form of this command to configure the transient mode of hello padding.
Configuring a Summary Address
You can create aggregate addresses that are represented in the routing table by a summary address. One summary address can include multiple groups of addresses for a given level. Cisco Nexus 6000 Series switches advertises the smallest metric of all the more-specific routes.
SUMMARY STEPS
3.
4.
5.
6.
1.
2.
configure terminal router isis instance-tag address-family { ipv4 | ipv6 } unicast summary-address ip-prefix/mask-len { level-1 | level-2 | level-1-2 }
(Optional) show isis [ vrf vrf-name ] { ip | ipv6 } summary-address ip-prefix [ longer-prefixes ]
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 router isis instance-tag
Example: switch(config)# router isis Enterprise switch(config-router)#
Step 3 address-family { ipv4 | ipv6 } unicast
Example : switch(config-router)# address-family ipv4 unicast switch(config-router-af)#
Step 4 summary-address ip-prefix/mask-len
{ level-1 | level-2 | level-1-2 }
Example : switch(config-router-af)# summary-address 192.0.2.0/24 level-2
Purpose
Enters global configuration mode.
Creates a new IS-IS instance with the configured instance tag.
Enters address family configuration mode.
Configures a summary address for an IS-IS area for
IPv4 or IPv6 addresses.
16-20
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 16 Configuring IS-IS
Configuring IS-IS
Command
Step 5 show isis [ vrf vrf-name ] { ip | ipv6 } summary-address ip-prefix
[ longer-prefixes ]]
Purpose
(Optional) Displays IS-IS IPv4 or IPv6 summary address information.
Example : switch(config-if)# show isis ip summary-address
Step 6 copy running-config startup-config
Example: switch(config--if)# copy running-config startup-config
(Optional) Saves this configuration change.
This example shows how to configure an IPv4 unicast summary address for IS-IS: switch# configure terminal switch(config)# router isis Enterprise switch(config-router)# address-family ipv4 unicast switch(config-router-af)# summary-address 192.0.2.0/24 level-2 switch(config-router-af)# copy running-config startup-config
Configuring Redistribution
You can configure IS-IS to accept routing information from another routing protocol and redistribute that information through the IS-IS network. You can optionally assign a default route for redistributed routes.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
configure terminal router isis instance-tag address-family { ipv4 | ipv6 } unicast redistribute { bgp as | direct |{ eigrp | isis | ospf | ospfv3 | rip } instance-tag | static } route-map map-name
(Optional) default-information originate [ always ] [ route-map map-name ]
(Optional) distribute { level-1 | level-2 } into { level-1 | level-2 } { route-map route-map | all }
(Optional) show isis [ vrf vrf-name ] { ip | ipv6 } route ip-prefix [ detail | longer-prefixes [ summary
| detail ]]
(Optional) copy running-config startup-config
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
16-21
Chapter 16 Configuring IS-IS
Configuring IS-IS
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 router isis instance-tag
Example: switch(config)# router isis Enterprise switch(config-router)#
Step 3 address-family { ipv4 | ipv6 } unicast
Example : switch(config-router)# address-family ipv4 unicast switch(config-router-af)#
Step 4 redistribute { bgp as | { eigrp | isis | ospf | ospfv3 | rip } instance-tag | static | direct } route-map map-name
Purpose
Enters global configuration mode.
Creates a new IS-IS instance with the configured instance tag .
Enters address family configuration mode.
Redistributes routes from other protocols into IS-IS.
See the
“Configuring Route Maps” section on page 14-13 for more information about route maps.
Example : switch(config-router-af)# redistribute eigrp 201 route-map ISISmap
Step 5 default-information originate [ always ]
[ route-map map-name ]
(Optional) Generates a default route into IS-IS.
Example : switch(config-router-af)# default-information originate always
Step 6 distribute { level-1 | level-2 } into
{ level-1 | level-2 } { route-map route-map
| all }
(Optional) Redistributes routes from one IS-IS level to the other IS-IS level.
Example : switch(config-router-af)# distribute level-1 into level-2 all
Step 7 show isis [ vrf vrf-name ] { ip | ipv6 } route ip-prefix [ detail | longer-prefixes [ summary | detail ]]
(Optional) Shows the IS-IS routes.
Example: switch(config-router-af)# show isis ip route
Step 8 copy running-config startup-config
Example: switch(config-router-af)# copy running-config startup-config
(Optional) Saves this configuration change.
16-22
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 16 Configuring IS-IS
Configuring IS-IS
This example shows how to redistribute EIGRP into IS-IS: switch# configure terminal switch(config)# router isis Enterprise switch(config-router)# address-family ipv4 unicast switch(config-router-af)# redistribute eigrp 201 route-map ISISmap switch(config-router-af)# copy running-config startup-config
Limiting the Number of Redistributed Routes
Route redistribution can add many routes to the IS-IS route table. You can configure a maximum limit to the number of routes accepted from external protocols. IS-IS provides the following options to configure redistributed route limits:
•
•
Fixed limit—Logs a message when IS-IS reaches the configured maximum. IS-IS does not accept any more redistributed routes. You can optionally configure a threshold percentage of the maximum where IS-IS logs a warning when that threshold is passed.
Warning only—Logs a warning only when IS-IS reaches the maximum. IS-IS continues to accept redistributed routes.
• Withdraw—Starts the timeout period when IS-IS reaches the maximum. After the timeout period,
IS-IS requests all redistributed routes if the current number of redistributed routes is less than the maximum limit. If the current number of redistributed routes is at the maximum limit, IS-IS withdraws all redistributed routes. You must clear this condition before IS-IS accepts more redistributed routes. You can optionally configure the timeout period.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
configure terminal router isis instance-tag redistribute { bgp id | direct | eigrp id | isis id | ospf id | rip id | static } route-map map-name redistribute maximum-prefix max [ threshold ] [ warning-only | withdraw [ num-retries timeout ]]
(Optional) show running-config isis
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 router isis instance-tag
Example: switch(config)# router isis Enterprise switch(config-router)#
Purpose
Enters global configuration mode.
Creates a new IS-IS instance with the configured instance tag.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
16-23
Chapter 16 Configuring IS-IS
Configuring IS-IS
Command
Step 3 redistribute { bgp id | direct | eigrp id
| isis id | ospf id | rip id | static } route-map map-name
Purpose
Redistributes the selected protocol into IS-IS through the configured route map.
Example: switch(config-router)# redistribute bgp route-map FilterExternalBGP
Step 4 redistribute maximum-prefix max
[ threshold ] [ warning-only | withdraw
[ num-retries timeout ]]
Example: switch(config-router)# redistribute maximum-prefix 1000 75 warning-only
Step 5 show running-config isis
Specifies a maximum number of prefixes that IS-IS distributes. The range is from 0 to 65536. You can optionally specify the following:
• threshold —Percent of maximum prefixes that triggers a warning message.
•
• warning-only —Logs an warning message when the maximum number of prefixes is exceeded.
withdraw —Withdraws all redistributed routes.
You can optionally try to retrieve the redistributed routes. The num-retries range is from 1 to 12. The timeout is 60 to 600 seconds. The default is 300 seconds. Use the clear isis redistribution command if all routes are withdrawn.
(Optional) Displays the IS-IS configuration.
Example: switch(config-router)# show running-config isis
Step 6 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config-router)# copy running-config startup-config
This example shows how to limit the number of redistributed routes into IS-IS: switch# configure terminal switch(config)# router eigrp isis Enterprise switch(config-router)# redistribute bgp route-map FilterExternalBGP switch(config-router)# redistribute maximum-prefix 1000 75
Configuring the Administrative Distance of Routes
You can set the administrative distance of routes added by IS-IS into the RIB.
SUMMARY STEPS
1.
2.
3.
4.
configure terminal router isis instance-tag table-map route-map-name [ filter ]
(Optional) copy running-config startup-config
16-24
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 16 Configuring IS-IS
Configuring IS-IS
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 router isis instance-tag
Example: switch(config)# router isis group1 switch(config-router)#
Step 3 table-map route-map-name [ filter ]
Example: switch(config-router)# table-map route-map1 filter
Step 4 copy running-config startup-config
Example: switch(config-router)# copy running-config startup-config
Purpose
Enters global configuration mode.
Creates a new IS-IS instance and enters router configuration mode.
Configures a table map with route map information.
You can enter up to 63 alphanumeric characters for the map name.
The filter keyword filters routes rejected by the route map and does not download them to the RIB.
(Optional) Saves this configuration change.
Disabling Strict Adjacency Mode
When both IPv4 and IPv6 address families are enabled, strict adjacency mode is enabled by default. In this mode, the device does not form an adjacency with any router that does not have both address families enabled. You can disable strict adjacency mode using the no adjacency-check command.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
configure terminal router isis instance-tag address-family ipv4 unicast no adjacency-check exit address-family ipv6 unicast no adjacency-check
(Optional) show running-config isis
(Optional) copy running-config startup-config
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
16-25
Chapter 16 Configuring IS-IS
Configuring IS-IS
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 router isis instance-tag
Example: switch(config)# router isis Enterprise switch(config-router)#
Step 3 address-family ipv4 unicast
Example : switch(config-router)# address-family ipv4 unicast switch(config-router-af)#
Step 4 no adjacency-check
Example: switch(config-router-af)# no adjacency-check
Step 5 exit
Example: switch(config-router-arf)# exit switch(config-router)#
Step 6 address-family ipv6 unicast
Example : switch(config-router)# address-family ipv6 unicast switch(config-router-af)#
Step 7 no adjacency-check
Example: switch(config-router-af)# no adjacency-check
Step 8 show running-config isis
Example: switch(config-router-af)# show running-config isis
Step 9 copy running-config startup-config
Example: switch(config-router-af)# copy running-config startup-config
Purpose
Enters global configuration mode.
Creates a new IS-IS instance with the configured instance tag.
Enters address family configuration mode.
Disables strict adjacency mode for the IPv4 address family.
Exits address family configuration mode.
Enters address family configuration mode.
Disables strict adjacency mode for the IPv6 address family.
(Optional) Displays the IS-IS configuration.
(Optional) Saves this configuration change.
Configuring a Graceful Restart
You can configure a graceful restart for IS-IS.
16-26
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 16 Configuring IS-IS
Configuring IS-IS
BEFORE YOU BEGIN
Create the VRFs.
SUMMARY STEPS
4.
5.
6.
1.
2.
3.
configure terminal router isis instance-tag graceful-restart graceful-restart t3 manual time
(Optional) show running-config isis
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 router isis instance-tag
Example: switch(config-router)# show running-config isis
Step 6 copy running-config startup-config
Creates a new IS-IS process with the configured name.
Example: switch(config)# router isis Enterprise switch(config-router)#
Step 3 graceful-restart Enables a graceful restart and the graceful restart helper functionality. Enabled by default.
Example: switch(config-router)# graceful-restart
Step 4 graceful-restart t3 manual time
Example: switch(config-router)# graceful-restart t3 manual 300
Step 5 show running-config isis
Configures the graceful restart T3 timer. The range is from 30 to 65535 seconds. The default is 60.
(Optional) Displays the IS-IS configuration.
(Optional) Saves this configuration change.
Example: switch(config-router)# copy running-config startup-config
Purpose
Enters global configuration mode.
This example shows how to enable a graceful restart: switch# configure terminal switch(config)# router isis Enterprise switch(config-router)# graceful-restart switch(config-router)# copy running-config startup-config
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
16-27
Chapter 16 Configuring IS-IS
Configuring IS-IS
Configuring Virtualization
You assign an IS-IS interface to a VRF.
You must configure a NET for the configured VRF.
Note Configure all other parameters for an interface after you configure the VRF for an interface. Configuring a VRF for an interface deletes all the configuration for that interface.
SUMMARY STEPS
1.
2.
configure terminal vrf context vrf_name exit
5.
6.
3.
4.
router isis instance-tag
(Optional) vrf vrf_name net network-entity-title exit
9.
10.
7.
8.
interface type slot/port vrf member vrf-name
{ ip | ipv6 } address ip-prefix / length
{ ip | ipv6 } router isis instance-tag 11.
12.
13.
(Optional) show isis [ vrf vrf-name ] [ instance-tag ] interface [ interface-type slot/port ]
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 vrf context vrf-name
Example: switch(config)# vrf context
RemoteOfficeVRF switch(config-vrf)#
Step 3 exit
Example: switch(config-vrf)# exit switch(config)#
Purpose
Enters global configuration mode.
Creates a new VRF and enters VRF configuration mode.
Exits VRF configuration mode.
16-28
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 16 Configuring IS-IS
Configuring IS-IS
Command
Step 4 router isis instance-tag
Purpose
Creates a new IS-IS instance with the configured instance tag.
Example: switch(config)# router isis Enterprise switch(config-router)#
Step 5 vrf vrf-name (Optional) Enters VRF configuration mode.
Example: switch(config-router)# vrf
RemoteOfficeVRF switch(config-router-vrf)#
Step 6 net network-entity-title Configures the NET for this IS-IS instance.
Example: switch(config-router-vrf)# net
47.0004.004d.0001.0001.0c11.1111.00
Step 7 exit Exits router VRF configuration mode.
Example: switch(config-router-vrf)# exit switch(config-router)#
Step 8 interface ethernet slot/port Enters interface configuration mode.
Example : switch(config)# interface ethernet 1/2 switch(config-if)#
Step 9 vrf member vrf-name Adds this interface to a VRF.
Example: switch(config-if)# vrf member
RemoteOfficeVRF
Step 10 { ip | ipv6 } address ip-prefix/length Configures an IP address for this interface. You must do this step after you assign this interface to a VRF.
Example: switch(config-if)# ip address
192.0.2.1/16
Step 11 { ip | ipv6 } router isis instance-tag
Example : switch(config-if)# ip router isis
Enterprise
Step 12 show isis [ vrf vrf-name ] [ instance-tag ] interface [ interface-type slot/port ]
Associates this IPv4 or IPv6 interface with an IS-IS instance.
(Optional) Displays IS-IS information for an interface. in a VRF.
Example : switch(config-if)# show isis Enterprise ethernet 1/2
Step 13 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config-if)# copy running-config startup-config
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
16-29
Chapter 16 Configuring IS-IS
Configuring IS-IS
This example shows how to create a VRF and add an interface to the VRF: switch# configure terminal switch(config)# vrf context NewVRF switch(config-vrf)# exit switch(config)# router isis Enterprise switch(config-router)# vrf NewVRF switch(config-router-vrf)# net 47.0004.004d.0001.0001.0c11.1111.00
switch(config-router-vrf)# interface ethernet 1/2 switch(config-if)# vrf member NewVRF switch(config-if)# ip address 192.0.2.1/16 switch(config-if)# ip router isis Enterprise switch(config-if)# copy running-config startup-config
Tuning IS-IS
You can tune IS-IS to match your network requirements.
You can use the following optional commands in router configuration mode to tune IS-IS:
Command lsp-gen-interval [ level-1 | level-2 ] lsp-max-wait [ lsp-initial-wait lsp-second-wait ]
Example : switch(config-router)# lsp-gen-interval level-1 500 500 500
Purpose
Configures the IS-IS throttle for LSP generation.
The optional parameters are as follows:
•
• lsp-max-wait—The maximum wait between the trigger and LSP generation. The range is from 500 to 65535 milliseconds.
lsp-initial-wait—The initial wait between the trigger and LSP generation. The range is from
50 to 65535 milliseconds.
• lsp-second-wait—The second wait used for
LSP throttle during backoff. The range is from
50 to 65535 milliseconds.
Sets the maximum LSP lifetime in seconds. The range is from 1 to 65535. The default is 1200.
max-lsp-lifetime lifetime
Example: switch(config-router)# max-lsp-lifetime
500 metric-style transition
Example: switch(config-router)# metric-style transition
Enables IS-IS to generate and accept both narrow metric-style Type Length Value (TLV) objects and wide metric-style TLV objects. The default is disabled.
16-30
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 16 Configuring IS-IS
Configuring IS-IS
Command spf-interval [ level-1 | level-2 ] spf-max-wait [ spf-initial-wait spf-second-wait ]
Example : switch(config-router)# spf-interval level-2 500 500 500
Purpose
Configures the interval between LSA arrivals. The optional parameters are as follows:
• lsp-max-wait—The maximum wait between the trigger and SPF computation. The range is from 500 to 65535 milliseconds.
•
• lsp-initial-wait—The initial wait between the trigger and SPF computation. The range is from 50 to 65535 milliseconds.
lsp-second-wait—The second wait used for
SPF computation during backoff. The range is from 50 to 65535 milliseconds.
You can use the following optional command in router address configuration mode:
Command adjacency-check
Example : switch(config-router-af)# adjacency-check
Purpose
Performs an adjacency check to verify that an IS-IS instance forms an adjacency only with a remote
IS-IS entity that supports the same address family.
This command is enabled by default.
You can use the following optional commands in interface configuration mode to tune IS-IS:
Command isis csnp-interval seconds [ level-1 | level-2 ]
Example : switch(config-if)# isis csnp-interval 20 isis hello-interval seconds [ level-1 | level-2 ]
Example : switch(config-if)# isis hello-interval 20 isis hello-multiplier num [ level-1 | level-2 ]
Example : switch(config-if)# isis hello-multiplier
20 isis lsp-interval milliseconds
Example: switch(config-if)# isis lsp-interval 20
Purpose
Sets the complete sequence number PDU (CNSP) interval in seconds for IS-IS. The range is from 1 to
65535. The default is 10.
Sets the hello interval in seconds for IS-IS. The range is from 1 to 65535. The default is 10.
Specifies the number of IS-IS hello packets that a neighbor must miss before the router tears down an adjacency. The range is from 3 to 1000. The default is 3.
Sets the interval in milliseconds between LSPs sent on this interface during flooding. The range is from
10 to 65535. The default is 33.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
16-31
Chapter 16 Configuring IS-IS
Verifying the IS-IS Configuration
Verifying the IS-IS Configuration
To display the IS-IS configuration, perform one of the following tasks:
Command show isis [ instance-tag ] adjacency [ interface ]
[ detail | summary ] [ vrf vrf-name ]
Purpose
Displays the IS-IS adjacencies. Use the clear isis adjacency command to clear these statistics.
Displays the IS-IS LSP database.
show isis [ instance-tag ] database [ level-1 | level-2 ] [ detail | summary ] [ LSP ID ] [{ ip | ipv6 } prefix ip-prefix ] | | [ router-id router-id ] |
[ adjacency node-id ] | [ zero-sequence ]} [ vrf vrf-name ] show isis [ instance-tag ] hostname [ vrf vrf-name ] Displays the dynamic host exchange information.
show isis [ instance-tag ] interface [ brief | interface ] [ level-1 | level-2 ] [ vrf vrf-name ] show isis [ instance-tag ] mesh-group [ mesh-id ]
[ vrf vrf-name ]
Displays the IS-IS interface information.
Displays the mesh group information.
show isis [ instance-tag ] protocol [ vrf vrf-name ] Displays information about the IS-IS protocol.
show isis route [
[ instance-tag ip-address |
] { ip | summary ipv6
] [[
} redistribute ip-prefix ]
[ longer-prefixes [ summary ]] [ vrf vrf-name ]
Displays the IS-IS route redistribution information.
show isis [ instance-tag ] { ip | ipv6 } route
[ ip-address | summary ] [ ip-prefix
[ longer-prefixes [ summary ]] [ detail ] [ vrf vrf-name ] show isis [ instance-tag ] rrm [ interface ] [ vrf vrf-name ]
Displays the IS-IS route table.
Displays the IS-IS interface retransmission information.
Displays the IS-IS interface flooding information.
show isis [ instance-tag ] srm [ interface ] [ vrf vrf-name ] show isis [ instance-tag ] ssn [ interface ] [ vrf vrf-name ]
Displays the IS-IS interface PSNP information.
show isis [ instance-tag ] { ip | ipv6 } summary-address [ ip-address ] | [ ip-prefix ] [ vrf vrf-name ] show running-configuration isis show tech-support isis [ detail ]
Displays the IS-IS summary address information.
Displays the current running IS-IS configuration.
Displays the technical support details for IS-IS.
For detailed information about the fields in the output from these commands, see the Cisco Nexus 6000
Series NX-OS Unicast Routing Command Reference, Release 7.x
.
16-32
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 16 Configuring IS-IS
Monitoring IS-IS
Monitoring IS-IS
To display IS-IS statistics, use the following commands:
Command show isis [ instance-tag ] adjacency [ interface ]
[ system-ID ] [ detail ] [ summary ] [ vrf vrf-name ]
Purpose
Displays the IS-IS adjacency statistics.
show isis [ instance-tag ] database [ level-1 | level-2 ] [ detail | summary ] [ lsip ] {[ adjacency id ] { ip | ipv6 } prefix prefix ] [ router-id id ]
[zero-sequence]} [ vrf vrf-name ]
Displays the IS-IS database statistics.
show isis [ instance-tag ] statistics [ interface ] [ vrf vrf-name ]
Displays the IS-IS interface statistics.
Displays the IS-IS redistribution statistics.
show isis { ip | ipv6 } route-map statistics redistribute { bgp id | eigrp id | isis id | ospf id | rip id | static } [ vrf vrf-name ] show isis route-map statistics distribute
{ level-1 | level-2 } into { level-1 | level-2 }} [ vrf vrf-name ]
Displays IS-IS distribution statistics for routes distributed between levels.
show isis [ instance-tag ] spf-log [ detail ] [ vrf vrf-name ] show isis [ instance-tag ] traffic [ interface ] [ vrf vrf-name ]
Displays the IS-IS SPF calculation statistics.
Displays the IS-IS traffic statistics.
To clear IS-IS configuration statistics, perform one of the following tasks:
Command Purpose clear isis [ instance-tag ] adjacency [ * | [ interface ]
[ system-id id ]] [ vrf vrf-name ]
Clears the IS-IS adjacency statistics.
Clears the IS-IS redistribution statistics.
clear isis { ip | ipv6 } route-map statistics redistribute { bgp id | direct | eigrp id | isis id | ospf id | rip id | static } [ vrf vrf-name ] clear isis route-map statistics distribute
{ level-1 | level-2 } into { level-1 | level-2 } [ vrf vrf-name ]
Clears IS-IS distribution statistics for routes distributed between levels.
clear isis [ instance-tag ] statistics [ * | interface ]
[ vrf vrf-name ]
Clears the IS-IS interface statistics.
clear isis [ instance-tag ] traffic [ * | interface ] [ vrf vrf-name ]
Clears the IS-IS traffic statistics.
Configuration Examples for IS-IS
This example shows how to configure IS-IS: router isis Enterprise
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01 16-33
Chapter 16 Configuring IS-IS
Related Topics is-type level-1 net 49.0001.0000.0000.0003.00
graceful-restart address-family ipv4 unicast default-information originate interface ethernet 2/1 ip address 192.0.2.1/24 isis circuit-type level-1 ip router isis Enterprise
Related Topics
See the
Chapter 14, “Configuring Route Policy Manager,”
for more information on route maps.
Additional References
For additional information related to implementing IS-IS, see the following sections:
•
•
Related Documents
Related Topic
IS-IS CLI commands
Document Title
Cisco Nexus 6000 Series NX-OS Unicast Routing Command
Reference, Release 7.x
Standards
Standards Title
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
—
16-34
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
C H A P T E R
17
Configuring HSRP
This chapter describes how to configure the Hot Standby Router Protocol (HSRP) on the Cisco NX-OS switch.
This chapter includes the following sections:
•
•
•
•
•
Information About HSRP, page 17-1
Licensing Requirements for HSRP, page 17-8
Prerequisites for HSRP, page 17-8
Guidelines and Limitations, page 17-8
•
•
•
•
Enabling DHCP Relay Agent Using VIP, page 17-19
Configuration Examples for HSRP, page 17-20
Additional References, page 17-21
Information About HSRP
HSRP is a first-hop redundancy protocol (FHRP) that allows a transparent failover of the first-hop IP router. HSRP provides first-hop routing redundancy for IP hosts on Ethernet networks configured with a default router IP address. You use HSRP in a group of routers for selecting an active router and a standby router. In a group of routers, the active router is the router that routes packets; the standby router is the router that takes over when the active router fails or when preset conditions are met.
Many host implementations do not support any dynamic router discovery mechanisms but can be configured with a default router. Running a dynamic router discovery mechanism on every host is not feasible for a number of reasons, including administrative overhead, processing overhead, and security issues. HSRP provides failover services to these hosts.
This section includes the following topics:
•
•
•
•
•
HSRP Authentication, page 17-5
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
17-1
Chapter 17 Configuring HSRP
Information About HSRP
•
•
•
•
•
•
HSRP and Proxy Address Resolution Protocols, page 17-5
BFD, page 17-7 vPC and HSRP, page 17-7
Virtualization Support, page 17-7
HSRP Overview
When you use HSRP, you configure the HSRP virtual IP address as the host’s default router (instead of the IP address of the actual router). The virtual IP address is an IPv4 or IPv6 address that is shared among a group of routers that run HSRP.
When you configure HSRP on a network segment, you provide a virtual MAC address and a virtual IP address for the HSRP group. You configure the same virtual address on each HSRP-enabled interface in the group. You also configure a unique IP address and MAC address on each interface that acts as the real address. HSRP selects one of these interfaces to be the active router. The active router receives and routes packets destined for the virtual MAC address of the group.
HSRP detects when the designated active router fails. At that point, a selected standby router assumes control of the virtual MAC and IP addresses of the HSRP group. HSRP also selects a new standby router at that time.
HSRP uses a priority mechanism to determine which HSRP-configured interface becomes the default active router. To configure an interface as the active router, you assign it with a priority that is higher than the priority of all the other HSRP-configured interfaces in the group. The default priority is 100, so if you configure just one interface with a higher priority, that interface becomes the default active router.
Interfaces that run HSRP send and receive multicast User Datagram Protocol (UDP)-based hello messages to detect a failure and to designate active and standby routers. When the active router fails to send a hello message within a configurable period of time, the standby router with the highest priority becomes the active router. The transition of packet forwarding functions between the active and standby router is completely transparent to all hosts on the network.
You can configure multiple HSRP groups on an interface.
shows a network configured for HSRP. By sharing a virtual MAC address and a virtual IP address, two or more interfaces can act as a single virtual router.
17-2
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 17 Configuring HSRP
Figure 17-1 HSRP Topology with Two Enabled Routers
Internet or
ISP backbone
Information About HSRP
Active router
192.0.2.1
Virtual router
192.0.2.2
Standby router
192.0.2.3
LAN
Host A Host B Host C Host D
The virtual router does not physically exist but represents the common default router for interfaces that are configured to provide backup to each other. You do not need to configure the hosts on the LAN with the IP address of the active router. Instead, you configure them with the IP address (virtual IP address) of the virtual router as their default router. If the active router fails to send a hello message within the configurable period of time, the standby router takes over, responds to the virtual addresses, and becomes the active router, assuming the active router duties. From the host perspective, the virtual router remains the same.
Note Packets received on a routed port destined for the HSRP virtual IP address will terminate on the local router, regardless of whether that router is the active HSRP router or the standby HSRP router. This includes ping and Telnet traffic. Packets received on a Layer 2 (VLAN) interface destined for the HSRP virtual IP address will terminate on the active router.
HSRP for IPv4
HSRP routers communicate with each other by exchanging HSRP hello packets. These packets are sent to the destination IP multicast address 224.0.0.2 (reserved multicast address used to communicate to all routers) on UDP port 1985. The active router sources hello packets from its configured IP address and the HSRP virtual MAC address while the standby router sources hellos from its configured IP address and the interface MAC address, which may or may not be the burned-in address (BIA). The BIA is the last six bytes of the MAC address that is assigned by the manufacturer of the network interface card
(NIC).
Because hosts are configured with their default router as the HSRP virtual IP address, hosts must communicate with the MAC address associated with the HSRP virtual IP address. This MAC address is a virtual MAC address, 0000.0C07.ACxy, where xy is the HSRP group number in hexadecimal based on the respective interface. For example, HSRP group 1 uses the HSRP virtual MAC address of
0000.0C07.AC01. Hosts on the adjoining LAN segment use the normal Address Resolution Protocol
(ARP) process to resolve the associated MAC addresses.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
17-3
Chapter 17 Configuring HSRP
Information About HSRP
HSRP version 2 uses the new IP multicast address 224.0.0.102 to send hello packets instead of the multicast address of 224.0.0.2, which is used by version 1. HSRP version 2 permits an expanded group number range of 0 to 4095 and uses a new MAC address range of 0000.0C9F.F000 to 0000.0C9F.FFFF
HSRP for IPv6
IPv6 hosts learn of available IPv6 routers through IPv6 neighbor discovery (ND) router advertisement
(RA) messages. These messages are multicast periodically, or be solicited by hosts, but the time delay for detecting when a default route is down be 30 seconds or more. HSRP for IPv6 provides a much faster switchover to an alternate default router than the IPv6 ND protocol provides, less than a second if the milliseconds timers are used. HSRP for IPv6 provides a virtual first hop for IPv6 hosts.
When you configure an IPv6 interface for HSRP, the periodic RAs for the interface link-local address stop after IPv6 ND sends a final RA with a router lifetime of zero. No restrictions occur for the interface
IPv6 link-local address. Other protocols continue to receive and send packets to this address.
IPv6 ND sends periodic RAs for the HSRP virtual IPv6 link-local address when the HSRP group is active. These RAs stop after a final RA is sent with a router lifetime of 0 when the HSRP group leaves the active state. HSRP uses the virtual MAC address for active HSRP group messages only (hello, coup, and redesign).
HSRP for IPv6 uses the following parameters:
• HSRP version 2
•
•
•
•
UDP port 2029
Virtual MAC address range from 0005.73A0.0000 through 0005.73A0.0FFF
Multicast link-local IP destination address of FF02::66
Hop limit set to 255
HSRP IPv6 Addresses
An HSRP IPv6 group has a virtual MAC address that is derived from the HSRP group number and a virtual IPv6 link-local address that is derived, by default, from the HSRP virtual MAC address. The default virtual MAC address for an HSRP IPv6 group always used to form the virtual IPv6 link-local address, regardless of the actual virtual MAC address used by the group.
Table 17-1 shows the MAC and IP addresses used for IPv6 neighbor discovery packets and HSRP packets.
Table 17-1 HSRP and IPv6 ND Addresses
Packet MAC Source Address IPv6 Source Address
IPv6
Destination
Address
Neighbor solicitation (NS) Interface MAC address Interface IPv6 address —
Router solicitation (RS) Interface MAC address Interface IPv6 address —
Neighbor advertisement
(NA)
Interface MAC address Interface IPv6 address
Route advertisement (RA) Interface MAC address Virtual IPv6 address
Virtual IPv6 address
—
HSRP (inactive)
HSRP (active)
Interface MAC address Interface IPv6 address —
Virtual MAC address Interface IPv6 address —
Link-layer Address Option
Interface MAC address
Interface MAC address
HSRP virtual MAC address
HSRP virtual MAC address
—
—
17-4
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 17 Configuring HSRP
Information About HSRP
HSRP does not add IPv6 link-local addresses to the Unicast Routing Information Base (URIB). There are also no secondary virtual IP addresses for link-local addresses.
For global unicast addresses, HSRP adds the virtual IPv6 address to the URIB and IPv6 but does not register the virtual IPv6 addresses to ICMPv6. ICMPv6 redirects are not supported for HSRP IPv6 groups.
HSRP Versions
Cisco NX-OS supports HSRP version 1 by default. You can configure an interface to use HSRP version
2.
HSRP version 2 has the following enhancements to HSRP version 1:
• Expands the group number range. HSRP version 1 supports group numbers from 0 to 255. HSRP version 2 supports group numbers from 0 to 4095.
•
•
For IPv4, uses the IPv4 multicast address 224.0.0.102 or the IPv6 multicast address FF02::66 to send hello packets instead of the multicast address of 224.0.0.2, which is used by HSRP version 1.
Uses the MAC address range from 0000.0C9F.F000 to 0000.0C9F.FFFF for IPv4 and
0005.73A0.0000 through 0005.73A0.0FFF for IPv6 addresses. HSRP version 1 uses the MAC address range 0000.0C07.AC00 to 0000.0C07.ACFF.
• Adds support for MD5 authentication.
When you change the HSRP version, Cisco NX-OS reinitializes the group because it now has a new virtual MAC address.
HSRP version 2 has a different packet format than HSRP version 1. The packet format uses a type-length-value (TLV) format. HSRP version 2 packets received by an HSRP version 1 router are ignored.
HSRP Authentication
HSRP message digest 5 (MD5) algorithm authentication protects against HSRP-spoofing software and uses the industry-standard MD5 algorithm for improved reliability and security. HSRP includes the IPv4 or IPv6 address in the authentication TLVs .
HSRP and Proxy Address Resolution Protocols
You can use HSRP when the hosts are configured for proxy Address Resolution Protocol (ARP). When you enable HSRP on an interface on which an ARP request is received, the response includes the virtual
MAC address. If the HSRP interface is not the active router, then it does not respond (because the active router responds). If you enable multiple HSRP groups on the interface, and the router acts as the active
HSRP router for more than one group, then one of the HSRP group's MAC addresses provides the proxy
ARP response.
HSRP Messages
Routers that are configured with HSRP exchange the following three types of multicast messages:
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
17-5
Chapter 17 Configuring HSRP
Information About HSRP
•
•
•
Hello—The hello message conveys the HSRP priority and state information of the router to other
HSRP routers.
Coup—When a standby router wants to assume the function of the active router, it sends a coup message.
Resign—A router that is the active router sends this message when it is about to shut down or when a router that has a higher priority sends a hello or coup message.
HSRP Load Sharing
HSRP allows you to configure multiple groups on an interface. You can configure two overlapping IPv4
HSRP groups to load share traffic from the connected hosts while providing the default router redundancy expected from HSRP.
Figure 17-2 shows an example of a load-sharing HSRP IPv4
configuration.
Figure 17-2 HSRP Load Sharing
User Group A
Default Gateway = 192.0.2.1
Active
Router A
Standby
Standby
Router B
17-6
Active
User Group B
Default Gateway = 192.0.2.2
Group A = 192.0.2.1
Group B = 192.0.2.2
shows two routers (A and B) and two HSRP groups. Router A is the active router for group
A but is the standby router for group B. Similarly, router B is the active router for group B and the standby router for group A. If both routers remain active, HSRP load balances the traffic from the hosts across both routers. If either router fails, the remaining router continues to process traffic for both hosts
Note HSRP for IPv6 load balances by default. If there are two HSRP IPv6 groups on the subnet, hosts learn of both from their router advertisements and choose to use one so that the load is shared between the advertised routers.
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 17 Configuring HSRP
Information About HSRP
BFD
HSRP supports Bidirectional forwarding detection (BFD). BFD is a detection protocol that provides fast forwarding-path failure detection times. BFD provides subsecond failure detection between two adjacent devices and can be less CPU-intensive than protocol hello messages because some of the BFD load can be distributed onto the data plane on supported modules. See the Cisco Nexus 6000 Series
NX-OS Interfaces Configuration Guide, Release 7.x
for more information.
vPC and HSRP
HSRP interoperates with virtual port channels (vPCs). vPCs allow links that are physically connected to two different Cisco Nexus 6000 Series switches switches to appear as a single port channel by a third switch. See the Cisco Nexus 6000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x
, for more information on vPCs.
vPC forwards traffic through both the active HSRP router and the standby HSRP router. You can configure a threshold on the priority of the standby HSRP router to determine when traffic should fail over to the vPC trunk. See the
“Configuring the HSRP Priority” section on page 17-17 .
Note You should configure HSRP on the primary vPC peer switch as active and HSRP on the vPC secondary switch as standby.
vPC Peer Gateway and HSRP
Some third-party devices can ignore the HSRP virtual MAC address and instead use the source MAC address of an HSRP router. in a vPC environment, the packets using this source MAC address may be sent across the vPC peer link, causing a potential dropped packet. Configure the vPC peer gateway to enable the HSRP routers to directly handle packets sent to the local vPC peer MAC address and the remote vPC peer MAC address, as well as the HSRP virtual MAC address. See the Cisco Nexus 6000
Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x
, for more information on the vPC peer gateway.
Note For mixed-chassis configurations where the vPC peer link is configured on an F-series module, configure the vPC peer gateway exclude option to exclude the Layer 3 backup route that traverses the vPC peer link. See the Cisco Nexus 6000 Series NX-OS Layer 2 Switching Configuration Guide, Release
7.x
, for more information on the vPC peer gateway exclude option.
Virtualization Support
HSRP supports Virtual Routing and Forwarding instances (VRFs).
If you change the VRF membership of an interface, Cisco NX-OS removes all Layer 3 configuration, including HSRP.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
17-7
Chapter 17 Configuring HSRP
Licensing Requirements for HSRP
VIP HSRP Enhancement
Starting with Cisco NX-OS Release 7.2(0)N1(1), the vIP HSRP enhancement provides support for an
HSRP VIP configuration to be in a different subnet than that of the interface subnet. This feature is applicable only for IPv4 and not for IPv6. The following are the enhancements:
• Enhance ARP to source with VIP from SUP for hosts when hosts in VIP subnet are referenced by static route to VLAN configuration.
•
•
•
Support periodic ARP synchronization to VPC peer if this feature enabled
Allow use of the VIP address as L3 source address and gateway address for all communications with
DHCP server.
Enhance DHCP relay agent to relay DHCP packets with source as VIP instead of SVI IP when the feature is enabled.
Licensing Requirements for HSRP
The following table shows the licensing requirements for this feature:
Product License Requirement
Cisco NX-OS HSRP requires no license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For an explanation of the Cisco NX-OS licensing scheme for your platform, see the licensing guide for your platform.For a complete explanation of the Cisco
NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide .
Note Make sure the Layer 3 Hardware and LAN Base Services licenses that are included with the hardware are installed on the switch to enable Layer 3 interfaces.
Prerequisites for HSRP
The following prerequisites are required for using this feature on Cisco DCNM. For a full list of feature-specific prerequisites, see the platform-specific documentation.
HSRP has the following prerequisites:
• You must enable the HSRP feature in a switch before you can configure and enable any HSRP groups.
Guidelines and Limitations
HSRP has the following configuration guidelines and limitations:
• The minimum hello timer value is 250 milliseconds.
•
•
The minimum hold timer value is 750 milliseconds.
You must configure an IP address for the interface that you configure HSRP on and enable that interface before HSRP becomes active.
• You must configure HSRP version 2 when you configure an IPv6 interface for HSRP.
17-8
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 17 Configuring HSRP
Default Settings
•
•
•
•
•
•
•
For IPv4, the virtual IP address must be in the same subnet as the interface IP address.
We recommend that you do not configure more than one first-hop redundancy protocol on the same interface.
HSRP version 2 does not interoperate with HSRP version 1. An interface cannot operate both version 1 and version 2 because both versions are mutually exclusive. However, the different versions can be run on different physical interfaces of the same router.
You cannot change from version 2 to version 1 if you have configured groups above the group number range allowed for version 1 (0 to 255).
Cisco NX-OS removes all Layer 3 configuration on an interface when you change the interface VRF membership, port channel membership, or when you change the port mode to Layer 2.
If you configure virtual MAC addresses with a virtual port channel (vPC), you must configure the same virtual MAC address on both vPC peers.
You cannot use the HSRP MAC address burned-in option on a VLAN interface that is a vPC member.
•
•
•
•
The vIP HSRP enhancement has the following guidelines and limitation:
• This feature will work only for HSRP in combination with VPC topologies. In scenarios where
HSRP standby is not a VPC pair, this feature will not work, as there will not be periodic adjacency sync support for non-VPC cases.
•
•
This feature is applicable only for IPv4 and not for IPv6.
Support for this feature is only for Regular HSRP and not for Anycast HSRP, so this feature will not work if Anycast HSRP is enabled.
•
If the Layer 3 license is not installed on your Cisco Nexus 6000 device, HSRP can still be configured but will not function and a non-disruptive ISSU is not possible.
All Layer 3 configuration must be removed from the Cisco Nexus 6000 device before clearing the
Layer 3 license, including OSPF, PIM, and no switchport configurations. HSPR does not need to be removed before clearing the Layer 3 license but it is recommended that it be unconfigured first.
If you have not configured authentication, the show hsrp command displays the following string:
Authentication text "cisco".
This is the default behavior of HSRP as defined in RFC 2281: If no authentication data is configured, the RECOMMENDED default value is 0x63 0x69 0x73 0x63 0x6F 0x00 0x00 0x00.
•
•
•
SUP generated IP traffic (for example, ping/traceroute/ICMP Error packets) destined for VIP subnets originated from the HSRP Active/Standby box will continue to source with IPv4 SVI interface IP and not the vIP. If you want to explicitly source using the loopback IP for ping/traceroute, you can specify the loopback IP along with the source keyword.
Static ARP configuration for creating entries in VIP subnets is not supported.
DHCP relay agent will always use primary VIP address to communicate with DHCP server. DHCP relay agent does not consider use of secondary VIP addresses as long as primary VIP is available
DHCP relay agent behavior in case inter-vrf is different and requires use of Option-82 information in DHCP packets. DHCP server and clients will be in the same VRF and use of VIP is not supported for inter-vrf relay.
Default Settings
lists the default settings for HSRP parameters.
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01 17-9
Chapter 17 Configuring HSRP
Configuring HSRP
Table 17-2 Default HSRP Parameters
Parameters Default
HSRP Disabled
Authentication
HSRP version
Preemption
Priority virtual MAC address
Enabled as text for version 1, with cisco as the password
Version 1 disabled
100
Derived from HSRP group number
Configuring HSRP
•
•
•
You can access HSRP from the Routing feature selection.
This section includes the following topics:
•
Enabling the HSRP Feature, page 17-10
•
•
Configuring the HSRP Version, page 17-11
Configuring an HSRP Group for IPv4, page 17-11
Configuring an HSRP Group for IPv6, page 17-13
Configuring the HSRP Virtual MAC Address, page 17-15
•
•
Authenticating HSRP, page 17-15
Configuring the HSRP Priority, page 17-17
Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Enabling the HSRP Feature
You must globally enable the HSRP feature before you can configure and enable any HSRP groups.
To enable the HSRP feature, use the following command in global configuration mode:
DETAILED STEPS
Command feature hsrp
Purpose
Enables HSRP.
Example : switch(config)# feature hsrp
To disable the HSRP feature and remove all associated configuration, use the following command in global configuration mode:
17-10
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 17 Configuring HSRP
Configuring HSRP
Command no feature hsrp
Example : switch(config)# no feature hsrp
Purpose
Disables HSRP for all groups.
Configuring the HSRP Version
You can configure the HSRP version. If you change the version for existing groups, Cisco NX-OS reinitializes HSRP for those groups because the virtual MAC address changes. The HSRP version applies to all groups on the interface.
Note IPv6 HSRP groups must be configured as HSRP version 2.
To configure the HSRP version, use the following command in interface configuration mode:
Command hsrp version { 1 | 2 }
Example : switch(config-if)# hsrp version 2
Purpose
Configures the HSRP version. Version 1 is the default.
Configuring an HSRP Group for IPv4
You can configure an HSRP group on an IPv4 interface and configure the virtual IP address and virtual
MAC address for the HSRP group.
BEFORE YOU BEGIN
).
Cisco NX-OS enables an HSRP group once you configure the virtual IP address on any member interface in the group. You should configure HSRP attributes such as authentication, timers, and priority before you enable the HSRP group.
SUMMARY STEPS
3.
4.
1.
2.
5.
6.
7.
configure terminal interface type number no switchport ip ip-address/length hsrp group-number [ ipv4 ] ip [ ip-address [ secondary ]] exit
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01 17-11
Chapter 17 Configuring HSRP
Configuring HSRP
8.
9.
10.
no shutdown
(Optional) show hsrp [group group-number ] [ ipv4 ]
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 interface type number
Example: switch(config)# interface ethernet 1/2 switch(config-if)#
Step 3 no switchport
Example: switch(config-if)# no switchport
Step 4 ip ip-address/length
Example : switch(config-if)# ip 192.0.2.2/8
Step 5 hsrp group-number [ ipv4 ]
Example : switch(config-if)# hsrp 2 switch(config-if-hsrp)#
Step 6 ip [ ip-address [ secondary ]]
Example : switch(config-if-hsrp)# ip 192.0.2.1
Step 7 exit
Example : switch(config-if-hsrp)# exit
Step 8 no shutdown
Example : switch(config-if)# no shutdown
Step 9 show hsrp [ group group-number ] [ ipv4 ]
Example : switch(config-if)# show hsrp group 2
Step 10 copy running-config startup-config
Example: switch(config-if)# copy running-config startup-config
Purpose
Enters configuration mode.
Enters interface configuration mode.
Configures the interface as a Layer 3 routed interface.
Configures the IPv4 address of the interface.
Creates an HSRP group and enters hsrp configuration mode. The range for HSRP version 1 is from 0 to 255.
The range is for HSRP version 2 is from 0 to 4095. The default value is 0.
Configures the virtual IP address for the HSRP group and enables the group. This address should be in the same subnet as the IPv4 address of the interface.
Exits HSRP configuration mode.
Enables the interface.
(Optional) Displays HSRP information.
(Optional) Saves this configuration change.
17-12
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 17 Configuring HSRP
Configuring HSRP
Note You should use the no shutdown command to enable the interface after you finish the configuration.
This example shows how to configure an HSRP group on Ethernet 1/2: switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# no switchport switch(config-if)# ip 192.0.2.2/8 switch(config-if)# hsrp 2 switch(config-if-hsrp)# ip 192.0.2.1
switch(config-if-hsrp)# exit switch(config-if)# no shutdown switch(config-if)# copy running-config startup-config
Configuring an HSRP Group for IPv6
You can configure an HSRP group on an IPv6 interface and configure the virtual MAC address for the
HSRP group.
When you configure an HSRP group for IPv6, HSRP generates a link-local address from the link-local prefix. HSRP also generates a modified EUI-64 format interface identifier in which the EUI-64 interface identifier is created from the relevant HSRP virtual MAC address.
There are no HSRP IPv6 secondary addresses.
BEFORE YOU BEGIN
).
Ensure that you have enabled HSRP version 2 on the interface that you want to configure an IPv6 HSRP group on.
Ensure that you have configured HSRP attributes such as authentication, timers, and priority before you enable the HSRP group.
SUMMARY STEPS
5.
6.
3.
4.
1.
2.
configure terminal interface type number ipv6 ipv6-address/length hsrp version 2 hsrp group-number ipv6 ip ipv6-address [secondary] ip autoconfig
9.
10.
7.
8.
no shutdown show hsrp [group group-number ] [ ipv6 ] copy running-config startup-config
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
17-13
Chapter 17 Configuring HSRP
Configuring HSRP
DETAILED STEPS
Command
Step 1 configure terminal
Purpose
Enters configuration mode.
Example: switch# configure terminal switch(config)#
Step 2 interface type number Enters interface configuration mode.
Example: switch(config)# interface ethernet 3/2 switch(config-if)#
Step 3 ipv6 ipv6-address/length Configures the IPv6 address of the interface.
Example : switch(config-if)# ipv6
2001:0DB8:0001:0001:/64
Step 4 hsrp version 2 Configures this group for HSRP version 2.
Example : switch(config-if-hsrp)# hsrp version 2
Step 5 hsrp group-number ipv6
Example : switch(config-if)# hsrp 10 ipv6 switch(config-if-hsrp)#
Step 6 ip [ ipv6-address [ secondary ]]
Creates an IPv6 HSRP group and enters hsrp configuration mode. The range for HSRP version 2 is from 0 to 4095. The default value is 0.
Configures the virtual IPv6 address for the HSRP group and enables the group.
Example : switch(config-if-hsrp)# ip 2001:DB8::1
Step 7 ip autoconfig
Example : switch(config-if-hsrp)# ip autoconfig
Step 8 no shutdown
Autoconfigures the virtual IPv6 address for the HSRP group from the calculated link-local virtual IPv6 address and enables the group.
Enables the interface.
Example : switch(config-if-hsrp)# no shutdown
Step 9 show hsrp [ group group-number ] [ ipv6 ] (Optional) Displays HSRP information.
Example : switch(config-if-hsrp)# show hsrp group
10
Step 10 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config-if-hsrp)# copy running-config startup-config
Note You should use the no shutdown command to enable the interface after you finish the configuration.
17-14
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 17 Configuring HSRP
Configuring HSRP
The following example shows how to configure an IPv6 HSRP group on Ethernet 3/2: switch# configure terminal switch(config)# interface ethernet 3/2 switch(config-if)# ip 12001:0DB8:0001:0001:/64 switch(config-if)# hsrp 2 ipv6 switch(config-if-hsrp)# exit switch(config-if)# no shutdown switch(config-if)# copy running-config startup-config
Configuring the HSRP Virtual MAC Address
You can override the default virtual MAC address that HSRP derives from the configured group number.
Note You must configure the same virtual MAC address on both vPC peers of a vPC link.
To manually configure the virtual MAC address for an HSRP group, use the following command in hsrp configuration mode:
Command mac-address string
Example : switch(config-if-hsrp)# mac-address
5000.1000.1060
Purpose
Configures the virtual MAC address for an HSRP group. The string uses the standard MAC address format (xxxx.xxxx.xxxx).
To configure HSRP to use the burned-in MAC address of the interface for the virtual MAC address, use the following command in interface configuration mode:
Command hsrp use-bia [ scope interface ]
Example : switch(config-if)# hsrp use-bia
Purpose
Configures HSRP to use the burned-in MAC address of the interface for the HSRP virtual MAC address. You can optionally configure HSRP to use the burned-in MAC address for all groups on this interface by using the scope interface keyword.
Authenticating HSRP
You can configure HSRP to authenticate the protocol using cleartext or MD5 digest authentication. MD5 authentication uses a key chain (see the Cisco Nexus 6000 Series NX-OS Security Configuration Guide,
Release 7.x
).
BEFORE YOU BEGIN
).
You must configure the same authentication and keys on all members of the HSRP group.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
17-15
Chapter 17 Configuring HSRP
Configuring HSRP
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
configure terminal interface interface-type slot/port no switchport hsrp group-number [ ipv4 | ipv6 ] authentication text string or authentication md5 { key-chain key-chain | key-string { 0 | 7 } text [ timeout seconds ]}
(Optional) show hsrp [ group group-number ]
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 interface interface-type slot/port
Example: switch(config)# interface ethernet 1/2 switch(config-if)#
Purpose
Enters configuration mode.
Enters interface configuration mode.
Note If this is a 10G breakout port, the syntax is slot / QSFP-module / port . slot / port
Step 3 no switchport Configures the interface as a Layer 3 routed interface.
Example: switch(config-if)# no switchport
Step 4 hsrp group-number [ ipv4 | ipv6 ] Creates an HSRP group and enters HSRP configuration mode.
Example : switch(config-if)# hsrp 2 switch(config-if-hsrp)#
Step 5 authentication text string
Example : switch(config-if-hsrp)# authentication text mypassword authentication md5 { key-chain key-chain
| key-string { 0 | 7 } text [ timeout seconds ]}
Example : switch(config-if-hsrp)# authentication md5 key-chain hsrp-keys
Configures cleartext authentication for HSRP on this interface.
Configures MD5 authentication for HSRP on this interface. You can use a key chain or key string. If you use a key string, you can optionally set the timeout for when HSRP will only accept a new key. The range is from 0 to 32767 seconds.
17-16
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 17 Configuring HSRP
Configuring HSRP
Command
Step 6 show hsrp [ group group-number ]
Purpose
(Optional) Displays HSRP information.
Example : switch(config-if-hsrp)# show hsrp group
2
Step 7 copy running-config startup-config (Optional) Saves this configuration change.
Example: switch(config-if-hsrp)# copy running-config startup-config
This example shows how to configure MD5 authentication for HSRP on Ethernet 1/2 after creating the key chain: switch# configure terminal switch(config)# key chain hsrp-keys switch(config-keychain)# key 0 switch(config-keychain-key)# key-string 7 zqdest switch(config-keychain-key) accept-lifetime 00:00:00 Jun 01 2008 23:59:59 Sep 12 2008 switch(config-keychain-key) send-lifetime 00:00:00 Jun 01 2008 23:59:59 Aug 12 2008 switch(config-keychain-key) key 1 switch(config-keychain-key) key-string 7 uaeqdyito switch(config-keychain-key) accept-lifetime 00:00:00 Aug 12 2008 23:59:59 Dec 12 2008 switch(config-keychain-key) send-lifetime 00:00:00 Sep 12 2008 23:59:59 Nov 12 2008 switch(config-keychain-key)# interface ethernet 1/2 switch(config-if)# no switchport switch(config-if)# hsrp 2 switch(config-if-hsrp)# authenticate md5 key-chain hsrp-keys switch(config-if-hsrp)# copy running-config startup-config
Configuring the HSRP Priority
You can configure the HSRP priority on an interface. HSRP uses the priority to determine which HSRP group member acts as the active router. If you configure HSRP on a vPC-enabled interface, you can optionally configure the upper and lower threshold values to control when to fail over to the vPC trunk
If the standby router priority falls below the lower threshold, HSRP sends all standby router traffic across the vPC trunk to forward through the active HSRP router. HSRP maintains this scenario until the standby HSRP router priority increases above the upper threshold.
For IPv6 HSRP groups, if all group members have the same priority, HSRP selects the active router based on the IPv6 link-local address.
To configure the HSRP priority, use the following command in interface configuration mode:
Command priority level [ forwarding-threshold lower lower-value upper upper-value ]
Example: switch(config-if-hsrp)# priority 60 forwarding-threshold lower 40 upper 50
Purpose
Sets the priority level used to select the active router in an HSRP group. The level range is from
0 to 255. The default is 100. Optionally, sets the upper and lower threshold values used by vPC to determine when to fail over to the vPC trunk. The lower-value range is from 1 to 255. The default is
1. The upper-value range is from 1 to 255. The default is 255.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
17-17
Chapter 17 Configuring HSRP
Configuring HSRP
Customizing HSRP
You can optionally customize the behavior of HSRP. Be aware that as soon as you enable an HSRP group by configuring a virtual IP address, that group is now operational. If you first enable an HSRP group before customizing HSRP, the router could take control over the group and become the active router before you finish customizing the feature. If you plan to customize HSRP, you should do so before you enable the HSRP group.
Command name string
Purpose
Specifies the IP redundancy name for an HSRP group.
The string is from 1 to 255 characters. The default string has the following format:
Example: switch(config-if-hsrp)# name HSRP-1 preempt [ delay [ minimum seconds ]
[ reload seconds ] [ sync seconds ]]
Example: switch(config-if-hsrp)# preempt delay minimum 60 hsrp-<interface-short-name>-<group-id>. For example, hsrp-Eth2/1-1.
Configures the router to take over as an active router for an HSRP group if it has a higher priority than the current active router. This command is disabled by default. The range is from 0 to 3600 seconds.
timers [ msec ] hellotime [ msec ] holdtime
Configures the hello and hold time for this HSRP member as follows:
Example: switch(config-if-hsrp)# timers 5 18
•
• hellotime —The interval between successive hello packets sent. The range is from 1 to 254 seconds. holdtime —The interval before the information in the hello packet is considered invalid. The range is from
3 to 255.
The optional msec keyword specifies that the argument is expressed in milliseconds, instead of the default seconds.
The timer ranges for milliseconds are as follows:
• hellotime —The interval between successive hello packets sent. The range is from 255 to 999 milliseconds.
• holdtime —The interval before the information in the hello packet is considered invalid. The range is from
750 to 3000 milliseconds.
To customize HSRP, use the following commands in interface configuration mode:
17-18
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 17 Configuring HSRP
Configuring HSRP
Command or Action Purpose hsrp delay minimum seconds
Example: switch(config-if)# hsrp delay minimum
30
Specifies the minimum amount of time that HSRP waits after a group is enabled before participating in the group.
The range is from 0 to 10000 seconds. The default is 0.
hsrp delay reload seconds
Example: switch(config-if)# hsrp delay reload
30
Specifies the minimum amount of time that HSRP waits after reload before participating in the group. The range is from 0 to 10000 seconds. The default is 0.
Enabling DHCP Relay Agent Using VIP
Command configure terminal
Example: switch(config)# configure terminal
[no] ip dhcp relay source-address hsrp
Example: switch(config)# [no] ip dhcp relay source-address hsrp interface type number
Example: switch(config)# interface vlan 500
[no] ip dhcp relay source-address hsrp
Example: switch(config-if)# [no] ip dhcp relay source-address hsrp
Purpose
Enters global configuration mode.
Enables/disables DHCP relay agent to use VIP globally.
Enters the interface configuration mode.
Enables/Disables DHCP relay agent to use VIP at
L3 interface level.
Note You can use the show ip dhcp relay command to verify the DHCP relay agent configuration.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
17-19
Chapter 17 Configuring HSRP
Verifying the HSRP Configuration
Verifying the HSRP Configuration
To display the HSRP configuration information, perform one of the following tasks:
Command show hsrp [ group group-number ] show hsrp delay [ interface interface-type slot/port ]
Purpose
Displays the HSRP status for all groups or one group.
Displays the HSRP delay value for all interfaces or one interface.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port . show hsrp [ interface interface-type slot/port ] Displays the HSRP status for an interface.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port . show hsrp [ group group-number ] [ interface interface-type slot/port ] [ active] [all ] [ init ]
[ learn ] [ listen ] [ speak ] [ standby ]
Displays the HSRP status for a group or interface for virtual forwarders in the active, init, learn, listen, or standby state. Use the all keyword to see all states, including disabled.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port . show hsrp [ group group-number ] [ interface interface-type slot/port ] active ] [ all ] [ init ]
[ learn ] [ listen ] [ speak ] [ standby ] brief
Displays a brief summary of the HSRP status for a group or interface for virtual forwarders in the active, init, learn, listen, or standby state. Use the all keyword to see all states, including disabled.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port .
Configuration Examples for HSRP
This example shows how to enable HSRP on an interface with MD5 authentication and interface tracking: key chain hsrp-keys key 0 key-string 7 zqdest accept-lifetime 00:00:00 Jun 01 2008 23:59:59 Sep 12 2008 send-lifetime 00:00:00 Jun 01 2008 23:59:59 Aug 12 2008 key 1 key-string 7 uaeqdyito accept-lifetime 00:00:00 Aug 12 2008 23:59:59 Dec 12 2008 send-lifetime 00:00:00 Sep 12 2008 23:59:59 Nov 12 2008
17-20
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 17 Configuring HSRP
Additional References feature hsrp track 2 interface ethernet 2/2 ip interface ethernet 1/2 no switchport ip address 192.0.2.2/8 hsrp 1 authenticate md5 key-chain hsrp-keys priority 90 track 2 decrement 20 ip-address 192.0.2.10
no shutdown
Additional References
For additional information related to implementing HSRP, see the following sections:
•
•
Related Documents
Related Topic Document Title
Configuring the Virtual Router Redundancy Protocol
Chapter 18, “Configuring VRRP”
HSRP CLI commands Cisco Nexus 6000 Series Command Reference, Cisco NX-OS
Releases 7.x
MIBs
MIBs
CISCO-HSRP-MIB
MIBs Link
To locate and download MIBs, go to the following URL: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
17-21
Additional References
Chapter 17 Configuring HSRP
17-22
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
C H A P T E R
18
Configuring VRRP
This chapter describes how to configure the Virtual Router Redundancy Protocol (VRRP) on a switch
This chapter includes the following sections:
•
•
Information About VRRP, page 18-1
Licensing Requirements for VRRP, page 18-8
•
•
•
•
Guidelines and Limitations, page 18-8
Verifying the VRRP Configuration, page 18-24
•
•
•
Displaying VRRP Statistics, page 18-24
Configuration Examples for VRRP, page 18-24
Additional References, page 18-26
Information About VRRP
VRRP allows for transparent failover at the first-hop IP router, by configuring a group of routers to share a virtual IP address. VRRP selects a master router in that group to handle all packets for the virtual IP address. The remaining routers are in standby and take over if the master router fails.
This section includes the following topics:
•
•
•
•
Multiple VRRP Groups, page 18-3
VRRP Router Priority and Preemption, page 18-4
•
•
•
•
•
•
BFD, page 18-5 vPC and VRRP, page 18-5
VRRP Advertisements, page 18-6
VRRP Authentication, page 18-6
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
18-1
Chapter 18 Configuring VRRP
Information About VRRP
VRRP Operation
A LAN client can determine which router should be the first hop to a particular remote destination by using a dynamic process or static configuration. Examples of dynamic router discovery are as follows:
• Proxy ARP—The client uses Address Resolution Protocol (ARP) to get the destination it wants to reach, and a router will respond to the ARP request with its own MAC address.
•
•
Routing protocol—The client listens to dynamic routing protocol updates (for example, from
Routing Information Protocol [RIP]) and forms its own routing table.
ICMP Router Discovery Protocol (IRDP) client—The client runs an Internet Control Message
Protocol (ICMP) router discovery client.
The disadvantage to dynamic discovery protocols is that they incur some configuration and processing overhead on the LAN client. Also, in the event of a router failure, the process of switching to another router can be slow.
An alternative to dynamic discovery protocols is to statically configure a default router on the client.
Although, this approach simplifies client configuration and processing, it creates a single point of failure. If the default gateway fails, the LAN client is limited to communicating only on the local IP network segment and is cut off from the rest of the network.
VRRP can solve the static configuration problem by enabling a group of routers (a VRRP group) to share a single virtual IP address. You can then configure the LAN clients with the virtual IP address as their default gateway.
shows a basic VLAN topology. In this example, Routers A, B, and C form a VRRP group.
The IP address of the group is the same address that was configured for the Ethernet interface of Router
A (10.0.0.1).
Figure 18-1 Basic VRRP Topology
Router A
Virtual router master
10.0.0.1
Router B
Virtual router backup
10.0.0.2
Router C
Virtual router backup Virtual router group
IP address = 10.0.0.1
10.0.0.3
Client 1 Client 2 Client 3
Because the virtual IP address uses the IP address of the physical Ethernet interface of Router A, Router
A is the master (also known as the IP address owner ). As the master, Router A owns the virtual IP address of the VRRP group router and forwards packets sent to this IP address. Clients 1 through 3 are configured with the default gateway IP address of 10.0.0.1.
18-2
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 18 Configuring VRRP
Information About VRRP
Routers B and C function as backups. If the master fails, the backup router with the highest priority becomes the master and takes over the virtual IP address to provide uninterrupted service for the LAN hosts. When router A recovers, it becomes the router master again. For more information, see the “VRRP
Router Priority and Preemption” section.
Note Packets received on a routed port destined for the VRRP virtual IP address will terminate on the local router, regardless of whether that router is the master VRRP router or a backup VRRP router. This includes ping and telnet traffic. Packets received on a Layer 2 (VLAN) interface destined for the VRRP virtual IP address will terminate on the master router.
VRRP Benefits
The benefits of VRRP are as follows:
• Redundancy–Enables you to configure multiple routers as the default gateway router, which reduces the possibility of a single point of failure in a network.
•
•
Load Sharing–Allows traffic to and from LAN clients to be shared by multiple routers. The traffic load is shared more equitably among available routers.
Multiple VRRP groups–Supports up to 255 VRRP groups on a router physical interface if the platform supports multiple MAC addresses. Multiple VRRP groups enable you to implement redundancy and load sharing in your LAN topology.
•
•
•
•
Multiple IP Addresses–Allows you to manage multiple IP addresses, including secondary IP addresses. If you have multiple subnets configured on an Ethernet interface, you can configure
VRRP on each subnet.
Preemption–Enables you to preempt a backup router that has taken over for a failing master with a higher priority backup router that has become available.
Authentication–Protects against VRRP-spoofing software and uses the industry-standard MD5 algorithm for improved reliability and security.
Advertisement Protocol–Uses a dedicated Internet Assigned Numbers Authority (IANA) standard multicast address (224.0.0.18) for VRRP advertisements. This addressing scheme minimizes the number of routers that must service the multicasts and allows test equipment to accurately identify
VRRP packets on a segment. IANA has assigned the IP protocol number 112 to VRRP.
• VRRP Tracking–Ensures that the best VRRP router is the master for the group by altering VRRP priorities based on interface states.
VRRPv3 has the following benefits:
–
–
–
Interoperability in multi-vendor environments.
Support for IPv4 and IPv6 address families.
Improved scalability through the use of VRRS pathways.
Multiple VRRP Groups
You can configure up to 255 VRRP groups on a physical interface. The actual number of VRRP groups that a router interface can support depends on the following factors:
• Router processing capability
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
18-3
Chapter 18 Configuring VRRP
Information About VRRP
• Router memory capability
In a topology where multiple VRRP groups are configured on a router interface, the interface can act as a master for one VRRP group and as a backup for one or more other VRRP groups.
shows a LAN topology in which VRRP is configured so that Routers A and B share the traffic to and from clients 1 through 4. Routers A and B act as backups to each other if either router fails.
Figure 18-2 Load Sharing and Redundancy VRRP Topology
Router A
Master for virtual router 1
Backup for virtual router 2
Router B
Backup for virtual router 1
Master for virtual router 2
10.0.0.1
10.0.0.2
Client 1
Default gateway =
10.0.0.1
Client 2
Default gateway =
10.0.0.1
Client 3
Default gateway =
10.0.0.2
Client 4
Default gateway =
10.0.0.2
This topology contains two virtual IP addresses for two VRRP groups that overlap. For VRRP group 1,
Router A is the owner of IP address 10.0.0.1 and is the master. Router B is the backup to router A. Clients
1 and 2 are configured with the default gateway IP address of 10.0.0.1.
For VRRP group 2, Router B is the owner of IP address 10.0.0.2 and is the master. Router A is the backup to router B. Clients 3 and 4 are configured with the default gateway IP address of 10.0.0.2.
VRRP Router Priority and Preemption
An important aspect of the VRRP redundancy scheme is the VRRP router priority because the priority determines the role that each VRRP router plays and what happens if the master router fails.
If a VRRP router owns the virtual IP address and the IP address of the physical interface, this router functions as the master. The priority of the master is 255.
Priority also determines if a VRRP router functions as a backup router and the order of ascendancy to becoming a master if the master fails.
For example, if router A, the master in a LAN topology fails, VRRP must determine if backups B or C should take over. If you configure router B with priority 101 and router C with the default priority of
100, VRRP selects router B to become the master because it has the higher priority. If you configure routers B and C with the default priority of 100, VRRP selects the backup with the higher IP address to become the master.
18-4
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 18 Configuring VRRP
Information About VRRP
VRRP uses preemption to determine what happens after a VRRP backup router becomes the master.
With preemption enabled by default, VRRP will switch to a backup if that backup comes online with a priority higher than the new master. For example, if Router A is the master and fails, VRRP selects
Router B (next in order of priority). If Router C comes online with a higher priority than Router B, VRRP selects Router C as the new master, even though Router B has not failed.
If you disable preemption, VRRP will only switch if the original master recovers or the new master fails.
BFD
VRRP supports Bidirectional forwarding detection (BFD). BFD is a detection protocol that provides fast forwarding-path failure detection times. BFD provides subsecond failure detection between two adjacent devices and can be less CPU-intensive than protocol hello messages because some of the BFD load can be distributed onto the data plane on supported modules. See the Cisco Nexus 6000 Series
NX-OS Interfaces Configuration Guide, Release 7.x
for more information.
Note Currently, BFD is supported only on VRRPv2. It is not supported on VRRPv3.
vPC and VRRP
VRRP interoperates with virtual port channels (vPCs). vPCs allow links that are physically connected to two different Cisco Nexus 6000 Series switches switches to appear as a single port channel by a third switch. See the Cisco Nexus 6000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x
, for more information on vPCs.
A vPC forwards traffic through both the master VRRP router as well as the backup VRRP router. You can configure a threshold on the priority of the backup VRRP router to determine when traffic should failover to the vPC trunk. See the
“Configuring VRRP Priority” section on page 18-12
.
Note You should configure VRRP on the primary vPC peer switch as active and VRRP on the vPC secondary switch as standby.
vPC and VRRP
VRRP interoperates with virtual port channels (vPCs). vPCs allow links that are physically connected to two different Cisco Nexus 7000 series devices to appear as a single port channel by a third device.
See the Cisco Nexus 6000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x
for more information on vPCs.
vPC forwards traffic through both the master VRRP router as well as the backup VRRP router. You can configure a threshold on the priority of the backup VRRP router to determine when traffic should failover to the vPC trunk. See the
“Configuring VRRP Priority” section on page 18-12
.
Note You should configure VRRP on the primary vPC peer device as master and VRRP on the vPC secondary device as backup.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
18-5
Chapter 18 Configuring VRRP
Information About VRRP
VRRP Advertisements
The VRRP master sends VRRP advertisements to other VRRP routers in the same group. The advertisements communicate the priority and state of the master. Cisco NX-OS encapsulates the VRRP advertisements in IP packets and sends them to the IP multicast address assigned to the VRRP group.
Cisco NX-OS sends the advertisements once every second by default, but you can configure a different advertisement interval.
VRRP Authentication
VRRP supports the following authentication mechanisms:
•
•
No authentication
Plain text authentication
• MD5 authentication
MD5 authentication provides greater security than plain text authentication. MD5 authentication allows each VRRP group member to use a secret key that you configure to generate a keyed MD5 hash of the outgoing packet. Cisco NX-OS generates a keyed hash of an incoming packet and if the generated hash does not match the hash within the incoming packet, Cisco NX-OS ignores the packet.
VRRP rejects packets in any of the following cases:
• The authentication schemes differ on the router and in the incoming packet.
•
•
MD5 digests differ on the router and in the incoming packet.
Text authentication strings differ on the router and in the incoming packet.
Restrictions
Text authentication cannot be combined with MD5 authentication for a VRRP group at any one time.
When MD5 authentication is configured, the text authentication field in VRRP hello messages is set to all zeroes on transmit and ignored on receipt, provided the receiving router also has MD5 authentication enabled.
VRRP Tracking
VRRP supports the following two options for tracking:
•
•
Native interface tracking— Tracks the state of an interface and uses that state to determine the priority of the VRRP router in a VRRP group. The tracked state is down if the interface is down or if the interface does not have a primary IP address.
Object tracking—Tracks the state of a configured object and uses that state to determine the priority of the VRRP router in a VRRP group. See
Chapter 19, “Configuring Object Tracking” for more
information on object tracking.
18-6
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 18 Configuring VRRP
Information About VRRP
If the tracked state (interface or object) goes down, VRRP updates the priority based on what you configure the new priority to be for the tracked state. When the tracked state comes up, VRRP restores the original priority for the virtual router group.
For example, you may want to lower the priority of a VRRP group member if its uplink to the network goes down so another group member can take over as master for the VRRP group. See the
VRRP Interface State Tracking” section on page 18-18 for more information.
Note Currently, tracking is only supported on VRRPv2 and not on VRRPv3.
VRRPv3 and VRRS
VRRP version 3 (VRRPv3) enables a group of switches to form a single virtual switch in order to provide redundancy and reduce the possibility of a single point of failure in a network. The LAN clients can then be configured with the virtual switch as their default gateway. The virtual switch, representing a group of switches, is also known as a VRRPv3 group.
Virtual router redundancy service (VRRS) improves the scalability of VRRPv3 by providing a stateless redundancy service to VRRS pathways and VRRS clients by monitoring VRRPv3. VRRPv3 acts as a
VRRS server that pushes VRRPv3 status information (such as current and previous redundancy states, active and inactive Layer 2 and Layer 3 addresses, and so on) to VRRS pathways and all registered
VRRS clients.
VRRS clients are other Cisco processes or applications that use VRRPv3 to provide or withhold a service or resource dependent upon the state of the group. VRRS pathways are special VRRS clients that use the
VRRS database information to provide scaled first-hop gateway redundancy across scaled interface environments.
VRRS by itself is limited to maintaining its own state. Linking a VRRS client to a VRRPv3 group provides a mechanism that allows VRRS to provide a service to client applications so that they can implement stateless or stateful failovers. A stateful failover requires communication with a nominated backup before the failure so that operational data is not lost when the failover occurs.
VRRS pathways operate in a similar way to clients but are integrated with the VRRS architecture. They provide a means to scale first-hop gateway redundancy by allowing you to configure a virtual address across hundreds of interfaces. The virtual gateway state of a VRRS pathway follows the state of a
First-Hop Redundancy Protocol (FHRP) VRRS server.
VRRPv3 notifies VRRS of its current state (master, backup, or nonoperational initial state [INIT]) and passes that information to pathways or clients. The VRRPv3 group name activates VRRS and associates the VRRPv3 group with any clients or pathways that are configured as part of VRRS with the same name.
Pathways and clients act on the VRRPv3 server state. When a VRRPv3 group changes states, VRRS pathways and clients alter their behavior (performing tasks such as shutting down interfaces or appending accounting logs) depending on the state received from VRRS.
Virtualization Support
VRRP supports Virtual Routing and Forwarding instances (VRFs). By default, Cisco NX-OS places you in the default VRF unless you specifically configure another VRF.
If you change the VRF membership of an interface, Cisco NX-OS removes all Layer 3 configuration, including VRRP.
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01 18-7
Chapter 18 Configuring VRRP
Licensing Requirements for VRRP
For more information, see
Chapter 12, “Configuring Layer 3 Virtualization.”
Licensing Requirements for VRRP
The following table shows the licensing requirements for this feature:
Product
DCNM
License Requirement
VRRP requires no license. Any feature not included in a license package is bundled with the Cisco DCNM and is provided at no charge to you. For a complete explanation of the DCNM licensing scheme, see the
Cisco DCNM Licensing Guide .
Cisco NX-OS VRRP requires no license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide .
Note Make sure the LAN Base Services license is installed on the switch to enable Layer 3 interfaces.
Guidelines and Limitations
VRRP has the following configuration guidelines and limitations:
• You cannot configure VRRP on the management interface.
•
•
When VRRP is enabled, you should replicate the VRRP configuration across switches in your network.
We recommend that you do not configure more than one first-hop redundancy protocol on the same interface.
•
•
•
•
You must configure an IP address for the interface that you configure VRRP on and enable that interface before VRRP becomes active.
Cisco NX-OS removes all Layer 3 configurations on an interface when you change the interface
VRF membership, port channel membership, or when you change the port mode to Layer 2.
When you configure VRRP to track a Layer 2 interface, you must shut down the Layer 2 interface and reenable the interface to update the VRRP priority to reflect the state of the Layer 2 interface.
If the Layer 3 license is not installed on your Cisco Nexus 6000 device, VRRP can still be configured but will not function and a non-disruptive ISSU is not possible.
• All Layer 3 configuration must be removed from the Cisco Nexus 6000 device before clearing the
Layer 3 license, including OSPF, PIM, and no switchport configurations. VRRP does not need to be removed before clearing the Layer 3 license but it is recommended that it be unconfigured first.
VRRPv3 has the following configuration guidelines and limitations:
•
•
•
VRRPv3 is not intended as a replacement for existing dynamic protocols. VRRPv3 is designed for use over multi-access, multicast, or broadcast-capable Ethernet LANs.
VRRPv3 is supported only on Ethernet and Fast Ethernet interfaces, bridge group virtual interfaces
(BVIs), and Gigabit Ethernet interfaces as well as on Multiprotocol Label Switching (MPLS) virtual private networks (VPNs), VRF-aware MPLS VPNs, and VLANs.
When VRRPv3 is in use, VRRPv2 is unavailable. To configure VRRPv3, you must disable any
VRRPv2 configuration.
18-8
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 18 Configuring VRRP
Default Settings
•
•
•
•
VRRS is currently available only for use with VRRPv3.
Use VRRPv3 millisecond timers only where absolutely necessary and with careful consideration and testing. Millisecond values work only under favorable circumstances. The millisecond timer values are compatible with third-party vendors, as long as they also support VRRPv3.
Full network redundancy can be achieved only if VRRPv3 operates over the same network path as the VRRS pathway redundant interfaces. For full redundancy, the following restrictions apply:
– VRRS pathways should use the same physical interface as the parent VRRPv3 group or be configured on a sub-interface with the same physical interface as the parent VRRPv3 group.
VRRS pathways can be configured on switch virtual interfaces (SVIs) only if the associated VLAN shares the same trunk as the VLAN on which the parent VRRPv3 group is configured.
Default Settings
lists the default settings for VRRP parameters.
Table 18-1 Default VRRP Parameters
Parameters advertisement interval authentication preemption priority
VRRP feature
VRRPv3
VRRS
VRRPv3 secondary address matching
Priority of a VRRPv3 group
VRRPv3 advertisement timer
Default
1 seconds no authentication enabled
100 disabled disabled disabled enabled
100
1000 milliseconds
Configuring VRRP
This section includes the following topics:
•
Enabling the VRRP Feature, page 18-10
•
•
Configuring VRRP Groups, page 18-10
Configuring VRRP Priority, page 18-12
•
•
•
•
Configuring VRRP Authentication, page 18-13
Configuring Time Intervals for Advertisement Packets, page 18-15
Disabling Preemption, page 18-16
Configuring VRRP Interface State Tracking, page 18-18
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
18-9
Chapter 18 Configuring VRRP
Configuring VRRP
Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Enabling the VRRP Feature
You must globally enable the VRRP feature before you can configure and enable any VRRP groups.
To enable the VRRP feature, use the following command in global configuration mode:
Command feature vrrp
Example : switch(config)# feature vrrp
Purpose
Enables VRRP.
To disable the VRRP feature and remove all associated configuration, use the following command in global configuration mode:
Command no feature vrrp
Example : switch(config)# no feature vrrp
Purpose
Disables the VRRP feature.
Configuring VRRP Groups
You can create a VRRP group, assign the virtual IP address, and enable the group.
You can configure one virtual IPv4 address for a VRRP group. By default, the master VRRP router drops the packets addressed directly to the virtual IP address because the VRRP master is only intended as a next-hop router to forward packets. Some applications require that Cisco NX-OS accept packets addressed to the virtual router IP. Use the secondary option to the virtual IP address to accept these packets when the local router is the VRRP master.
Once you have configured the VRRP group, you must explicitly enable the group before it becomes active.
BEFORE YOU BEGIN
Ensure that you configure an IP address on the interface (see the
“Configuring IPv4 Addressing” section on page 2-8
.
SUMMARY STEPS
3.
4.
1.
2.
configure terminal interface interface-type slot/port no switchport vrrp number
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
18-10 OL-30923-01
Chapter 18 Configuring VRRP
Configuring VRRP
DETAILED STEPS
5.
address ip-address
[ secondary ]
6.
7.
8.
no shutdown
(Optional) show vrrp
(Optional) copy running-config startup-config
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 interface interface type slot/port
Example: switch(config)# switch(config-if)# interface ethernet 2/1
Step 3 no switchport
Example: switch(config-if)# no switchport
Step 4 vrrp number
Example: switch(config-if)# vrrp 250 switch(config-if-vrrp)#
Step 5 address ip-address [ secondary ]
Example: switch(config-if-vrrp)# address 192.0.2.8
Purpose
Enters configuration mode.
Step 6 no shutdown
Example : switch(config-if-vrrp)# no shutdown switch(config-if-vrrp)#
Step 7 show vrrp
Example: switch(config-if-vrrp)# show vrrp
Step 8 copy running-config startup-config
Example: switch(config-if-vrrp)# copy running-config startup-config
Enters interface configuration mode.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port .
Configures the interface as a Layer 3 routed interface.
Creates a virtual router group. The range is from 1 to 255.
Configures the virtual IPv4 address for the specified VRRP group. This address should be in the same subnet as the IPv4 address of the interface.
Use the secondary option only if applications require that VRRP routers accept the packets sent to the virtual router’s IP address and deliver to applications.
Enables the VRRP group. Disabled by default.
(Optional) Displays VRRP information.
(Optional) Saves this configuration change.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
18-11
Chapter 18 Configuring VRRP
Configuring VRRP
Configuring VRRP Priority
The valid priority range for a virtual router is from 1 to 254 (1 is the lowest priority and 254 is the highest). The default priority value for backups is 100. For switches whose interface IP address is the same as the primary virtual IP address (the master), the default value is 255.
If you configure VRRP on a vPC-enabled interface, you can optionally configure the upper and lower threshold values to control when to fail over to the vPC trunk If the backup router priority falls below the lower threshold, VRRP sends all backup router traffic across the vPC trunk to forward through the master VRRP router. VRRP maintains this scenario until the backup VRRP router priority increases above the upper threshold.
BEFORE YOU BEGIN
Ensure that you have enabled the VRRP feature (see the “Configuring VRRP” section on page 18-9 ).
Ensure that you have configured an IP address on the interface (see the
“Configuring IPv4 Addressing” section on page 2-8
.
SUMMARY STEPS
6.
7.
4.
5.
8.
9.
1.
2.
3.
configure terminal interface interface-type slot/port no switchport vrrp number shutdown priority level [ forwarding-threshold lower lower-value upper upper-value ] no shutdown
(Optional) show vrrp
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 interface interface-type slot/port
Example: switch(config)# interface ethernet 2/1 switch(config-if)#
Purpose
Enters configuration mode.
Enters interface configuration mode.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port .
Step 3 no switchport
Example: switch(config-if)# no switchport
Configures the interface as a Layer 3 routed interface.
18-12
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 18 Configuring VRRP
Configuring VRRP
Command
Step 4 vrrp number
Example: switch(config-if)# vrrp 250 switch(config-if-vrrp)#
Step 5 shutdown
Example : switch(config-if-vrrp)# shutdown switch(config-if-vrrp)#
Step 6 priority level [ forwarding-threshold lower lower-value upper upper-value ]
Example: switch(config-if-vrrp)# priority 60 forwarding-threshold lower 40 upper 50
Step 7 no shutdown
Example : switch(config-if-vrrp)# no shutdown switch(config-if-vrrp)#
Step 8 show vrrp
Example: switch(config-if-vrrp)# show vrrp
Step 9 copy running-config startup-config
Example: switch(config-if-vrrp)# copy running-config startup-config
Purpose
Creates a virtual router group.
Disables the VRRP group. Disabled by default.
Sets the priority level used to select the active router in an VRRP group. The level range is from 1 to 254. The default is 100 for backups and 255 for a master that has an interface IP address equal to the virtual IP address.
Optionally, sets the upper and lower threshold values used by vPC to determine when to fail over to the vPC trunk. The lower-value range is from 1 to 255. The default is 1. The upper-value range is from 1 to 255. The default is 255.
Enables the VRRP group. Disabled by default.
(Optional) Displays a summary of VRRP information.
(Optional) Saves this configuration change.
Configuring VRRP Authentication
You can configure simple text authentication or MDS authentication for a VRRP group.You configure the MD5 authentication using a key string and the security parameter index (SPI). The receiving router uses SPI to identify the security association (SA) to which an incoming packet is bound. VRRP only verifies the MD5 digest.
BEFORE YOU BEGIN
Ensure that the authentication configuration is identical for all VRRP switches in the network.
Ensure that you have enabled the VRRP feature (see the
“Configuring VRRP” section on page 18-9
).
Ensure that you have configured an IP address on the interface (see the
“Configuring IPv4 Addressing” section on page 2-8 .
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
18-13
Chapter 18 Configuring VRRP
Configuring VRRP
SUMMARY STEPS
7.
8.
5.
6.
9.
3.
4.
1.
2.
configure terminal interface interface-type slot/port no switchport vrrp number shutdown authentication { md5 keyname spi index
| text password
} no shutdown
(Optional) show vrrp
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 interface interface-type slot/port
Example: switch(config)# interface ethernet 2/1 switch(config-if)#
Purpose
Enters configuration mode.
Enters interface configuration mode.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port .
Step 3 no switchport
Configures the interface as a Layer 3 routed interface.
Example: switch(config-if)# no switchport
Step 4 vrrp number
Creates a virtual router group.
Example: switch(config-if)# vrrp 250 switch(config-if-vrrp)#
Step 5 shutdown
Disables the VRRP group. Disabled by default.
Example : switch(config-if-vrrp)# shutdown switch(config-if-vrrp)#
Step 6 authentication { md5 keyname spi index | text password }
Example: switch(config-if-vrrp)# authentication md5 prd555oln47espn0 spi 0x0
Assigns the MD5 or simple text authentication option and specifies the keyname password. The keyname range is from 1 to 255 characters. We recommend that you use at least 16 characters. The text password is up to eight alphanumeric characters. The SPI index is a hexadecimal number from 0x0 to 0xFFFFFFFF.
18-14
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 18 Configuring VRRP
Configuring VRRP
Command
Step 7 no shutdown
Example : switch(config-if-vrrp)# no shutdown switch(config-if-vrrp)#
Step 8 show vrrp
Example: switch(config-if-vrrp)# show vrrp
Step 9 copy running-config startup-config
Example: switch(config-if-vrrp)# copy running-config startup-config
Purpose
Enables the VRRP group. Disabled by default.
(Optional) Displays a summary of VRRP information.
(Optional) Saves this configuration change.
Configuring Time Intervals for Advertisement Packets
You can configure the time intervals for advertisement packets.
BEFORE YOU BEGIN
Ensure that you have enabled the VRRP feature (see the
“Configuring VRRP” section on page 18-9
).
Ensure that you have configured an IP address on the interface (see the
“Configuring IPv4 Addressing” section on page 2-8 .
SUMMARY STEPS
1.
2.
3.
4.
configure terminal interface interface-type slot/port no switchport vrrp number
5.
shutdown
6.
advertisement-interval seconds
7.
8.
9.
no shutdown
(Optional) show vrrp
(Optional) copy running-config startup-config
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
18-15
Chapter 18 Configuring VRRP
Configuring VRRP
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch# configure terminal switch(config)#
Step 2 interface interface-type slot/port
Example: switch(config)# interface ethernet 2/1 switch(config-if)#
Purpose
Enters configuration mode.
Enters interface configuration mode.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port .
Step 3 no switchport
Example: switch(config-if)# no switchport
Step 4 vrrp number
Example: switch(config-if)# vrrp 250 switch(config-if-vrrp)#
Step 5 shutdown
Example : switch(config-if-vrrp)# shutdown switch(config-if-vrrp)#
Step 6 advertisement-interval seconds
Example: switch(config-if-vrrp)# advertisement-interval 15
Step 7 no shutdown
Example : switch(config-if-vrrp)# no shutdown switch(config-if-vrrp)#
Step 8 show vrrp
Example: switch(config-if-vrrp)# show vrrp
Step 9 copy running-config startup-config
Example: switch(config-if-vrrp)# copy running-config startup-config
Configures the interface as a Layer 3 routed interface.
Creates a virtual router group.
Disables the VRRP group. Disabled by default.
Sets the interval time in seconds between sending advertisement frames. The range is from 1 to 254. The default is 1 second.
Enables the VRRP group. Disabled by default.
(Optional) Displays a summary of VRRP information.
(Optional) Saves this configuration change.
Disabling Preemption
You can disable preemption for a VRRP group member. If you disable preemption, a higher-priority backup router will not take over for a lower-priority master router. Preemption is enabled by default.
18-16
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
OL-30923-01
Chapter 18 Configuring VRRP
Configuring VRRP
BEFORE YOU BEGIN
Ensure that you have enabled the VRRP feature (see the
“Configuring VRRP” section on page 18-9
).
Ensure that you have configured an IP address on the interface (see the
“Configuring IPv4 Addressing” section on page 2-8 .
SUMMARY STEPS
1.
2.
3.
configure terminal interface interface-type slot/port no switchport
4.
5.
vrrp number shutdown
6.
no preempt
7.
no shutdown
8.
(Optional) show vrrp
9.
(Optional) copy running-config startup-config
DETAILED STEPS
Command
Step 1 configure terminal
Example: switch(config-if)# no switchport
Step 4 vrrp number
Purpose
Enters configuration mode.
Example: switch# configure terminal switch(config)#
Step 2 interface interface-type slot/port
Example: switch(config)# interface ethernet
2/1 switch(config-if)#
Enters interface configuration mode.
Note If this is a 10G breakout port, the slot / port syntax is slot / QSFP-module / port .
Step 3 no switchport
Configures the interface as a Layer 3 routed interface.
Creates a virtual router group.
Example: switch(config-if)# vrrp 250 switch(config-if-vrrp)#
Step 5 no shutdown
Enables the VRRP group. Disabled by default.
Example : switch(config-if-vrrp)# no shutdown
Step 6 no preempt
Example: switch(config-if-vrrp)# no preempt
Disables the preempt option and allows the master to remain when a higher-priority backup appears.
OL-30923-01
Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
18-17
Chapter 18 Configuring VRRP
Configuring VRRP
Command
Step 7 no shutdown
Example : switch(config-if-vrrp)# no shutdown
Step 8 show vrrp
(Optional) Displays a summary of VRRP information.
Example: switch(config-if-vrrp)# show vrrp
Step 9 copy running-config startup-config
(Optional) Saves this configuration change.
Example: switch(config-if-vrrp)# copy running-config startup-config
Purpose
Enables the VRRP group. Disabled by default.
Configuring VRRP Interface State Tracking
Interface state tracking changes the priority of the virtual router based on the state of another interface in the switch. When the tracked interface goes down or the IP address is removed, Cisco NX-OS assigns the tracking priority value to the virtual router. When the tracked interface comes up and an IP address is configured on this interface, Cisco NX-OS restores the configured priority to the virtual router (see the
“Configuring VRRP Priority” section on page 18-12
).
Note For interface state tracking to function, you must enable preemption on the interface.
Note VRRP does not support Layer 2 interface tracking.
BEFORE YOU BEGIN
Ensure that you have enabled the VRRP feature (see the “Configuring VRRP” section on page 18-9 ).
Ensure that you have configured an IP address on the interface (see the